Shulou(Shulou.com)06/01 Report--

RSAC 2019 has been successfully concluded. According to my personal views and feelings, the author analyzes the segments focused by exhibitors, and tries to summarize 12 "small trends" in the global network security market through RSAC.

Small trend one

The number of exhibitors increased by 42.6% compared with last year, and the overall development of the global cyber security market is strong.

The 736 security companies exhibited by RSAC in 2019 are located in multiple security areas, an increase of 42.6% compared with 516 in 2018. Some people may doubt that simple data analysis is of little value, but there are more than 100 new exhibitors for the first time in 19 years. Anyway, we can also see the vigorous development of the network security market around the world.

There are 36 Chinese exhibitors this year, an increase of 38% compared with 2018, but the overall number of exhibitors accounts for only 4.5%, which may be due to problems such as registration methods, fees and visas for personnel.

Small trend two

The layout of "big factory" is safe and ecological, and the focus of the start-up is to land quickly.

The exhibitors can find the differences, advantages and disadvantages through in-depth screening. In order to keep up with the hot spots, some enterprises change the names of all their products to "AIXXX". In fact, after in-depth exchanges, they find that their products and solutions are very common; some enterprises hire professional performance teams to explain them in order to achieve brand awareness, but are not actually equipped with any technical or solution interpreters. Some startups CEO stood on the platform and patiently explained to every visitor. After communication, they found that their ideas were very clear and their product plans were very complete.

It can be found that the "hard core" capability of large companies comes from the ecological construction of product solutions, while the "hard core" of start-ups lies in the execution and landing efficiency of the start-up team. Similar to IBM, Intel, CISCO and other "international factories", they are all complete ecology in the field of layout security, and I will not repeat them here. The landing speed and efficiency of start-up products and programs are very important. We can see that the concepts put forward by Gartner a few years ago, such as DevSecOps and AiOpS, have become the main programs for some start-ups to participate in the exhibition this year.

Small trend three

Using AI to do security has become the standard part of the scheme, and the hidden dangers of AI itself have been paid attention to.

The exhibitors related to the concepts of artificial intelligence (AI) and machine learning (ML) and the field of security are divided into two categories: one is the enterprises that use the capabilities of AI and ML to assist in security, and the other is the security risk prevention of AI and ML and the enterprises that provide solutions for this. Among the exhibitors in 2019, the former has become standard, while the latter has not yet sprung up.

First of all, let's talk about the enterprises that use AI and ML to do security (called "AI+ security" in this article). In 2019, the concept of "AI+ security" began to become standard for all exhibitors. We can see that there are a lot of Slogan from AIFW, AIWAF, AISOC, AISIEM and other exhibitors. After a detailed discussion, we can find that each manufacturer has its own understanding and application of AI technology. The competitiveness of AI comes from the optimization ability of big data and algorithm, which requires the support of a strong technical research and development team to apply AI to security products or solutions.

The author believes that there is no problem with the concept and direction of "AI+", but after all, it is still in the stage of weak artificial intelligence, and there is still a long way to go (maybe a pit) in the future. The security products and solutions with AI capabilities in the future must come from "big factories" with big data and sufficient R & D strength, and it may be difficult for start-ups to match these capabilities for a short time.

In addition to the security risks introduced by AI and ML in practical applications, Google mentioned on this year's RSAC about the security risks of machine learning, including problems that may be aimed at algorithms in the fields of self-driving, intelligent voice and image recognition, which will pose a very serious threat to human beings in the Internet of things and vehicle network scenarios. The author believes that the products and schemes related to the governance of AI's own security risks will be one of the research hotspots of security manufacturers in the next two to three years.

Small trend 4

With the gradual landing and popularization of 5G, a number of 5G safety-related products and schemes will emerge in the next 1-2 years.

2019 should be the first year of 5G applications, and operators vigorously promote the commercial landing of 5G, especially in the Internet of everything scenarios such as smart home and vehicle networking, as well as the mixed scenario of "5G+AI". Security issues multiply the risk because of the complexity of the scenario, while 5G-related security solutions currently lack sufficient security vendor layout. 5G security, covering a variety of dimensions, requires the joint participation of "industry security manufacturers" and "sub-domain security start-up enterprises" to form a complete security solution and 5G security ecology. Hope that next year's RSAC will emerge relevant exhibitors and launch 5G security solutions.

Small trend five

Data security is still hot, and cloud security is rising in the field of segmentation.

The author believes that cloud security and data security are not a dimensional classification of security domains, because data security does not exist independently and can exist in cloud and local businesses. Around the data lifecycle and data flow scenarios, there are many product solutions for data security exhibitors, but the core is still around database security defense, data leakage prevention, sensitive data governance and other aspects, as well as related exhibitors on security compliance consulting such as GDPR and CCPA. However, compared with 2018, there are no new subdivision directions and new technology exhibitors for data security.

In addition, cloud security, the first hot word of RSAC in 2019 is cloud security. Around cloud security, we can see that there are exhibitors of cloud applications, business, data and cloud infrastructure security. There are more exhibitors of foreign manufacturers around Container security. We can see that foreign solutions for container security have landed faster, which is strongly related to foreign application scenarios and user demand.

Small trend six

Security SaaS service has become standard for foreign security manufacturers, and its security capabilities are uneven.

Many foreign security companies provide secure SaaS capabilities. Around cloud anti-D, cloud WAF, cloud monitoring and missing scan, secure cloud services have become more and more Famous. The security strength of each manufacturer determines the quality of their secure cloud services; for example, the cloud anti-D capability has sufficient requirements for global node cleaning and single point defense capabilities; Cloud WAF puts forward higher requirements for the defense and resilience of the website. Other security cloud capabilities such as cloud monitoring and omission scanning require a higher foundation of security capabilities, and some exhibitors do not have sufficient accumulation of security loophole database, IP address library, DNS database and threat intelligence data in the cloud.

Small trend 7

SOC and SIEM are getting smarter and smarter.

This year, the author had an in-depth exchange with a foreign manufacturer whose AI+SOC is a landing solution, and found that its product demonstration and technical explanation have sufficient landing ability compared with other "gimmick" manufacturers. Whether it is SIEM or SOC, the basic processing of security big data in the future cannot be separated from machine learning and automation. If with the evolution of AI capabilities, we will undertake more intelligent security work in the SOC field in the future rather than just machine learning, which is very much to look forward to. Personally, I think that AI+SOC will inevitably become the standard for SOC security manufacturers. Of course, as I said before, not everyone can play AI. It must be a big factory with enough data and technology accumulation before it can really land on AI.

Small trend eight

The visualization and manageability of assets and traffic become the basic supporting capability of safe operation.

In this year's DPI exhibition, the technical advantage shown by a RSA vendor is reflected in the visualization of network-wide traffic, covering PC and mobile terminals, as well as business services and wireless areas. The author visited its DEMO product page carefully, and there is no test environment for the actual scenario, but from the point of view of the function of the page, the company's products have very strong protocol identification and visualization capabilities, which is one of the necessary basic capabilities for future security operations.

Another basic capability of Anyun is the visibility and management of IT assets, as mentioned in the analysis of Axonius, this year's innovation champion Israeli startup: the importance of asset management is reflected in the medium-and low-level capability support of safe operation. The visualization and manageability of assets and traffic has become the basic supporting capability of safe operation. With the diversification of means and the complexity of scenarios, business objectives become more and more scattered, and our security protection goals must be focused enough. Both corporate network traffic and IT assets are indispensable to fight against the main battlefield.

Small trend Nine

Threat intelligence is becoming more and more pragmatic, and the ability to obtain information and effective application become two extremes.

Threat intelligence has been mentioned for many years. at present, enterprises in the market are divided into two extremes, one is to emphasize the ability of threat intelligence mining and discovery, and the other is to emphasize the coordination of solutions to maximize the effective use value of threat intelligence. Of course, there are also a lot of manufacturers in hot spots, in any case, the word threat intelligence has been a necessary part of the solution for security enterprises.

However, the author believes that the industry can really do a good job of threat intelligence, whether at home or abroad, in fact, very few manufacturers have real capabilities. The mining and generation of threat intelligence and giving full play to its value are two different fields. the former requires sufficient security technology and the accumulation of the strength of security experts, and threat intelligence needs to move towards an ecosystem shared internationally and domestically. after all, the security technology threats faced by security enterprises in the future are borderless, while the latter needs to have complete security solution landing capabilities. If you have both and really give full play to the value of threat intelligence, only big security companies can play.

Small trend Ten

Zero trust: suddenly like a spring breeze, the whirlwind blows from ISC 2018 to RSAC 2019

In the field of identity management and authentication, there is no doubt that Zero-Trust (zero trust) is the focus. Last year, the number of RSA exhibitors aiming at zero trust was very few, but it surged in 2019. The author is also thinking about why exhibitors are chasing the hot spot of zero trust, which may be related to the theme of "Security from scratch" of the 2018 domestic ISC Network Security Conference. Perhaps the interaction between ISC and RSA also proves that security practitioners' technological concepts and trend predictions know no national boundaries.

In any case, zero trust is suddenly like a spring breeze, and even the official website of this year's innovative sandboxie champion Axonius is on Zero-Trust hotspots. Of course, in the field of IAM, in addition to zero trust, we see more exhibitors also mention FIDO2.0, multi-factor authentication and password-free authentication, affecting more and more security enterprise solutions, around the balance between security and ease of use, maybe we can find more and more solutions.

Small trend National Day holiday

Safety awareness education and personnel training, safety compliance and consulting services, the domestic network security market is optimistic.

Some safety exhibitors provide safety awareness education and training, safety compliance and consulting services. The author believes that this is a security segment with strong market prospects. The proportion of lack of network security talents in China is very serious, and all kinds of research reports on related data are no longer repeated. The network security market is favored by the public, IT technicians want to enter the security industry and seek security training; enterprise managers need security compliance governance solutions and security consulting services, and so on.

It is worth mentioning that in the RSAC enterprise exhibition area, the author encountered many job inquiries from overseas students, and overseas students majoring in IT research and development were looking for job opportunities in the field of domestic network security companies.

A classmate has a master's degree in software engineer and graduated from one of the top research universities in California. His mentor recommended him to choose the development of the network security industry and recommended him to attend RSA meetings to look for job opportunities. Classmate B, who graduated from a historic university in California and majored in software development, said that about 40 percent of her classmates applied for jobs to join IT companies in China, and her direction was also related to cyber security research and development. the reason is that people are generally optimistic about the development of the domestic cyber security market, believing that the domestic employment situation this year is much better than abroad, and the salaries of large domestic IT companies are also competitive.

Although the data statistics are not authoritative enough and the survey is not comprehensive, at least we can see the signs that excellent IT talents choose to return home to develop in the field of network security. The development of China's network security market is inseparable from the reserve of network security talents, and it is still very gratifying to be a Chinese network security manufacturer.

Small trend Twelve

Domestic network security enterprises still need to break the misunderstanding "curse" when they go to the international market.

M customers visit the China Pavilion, most of the questions have nothing to do with business. When it comes to this topic, friends from Chinese manufacturers participating in the exhibition believe it will resonate. The author has the honor to participate in the exhibition hall platform and communicate with M customers who come to the exhibition hall. I find that the focus of everyone's questions is not on the main program advantages or technology-related content of the exhibitors, but on whether Chinese enterprises are controlled by government agencies.

Such questions are usually ironic. As a network security manufacturer, we should also reflect on whether we are prepared enough to break the misunderstanding of Chinese security companies by our international friends in the overseas market development stage. Personally, I think that when to really establish overseas people's "security trust" in us is the time for all Chinese security companies to break through in the overseas (M, etc.) market. This is not just a geopolitical difference. From the perspective of manufacturers, we must settle down to understand the pain points of the needs of overseas customers, provide the network security products and solutions they really need, and establish sufficient barriers to technical advantage. may be the best direction.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.