The RSA Conference 2024 is fast approaching, scheduled for early May. What are Omdia analysts expecting to hear more about, and what will likely be avoided? Here’s our preview of RSA—and yes, AI is in there.
Omdia view
Summary
The RSA Conference 2024 is fast approaching, scheduled for early May. What are Omdia analysts expecting to hear more about? What do Omdia analysts think should be highlighted but will likely be avoided? Here’s our preview of RSA—and yes, AI is in there.
Platform versus best of breed
As Omdia’s recent research indicates, the cybersecurity platform debate has never been timelier, or more controversial. Indeed, even Omdia’s own research is somewhat contradictory.
On the one hand, CISOs report to Omdia that there are too many tools in their portfolios, and security platforms can foster cost savings and technology simplicity through consolidation and assist with shortages in their cybersecurity workforce.
On the other hand, Omdia’s 2023 Cybersecurity Decision Maker Survey indicated that organizations realized an increase in the number of standalone security products, not a decrease. More than 80% of respondents saw an increase in standalone security products in their organizations, with 44% noting an increase of 11% or more (see Figure 1).
Figure 1: Attempted consolidation of security products by organizations
Source: Omdia Cybersecurity Decision Maker Survey 2023
At RSA Conference 2024, Omdia expects “platform versus best of breed” to be a dominant theme across the Moscone Center, from the expo hall to the briefing rooms.
Omdia defines a security platform as “a single-vendor solution that rolls up the capabilities of multiple discrete products into an integrated offering that aims to provide cumulative, quantifiable benefits for customers.”
The platform vendors tend to be large, well-heeled vendors that have built (and bought) a collection of technologies and offer them as a single, integrated product set. The best-of-breed vendors are most commonly small vendors, often startups, that focus their limited resources on a small number of products with a limited scope.
Indeed, Omdia expects to see fierce and growing competition between platform vendors and best-of-breed specialist solutions. Through this prism, Omdia will endeavor to discern the evolving pros and cons of each approach; identify how vendors articulate their value propositions, particularly in light of the opposing approach; and update guidance for CISOs and other cybersecurity decision makers regarding key factors to consider when approaching security solution architecture strategy.
Proactive security sets stage for exposure management
As noted in its September 2023 report, Fundamentals of Proactive Security, Omdia defines proactive security as technologies (including those provided as services) that enable organizations to seek out and mitigate likely threats before they pose a danger to the extended IT environment. Proactive security allows enterprises to consistently and programmatically address the specific circumstances—unknown IT assets, vulnerable software, misconfigurations, and the like—that lead to unknown and unexpected threats to the enterprise.
Furthermore, in Omdia’s recent follow-up report, Proactive Security: Data-Driven Analysis, our exclusive survey of more than 400 organizations across North America and Europe found strong growth in adoption across proactive security product segments for organizations in all geographies, and that several types of proactive security solutions are moving firmly into mainstream adoption.
To that end, as Omdia first forecast in 2023, proactive security solutions are beginning to coalesce around various platform models. At this early stage of the market’s evolution, that platform is increasingly being framed in the context of a term called exposure management. Exposure management emphasizes the discovery, prioritization, and remediation of potential vulnerabilities and other exploit opportunities associated with an organization’s IT estate.
Exposure management platforms are forming around functionality commonly found in several key product segments: risk-based vulnerability management (RBVM), cyber asset attack surface management (CAASM), external attack surface management (EASM), security posture management (SCM), and various application security products.
At RSA Conference 2024, Omdia asserts that proactive security, specifically exposure management, will be a key theme among vendors, particularly those seeking to differentiate by fostering a nexus between CISOs and CIOs via common themes such as asset management and contextual risk management.
Cloud is now “business as usual”
In the context of network security, content security, application security, and many more areas, we expect many more traditional security vendors to support cloud environments as “just one more.” This means that the focus of conversations and features change from cloud as a novelty to a more nuanced discussion of how a cloud environment fits into a broader view of an organization’s security needs. Startups focusing on cloud security are likely to emphasize how unique cloud security needs actually are—and they are not wrong—but they will need to work harder to articulate this.
Similarly, we expect secure access service edge (SASE) to be present in many places, from network security vendors that had a traditional firewall portfolio to content security vendors that secure web browsing. Omdia’s research has indicated that many customers are looking for “single-vendor SASE” offerings, although larger organizations may still lean on a model that separates security functions from the networking components.
Using AI to improve efficiency and workforce shortages
The intense focus on artificial intelligence (AI) over the past 18 months shows no signs of abating. Generative AI (GenAI) continues to be leveraged in cybersecurity—copilots, assistants, and more—to support overburdened security operations center (SOC) teams. Omdia’s Cybersecurity Decision Maker Survey 2023 highlighted that the security workforce shortage is the leading challenge for security teams. We fully expect to see more such GenAI capabilities being introduced during the RSA Conference.
It will also be interesting to see what GenAI use cases are being talked about in the area of identity, authentication, and access. Will low-hanging GenAI use cases such as workflow automation, auto-generated entitlements, and identity insights be the talk of the town? It will also be intriguing to see what GenAI use cases are being plastered over company stands. We anticipate that some vendors may pass off their “traditional AI” and machine learning (ML) as GenAI just to say they are on the AI bandwagon.
We will also be very interested to see how vendors and service providers are addressing the three scenarios for AI and cybersecurity that Omdia has identified:
- Scenario 1: Use of AI/ML techniques by adversaries
- Scenario 2: Defensive models and techniques used by enterprises as they aim to secure their internal AI/ML efforts
- Scenario 3: Use of AI/ML techniques within the modern security architecture and its many controls.
Essentially, although scenario 3 is typically the most well-represented, we are hoping to see more insight into scenarios 1 and 2 to address attacks and protect models.
There will be a lack of acknowledgment of security industry failures, following a conservative estimate of 7.2 billion records breached in 2023
Omdia’s Security Breaches Tracker: 4Q23 identified that 7.2 billion records were breached in 2023 (of breaches reported in English, globally). That is almost one record per person on the planet. With so many cybersecurity products and services on the market, why is this not a smaller number?
Although there will be plenty of vendors and service providers at the RSA Conference suggesting that their product or service could have reduced this number, there will be little discussion of how the security industry has not delivered on its promises over many years. As Omdia has frequently commented, security technology alone does not constitute security controls; people and processes must be incorporated.
Legislation is growing in response to the volume and severity of cyberattacks. Fines under GDPR alone now stand at €4.5bn, and with some countries in Asia & Oceania now beginning to implement fines (for example, Thailand issued the first fine under its data privacy legislation in late November 2023), the need to do more to protect data is steadily increasing.
Data privacy legislation is fast becoming a critical aspect of a wider cybersecurity posture for organizations worldwide and data security, in general, as a route to plug the seemingly endless tide of data breaches. However, the US lags behind. Omdia does not expect legislation to be a key message at this year’s conference. Only when the US Federal government introduces its own flavor of GDPR will US-based vendors fully realize the significance and opportunity that data privacy and data security more widely enable. We will have to wait for future conferences before vendors fully embrace the impact of legislation on their platform offerings.
Data security posture management (DSPM) was beginning to make its presence felt at the 2023 conference. DSPM is an approach that vendors advocate as a better way to protect data specifically. Omdia expects to see vendors such as CrowdStrike, Palo Alto Networks, and Thales at RSA Conference 2024 promoting their acquisitions as they acquire smaller best-of-breed providers and build new DSPM capabilities into their wider platforms.
The year of elections and cybersecurity
We’ll close with the knowledge that more voters than ever before will head to the polls in 2024, with over 60 countries holding national elections (including India, the US, Indonesia, Pakistan, Bangladesh, Mexico, and the UK). This represents nearly half the world’s population. It will be interesting to see if there is much discussion about this at RSA. Will we see an increase in deepfakes (through GenAI) and misinformation by nefarious groups and rogue states trying to influence these elections? Also, what can the cybersecurity community do to try and negate these external influences so that the elections are free and fair?
Appendix
Further reading
“CISOs confirm: Consolidation is coming and security platforms are key,” (April 2024)
“GenAI in identity: What are the use cases?” (April 2024)
Proactive Security: Data-driven Analysis (March 2024)
Market Landscape: Data security posture management (March 2024)
“January was a very busy month for secure access service edge (SASE) news,” (February 2024)
Fundamentals of Proactive Security (September 2023)
Security Breaches Tracker: 1Q19–4Q23 Database (March 2024)
Cybersecurity Decision Maker Survey 2023: Overall Findings (September 2023)
Authors
Maxine Holt, Senior Director, Cybersecurity
Eric Parizo, Managing Principal Analyst, Security Operations
Don Tait, Senior Analyst, Identity, Authentication, Access
Adam Strange, Principal Analyst, Data Security
Fernando Montenegro, Senior Principal Analyst, Infrastructure Security
Andrew Braunberg, Principal Analyst, Security Operations
