April 26, 2018

RSA Conference - Security Vendors Shuffle to Protect Clouds, Applications, IoT

By Jaclynn Anderson
Cloud security, secure application development, encryption and key management for IoT deployments were the dominant themes among vendors at this year's RSA Conference.

Securing the Cloud Remains Top Focus
Cloud security remains a major topic in the world of security. Traditional security vendors like Palo Alto Networks Inc., Fortinet Inc., and Check Point Software Technologies Ltd., all want to remain relevant as their customers migrate to the cloud, while cloud-focused vendors like Zscaler Inc. and Symantec Corp. see new opportunities as companies’ needs change in the virtual world.

One young company to watch is Luminate Security Ltd., which recently emerged from stealth mode in March 2018. Luminate, like other vendors in the software-defined perimeter space, including Vidder Inc., ScaleFT Inc. and Cyxtera Technologies Inc., are the pioneers of zero-trust networks, which aim to replace the traditional perimeter and internal segmentation model of network security. Zero-trust networks ultimately are positioned to threaten both traditional hardware security vendors in addition to the more cloud-friendly web gateway and proxy vendors. Unlike traditional security vendors, access is based on identity, not network location, and it removes the requirement for endpoint agents.

Most of the stand-alone CASB vendors have been acquired over the past two years by larger security vendors including Symantec, Microsoft Corp., Palo Alto and Cisco Systems Inc, with McAfee Inc.’s acquisition of Skyhigh in January 2018 the most recent. Only a handful of independent CASB point solutions remain, including Netskope Inc., Bitglass Inc. and CipherCloud Inc. The acquired vendors have a significant sales advantage from more mature channel relationships and access to a significant installed base of customers.

Application Security Drives Developers to Think Security
As some companies become borderless and virtual, more efforts are focused on making sure the internal applications developed, including those using open-source code, are secure. At the conference, Qualys Inc. announced new web application security offerings for automating security and optimizing processes in the DevSecOps space. A number of companies have been acquired in this space over the past year, including Black Duck Software acquired by Synopses Inc. in December 2017 and Veracode by CA Inc. in March 2017. Qualys and IBM Corp. are also in this space.

Container security vendors, after having a noticeable presence at Black Hat in August, were largely absent from the RSA Expo floor. The most notable container security vendors in attendance were NeuVector Inc., Tenable Network Security Inc. and Micro Focus International PLC, all of which had container security products or features become available in 2017. Most notably missing from the show floor was Aqua Security Software Ltd., the container security vendor most often mentioned in OTR Global security interviews and a 2017 RSA Conference exhibitor. Other container security vendors missing from the RSA Expo hall included Capsule8 Inc., Aporeto Inc., Anchore Inc., Twistlock Inc., Docker Inc., and Red Hat Inc.'s CoreOS. StackRox Inc., an Innovation Sandbox finalist at RSA, announced the availability of its container security product, Prevent, ahead of RSA. The Prevent product ensures that containers comply with standards and policies, in addition to assessing risk.

IoT Security Opportunities Focused on Encryption and Key Management
Securing the Internet of Things [IoT] encompasses multiple levels of security and varying needs depending on whether it is consumer IoT, industrial IoT [IIOT] or commercial IoT. While IoT has the potential to drive security business at different levels, including perimeter, identity management, and analytics, a key theme around IoT security was encryption and key management. Thales S.A. and Gemalto N.V. are vendors to watch.

Unlike many traditional security products, companies offering IoT technology often sell directly to the manufacturers. One security industry leader said, “The channel thinks they know how to sell IoT, and they are getting there, but we see most opportunities selling directly to manufacturers.”

GDPR Consequences Expected to be Permanent Sales Driver
Security industry leaders said multinational companies are scrambling to be ready for the GDPR compliance deadline of May 25, 2018. One industry leader said, “In the past, there was no real penalty for breached companies. They got beat up in the press a little, their stock price might go down, but they would bounce right back. But, now there is a cost to getting breached.” Another industry executive at the conference said, “When it comes to GDPR, the No. 1 thing we tell customers is don’t get hacked. We expect GDPR to cause security spending to either remain steady at this higher spending level or continue to rise. We still don’t know how it will be enforced. Everyone needs to see the first fines and that will drive any increase.”

WHAT: 2018 RSA Conference
WHO: The annual conference attracted 42,000 visitors
WHERE: San Francisco
WHEN: April 16-20, 2018