March 07, 2016

RSA Conference - Security Professionals Remain Upbeat on Security Opportunities

By Jaclynn Anderson
Participants at the RSA Conference in San Francisco last week said they expect the security market to remain vibrant in 2016, characterized by a continued focus on endpoint security projects and an increased emphasis on security analytics and cloud access security brokers.

Security Momentum Remains Strong
Security vendors and resellers at the 2016 RSA Conference remained optimistic on their outlook for 2016 security spending, and the mood at this year’s conference was upbeat. This is consistent with OTR Global’s 1Q15 checks, which showed strong momentum for 2016. One endpoint security vendor said, “We are seeing double-digit growth across all our segments.” Another attendee said, “From what we see so far, everything seems to be continuing at a steady pace from 2015.”

Cloud Access Security Brokers Gain Attention
Cloud Access Security Brokers (CASBs) were a key interest among attendees. CASBs are vendors that provide security policy enforcement between corporate users and cloud application providers, allowing or blocking the usage of cloud applications like social media, workforce applications, and cloud storage applications. There is speculation that some of the private vendors in the market would be acquisition targets by larger security vendors, following Elastica’s acquisition by Blue Coat Systems Inc. in November 2015. Vendors including Netskope Inc., CipherCloud Inc. and Skyhigh Networks Inc. were mentioned by multiple attendees as key CASB vendors. One reseller said, “We’ve had our first Netskope deal, and we are building the business. We also see CipherCloud, and Elastica with Blue Coat standing up in the cloud.”

Security Analytics Becoming Mainstream
Sources noted that anything related to analytics is top of mind among CISOs, and IBM Corp. received multiple mentions as a vendor getting stronger, in large part as a result of recent acquisitions it has made. IBM acquired IRIS Analytics, which combats payment fraud, in January, and on Feb. 29 announced plans to acquire Resilient Systems. Resilient Systems, which has an incident response platform, is considered an essential part of what is intended to be a security operation and incident response platform along with IBM’s security analytics, forensics and vulnerability management. One attendee said, “SIEM [security information event management], is now called analytics; that is big. Hewlett Packard Enterprise Co.’s ArcSight is big. Splunk Inc. is big. Internally, we look at those.” The largest hindrance to analytics projects is related to the lack of trained security data analysts, which drives demand for managed offerings.

Endpoint Security Remains Important
Endpoint security remains a priority among many of the startup endpoint vendors from past years that are increasing in visibility. Vendors including Bromium Inc., Carbon Black Inc. [previously known as Bit9+Carbon Black], Invincea Inc. and Webroot Inc. returned to the RSA Conference with larger and better-positioned booths. Cylance Inc., which sources have mentioned increasingly often in OTR Global’s Proofpoint Inc. and FireEye Inc. research, drew large crowds, despite its smaller booth tucked back toward a corner of the expo floor. One security reseller at the show said, “There is a lot of hype around Cylance. It’s like Palo Alto [Networks Inc.] from five years ago.”

Several Palo Alto partners in OTR Global's February report said Tanium Inc. is providing a strong technology tie-in with Palo Alto’s Traps, and sources regard Tanium as an interesting vendor to watch. However, one attendee said the product is best deployed corporate-wide, requiring large deal sizes and buy-in from the C-suite level, both contributing to long sales cycles for the company. The product is believed to be best suited for large banks and other companies with large networks. Tanium is also viewed as well positioned for the IoT [Internet of Things] security play, because of its ease at reaching a large number of end points.

Additional Insights From the Conference:
Conversations with attendees made it clear that Fortinet Inc. is well liked by customers, resellers, and managed security partners, consistent with OTR Global’s January report. A service provider partner said, “Our Fortinet partnership is great. Fortune 500 customers are not the ones interested in the managed services; rather it’s the higher end SMB customer.” A reseller at the conference said, “We see Fortinet doing well in universities and in research environments.”

Security specialists note that Palo Alto also is doing well and continues to experience strong growth, consistent with OTR Global’s February Palo Alto Networks report. The vendor is aggressively targeting new reseller partners, and several commented that they are making a “land grab.” One source said Palo Alto was demanding weekly sales revenue commitments from its reseller partners, similar to the high-pressure sales methods used at Cisco Systems Inc.  

Resellers said Check Point Software Technologies Ltd. is continuing to do business with its existing customers, but they do not expect them to grow outside of their installed base without extensive discounting, similar to OTR Global’s January Check Point report.

Attendees said FireEye is struggling to gain traction among new customers due to its pricing, the number of competitive options, and discontent among channel partners, similar to OTR Global’s January FireEye report. FireEye’s midrange product did not have any impact on attendees’ opinions on the vendor.

Sources said Cisco remains relevant to the security market based on the acquisitions that it makes. One attendee said, “I like what [Cisco] says. They have made smart acquisitions, but it still has the scent of duct tape.” Cisco is said to be doing well in the IPS space, due to the strength of the Sourcefire acquired IPS technology. One source said that Cisco was gaining IPS share from Trend Micro International Inc.'s (4704 JP) TippingPoint. The service provider said, “The transition of TippingPoint to Trend Micro has not been good [and is benefiting Cisco in IPS].” The lift of Cisco’s installed base is also helping, as many customers need to upgrade their ASAs to the FirePower next-generation products. This source also noted that if Cisco wanted to dominate in security, they could buy the business and take out competitors in an aggressive way.

WHAT: 2016 RSA Conference, San Francisco
WHEN: March 1-2
WHO: The annual conference attracts tens of thousands of information security professionals