The RSA show this past week in SF was quite a gathering. Having attended RSA every year for the past ten, I’d say this was the biggest and busiest show yet. This is not surprising given all the activity lately in the cyber-security and cyber-crime areas. Based on the many meetings I had during the show with cyber security company founders and executives, here are a few of the top themes I keep hearing about:
- The Endpoint Fights Back. Endpoint security for the past few years has been decidedly uninteresting. Sure A/V companies had their day many years ago, but more recently, all the action has been in the network security area. Now the pendulum seems to be swinging back. Since so many attacks emanate from a compromised or ill-intentioned employee, protecting the endpoint has become a focus of some of the smartest minds in the space. That’s a good thing because the endpoint keeps getting more complicated with the proliferation of mobile devices.
- The Industrial Internet, IoT and Cyber Threats. In VC land, we’re very excited about the proliferation of internet-connected devices. The systems in our homes, our cars and on our person are all increasingly monitored, with data available to us in real time. The same is true for industrial infrastructure. Bridges, roads, power plants and airports are all increasingly connected, with large control systems becoming automated. This adds threat surface for cyber criminals, with very scary implications. Security companies are now being founded to try to better protect “operational” networks and industrial systems.
- Securing the Cloud. The adoption of public cloud infrastructure and SaaS solutions in large and mid-sized companies continues at a rapid pace. IT has less and less visibility on where critical applications are running and sensitive data is being stored. This has created more threat surface for cyber criminals. As a result, cyber-security companies building solutions to monitor activity in the public cloud and help lock down critical infrastructure and data are gaining traction.
- Humans Make a Comeback. Cyber security companies have become reliant on increasing amounts of automation. New tools for managing and analyzing big data have enabled the birth of increasingly sophisticated security products. Despite this, cyber criminals are thriving. I’m seeing companies emerge that are introducing a human element back into their solutions, while still taking advantage of big data and automation. The toughest attacks involve human elements – phishing, social engineering, etc. Fighting fire with fire make senses.
- Cat & Mouse. One thing is for sure – this game will not be won or lost anytime soon. The criminals keep getting better and as cloud, mobile and IoT spread, more opportunities emerge for hackers. Cyber security vendors preaching “be-all, end-all” solutions seem doomed to fail, while those with a continuous innovation approach seem well positioned to thrive.