This year marked the twenty-fifth anniversary of the RSA USA Conference. Personally, this marked my eighth RSA in seventeen years. Now held in the Moscone Center in San Francisco, things have come a long way since being held in the San Jose convention center. RSA now includes 16 keynotes, over 100 talks, over 350 vendors, 700,000 square feet of expo space and 33,000 attendees.
Most years, we see one new buzzword, technology, or incident dominating the conference environment. We usually see one topic that everyone is talking about. That didn't seem to happen this year. Instead, there seemed to be quite a mix of different topics on people's minds, as part of the messaging of various booths, and in hallway conversations.
FBI and Apple
While the request by the FBI to gain access to one Apple iPhone was at the top of the daily news cycle and the topic in more than one conference session, it did not seem to enter into too many conversations—at least not into the conversations I was having. Prior to the start of the show, I really thought the Apple/FBI controversy would be the main topic of this year’s conference; however, the topic seems to have played a more peripheral or background role this year.
One prominent topic this year was Threat Intelligence
Beyond Apple/FBI, one of the more prominent topics this year seemed to be a holdover from last year, as more than one vendor was promoting “Threat Intelligence.” The recent implosion in that part of the industry seemed to have let a lot of air out of the sails of threat intel. But at least one person I spoke with thought this might be a good thing for threat intelligence as a whole. According to her, the recent events will put vendors on notice that their threat intelligence products need to deliver on their promises. I guess time will tell.
More than one vendor on the RSA show floor was promoting solutions for phishing. Considering how effective phishing is for attackers, that makes perfect sense. Solutions for access control, application code reviews, and incident response also seem to have their fair share of vendors promoting single point solutions.
One thing I saw more of than I expected was hardware—and quite a bit of it: everything from two factor authentication tokens to rack equipment locks to physical hard drive destruction. Of course, there were quite a few secure networking products as well. There is usually at least some hardware at RSA, but this year I saw more than usual.
Internet of Things
Despite all the hype around Internet of Things security, there was a severe lack of companies promoting solutions in this space
Despite all the recent hype around Internet of Things security, there seemed a severe lack of any companies promoting solutions in this space at RSA this year. The few companies I did notice doing IoT security were all involved in the auto industry—which arguably needs all the help it can get.
Several US government agencies had booths on the show floor this year. That in and of itself isn't a new thing; the FBI, for one, has maintained a presence on the floor for at least the last five years. But this year, we also saw the NSA and DHS as well as NIST, the Federal Reserve and even the Office of the Comptroller of the Currency. It is good to see government agencies with a strong interest in security expending some budget to have a presence at RSA.
The RSA 2017 call for papers will be here in just a few short months and then we will all make our annual pilgrimage to the Moscone Center to see what new and exciting buzzwords will arise next year.
Tenable introduced several new solutions at RSA 2016. Check out our new whitepaper and solution stories:
- Transforming Security from Defense in Depth to Comprehensive Security Assurance
- Unknown and Shadow Assets
- NIST Cybersecurity Framework
- Threat Hunting