RSA Conference Recap: The Future of MDR, Microsoft Recognition, and More
Business alignment, talent shortages, zero trust, supply chain risk, risk management and governance – for many attending the RSA Conference in June 2022, these familiar themes echoed throughout the Moscone Center in San Francisco and the breakout sessions that were once again meeting in person after a two-year hiatus.
Below are just a few of the impressions some of our attendees took away from the event:
- Supply chain risk: Supply chain risk has driven home the fact that in cybersecurity, we all cooperate. One speaker noted about the interconnection of the supply chain that, “every business is only two hops away from any other.” This has also made clear the need for cooperation in cybersecurity, even among fierce competitors. There is mutual value from collaborating, which happens extensively at the CISO-to-CISO level.
- Technical capabilities aren’t holding us back: A case in point: During the presentation “Building a Vulnerability Management Program: How to Eat an Elephant,” NFM’s Senior Network Security Engineer Megan Benoit noted that success in vulnerability management relies heavily on cross-functional collaboration. In fact, Megan noted that, generally, discovering the vulnerabilities is only 20% of the challenge; 80% of the challenge is working with internal teams to remediate the vulnerabilities.
- CISOs being fired for breaches is changing: Performance is increasingly measured on effectiveness of the security program overall, and the ability to communicate the impact of it. There seems to be some understanding that breaches can still happen despite a strong program, and the CISO is less likely to be the scapegoat during such events.
Successful attacks leverage poor hygiene: Even in 2022 successful attacks are exploiting poor security practices such as the use of default passwords, failing to implement multi-factor authentication, not segmenting the organization's network, or failing to remediate known vulnerabilities. There's still a real opportunity to move the security needle by implementing well-established best practices.
The Future of Managed Detection and Response
On the Microsoft stage at RSA, Open Systems Chief Product Officer Tom Corn discussed the challenges organizations are seeing in terms of their control plane and their “jobs to be done.”
Tom’s contention was that the top-level challenge is the complexity of operationalizing security. Some of that stemmed from complexity in the control plane, where organizations struggle with too many tools, and operational complexity of configuring and aligning those tools. Some of that stemmed from operations, where organizations struggle with a talent shortage, cross-team alignment, and the lack of context for the environment they’re protecting. This is leading many to outsource to managed detection and response (MDR) providers.
The MDR space was initially about managing endpoint detection and response (EDR), and more recently, managing extended detection and response (XDR). But that is evolving, and Tom’s contention was that the third generation of MDR players would:
- extend deeper into response, rather than focus primarily on detection
- extend more into risk reduction/prevention, as opposed to focusing only on active threats
- facilitate more collaboration with IT versus focusing solely on security teams
This would require the new generation of MDR players to be more knowledgeable about the environment they are protecting, more savvy about IT operations, and more focused on building operational strength in vulnerability management, configuration management, and posture assessment. Open Systems MDR+ focuses on this from the beginning.
Lastly, Tom spoke about how control plane complexity could be addressed with control plane focus. In the case of Open Systems, we focus on customers that own the Microsoft security stack and leverage it as a “multi-cloud multi-device control plane.” We employ Microsoft MVPs that know how best leverage the Microsoft Security Stack and securely configure Microsoft Infrastructure. Our focus on Microsoft enables us to consolidate more legacy controls, be far more up to date with new Microsoft Technology, Alerts and intel. And it enables us to eliminate many of the data residency and signal path issues that plague traditional MDR players.
Microsoft Security Partner of the Year
At the outset of RSA, Open Systems was proud to have won the Security MSSP of the Year award at the Microsoft Security Excellence Awards 2022. Our achievements have helped us rise to the top of the Microsoft Intelligent Security Association (MISA) – an ecosystem of independent software vendors and services that have integrated their security products and services with Microsoft’s. Award winners demonstrated excellence across security, compliance, identity, management, and privacy during the past 12 months.
Our CEO said it best:
“We are honored to be named the Microsoft Security ‘MSSP Partner of the Year,’ and thank everyone at Microsoft and the MISA organization for the outstanding support they have given us. All of us at Open Systems look forward to many more years of collaboration and co-innovation with our friends at Microsoft,” said Geoff Haydon, CEO of Open Systems. “This award truly highlights our Microsoft expertise which is a critical differentiator for us as a managed security services provider (MSSP) focused on empowering customers to realize the full potential of their Microsoft investments.”