I have spent the last three days attending Infosecurity Europe 2019, the largest security trade show in the UK and Europe. As ever, before coming I have tried to predict the big theme or trends that CISOs should take note of. However, the show is very similar to last year, with incremental evolution of products on display rather than disruptive innovation that breaks apart a segment of the industry. There have been few large-scale disruptive announcements on the scale seen at RSA such as the Microsoft and Chromium announcement. Picking one dominant theme was quite hard, because it was all a bit of déjà vu.

Here are some of my reflections on attending the event:

  1. Integration and automation are common terms used across the show. Many vendors have returned to quite traditional “protect, detect, and respond”-type messages. From the conference program, it was clear that there was a large focus on future technologies and their applicability in security. While this was the case, the biggest thing I heard and saw at almost every vendor and end-user conversation that I had at the show was on the criticality of integration and consolidation of security technology. Budget pressures, resource constraints, and frustration with broken promises by niche vendors has driven the conversation toward integration.
  2. Awareness and culture and application security solutions dominated the show. While vendors of all stripes were in attendance, there was a lot of focus on solving the challenge of security culture and awareness. This shows the prevalence within the security community on correctly identifying that culture and recognizing that people are at the heart of good security. Another hot spot from my observations was the prevalence of application security-focused solutions from across the vendor portfolio. Areas such as cloud continue to be important, but there has been a drop off of a cliff for vendors claiming to have the magic bullet for GDPR compliance. It is now loud and clear that this ship has sailed, much to the relief of everyone in the end-user community who was bombarded with this in 2017 and to a lesser extent in 2018.
  3. Incremental, rather than disruptive, innovation is the norm. As I have argued before in my report on the European startup scene, the cybersecurity industry in Europe is ripe for disruption (see the report here). There were no big announcements or earth-shattering disruption. Piecemeal, incremental innovation is par for the course now. This means that there is still a substantial gap between the needs of end users and the solutions provided by the vendor community. Bridging this gap is going to be critical, and as an industry, we need to move faster on closing the chasm that currently exists.
  4. Marketing driven by the Zero Trust model is much more muted than what’s seen in the US. Despite my own expectations, Zero Trust branding and discussions on the show floor of Infosecurity Europe were much more muted than I originally anticipated. Only a small handful of vendors had clear branding and market positioning for this security model in their stands. While more present in the conference program, this is a clear differentiation to the US. As we underline in our report on Zero Trust in Europe, there is increasing awareness of the idea, but many organizations are now only starting to grapple with the model. Awareness should increase in 2020 and beyond (see the report here).

As ever, opinion is divided as to the value of events such as this for both end users and the vendors that attend them. But what can’t be denied is that spending time here gives a good sense for what people in the industry are talking about and allows networking across the industry.