What an incredibly rewarding week we shared at RSAC 2022.

In a way, this year’s RSAC felt like an industry kick-off event more than a traditional trade show. Seeing connections being made and networks extended was great!

This year felt more aggressive than normal in terms of forming new partnerships and planning integrations. Clearly, the industry is ready to get back to it and I can’t wait to see the partnerships, alliances, integrations, and innovations to come flowing out over the next year as the energy from the conference invigorates everyone.

Funnily enough, this year’s conference theme was “Transform”. I think the biggest transformation I witnessed was the shift from an isolated, pandemic-driven focus on our individual company’s identities. Instead, it seems we can return our focus to a broadly collaborative approach to solving IT and SecOps problems.

What We Learned

We asked a few of our other team members what they learned at RSA, and here’s what they said:

• “One key theme from RSA that will stick with me occurred during the IBM Security Keynote in which Benjamin Franklin was quoted, ‘when you are finished changing, you are finished.’ I couldn’t think of a better way to describe cybersecurity today – You can definitely achieve milestones in your cyber maturity, but it’s a never-ending process. The bad actors won’t ever really stop, so neither can any of us!” – Gina Geisel

• “The effort and creativity at RSA and events like this one always impress me. Also, every customer I spoke with seemed to be having issues with remediation. And while I hate that teams are stressed and struggling, I feel grateful that they opened up about their concerns and even more so that we were able to talk about how Automox helps with those exact issues!” – Katherine Chipdey

• “The most important RSAC takeaway, for me, was that the security and IT space is a small community. With so many niche players in this industry marketing similar solutions, word-of-mouth becomes critical to identifying the right technology for your unique needs. Driving the right outcomes for existing customers and making sure their experience exceeds their expectations is essential.” – Justin Knapp

• “When talking to people on the floor they really perked up when they heard that AVR allows them to find AND fix their vulnerabilities. Multiple times people got visibly excited when I said that and asked "Wait, you can fix them too?" – Amy Harrison

Finally, one of our favorite panels of the week was the SANS Keynote. We loved it so much, we thought the themes explored were worth repeating.

Know Normal, Find Evil

At the SANS Keynote Panel of the The Five Most Dangerous New Attacks, topics included the resurgence of earlier attack techniques, such as Worms, and how bad actors are going back to their old tool box of exposing our vulnerabilities. While we continue to move forward in our cyber strategy, it’s always important to look back.

In addition, the phrase “Know normal, find evil” was a good reminder to identify what is normal in your org so you can more quickly identify suspicious activity. Automox can help you with the “normal” component!

Consistently automatically patched endpoints across your entire environment is normal for Automox customers… and blocking the evil is what we do! – Gina Geisel

At Automox, we’re excited to move forward with all the new relationships and intel we gained at RSAC 2022. In everything we do, we aim to act. On the heels of such an educational event, we know we can act with a commitment to our vision, community, and industry. We hope to see you again next year at RSAC 2023!

Day 4 Update

Are you at RSA right now? Don’t let the day go by without stepping right up to meet Otto and Automox at Booth #3410!

This is it! The last day of RSAC 2022. Automox team members report having their minds blown over the past few days.

Left – Otto and his sidekick, Meghan Hansen

Right – Classic 90210 lineup of #ATMXers: Joel Reiger, Nick Colyer, Fynn Glover, Amelia Vierra, Justin Talerico, & Tyler Schmidtke

Industry Insights From Automox & The Dark Reading NewsDesk at RSA

On day 2 of RSA, Tuesday July 7, 2022, our own VP of Product Paul Zimski spoke to Terry Sweeney at the Dark Reading NewsDesk about the current state of patch management. They hit on several hot topics, not the least of which was that patching and patch management remain among security pros’ biggest pain points.

Zimski believes adding automation to the mix can make a serious dent in the patching equation for most organizations. He also shared intel about the best cloud-based patch services and discussed what automated vulnerability remediation could do to keep organizations more secure.

Catch the interview here:

And, as you prep your schedule today, consider attending the following workshops and keynote events:

• The Marie Kondo Approach to Security (10:50 am – 11:40 am) – Can security decisions really “spark joy”? Well-traveled CISO Bob Lord would argue yes, and that basic tidying decisions can help achieve significant, immediate, measurable improvements. Join this fast-paced fireside chat to hear wide-ranging discussion from memory safety issues and vulnerabilities to MFA and security controls to decision making and leadership. This unique keynote offers something for everyone.

• BoF: Inform & Engage Your Audience with Data-Driven Storytelling (10:50 am – 11:40 am) – The cybersecurity vendor landscape is crowded. There's increasing pressure to elevate brand visibility, differentiate products, & get the attention of buyers. Many vendors create thought leadership content because of this, but quality & usefulness varies widely. Let's talk about how to improve that. This session will follow Chatham House Rule to allow for free exchange of information and learning. We look forward to participants actively engaging in the discussion and remind attendees that no comment attribution or recording of any sort should take place. This is a capacity-controlled session. If added to your schedule and your availability changes, please remove this session from your schedule to allow others to participate.
  

• Transforming Security Through Design (2:10 pm – 3:00 pm) – Security has a design problem. Our security programs are unusable, causing people to opt-out. Our security tools are unmanageable, leading to staffing shortages and shelfware. The result is not defensible. This session details a framework combining path finding and choice architecture. The industry needs to get people to follow secure practices, to opt in, to transform security. The solution is design.

   

  ---

Day 3 Update

Good morning from the 36th floor of San Francisco's Grand Hyatt Hotel! This was the view from Automox's VIP cocktail event and evening reception that went down last night. According to our team, VIPs were buzzing with inspired conversation, drinks were flowing, and the music was poppin'. Otto made rounds as the host with the most, too, taking photos with his guests and making sure everyone was feeling fine.

What's in store for you today? Read on to find out!

As you get ready to tackle your Wednesday, be sure to check out the following events the Automox team is jonesing to attend:

• The Five Most Dangerous New Attack Techniques (11:30 am – 12:20 pm) – In this panel, SANS offers an authoritative briefing on dangerous new attack techniques today, what's next, and what your org can do to prepare. Work with the panelists to prioritize upcoming attack vectors and get ahead of them.

• EWF Meet & Greet In-Person: The EWF Sisterhood - Connecting Women Leaders (11:30 am – 1:00 pm) – Engage and connect with the most dynamic personalities: the women in information security who make it happen. Join in interactive discussions and get to know each other. Enjoy the company of your peers – some of the brightest minds at the event for a fun, relaxed, professional get-together.

• Strengthening Security in the Era of Digital Transformation (3:35 PM – 3:55 PM) – Join Splunk’s President and CEO, Gary Steele, as he discusses how digital transformation helped organizations reach new benefits… but not without new pains. As the threat landscape expands, security teams need a data-centric strategy to achieve a strong security posture.

What were Day 2's RSAC takeaways?

Here again with his insights is Director, Product Marketing Manager Jay Goodman.

Take it away, Jay:

Here we are, coming to the end of the second day of RSAC 2022. A lot of thoughts are observations bouncing around, inspired by being back around our peers and friends.

First, how amazing is it that we’re actually back together again? It’s been two and a half years, and it feels both like yesterday that I saw Bruce Schneier’s hat-and-jacket choice du jour and an eternity since I got to debate the finer points of security with those who know far more than I do. It’s clearly reflected in the attitudes at the booths as well.

We started yesterday and went into this morning with a sense of reunion and camaraderie that is slowly giving way to business as usual. Nearly every booth was filled with vendors, customers, and colleagues alike reconnecting like lost friends. Finally, though, we are settling back into a purpose-driven conversation about the future of security, how we each solve the problems faced by the industry, and what the next problems look like.

The next thing that stuck out to me was how fixated we have become as an industry on visibility at all costs. Now, don’t get me wrong: Visibility is critical and a fundamental component of any decision-making process. The striking part, however, is the continued lack of “action” or “fix” that I see across the board.

It almost feels like we’ve created the perfect looking-glass to purely document our own demise, yet avoid tackling the harder questions of “How would we stop it?” For as many solutions in the halls today touting some form of X/E/V/X/Y/Z - DR, the actual response part seems woefully underrepresented.

I get it. It’s hard to take action. It’s hard to fix things. It’s far easier to aggregate and identify, but maybe the industry has to take a moment to realize that the visibility problem is largely solved, or at least that the scaffolding for how to solve visibility is well-defined today. It’s a hard patch to clear, but it’s clearly time: Let’s focus on taking action, fixing, and actual remediation!

Day 2 Update

And as you plan out the rest of your day, don’t miss out on these events our team is especially excited about:

• Global Threat Brief: Hacks & Adversaries Unveiled (9:40 am - 10:30 am) – Join Automox Board Chairman Dmitri Alperovitch in this session as he shares his take on the most novel attacks in the current global threat landscape, diving into specific, real-time examples of threat actor activity from both nation-states and criminal groups, along with strategic advice for countering them.

• BoF: Do You Really Know What Your Attack Surface Looks Like? (10:50 am - 11:40 am) – For many, reducing their attack surface is a critical goal. But we continue to see vulnerabilities and vectors exploited. What can your organization do to get a better handle on its attack surface? Join the conversation in this Birds of a Feather discussion.

• The Path Towards a Passwordless Future (1:15 pm – 5:15 pm) – With much talk about shifting to passwordless authentication, many want to know – are we there yet? Join the FIDO Alliance for a half-day seminar to explore the current state of authentication and see what’s in store for the future.

Day 1 Update

First things first, we made a big announcement yesterday. We partnered with Rapid7 to reimagine how we find and fix vulnerabilities, and the outcome is completely awesome. Check out the details of the all-new Automated Vulnerability Remediation and be sure to catch a demo in action at our booth in the South Hall Expo.

But what else has happened at RSA so far? Muscle cars, IT innovation galore, and one massive robot working the crowds!

We were fortunate to steal Director, Product Marketing Manager Jay Goodman away from the activity for just a moment and get his recap on the first day of RSAC 2022.

Here’s Jay’s report:

Day 1 is well underway with the RSAC Innovation Sandbox competition wrapping up. This year’s candidates were, to say the least, interesting:

• Torq: No-code security operations orchestration

• Sevco: Asset consolidation and management

• Neosec: API Detection & Response

• Lightspin: Agentless visibility and attack chain mapping

• Dasera: Data Governance Ops

• Cycode: Software Supply Chain Security

• Cado: Cloud investigation platform

• Bastion Zero: Remote access broker

• Araali Networks: Cloud Risk Management

• Winner Talon: Chromium Browser Security

What struck me as I listened to the presentations in the hall this afternoon was how little security innovation there was, and rather how much IT innovation there was instead. Many of these tools are, first and foremost, IT operations tools with a security flavor or skinning added to them. It is starting to feel like the security industry as a whole is facing a similar identity crisis to the one facing sports car manufacturers.

Can you build a new and cool sports car built on a traditional engine platform? Absolutely! Is it something the world hasn’t really seen before? Definitely. Is it the optimal way to approach the problem? Maybe not. The automotive industry is facing a land swell shift in how they are powered. Internal combustion engines, or ICE, are outperformed soundly today by their electric counterparts. EVs are hailed as the new hotness, despite predating ICE vehicles by at least 50 years. The world just didn’t realize the strength in what existed already. The shift is welcome, exciting, and feels new.

Shifting back to security solutions we saw today in the Sandbox: Are they innovative? Absolutely! Do they add to the security world? Definitely! Are they new technologies? Hardly. Instead, many of what we saw are innovative takes on tools we’ve known in IT for a while, but with a new and more powerful take on them.

There will be many who sit, arms crossed, telling everyone that they saw it coming and an asset management tool isn’t anything new or cool. Ignore them. Instead, embrace the fact that asset management, access control, and data ops are getting a new, cooler look. It might not be new, but the combination of IT and SecOps tools is clearly a step in the right direction.

RSA Conference 2022 is finally here (June 6 – 9) and we couldn't be more thrilled. As our team members arrive and attend the week's events, we'll give you the play-by-play by updating this blog.

Seriously, our excitement is palpable. Take it from our Sr. Manager of Inbound Marketing, Amy Harrison, who was welcomed to SFO by the Automox mascot, Otto, earlier today.

We've waited with bated breath to be in person with our colleagues for the first time in years, so we want to let you know what’s got us revved up about going.

First off, if you’ve never been to RSAC, you’re in for a good time – it’s inspiring and energizing. RSAC is a gathering spot for the leading cybersecurity minds and organizations – an intensive experience for gaining insights and witnessing solutions first-hand that will impact your company, career, and life. Whether you attend in person or digitally, you’ll learn a ton.

We asked our teammates what RSA opportunity they were most excited about.

Read their answers below:

Amelia Vierra, Director, Public Relations

In my role in Public Relations, I often have the privilege of being a fly on the wall in conversations between passionate industry leaders whether they’re reporters, analysts, customers, or our executives. I am always fascinated by the whip-smart exchange of ideas around the latest innovations, emerging trends, or even wild ideas folks are kicking around for fun. I always learn something new. I’m especially looking forward to being back at an in-person event again to meet with my colleagues outside of a Zoom call!

Justin Knapp, Manager, Product Marketing Management

There are so many interesting things happening in the world right now, and security seems to take center stage more often than not. I’m excited to see how the industry is responding to the significant shifts we’re seeing at both macro and local levels. RSAC is the perfect opportunity to get a pulse on the industry and absorb the creative approaches and solutions being applied to address some of the world’s most vexing problems.

Mike Stone, Solutions Engineer

Besides the opportunity to catch up with customers and friends both old and new, the best part of RSA is on the outskirts of the expo. Every year I attend RSA, I’m surprised and delighted by the creativity of the new security technologies I see on the outskirts. These are the startups with a small booth, perhaps a simple demonstration, and a great deal of drive to succeed and make their mark in the security world. Just as the bad actors are creative and persistent in their attacks, so must the good guys innovate and be diligent in their defense.

Gina Geisel, Senior Product Marketing Manager

As someone who strives to be organized (but typically never completely succeeds), I can’t help but wonder what The Marie Kondo Approach to Security fireside chat is all about. How can an organization “tidy up” its security with measurable improvements? And what actually “sparks joy” for security teams? Can the same rules we apply to tidy a messy home be applied to security, transforming it into a space of serenity and inspiration… one can hope!

Zac Youtz, Manager, Engineering

Amazingly after years in the security and product space, I’ve never had the opportunity to attend RSAC. RSAC is going to be an opportunity to see all the amazing work going on in the security space. I’m particularly interested to see what the small to growing startups have to show off. On a personal level, it will be a great opportunity to reconnect with colleagues from past roles and grow new partner relationships.

Jay Goodman, ​​Director, Product Marketing Management

It’s been over two years since we’ve been able to get together as an industry. I’m excited to see what’s new, hear from our industry peers, and swap the latest in security and IT stories. I’m as excited about this year’s RSAC as I was when I attended my first RSAC nearly a decade ago!

Joel Rieger, Regional Vice President

I’m most excited to meet up with customers, partners, and team members and see where they are today, and what has impacted their business in the VASTLY different world we are now in. Discussing how people are dealing with a hybrid/remote environment in an escalating cyber threat environment is of particular interest to me. In our roles, a deep understanding of what the major pain points are and how they impact the customer is critical. I’m hoping to gain fresh insight.

Peter Pflaster, Technical Product Marketing Manager

This will be my first time attending RSAC! I’m so excited to meet peers in the industry and learn about the problems they face, and the innovations others are making. I’m particularly interested in the Birds of a Feather session and discuss how the public and private sectors can best combat foreign covert actors while maintaining the integrity of First Amendment protections.

Nick Colyer, Staff Product Manager

At Automox, we have a mantra: “In everything we do, we aim to act.” Yet the proliferation of organizational silos, special interests, and lack of cohesively integrated solutions have complicated the promise over the years. In collaboration with a great industry partner in Rapid7, I’m most excited to see how the industry responds to the better tomorrow we not only envision, but are actively building today.

Serg Gusakov, Solutions Engineer

It’s always great to get out of your daily routine and speak to partners and customers in the SecOps/ITOps space face to face, discuss their challenges, the solutions they are currently using, and what they’re also looking to get out of RSAC. Looking forward to interacting with alliance partners, finding out their roadmaps, and looking for clever ways to combine forces. I can’t wait to learn and update competitive intelligence from other players trying to check their “us too" boxes with legacy or not-so-legacy ITOps toolsets. Meeting the team face to face, interacting, and working together are always great ways to grow and reach new levels of success.

Katherine Chipdey, Manager, Solutions Engineering

I'm sure others feel the same way, but I’m excited to mind-share for the first time as an industry in over two years. The world has changed, and how we operate has had to change, too. So not just getting to see how far we’ve come, but also taking a look at where we’re headed should be enlightening. For me specifically, going this year with Automox is a huge differentiator in that we’re solving a problem and filling an industry gap. It’s unlike any other solution I’ve ever worked with. Detection has been a focus for years and companies are getting stronger at sounding the alarm, but how Automox can help us react, remediate, and automate action is what I am most looking forward to sharing with peers.

Alexa Banda, Events Marketing Coordinator

I’m ecstatic for Automox’s Evening Reception on the 36th floor of the Grand Hyatt Hotel on Tuesday, June 7 at 7 pm! Not only will we have the most magnificent 360-degree view of San Francisco from the hotel’s highest floor, but we’ll host a full open bar so you can grab yummy cocktails, delicious food, and let loose to killer tunes after a long day at RSA. Most importantly, it’ll be a great, chill spot to connect with incredible people and create unforgettable memories. Our special guest, Otto, will be camera-ready for your photo op. Plus, we’ll be giving away a Golden Gate Sunset SkyTour to 4 winners. You do not want to miss out on this spectacular Automox event! Register for the reception and read all things RSA here.

Visit Automox at RSA 2022

If you’re at RSA, please stop by our booth (#3410, South Hall Expo) for a product demo or a chat with one of our Solution Engineers or members of our Product Marketing team.

Plus, you’ll have the chance to meet our hero, Otto. Come by to snap some pics, snag some swag, and be the first to see our team members unveil the fastest way to remediate vulnerabilities and eliminate risk in minutes, not months.

We genuinely can’t wait to see you there.

• Want a sneak peek into what our security engineers are up to and a glance at how we Worklet?

• How do your defensive and offensive security teams combine forces?

• Where can I learn about detecting potential double-free vulnerabilities in Ghidra?

Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.