I went to RSA this year, hoping to see solutions to help the organizations that struggle with cybersecurity the most - those facing the same threats as large enterprises, but without the same resources. I wanted to see ways of detecting threats, responding to them, and doing it affordably. I was disappointed with what I saw, in that the focus seems entirely upon the software giants of Silicon Valley. So, I sat down to express this in a video for you. Watch it, to see the exhibition floor in action, and understand what is being talked about (and what isn't) in the innovation sandbox, and what the implications are for the category of Managed Detection and Response.
Of course, if you'd prefer to read about it, it's transcribed below. Enjoy!
Mike: Adam, you got to spend some time at RSA. I'd love to understand, what do you think the value was for the small to medium-sized enterprise at the show?
Adam: I don't think there was a lot of value for small to medium-sized businesses at the show. Whether it was the sessions or the events that were training people on managed detection and responses processes, it was really for teams with large tools, large security operations centers. The vendors, of course, always catering to those large enterprises that have big budgets for cyber security and specific silos for cyber again. And then of course on the innovation sandbox where we're talking about the new and upcoming tools, they are unfortunately focused on problems the SMB doesn't have, like software development lifecycles, and orchestration of cloud workloads, things like that.
Mike: Okay. Well, that's disappointing to hear. We've already covered in the past how building your own SOC is a lengthy, expensive and complex path to go down. Surely there's something for the small to midsize enterprise on the exhibition floor?
Adam: Yeah. If you walk around the exhibition floor there's going to be a lot of vendors talking about freemium or free tools, elastic surge, Avast, CIS (the Center for Information Security) giving you open source or free frameworks. So, they don't cost any money, but they don't talk about the amount of time that it takes to not only put these things together, but to constantly review them to detect and respond to threats we see for the SMB. While they're out there talking about it and handing those [brochures] out to the small to medium, and not-for-profit providers, they don't seem to be fixing the problem with building a security option center as a service, because it does require people and processes that are simply not there in terms of the amount of time it takes to get it out of those tools.
Mike: I see. Would you say that there was any forward-looking or innovative presentations or lectures that were trying to address those issues?
Adam: I think a lot of the providers that were auditioning for the innovation sandbox that are talking about technology or innovative ways to do this, simply took managed detection and response as table sticks, as an expected medium. No innovation being brought about that, and so nothing really for them to innovate their way out of building those SOCs or solving that problem. And mostly, again, the innovation focusing on large software companies, large cloud companies, putting together orchestration or development life cycles that are not a problem for the SMB, or not the one you're trying to solve with cyber.
Mike: You know, of course, we try to address this with our Managed Detection and Response service. Did you see Managed Detection and Response represented at the show?
Adam: You do see it, everywhere! You see it all over the exhibition floor - in pieces. There's so many different elements to that soup that makes Managed Detection and Response, and there's people making the ingredients, or adding on to somebody else's soup, to try to complete the recipe. But unfortunately, a lot of them are for large businesses, and as a result many of the providers, many of the dollars that would be spend on the technology part of this for MDR just simply not there for the SMB.
Mike: Okay. Thank you very much Adam.
Adam: Thank you Mike.