Last week, D3 sponsored the InfoSecurity Europe trade show at the Olympia in London. “InfoSec” is Europe’s top cyber security trade show, with every imaginable product and service represented, including our award-winning Security Orchestration, Automation, and Incident Response platform, known as SOAR. It was great to see that many of the attendees and speakers—whether from an enterprise or MSSP—were all looking improve their incident response, automation and orchestration, and case management capabilities.
At the conference, I made sure to document key trends and use cases. The following list gives you visibility into the conversations I had during demos, at partner events, and from presentations.
In the years that we’ve been attending, there has been a major shift in how security professionals in Europe think about incident response. Incident response is now a major topic among all European enterprises, not just the biggest ones. We no longer have to explain what IR is, and why it is important; people already “got” that part. It allowed us to jump right into specific use cases, and the technology, which is great.
In the lead up to InfoSec, I thought GDPR was going to be the main driver. However, while GDPR was definitely a topic of interest, people were just as interested in the operational side of security, rather than focusing narrowly on the security and privacy compliance issues that are a part of many security incidents and investigations.
We knew that in the UK and European market, managed security service providers (MSSPs) played a bigger role than stateside. But to see it in the flesh—after three days of manning the D3 booth—it was notable to see just how many SOC and incident response folks work for MSSPs in Europe. Although a little bit different from our North American customers, D3 supports MSSPs well, with metrics to report to clients, a python library for integrations and a single control dashboard. Needless to say, we look forward to working with these MSSPs.
Walking the show floor, a lot of vendors promoted the AI and machine learning capabilities of their products. The common thread was the application of new technologies to solve age-old problems. When you put yourself in the buyer’s shoes, I can see how it would be daunting to choose the right vendor because everyone’s marketing looks great. For what it’s worth, D3’s AI capabilities are designed to help solve the SOC analyst shortage, by using machine learning algorithms to identify false positive events early, and automate response or simply re-queue them based on a configurable risk score.
Many booths had lockpicking competitions as well as a giant lockpicking area set up by the organizers. It was fun, but hard! Of course, many cyber security companies (and InfoSec attendees, apparently) have roots in cryptology and encryption, hence the focus on lockpicking. Funny enough, the incident responders/cyber security experts on the D3 team turned out to be the best lockpickers. Why am I not surprised?