As the first major information security event of the year, RSAC sets the tone for the industry and the announcements that will follow for at least the next six months. The theme of this year’s event was “The Human Element,” a concept that has been top of mind for many vendors and will continue to be worthy of discussion.
What We Learned
The show’s ambiguous theme resonated with many, though interpretations were wildly different among attendees and presenters alike.
For some, the human element places emphasis on understaffed organizations and the under-skilled workforce for today’s cybersecurity needs. For others, the human element was a poignant reminder that while there are millions of ambitious technologists interested in information security careers, many find it difficult to break into the industry, given employers’ emphasis on credentials.
For most, however, the human element shed light on a popular view in the industry that the greatest vulnerabilities in any given information system are often the humans themselves that operate it. All of the automation and technology in the world won’t keep you safe if you ignore how that technology is implemented.
Another popular theme among many of the presentations at RSAC was a focus on user experience and user acceptance testing. There is now general acceptance that security by fiat has failed and that deploying environments, which end users feel are too difficult to use, will inevitably result in shadow IT. Success for security teams is dependent upon understanding and accommodating the human element, rather than deploying a security architecture that looks pristine on paper.
Humans exist on both sides of the equation, and there are limits to the heroes in the data center as well. One of the most significant security risks stems from the sheer number of security products that must be managed, their lack of integration, and the overwhelming volume of alerts that are generated by them.
RSAC was replete with announcements regarding the use of artificial intelligence (AI) and/or machine learning (ML), in the hopes of extracting usable signal from the overwhelming flood of alerts. In addition, there was an emphasis on the value of third-party threat intelligence sharing.
Also worth noting – or perhaps a consequence of the above – was a focus on having a “platform” as opposed to an individual product. This served as excellent validation for the core tenet of Juniper’s own information security strategy: Juniper Connected Security. No product or vendor is an island. Multiple products from multiple vendors must interoperate in order to adequately secure a modern network.
Further reinforcing Juniper Connected Security was the emergence of other vendors beginning to agree that security is inextricable from network infrastructure. The security of a single product, or even an entire ecosystem of products, is inadequate, nor can security simply be bolted on to a network after the fact. Security must be integrated with the network, not layered on top.
Information security has multiple elements and strikes a delicate balance between proactive and reactive, as well as prevention and remediation. Every network element possesses some degree of visibility and in a modern design – such as that provided by Juniper Connected Security – those network elements are integral parts of the information security architecture.
Encryption and decryption were also hot topics at RSA and Juniper’s announcement of its encrypted traffic analysis drew a great deal of attention. The increased use of encryption is both a blessing and a curse for many IT teams. Encryption provides organizations and individuals the ability to use the internet with some degree of safety, free from compromise by malicious actors. However, it also poses real-world challenges for organizations that wish to inspect encrypted traffic.
The rise of encryption has shifted the focus from prevention of security incidents toward incident response. The need to focus more resources on incident response has been frequently discussed by industry experts for years, although it has never been as popular as prevention.
The issues surrounding encryption are complex. There are moral, ethical, legal, and regulatory concerns. In addition, there are technological challenges, including the deprecation of older ciphers and the rise of TLS 1.3.
So Many Vendors, So Little Differentiation
One common complaint from attendees? Considering the flood of vendors on the RSAC expo floor, there was a great deal of repetition in available offerings. Many expressed skepticism about vendors who claimed to solve all information security woes on integrated platforms or new products that “see everything.” In most cases, these vendors were unable to provide sufficient specifics to showcase these capabilities to attendees’ satisfaction.
Juniper Connected Security, with its focus on interoperability, garnered praise, and we were pleased to see that we were not the only vendor advancing this position. While RSAC was indeed an event replete with “the same old same old,” there were vendors across the floor that clearly placed cooperation over competition. It is by working together and being transparent about how our products both operate and interoperate that we will produce the layered security necessary to defend against today’s threats and prepare networks for the challenges that will emerge tomorrow.
What trends did you see at RSAC?