RSA San Francisco 2018 - What to expect (from edgescan)
So here we are again, RSA 2018 in San Francisco, but to be honest its edgescans first time to attend as a vendor. The last time I was there was in 2014 teach 400 developers on secure application development with Jim manico. Funnily enough things have not changed so much, the slides are here
So what will the edgescan team be doing on our first foray into RSA as a vendor?
Apart from numerous meetings with clients, partners and media we are also flying to Irish flag and attending an "Irish Night" hosted by Enterprise Ireland and the IDA. Feel Free to pop along for a pint and to meet some of the edgescan senior team.
Personally I have a slight reservation regarding the event and industry as a whole....
The problems have not changed since 2014, vulnerabilities are similar/the same and the most common vulnerabilities discovered by our edgescan SaaS are still older variants.
Many of the solutions being proposed are not solving the issue and not making even a dent in the metrics we see every day.
We seem to continue to propose new types of solutions for the same problem but non of them appear to make a large impact. - Can anyone disagree that cyber security issues are now more commonplace and destructive than ever?
Whats old is new....
At RSA, we hope to get the opportunity to explain how we can "put a dent" in the problem with fullstack vulnerability management. We've been talking about the items below since 2016 or before
edgescan have focused on using tried and trusted techniques albeit automation combined with human expertise and orchestrated to help scalability without sacrificing accuracy or coverage.
Simple things like Visibility of a users cyber-estate are now "cool", even though we had the technology for years in some form or another.
Metrics and measurement is another weakness which, again we have the technology but its only being addressed now. - "We cant improve what we can measure".
Delivering Penetration test reports to clients is an old tradition but needs to be replaced with API integration, Vulnerability feeds and connectivity into an organisations bug and risk tracking platforms. - New idea? I don't think so.
So given as an industry we have not embraced the basics (above) why to we gravitate to other unproven solutions? I understand it keeps the industry buoyant and innovation is great, believe me we innovate and spend hundreds of thousands on innovation every year but lets focus on solutions that actually move the dial a little in favor of cyber security resilience and robustness.
Comments
Post a Comment