2. Trends and Insights â Observations from RSA 2017
Automation is a central theme to improve security efficiency
Page 2
In RSA 2017, security startups were innovating on the automation front across multiple security categories,
including simulating penetration attacks, SOC automation and anomaly detection, to improve accuracy and
speed of detection while reducing the number of security analysts required.
Attack Simulation SOC Automation Behavioral Analytics
⢠Automatic simulation (e.g.
Synack, Safebreach, Verodin,
vThreat) continuously use
hacker breach methods to
validate security controls.
⢠SOC automation focuses on
automating orchestration &
remediation processes (e.g.
Swimlane, Hexadite,
Demisto) to help to remove
analyst intervention with
automated decision-making.
⢠Behavioral Analytics (e.g.
DarkTrace, Cylance, Deep
Instinct) learn patterns to
identify anomalous behavior
that current technology miss
across network and endpoint
security.
SOC automation will play a key
role in managing security costs
and handling machine-led attacks
Behavioral analytics provides the
ability to recognize zero-day
threats that evade signature based
products
Continuous Simulated attacks can
help identify security weaknesses
to improve current defenses
3. Trends and Insights â Observations from RSA 2017
Biometric, Deception and Data Security were in focus
Page 3
Biometric Deception Data security
Deception is designed to entrap
attackers to protect data
⢠Deception (e.g. Attivo, TrapX,
Cymmetria) provides broad-
scale deployment of traps.
⢠These traps are intermingled
with real data, and are thus
identical to real assets.
⢠Platforms isolate malware and
enable rapid implementation of
threat remediation.
Data security protects critical
information even in a breach
⢠Data encryption is quite
difficult when processing data.
Full time encryption (e.g.
Baffle, Inpher.io, Enveil) keeps
data safe, even when hacked.
⢠Selective access of data (e.g.
Privacera, LeapYear) provide
clear boundaries to critical data
depending on access level.
Passwords are eliminated using
implicit authentication
⢠Mobile devices can collect rich
user data, including location,
sensor interaction, and walking
& typing patterns.
⢠With these data, companies
(e.g. UnifyID, Crysp) can create
a seamless authentication
framework so users can log into
services without passwords.
Deception uses traps to uncover
attacks early and reduce the risk of
wide scale data breaches
Data security provides a protection of
critical information to keep data
secure even if an attack occurs
Biometric startups combine machine
learning, behavioral biometrics and
continuous authentication to
eliminate passwords