The Polyverse team spent Monday through Friday attending RSAConference 2020 in San Francisco, California. Several team members could be found at our booth in the Early Stage Expo hall, as well as roving the expo, learning about the new trends and technologies making waves at this year’s event.
Hundreds of interested attendees stopped by the Polyverse booth in order to get a better understanding of our solutions, and how they might be applicable to their needs. Many visitors were from the expected industries such as finance, government, and software services, but there was a surprisingly strong representation of visitors from industries such as food, education, and manufacturing. Furthermore, we were impressed by the notable representation of small or individual consulting agencies who seem to be going after the long-tail needs of the industry: consumers and small businesses who do not have the resources or expertise to adequately secure themselves.
Many of the well-known and popular titans of the industry were present, complete with glamorous booths, coveted giveaways, and exciting prizes. Yet, some of the most interesting appearances were by the quieter booths along the less-traveled paths of the main expo floor and the Early Stage Expo area. Some of the common trends that we observed were heavy invaluable intellectual property, such as machine learning algorithms and artificial intelligence. The products and services of these IP-heavy companies were not as groundbreaking as one would expect. That wow-factor belonged to the companies that were focused on taking an extremely challenging, onerous solution, and making it available to their users through a user experience (UX) that almost made it seem like magic was being performed. Such companies made just as large of a splash with a small physical presence, as those companies with a large physical presence.
Aside from the typical corporate decision makers that were there to attend talks, field meetings, and pitch their products, we found that there was a wonderfully curious set of attendees that were genuinely interested in the technologies on display, and how those technologies might be applicable to their companies or organizations. It was refreshing to be able to strike up knowledgeable conversations with just about any attendee. Whether they were technical discussions or not, the key was that people generally seemed approachable and enthusiastic about being there. Encouragingly, there were companies that were stopping by booths, talking to companies with an interest in partnering to bring value to their markets. It was a warming sight to see the spirit of collaboration persevere in an increasingly competitive world.
It was clear that RSA is the place to be if you want your company to be seen and talked about in the security world. While some companies were there to push products and services, other companies were in attendance to recruit the best talent, who otherwise may not make it through their layers of resume filters. Major consulting firms were also in attendance to provide fresh faces to current and potential clients around the industry. All of these approaches facilitated a tremendous amount of networking, adding to the availability of opportunities abound at the conference.
It was clear that there has been a major, positive shift in the approach that most companies have decided to take toward either protecting their assets, or providing products and services to help others protect their assets. This shift is commonly known as a “shift left” (often mentioned by Michael Ewald of Contino), where security is increasingly being considered toward the beginning of the development and implementation process, rather than added on at the end. The newer, and more groundbreaking, technologies made the assumption that attackers have already been winning the security war and have the upper hand when it comes to compromising their targets. Technologies demonstrating the capability to restore systems to their last-known good state, or to provide a deceptive target for an attacker, seemed to be becoming much more popular, but are also producing much-needed successful prevention results against malicious actors.
Over the three days of the conference, many companies made announcements that they hoped would make a dent in the market. Some of the more common announcements were centered around improving compliance capabilities, detecting threats, and scanning for vulnerabilities as early in the process as possible.
Ultimately, Polyverse was the only company that was able to definitively say that they could cover all three areas at once, by helping companies meet their compliance needs, eliminating the need to scan for an entire class of vulnerabilities (memory-based), and enabling a Polyverse-protected system to provide the data for the detection of failed attacks that use zero-day exploits.
Among the smaller vendors and newer solutions, many focused on a few themes that were worth calling out:
One major takeaway from the common announcements and themes is that none of them actually prevent an attack from occurring. Polyverse’s products focus is on exactly that: Stopping attacks before they start. Polyverse’s Polymorphing for operating systems, and Polyscripting for PHP, prevent attacks from even being able to take place in a proactive manner, without needing to know what the attack will look like, or where it will come from.