Search Results



For all my criticism and snark about the 2017 RSA Conference, it is a glorious orgy of hysteria … and brilliance. When you concentrate intelligent people in one place, all matter of great things can happen. Drinking happens as well. Lots and lots of drinking.  Like gallons of beer.  Ugh, my liver.

We cannot go silently stumbling into the Uber. By hook or by crook, we must keep fighting to make information security work. RSA 2017 may go down as 45,000 people drinking away their frustrations.  However, among all that chaos, there is hope. It is often difficult to see and requires deep transcendental meditation…but it is there. I am certain I saw it.  Somewhere.

In his keynote this afternoon, Neil deGrasse Tyson reminded us of what a badass Einstien was. How he came up with ideas, such as the basic principles for the laser, that took another 50 years to be fully realized. This is the challenge of brilliant people. They are often so far ahead of their time, it is easy to dismiss them as nuts. Furthermore, what seems perfectly reasonable to them, may appear as chaos to outsiders.  Information security suffers from this challenge in multiple ways.  Our problems are so complex and the environment so volatile, that breakthroughs are difficult to discern from breakdowns.

Consider some of these trends that emerged from RSA 2017.

2017 Trends

Embedded inside all this hysteria, there are some notable trends.

Automation and Orchestration. Nearly every vendor is now talking about how their products can be automated to respond, and orchestrate their actions with other technologies. This is all part of the Security Analytics trend we predicted years ago. There is real promise here to help security teams fight the avalanche of data. However, I believe automation and orchestration will also help organizations empower more junior members of the team to have similar capabilities as the experienced people.

Homorphic Encryption. This Holy Grail technology has finally come to fruition. This is an example of an obscure security idea that most of us long since dismissed, but now it has come to reality. The idea of encrypting data, and then never decrypting it to search or process it is tantalizing. It could, theoretically, render the need for other security controls irrelevant.

Implicit Identity. Passwords (more specifically identity credentials) are the bane of information security. As long as we have them, they can be stolen and used for hacking. Implicit authentication removes that entirely, authenticating users based on a collection of data points about them. Another tantalizing technology with ample practical implications.

Software Development Lifecycle Integration. I observed quite a few vendors explaining how their products integrate directly to the development process. This is a positive trend. Far too many development groups push off security until late in the cycle. This can lead to security flaws that demand fundamental rearchitecting of the solution. If we can catch those problems early in the development cycle, the less disruptive it becomes to fix them (or avoid them entirely.)

Deceptions. These products place easily hackable honeypots in environments to serve as an early warning of attacks. The concept is sound, but in practice honeypots can be impractical. However, managed security providers would be a logical place for these technologies, as they can use them to monitor a client’s environment for the “unknown unknowns.” We are contemplating integrating deceptions into our Sherlock Managed Detection and Response service.

Getting Real About Threat Intelligence: After years of threat intelligence hysteria, people are wising up to the reality that its not all that. Moreover, some of the best TI is free. But TI, like any intelligence, must be contextualized to be valuable.

Identity-Based Security. Implementing security controls based on user roles is not a new idea. However, we are seeing identity-based control seeping into new areas. Many data and threat analytics technologies are using identity to correlate and alert.

Cloud. Security is finally embracing the cloud entirely. We believe the cloud is a more secure environment, overall. However, you cannot translate on-premise controls and practices directly to the cloud.  There is a lot of opportunity for companies to cloudify their platforms.

The Battle for the Endpoint: Another trend we predicted a few years back. The endpoint is where all the action is, again.  This is partially due to the rapid irrelevance of the perimeter.

Digital Geneva Convention: Microsoft’s proposal to create a set of norms for nation-states to follow in the realm of cybersecurity. It is a noble idea and worth pursuing for the mere act of compelling nations to discuss offensive cyber. However, the practical value of such an agreement is questionable. Criminal organizations and terrorists do not follow international treaties. And nation-states can easily pin the blame on these groups.


Last night, I wrote that we needed destruction and rebirth. We may have come too far. But before we resign and get banished to the Village, let’s make a difference. We know what is right, good, and ethical.

Over and over again, speakers told us “we must do better.”  Those are words, not reality. We must put those words into action. So, plant your butt in the chair and make it happen. Not a single one of the vendors on the expo floor are going to do it for you. Their promises of making information security easy are only to get you to buy more stuff.  Stuff is not what you need.  You need to make all that stuff work together.

Start being the change you want to see.

Be seeing you at RSA 2018.