The RSA expo hall is massive. Even the word “massive” doesn’t seem to do justice to just how big the floor is and how many vendors are present. Putting it in better context, it took me an entire hour to walk by every booth at a moderate pace, and that is without stopping for conversations or getting my badge scanned. For the first night, I wanted to see everything, and make some mental notes on who to return to the following day – I was on the hunt for some of the more interesting things at RSA.
The number of giveaways was astonishing, everything from your typical socks and t-shirts to, what looked like, a car giveaway! The expo hall presented every aspect of security imaginable, with a noticeable concentration of artificial intelligence powered products.
The second day I walked back to the booths that caught my attention, for a quick conversation on what they were really pushing at RSA, and below are the coolest things I found. There may be cooler technologies out there on the floor, but these are the ones that I understood what they did right away and had something that seemed on the leading edge.
This was easily one of the coolest things I saw on the floor. Circadence seems focused on taking the boring out of cybersecurity education. For people like myself, who are active, hands-on learners, Circadence seems incredible. The team gave me a demo of Project Ares, which is a gamified platform that simulates real-world scenarios on actual virtual machines (on Azure) that the learner must either try to attack or try to protect from attacks. There was an entire library of knowledge for protecting your infrastructures/networks, and then the full simulation room. You’re presented with a list of 80+ tasks that you must complete. The tasks increase in difficulty, and completing tasks awards points to the student. There are helpful hints along the way, but viewing them lowers your overall score. All of this is reported up to an analytics/reporting platform for the managers. They also claim AI hooks that can turn real-time threat intelligence into new missions for the students. In addition, the vision they shared with me for where they want to take the platform over time was pretty impressive. Definitely a booth to visit and a company to keep an eye on!
If AI and machine learning are vehicles, then deep learning is the Ferrari. It’s a powerful sub category of machine learning that has become really popular for a number of companies. Blue Hexagon takes deep learning, developed from their own proprietary neural networks, and applies it to network threat detection and protection. Their biggest focus is on speed of detection, by leveraging their deep learning to categorize both known and unknown threats across all of their systems. Blue Hexagon is a two-part system: First their cloud is where their Deep Learning Neural Network sits, and is where all of the training and data analysis on traffic occurs. Second is an on-premises device that sits at the ingress of your network and communicates with the cloud as it’s monitoring traffic. The interesting upside is that the more customers they onboard, the more powerful their deep learning will become. Definitely a company to keep an eye on, especially if they use all of that data and pivot into other fields.
At Veracode, our focus is on DevSecOps, which is bringing security into the automation fold of DevOps. When I saw that SaltStack focuses on SecOps, I was intrigued. This company is about bringing Security and IT Operations closer together in a far more automated fashion. With their platform, security teams can scan their networks for a number of different issues. In most cases, security teams would then send these findings to the Operations team to go and fix – essentially throwing the issue over the wall, which is exactly what DevOps itself aimed to solve in the Developer/Operations world. With SaltStack, security teams can create scripts that actually fix the issues, and send those over to the Operations group – who can then read the problem and fix in their language, and with a single click, deploy the fix immediately. The end goal is to eliminate the operations review cycles, and fully automate the scan and fix process, as the teams become more aligned over time. Any time companies can provide tools that help bridge the gaps between departments, it’s a big win. SaltStack is another company to check out and keep an eye on!
Have you heard of the company Cofense? How about PhishMe? If you’re like a lot of people I spoke to, they have heard about PhishMe, but not Cofense. Well, they’re the same company! About a year ago, PhishMe rebranded as Cofense after an acquisition by a private equity consortium. The main reason for the rebranding is because a lot of people knew about PhishMe for their phishing platform, but didn’t realize they provide much more beyond that. They maintained the name “PhishMe” as one of their products, but Cofense now represents the entire portfolio of products and services, including phishing reporting, threat intelligence, and incident response platform. Although the rebranding happened a year ago, I thought it would be good to mention Cofense in this list as a company to keep an eye on. Phishing is a problem that still takes even the most security-conscious company by surprise, and Cofense is on a mission to fix that problem.
I’m going to round out this list with Code42 for one simple reason – they nailed their marketing. I had never heard of Code42 before the conference because my career hasn’t taken me into the data loss prevention space. However, Code42’s digital and print advertising leading up to RSA was very memorable. They had a lot of fun with it, with phrases like “I love my DLP, said nobody ever.” I remember seeing a lot of these ads online leading up to RSA, and when I saw the same images at the booth as I was walking by, I had to stop in and say hello.
Stay tuned for more from RSA …