Coming off the craziness of MWC 2019 in Barcelona, Spain, with 5G, edge, artificial intelligence (AI), and yes, SD-WAN too, we at AvidThink were hoping for a change of landscape as we braved the halls of the recently upgraded Moscone Center in San Francisco. And to a certain extent, there was a refreshing change of pace: instead of the eight-plus halls, there were only two halls merged into one large indistinct blob thanks to Moscone’s recent updates. And we were now in the land of malware, phishing, micro-segmentation, and security analytics – every aisle boasted one of these analytics companies. Though, as you will see, SD-WAN wasn’t quite done with us yet.

The progeny of SD-WANs from past conferences continued to haunt and hunt us as we encountered edge-firewall after edge-firewall now revamped as SD-WAN solutions. Even long-time single office, home office (SOHO) security solution provider Untangle, whom I had tangled with umpteen years ago, is now an SD-WAN vendor. And of course, all the booths with edge security solutions: Fortinet, Barracuda, Hillstone Networks, and Watchguard, as well as the usual suspects Cisco, VMware, and Juniper, had elements of SD-WAN. In some ways, AvidThink’s brush with SD-WAN everywhere is reminiscent of the “Final Destination” series of movies where trying to avoid SD-WAN at MWC simply led to it coming back with a vengeance at RSA – and I’m sure at other upcoming conferences as well. (For you movie buffs: "Jaws" or "Final Destination," take your favorite analogy pick.)

In any case, the issue we will all have – and are already having – with SD-WAN is the perceived lack of differentiation between one vendor and the next. AvidThink expects that in the next six months to a year, we’ll find the term SD-WAN not useful and new terms will emerge that will attempt to differentiate vendor products with hopefully more granularity. Perhaps SD-Branch or SD-LAN? I’m not sure those terms quite fit the bill though.

Horror movies aside, RSA this year was unsurprising in many ways – the usual vendors hocking their ability to protect against phishing emails more accurately than the next; protection against zero-day exploits; detection of breaches; and blocking of exfiltration of data. And of course the application of AI and machine learning (ML), natural language processing, and threat data feeds (white lists, gray lists, black lists), all in the quest to better protect corporate assets. I was surprised at the ongoing inability of many vendors to explain how they were training their AI/ML models; whether they were using supervised or unsupervised learning; what data sets they were training against; and why they believed the data sets were the right ones. This lack of transparency and ability for enterprise end-users to validate AI/ML vendor accuracy claims is problematic, especially in a world where a single breach is all it takes to unhinge a corporation.

Likewise, many SecOps and DevSecOps platforms touted their ability to provide assistance with triaging the most critical issues first. While I completely understand that security teams are overwhelmed with the deluge of information, any type of triage model runs the risk of missing a slow, persistent attack that suddenly turns into a critical breach down the road. In some ways, I feel sorry for the enterprise CISO who is fighting what seems to be an uphill battle against well-trained, well-funded adversaries who often have the same sophisticated tools at their disposal to do battle against enterprise and service providers infrastructure.

The complexity of picking out the right solutions from the patchwork of security solutions on the show floor is a Herculean feat. The reality is that even if an enterprise deployed five, 10, or 20 solutions from the various vendors, the attack surface for a corporation won’t be completely covered. With the corporation becoming ever more porous with remote IoT devices (cameras, HVAC controls, printers); bring-your-own-device (BYOD) and corporate mobile devices; branch WiFi networks; campus networks; private and public cloud; and especially third-party and partner infrastructure, the scope that an enterprise security professional needs to manage is mind-boggling.

From better education and use of gamification to inoculate end-users against social engineering; improved transparency and visibility of sender and data sources; AI-assistance and guidance on potential threats; micro-segmentation; deployed enforcement and telemetry agents everywhere; enterprise data categorization and encryption; auditing and big data analytics; identity/role/attribute-based policies; and intent-based security models, all of us in security infrastructure have to strive to do better against our adversaries.

That’s a whole lot of things to juggle and keep in play at the same time. If I were a CISO I’d be ready for a vacation at the beach after RSA (no sharks, please) where I can get back to dreaming of a much simpler world in which SD-WAN solves all my edge security and connectivity challenges. Then again, maybe SD-WAN doesn’t … (cue theme from “Psycho”).