The annual RSA Conference is the largest security trade show in the world, and this year, there’s an extra level of desperation in the air. Security vendors and IT chiefs are looking to big data to help them understand how to protect companies from the ever-increasing tide of hackers looking to break in.
The RSA Conference is, at its heart, a show where the makers of security products come to pitch their wares to big enterprise buyers. Those buyers, of course, are more interested than ever, since big companies and consumers are both reeling from a string of high-profile breaches at Sony, JP Morgan, Home Depot, Target, and others.
Insiders say there’s a palpable shift in tone from how the security industry used to treat breached companies. They used to be pariahs: companies that had failed and obviously had inferior infrastructure.
Now, though, the incoming president of RSA tells Fortune magazine flatly that “security has failed.”
Security products used to promise prevention and protection. At past conferences, a security company might terrify IT officers with tales of potential security flaws and then tout an ironclad fix.
More recently, as breaches got more common and ironclad fixes less believable, the focus shifted to “intrusion detection.” Security experts started telling companies that they shouldn’t wonder if a breach might happen — only when.
So, the next wave of products promised to detect those inevitable breaches sooner, before they got out of control and compromised mass amounts of data (remember, the Target and JP Morgan hackers were roaming around inside the company’s networks for months before anyone noticed).
So this year, the product focus is something more like troubleshooting.
“Half the vendors here are talking about some app that can provide intelligence or ‘threat intelligence,'” says Chris McClean, a risk and security analyst at Forrester Research. “That’s the buzzword of the year here.”
From what I can tell, “threat intelligence” is really just a dramatic way of saying “figure out what’s happening and hopefully what might work to stop the bad guys.”
For example, I interviewed Vikram Phatak, CEO of a company called NSS Labs, which is a security research and advisory company that just launched a new product to help companies gather data about where they’re vulnerable to attack and how well their security products are working.
NSS Labs just raised $7 million in funding to grow its spectacularly named Cyber Advanced Warning System. It’s basically a subscription service with a web dashboard that offers analytics about a company’s security.
There are lots of points of possible failures. Most companies layer on multiple products, like an intrusion detection service, a firewall and a so-called “endpoint solution” (basically an antivirus or antimalware product like McAfee). And then there’s all the potentially vulnerable software the company runs, like Windows, Java, Flash, Internet Explorer and so on.
The Cyber Advanced Warning System dashboard might show, for example, that lots of attacks are getting through the firewall but being stopped by the antivirus software, but that the company is running an outdated version of Java and needs to update it before someone exploits it and takes over company systems.
The goal, says Phatak, is to help security pros understand how to better use the software they have, deploy the right settings on their company networks and get “situational awareness” about their overall security systems.
McClean says that approach — looking to the data — is a big theme at RSA this year.
“The message is right,” he says. “If you are telling an enterprise, we can take all of the disparate sources of information, we can tell you where you risks are and help you make better business decisions, how to allocate and where to prioritize and whether to use certain vendors in certain regions, then as a vendor, you’re in great shape.”
Still, he says there could be a whole new approach to security by next year, because cybersecurity threats are going to keep increasing for the foreseeable future — that is, there’s always something to be afraid of.
“Every year we say that in the last year we’ve seen breaches that are unprecedented and this totally changes the game,” he says. “Next year we’ll say there are new breaches that have changed the game; in three years there will be more breaches that change the game. The game will always have changed.”