Wrapping up three days at the InfoSec Europe 2014 conference in London today, its clear that the same issues plague European organizations that we also see in North America: detecting advanced and swiftly-moving attacks, mitigating overall security risk and integrating the right tools within a SOC that powers a robust security model.
The threats may be the same, but there are clear differences in mindsets that European companies bring in their perspectives on security.
I learned a few things that I wasn't expecting at this year's conference:
Hearing this from more than one visitor at our stand, Europeans are more concerned with privacy than ever before, and for good reason. Citing the NSA/RSA issue that hit the press earlier in the year, many companies want assurance that security products areNSA proof. Most cited new QA policies that are driving that, while others cited that they want to avoid security issues in terms of open doors being potentially left open for attackers, if the NSA or any other government organization had access and the ability to embed their algorithms.
Cutting down false-positives seemed to be the key selling point for every security vendor at Infosec. Every single presenter with a microphone was driving at getting the number of false positives down with respect to attacks, infections and incidents.
There was less Big Data and less “cloud” overall it seemed at InfoSec this year, partially because it’s a smaller-sized venue than the RSA Conference. But, nonetheless, the Europeans seem to be less seduced by the lure of Big Data as a buzzword, and more interested in a clear differentiation for how a product/service can be effectively integrated to show value.
Compliance also seemed to be making a comeback as a theme that people cared about. Now, I’m not so sure how much people really cared to talk about compliance, but in one row I counted easily 10 vendors in a row touting compliance as a selling point. You see less and less of this in the U.S., and it used to be the opposite – U.S. companies had many more compliance requirements to worry about than European counterparts.
Out of a number of presentations I saw, Kevin Mandia, who spoke at the FireEye booth right next to ours, made an enormously salient point I felt. When talking about what we are facing today, in the realm of cutting down false-positives, he made reference to the fact that on an average, most enterprise organizations face over 100,000 threats, in different forms, every day.
He mentioned that the reason we need to distill is because front line folks trying to deal with those threats are typically the least capable of managing that number. Really no one can, which is why as an industry, our technology needs to constantly evolve to get better. Very well said.