RSA - Show Review
Last week at the 2023 RSA Show and Conference in San Francisco, thousands of cybersecurity professionals walked the show floor, visited numerous booths, and attended many parties. Hundreds of companies showcased their products and services and scores of new product announcements were made in the days immediately prior to the show and on its first day. Big tech names dominated the show’s ether, such as Akamai, AWS, CrowdStrike, Google, IBM, Palo Alto Networks, and others. And throughout the aisles, clamoring just as hard for attention, were many smaller brand-named companies.
I came away from the show with several observations, the most interesting of which are highlighted below.
There were over 40,000 attendees – a significant increase over the 30,000+ people who attended last year’s show. RSA is therefore returning to pre-Covid attendance levels.
Generative AI – especially products and services around defense – was the talk of the show. The consensus: Attack vectors have expanded.
The “shift left” (the practice of moving testing, quality, and performance evaluation earlier in the development process, often before any code is written) has lost some of its luster as it relates to security becoming a developer priority. For many of the RSA attendees I spoke with, their argument is that placing sole responsibility for security on developers is asking too much of them.
I was really struck by the strong presence of both native Israeli startups and U.S. companies with strong Israeli executives, VC and technology in the security space.
There was a lot of chatter about the increasing number of lawsuits being filed against companies that have suffered data breaches – with litigation even cropping up around incidents affecting less than 1,000 people.
The general consensus is that hackers are learning how to breach cloud systems. In recent years, billions of dollars have been invested in moving digital data from traditional, on-premise enterprise storage solutions to the cloud. That investment will continue to grow. However, recent incidents indicate that bad actors are adapting their methods, and penetrating private and public cloud systems.
There was a palpable shadow cast over new cyber-ventures in the U.S. In the last quarter, cybersecurity venture capital investments slowed to a trickle – a sharp decline from funding in 2022. This represents a 58% decline in Q1 on a year-over-year basis, though this quarter marked a slight increase from Q4 2022.
In terms of public markets, the performance of security company stocks lagged behind other groups and ended April generally down. Large-cap stocks – especially MSFT and Nvidia – outperformed other groups, especially data/analytics and SaaS apps and tools. Despite this recent ‘mixed bag’ with performance, there was marked optimism that the IPO pipe will be opening in the near future and that M&A activities will happen beyond private company combinations.
The overall impression that I got from this year’s RSA event is that the state of the security industry is strong, but it still has some weak spots. Bad actors abound while products are coming to market with heavy AI accents. The IPO pipeline is forming and perchance opening up, flanked by rising M&A exits. The industry once again is generating ample optimism – and that’s a very good thing.
FiVerity was not at RSA this year, but ReversingLabs had a big presence.
Did Fiverity present or have a dedicated presence there?