InfoSec News & Investigations

How We Used Data Science Magic to Predict Key RSA 2020 Themes and Takeaways

How We Used Data Science Magic to Predict Key RSA 2020 Themes and Takeaways

This blog was co-authored by Mark Hamill and Bob Rudis.

There’s nothing quite like attending the annual RSA security conference in San Francisco, but amid the noise of more than 40,000 attendees, hundreds of vendors, and a whirlwind of information, it can be tough to pull out key messages to take back to our desks.

As our team discussed our traditional RSA round-up blog, we started to wonder how easy it would be to predict those key themes before the conference even kicked off. So, this year, I hit the floor, while my colleague, Bob Rudis, wrote predictions from the comfort of his home office a few thousand miles away.

That’s right—as Bob leveraged his magical data science processes and a few decades of suffering through the annual hype cycle to hypothesize which major themes might be on display, I braved the handshakes, endless free swag, and the permanent reminder that business cards aren’t going away to put these predictions through their paces.

Read on to see how we fared, and get a sneak peak into whether I’ll get grounded in 2021 (or whether Bob will be forced to make the trip out to California!).

Key predictions for RSA

Bob’s first round of predictions arose from checking out the many cybersecurity-related RSS feeds he has subscribed to. Vendors are not shy about what they are going to bring to the Expo floor, and pundits and cybersecurity journalists are quick to cut and paste press releases to create news. From the flood of posts prior to RSA, here is Bob’s self-proclaimed “curmudgeonly” opine of what would be blasted out from the booths:

Prediction No. 1: SOAR

Everyone is going to have a SOAR offering, even if it’s just vaporware.

And the outcome is…

One theme that was consistent this year was that security is more than just technology—it’s a constant process underpinned by the professionals manning the front lines. The conference was branded as such, with the word “Human” appearing throughout the halls, and many tech companies jumped on this element to describe a lot of their efforts as an attempt to empower security people to get the job done. A lot of this came back to the fact that most folks have too many tasks and too little time, so the solution is efficiency in the solutions they provide. Both availability of data and automation of tasks featured heavily in the vendors I spoke with.  Collaboration was another key narrative—where information should not only be available, but easily shared between teams and even corporations in an effort to speed up timely responses to the right events. Training and cybersecurity skills were a prominent feature away from the major vendor booths, but I would say no more so than previous years.

So, check! Bob called it. People need help, and automation is how technology helps them maximize their effectiveness.

Prediction No. 2: Platforming (i.e., tucking all a vendor’s disparate offerings into an overarching GUI/management experience)

A slew of posts prior to RSA indicated that vendors are trying to make managing their tools and services easier on customers (which is a good thing!).

And the outcome is…

Once again at RSA, there were a slew of dashboards on offer at all demo pods, each more exciting and colorful than the last. This year, however, the pitch wasn’t the dashboard itself, but rather the information and overarching visibility it could provide. Phrases like “full stack” and “single pane of glass” weren’t being shouted from the rooftops, but they were clearly hidden in the subtext of what was on offer from vendors on the floor. The visibility angle also encompassed more and more around the theme of knowing what was in your environment in the form of assisted discovery of anything you might want to secure—including a ton around policy and configuration of cloud assets.

Check! Flashy dashboards are always going to be a great way to introduce people to your product, and this year was no exception. However, there was a bit more focus on dashboards/platforms being a means to an end, and a lot of emphasis on everything under one roof.

Prediction No. 3: Cloud, Cloud, Cloud

More vendors stepped up to the plate and noted they were pairing their on-premises offerings with cloud versions (or doing away with on-prem completely). This cloud noise also played to the tune of one of RSA’s talk topic themes: securing cloud assets and gaining visibility into what’s going on in cloud environments.

And the outcome is…

Tying in the human element, I found a lot of the booth branding and messaging this year to be somewhat technically ambivalent. Passing booth after booth on the way for a coffee, I found it almost hard to pick out just what the vendors were doing at a glance. There were more emotive terms in their descriptions than what they were offering, which could simply be an attempt to provoke different reactions or to simplify the offering and reduce the burden on users.

The major cloud service providers and relevant container technology logos were on display everywhere you looked, but they didn’t strike me as the story the vendors were trying to tell. This was also true in terms of how their offerings were instrumented. If you stopped to ask, you would easily hear how the technology was deployed via containers/engines/agents/smoke signals, but it wasn’t the primary focus. How the tools worked wasn’t as interesting as what they could do for their users.

Better dust off the passport and get ready to travel next year, Bob!

More takeaways from RSA

Bob also scraped the U.S. RSA 2020 conference agenda paragraphs and removed the ones that were associated with the training days (and lunch/breaks). After that, he did some basic NLP with Latent Dirichlet allocation to see whether any themes emerged.

Despite there being 24 official tracks, three overarching topics stood out (methodology/code is available if you hit up [email protected]):

  1. Security of open source software/ecosystem
  2. Securing “the cloud”
  3. Privacy (especially as it relates to privacy regulation)

Since I was diligently representing Rapid7 at RSA and had no cycles for such frivolity, we hope readers who attended talks can also confirm or contrast these emergent topics in the blog comments.

That’s a wrap!

It’s official: We don’t need to attend RSA next year! OK, so not quite. But it just goes to show that RSA is a significant melting pot of the previous 12 months of security updates and directions. The key players are in town, and while plenty of action happens away from the shop floor, the things we hear are the cutting edge of our industry—and we always learn something new, even if it is from a few thousand miles away!

While I’m confident I’ll have no less enthusiasm for signing up to attend RSA next year, perhaps Bob and I will swap positions and see whether we come out with a similar hit rate for RSA 2021.  Thanks for reading!

Original Source