Information Security Europe: trends in the global information security market that you will not read about from Gartner

In early June, my friend and colleague Andrei Dankevich and I traveled to Information Security Europe for a few days. This is the largest exhibition in Europe and "one of" in the world. This year more than 15,000 people visited it, and it has already been held 22 times.

Although a fairly extensive program of reports is presented at Information Security Europe, it’s not the drive to follow them, but to collect cool souvenirs to talk with the manufacturers of GIS, see their solutions on the stands and independently (and not just trust Gartner) to draw conclusions about what trends are at the peak. Under the cut - a story about what technologies are implemented by vendors DLP, UEBA, GRC, IGA and MDR.

First, a little about the exhibition itself: despite the fact that it lasts 3 days, it is difficult to carefully examine all the stands, there are A LOT of them (this year there were 399 of them on 2 floors of the common space). There are a lot of visitors, but there are no queues and crowding even at the entrance. Everything is organized very well, there are dedicated areas for communication, various temporary cafes, stands with information.


')
As I have already mentioned, it is manufacturers of information protection tools (GIS) that are most represented on Information Security Europe, so for the sake of communicating with them it is worth visiting this exhibition:



There were also big players, for example, Cisco, IBM, FireEye, and small niche ones. From Russian (oh, sorry, global) vendors were met by InfoTeX, Positive Technologies and DeviceLock.



We came to study the market and, first of all, to see solutions of DLP, UEBA, GRC, IGA, MDR and other GIS. And here are just some noticeable trends in the European information security market:

1. The Managed Detection and Response segment - MDR is developing very actively (these are exactly the information security incident response and monitoring centers of our Solar JSOC type). And if the company provides such services, it is often its only activity.
   
   
   
   
2. At the same time, the desire to at least partially automate the activities of SOCs is already quite noticeable in order to reduce costs. The exhibition presented a lot of solutions in this area - this includes various analytical tools, tools for aggregation and data visualization, and machine learning that is fashionable today.
   
   
3. A very trendy theme is Threat Intelligence. Manufacturers offer their platforms for collecting and managing information about threats and / or are willing to provide it by subscription.
   
   
4. In general, most manufacturers of IB solutions are actively adopting the Security-as-a-Service format. They offer their solutions "by subscription" and / or in the format of MSSP services (Managed Security Service Provider).
   
   
5. Predictably, but still: cases and solutions for meeting the requirements of The General Data Protection Regulation (GDPR), a European law for the protection of personal data, which comes into full effect in 2018, are presented at almost every stand. Of course, the most "loud voices" from DLP-shnik and manufacturers of means of access control.
   
   
6. Very popular technology control and analysis of user behavior (UEBA / UBA). A large number of such solutions were presented at the exhibition - both as independent products, and as modules (add-ons) to SIEM or DLP, for example. Many products use machine learning technology to compile typical user profiles, deviations from which are considered as an incident. Look at the rhetoric of advertising slogans - it is felt that the problem of internal threats is quite acute:
   
   
   
   
7. Solutions for information security managers are actively developing. These include all sorts of data visualization tools, GRC class products, and services for raising and controlling user awareness.

In general, the event is extremely interesting. For 3 days you can get a lot of useful information. So far it is difficult to say what will come to the Russian market from this and get accustomed to us, but all the presented solutions, in my opinion, are united by one very noticeable vector - vendors go from trying to create solutions that work out of the box and offer complex systems that require from the safety of certain competencies and knowledge. So automation and machine learning, of course, are good things, but people will still have to stand above them. At least in the near future.