Why Russian cybersecurity exhibitions die

    In 1851, the first World Exhibition was held in London, which was attended by more than six million people. The British Royal Society of Artisans actively participated in the development of the project, their task was to create a tool to support trade and entrepreneurship. The result was stunning - the revenue was so large that part of it went to the arrangement of the museum city of Albertopol. The next World Exhibition was organized in the United States just two years later, and in 2020, the next event in the series will be held by Dubai. The reason why global and industry events have remained popular for one and a half hundred years is obvious: it is in the format of exhibitions that it is possible to organize an intensive and effective exchange of information between people.

    However, not all information security exhibitions are equally useful. This year I visited the RSA Asia Pacific & Japan and Government Ware exhibitions, which allowed me not only to plunge into the cybersecurity trends in the progressive APAC region, but also to compare approaches to organizing events abroad and here. Today I would like to share conclusions and thoughts about what is preventing Russian exhibitions on information security from flourishing (carefully, there are a lot of pictures under the cut).



    RSA Asia Pacific & Japan


    Singapore is considered by many to be the think tank of the Asia-Pacific region, and analysts note in it a high concentration of business engaged in the development and integration of IT solutions. Judging by the information on the pages of global companies, the office in Singapore is already a mandatory item in the program of events to enter the APAC market. The Cloud Security Alliance calls Singapore the number one contender for the region’s cloud leader. Everything said that the cybersecurity event in this city should be stunning.

    However, doubts began to arise at the planning stage. On the event website, it was striking that the area allocated for the exhibition at the Marina Bay Sands exhibition complex was several times smaller than even one of the buildings of the Moscone Center. Only three large buffers occupied by RSA, Symantec and M.Tech distributor, six slightly smaller buffers, two dozen “double” and fifty cells of 3x3 meters - this is the entire most powerful regional information security exhibition in APAC. The number and size of stands, the predicted number of visitors, the composition of the vendors - absolutely all hinted that at the same time, the BlackHat 2017 conference and exhibition is being held on the other side of the globe.


    Can you imagine so much free space at RSA San Francisco?

    Many colleagues in open-door conversations openly complained about the small number and insufficient qualifications of visitors. They talked about the coincidence of dates with the most popular exhibition for techies in cybersecurity (“only those who could not buy a ticket to Las Vegas come to us”), and the decline in popularity of RSA APJ from year to year, and that free tickets the audience is not given to the exposition, for the sake of which vendors collect stands.


    Illustration of the intensity of the flow of visitors.

    If we talk about accents on some specific topics, then the most common word on the stands was “cloud”. It doesn’t matter if the vendor is engaged in the development of DLP solutions, whether it promotes solutions in the field of user behavior analytics or whether it is about controlling privileged users. One way or another, along with the main points, the slogans “Secure the cloud”, “Securing the cloud generation”, “Cloud security” are constantly heard. The topic of the Security Operations Center was poorly disclosed - it was clearly spoken about only by Cyberbit and LogRythm, already familiar to visitors to Russian events, who had turned from a SIEM vendor into a Security Intelligence Company. A presentation on how to build Next-Gen SOC on the Next-Gen SIEM was spinning at their stand.

    The support for such a popular phenomenon in the Asian market as Digital Transformation was directly stated only by Thales, who, as it seems to me, is doing so well. The calm mood and unhurried work of colleagues at their stand confirmed this. IBM from the booth promoted the idea of ​​Cognitive Security and moving the business to the cloud as part of the digital risk management process. Interesting niche vendors Tufin, Synopsys, Sonatype were content with placing M.Tech distributor on one of the largest pouches with small tables and racks for handouts. In general, the informational value of the exhibition and the readable dynamics can be described with the phrase "On the Western Front Without Change."


    The most colorful element of the RSA APJ exhibition design.

    The design of the stands also could not impress anything. Symantec with their futuristic space design, a M.Tech booth resembling a spaceport from science fiction books, a full-length humanoid robot figure on the Malwarebytes antivirus vendor booth - that’s all that stood out against typical booths built out of parallelepiped abstracts and slogans. .


    M.Tech distributor booth and view of the RSA APJ demo theater.

    The feeling of disappointment from the exhibition emphasized that the organizers did not have a shortage of space. A huge amount of space between the stands became even more noticeable due to the small flow of visitors to the conference. The only "densely populated" space on the site was the dining area. All of the above created a clear sense of “second tier”, in which there are those who did not get on the BlackHat - visitors, vendors and even the organizers of the event. The curtain, no one applauds, no one is being called upon to encore.

    Government Ware


    In May, during a trip to the Cloud Security Expo in Hong Kong, which I already wrote about earlier, an IXIA representative unusually responded to my question: “Will you participate in RSA APJ?” He looked at me intently and asked, “Why?” Then, in a short conversation, he shared that they had a dilemma, to go to Singapore on the RSA in July or to the Government Ware exhibition in September. Their company decided that in terms of business opportunities, they need to abandon RSA and send a team to GovWare. Focusing, among other things, on the opinions of colleagues from the industry, spurred on by the impression of RSA APJ, and not expecting any surprises, in September I came to Singapore International Cyber ​​Week, in the framework of which the Government Ware exhibition of cybersecurity was held.

    The organizers did not raise the status of the event by renting a prestigious venue. The exhibition was organized at the Suntec Convention Center, not as popular as Marina Bay Sands, and without a view of the bay. At the same time, the area occupied by the stands of the participants turned out to be twice as large, the center of the hall was occupied by the ten largest stands (against three on the RSA), and the list of participants was replenished by companies from among world and regional leaders such as Kaspersky Lab, FireEye, Splunk , TrendMicro, Quann, and Huawei. It was clear that the question of choosing between RSA and GovWare was not only confronted by IXIA, and that global players also made it not in favor of a world-famous brand.

    What else distinguished the GovWare exhibition from RSA was that on the first day, not everyone could enter the venue, but only conference delegates. As a rule, they were employees of state organizations, agencies, and representatives of large businesses who were partial to cybersecurity issues. In a word, those same “decision makers” for whom marketing materials and demonstration stands are being prepared, for the sake of which manufacturers and service providers bring their teams to exhibitions. The separation of time visiting the exhibition has a positive effect not only on the motivation of the vendors, but also on the visitors themselves creates the feeling that everything that happens around them is designed specifically for them.

    On the first day of the event, a CTF championship was also held for the teams who arrived at the event. There were no “night vigils,” as at Positive Hack Days. It is difficult for me to evaluate its quality, but what is really important to note is that hackathons and CTF shift the general status of the exhibition towards practical safety and increase the percentage of technically competent specialists among visitors.



    As I mentioned, the composition of the vendors was different from the previous event. The differences were visible to the naked eye even in the quality of the preparation of the stands. I’ll dwell in more detail on how foreign colleagues approach participation in exhibitions in terms of concepts and branding of stands, as well as attracting visitors.

    Quann



    MSSP with its SOC, grown from a Singapore-based eCop cybersecurity company. One of the key players in the Asian market for information security services. Due to the effective illumination and used design elements, the stand created associations with the bridge of the Enterprise spaceship. Rows of screens showing incident statistics, detailing information about users and recorded events, and touch panels attracted the attention of visitors. Interestingly, SOC Quann uses a self-written system as the core, and the company does not develop its own agents. All data for analysis is collected from the company's devices and security systems, including endpoint protection solutions of third parties.


    An involuntary association that arose when looking at the Quann poster.

    ST Electronics

    This company built one of the most interesting stands from a professional point of view. On a video wall of nine screens, an assembly of Security Operations Center based on several software systems was demonstrated.


    Security Command & Control Center is a concept from ST Electonics.

    In addition to a slide with a high-level scheme, a set of technological solutions with which you can implement it was very clearly demonstrated. On the screens were noticed:

    • SIEM IBM QRadar,
    • Siemplify threat analysis system,
    • Cisco Active Threat Analytics
    • Threat Quatient platform for working with Threat Intelligence data
    • Cyber ​​Prism Threat Intelligence Data Acquisition
    • Janus Management System is one of Janus Technologies' solutions for analyzing user behavior and conducting digital investigations.

    ForcePoint



    There were a lot of visitors at the ForcePoint booth. This is partly due to the designers of space - it turned out to make the puff very futuristic, in a soft, almost alien green color. This attracted attention and gave time to the company's employees to interest people passing by by the opportunity to play darts and win a prize. This focus for collecting contacts is as old as the world, but, nevertheless, still works.

    Splunk



    Space Splunk at GovWare. The brand emphasizes that their platform is located on the border of the areas of security and information technology, which means it is in demand not by one, but by two types of company directors - CISO and CIO. Their slogan “Because the ninjas are too busy” also does not focus on any of the areas. Indeed, according to Splunk, both the system administration guru and the cybersecurity expert will be able to become a shinobi - a shadow warrior.

    Singtel



    Singtel, another member of the Big Three telecom operators in Singapore, assembled a simulator of an attack on industrial systems at its booth. From the outside, it looked impressive, but not for those who are already familiar with the Alcobot of Kaspersky Lab or Choo Choo PWN from Positive Technologies. It is significant that the largest telecommunication companies in the region declare themselves to be serious players in the cybersecurity market - with round-the-clock SOCs, training systems and raising awareness about cyber threats and even competencies in the protection of the Internet of things and industrial systems.

    Some conclusions


    Due to an interesting coincidence, at the same dates on which Singapore International Cyber ​​Week was held, InfoSecurity Russia exhibition was leisurely working in Moscow. From time to time, photos from the Moscow event appeared in social media feeds, and here it was impossible to resist comparisons, not in favor of InfoSec. Add to this my impression of RSA APJ - and quite logical conclusions began to come to my mind.

    In the field of cybersecurity, one brand of the exhibition is no longer enough. RSA SF is loved and visited not only because of the brand, but also due to the lack of comparable alternatives for vendors. In addition to it, there are two more super-conferences in the region: BlackHat (posted half a year from RSA) and DefCon, but both of them are focused on the technical audience. If you want to present a product, make an appointment with fifty customers, collect feedback on the use of your technology in North America, find out what solutions will be presented on the market and manufacturers' booths in a year - the road is only to RSA SF. But as soon as you leave the USA, the RSA brand is no longer perceived as a guarantee that professional vendors and experts from potential clients will be able to find each other at the event of the same name.

    A similar story happens with InfoSecurity Russia. If five years ago the event positioned itself as a headliner of exhibitions dedicated to cybersecurity, then over time, vendors begin to massively refuse to participate in it, and experts hesitate if it is worth going there.

    The reason for the story with InfoSecurity Russia, in my opinion, is described in the two paragraphs above - it has alternatives. Specialized conferences, sharpened specifically for a certain topic, attract many times more visitors than the "dying" main exhibition on information security in Russia. BIS Summit, SOC Forum, CyberCrimeCon - professionals come to these conferences in order to communicate, receive expert answers and then make their own decisions based on them. The merit of the organizers of these conferences lies in the fact that they are able to gather specialists from both sides of the front line on the same platform - customers and vendors, who are at the same time most interested and disposed to communicate with each other.

    GovWare also confirms the ideas above. The event with clear targeting and a solvable problem - “to give information to the public sector about existing IS solutions and services” - begins to gather around itself not only government customers, but also experts from the commercial segment. This is very similar to the case studies from product management practice:

    1. Find the problem.
    2. Find people.
    3. Make sure that there is a problem and people are ready to solve it.
    4. Build a product to solve this problem.
    5. PROFIT!

    To create a product (in our case, a conference) and then hope that people suddenly for some reason begin to use it, at least presumptuously.

    Also popular now: