RSA Conference 2019

Chris Lewis

The cybersecurity industry shares many traits with other B2B software markets – it’s growing well, innovating rapidly, and is experiencing strong valuations and record M&A activity. The fundamental difference with other sub-sectors though, is that there is an adversary; not just a competitor but an actor actively trying to subvert or break the security infrastructure to steal data, move money, deny service or otherwise cause mayhem. The industry sells on a heady mix of fear (well-grounded) and hope (some better grounded than others) – and that is never more evident than walking the halls at the RSA Conference 2019, the annual industry gathering in San Francisco.

RSA Conference in recent years:

Each year the show brings a new marketing theme; in the five years we have been attending, the key themes from the vendor community have in our view been:

2015 – the resurgence of protection (as opposed to detect and respond) from the next-gen endpoint protection vendors

2016 – UEBA (user and entity behavioural analytics) to add a new dimension to identifying anomalies and adding a layer of protection to identity beyond credentials

2017 – Machine learning as the panacea [AI techniques used by Black Hats now make it as much a part of the problem as the solution]

2018 – Identity and privilege as the key attack vector

RSA conference 2019:

This year, the theme of the RSA show itself was simply “Better” – better solutions, sharper algorithms, more highly developed machine learning and AI but also generally just being better at making cybersecurity a top priority across industries and a recognition that (i) the industry needs to up its game against increasingly strong, well organised, and well-funded criminal gangs and nation state actors, and (ii) that organisations need to improve their overall security stance. Some of the key vendor-led themes and marketing buzzwords that we picked up at the conference included:

Threat intelligence – having rich, granular data to interrogate was being pushed by many of the vendors at the show, and most of the larger players in particular. Beyond threat intelligence, many players are also trying to link this threat data to business risk in order to further prioritise scarce resource to detect and remedy issues.

Artificial intelligence – a generic marketing buzzword two years ago, is now commonly being deployed into very specific use cases. All the vendors are short of talent and use-case specific capability however, and many are seeking to add these through acquisition. Of particular note is the use of AI and machine learning techniques to better triage the firehose of alert data coming out of threat intelligence and systems Security Information and Events Management (SIEM), to enable Security Operations Center (SOC) analysts to be a lot more focused on high-threat items.

Managing identity and privilege remains key – identity theft is a key threat vector and none more dangerous than those in privilege positions (SysAdmins, payments processing teams etc.) 2018’s roll-up of BeyondTrust, Bomgar, Avecto and Lieberman into a scaled, broad-line player to challenge CyberArk for leadership (in which CG Results International advised Avecto) in this space is meaningful, but there remain a profusion of vendors (new and old) in this area.

Back to the future – a number of vendors talked to us about building or re-building capability to deploy products on-premise or in single-tenant private cloud in response to some larger customers, especially in financial services and government, expressing growing concern about the security of public cloud security infrastructure and containerisation.

Managed services are growing in importance within the space and not just for mid-market customers. Many product-focused vendors are talking about adding managed services to their Endpoint Detection and Response (EDR) platforms, and Symantec notably announced its new Managed Endpoint Detection and Response (MEDR) offering at the show. F-Secure was an early mover with this strategy and the intent to build a world-class services and managed services organisation played a key part in its acquisition of MWR last year. The growing shortage of skilled cybersecurity professionals will continue to drive this trend in our view.

The other theme that continues to drive our enthusiasm for the space is the overcrowded nature of the vendor space – some 600 vendors exhibited at the show this year, and the cyber taxonomy gets ever more crowded with start-up vendors seeking to solve new challenges or plug existing attack vectors in innovative ways.

With the average large corporate deploying security products from over 70 different vendors there is tangible need for the industry and real push from customers for more joined-up solutions from fewer vendors. This trend, coupled with the ever changing threat landscape, will see larger security vendors acquiring for talent, innovation, and to enter new solution categories. On the evidence of the RSA show, and broader themes in the industry, the future of cybersecurity M&A is bright indeed.

Last but not least, the CG Results International Award for Best On-Stand Display has to go to Garrison, a London headquartered start-up, which demonstrated it’s innovative hardware-enabled isolation solution using a touch-typing robot, Ravi to replicate a user navigating to websites, which are shown on the users screen as a video rather than an actual website.

Hope to see you there next year.

Read the full article in The Bulletin: Issue 71