It had been just a few years, so with a lot anticipation, and never slightly trepidation, 26,000 individuals descended on San Francisco for the RSA Convention. Distributors had been desperate to get again out in entrance of a dwell viewers and the expo flooring was tightly filled with greater than 400 exhibitors. Themes emerged in quite a few companies.
Let’s begin with information safety. With all of the speak of utility safety needing to “shift left”, (i.e., embedding safety processes into the event pipeline to scale back the assault floor of code earlier than it enters manufacturing), it is just pure that information safety ought to transfer in the identical course.
Keys and certificates related to purposes and containers have to be protected, as any group that has adopted a DevSecOps strategy will likely be conscious. Certainly, in a really perfect situation, capabilities reminiscent of key administration and encryption are baked into the workflows of builders and DevSecOps groups and “simply work.”
Identification was on the heart of many a dialogue. Reaching “zero belief” transformation with passwordless authentication obtained renewed consideration on the present. Eliminating passwords has been the holy grail for a lot of organizations and people over the previous 30 years, and Omdia believes that 2022 would be the yr that we lastly begin to correctly section out passwords.
On the subject of infrastructure safety, determining the ‘threat’ of cloud environments was a key subject of curiosity. Distributors reminiscent of Palo Alto Networks, Orca, Wiz, Verify Level, and plenty of, many others highlighted tooling to allow deeper understanding of 1’s cloud property, with an growing emphasis on cloud permissions administration as a key focus space.
Working to safe the event course of for creating cloud environments was one other space a lot mentioned, with Infrastructure as Code (IaC) a key sample for attaining essential scale. The broad curiosity in API safety was additionally noteworthy. Specialised distributors reminiscent of Salt Safety, Wallarm, Cequence, and others joined a number of of the cloud safety distributors in including API safety capabilities to their choices.
Wrapping up the important thing matters round infrastructure safety, it was noticeable how prevalent the conversations round Safe Entry Service Edge (SASE) had been, when it comes to main safety distributors aligning themselves to the broader SASE theme or to its subset generally known as SSE. Cisco, Netskope, Versa Networks, Forcepoint, amongst others, demonstrated built-in choices on this house.
Transferring on to SecOps, RSA Convention 2022 will maybe be seen as the primary large alternative for prolonged detection and response (XDR) distributors to make their case. Quite a few distributors made vital XDR bulletins, together with BitDefender (launching GravityZone XDR resolution), CrowdStrike (increasing Falcon’s XDR module), and RSA Group (debuting NetWitness XDR), amongst others. XDR has the potential to revolutionize enterprise menace detection and incident response (TDIR), making it quicker, simpler, and doubtlessly even cheaper to seek out, analyze, and repair cybersecurity threats.
Proactive approaches reminiscent of risk-based vulnerability administration and assault floor administration (ASM) had been additionally within the highlight. It has been clear all through 2022 that ASM merchandise are shortly turning into an vital element of broader proactive posture administration methods. The market, notably for exterior ASM (EASM) options, has been busy with each funding and M&A exercise.