RSA 2023 is nearly upon us. For the cybersecurity world it’s a fabulous festival of fact-finding and fun. What do we expect to find?

Omdia view

Summary

RSA 2023 is nearly upon us. For the cybersecurity world it’s a fabulous festival of fact-finding and fun – as well as racking up the steps in and around the Moscone Center in San Francisco. The Omdia Cybersecurity team will have ten analysts onsite spanning a wide range of cybersecurity topics – everything from data security, identity, infrastructure security, security operations, IoT security, and more. What do we expect to find?

How is the current economic climate affecting security conversations?

How is the world of cybersecurity being affected by the uncertain economic climate? There is more competition for cybersecurity budget, and these budgets are being tightened. As such, Omdia expects to hear more of the cybersecurity world speaking the language of business. Yes, this has reportedly being going on for years, but 2023 is the year that the highly innovative cybersecurity technology vendors must make this a reality. Cybersecurity is about so much more than “just” the quality of the tech – it needs to be how it supports or enables the organization to achieve its objectives.

Generative AI, anyone?

From the SecOps perspective, while there will be progress from the Next-Generation Security Information and Event Management (NG-SIEM) vendors in delivering fully cloud-native platforms, and from Extended Detection and Response (XDR) vendors on better NG-SIEM differentiation and a fully formed value proposition, Omdia expects to see the most interest – and, possibly, hype – in the area of artificial intelligence.

Microsoft recently made a splash with the announcement of Microsoft Security Copilot, an upcoming generative AI capability that will augment existing security solutions including Sentinel and Defender. Generative AI has strong potential to help security operations center (SOC) teams with one of their biggest challenges, namely finding the “needle in the haystack” as it relates to threat detection, as well as improving key metrics like meantime to detection (MTTD) and meantime to response (MTTR).

Even more tantalizing is its potential to reduce the amount of time needed to complete hard-to-automate tasks, like investigating a unique threat or building customized response orchestration templates. Omdia believes enterprises will quickly come to understand the potential benefits of applying generative AI across the threat detection, investigation, and response (TDIR) solution landscape, and in turn vendors will seek to respond with plans to add the technology to their solutions in the near term.

Further integration from the big players

We expect to see evidence of the continued blurring of lines between categories as vendors offer integrated products touching on multiple areas. From a technology perspective, there are two main areas of deep interest:

  • The evolution of network security and content security into secure access service edge (SASE), which fits well with how organizations are trying to be more efficient with delivering security capabilities to a distributed workforce
  • The multitude of cloud-native security offerings, covering everything from posture management to securing the software supply chain.

We expect to see interest in improving initiatives around “everything as code” and how the stream of security telemetry from cloud can feed into the modern security operations model.

Ransomware, ransomware, ransomware

Data security continues to be dominated by reaction to the ransomware threat, with vendors and customers uncertain about the best solutions to adopt to prevent or mitigate effects of an attack. There are many questions for organizations to consider, including:

  • Is a pure-play payment strategy the best option?
  • Should organizations increase defenses to repel in the first place or should an effective, tried-and-tested response once an attack occurs be the way to prevent the need to pay?
  • If payment is forthcoming, won’t this serve to simply encourage further attacks? 
  • What is the role of data privacy legislation and organizations like the ICO in policing the way organizations protect their data?

Omdia is aware that criminal investigation is unlikely if a ransomware demand is below around $50,000. However, national cybersecurity agencies (such as the European Union Agency for Cybersecurity (ENISA), the UK’s National Cyber Security Center (NCSC), and Cybersecurity Infrastructure Security Agency (CISA) in the US) will continue to discourage the payment of a ransom. As such, ransomware, and the potential responses to it, will be a clear theme at this year’s event. Omdia also expects to see more categorization of data to be evident, with vendors becoming more data aware. Data-centric solutions to identify and satisfactorily store different data types in purpose-built repositories are expected to be seen.

Addressing identity as a leading attack vector

The impending identity crisis will be a key theme which will be explored at RSAC this year. As breaches continue to grow, the role and capacity to secure identity will need to evolve to meet this challenge. Omdia expects to see “zero trust” again being plastered on companies’ booths as hype around the framework continues to grow. Yes, it has been discussed for more than a decade but “never trust, always verify” is now being widely deployed as an approach by organizations far and wide. Omdia also expects to see more on verifiable credentials and the rise of decentralized identity as topics on people’s lips.

It's time to raise the profile of IoT cybersecurity

The internet of things (IoT) has increasingly been a topic of conversation at security conferences, and we don’t expect RSAC to be any different. That said, IoT can often be an overlooked area when it comes to cybersecurity, with many organizations unaware of the total number of devices connected to the network, and their behaviors and interactions. IoT cybersecurity needs to be discussed more than it is, and awareness and education still need to continue.

Many cybersecurity vendors touch on IoT or connected devices in their product portfolios, but we can expect to see this branching out from a light touch to fully-fledged products or features focusing on IoT and other connected devices, including operational technology (OT) and IoMT (Internet of Medical Things). OT and ICS (industrial control systems) will continue to be a hot topic in conversations around cyber-physical security.

Although cost remains a barrier for organizations implementing IoT security, Omdia’s research shows that cybersecurity is consistently the top concern for enterprises deploying IoT. Vendors will continue to innovate with pricing mechanisms and deployment options, and we also expect to see IoT security integration and features bundled with device management.

Appendix

Further reading

“It’s good to be back: What did we learn at RSA 2022?” (June 2022)

Authors

Maxine Holt, Senior Director, Cybersecurity

Eric Parizo, Managing Principal Analyst, Cybersecurity

Fernando Montenegro, Senior Principal Analyst, Infrastructure Security

Adam Strange, Principal Analyst, Data Security

Don Tait, Senior Analyst, Identity, Authentication, Access

Hollie Hennessy, Senior Analyst, IoT Cybersecurity

askananalyst@omdia.com