The RSA conference ‘2019 AP&J (RSA conference 2019 Asia Pacific & Japan)’ was held at Marina Bay Sands, Singapore.
On the opening day, RSA Chairman (Rohit Ghai) and Vice Chairman (Holly Rollo) delivered an Opening Keynote on the theme of 'The New why of Cybersecurity', rapidly changing cyber security and increasingly complex market conditions, and solutions are rapidly changing accordingly. announced the need for
In accordance with the trend of market change, a large number of solution companies that introduced new technologies participated in RSA this year. Many technologies, such as AI, Bigdata, and Data Science, which were only scheduled to be introduced, have actually been commercialized, and solutions for user convenience of these new solutions have also been introduced.
With the introduction of new technologies, security solutions have the function of efficiently analyzing them, integrating collected logs, and visualizing them to users, beyond simply preventing malicious code or hacking. In particular, a large number of EDR (Endpoint Detection & Response) companies, NDR (Network Detection & Response), and NTA (Network Traffic Analysis) companies participated in a demonstration session about their solutions.
Looking back at the booths participating in the exhibition, the most noticeable part is the participation of 'EDR', 'MDR (Managed Detection&Response)' and 'Integrated Solution Log Management' solution companies. SiCyber introduced MDR service and Firewall Management service that combine EDR solution and Managed Security service. ManageEngine also exhibited endpoint agent management services including mobile.
Meanwhile, the participation of firewall makers and Network Appliance makers has decreased considerably compared to before, and there was no noticeable differentiation in this RSA. As the global security trend gradually shifts from network-centric to endpoint-centric, many companies have focused on various security functions that can operate on endpoints, and especially emphasized managing endpoints with many security issues. Therefore, rather than 'how well a specific solution detects and blocks', 'how well it manages' the solutions used by the endpoint is considered more important.
The MDR service is a more advanced concept than the existing security monitoring (MSS). An external professional security team detects and responds to malicious codes and malicious behaviors invading the network through 24X7 professional monitoring, and manages the customer's security policy. It provides a wide range of services, from security to breach analysis.
It is an unfamiliar concept in Korea, but it is a service that many security companies are actually providing overseas. Even if they cannot recruit security control personnel on their own, or even if they have recruited security experts, receiving EDR operation and control services from superior experts is not only more cost-effective in terms of cost, but also has a higher security level, so many overseas companies have already The MDR service has been introduced and is being used.
In the domestic situation, it seems more effective to build an MDR service with the help of an external professional company than to build a security control center by configuring the security infrastructure yourself. This is because no matter how good a solution is, it is impossible to achieve 100% performance of the solution if the understanding of the solution is insufficient.
In order to protect the endpoint environment, a lot of help from experts skilled in the solution is required. Since EDR solutions are a prerequisite for MDR services, there are many cases where EDR specialized companies directly operate MDR services at the same time. This is because they can utilize the solution 100% because they have a high understanding of the EDR solution.
WithNetworks also quickly adapts to global trends and is preparing EDR and MDR services through Cybereason with excellent detection performance and visibility. The MDR service does not stop at simply imitating the service that exists overseas, but is developing various service models to provide services suitable for the domestic environment.
Lastly, compared to last year, RSA saw a decrease in visitors as well as exhibitors. Nevertheless, there were many cases where visitors touring each booth did not simply come to check trends, but seriously looked into solutions and checked whether there were expected effects or technologies that would be helpful to the company when introduced. However, through these global security conferences, solution developers refer to other companies' advanced technologies and apply them to their own solutions. It is unfortunate that solutions tend to have similar GUIs or technologies and become standardized.
Among the many companies that participated in this conference, there were many solutions with similar keywords and GUIs. This seems to be a problem that many security solution developers have to overcome.