Information Security Europe: trends in the global information security market that you will not read about at Gartner

    In early June, my friend and colleague Andrei Dankevich and I went to Information Security Europe for a few days in London. This is the largest exhibition in Europe and “one of” in the world. This year, more than 15,000 people visited it, and it was already 22 times.

    Although the Information Security Europe has a rather extensive program of reports, it’s not worth going for them, but to pick up cool souvenirs to talk with manufacturers of electronic information systems , see their solutions at the stands and draw conclusions on your own (and not just trusting Gartner) what trends are at their peak now. Under the cut - a story about what technologies vendors DLP, UEBA, GRC, IGA and MDR implement.

    First, a little about the exhibition itself: despite the fact that it lasts 3 days, it is difficult to carefully examine all the stands, there are VERY many of them (this year there were 399 of them on 2 floors of common space). There are a lot of visitors, but there are no queues and crowding even at the entrance. Everything is organized very well, there are dedicated areas for communication, various temporary cafes, stands with information.

    As I have already mentioned, information security Europe (IT) manufacturers are the most represented at Information Security Europe, and it’s worth visiting this exhibition for the sake of communicating with them:

    There were also large players, for example, Cisco, IBM, FireEye, and small niche ones. Of the Russian (oh, sorry, global) vendors they were greeted by InfoTeX, Positive Technologies and DeviceLock.

    We came to study the market and, first of all, to see the solutions of DLP, UEBA, GRC, IGA, MDR and other SZI. And here are just some of the notable trends in the European information security market:

    1. The Managed Detection and Response segment, MDR, is developing very actively (these are just centers for monitoring and responding to information security incidents like our Solar JSOC). Moreover, if a company provides such services, often this is its only area of ​​activity.

    2. At the same time, the desire to at least partially automate the activities of SOCs is already quite noticeable in order to reduce costs. At the exhibition, many solutions in this area were presented - these are various analytical tools, and data aggregation and visualization tools, and machine learning that is now fashionable.

    3. A very trendy topic is Threat Intelligence. Manufacturers offer their platforms for collecting and managing threat information and / or are ready to provide it by subscription.

    4. In general, most manufacturers of information security solutions actively master the format of Security-as-a-Service. They offer their solutions “by subscription” and / or in the format of MSSP services (Managed Security Service Provider).

    5. Predictably, but nevertheless: practically at every stand there are cases and decisions on compliance with the requirements of The General Data Protection Regulation (GDPR), the European law on the protection of personal data, which will come into full force in 2018. Of course, the most “loud voices” of DLP-schnicks and manufacturers of access control devices.

    6. Very popular technologies for monitoring and analyzing user behavior (UEBA / UBA). A large number of such solutions were presented at the exhibition, both as stand-alone products and as modules (add-ons) to SIEM or DLP, for example. Many products use machine learning technologies to compile typical user profiles, deviation from which is considered an incident. Look at the rhetoric of advertising slogans - it feels that the problem of internal threats is quite acute:

    7. Actively developing solutions designed for information security managers. This includes all kinds of data visualization tools, GRC-class products, and services to increase and control user awareness.

    In general, the event is extremely interesting. In 3 days you can get a huge amount of useful information. It’s hard to say what will come to the Russian market and take root with us, but, in my opinion, all the solutions presented are united by one very noticeable vector - vendors abandon attempts to create solutions that work out of the box and offer complex systems that require from a security guard of certain competencies and knowledge. So automation and machine learning, of course, are good things, but people will still have to stand above them. At least in the near future.

    Also popular now: