Thursday, June 13, 2013

Top Five Insights from the 2013 Gartner Security & Risk Management Summit

This year's Gartner Security & Risk Management Summit--held in National Harbor, Maryland, just
outside of Washington, DC--was noticeably bigger... and in some ways, even better. (I got to get my photo taken with America's favorite zookeeper, 'Jungle' Jack Hanna, for one thing.) I guess this isn't too surprising since it followed the largest RSA Conference on record last February.

This year, there were over 2,200 attendees, including delegates and exhibitors. I don't remember how many attended last year, but my guess is that attendance is up 10-20% this year. Everyone agreed the exhibit hall was definitely bigger!

The following is a recap of the top five insights I took away from this year's Gartner conference:

#1 - The "Explosion" of Advanced Threat Protection

The era of Advanced Threat Protection is well underway. This was undoubtedly the most notable theme of this year's conference. If I had a nickel for every time I heard "FireEye" mentioned in a keynote or break-out session, I could pack up and retire.

The exhibit hall was chock full of vendors touting their abilities to detect advanced threats--in addition to FireEye, of course--including Palo Alto Networks, Damballa, Sourcefire, Trend Micro, AhnLab, Blue Coat, Zscaler, Proofpoint, and many more.

#2 - BYOD / Mobile Device Security Remains Hot

Clearly, the second-biggest theme this year was around BYOD (Bring Your Own Device) and securing mobile devices. Mobile Device Management (MDM) vendors got a lot of (deserved) attention this year, including AirWatch, Citrix, and MobileIron. In a recent Gartner survey on 2012-2014 security spending priorities, MDM came in first place! I can assure you that plenty of CISOs left the conference this week with a new-found respect for MDM. I know I did.

#3 - "Big Data" Is Alive and Well

Although not nearly as hot as it was at the RSA Conference in San Francisco last February, the concept of "Big Data" worked its way into virtually every session that talked about SIEM technology and tactics for uncovering advanced threats. Solera Networks--recently acquired by Blue Coat--definitely benefited from this theme. So did NBA (Network Behavior Analysis) vendors, like Lancope and Arbor Networks, who were almost forgotten three years ago.

#4 - Vulnerability Management Gets Much-Needed Love

Although the Vulnerability Management industry--or "Vulnerability Assessment," as Gartner calls it (don't get me started)--is a very mature market, it is still experiencing healthy growth. And I attribute much of this growth to the advanced threat landscape that has been snowballing over the last five years. The reason I say this can be summed up in one graphic in Mark Nicolett's presentation on "Operationally Effective Vulnerability Management." Mark had a slide that depicted the insignificant number of cyberattacks that typically occur within the first month following a public vulnerability disclosure and then the massive number of exploits that follow 2-3 months later. Further, Mark displayed the following strategic planning assumption (SPA) that I think makes a lot of sense: "Through 2015, 80% of successful attacks will exploit well-known vulnerabilities and will be detectable via security monitoring."

Our industry is so hot and heavy for Advanced Threat Protection products (and rightfully so) that it seems to have forgotten about the critical importance of good old-fashioned vulnerability management and patch management solutions. Vulnerability management and patch management should be the foundation of an effective advanced threat mitigation strategy--beyond the "meets minimum" activities for satisfying regulatory compliance.

#5 - It's No Longer a Matter of 'If'

It was so refreshing to hear everyone--analysts, attendees, and even vendors--all agree on one thing: It's no longer a matter of 'if' your network will be compromised. It's a matter of 'when.' There was so much attention given to threat 'detection' technologies that I almost wanted to install a Snort IDS when I got home!

In a related note, I heard the most remarkable strategic planning assumption (in Ray Wagner's keynote) that I've heard in quite some time--perhaps ever! "By 2020, 75% of enterprises' information security budgets will be allocated for rapid detection and response approaches, up from less than 10% in 2012." Although I'm not convinced this prediction is even half true, I'm sure it made a lot of security vendors smile.

No comments:

Post a Comment