Last week, ReliaQuest team members traveled to San Francisco to meet with enterprise security leaders and industry experts during the RSA 2020 Security Conference. Even with a few major drop-outs due to Coronavirus concerns, vendors continued to fill every nook and cranny – across the north, south, and west halls. ReliaQuest took a different approach, securing a nearby venue that allowed for comfortable, focused, and productive conversations. After a busy week meeting with customers, prospects, industry analysts, and press, these are the top trends we noticed during RSA conference week this year:
The Theme: “More of the Same”
In previous years, there have been obvious themes consistently repeated across the industry – such as behavioral analytics, automation, and cloud security. This year, the best description we’d use to capture the theme comes from an industry analyst our team met with: “more of the same”.
What do we mean by this? When looking across the crowded vendor floor, it became clear that the number of exhibitors in the RSA conference expo hall mirrored the explosion of tools in the security industry and the growth of tools used by enterprises. From network security to email security, user security, even social media security… every imaginable challenge had its own tools. In another meeting, one industry analyst stated that his firm is aware of upwards of 3,500 vendors in the security space. Just like the physical space at RSA, the security tool space is over-crowded and enterprises were struggling to sift through the noise.
Too Many Tools, Too Little Value – And An Open Door to Risk
Each specialized tool claimed to support either a piece of threat prevention or detection and response for distinct attack surfaces and environments. Add them up, however, and it’s more than any one enterprise can effectively utilize. Enterprise security teams reinforced to us that the time they spent managing, tuning, and troubleshooting each tool was taking away from time actually using each tool for its original purpose. According to ReliaQuest’s Technology Sprawl Survey, 69% of security decision makers report their security team spends more time managing security tools than effectively defending against threats.
Not only is this approach not sustainable, it introduces unintended risk, such as misconfigured controls that create blind spots, or over confidence the enterprise is prepared to detect threat types when the tools are not fully utilized.
A Need for a Different, More Effective Approach to Cyber Assurance
That brings us to the third theme of RSA – an important one for ReliaQuest. As tools multiply and environments evolve, how do security leaders know their controls will work as expected when an attack occurs? That’s where our announcement of integrated attack simulations into GreyMatter came in. Four months after the acquisition of Threatcare, GreyMatter now offers enterprises a turnkey approach to cyber assurance through continuous attack simulations across on premise and multi-cloud environments – thanks to a new capability called Verify.
Through use of persistent and dissolvable agents, certified integrations, and flexible simulations with impact ratings, Verify enables cyber assurance across disparate environments that provide continuous, actionable results. As part of the GreyMatter platform, Verify integrates across a wide range of security controls, allowing for proactive improvement of security programs while avoiding the pitfalls that characterize other attack simulation methods.
To learn more about Verify,