By Michael Vaughn

RSA 2017 Recap: Enterprises Don’t Want More One-Size-Fits-All Solutions

Security, operations, and network teams all want more tailored security solutions in 2017

Many of us have attended security conventions over the years, but none bring the same high level of excitement as RSA — where the world talks security. Of all the conventions I have attended and worked, nothing comes close the passion for new technology people exhibited this past week in downtown San Francisco.

After taking a few days to digest the dozens of conversations about the needs and limitations with current security tech, I’ve been able to synthesize a singular theme among attendees: People want customized solutions that fit their environment and work well across multiple internal teams.

When I refer to the term “people,” I mean everyone in attendance regardless of technological segment. Operational experts, security pros, network veterans, and even user behavior analysts frequented the Ziften booth and shared their experiences.

Everyone seemed more prepared than ever to discuss their needs and wants for their environment. These attendees had their own set of goals they wished to attain within their department and they were hungry for answers. Since the Ziften Zenith solution provides such broad visibility on enterprise devices, it’s not surprising that our booth remained crowded with people eager to learn more about a new, refreshingly simple endpoint security technology.

Attendees came with grievances about myriad enterprise-centric security issues and sought deeper insight into what’s really taking place on their network and on devices traveling in and out of the office. End users of old-school security products are on the hunt for a newer, more pivotal software.

If I could choose just one of the frequent questions I received at RSA to share, it’s this one:

“What exactly is endpoint discovery?”

1) Endpoint discovery: Ziften reveals a historical view of unmanaged devices which have been connected to other enterprise endpoints at some point in time. Ziften allows users to discover known and unknown entities which are active or have been interactive with known endpoints.

a. Unmanaged Asset Discovery: Ziften utilizes our extension platform to reveal these unknown entities running on the network.
b. Extensions: These are custom-fit solutions tailored to the user’s specific wants and needs. The Ziften Zenith agent can run the assigned extension one time, on a schedule or persistently.

Almost always after the above explanation came the real reason they were attending: People are searching for a wide range of solutions for various departments, including executives. This is where working at Ziften makes answering this question a treat to answer. Only a portion of the RSA attendees are security experts. I spoke with dozens of network, operation, endpoint management, vice presidents, general managers and channel partners. They clearly all use and understand the need for quality security software but seemingly find the translation to business value missing amongst security vendors.

NetworkWorld’s Charles Araujo phrased the issue quite well in an article last week:

Organizations must also rationalize security data in a business context and manage it holistically as part of the overall IT and business operating model. A group of vendors is also attempting to tackle this challenge…

Ziften was among only three companies mentioned.

After listening to those needs and wants of people from various business-critical backgrounds and explaining to them the capabilities of Ziften’s Extension platform, I usually described how Ziften would modulate an extension to solve their need, or I gave them a brief demo of an extension that would allow them to jump a hurdle.

2) Extension Platform: Tailored, actionable solutions.

a. SKO Silos: Extensions based on fit and need (operations, network, endpoint, etc)
b. Custom Requests: Need something you do not see? We can fix that for you.

3) Enhanced Forensics:
a. Security: Risk management, Risk Assessment, Vulnerabilities, Suspicious metadata
b. Operations: Compliance, License Rationalization, Unmanaged Assets
c. Network: Ingress/Egress IP movement, Domains, Volume metadata

4) Visibility within the network – Not just what goes in and out of it.
a. ZFlow: Finally see the network traffic inside your enterprise.

Needless to say, everyone I spoke to in our booth quickly grasped the critical importance of having a tool such as Ziften Zenith running in and across their enterprise.



Forbes writer, Jason Bloomberg, said it best when he recently described the future of enterprise security software and how all signs point toward Ziften leading the way:

Perhaps the broadest disruption: vendors are improving their ability to understand how bad actors behave, and can thus take steps to prevent, detect or mitigate their malicious activities. In particular, today’s vendors understand the ‘Cyber Kill Chain’ – the steps a skilled, patient hacker (known in the biz as an advanced persistent threat, or APT) will take to achieve his or her nefarious goals.

The product of U.S. Defense contractor Lockheed Martin, The Cyber Kill Chain contains seven links: reconnaissance, weaponization, delivery, exploitation, installation, establishing command and control, and actions on objectives.
Today’s more innovative vendors target one or more of these links, with the goal of preventing, discovering or mitigating the attack. Five vendors at RSA stood out in this category.

Ziften offers an agent-based approach to tracking the behavior of users, devices, applications, and network elements, both in real-time as well as across historical data. In real-time, analysts use Ziften for threat identification and prevention, while they use the historical data to uncover steps in the kill chain for mitigation and forensic purposes.

Check out what Ziften can do for you with a free trial!

Get the Blog Here