Security Insights From The Road: RSA Conference & Zscaler Zenith Live

RSA Conference RSA CONFERENCE
ZenithLive22 ZENITH

I’m on the road again to paraphrase a line from that well-known song by Willie Nelson, my Austin, Texas, hometown hero. The pandemic did its best to cancel events and move others to virtual formats. As an industry analyst and an extrovert, virtual was not an adequate substitution. There is no doubt that video collaboration in Webex, Zoom and Microsoft Teams is here to stay, but those platforms can never replace the value of one-on-one human interaction. 

With that said, over the past several weeks, I have had the opportunity to travel to San Francisco for RSA Conference (RSAC) and to Las Vegas for Zscaler Zenith Live (ZL). I want to share my insights into what I found most compelling at both events. 

RSA Conference 

Before heading to what is considered the perennial cybersecurity event, I penned an RSAC preview. If interested, you can find the article here. It was a busy two days in early June as I scheduled a dozen-plus briefings with some of the most prominent and lesser-known names in the cybersecurity industry. The following is my recap with a half dozen that stood out from my perspective. 

  • Airgap continues to impress me with its agentless approach to network segmentation to solve ransomware challenges and enable enterprises to deploy zero-trust remote access (ZTNA) anywhere. At RSAC, the company was honored with the Global Infosec Award for the best product in micro-segmentation and named Infosec’s Hot Company Remote Workforce Security for its ransomware detection and remediation. The latter is no surprise, given Airgap’s new Ransomware Early Detection (RED) capability was announced just before RSAC. The company may still be in start-up mode, but it is punching way above its weight class in comparison to more established security solution providers. 
  • Appgate is a company that was not on my radar before RSAC, but it is now after meeting with an executive. Like Airgap, Appgate takes a universal approach to ZTNA and positions its architecture as “people-defined security.” ZTNA is becoming crowded, but I like what Appgate is doing to enable managed service providers with a program launched late last year to accelerate time to revenue through training, sales tools, marketing resources, and discretionary marketing funds to build practices. As a former channel sales and marketing executive, I like what it does from a partner enablement perspective. 
  • Arctic Wolf takes a concierge approach to provide a security operation as a service offering. On average, enterprises manage dozens of cybersecurity point solutions, creating complexity. The other challenge lies with alert fatigue – knowing what is actionable and an immediate threat. Arctic Wolf solves both with a comprehensive platform that offers cloud-managed detection and response, continual risk management, and security awareness designed to address the human element with improved employee security hygiene. I believe the company is differentiating itself with an easy-to-consume SecOps service, one that can simplify the task of cybersecurity without compromise.
  • BlackBerry is busy recasting itself as a security solution provider by leaning into its DNA tied to providing the most secure smartphone in the past. To that end, it is no surprise that the company focuses on endpoint security. Its unified endpoint security portfolio includes endpoint protection, mobile threat defense, endpoint detection and response, and secure remote access. BlackBerry is also stretching itself into embedded systems for connected cars, hospitals, and even the International Space Station. Time will tell if it can successfully execute its business pivot away from hardware. Still, I found that its new CTO, Shishir Singh, that brings several years of experience from McAfee and Intel is taking a very pragmatic approach to achieving success.
  • Fortinet needs no introduction. The company can likely lay claim to the invention of the firewall, which continues to be the company’s differentiation. In speaking with executives, Fortinet believes that leveraging its FortiGate Next-Generation Firewall can provide a more flexible ZTNA platform and an easier path to a full Secure Access Service Edge (SASE) deployment through a single agent. On the surface, the latter seems compelling, although firewalls feel like yesterday’s security tool, given the rise of cloud and containerized architectures. 
  • Hillstone Networks offers a comprehensive set of solutions that I would characterize as API open/ best of breed spanning edge, cloud, server, application protection, and unified security management. The company’s mantra is best summed up by See, Understand, and Act, which translates to visibility, actionable insights, and defense. I spent time with executives before and at RSAC, lending my insights in a recent press release. What I like about Hillstone’s portfolio is its architectural design lends itself to straightforward integration into existing SecOps frameworks. 

If I were to make a conclusion about RSAC, it would be that cybersecurity is a very crowded space (by most accounts, estimated at over 3500 companies in the United States alone). Many solution providers say the same thing regarding zero trust, extended detection and response (XDR), and API open/ best of breed integration, which are the three areas I monitor frequently. However, I believe that the companies above are excellently rising above much of the noise. 

Zscaler Zenith Live 

Zscaler returned to a live format event this year at the newly constructed Resorts World Las Vegas casino, replete with an epic pool area, one that I did not visit given a full two-day conference. In 2021, I attended the virtual event and summarized my insights in an article titled “In Zero We Trust.” In my opinion, this year’s event demonstrates Zscaler’s market momentum in offering one of the industry’s most complete zero trust platforms. The company made several announcements that included: 

  • New AI/ ML enhancements for its Zero Trust Exchange.
  • An expanded partnership with AWS to extend application and workload protection, as well as enable zero trust for Private 5G networks with Wavelength, and 
  • Posture control that remediates hidden security risks across cloud-native application environments. 

My big takeaway from Zenith Live is that Zscaler is extending its footprint in IT environments to the enterprise’s non-carpeted Operational Technology (OT) side. This adjacency represents a massive opportunity for any cybersecurity vendor for two reasons. First, the momentum behind private 5G networking for manufacturing use cases is unquestioned, and those that get there first will reap the rewards. Second, most industrial machinery and IoT sensors are headless or embedded from a connectivity standpoint and have tended to increase the overall threat surface. Consequently, I believe that Zscaler is uniquely positioned to leverage its zero-trust success in IT to rapidly move into OT. 

Wrapping up 

It has been a long stretch on the road lately that included attending both RSAC and ZL conferences over successive weeks. However, I found it instrumental in wading through the thousands of companies offering zero-trust, XDR, and API/best-of-breed solutions. I hope that the insights I have shared help you and others in your organization do the same. 

Note: Moor Insights & Strategy writers and editors may have contributed to this article.