RSA 2017: A Sea of Solutions Needing Big Data

I decided to take a break from my Cybersecurity Architecture series and CISO’s View series to give my thoughts on this year’s RSA conference while things are still fresh. First off, I enjoyed meeting with old colleagues and many security people that I respect which justified the trip as far as I’m concerned. I’m really amazed by some of the out-of-the-box thinking and frankly transformative approach many companies are taking to address their core cyber security problems. Clearly, the cybersecurity industry is clearly vibrant and growing, with a record attendance of 43,000, two main exhibit halls and an expo showcase for young infosec companies. (This is actually a theme at every RSA  – Just when you think it couldn’t get any bigger it seems to double in size.)

RSA: A Sea of Booths and Product Offerings

I stepped into the expo hall and spent a good chunk of two days looking at the sea of booths and product offerings. If Juvenal was alive today and attending RSA, I think he’d repurpose his saying “…everything now restrains itself and anxiously hopes for just two things: bread and circuses” because, honestly, if the RSA expo hall this year had a theme, it would be hype and cheap gimmicks set to max, hiding any actual details on products. Carnival tricks? Check. In-booth movie theater? Check. Solutions to actual problems...

What Security Professionals Need

The discrepancy between what the security professionals were talking about and asking for and what was being shown on the expo floor couldn’t be any wider. Companies are trying to solve hard business problems:

• How do we address the critical shortage of talent?
• How do we make our security processes more efficient since we have a talent shortage?
• How do we transform our security program in lock step to the IT transformation taking plan in our companies?

At the same time, the expo floor was filled with magic black boxes that can slice, dice, julienne, and solve all the world’s ills — just don’t ask what’s inside the box.

Security as a Platform

I’m not the only one, or even the first, to point out this discrepancy. I hope everyone saw Mark McLaughlin’s keynote talk “The Coming Disruption in Security,” where it went at length at this core issue plaguing our industry and what he believes the solution is. Listening to Mark talk was an affirmation of the last four years of my life. The Security as a Platform concept Mark describes is what I and others have been living over the last four years culminating in the open-source platform Apache Metron.

Apache Metron

Every wish list item Mark describes aligns to our core design principles. From the high-level requirements of visibility, analysis, and enforcement to the design architecture of sensors, users, Big Data, and Machine Learning, Mark was essentially describing Apache Metron. Even Mark’s wish for security researchers to rapidly develop new capability by writing against the security platform’s API were requirements we addressed with the Stellar scripting language and for rapid plug and play analytical model extensibility.