Securosis Guide To Rsac 2015

KEY THEMES
See what the Securosis folks

think will (and wont) be the
talk of the show this year.
DISASTER RECOVERY
BREAKFAST
Of course we are hosting
breakfast again. Duh!
COVERAGE AREA
DEEP DIVES
A deeper dive into each of our
subject areas.
Welcome to the RSA

Conference Guide 2015
Way back in 2010, we here at Securosis decided to put together a little guide to the
RSA Conference. Sure, there s the official conference schedule, session descriptions,
show floor map, and heck, even an entire website, but we thought people would
appreciate an actual hands-on guide with a little analysis. You know, things like key
themes we expect to see, analysis of major security segments, recommendations for
decent restaurants, and even a breakdown of vendors based on what they actually do.
This year, the fine folks at the RSA Conference decided to let us post the content on
CHECK OUT OUR

RESEARCH
A list of the drivel weve
published lately with links to
our video blogs.
their official blog, and offered to host the final PDF for conference attendees. All
without any filters or editing. We are fairly certain someone is going to get fired. We
almost feel kind of bad about that.
We realize not all of you are familiar with
Securosis or how we do things, so to kick
WHERE TO SEE US
off this year s Guide, I thought I d give you
Where you can see us speak,

hang, and/or drink at the
show.
a little background on how we produce the

research and what to expect. As an analyst
firm, we spend most of our time drinking
DINING AND
BEVERAGE GUIDE
What you need to know to
survive a week in close
proximity to Moscone.
and pontificating in a variety of media.

Seriously. It s a real job.
But more seriously we are fully committed
to open research, which means we draft
nearly everything in public on our blog, collect public comments, and then compile it
into a paper. That way the world gets to see the research as we draft it, and can
participate with comments and criticism we call it Totally Transparent Research.
Sometimes we even draft everything on GitHub, where you can see and participate in
Securosis, L.L.C.
515 E. Carefree Highway, Suite 766 Phoenix, AZ 85085
T 602-412-3051
info@securosis.com
www.securosis.com
the entire editing process. We follow the same process for this Guide to the RSA Conference (RSAC-G for short).
The RSA Conference is the single biggest event in our industry. Love it or hate it, there is no better place to put your
thumb on the security industry and get a sense of where things have been and where they are headed. But navigating
such a large event and filtering out all the BS only gets harder as the event continues to grow. The goal of this RSAC-G is
to help you better plan for, and take advantage of, the event.
We ve been going to the conference over 15 years, which means
at least a couple of us are closing in on spending four months of
our lives wandering the halls of the Moscone Center. No, that
isn t something we are proud of, but by now we ve learned the
best combination of protein bars (ThinkThin), beverages (water
and coffee, Gatorade to help with the hangover), and clothing (a
good hoodie and jeans) to survive the week. And it is a week
now the days of the three-day RSA Conference seem like a
distant memory.
So its a surprise that we write for a living?
We have faces made for radio and podcasts
We break the RSAC-G into three major sections; and always add
a good dose of snark, memes, and humor into the Guide just to
keep you guessing. It starts with what we expect to be the major
themes for the show the threads you ll see woven throughout sessions and marketing material on the show floor. Then
we dive into the major security technology areas, going deeper on what you can expect to see.
Over the years we ve learned that RSAC, not December 31, is the best time to take stock of the security year. It s the
delineating event that many vendors plan their entire marketing cycles around. So this guide has evolved from a simple
overview of a conference to an in-depth annual review of our industry. At least that s what our enormous egos tell us.
As always, we d like to thank all our Contributing Analysts who pitch in on this massive project every year: David
Mortman, James Arlen, Dave Lewis, Gunnar Peterson, Gal Shpantzer, and Jennifer Minella and our ever-vigilant
editor, Chris Pepper. And this year we d like to thank the RSA Conference team for taking such a big risk in letting a
bunch of snarky analysts post whatever we want on their official site.
Rich, Mike, and Adrian
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
Key Themes
How many times have you shown up at the RSA Conference
to see the hype machine fully engaged on a topic or two?
Remember how 1999 was going to be the Year of PKI? And
2000. And 2001. And 2002. And how every company had a
solution to stop APTs in 2011. And 2012. Wait, its still the
year of the APT. Oy. So what will be the news of the show
this year? Here is a quick list of some key topics that will
likely be top of mind at RSAC, along with why you should
care.
Every year we like to start the RSAC Guide with a review of major themes you will most likely see woven through
presentations and marketing materials on the show floor. These themes are a bit like channel-surfing late-night TV the
words and images themselves illustrate our collective psychology more than particular needs. It is easy to get excited
about the latest diet supplement or workout DVD, and all too easy to be pulled along by the constant onslaught of finelycrafted messaging, but in the end what matters to you? What is the reality behind the theme? Which works? Is it lowcarb, slow-carb, or all carb? Is it all nonsense designed to extract your limited financial resources? How can you glean
useful nuggets from the noise?
This year we went a little nutty, and decided to theme our coverage with a sports and fitness flavor. It seemed fitting,
considering the growth of security and the massive muscle behind the sports, diet, and fitness markets.
Change
This year at RSAC the vendors are 18% more engaged, solutions are 22% more secure, and a whopping 73% of products
and solutions are new. Or are they? To the untrained eye the conference floor is filled with new and sensational
technologies, ripe for consumption cutting-edge alongside bleeding-edge where the world comes to talk security.
While those percentages may be fabricated horse crap, our underlying message is about perceptions of and influence
over real change.
It s like deja-vu, all over again, as Yogi Berra once mused. Flipping through the conference guide, that will be the
reaction of observers who have made their way by watching the ebbs and flows of our industry for years. The immediate
recognition of companies acquired, products rebranded, and solutions washed in marketing to make them 84% shinier,
feeds strong skepticism that we are actually making progress through this growth we call change . So here is our Public
Service Announcement: change is not necessarily improvement.
Change can be good, bad, or neutral, but for some reason our human brains crave it when we are at an impasse. When
we hit a wall or bonk when we are frustrated, confused, or just pissed off we seek change. Not only seek, but force
and abuse it. We wield change in unusual and unnatural ways because something that s crappy in a new and different

Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
way is better than the current crap we already have. At
analytical techniques (time for the Big Data drinking
least with change there s a chance for improvement,
game!) to help figure out which attack represents the
right? And there is something to be said for that. Coach
greatest risk. Others will talk about profiling users and
John Wooden said Failure is not fatal, but failure to
looking for anomalous behavior. Yet another group will
change might be. If we keep changing if we keep
focus on understanding the adversary and sharing
taking more shots on goal eventually we ll score.
information about them. All with the same goal: to help
But are we changing the right things? Does reorganizing,

rebranding, or reinventing the cloud or the IoT help in a
you optimize limited resources before you reach the

point of security bonk.
meaningful way? Perhaps, but you are not simply at the

mercy of change around you. You, too, can influence
change. This year as you walk around the sessions,
workshops, and booths at RSAC, look for opportunities
to change other things. Change your perspective, change
your circle of influence, change your approach, or
change your habits. Ask questions, meet new people,
and consider the unimaginable. We guarantee at least
19% change with a 12% effort, 99% of the time.
(Jen Minella, Contributing Analyst)
The Security Bonk

For better or worse, a bunch of the Securosis team have
become endurance athletes. Probably more an
indication of age impacting our explosiveness, and
constant travel impacting our waistlines, than anything
else. So we re all too familiar with the concept of
bonking : hitting the wall and capitulating. You may not
give up, but you are just going through the motions.
To carry the sports analogy to the next step, you are like
Sound familiar to you security folks? It should. You get
the general manager of a football team. You ve got holes
bonked over the head with hundreds or thousands of
all over your roster (attack surface) and you need to stay
alerts every day. You can maybe deal with 5, and that s
within your salary cap (budget). You spend a bunch of
a good day. So choosing the right 5 is the difference
money on tools and analytics to figure out how to
between being hacked today vs. tomorrow. Alert fatigue
allocate your resources, but success depends more on
will be a key theme at RSA Conference 2015. You ll see
people and consistent process implementation.
a lot of companies and sessions (wait, there are sessions
Unfortunately people are a major constraint, given the
at RSAC?) talking about more actionable alerts. Or
limited number of skilled resources available. You can
increasing the signal to noise ratio. Or some similarly
get staffers through free agency (expensive experienced
trite and annoying term for prioritization.
folks, who generally want long-term deals) or draft and

develop talent, which takes a long time.
Vendors come at the problem of prioritization from

different perspectives. Some will highlight shiny new

Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
And in two years, if your draft picks don t pan out or your high-priced free agents decide to join a consulting firm, you
get fired. Who said security wasn t like life? The football life, anyway!
(Mike Rothman, President)
Get Bigger (Data) Now!!!

This year at RSAC we will no doubt see the return of big data to the show floor. This comes along with all the muscle
confusion it generates not unlike CrossFit. Before you hoist me to the scaffolding or pummel me with your running
shoes, let s think about this. Other than the acolytes of this exercise regimen, who truly understands it? Say Big Data
out loud. Does that hold any meaning for you, other than a shiny marketing buzzword and marketing imagery? It does?
Excellent. If you say it three times out loud a project manager will appear, but sadly you will still need to fight for your
budget.
Last year we leveraged the tired (okay, exhausted) analogy of sex in high school. Everyone talks about it but... yeah.
You get the idea. Every large company out there today has a treasure trove of data available, but they have yet to truly
gain any aerobic benefit from it. Certainly they are leveraging this information, but who is approaching it in a coherent
fashion? Surprisingly, quite a few folks. Projects such as the Centers for Disease Control s data visualizations, Twitter s
Topography of Tweets , SETI s search for aliens, and even Yelp s hipster tracking map. They all leverage big data in
new and interesting ways. Hmm, SETI and Yelp should probably compare notes on their data sets.
These projects are happening, often despite the best intentions of organizational IT security departments. Big data is
here and security teams need to get their collective heads around the situation rather than hanging about doing kipping
pull-ups. As security practitioners we need to find sane ways to tackle the security aspects of these projects, to help
guard against inadvertent data leakage as they thrust forward with their walking lunges. One thing we recommend is a
hike out on the show floor to visit some vendors you ve never heard of. There will be a handful of vendors developing
tools specifically to protect big data clusters, and some delivering tools to keep sensitive data out of big data pools. And
your Garmin will record a couple thousand more steps in the process. Additionally, just like many big data platforms
and features are built by the open source community, so are security tools. These will be under-represented at the
show, but a quick Google search for Apache security tools will find additional options.
Your internal security teams need to be aware of the issues with big data projects while striking a balance supporting
business units. That will truly cause muscle confusion for some. If you re looking for the big data security purveyors,
they will most likely be the ones on the show floor quietly licking wounds from their workouts while pounding back
energy drinks.
(Dave Lewis, Advisor)
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
DevOpsX Games
DevOps is one of the hottest trends in all IT sailing over every barrier in front of it like a boardercross racer catching
big air on the last roller before the drop to the finish. (We d translate that, but don t want to make you feel too old and
out of touch).
We here at Securosis are major fans of DevOps. We think it provides opportunities for security and resiliency our
profession has long dreamed of. DevOps has been a major focus of our research, and even driven some of us back to
writing code, because that s really the only way to fully understand the implications.
But just because we like something doesn t
mean it won t get distorted. Part of the
problem comes from DevOps itself: there
is no single definition (as with the closely
related Agile development methodology),
and it is as much as a cultural approach as
a collection of technical tools and
techniques. The name alone conveys a
sense of desegregation of duties the sort
of thing that rings security alarm bells. We
now see DevOps discussed and used at
nearly every major enterprise and startup
we talk with, to varying degrees.
DevOps is a bit like extreme sports. It pushes the envelope, creating incredible outcomes that seem nearly magical from
the outside. But when it crashes and burns it happens faster than that ski jumper suffering the agony of defeat (for those
who remember NBC s Wide World of Sports... it s on YouTube now; look it up, young ns).
Extreme sports (if that term even applies anymore) is all about your ability to execute, just like DevOps. It s about
getting the job done better and faster to improve agility, resiliency, and economics. You can t really fake your way
through building a continuous deployment pipeline, any more than you could backflip a snowmobile (really, we can t
make this stuff up YouTube, people). We believe DevOps isn t merely trendy, it s our future but that doesn t mean
people who don t fully understand it won t try to ride the wave.
This year expect to see a lot more DevOps. Some will be good, like the DevOps.com pre-RSAC day the Monday before
the conference starts. And vendors updating products to integrate security assessment into that continuous deployment
pipeline. But expect plenty of bad too, especially presentations on the risks of DevOps that show someone doesn t
understand DevOps doesn t actually allow developers to modify production environments despite policy. As for the
expo floor? We look forward to seeing that ourselves... and as with anything new, we expect to see plenty of banners
proclaiming antivirus is DevOps ready .
Posers.
(Rich Mogull, CEO)
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
Go Pro or Go Home
In some sports the line between amateur and pro
athletes can be a bit murky. Take rugby, for example,
mystery either. Follow our going pro advice, and your

rankings will soar.
Seek these five I s to Go Pro at RSAC:
where club teams compete in a bracket system to earn

1. Integration: Create more value by connecting
their spot up (or down) the ranks of European rugby
data points for automated actions and defense.
series. Imagine the Seattle Seahawks moving down to a
You ll see a lot of talks and solutions touting
lesser series next season as a result of their 2015
integration this year at RSAC. Seek out and soak
Superbowl loss, and you start to understand the blurred
in anything that could help your environment.
lines for some professional athletes.
2. Iteration: Explore continuous improvement
In the security world pressure also runs both ways. Our
through DevOps and Agile methodologies.
profession no longer needs to prove the world has a
Things that build security in, rather than trying
security problem the headlines scream it nearly every
to protect from outside.
day. And some people still who think they are playing
club security suddenly wake up to find themselves
3. Intelligence: Effectively applying threat
playing in the World Cup without understanding how
intelligence will boost your abilities. Out of the
they got there. In only a few years our entire industry
350 breakout sessions at RSAC this year, it
rocketed into the majors, like it or not. And to further
seems like 178 involve threat intelligence, so you
muddle our metaphor, no fair few armchair
have plenty of opportunity. As Michael Jordan
quarterbacks are in the big leagues now, and need to put
says, Talent wins games, but teamwork and
up or shut up.
intelligence wins championships.
All right, maybe we pushed that a little too far. Here s
4. Innovation: Show you can go pro by sifting
the situation: information security is on the front lines of
through marketing fluff to find the real
protecting our economies and infrastructure. It s a level
innovation at RSAC. Oh yeah, it s there, hiding
of validation many security professionals have wanted
in the haystack, and around the perimeter of the
for years, but now that it s here it exposes personal and
show floor.
professional weaknesses. There is massive demand for

5. Information: Don t just consume it give it
pragmatic security pros who can get the job done, but
not enough of us to fill all the positions. It is a scarcity
back. Just remember that data is valued more
that must be filled, despite the skills shortage. This
than opinion. Opinions are like... well, you know
creates a revolving door as people pop up to positions of
the saying.
trust, fail to meet the requirements, and get pushed back

down.
RSAC is the Goliath of information security conferences.

Despite our critical raised brows at many vendors sugar-
You ll see this skills shortage play out throughout the
coated crap, the truth is there is a huge opportunity to
conference. On the floor it will show as more and more
learn and teach throughout the week. If you can t find
companies offering services and emphasizing automation
some value on your path to going pro... that s your
and reduction of operational costs. In presentations it
problem.
will manifest as professional development and making

do with less. Behind it all is a challenge: how can you go
(Jen Minella, Contributing Analyst)
pro and stay there? The answer isn t easy, but it isn t a
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
IoWTF
Have you heard a vendor brag about how their old product now protects the Internet of Things? No, it isn t a pull-up
bar it s an Iron Bar CrossFit (TM) Dominator!
You should be mentally prepared for the Official RSA Conference IoT Onslaught (TM). But when a vendor asks how
you are protecting IoT, there s really only one appropriate response:
I do not think that means what you think it means.
Not that there are no risks for Internet-connected devices. But we warned you that it would hit the hype bandwagon,
way back in 2013 s Securosis Guide to RSAC:
We are only at the earliest edge of the Internet of Things, a term applied to all the myriad of devices that
infuse our lives with oft-unnoticed Internet connectivity. This won t be a big deal this year, nor for a few
years, but from a security standpoint we are talking about a collection of wireless, Internet-enabled
devices that employees won t even think about bringing everywhere. Most of these won t have any
material security concerns for enterprise IT. Seriously, who cares if someone can sniff out how many
steps your employees take in a day (maybe your insurance underwriter). But some of these things,
especially the ones with web servers or access to data, are likely to become a much bigger problem.
We have reached the point where IoT has become the least understood and most misused term in common usage
among not just the media, but also IT people and random members of the public. Just as cloud spent a few years as
the Internet , IoT will spend a few years as anything you connect to the Internet .
If we dig into the definitional deformation on the show floor, IoT seems to be falling into two distinct classes of product:
(a) commercial/industrial things that used to be part of the industrial control world like PLCs, HVAC controls, access
management systems, building controls, occupancy sensors, etc.; and (b) products for the consumer market either
from established players (D-Link, Belkin, etc.) or complete unknowns who got their start on Kickstarter or Indiegogo.
There are real issues here, especially in areas like process control systems that predate IoT by about 50 years, but little
evidence that most of these products are actually ready to address the issues, except the ones which have long targeted
those segments. As for the consumer side, like fitness bands? Security is risk management, and that is so low on priority
lists that it is about as valuable as a detoxifying foot pad. We aren t dismissing all consumer product risks, but worry
about web apps before lightbulbs.
At RSAC this year we will see IoT-washing in the same way we have seen cloud-washing for years lots of mature
technology rebranded as IoT. What we won t see is any meaningful response to consumer IoT infiltration in the
business. This lack of meaningful response nicely illustrates the other kinds of change we still need in the field: security
people who can think about and understand IPv6, LoPAN, BLE, non-standard ISM radios, and proprietary protocols.
SciFi writers have told us what IoT is going to look like everything connected, all the time so now we d better get
the learning done so we can be ready for the change that is already underway, and make meaningful risk decisions,
not based on fear-mongering. (James Arlen, Contributing Analyst)
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
P.Compliance.90X
Compliance. It s a principal driver for security spending, and vendors know this. That s why each year compliance
plays a major role in vendor messaging on the RSAC show floor. A plethora of companies claiming to be the leader in
enterprise compliance products all market the same basic message: We protect you at all levels with a single, easy-touse platform. and Our enterprise-class capabilities ensure complete data security and compliance. Right.
The topic that best exemplifies our fitness meme is compliance. Most
companies treat compliance as the end goal: you hold meetings, buy
software, and generate reports, so you re over the finish line, right?
Not so much. Compliance is supposed to be like a motivational poster
on a wall in the break room, encouraging you to do better not the
point itself. Buying compliance software is a little like that time you
bought a Chuck Norris Total Gym for Christmas. You were psyched
for fitness and harbored subconscious dreams it would turn you into a
Chuck Norris badass. I mean, c mon, it s endorsed by Chuck Friggin
Norris! But it sat in your bedroom unused, right next to the
NordicTrack you bough a few years earlier. By March you hadn t lost
any weight, and come October the only thing it was good for was
hanging laundry on, so your significant other dumped it on Craigslist.
The other side of the compliance game is the substitution of
certifications and policy development for the real work of reducing
risk. PCI-DSS certification suggests you care about security but does
not mean you are secure the same way chugging 1,000-calorie fruit
smoothies may make you look like you care about fitness, but won t
get you healthy. Fitness requires a balance of diet and exercise over a long period; compliance requires hard work and
consistent management toward the goal over years. Your compliance requirements may hinge on security, privacy,
fraud reduction, or something else entirely, but success demands a huge amount of hard work.
So we chide vendors on the yearly claims about compliance made easy, and that the fastest way to get compliant is to
buy this vendor s class-leading product. But this year we think it will be a little more difficult for vendors, because there
is a new sheriff in town. No, not Chuck Norris a new set of buyers. As in every period of disruptive innovation,
developers have once again begun to play a key role in making decisions on what facilities are appropriate for newer
technology stacks. Big data, cloud, mobile, and analytics are owned by the fitness freaks who build these systems.
Think of them as the leaner, meaner P90X fitness crowd, working their asses off and seeing the results of new
technologies. They don t invest in fancy stuff that cannot immediately show value: anything that cannot improve both
productivity and reliability isn t worth their time. Most of the value statements generated by the vendor hype machine
look like Olivia Newton-John s workout gear to this crowd sorely out of date and totally inappropriate. Still, we look
forward to watching these two worlds collide on the show floor.
(Adrian Lane, CTO)
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
Dont Miss the DR Breakfast

Once again Securosis and friends are hosting our RSA Conference Disaster Recovery Breakfast
at Jillian s Thursday, April 23, from 8 to 11 am.
This is the seventh year for this event, and we are considering delivering a bloody head to
Jillian s in homage to Se7en. Maybe that wouldn t be the best idea it might ruin our appetites.
Though given how big the DRB has become, we probably should consider tactics to cut back
we pay for insane amounts of bacon.
Kidding aside, we are grateful that so many of our friends, clients, and colleagues enjoy a
couple hours away from the glitzy show floor and club scene that is now the RSAC. By
Thursday if you re anything like us you will be a disaster, and need to kick back, have some
conversations at a normal decibel level, and grab a nice breakfast. Did we mention there will
be bacon?
With the continued support of MSLGROUP and Kulesa Faul, as well as our new partner LEWIS
PR, we are happy to provide an oasis in a morass of hyperbole, booth babes, and tchotchke
hunters. RSVP and enjoy a nice quiet breakfast with plenty of food, coffee, recovery items
(aspirin & Tums), and even the hair of the dog for those of you not quite ready to sober up.
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
10
Welcome to Our
Coverage Area Deep Dives
Everyone likes to talk about the security market or the security industry but security in practice is more a
collection of markets, tools, and practices all competing for our time, attention, and dollars. Here at Securosis we have
a massive coverage map (just for fun, which doesn t say much now that you ve experienced some of our sense of
humor), which includes seven major focus areas (including network, endpoint, and data security), and dozens of
dierent practice and product segments.
It s always fun to whip out when vendors are pitching us on why CISOs should spend money on their single-point
defense widget instead of the hundreds of other things on the list, many of them mandated by auditors using standards
that get updated once every decade or so.
Our next sections dig into the seven major coverage areas and detail what you can expect to see, based largely on what
users and vendors have been talking about for the past year. You will notice considerable overlap. Cloud and DevOps,
for example, aect multiple coverage areas in dierent ways, and the cloud is a coverage area all its own.
When you walk into the conference you are there for a reason. You already have some burning issues you want to
gure out, or specic project needs. These sections will let you know what to expect and what to look for.
The information is based, in many cases, on dozens of vendor briengs and discussions with security practitioners. We
try to illuminate what questions to ask, where to watch for snake oil, and what key criteria to focus on, based on
successes and failures from peers who tried it rst.
The earlier general themes are fun and interesting, but for those of you facing real projects these deep dives will be
much more practical.
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
11
Cloud Security
Before delving into the world of cloud
security we d like to remind you of a little
basic physics. Today s lesson is on velocity
vs. acceleration. Velocity is how fast you are
going, and acceleration is how fast velocity
increases. They affect our perceptions
differently. No one thinks much of driving at
hard to find any large organization without active cloud
60mph. Ride a motorcycle at 60mph, or
projects. Including some with regulated data.
plunge down a ski slope at 50mph (not that
Companies that told us they wouldn t use public clouds a
uncommon), and you get a thrill.
year or two ago are now running multiple active projects.

Not unapproved shadow IT, but honest to goodness
But accelerate from 0mph to 60mph in 2.7
sanctioned projects. Every one of these cloud consumers
seconds in a sports car (yep, they do that), and
also tells us they are planning to move more and more to
you might need new underwear. That s pretty
the cloud over time.
much the cloud security situation right now.
Typically these start as well-defined projects rather than

move-everything initiatives. A bunch we are seeing involve
Cloud computing is, still, the most disruptive
either data analysis (where the cloud is perfect for bursty
force hitting all corners of IT, including
workloads) or new consumer-facing web projects. We call
security. It has pretty well become a force of
these cloud native projects because once the customer
nature at this point, and we still haven t hit
digs in they design architectures with the cloud in mind.
the peak. Don t believe us? That s cool not
We also see some demand to move existing systems to the
believing in that truck barreling towards you
cloud, but frequently those are projects where the
is always a good way to ensure you make it
architecture isn t going to change, so the customer won t
into work tomorrow morning.

(Please don t try that we don t want your
family to sue us).
Clouds Everywhere
The most surprising cloud security phenomena are how
widespread cloud computing has spread, and the
increasing involvement of security teams... sort of. Last
gain the full agility, resiliency, and economic benefits of

cloud computing. We call these cloud tourists and
consider these projects ripe for failure because all they
typically end up doing is virtualizing already paid-for
hardware, adding the complexity of remote management,
and increasing operational costs to manage the cloud
environment on top of still managing just as many servers
and apps.
Not that we don t like tourists. They spend lots of money.
year we mentioned seeing ever more large organizations
One big surprise is that we are seeing security teams
dipping their toes into cloud computing, and this year it s
engaging more deeply, more quickly, and more positively

than in past years, when they sat still and watched the
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
12
cloud rush past. There is definitely a skills gap, but we meet many more security pros who are quickly coming up to
speed on cloud computing. The profession is moving past denial and anger, through bargaining (for budget, of course),
deep into acceptance and... DevOps.
Okay, maybe we forced that analogy. But this year we feel comfortable saying cloud security is becoming part of
mainstream security. It s the early edge, but the age of denial and willful ignorance is drawing to a close.
Wherever You Go, There You Arent

Okay, you get it, the cloud is happening, security is engaging, and now it s time for some good standards and checklists
for us to keep the auditors happy and get those controls in place.
Wait, containers, what? Where did everybody go?
Not only is cloud adoption accelerating, but so is cloud technology. Encryption in the cloud too complex? That s okay
Amazon just launched a simple and cheap key management service, fully integrated with the rest of their services. Nailed
down your virtual server controls for VMWare? How well do those work with Docker? Okay, with whichever networking
stack you picked for your Docker on AWS deployment which uses a different management structure than your Docker
on VMWare deployment.
Your security vendor finally offers their product as a virtual appliance? Great! How does it work in Microsoft Azure, now
that you have moved to a PaaS model where you don t control network flow? You finally got CloudTrail data into your
SIEM? Nice job, but your primary competitor now offers live alerts on streaming API data via Lambda. Got those Chef
and Puppet security templates set? Darn, the dev team switched everything to custom images and rollouts via autoscaling
groups.
None of that make sense? Too bad those are all real issues from real organizations.
This is what your vendors will be doing on the show

floor when you ask them questions about how their
cloud works
Photo credit: https://flic.kr/p/5TWaQh

Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
13
Everything is changing so quickly that even vendors
There are at least a dozen vendors in the market now,
trying to keep up are constantly dancing to fit new
and on the surface most of them look exactly the same.
deployment and operations models. We are past the
That s because the market has a reasonably clear set of
worst cloudwashing days, but we will still see companies
requirements, and there are only so many ways to
on the floor struggling to talk about new technologies
message that target. You want products to find out what
(especially containers); how they offer value over
cloud stuff you are using, monitor the stuff you approve,
capabilities Amazon, Microsoft, and other major
block the stuff you don t, and add security when your
providers have added to their services, and why their
cloud provider doesn t meet your needs.
products are still necessary with the new architectural

models.
The good news is that not everything lives on the
bleeding edge. The bad news is that this rate of change
won t let up any time soon, and the bleeding edge seems
to become early mainstream more quickly than it used to.
This theme is more about what you won t see than what
you will. SIEM vendors won t be talking much about how
they compete with a cloud-based ELK stack, encryption
vendors will struggle to differentiate themselves from
Amazon s Key Management Service, AV vendors sure
won t be talking about immutable servers, and network
security vendors won t really talk about the security
value of their product in a properly designed cloud
architecture.
On the upside not everyone lives on the leading edge.
But if you attend the cloud security sessions, or talk to
people actively engaged in cloud projects, you will likely
see some really interesting and practical ways of
managing security for cloud computing that don t rely on
traditional approaches.
There is actually a fair amount of differentiation between

these products, but it is hard to see from the surface.
Most if not all these folks will be on the show floor, and if
you manage security for a mid-size or large organization,
they are worth a look. But, as always, have an idea of
what you need before you go in. Discovery is table stakes
Bump in the Cloud
for this market, but there are many possible directions to
Last year we included a section on emerging SaaS
(such as detecting account takeovers), all the way up to
security tools, and boy has that market taken off. We call
encryption and tokenization (often a messy approach, but
them Cloud Security Gateways and Gartner calls them
also likely your only option if you do not trust your cloud
Cloud Access and Security Brokers (you only get to use 3-
provider).
take after that. From DLP, to security analysis and alerts
letter acronyms for product categories, even if you re

Gartner, or a kitten dies).
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
14
One key question to ask is whether they integrate with cloud provider APIs (when available), and which. The alternative
is to proxy all traffic to the cloud, which is a really crappy way to solve this problem... but often your only option.
Fortunately some cloud providers offer robust APIs that reduce or eliminate the need for a CSG (see what I did there?) to
sniff the connection. If they say yes ask for specific examples.
You might see some other vendors pushing their abilities to kinda-sorta do the same thing as a CSG. Odds are you won t
be happy with their kludges, so if this is on your list stick with folks who are putting it all on the line if the product
doesn t actually work.
Calling Mr. Tufte

One thing you won t see any shortage of is the same damn charts from every damn SIEM and analytics vendor. Seriously
we have been briefed by pretty much all of them, and they all look the same. Down to the color palette.
The upside is that they now include cloud data. Mostly just Amazon CloudTrail, because no other IaaS platform offers
management plane data yet (rumor has it Microsoft is coming soon).
We understand there are only so many ways to visualize this data, but the vendors also seem to be struggling to explain
how their cloud data and analytics are superior to competitors . Pretty charts are great, but you look at these things to
find actionable information probably not because you enjoy staring at traffic graphs. Especially now that Amazon
allows you to directly set security alerts and review activity in their own console.
Cloud Taylor Swift

You have probably noticed that we tend to focus on Amazon Web Services. That isn t bias simply a reflection of
Amazon s significant market dominance. After AWS we see a lot of Microsoft Azure, and then a steep drop-off.
The interesting change is that we see much less demand for information on other providers. Demand has declined from
previous years.
So don t be surprised if vendors and sessions skew the same. Amazon really does have a big lead on everyone else, and
only Microsoft (and maybe Google) is in the ballpark. That will show through in sessions and on the floor.
DevOps, Automation, Blah, Blah, Blah

We hate to dump our favorite topics into a side note at the bottom of this section, but we already went long, and are
covering those topics... in pretty much every other section of this Guide. DevOps and automation are as disruptive to
process as cloud is to infrastructure and architecture.
If you are interested check out our speaking schedule. Rich is leading off the Cloud and Virtualization track with Chris
Hoff, and the entire Securosis team is delivering a learning lab on Pragmatic SecDevOps Wednesday at 10:20am (bring a
laptop it s hands-on). We also recommend the Cloud Security Alliance and DevOps.com events if you are in San
Francisco Monday.
It s the future of our profession, folks there is no shortage of things to talk about. Which you probably figured out 500
words ago, about when you stopped reading this drivel.
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
15
Data Security
Data security is the toughest area to write up
this year. It reminds us of those bad
apocalypse films, where everyone runs
around building DIY tanks and improvising
explosives to save the children , before
driving off to battle the undead hordes
leaving the kids with a couple spoons, some
dirt, and a can of corned beef hash.
We have long argued for information-centric security
protecting data needs to be an equal or higher priority
with defending infrastructure itself. Thanks to a
succession of major breaches and a country or two
treating our corporate intellectual property like a
Metallica song during Napster s heyday, CEOs and
That s right the biggest trends in data security are
directors now get it: data security matters. It not only
network and endpoint security. Better firewalls, sandboxes,
matters it permeates everything we do across the
endpoint whitelisting, and all the other stuff in those two
practice of security (except for DDoS).
buckets. When a company gets breached the first step
That also means data security appears in every section of

this year s RSAC Guide. But it doesn t mean anyone has
the slightest clue how to stop the hemorrhaging.
Anyone Have a Bigger Hammer?

From secret-stealing APTs, to credit card munching
cybercrime syndicates, our most immediate response is...
more network and endpoint security.
Big

Securosis, L.L.C.
1. That moment
when you realize
data security is
dependent on
endpoint
security
(after hiring an incident response firm to quote in the press

release, saying it was a sophisticated attack ) is to double
down on new anti-malware and analytics.
It makes sense. That s how the bad guys most frequently
get in. But it also misses the point.
Years ago we wrote up something called the Data Breach
Triangle . A breach requires three things: an exploit (a way
in), something to steal (data) and an egress (way out). Take
2. Youre screwed.
T 602-412-3051
info@securosis.com
3. See #1 and
replace endpoint
with network
www.securosis.com
16
away any side of that triangle, and no breach. But the
customers if they are breached. The startups aren t always
exploit is probably the hardest, most expensive side to stop
there, but the established providers really don t mess
especially because we have spent the last thirty years
around they devote far more budget and effort to
working on it... unsuccessfully.
protecting customer data than nearly any enterprise we
The vast majority of data security you ll see at this
have worked with.

conference, from presentations to the show floor, will be
Really, how many of you require dual authorization to
more of the same stuff we have always seen, but newer
access any data? Exclusively through a monitored portal,
and shinier. As if throwing more money at the same failed
with all activity completely audited and two-factor
solutions will really solve the problem. Look you need
authentication enforced? That s table stakes for these guys.
network and endpoint security, but doubling down doesn t

seem to be changing the odds. Perhaps a little
diversification is in order.
Before investing in extra data security for the cloud, ask

yourself what you are protecting it from. If the data is
regulated you may need extra assurance and logging for
compliance. Maybe you aren t using a major provider. But
for most data, in most situations, we bet you don t need
anything too extreme. If a cloud data protection solution
mostly offers to protect you from an administrator at your
provider, you might want to just give them a fake number.
BYOD NABD
One area trending down is concern over data loss from
portable devices. It is hard to justify spending money here
when we find almost no cases of material losses or public
disclosures from someone using a properly-secured phone
or tablet. Especially on iOS, which is so secure the FBI is
begging Congress to force Apple to add a back door (we
won t make a joke here we don t want to get our editor
fired).
You will still see it on the show floor, and maybe a few
The Cloud Ate My Babies
sessions (probably panels) where there s a lot of FUD, but

we mostly see this being wrapped up into Mobile Device
Data security is still one of the top two concerns we run
Management and Cloud Security Gateways, and by the
into when working with clients on cloud projects the
providers themselves. It s still on the list just not a
other is compliance. Vendors are listening, so you will see
priority.
no shortage of banners and barkers offering to protect your

data in the cloud.
Which is weird, because if you pick a decent cloud
provider the odds are that your data is far safer with them
than in your self-managed data center. Why? Economics.
Cloud providers know they can easily lose vast numbers of

Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
17
Encrypt, Tokenize, or Die Trying

Many organizations are beginning to realize they don t need to encrypt every piece of data in data centers and at cloud
providers, but there are still a couple massive categories where you d better encrypt or you can kiss your job goodbye.
Payment data, some PII, and some medical data demand belt and suspenders.
What s fascinating is that we see encryption of this data being
pushed up the stack into applications. Whether in the cloud or
on-premise, there is increasing recognition that merely
encrypting some hard drives won t cut it. Organizations are
increasingly encrypting or tokenizing at the point of collection.
Tokenization is generally preferred for existing apps, and
encryption for new ones.
Unless you are looking at payment networks, which use both.
You might actually see this more in sessions than on the show
floor. While there are some new encryption and tokenization
vendors, it is mostly the same names we have been working
with for nearly 10 years. Because encryption is hard.
Don t get hung up on different tokenization methods; the
security and performance of the token vault itself matters
more. Walk in with a list of your programming languages and
architectural requirements, because each of these products has very different levels of support for integrating with your
projects. The lack of a good SDK in the language you need, or a REST API, can set you back months.
Cloud Encryption Gets Funky

Want to use a cloud provider but still control your own encryption keys? Want your cloud provider to offer a complete
encryption and key management service? Want to NSA proof your cloud?
Done. Done. And sort of doable.
The biggest encryption news this year comes from the cloud providers themselves, and you will start seeing it all over the
place. Box now lets you manage the encryption keys used by their platform. Amazon has two different customer-managed
encryption options, one of them slowly being baked into every one of their services, and the other configurable in a way
you can use to prevent government snooping. Even Microsoft is getting into the game with customer managed keys for
Azure (we hear).
None of this makes the independent encryption vendors happy. Especially the startups.
But it is good news for customers, and we expect to see this trend continue each year. It just doesn t always make sense
to try bolting encryption onto the outside of your cloud. Performance and fundamental application functionality become
issues. If your provider can offer it while you retain control? Then you re golden.
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
18
Network
Security
that no one really knows what it is, we have a hard time

understanding how we can make real progress in blocking
more stuff in the coming year.
Which means you need to respond faster and better. Huh,
where have we heard that before?
We had a little trouble coming up with a novel

and pithy backdrop for what you will see in
the Network Security space at RSAC 2015. We
wonder if this year we will see the first IoT
firewall, because hacking thermostats and
refrigerators has made threat models go
bonkers. The truth is that most customers are
trying to figure out what to do with the new
next-generation devices they already bought.
We shouldn t wonder why the new emperor
looks a lot like the old emperor, when we
dress our new ruler (NGFW) up in clothes
(rules) that look so similar to our old-school
port and protocol based rulesets.
But the fact is there will be some shiny stuff at this year s
conference, largely focused on detection. This is a very
productive and positive trend for years we have been
calling for a budget shift away from ineffective prevention
technologies to detecting and investigating attacks. We see
Giving up on Prevention
Talking to many practitioners over the past year I felt like I
was seeing a capitulation of sorts. There is finally
widespread acknowledgement that it is hard to reliably
prevent attacks. And we are not just talking about space
alien attacks coming from a hacking UFO. It s hard enough
for most organizations to deal with Metasploit.
organizations with mature security programs making this
Of course we are not going all Jericho on you, advocating
shift, but far too many others continue to buy the
giving up on prevention on the network. Can you hear the
marketing hyperbole, of course you can block it . Given
Big

Securosis, L.L.C.
1. Where can I buy

that UTM? said
by no one ever,
again
2. Youre not
hadooping your
network traffic?
Get with the
program
T 602-412-3051
info@securosis.com
3. Of course we can
protect your cloud
network. Just run
everything
through our box
www.securosis.com
19
sighs of relief from all the QSAs? Especially the ones
floor (and who doesn t?), get them to debate an on-premise
feeling pressure to push full isolation of protected data (as
approach versus a cloud-based approach to detonation. It
opposed to segmentation) during assessment. Most of those
doesn t really matter which side of the fence they are on,
organizations cannot even manage one network, so let s
but it s fun seeing them get all red in the face when you
have them manage multiple isolated environments. That
challenge them.
will work out just great.

Finally, you may hear some lips flapping about data center
There will still be a lot of the same old same old you still
firewalls. Basically just really fast segmentation devices. If
need a firewall and IPS to enforce both positive (access
they try to convince you they can detect attacks on a
control) and negative (attack) policies on your perimeter.
40gbps data center network, and flash their hot-off-the-
You just need to be realistic about what they can block
presses NSS Labs results, ask what happens when they
even shiny NGFW models. Remember that network
turn on more than 5 rules at a time. If they bother you say
security devices are not just for blocking attacks. We still
you plan to run SSL on your internal networks and the
believe segmentation is your friend you will continue to
device needs to inspect all traffic. But make sure an EMT is
deploy those boxes, both to keep the QSAs happy and to
close by, as that strategy has been known to cause
ensure that critical data is separated from not-so-critical
aneurysms.
data.
To Focus on Detection
If many organizations have given up trying to block all
attacks, what the hell are they supposed to do? Spend tons
of money on more appliances to detect attacks they missed
at the perimeter, of course. And the security industrial
complex keeps chugging along. You will see a lot of focus
on network-based threat detection at the show. We
ourselves are guilty of fanning the flames a bit with our
new research on the topic.
The fact is that technology is moving forward. Analyzing
network traffic patterns, profiling and baselining normal
communications, and then looking for stuff that s not
normal, gives you a much better chance of finding
compromised devices on your networks. Before your new
product schematics are in some nondescript building in
Shanghai, Chechnya, Moscow, or Tel Aviv. What s new is
the level of analysis possible with today s better analytics.
And you will also hear all about malware sandboxes at the
RSAC this year. Again. Everyone has a sandbox just ask
them. Except some don t call them sandboxes. I guess they
are discriminating against kids who like sand in today s
distinctly politically incorrect world. They might be called
malware detonation devices or services. That sounds
shinier, right? But if you want to troll the reps on the show

Securosis, L.L.C.
Booth personnel will bandy about terms like big data and
machine learning like they understand what they even
mean. But honestly baselines aren t based only on Netflow
records or DNS queries any more they can now
incorporate very granular metadata from network traffic
including identity, content, frequency of communication,
and various other attributes that get math folks all hot and
bothered.
T 602-412-3051
info@securosis.com
www.securosis.com
20
The real issue is making sure these detection devices can work with your existing gear and aren t just a flash in the pan,
due to be integrated as features of your perimeter security gateway. Okay, we would be pulling your leg if we said any
aspect of detection won t eventually become an integrated feature of other network security gear. That s just the way it
goes. But if you really need to figure out what s happening on your network visit these vendors.
While Consolidating Functions

What hasn t changed is that big organizations think they need separate devices for all their key functions. Or has it? Is
best of breed (finally) dead? Well, not exactly, but that has more to do with politics than technology. Pretty much all the
network security players have technologies that allow authorized traffic and block attacks. Back when category names
mattered, those functions were called firewalls and IPS respectively. But now everything is a next-generation firewall,
right? But it does a lot more than a firewall. It also detonates malware (or integrates with a cloud service that does). And
it looks for command and control traffic patterns. All within one or many boxes, leveraging a single policy set, right?
But that s a firewall. Just ask Gartner. Sigh.
And no, we won t troll you any more by
calling it an Enterprise UTM for old time s
sake.
Product categories aside, regardless of
whether a network security vendor started
as a firewall player or with IPS (or both,
thanks to the magic of acquisitions), they
are all attacking the same real estate: what
we call the network security gateway. The
real question is: how can you get there? On
the show floor focus on migration. You
know you want to enforce both access
control and attack policies on the device.
You probably want to look for malware on
ingress, and C&C indicators on egress. And
you don t want to wrestle with 10 different
management interfaces. Challenge the SEs in
What do you mean we may have

too many things in the device?
the booths (you know, the folks who know what

they are doing) to sketch out how they d solve your problem on a piece of paper. Of course they ll be wrong, but it should
be fun to see what they come up with on the fly.
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
21
And Looking for Automation
In the Cloud
Another hot topic in network security will be automation.
Even though you focus on network security, don t think
Because managing hundreds of firewalls is a pain in the
you can escape the cloud hype monster at RSAC. No
ass. Actually, managing hundreds of any kind of
chance. All the vendors will be talking about how their
complicated technology causes ulcers. So a bunch of new
fancy 7-layer inspection technology is now available as a
startups will be in the Innovation Sandbox detonating
virtual machine. Of course unless they are old (like us),
malware. No, not that kind of sandbox. RSAC s showcase
they won t remember that network security appliances
for new companies and technologies, where they will
happened because granular inspection and policy
happily show you how to use an alert from your SIEM or a
enforcement in software did not scale. Details, we know.
bad IP address from your threat intelligence provider to
You are allowed to laugh when they position software-
make changes automagically on your firewalls. They have
based network security as new and innovative.
spent a bunch of time making sure they support vintage

2007 edge routers and lots of other devices to make sure
they have you covered.
They also don t understand that inserting inspection points

and bottlenecks in a cloud environment (public, private, or
hybrid) breaks the whole cloud computing model. And
they won t be even paying lip service to SDN (Software
Defined Networks) for the most part. SDN is currently a bit
like voodoo for security people. So we guess avoidance is
the best strategy at this point. Sigh, again.
The booth staff will faithfully stick to the talking points
marketing gave them about how it s the same, just in the
cloud... Smile politely and then come to our Pragmatic
SecDevOps lab session, where we will tell you how to
really automate and protect those cloud-based thingies that
are popping up everywhere like Tribbles.
But all the same, you have been flummoxed by spending

60% of your time opening ports for those pesky developers
who cannot seem to understand that port 443 is a
legitimate port, and they don t need a special port.
Automating some of those rote functions can free you up to
do more important and strategic things. As long as the
booth rep isn t named John Connor, everything should be
fine.
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
22
Application
Security
developers will be Agile your IT and security teams will

be, too!
The reason DevOps is important at RSA Conference and
the reason you will hear a lot about it is that it offers a
very clear and positive impact on security. Perhaps for the
first time, we can automate many security requirements
With so many other shiny and not-so-shiny
embedding them into daily development, QA, and
things (including malware and retailer
operational tasks we already perform. DevOps typically
breaches) to fixate on, application security

seems to get overshadowed every year at the
RSA Conference. Then again, the hard, boring
tasks of fixing applications isn t much fun to
talk about. But as long as the application is
the path of least resistance, ignoring the issue
will prolong your misery.
Coming Soon to an Application Near You:

DevOps
For several years you have been hearing the wonders of
Agile development, and how it has done wondrous things
for software development companies. Agile development
goes hand in hand with continuous integration and
isn t a product it is a process change, a new way for
continuous deployment. For software development teams
developers to communicate and work together. It s
this means code changes go from idea to development to
effective enough to attract almost every firm we speak with
live production in hours rather than months. Sure, users
away from traditional waterfall development. Now there is
are annoyed the customer portal never works the same
another major change on the horizon, called DevOps. Like
way twice, but IT can deliver new code faster than sales
Agile it is mostly a process change. Unlike Agile it is more
and marketing wanted it, which is something of a miracle.
operationally focused, relying heavily on tools and
Deployment speed makes a leap in the right direction, but
automation for success. That means not just your
the new pipeline provides an even more important
Big

Securosis, L.L.C.
1. The apps run in

the cloud, but
youre scared
to test them in
the cloud? Uh,
what?
2. Isnt DevOps
just another
way to get rid
of all the
security folks?
T 602-412-3051
info@securosis.com
3. So containers
allow us to port
our crappy
code to every
platform?
Awesome!
www.securosis.com
23
foundation for embedding security automation into
Sure, some old-school developers think it s the same write
processes. It s still early, but you will see the first security
once, crash anywhere concept Java nailed so well 20
tools which have been reworked for DevOps at this year s
years ago, and of course security pros fear containers as
RSA conference.
the 21st-century Trojan Horse. But containers do offer

some security advantages: they wrap accepted versions of
I Can Hardly Contain Myself
software up with secure configuration settings, and
Containers. They re cool. They re hot. They... wait, what
narrowly define how to interact with the container all of
are they exactly? The new developer buzzword is Docker
which reduces the dreaded application threat surface .
the name of both the company and the product
You are even likely to find a couple vendors who now
which provides a tidy container for applications and all the
deploy a version of their security appliance as a Docker
associated stuff an application needs to do its job. The
container for virtualized or cloud environments.
beauty of this approach comes from hiding much of the

complexity around configuration, supporting libraries, OS
All Your Codebase R Belong to Us
support, and the like all nicely abstracted away from
As cloud services continue to advance outsourced security
users within a container. In the same way we use abstract
services are getting better, faster, and cheaper than your
concepts like compute and storage as simple quantities
existing on-premise solution. Last year we saw this at the
with cloud service providers, a Docker container is an
RSA Conference with anti-malware and security analytics.
abstract run-anywhere unit of application . Plug it in
This year we will see it again with application
wherever you want and run it. Most of the promise of
development. We have already seen general adoption of
virtualization, without most of the overhead or cost.
the cloud for quality assurance testing; now we see services

which validate open source bundles, API-driven patching,
cloud-based source code scanning, and more dynamic
application scanning services. To many the idea of letting
anyone outside your company look at your code much
less upload it to a multi-tenant cloud server is insane.
But lower costs have a way of shifing opinions, and the
automated, API-driven cloud model fits very well with the
direction development teams are pulling.
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
24
Endpoint
Security
retailer hasn t yet sent you a disclosure notice, it will arrive

with your new credit card just as soon as they discover the
breach. And why are retailers so easy to pop? Mostly
because many Point of Sale (POS) systems use modern
operating systems like Embedded Windows XP. These
devices are maintained using state-of-the-art configuration
and patching infrastructures except when they aren t.
And they all have modern anti-malware protection, unless
What you ll see at the RSAC in terms of
they don t have even ineffective signature-based AV. POS
endpoint security is really more of the same.
systems have been sitting ducks for years. Quack quack.
Advanced attacks blah, mobile devices blah

blah, AV vendor hatred blah blah blah. Just a
lot of blah... But we are still recovering from
the advanced attacker hangover, which made
painfully clear that existing approaches to
preventing malware just don t work. So a
variety of alternatives have emerged to do it
better. Check out our Advanced Endpoint and
Server Protection paper to learn more about
where the technology is going. None of these
innovations has really hit the mainstream yet,
Clearly this isn t an effective way to protect devices that

capture credit cards and handle money, which happen to
so it looks like the status quo will prevail
run on circa-1998 operating systems. So retailers and
again in 2015. But the year of endpoint
everyone else dealing with kiosks and POS systems has
security disruption is coming perhaps 2016
gotten the whitelisting bug, big-time. And this bug doesn t

send customer data to carder exchanges in Eastern Europe.
will be it...
White listing becomes Mission: POSsible
What should you look for at the RSAC? Basically a rep

who isn t taking an order from some other company.
Since last year s RSAC many retailers have suffered highprofile breaches. But don t despair if your favorite
Big

Securosis, L.L.C.
1. Its
sophisticated
malware if it
evades your
defenses
2. How many
third world
kids could you
feed with your
EPP renewal
$$$?
T 602-412-3051
info@securosis.com
3. Open up all the

app stores!
What could
possibly go
wrong?
www.securosis.com
25
Calling Dr. Quincy

Last year we highlighted a concept which we call endpoint
with things like signature engines (to keep QSAs who are
stuck in 2006 happy) or full disk encryption.
monitoring. It s a method for collecting detailed and
Unfortunately cajones will be in short supply at the 2015
granular telemetry from endpoints, to facilitate forensic
RSAC even in a heavily male-dominated crowd. But at
investigation after device compromise. As it turned out,
some point someone will muster up the courage to
that actually happened our big research friends who
acknowledge the EPP emperor has been streaking through
shall not be named have dubbed this function ETDR
RSAC for 5 years, and finally offer a compelling package
(Endpoint Threat Detection and Response). And ETDR is
that satisfies compliance requirements.
pretty shiny nowadays.

As you tour the RSAC floor, pay attention to ease of use.
The good news is that some of these ETDR products have
been acquired by big companies, so they will have a bunch
of demo pods in their huge booths. If you want to check
out a startup you might have to wait you can only fit so
much in a 10 x 10 booth, and we expect these
technologies to garner a lot of interest. And since the RSAC
has outlawed booth babes (which we think is awesome),
maybe the crowded booths will feature cool and innovative
technology rather than spandex and leather.
While you are there you might want to poke around a bit,
to figure out when your EDTR vendor will add prevention
to their arsenal, so you can finally look at alternatives to
EPP. Speaking of which...
Dont look behind the EPP curtain

The death of endpoint protection suites has been greatly
exaggerated. Which continues to piss us off, to be honest.
In what other business can you be largely ineffective, cost
too much, and slow down the entire system, and still sell a
couple billion dollars worth of product annually? The
Can you do us a favor on the show floor? Maybe drop

some hints that you would be happy to divert the $500k
you plan to spend renewing EPP this year to something
that doesn t suck instead.
Mobility gets citizenship
answer is none, but companies still spend money to
As we stated last year, managing mobile devices is quite
comply. If EPP was a horse we would have shot it a long
the commodity now. The technology keeps flying off the
time ago.
shelves, and MDM vendors continue to pay lip service to

security. But last year devices were not really integrated
So what is going to stop the EPP hegemony? We need
into the organization s controls and defenses. That has
something that can protect devices and drive down costs,
started to change. Thanks to a bunch of acquisitions, most
without killing endpoint performance. It will take a vendor
MDM technology is now controlled by big IT shops, so we
with some cajones. Companies offering innovative
will start to see the first links between managing and
solutions tend to be content positioning them as
protecting mobile devices, and the rest of infrastructure.
complimentary to EPP suites. Then they don t have to deal

Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
26
Leverage is wonderful, especially now we have such a severe skills gap in security.
Now that mobile devices are full citizens, what does that even mean? It means MDM environments are expected to send
alerts to the SIEM and integrate with the service/operations infrastructure. They need to speak the enterprise language
and play nice with other enterprise systems.
Even though there have been some high-profile mobile app problems (such as providing access to a hotel chain s
customer database), there still isn t much focus on assessing apps and ensuring security before apps hit an app store. We
don t get it. You might check out folks assessing mobile apps (mostly for privacy issues, rather than mobile malware) and
report back to your developers so they can ignore you. Again.
IoT: Not so much

It wouldn t be an RSAC-G if we didn t do at least a little click baiting. Mostly just to annoy people who are hoping for all
sorts of groundbreaking research on protecting the Internet of Things (IoT). At this point there doesn t seem to be much
to protect. But it is another thing to secure, so you will see vendors talking about it. Though it is still a bit early to add IoT
to your RSAC buzzword bingo drinking game.
At some point a researcher will do some kind of proof of concept showing how your Roomba is the great great great great
grandfather of the T1000. Click-baiting achievement unlocked! With a gratuitous Terminator reference to boot. Win!
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
27
Identity and
Access
Management
One of the biggest trends in security never
gets any respect at RSAC. Maybe because
identity folks still look at security folks crosseyed. But this year things will be a bit
different. Maybe.
No Respect
Identity is one of the more difficult topics to cover in our
annual RSAC Guide, because identity issues and trends
are decidedly backwards for IAM. Kerberos, anyone? The
don t grab headlines. Identity and Access Management
new identity products you will hear most about at this
vendors tend to be light-years ahead of most customers.
year s RSAC Azure Active Directory and AWS Access
You may be thinking Passwords and Active Directory:
Control Lists are things most of the IAM segment has
What else do I need to know? , which is pretty typical.
been trying to push past for a decade or more. We are
IAM responsibilities sit in a no man s land between
afraid to joke about it, because an identity wizard to help
security, development, and IT... and none of them wants
you create ACLs in the cloud could become a real thing.
ownership. Most big firms now have a CISO, CIO, and VP
Despite RBAC being outdated, it keeps popping up
of Engineering, but when was the last time you heard of a
unwanted, like that annoying paper clip, because
VP of Identity? A director? We haven t either. That means
customers are comfortable with it and even look for those
customers and cloud providers, as we will discuss in a
types of solutions. Attribute Based Access Controls, Policy
bit are generally unaware of important advances. But
Based Access Controls, real-time dynamic authorization,
those identity systems are used by every employee and
and fully cloud-based IDaaS are all impressive advances,
customer. Unfortunately, despite ongoing innovation,
available today. Heck, even Jennifer Lawrence knows why
much of what gets attention is somewhat backwards.
these technologies are important her iCloud account
The Cutting Edge Role-Based Access

Control for the Cloud
Roles, roles, and more roles. You will hear a lot about
was apparently hacked because there was no brute-force

replay checker to protect her. Regardless, these vendors sit
unloved, on the outskirts of the convention center floor.
Role-Based Access Controls from the hot product vendors
Standard Bearer
in cloud, mobile management, and big data. It s ironic
We hear it all the time from identity vendors: Standards-
these segments may be cutting-edge in most ways, but they
based identity instills confidence in customers , but the
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
28
vendors cannot seem to agree on a standard. OpenID vs. SAML vs. OAuth, oh my! Customers do indeed want standardsbased identity, but they fall asleep when the debate starts. There are dozens of identity standards in the CSA Guidance,
but which is right for you? They all suffer from the same issue: they are filled with too many options. So interoperability
is a nightmare, especially for SAML. Getting any two SAML implementations to talk to each other demands engineering
time from both product teams. IAM in general, and specifically SAML, beautifully illustrate Tannenbaum s quote: The
nice thing about standards is that you have so many to choose from. Most customers we speak with don t really care
which standard is adopted they just want the industry to pick one and be done with it. Until then they will focus on
something more productive, like firewall rules and password resets. They are waiting for it to be over so they can push a
button to interoperate you do have an EZ button, right?
Good Dog, Have a Biscuit

We don t like to admit it, but in terms of mobile
payments and mobile identity the US is a laggard.
Many countries we consider backwards were using
mobile payments as their principal means to move
money long before Apple Pay was announced. But
these solutions tend to be carrier-specific; US
adoption was slowed by turf wars between banks,
carriers, and mobile device vendors. Secure
elements or HCE? Generic wallets or carrier
payment infrastructure? Tokens or credit cards?
Who owns the encryption keys? Do we need
biometrics, and if so which are acceptable? Each
player has a security vision which depends on and/
or only supports their business model. Other than a
shared desire to discontinue the practice of sending
credit card numbers to merchants over SSL, there
has been little agreement.
For several years now the FIDO Alliance has been working on an open and interoperable set of standards to promote
mobile security. Their standard does not just establish a level playing field for identity and security vendors it defines a
user experience to make mobile identity and payments easier. So it is becoming a thing. It enables vendors to hook into
the framework and provide their solution as part of the ecosystem. You will notice a huge number of vendors on the
show floor touting support for the FIDO standard. Many demos will look pretty similar because they all follow the same
privacy, security, and ease of use standards, but all oars are finally pulling in the same direction.
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
29
Security
Management
Last year big data was all the rage at the
RSAC in terms of security monitoring and
management. So the big theme this year will
be... (drum roll, please)... big data. Yes, it s
more of the same, though we will see
security big data called a bunch of different
able to catch them before Brian Krebs calls to tell you all
security analytics, situational awareness, and
about your breach.
probably two or three more where we have

no idea what they even mean.
But they all have one thing in common: math. Remember
those differential equations you hated in high school and
college? Be glad that helpful freshman in AP Calculus
actually liked math. Those are the folks who will save
your bacon, because their algorithms are helping detect
attackers and attacks.
Detecting the Insider

It feels a bit like we jumped into a time machine and
ended up in back 1998. Or 2004. Or 2008. You
remember that year when everyone was talking about
insiders and how they were robbing your organization
blind. We still haven t solved the problem, because it s
hard. So every 4-5 years vendors get tired of using blackmasked external-attacker icons in their corporate
PowerPoint decks, and start talking about catching
insiders instead.
These technologies and companies are pretty young, so

you will see them on the outside rings of the conference
hall and in the RSAC Innovation Sandbox, but they are
multiplying like [name your favorite pandemic]. It won t
be long before the big SIEM players and other security
management folks (yes, vulnerability management
vendors, we re looking at you) start talking about users
and insiders to stay relevant. Don t you just love the
game?
Security Analytics: Bring Your PhD

The other epiphany many larger organizations had over
the past few years is that they already have a crap-ton of
security data. You can thank PCI-DSS for making them
collect and aggregate all sorts of logs over the past few
years. Then the forensics guys wanted packets, so you
started capturing those too. Then you had the bright idea
to put everything into a common data model.
Then what? Your security management strategy probably
This year will be no different you will hear a bunch of
do while they are robbing you blind. You might even be
things including insider threat detection,
looked something like this:
noise at RSAC about the insider threat. The difference
1. Collect data.
this year is that the math folks I mentioned earlier have
2. Put all data in one place.
put their algorithms to work finding anomalous behaviors
3. ???
inside your network, and profiling what insiders typically
4. Detect attacks.
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
30
This year a bunch of vendors will be explaining how they can help with step 3, using their analytical engines to answer
questions you didn t even know to ask. They ll use all sorts of buzzwords like ElasticSearch and Cassandra, talk about
how cool their Hadoop is, lovingly describe the data scientists thinking big thoughts about how to solve the security
problem, and explain how their magic platform will do just that.
Try not to laugh too hard at the salesperson. Then find an SE and have them walk you through setup and tuning of their
analytics platform. Yes, it needs to be tuned regardless of what the salesperson tells you. How do you start? What data do
you need? How do you refine queries? How do you validate a potential attack? Where can you send data for more
detailed forensic analysis? If the SE has on dancing shoes, the product probably isn t ready yet unless you have your
own group of PhDs you can bring to the table. Make sure the analytics tool actually saves time, rather than just creating
more detailed alerts you don t have time to handle.
We re not saying PhDs aren t cool we think it s great that math folks are rising in prominence. But understand that
when your SOC analyst wants you to call them a Data Scientist it s so they can get a 50% raise for joining another big
company.
Forensication
We have finally reached the point as an industry where practitioners don t actually believe they can stop all attacks any
more. We knew that story was less real than the tooth fairy, but way too many folks actually believed it. Now that ruse is
done, so we can focus on coping with the fact that at some point soon you will be investigating an incident. You will have
forensics professionals onsite, trying to figure out what actually happened.
The forensicators will ask to see your data. It s good you have a crap-ton of security data, right? But you will increasingly
be equipping your internal team for the first few steps of the investigation. So you will see a lot of forensics tools at the
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
31
RSAC, and forensics companies repositioning as security
have better luck finding people than you do. Again, it s just
shops. They will show their forensics hooks within your
math. There aren t enough folks who know enough about
endpoint security products and network security controls.
security. Just because the company is a managed service
Almost every vendor will have something to say about
provider doesn t mean they have a secret fountain of
forensics. It s so shiny!
security professionals. Nor is a higher being dropping those

folks in some field like manna.
So make sure you aren t buying a Sucker as a Service
(SUKRaaS) offering, by contracting a multi-year deal with
an organization that has a huge SOC but not enough folks
to keep it staffed. Texans would call that All SOC, no
cattle. Of course there is leverage to be found in the
business, and a managed service provider will be able to
scale a bit better than an enterprise. But they still have a
lot of the same problems as their enterprise clients.
This is where the diligence part of the process comes in.
Before you sign that 3-year deal, make sure your SECaaS
Even better, most vendors are fielding their own incident
(Security as a Service) partner actually has the folks. Dig
response service. It is a popular belief that if a company
into their HR and staffing plans. Understand how they train
can respond to an incident, they are well positioned to sell
new analysts. Get a feel for turnover in their SOC, and
product at the back-end of the remediation/recovery. Of
what kinds of tools they are investing in to gain leverage in
course that creates a bull market for folks with forensics
operations.
skills. These folks can jump from company to company,

driving up compensation quickly. They are on the road 5
days a week anyway, if not more, so why would they care
which company is on their business cards?
And be happy when they start talking about all the data
scientists they hired and the wonderful security analytics
platform they implemented over the past year. Math strikes
again!
This wave of focus on forensics, and the resulting

innovation, has been a long time coming. The tools are still
pretty raw and cater to overly sophisticated customers, but
we see progress. This progress is absolutely essential
there aren t enough skilled forensics folks, so you need
tools and automation to make your less skilled folks more
effective. Which is a theme throughout the RSAC-G this
year.
SECaaS or SUKRaaS
The other downside to an overheated security environment
is that because end-user organizations can t find skilled
staff, they need to supplement with managed services. Of
course that assumes your managed services provider will
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
32
Check Out Our Research

Have you visited our Research page? You should we write a crap load of stuff. You can find it
at https://securosis.com/research/research-reports. The rest of the research library is pretty
busted (and being overhauled), but in the meantime this list is current. And awesome.
Recently Published Papers
Firestarter Video Blog
The Future of Security
March 31 Using RSA
Endpoint Defense: Essential Practices
March 16 Cyber Cash Cow
Cracking the Confusion: Encryption &
March 2 Cyber vs. Terror (yeah, we went there)
Tokenization for Data Centers, Servers &
February 16 Cyber!!!
Applications
February 9 It s Not My Fault!
Security and Privacy on the Encrypted Network
January 26 2015 Trends
Monitoring the Hybrid Cloud
January 15 - Toddler
Best Practices for AWS Security
December 18 Predicting the Past
Securing Enterprise Applications
November 25 Numbness
Secure Agile Development
October 27 It s All in the Cloud
Trends in Data Centric Security
October 6 Hulk Bash
Leveraging Threat Intelligence in Incident
September 16 Apple Pay
Response/Management
August 18 You Can t Handle the Gartner

July 22 Hacker Summer Camp
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
33
See Securosis Speak

We keep busy at RSAC each year. But we do a number of speaking sessions and make other
appearances throughout the week. Here is where you can find us:
Disaster Recovery Breakfast
Everyone! It s pretty hard to get on our schedules at the conference, so the best place to see us will be the
DRB. (Thursday 8-11am, Jillian s at the Metreon). With our partners MSLGROUP, Kulesa Faul, and LEWIS PR
https://securosis.com/blog/2015-recoverybreakfast.
Speaking Sessions
Rich, Mike, and Adrian: LAB-W03 Pragmatic SecDevOps [LEARNING LAB] (Wednesday 10:20-12:20,
Room 3009)
Rich (with Chris Ho): CSV-T07R Something Awesome on Cloud and Containers (Tuesday 1:10-2:00,
Room 2014; Tuesday 3:30-4:20, Room 2020)
Mike and JJ: P2P-R04B Mindfulness: Leadership from Within (Thursday 11:30-12:20, Room 3002)
Mort (with Josh Corman): ASD-T07R Continuous Security: 5 Ways DevOps Improves Security (Tuesday
1:10-2:00, Room 3004, Tuesday 4:40-5:30, Room 2020)
Mort (with Alex Hutton): DSP-T09 Cookin Up Metrics with Alex and David: A Recipe for Success
(Tuesday 3:30-4:20, Room 3006)
Mort: ECO-R02 We Have Met the Future of Security and It Is Us (Thursday 9:10-10:00, Room 3008) panel with Jack Daniels, Katie Moussouris, and Trey Ford
Mort: CXO-R04 When Will Infosec Grow Up? (Thursday 11:30-12:20, Room 3005) panel with John
Johnson, Alex Hutton, and Jack Jones
Other Events
AGC: Monday Mike and Mort will participate in the AGC West Coast Investor Conference
Mike will be moderating Next Generation Security Leadership at 9:30 with folks from RSA, Cisco,
FireEye, Palo Alto Networks, and Symantec.
Mike is also moderating Threat Intelligence and the Security Ecosystem at 11:30 with folks from
Bit9 + Carbon Black, Check Point, Fidelis, iSIGHT Partners, and Resilient Systems.
Mort will be on the Cloudy with a chance of security and Security through abstraction panels.
DevOps Days: Also Monday, Rich and Mort will give talks at the DevOps Connect: DevOpsSec event.
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
34
Dining and Beverage Guide

Over the years we have received many requests for favorite places to grab a bite or a drink. After all these
years we hate to admit how much time weve spent grubbing for food around the Moscone Center, especially
because this isnt the only event we attend there. Here are our recommendations with tips from friends on
Twitter.
Click Here. Really.

We even put together some nice maps. Click on
the names of these establishments to pull up a
map, description, and ratings in your web
browser.
Its even mobile friendly!
(Not that the rest of this document is).
Photo by Road Fun http://flic.kr/p/4DX684
Best breakfast thats a little out of the way:

Moz Cafe
The place to get the scoop on all the RSAC

Parties: @RSA Parties on Twitter
Best convenient breakfast everyone knows

about but might be slow: Mels Cafe
The best place to see people you probably

dont want to see: W Hotel Bar (after
midnight)
Best coffee/breakfast/lunch place for quick

meetings: The Grove
Best place to have a drunk marketing/PR
person buy you a free drink: Lobby bar at W
hotel
Close food courts with decent food for lunch:
Westfield Center, Metreon
Best place to get a good beer even if theres

a party upstairs: Thirsty Bear
Best Indian: Amber
Best spicy noodle place: Henrys Hunan
Mikes personal recommendation: Mitchell
Brothers OFarrell Theater (shhh! You didnt hear
it from Mike.)
Best Drinks: Bourbon and Branch

Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
35
About Us
Securosis, LLC is an independent research and analysis
firm dedicated to thought leadership, objectivity, and
Retainer services for vendors: Although we will accept

briengs from anyone, some vendors opt for a tighter,
transparency. Our analysts have all held executive level
ongoing relationship. Example services include market
positions and are dedicated to providing high-value,
and product analysis and strategy, technology guidance,
pragmatic advisory services.
product evaluations, and merger and acquisition

assessment. Even with retainer clients we maintain our
Primary research: We currently release the vast

majority of our research for free through our blog, and
strict objectivity and condentiality requirements. More

information on our retainer services (PDF) is available.
archive it in our Research Library. Most of these

research documents can be licensed for distribution on
an annual basis. All published materials and
External speaking and editorial: Securosis analysts

frequently speak at industry events, give online
presentations meet our strict objectivity requirements
presentations, and write and speak for a variety of
and follow our Totally Transparent Research policy.
publications and media.
Strategic advisory services for end users: Securosis

provides advisory for end user organizations, including
Other expert services: Securosis analysts are available

for other services as well, including Strategic Advisory
product selection assistance, technology and
Days, Strategy Consulting engagements, and Investor
architecture strategy, education, security management
Services. These services tend to be customized to meet a
evaluation, and risk assessment.
client s specic requirements. More information on our

expert services (PDF) is available.
RSA Conference
Guide 2015
Securosis LLC
515 E. Carefree Highway
Suite 766
Phoenix, AZ 85085
Its All Good

We know were damn lucky to do what
we do. We arent a billion-dollar
company
with
thousands
of
employees; were just three partners
with a few friends helping out when
they can, all trying to bring a little
value to the security world. We get to
write the research we want, give most of it away for free, and participate in
the security community without worrying about corporate overlords
watching over our shoulders. For that we thank you.
Adrian, Mike, and Rich
Securosis, L.L.C.
T 602-412-3051
info@securosis.com
www.securosis.com
36

Securosis Guide To Rsac 2015

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Securosis Guide To Rsac 2015

Uploaded by

Copyright:

Available Formats

KEY THEMES

See what the Securosis folks

Welcome to the RSA

CHECK OUT OUR

off this year s Guide, I thought I d give you

Where you can see us speak,

a little background on how we produce the

and pontificating in a variety of media.

515 E. Carefree Highway, Suite 766 Phoenix, AZ 85085

Rich, Mike, and Adrian

515 E. Carefree Highway, Suite 766 Phoenix, AZ 85085

515 E. Carefree Highway, Suite 766 Phoenix, AZ 85085

way is better than the current crap we already have. At

analytical techniques (time for the Big Data drinking

least with change there s a chance for improvement,

game!) to help figure out which attack represents the

right? And there is something to be said for that. Coach

greatest risk. Others will talk about profiling users and

John Wooden said Failure is not fatal, but failure to

looking for anomalous behavior. Yet another group will

change might be. If we keep changing if we keep

focus on understanding the adversary and sharing

taking more shots on goal eventually we ll score.

information about them. All with the same goal: to help

But are we changing the right things? Does reorganizing,

you optimize limited resources before you reach the

meaningful way? Perhaps, but you are not simply at the

The Security Bonk

Sound familiar to you security folks? It should. You get

the general manager of a football team. You ve got holes

bonked over the head with hundreds or thousands of

within your salary cap (budget). You spend a bunch of

a good day. So choosing the right 5 is the difference

money on tools and analytics to figure out how to

between being hacked today vs. tomorrow. Alert fatigue

allocate your resources, but success depends more on

will be a key theme at RSA Conference 2015. You ll see

people and consistent process implementation.

a lot of companies and sessions (wait, there are sessions

Unfortunately people are a major constraint, given the

at RSAC?) talking about more actionable alerts. Or

limited number of skilled resources available. You can

increasing the signal to noise ratio. Or some similarly

get staffers through free agency (expensive experienced

trite and annoying term for prioritization.

folks, who generally want long-term deals) or draft and

Vendors come at the problem of prioritization from

515 E. Carefree Highway, Suite 766 Phoenix, AZ 85085

Get Bigger (Data) Now!!!

515 E. Carefree Highway, Suite 766 Phoenix, AZ 85085

(Rich Mogull, CEO)

515 E. Carefree Highway, Suite 766 Phoenix, AZ 85085

mystery either. Follow our going pro advice, and your

where club teams compete in a bracket system to earn

their spot up (or down) the ranks of European rugby

data points for automated actions and defense.

series. Imagine the Seattle Seahawks moving down to a

You ll see a lot of talks and solutions touting

lesser series next season as a result of their 2015

integration this year at RSAC. Seek out and soak

Superbowl loss, and you start to understand the blurred

in anything that could help your environment.

lines for some professional athletes.