Industry Trends

Taking a Look at Security Trends at RSAC 2019

By Jonathan Nguyen-Duy | March 12, 2019

This year’s RSA conference in San Francisco has brought more than 30,000 attendees and over 400 exhibitors together to try and grapple with the latest cybersecurity threat trends. As the cybersecurity landscape continues to evolve, and networks continue to transform at a rapid pace, security professionals have to stay on their toes to not only compete against cybercriminals, but to also ward off threats and harden new attack surfaces being introduced through the expansion of the network and the adoption of new technologies.   

Vendor trends

As always, there is literally too much information to consume. But with some simple analysis, we can break down some of the bigger security trends being unveiled at this year’s event and help separate the hype from the solutions that can actually help. When you walk the show floor you take away four general trends:

1) An over-focus on point solutions. For the most part, most vendors on the exhibit floor are pushing point-centric solutions designed to address some specific aspect of the security challenge. Of course, it's not just the vendors. Security sessions tend to drill down into specific sorts of security challenges as well. Of course, everyone claims that their widget is the lynchpin to solving your security challenge, but the reality is that most organizations already have a security closet filled with point products designed to address a specific challenge, but that can't be integrated into their larger security strategy. The reality is, any solution functioning on its own doesn’t move the ball forward.

2) The commoditization of differentiators. Far too many solutions fall into the “we do that too, but we do it better/different/cheaper” camp. This year, a growing number of vendors are talking about how they have integrated AI into their solution. Rather than being swayed by claims, buyers need to first determine if AI is necessary for their solution strategy, and then learn enough about it to ask questions, like: 

  • “How many years have you been training this AI?” (It needs to be a minimum of 3-5 or more years.) 
  • “How many nodes does it utilize to learn and make decisions?” (Anything less than several billion is not enough.)
  • “What Machine Learning models were used to train your AI?” (The three models endorsed by the AI community are supervised learning, unsupervised learning, and reinforcement learning—and all three need to be used.)
  • “Where do you get the data that you use for device training?” (Anything that doesn’t involve a massive amount of actual operational data is inadequate.)

3) Complexity. Many security devices are simply incapable of being easily integrated into the broader security framework. Any tool that can't operate across different environments, isn't available in multiple form factors, or doesn't easily integrate across solutions is going to add complexity to your security environment. And complexity is the enemy of effective security.

4) Inability to address today’s twin challenges of performance and interconnectivity. Security tools need to be fast, even when performing CPU-intensive functions like inspecting encrypted traffic. And they need to be able to understand and secure a digital world where different solutions and network environments are being highly intermeshed without losing track of data and devices or introducing security gaps that can be exploited.

Ask the right questions

Rather than building a security strategy starting with a product or trying to solve a specific problem, what if we started with what the board is asking the CFO to deliver? And the question they are most often asking is, “are we delivering a reasonable level of due care?” And the reason they are asking that is because new regulations and standards all include some version of the following requirement: your organization has to provide a reasonable level of due care through the deployment of products and processes to detect and mitigate risks.

This leads to, “how do we know when we have achieved that?” and “how do we demonstrate it?” 

Networks have changed. Security needs to catch up.

The problem is that too many security solutions still tend to be perimeter-based, with an assumption that the data center is at the core, the network is reasonably static, and that all other elements — mobile users and devices, branch offices, and multi-cloud environments — connect back to the central network in a hub and spoke design. Today, however, data is distributed, the perimeter is disappearing, and it is being replaced with a sophisticated, meshed network of networks with components that are not only continually changing, but are frequently temporary.  

In this new digital world, classic perimeter-based security solutions need to change. And what’s absolutely certain is that we can no longer afford for security tools to operate in isolation.

Organizations today require higher-order solutions. For segmentation to be effective, for example, it needs to be based on business objectives rather than perimeter controls. So in addition to being dynamically and automatically generated, translating business language into protocols allows them to be fully integrated into a single, holistic system that enables protocols to seamlessly follow workflows and data anywhere, regardless of where resources are located. 

Rethinking security from the ground up

Adjusting our traditional security paradigms is a matter of shifting from a micro to a macro focus. The reality is, a point product doesn’t solve the problem. What’s needed is a solution where the same holistic, integrated strategy can be applied to every device, regardless of its function or location, so you can see farther and engage more effectively with less overhead.

This requires both vendors and security professionals to stop looking at security as a series of individual product and platform features, and instead see it as an integrated architectural solution that can span the entire evolving network. Security needs to adapt to changes in real time as a single system, something that can be impossible to achieve if security is deployed as individual, isolated components. It needs to actively share and correlate threat intelligence—even between solutions from different vendors. And it needs to automatically initiate a coordinated response to detected threats that leverages every relevant security and networking resource available. Such an approach enables the validation and inventorying of devices and users, grants and tracks variable access, monitors every device and workflow through a central console, automatically encrypts data wherever possible, and then monitors all behavior looking for anomalous behaviors.

In today’s meshed and increasingly perimeterless networks, security teams need to be able to identify everything connected to their ecosystem—including its state and configuration, verify individuals or groups associated with the device, validate the request for access, and then log monitor and encrypt all traffic. And that is a challenge that few solutions on display at RSA this year were able to address.

Learn more about Fortinet's Security Fabric and AI Predictive Intelligence solutions.

Learn more about the FortiGate Enterprise Protection Bundle.