It had been a couple of years, so with a lot anticipation, and never slightly trepidation, 26,000 individuals descended on San Francisco for the RSA Convention. Distributors had been wanting to get again out in entrance of a reside viewers and the expo ground was tightly full of greater than 400 exhibitors. Themes emerged in quite a few companies.
Let’s begin with information safety. With all of the discuss of software safety needing to “shift left”, (i.e., embedding safety processes into the event pipeline to scale back the assault floor of code earlier than it enters manufacturing), it is just pure that information safety ought to transfer in the identical course.
Keys and certificates related to functions and containers must be protected, as any group that has adopted a DevSecOps method might be conscious. Certainly, in a perfect situation, capabilities equivalent to key administration and encryption are baked into the workflows of builders and DevSecOps groups and “simply work.”
Identification was on the heart of many a dialogue. Reaching “zero belief” transformation with passwordless authentication acquired renewed consideration on the present. Eliminating passwords has been the holy grail for a lot of organizations and people over the previous 30 years, and Omdia believes that 2022 would be the yr that we lastly begin to correctly section out passwords.
On the subject of infrastructure safety, determining the ‘threat’ of cloud environments was a key matter of curiosity. Distributors equivalent to Palo Alto Networks, Orca, Wiz, Test Level, and lots of, many others highlighted tooling to allow deeper understanding of 1’s cloud property, with an growing emphasis on cloud permissions administration as a key focus space.
Working to safe the event course of for creating cloud environments was one other space a lot mentioned, with Infrastructure as Code (IaC) a key sample for reaching vital scale. The broad curiosity in API safety was additionally noteworthy. Specialised distributors equivalent to Salt Safety, Wallarm, Cequence, and others joined a number of of the cloud safety distributors in including API safety capabilities to their choices.
Wrapping up the important thing matters round infrastructure safety, it was noticeable how prevalent the conversations round Safe Entry Service Edge (SASE) had been, by way of main safety distributors aligning themselves to the broader SASE theme or to its subset referred to as SSE. Cisco, Netskope, Versa Networks, Forcepoint, amongst others, demonstrated built-in choices on this house.
Transferring on to SecOps, RSA Convention 2022 will maybe be seen as the primary huge alternative for prolonged detection and response (XDR) distributors to make their case. Quite a few distributors made important XDR bulletins, together with BitDefender (launching GravityZone XDR answer), CrowdStrike (increasing Falcon’s XDR module), and RSA Group (debuting NetWitness XDR), amongst others. XDR has the potential to revolutionize enterprise risk detection and incident response (TDIR), making it quicker, simpler, and doubtlessly even cheaper to seek out, analyze, and repair cybersecurity threats.
Proactive approaches equivalent to risk-based vulnerability administration and assault floor administration (ASM) had been additionally within the highlight. It has been clear all through 2022 that ASM merchandise are rapidly turning into an vital element of broader proactive posture administration methods. The market, notably for exterior ASM (EASM) options, has been busy with each funding and M&A exercise.
