In between Black Hat meetings, demos, briefings and networking events, I headed down the streets of Las Vegas to AGC Partners’ Distrupt!on 2015 to participate in some hard-hitting conversations about the current state of the cyber security industry – and where we’re going.
It’s no secret that cyber threats are proliferating at terrifying speeds and increasingly making their way into the mainstream. AGC co-founder Maria Lewis Kussmaul’s opening remarks pointed to one of the major challenges that we, as an industry, face in getting ahead of these threats: the security ecosystem tricotomy, comprised of three, distinct groups of technology providers:
- The “old guard” technology companies – from Symantec to McAfee to HP – who have fallen behind and gotten lost in this new threat landscape
- The “undecided” companies, i.e. Cisco and IBM, who have dipped their toes in the water but haven’t moved their offerings beyond table stakes
- The hungry, early-stage companies, such as Palo Alto Networks, that are working hard to crack the code and emerge as the next-generation security leader, but face challenges in innovating and scaling rapidly enough to make it happen
One particular area where this segmentation is palpable is threat intelligence. A hot industry buzzword for years, threat intelligence products and services are finally delivering real value and profit to customers and investors. But despite the slew of new data and analytics available, organizations are still struggling to harness this information and preemptively get in front of threats to shut them down before real harm is done. A panel of experts, led by Wendy Nather of the Retail Cyber Intelligence Sharing Center, discussed how, despite the surge in threat intelligence offerings, Fortune 100 companies are still unprepared to handle the advanced threats looming on the horizon. One only has to pick up a newspaper to realize the severity of the problem: the string of headlines announcing crippling cyber attacks on major corporations seems never-ending.
Though the true promise of threat intelligence technology has yet to be realized, advancements are certainly being made. Yet as an industry, we could be moving so much faster, and be so much more effective if it weren’t for the complacency of the “old guard,” and the hesitation of the non-committal “undecided.” Imagine if these players – with their massive resources, huge R&D teams, scalable infrastructure and global partnership networks – would just go all in and make cyber security a core focus and top priority. Imagine the possibilities of banding together – leveraging the strengths of the established players and the agility and creativity of the next-generation who have already made cyber security their mission.
What’s happening in our industry today reminds me of the legendary gladiator fights of ancient Rome. The modern day gladiators – the emerging companies, the innovative minds that work for them and the investors who believe in them – are taking extraordinary risk and putting everything they’ve got on the line. Meanwhile, the old guard sits back and simply spectates. But the fact is, time is on no one’s side in this cyber security game. While the big guys watch the little ones fight for survival, the whole city is being stealthily surrounded by a host of formidable, motivated adversaries who will inevitably find ways to break in and take down the entire empire.
Walking back from the conference to Black Hat headquarters, I couldn’t help but sigh when I saw an old-school limo roll by me, plastered in a Symantec ad that read “Advancing Security.” If only that were true.