Observations from the 2016 RSA Conference

RSA

Now that we’ve had a few days to catch our breath, it’s time to reflect upon some of the highlights from the RSA Conference in San Francisco last week. This was the 25th annual conference, and it was attended by more than 40,000 security professionals from more than 700 companies worldwide.

Hot Topics for Conversation

This year, the encryption debate – notably the government’s heated battle with Apple – dominated keynotes, sessions and one-on-one conversations. Today, organizations struggle to find the right balance between security and privacy, and although the rise in breaches and increase in cloud adoption are natural drivers for encryption, hurdles remain for many companies, found a new Ponemon Institute study released during the show.

Analytics was another hot topic. From walking around the show floor, listening to sessions and reading news, there is a clear evolution from discussions about being able to simply detect a security threat – to using behavioral and network analytics to enable organizations to respond.

Other notable topics included the Internet of Things, industrial control systems, artificial intelligence and machine learning. Once again, discussion about privilege was everywhere at RSA – and not just at our booth. Dialogue amongst security researchers, practitioners and vendors alike centered on a common attack link: privileged account exploits. We had a record number of attendees visit the CyberArk booth, seeking ways to mitigate risk and proactively protect against stolen privileged credentials, Kerberos attacks, malicious insiders, Golden Ticket attacks and Pass-the-Hash attacks.

Privileged Threat Analytics

To kick off the show, we unveiled new real-time threat detection and containment capabilities, available via CyberArk Privileged Threat Analytics 3.0, to help organizations secure against cyber attacks that target the Microsoft Active Directory infrastructure. You can find full details and free resources here and check out a 2-minute video here.

Our team talked with our customers and prospects, many of whom were CISOs of their organizations and were often joined by their CIOs – underscoring a larger trend we’re seeing of cyber security becoming a C-level business priority. Attendees lined up to participate in a demo of CyberArk Privileged Threat Analytics, and those who participated were entered into a drawing to win $10K to their favorite charity, which we’ll announce soon. Stay tuned!

Speaking Highlights

In addition to countless conversations and demos at our booth, two of our colleagues had speaking sessions that emphasized proactive protection and threat detection. In the interactive BSides San Francisco talk titled, Scan, Pwn, Next – Exploiting Service Accounts in Windows Networks, CyberArk Labs’ Andrey Dulkin, senior director of cyber innovation, and Matan Hart, security researcher, outlined the ways attackers exploit service accounts in Windows. They also presented research highlighting the exposure of service accounts in real-world networks.

Gerrit Lansing, CISSP, director of consulting services, presented on “Protecting Your King: The Key to Maintaining Control of Your Business” at RSA. Gerrit explored the increasingly common types of Kerberos attacks, including Golden Ticket, and he discussed how privileged account security solutions that combine proactive protection and threat detection can thwart attackers before network takeover is accomplished and trust in the IT infrastructure is broken.

Partner Connections

RSA always presents an exciting opportunity to meet with our technology and channel partners from around the globe to share insights on how to collaboratively help the larger community and our customer to address their most pressing security issues – and this year was no exception.

We are pleased to play a role in several new initiatives launched by our partners, including Tenable Network Security, which unveiled its new Technology Integration Partner Program. We are an inaugural member of the program, which was built to encourage collaborative, innovative solutions to help customers protect against evolving threats.

Additionally, our work with Splunk on the Adaptive Response Initiative was highlighted at the show. As our Executive Vice President Adam Bosnian stated, “A coordinated best-of-breed defense is an important step in effectively combatting the numerous and potentially devastating attacks that companies experience every day.”

Last, but not least, RSA announced new identity assurance and identity governance capabilities in RSA® Via. The interoperability of the CyberArk Privileged Account Security Solution’s proactive protection and detection capabilities with RSA Via Lifecycle and Governance helps to reduce the attack surface by managing privileged user provisioning, entitlements and access certification in a centralized, holistic approach.

Another great show in the books! Thanks to our customers, partners, colleagues and peers for another fantastic RSA Conference. See you next year!