Why do Russian cybersecurity exhibitions die?
In 1851, the first World Exhibition was held in London, which was visited by more than six million people. The British Royal Society of Artisans actively participated in the elaboration of the project, their task was to create a tool to support trade and entrepreneurship. The result was stunning - the revenue was so large that part of it went to the arrangement of the museum city of Albertopol. The next World Exhibition was organized just in two years in the USA, and in 2020 Dubai will hold the next event in the series. The reason why global and industry events have remained popular for the past 150 years is obvious: it is in the format of exhibitions that it is possible to organize an intensive and effective exchange of information between people.
However, not all information security exhibitions are equally useful. This year I visited RSA Asia Pacific & Japan and Government Ware exhibitions, which allowed not only to dive into cybersecurity trends in the APAC progressive region, but also to compare approaches to organizing events abroad and with us. Today I would like to share conclusions and reflections on what is preventing Russian information security exhibitions from flourishing (carefully, there are a lot of pictures under the cut).
Singapore is considered by many to be the think tank of the Asia-Pacific region, while analysts point out in it a high concentration of the business involved in the development and integration of IT solutions. Judging by the information on the pages of global companies, an office in Singapore is already a mandatory item in the program of events for entering the APAC market. Cloud Security Alliance calls Singapore the number one candidate for the position of the leader of cloud technologies in the region. Everything said that the cyber security event in this city should be stunning.
')
However, doubts began to arise at the planning stage. On the event website, it was striking that the area allocated for the exhibition at the Marina Bay Sands exhibition complex was several times smaller than even one of the Moscone Center buildings. Only three large-sized poufas occupied by RSA, Symantec and M.Tech distributor, six slightly smaller poufs, two dozen “double” and fifty cells of 3x3 meters in size - this is the whole most powerful regional information security exhibition at APAC. The number and size of the stands, the projected number of visitors, the composition of the vendors - absolutely everything hinted that at the same time, the BlackHat 2017 conference and exhibition was taking place on the other side of the globe.
Can you imagine so much free space on RSA San Francisco?
Many colleagues in the backroom conversations openly complained about the small number and lack of qualified visitors. It was also said about the coincidence of dates with the most popular exhibition for techies in cybersecurity ("only those who could not buy a ticket to Las Vegas" come to us), and about the decline in the popularity of RSA APJ from year to year, and that free tickets the exhibition does not give the audience for which vendors assemble stands.
Illustration of the intensity of the flow of visitors.
If we talk about accents on some specific topics, then the most common word on the stands was “cloud”. It doesn't matter if the vendor is developing DLP solutions, is it promoting solutions in the area of ​​user behavior analytics, or is it about controlling preferred users. Anyway, along with the main theses, the slogans “Secure the cloud”, “Securing the cloud generation”, “Cloud security” are constantly heard. The subject of Security Operations Center was poorly disclosed - only those already familiar to visitors of Russian events at Cyberbit and LogRythm, who had evolved from a SIEM vendor to a Security Intelligence Company, clearly spoke about it. At their booth, there was a presentation about how to build Next-Gen SOC based on Next-Gen SIEM.
About support for such a popular phenomenon in the Asian market as Digital Transformation, directly stated only Thales, who, as it seems to me, is doing so well. The calm mood and leisurely work of colleagues at their booth confirmed this. IBM from the booth promoted the idea of ​​Cognitive Security and business transfer to the cloud as part of the process of controlling digital risks. Interesting niche vendors of Tufin, Synopsys, Sonatype were content with placing on one of the largest puffs of the M.Tech distributor with small tables and racks for handouts. In general, the information value of the exhibition and the readable dynamics can be described by the phrase "There is no change on the western front."
The most colorful element of the design exhibition RSA APJ.
The design of the stands also could not impress anything. Symantec with their futuristic space design, the M.Tech booth, similar to the cosmodrome of fantastic books, and the full-length humanoid robot figure on the Malwarebytes antivirus vendor booth - that's all that stood out from the typical booths with the buildings of pasted parallelepiped slogans .
Stand M.Tech distributor and view of the RSA APJ demo-theater.
The feeling of disappointment from the exhibition emphasized that the organizers did not have a shortage of space. A huge amount of space between the stands became even more noticeable due to the small flow of conference visitors. The only "densely populated" space on the site was the dining area. All of the above created a clear sense of "second tier", in which there are those who did not get on BlackHat - visitors, vendors and even the organizers of the event. The curtain, no one applauds, encore no one.
In May, during a trip to the Cloud Security Expo in Hong Kong, about which I wrote earlier, a representative of IXIA responded unusually to my question: “Will you participate in the RSA APJ?”. He looked at me intently and asked, “Why?” Then, in a short conversation, he shared that they had a dilemma, to go to Singapore by RSA in July or to the Government Ware exhibition in September. Their company decided that, in terms of business opportunities, it was necessary to abandon RSA and send a team to GovWare. Focusing on the opinions of colleagues from the industry, spurred on by RSA APJ, and not expecting any surprises in September, I ended up at the Singapore International Cyber ​​Week, as part of which the Government Ware cybersecurity technology exhibition takes place.
The organizers did not raise the status of the event by renting a prestigious site. The exhibition was organized at the Suntec conference center, not as popular as Marina Bay Sands, and without a view of the bay. At the same time, the area occupied by the stands of the participants turned out to be twice as large, the center of the hall was occupied by ten largest stands (against three for RSA), and the list of participants was replenished with companies from among world and regional leaders such as Kaspersky Lab, FireEye, Splunk , TrendMicro, Quann and Huawei. It was clear that the choice between RSA and GovWare was not only confronted with IXIA, and that global players also made it not in favor of a world-famous brand.
What else distinguished the GovWare exhibition from the RSA was that on the first day not everyone, but only delegates to the conference, could go to the site. As a rule, they were not indifferent to cybersecurity employees of state organizations, agencies, representatives of large businesses. In short, the very “decision makers” for whom marketing materials and demonstration stands are being prepared, for the sake of which manufacturers and service providers bring their teams to the exhibitions. The division of time to visit the exhibition has a positive effect not only on the vendors' motivation, but also among the visitors themselves creates the feeling that everything that happens around is intended for them.
On the first day of the event, the CTF championship was also held for the teams that came to the event. There were no “night vigils,” as at Positive Hack Days. I find it difficult to assess its quality, but what is really important to note is that hackathons and CTF shift the overall status of the exhibition towards practical security and increase the percentage of technically literate professionals among visitors.
As I already mentioned, the composition of vendors was different from the previous event. The differences were visible to the naked eye even in the quality of the stand preparation. I will dwell in more detail on how foreign colleagues approach to participating in exhibitions in terms of concepts and branding of stands, as well as attracting visitors.
Quann
MSSP with its SOC, which grew from a cyber security company in Singapore, eCop. One of the key players in the Asian market of information security services. Due to the spectacular lighting and design elements used, the stand created associations with the bridge of the Enterprise spacecraft. Rows of screens displaying incident statistics, detailing information about users and registered events, touch panels attracted the attention of visitors. Interestingly, SOC Quann uses a self-written system as the core, and the company does not develop its own agents. All data for analysis is collected from the company's devices and security systems, including endpoint protection solutions from third parties.
Involuntary association, which arose when looking at the Quann advertising poster.
ST Electronics
One of the most interesting stands from the professional point of view was built by this company. The video wall of nine screens showed the assembly of the Security Operations Center based on several software systems.
Security Command & Control Center is a concept from ST Electonics.
In addition to the slide with the high-level scheme, a set of technological solutions with which it can be realized was very clearly demonstrated. On the screens were seen:
Forcepoint
There were many visitors at the ForcePoint booth. In part, this is a merit of the designers of the space - it turned out to make the puff very futuristic, in a soft, almost alien green color. This attracted attention and gave time to the company's employees to interest passing people in the opportunity to play darts and win a prize. This focus for collecting contacts is as old as the world, but nonetheless still works.
Splunk
Splunk space at GovWare. The brand emphasizes the fact that their platform is located at the border of the security and information technology spheres, and therefore it is in demand not only by one, but by two types of company directors - CISO and CIO. Their slogan “Because ninjas are too busy” also does not focus on any of the directions. After all, according to Splunk, becoming a shinobi - a shadow warrior - along with them can be both a system administration guru and a cybersecurity expert.
Singtel
Singtel, another participant of the “big three” telecom operators in Singapore, gathered at his stand a simulator of attacks on industrial systems. From the side it looked impressive, but not for those who are already familiar with Alcobot of Kaspersky Lab or Choo Choo PWN from Positive Technologies. It is significant that the largest telecommunications companies in the region declare themselves as serious players in the cybersecurity market - with round-the-clock SOCs, training systems and raising awareness about cyber threats and even competencies in the field of protecting the Internet of things and industrial systems.
By an interesting coincidence, on the very dates on which Singapore International Cyber ​​Week took place, InfoSecurity Russia was slowly working in Moscow. From time to time, photos from the Moscow event appeared in the social network tapes, and here it was impossible to keep from comparing, not in favor of InfoSec. Add to this my impression of RSA APJ - and quite logical conclusions began to come to my head.
In the field of cyber security, one brand of the exhibition is no longer enough. RSA SF is loved and visited, not only because of the brand, but also because of the lack of comparable levels of alternatives for vendors. In addition to her, there are two more super-conferences in the region: BlackHat (separated by RSA for half a year) and DefCon, but both of them are focused on the technical audience. If you want to present a product, make appointments with fifty customers, collect feedback on the use of your technology in North America, find out what solutions will be presented on the market and manufacturers' stands in a year - the only way is on RSA SF. But as soon as you leave the USA - the RSA brand is no longer perceived as a guarantee that professional vendors and experts from potential customers will be able to find each other at the event of the same name.
A similar story happens with InfoSecurity Russia. If five years ago, the event positioned itself as a headliner of exhibitions devoted to cybersecurity, then as time passes, vendors begin to massively refuse to participate in it, and experts hesitate whether to go there.
The reason for the story with InfoSecurity Russia, in my opinion, is described in two paragraphs above - it has alternatives. Specialized conferences, clearly honed to a specific subject, collect many times more visitors than the "dying" main exhibition on information security in Russia. BIS Summit, SOC Forum, CyberCrimeCon - professionals come to these conferences in order to communicate, receive expert answers and then make their own decisions based on them. The merit of the organizers of these conferences is that they are exactly the same and are able to gather specialists from both sides of the front line at the same site - customers and vendors, who are most interested and disposed to communicate with each other.
GovWare also serves as confirmation of the ideas above. The event with a clear targeting and problem to be solved - “to provide information to the public sector about existing IS solutions and services” - begins to gather around itself not only government customers, but also experts from the commercial segment. This is very similar to cases from the practice of product management:
To create the same product (in our case, the conference) and then hope that people suddenly for some reason will start using it, at least, arrogantly.
However, not all information security exhibitions are equally useful. This year I visited RSA Asia Pacific & Japan and Government Ware exhibitions, which allowed not only to dive into cybersecurity trends in the APAC progressive region, but also to compare approaches to organizing events abroad and with us. Today I would like to share conclusions and reflections on what is preventing Russian information security exhibitions from flourishing (carefully, there are a lot of pictures under the cut).
RSA Asia Pacific & Japan
Singapore is considered by many to be the think tank of the Asia-Pacific region, while analysts point out in it a high concentration of the business involved in the development and integration of IT solutions. Judging by the information on the pages of global companies, an office in Singapore is already a mandatory item in the program of events for entering the APAC market. Cloud Security Alliance calls Singapore the number one candidate for the position of the leader of cloud technologies in the region. Everything said that the cyber security event in this city should be stunning.
')
However, doubts began to arise at the planning stage. On the event website, it was striking that the area allocated for the exhibition at the Marina Bay Sands exhibition complex was several times smaller than even one of the Moscone Center buildings. Only three large-sized poufas occupied by RSA, Symantec and M.Tech distributor, six slightly smaller poufs, two dozen “double” and fifty cells of 3x3 meters in size - this is the whole most powerful regional information security exhibition at APAC. The number and size of the stands, the projected number of visitors, the composition of the vendors - absolutely everything hinted that at the same time, the BlackHat 2017 conference and exhibition was taking place on the other side of the globe.
Can you imagine so much free space on RSA San Francisco?
Many colleagues in the backroom conversations openly complained about the small number and lack of qualified visitors. It was also said about the coincidence of dates with the most popular exhibition for techies in cybersecurity ("only those who could not buy a ticket to Las Vegas" come to us), and about the decline in the popularity of RSA APJ from year to year, and that free tickets the exhibition does not give the audience for which vendors assemble stands.
Illustration of the intensity of the flow of visitors.
If we talk about accents on some specific topics, then the most common word on the stands was “cloud”. It doesn't matter if the vendor is developing DLP solutions, is it promoting solutions in the area of ​​user behavior analytics, or is it about controlling preferred users. Anyway, along with the main theses, the slogans “Secure the cloud”, “Securing the cloud generation”, “Cloud security” are constantly heard. The subject of Security Operations Center was poorly disclosed - only those already familiar to visitors of Russian events at Cyberbit and LogRythm, who had evolved from a SIEM vendor to a Security Intelligence Company, clearly spoke about it. At their booth, there was a presentation about how to build Next-Gen SOC based on Next-Gen SIEM.
About support for such a popular phenomenon in the Asian market as Digital Transformation, directly stated only Thales, who, as it seems to me, is doing so well. The calm mood and leisurely work of colleagues at their booth confirmed this. IBM from the booth promoted the idea of ​​Cognitive Security and business transfer to the cloud as part of the process of controlling digital risks. Interesting niche vendors of Tufin, Synopsys, Sonatype were content with placing on one of the largest puffs of the M.Tech distributor with small tables and racks for handouts. In general, the information value of the exhibition and the readable dynamics can be described by the phrase "There is no change on the western front."
The most colorful element of the design exhibition RSA APJ.
The design of the stands also could not impress anything. Symantec with their futuristic space design, the M.Tech booth, similar to the cosmodrome of fantastic books, and the full-length humanoid robot figure on the Malwarebytes antivirus vendor booth - that's all that stood out from the typical booths with the buildings of pasted parallelepiped slogans .
Stand M.Tech distributor and view of the RSA APJ demo-theater.
The feeling of disappointment from the exhibition emphasized that the organizers did not have a shortage of space. A huge amount of space between the stands became even more noticeable due to the small flow of conference visitors. The only "densely populated" space on the site was the dining area. All of the above created a clear sense of "second tier", in which there are those who did not get on BlackHat - visitors, vendors and even the organizers of the event. The curtain, no one applauds, encore no one.
Government Ware
In May, during a trip to the Cloud Security Expo in Hong Kong, about which I wrote earlier, a representative of IXIA responded unusually to my question: “Will you participate in the RSA APJ?”. He looked at me intently and asked, “Why?” Then, in a short conversation, he shared that they had a dilemma, to go to Singapore by RSA in July or to the Government Ware exhibition in September. Their company decided that, in terms of business opportunities, it was necessary to abandon RSA and send a team to GovWare. Focusing on the opinions of colleagues from the industry, spurred on by RSA APJ, and not expecting any surprises in September, I ended up at the Singapore International Cyber ​​Week, as part of which the Government Ware cybersecurity technology exhibition takes place.
The organizers did not raise the status of the event by renting a prestigious site. The exhibition was organized at the Suntec conference center, not as popular as Marina Bay Sands, and without a view of the bay. At the same time, the area occupied by the stands of the participants turned out to be twice as large, the center of the hall was occupied by ten largest stands (against three for RSA), and the list of participants was replenished with companies from among world and regional leaders such as Kaspersky Lab, FireEye, Splunk , TrendMicro, Quann and Huawei. It was clear that the choice between RSA and GovWare was not only confronted with IXIA, and that global players also made it not in favor of a world-famous brand.
What else distinguished the GovWare exhibition from the RSA was that on the first day not everyone, but only delegates to the conference, could go to the site. As a rule, they were not indifferent to cybersecurity employees of state organizations, agencies, representatives of large businesses. In short, the very “decision makers” for whom marketing materials and demonstration stands are being prepared, for the sake of which manufacturers and service providers bring their teams to the exhibitions. The division of time to visit the exhibition has a positive effect not only on the vendors' motivation, but also among the visitors themselves creates the feeling that everything that happens around is intended for them.
On the first day of the event, the CTF championship was also held for the teams that came to the event. There were no “night vigils,” as at Positive Hack Days. I find it difficult to assess its quality, but what is really important to note is that hackathons and CTF shift the overall status of the exhibition towards practical security and increase the percentage of technically literate professionals among visitors.
As I already mentioned, the composition of vendors was different from the previous event. The differences were visible to the naked eye even in the quality of the stand preparation. I will dwell in more detail on how foreign colleagues approach to participating in exhibitions in terms of concepts and branding of stands, as well as attracting visitors.
Quann
MSSP with its SOC, which grew from a cyber security company in Singapore, eCop. One of the key players in the Asian market of information security services. Due to the spectacular lighting and design elements used, the stand created associations with the bridge of the Enterprise spacecraft. Rows of screens displaying incident statistics, detailing information about users and registered events, touch panels attracted the attention of visitors. Interestingly, SOC Quann uses a self-written system as the core, and the company does not develop its own agents. All data for analysis is collected from the company's devices and security systems, including endpoint protection solutions from third parties.
Involuntary association, which arose when looking at the Quann advertising poster.
ST Electronics
One of the most interesting stands from the professional point of view was built by this company. The video wall of nine screens showed the assembly of the Security Operations Center based on several software systems.
Security Command & Control Center is a concept from ST Electonics.
In addition to the slide with the high-level scheme, a set of technological solutions with which it can be realized was very clearly demonstrated. On the screens were seen:
- SIEM IBM QRadar,
- Siemplify Threat Analysis System,
- Cisco Active Threat Analytics threat analysis system
- Threat Quatient platform for working with Threat Intelligence data
- Cyber ​​Prism system for collecting data intelligence intelligence
- Janus Management System is one of Janus Technologies solutions for analyzing user behavior and conducting digital investigations.
Forcepoint
There were many visitors at the ForcePoint booth. In part, this is a merit of the designers of the space - it turned out to make the puff very futuristic, in a soft, almost alien green color. This attracted attention and gave time to the company's employees to interest passing people in the opportunity to play darts and win a prize. This focus for collecting contacts is as old as the world, but nonetheless still works.
Splunk
Splunk space at GovWare. The brand emphasizes the fact that their platform is located at the border of the security and information technology spheres, and therefore it is in demand not only by one, but by two types of company directors - CISO and CIO. Their slogan “Because ninjas are too busy” also does not focus on any of the directions. After all, according to Splunk, becoming a shinobi - a shadow warrior - along with them can be both a system administration guru and a cybersecurity expert.
Singtel
Singtel, another participant of the “big three” telecom operators in Singapore, gathered at his stand a simulator of attacks on industrial systems. From the side it looked impressive, but not for those who are already familiar with Alcobot of Kaspersky Lab or Choo Choo PWN from Positive Technologies. It is significant that the largest telecommunications companies in the region declare themselves as serious players in the cybersecurity market - with round-the-clock SOCs, training systems and raising awareness about cyber threats and even competencies in the field of protecting the Internet of things and industrial systems.
Few conclusions
By an interesting coincidence, on the very dates on which Singapore International Cyber ​​Week took place, InfoSecurity Russia was slowly working in Moscow. From time to time, photos from the Moscow event appeared in the social network tapes, and here it was impossible to keep from comparing, not in favor of InfoSec. Add to this my impression of RSA APJ - and quite logical conclusions began to come to my head.
In the field of cyber security, one brand of the exhibition is no longer enough. RSA SF is loved and visited, not only because of the brand, but also because of the lack of comparable levels of alternatives for vendors. In addition to her, there are two more super-conferences in the region: BlackHat (separated by RSA for half a year) and DefCon, but both of them are focused on the technical audience. If you want to present a product, make appointments with fifty customers, collect feedback on the use of your technology in North America, find out what solutions will be presented on the market and manufacturers' stands in a year - the only way is on RSA SF. But as soon as you leave the USA - the RSA brand is no longer perceived as a guarantee that professional vendors and experts from potential customers will be able to find each other at the event of the same name.
A similar story happens with InfoSecurity Russia. If five years ago, the event positioned itself as a headliner of exhibitions devoted to cybersecurity, then as time passes, vendors begin to massively refuse to participate in it, and experts hesitate whether to go there.
The reason for the story with InfoSecurity Russia, in my opinion, is described in two paragraphs above - it has alternatives. Specialized conferences, clearly honed to a specific subject, collect many times more visitors than the "dying" main exhibition on information security in Russia. BIS Summit, SOC Forum, CyberCrimeCon - professionals come to these conferences in order to communicate, receive expert answers and then make their own decisions based on them. The merit of the organizers of these conferences is that they are exactly the same and are able to gather specialists from both sides of the front line at the same site - customers and vendors, who are most interested and disposed to communicate with each other.
GovWare also serves as confirmation of the ideas above. The event with a clear targeting and problem to be solved - “to provide information to the public sector about existing IS solutions and services” - begins to gather around itself not only government customers, but also experts from the commercial segment. This is very similar to cases from the practice of product management:
- Find the problem.
- Find people.
- Make sure that there is a problem and people are ready to solve it.
- Make a product to solve this problem.
- PROFIT!
To create the same product (in our case, the conference) and then hope that people suddenly for some reason will start using it, at least, arrogantly.
Source: https://habr.com/ru/post/343654/
All Articles