News & Events

Five things we learnt at InfoSec 2017

  • 14 June, 2017

Article, Events, Industry News, Security

Last week saw the doors to Olympia open yet again to the world of Security for Infosecurity 2017. From the 6th to the 8th of June tens of thousands of people visited the show to engage with vendors, see what’s new and gather information on the latest Security trends and challenges for the coming year.

Our team spent some time at Olympia last week and as a result we’ve produced this article to share five key things we observed about this years show.

infosec europe tesrex

So without further ado, here are our five takeaways from Infosec 2017:

•    Endpoint, Endpoint, Endpoint!

You couldn’t take five steps without running into a vendor who was falling over themselves to tell you about their Endpoint Protection platform.

If you were to mask the logos, you’d be hard pressed to tell the difference between them as they all share similar fundamentals. They either have a preference or combination of signature based protection, behaviour based analytics and/or machine learning.

Ultimately, the general industry shift is towards a whitelist model. This means that in much the same way as you do with a firewall, you’ll need to develop your own set of rules and exceptions tailored specifically for your business as part of the initial implementation and on-going maintenance of the solution.

As this market is now so highly saturated, it’ll be a challenge for customers to determine which product suite or solution is best suited for them.

•    Internet of Things (IoT)

A poster child of security trade shows in recent years, IoT took a step back this year.

We anticipate that this is due to the highly-publicised Ransomware attacks in the past year which has resulted in an opportunity window which vendors are eagerly capitalising on to champion their Endpoint Security products.

There seems to be a softness around security IoT which we believe is more to do with the customer simply not prioritising the protection of IoT devices in their risk profiles in the same way as they do their Endpoints and Servers.

Are they right or wrong to do this? This is a deeper question which requires considering the purpose of the device to determine its risk to the organisation. Due to this complication, there is a general softening of this market.

•    Cloud Security

It was good to see a few organisations tackling some or all of the challenges related to migrating onto a Pure Cloud or Hybrid Cloud environment.

One of the major challenges with this kind of migration is around Key management, which acts as the ultimate gatekeeper to the application data. Most of the vendors also had a “Cloud ready” version of their traditional security products, but we still feel the industry is chasing the Cloud, so to speak.

A key issue for the Security vendors is the rapid pace of development Cloud, pushed along by the major cloud platform owners. AWS and Azure for instance, will develop entirely at their own rapid pace, leaving 3rd party integrators sometimes struggling to keep up.

By far the most important thing to note with cloud platforms is the fact that securing your data in the cloud is entirely YOUR responsibility and not that of the cloud provider.

•    Event Logging & Correlation

We found this field of security to be the most improved this year. With the addition of machine learning and BI (Business Intelligence) level analytics now being built into platforms, the notion of having to do manual correlation across the board is slowly fading.

Instead, the systems will attempt to make their own intelligent decisions around suspected odd behaviour within the environment and attempt notify you to take appropriate action.

•    Mobile Security

The poster child before IoT, the mobile device market seems relatively mature at this point for those with strict requirements. Most organisations seem content with either using integrated tools from other platforms with little to no cost, rather than full blown dedicated Mobile Security platforms.

With the mobile world now mainly constrained to Apple and Android, there doesn’t seem to be a lot of innovation happening in this field. We’re not anticipating this changing in the coming years.

info security exhibition hall

Conclusion

Another year of Infosec draws to a close and the trends are apparent. I’m sure you’ve also noticed that we did not mention any vendors in this article. We believe that the state of the industry be discussed in an agnostic fashion, without using it as a promotional bed. It’s also important to be cautious when making significant judgement calls at a trade show. The demonstrations you see, the people showing it and your state of mind at that time will greatly influence your take on any given platform.

Our tip would be to avoid most floor demos and instead ask for a brief overview and then schedule a dedicated 1 on 1 after the event, all of the vendors will be more than happy to oblige and you’ll be able to sit down and receive a demonstration and discussion that should be far more valuable.

We hope you enjoyed this article. We’re always looking for ways to improve our content so please feel free to submit any of your suggestions or feedback to us via the contact forms provided.

Get in touch with us

Let us know what you think of our articles