RSA 2015 continues to see reinforcement by the security industry on the collaboration of individual segments on threat detection and attack protection. Enterprises and their CIOs have (finally) come to realize that money does need to be spent on security infrastructure and advanced technologies to prevent monetary (and political) damage as the result of possible data breach.
Here are some trends I observed during my brief visit at RSA 2015:
- End-to-end security visibility:
- End-to-end security solutions:
- Post-breach threat intelligence using big data analytics:
The ability to view what’s happening in the network along with threat analytics and data management capabilities has become more and more important for network administrators. There are quite a few companies that provide such products or solutions including Firemon, VSS Monitoring, Skybox security, Gigamon.
More vendors are coming out with products or solutions that address end-to-end threat protection, from user authentication enhancements to security intelligence analysis and management in the cloud.
This continues to be an emerging and maturing segment. More companies are showing off their cyber kill chain platforms using big data analytics for threat intelligence and mitigations.
Still, the common problem that persists is the effectiveness of the threat analytics and modeling. Without the end-point data sensors in place, and often deployed on a gateway, the intranet traffic is typically not visible and therefore the cyber kill chain often remains incomplete or inaccurate.
Hillstone Networks, on the other hand, fills this gap nicely by combining advanced machine learning and data analytics technologies with other legacy firewall or NGFW mechanisms to provide more complete visibility into the cyber kill chain.
As stated by one of the keynote speakers, traditional security firewalls have failed to protect companies from today’s targeted, sophisticated and persistent threat attacks such as APT, zero day, etc. Next generation firewalls with intelligence has become an effective weapon to counter modern threats.
RSA 2015 has also shown that technology companies have entered a new phase, focusing on threat data and threat intelligence; collecting, correlating, analyzing and presenting threat related information so network administrators and security researcher can have clear and constructive visibility on how a threat attack progresses. This in turn, can provide effective mitigation actions that can be applied to better defend companies and critical assets from any future attacks.