A Healthy Outlook on Security From RSA Conference 2020

Another RSA Conference is in the books and despite a few vendors pulling out due to public health concerns, the show went on and offered attendees a glimpse of what lies ahead in the world of cybersecurity.

The main theme for this year’s RSA event focused on the human element in addressing the behaviors and activities of users and analysts. This is something that was echoed in our Cloud SIEM Enterprise announcement the previous week and we demonstrated in our booth with our truly modernized security analyst experience. Actually, when attendees spotted our Cloud SIEM Enterprise user interface they immediately requested to see a live demo and witness this new security analyst experience.

Digital Transformation and SIEM

At RSA 2020, one common concern I heard from attendees were their challenges with digital transformation. Specifically, the mandates they face to accelerate their cloud migration efforts while securing and demonstrating compliance for their cloud environment. This ties to the biggest observation I saw from RSA 2020: SIEM solutions are popular again. Practically every security vendor was either speaking about SIEM, saying they offer SIEM functionality, or described how they connect to a SIEM. This can likely be traced to the fact that the cloud has provided a rebirth recently to the SIEM market as enterprises and government agencies are talking about and actively moving their security operations tools to where their public and multi-cloud applications and data are increasingly appearing.

As my fellow Sumos at RSA noted, many RSA attendees came by our booth to learn about our Security Intelligence portfolio, learn more about the importance of choosing a cloud-native SIEM platform, and better understand the scalability, management, and cost savings this approach brings.

Sumo Takeaways from RSA 2020

I also polled several other Sumo Logic colleagues attending the RSA Conference and here are some of their thoughts and takeaways from the week:

“Cloud SIEM was huge at RSA this year, but while many vendors were quick to claim “cloud SIEM”, they did not specify the real underlying architecture (e.g., cloud-native, multi-tenancy, elastic scale). From the conversations I had with CISOs and security teams here in San Francisco this week, architecture matters! Scalability and driving ownership costs down by moving to true SaaS SIEM is a very popular theme. Cloud security was also big, with lots of talk of hybrid and multi-cloud strategies. Generating clear signals from the “noise” and the ability to generate actionable insights from very large, growing data sets is still a key driver for folks. Many talk about analytics but want to see real results in reducing their false positives and noisy alerts before their SOC gets it.”

- Greg Martin, GM, Security Business Unit, Sumo Logic

“With entries of Microsoft, Google, and Sumo Logic into the cloud-native SIEM category, there is a lot of discussion about delivering the SIEM “from the cloud” for operational, cost, and data ingest advantages over traditional on-prem deployments. The interesting parts of this dialogue are separating the “lift-and-shift”, cloud-delivered SIEMs from those that were built natively as SaaS services in the cloud. After you filter out the cloud-hosted folks, then the question is which of the cloud-native SIEMs can truly deliver the elastic scale (like 100x burst on ingest with no provisioning delay or overage bill!) and multi-tenant insights (gaining actionable insights from community, continuously surfaced, at no cost!) which are needed for modern security threat surfaces. But all of this SIEM “from the cloud” talk leaves out the equally significant SIEM “for the cloud” question. Modern digital businesses have production application security needs which demand context, scale, content, and analytics which cover the cloud and application stacks with the same depth as traditional on-prem infrastructures. Taken together, these SIEM “from the cloud” and SIEM “for the cloud” requirements narrow the field quite considerably.“

- Dave Frampton, VP, Security Business Unit, Sumo Logic

“Many of the people walking the halls were focused on learning, as much as considering solutions to buy. There are many new faces who are taking increased responsibility for cybersecurity in their organization. This is particularly due to the cascading increase in the adoption of cloud computing that furthers cloud development methodologies and results in more distributed responsibility for security across security operations and developer operations roles.”

- Rhett Dillingham, VP Product, Security Business Unit, Sumo Logic

The year is off to a great start for Sumo Logic as we share our Cloud SIEM Enterprise solution with existing Sumo customers and new organizations. We’re also hitting the road and coming to an event near you, so look for us at AWS Summit San Francisco, AWS Summit Sydney, and AWS re:Inforce in Houston. You can check out our other upcoming in-person events, and sign up to attend my Cloud SIEM Enterprise webinar.

What did you think of the RSA Conference? Let me know on Twitter via my link in my bio.