My RSA 2017 Recap

Every year I try to recap what I saw and did at RSA, so here’s the capture for 2017. It won’t be comprehensive, but should get most major things.

Impressions

• Things are just fine for companies selling products, but not so great for the companies using them.

• We continue to under-emphaize fundamentals, and we get hacked as a result.

• I was hoping this year would see more companies talking about resilience instead of prevention, but I didn’t get that impression from the floor or from the vendor list.

Activities

• IOAsis: This was my second RSA at IOActive, and this year was both more stressful and more excellent than last year. The IOAsis, for those who don’t know, is an off-location event that IOActive puts on at the major security conferences, and basically serves as a getaway from the main event where there are too many people. This year I had a couple of panels, a couple of talks, and a ton of customer meetings and media interviews. Lots of stress, but lots of productivity as well.

• Hanging with Friends: What I look forward to most is seeing my friends and co-workers all in one place.

• Vendors and Networking: RSA to me is a sales, vendor, and networking conference. It’s a chance for me to see the various vendors and what they’re selling and a chance to see all my security friends who I only see a couple of times a year.

• Speaking: I spoke at RSA on Thursday on the topic of testing Medical Devices, and the slides are here.

RSA Vendor Categories

RSA organized their vendors into the following spaces, which I found interesting enough by itself.

• Analytics, Intelligence, and Response

• Application Security & DEVOPS

• C-Suite View

• Cloud Security and Virtualization

• Cryptography

• Governance, Risk, and Compliance

• Hackers & Threats

• Human Element

• Identity

• Law

• Mobile and IoT Security

• Policy & Government

• Privacy

• Professional Development

• Protecting Data & Applied Crypto

• Technology Infrastructure & Operations

A Security Vendor List

I didn’t get to walk the floor as much this year as I normally do, but I did see or hear about a few key ones. My favorite types of technologies right now are based around data analysis, biometric authentication, attack surface and risk visibility/scoring, and deception.

What I’ve done here is gone through the RSA 2017 Vendor List and capture most of the technology vendors that had a presence at RSA. I used the official vendor list as the starting point and then discarded certain types of company, like services orgs, companies with no good description of what they do, or companies that are super well-known.

This is the overall list, and the section below I call out some interesting ones.

[ NOTE: These are my own hyper-concise summaries for these vendors and many could be inaccurate. I created this list either based on my own experience with the vendor or by reading the short summary they had published on the RSA site. Don’t take it personally if I mangle a product you’re close to; reach out and I’ll fix it. ]

• Acalvio: DEVOPS integration of Deception technologies.

• Adlink: IoT UTM device.

• Agari: Enterprise phishing defense.

• Akips: Virtual network monitoring appliances.

• AlgoSec: Security policy management across cloud, on-prem, SDN, etc.

• Allegro: OEM-focused embedded device software security.

• AllthatSoft: Mobile application defenses, including obfuscation.

• Anomali: Adversary detection through realtime threat indicator correlation.

• Appthority: Mobile risk analysis and analytics.

• Apricorn: Portable USB storage security.

• Aqua Security: Virtual container security.

• Armis: Wireless/IoT security.

• Arxan: Application self-protection.

• Attivo: Deception-based threat detection.

• Auth0: Simplified SSO.

• AvePoint: Protects O365 and SharePoint data.

• Ayehu: IT automation and orchestration.

• Baffle: Reduces impact of breaches by encrypting all data.

• Balabit: Privileged user monitoring and user behavior analytics.

• Bandura: GeoIP-based filtering.

• Bastille: Security for the Internet of Radios.

• Bay Dynamics: Prioritize enterprise security activities based on risk.

• BehavioSec: User behavior analytics.

• BigID: Helps enterprises secure the personal data they store.

• Biscom: Enterprise data transfer technologies.

• Bitglass: Real-time CASB.

• BitSight: Security ratings for companies based on many factors.

• Bivio: Counter-threat technologies with many Federal customers.

• Blackduck: Understand the risk of the open-source software you’re using.

• Blueliv: Scrapes the deep/dark web finding information on your organization.

• BlueTalon: Data-centric security focused around noSQL technologies.

• Bradford Networks: Reduces malware containment time.

• Bricata: Modern NGIPS-based threat detection.

• Bromium: Application isolation technology.

• Bufferzone: Virtual container technology.

• Buguroo: Cyberintelligence based on static analysis, vulnerability management, fraud detection.

• Carbon Black: Next-gen endpoint security.

• Catbird: Software defined network microsegmentation.

• Cavirin: Security and compliance across physical, public, and hybrid clouds.

• Cavium: High-throughput network gear.

• Centri: Data security for the Internet of Things.

• Centrify: Secures enterprise credentials and systems through centralization.

• Centripetal Networks: Threat Intelligence gateway.

• CheckRecipient: Ensures sensitive data isn’t sent to the wrong people via email.

• Cloudera: Data management and analytics.

• Cloudlock: API CASB.

• CloudMask: Track and protect data throughout its lifecycle.

• CloudPassage: Visibility and protection for servers in any environment.

• Cobalt Labs: Trusted, crowd-sourced pentesting platform.

• Code42: SaaS provider of endpoint data protection.

• Corax: High-level risk metrics that enable better decision-making for your organization.

• Corelight: Bro-based network monitoring.

• Corero: Realtime, high-performance DDoS defense solution.

• Counter Craft: Automated deception-based counterintelligence campaigns.

• CounterTack: EDR technologies.

• Covertix: Find, classify, and protect sensitive data as it travels.

• Covisint: Identity for the Internet of Things.

• CradlePoint: Software-defined, always-on connectivity based around 4G LTE.

• CrossMatch: Risk-based authentication by user and context.

• CrowdStrike: Endpoint protection, threat intelligence, and response.

• CryptoMove: Active defense.

• CryptoSense: Identify and remove crypto-based bugs in software.

• Cryptzone: Software-defined network access solutions.

• CSPi: Cyber-threat detection and solutions.

• CTERA: Secure file services within the cloud.

• Curtail Security: Identify zero-day through software-based traffic analysis.

• Cybellum: Zero-day protection platform.

• CyberArk: Enterprise credential and privileges control.

• Cybereason: Detection and response using big data, behavioral analytics, and machine learning.

• Cyberfend: Defends stolen credentials.

• CyberOwl: Early warning system for high value targets including IoT.

• Cyber Triage: Endpoint-based incident response software.

• Cybric: Continuous security-as-a-service platform for SDL.

• CYBRScore: Measure’s a user’s ability to defend a network.

• CyKick Labs: Defends web applications with machine learning, big data analytics, and machine learning.

• Cylance: Machine learning based endpoint protection.

• Cymmetria is a cyber deception startup.

• Cyphort: Integrate with security tools to discover and contain advanced threats.

• CYREN: Cloud-based proxies and sandboxing.

• Cytegic: Cloud-based cybersecurity management solution for risk management.

• D3 Security: Incident response and case management.

• Daon: Developing and deploying biometric authentication.

• Dashlane: Access management.

• Datablink: Advanced authentication and transaction signing.

• DataLocker: Hardware and cloud-based encryption solutions.

• DataSunrise: Database security.

• Dedrone: Complete drone detection and countering platform.

• Defence Intelligence: DNS security solutions.

• DefenseStorm: Unifies detection, investigation, reporting, and compliance into one platform.

• Digital Shadows: Provides a complete view of an organization’s digital footprint and its attackers.

• Distil Networks: Web application bot detection and mitigation.

• DomainTools: Turns threat data into threat intelligence, linking indicators to domains.

• Drawbridge Networks: Microsegmentation based automatic detection and response to internal attacks.

[ …to be continued. Currently stopped in the D’s, but will continue soon. If you want to help let me know on Twitter. ]

Interesting Vendors

I’ve given uninteresting one-sentence summaries for these just like in the list above, but trust me—if you haven’t looked at these vendors before, you should at least look into them. It doesn’t mean they’re perfect, or that they can even do what they say they do, but it does mean that their space or their approach to that space is interesting.

• SentinelOne: a true game-changer in endpoint protection.

• Bitglass: a unique approach to filtering traffic from any endpoint.

• Transmit Security: Programmable biometric authentication.

• ProtectWise: Enterprise-wide traffic capture and analysis.

• Payfone: Transparently authenticate online transactions.

• Opaq Networks: Centralized network security management through the cloud.

• Phantom Cyber: A security automation and orchestration platform.

• Security Scorecard: Rates companies’ risk using a number of factors.

• Kenna Security: Prioritizes what to fix based on what it knows about your organization.

• Cyence: Attempts to assign actual dollar amounts to cyber risk.

• Corax: Cyber risk analytics for the C-suite.

• Quadmetrics: Predictive cybersecurity risk measurement for policy decisions.

• RiskSense: Risk visibility and orchestrated remediation.

• UpGuard: A cyber resilience platform.

• Bay Dynamics: Quantifying the financial impact of cyber risk.

• RedSeal: Digital resilience.

• SafeBreach: Virtual hackers that continuously validate your controls.

• AttackIQ: Continuous validation of your security controls.

• Verodin: Demonstrates how your people, process, and technology responds to attacks.

• Cronus: Continuous pentesting.

• Harvest.ai: DLP meets user behavior analytics.

• IXIA: Validation of your security posture.

• BlueVector: Machine learning based threat hunting.

• Bitsensor: Realtime web application defense and visualization.

• Darktrace: Enterprise immune system.

• Tanium: “Which servers are vulnerable to Shellshock?”, with 15-second response time.

• Okta: Identity cloud.

[ NOTE: I don’t endorse any of these products, for a couple of reasons. First, I don’t endorse things I haven’t had direct experience with in some form. Second, I run the consulting group for my employer (IOActive), and we are an extremely vendor agnostic company. So while I might say I like what a company is doing, or that you should look into it, there’s a big difference between that and an endorsement. I’m more than happy to do the former, and will almost never do the latter. ]

Notes

1. The vendor list is very much focused on technologies, so there aren’t many solution or service companies listed.

2. Some of the interesting vendors I got from my own knowledge, from the RSA list, and from the Momentum Partners presentation.

Related posts:

1. It’s Time for Vendor Security 2.0

2. The Future of Pentests, Bug Bounties, and Security Testing

3. Everyday Threat Modeling

4. Explaining Threats, Threat Actors, Vulnerabilities, and Risk Using a Real-World Scenario

5. My RSA 2019 Summary