By Barracuda Labs
As we walked around RSA conference this week, the usual greetings are ‘How are you? What's hot at the show?' or ‘What trends do you see?' This has been the case for years. Everyone surveys each other looking for some sort of trend identification. The problem is that answers vary based on where an individual spent time, what parties they visited and who had the most memorable booth models. We lack a quantitative view of what is hot at the RSA conference and what is hot in the information security industry.
We set out to solve this problem—to create a data-driven, quantitative, view of what is hot at the RSA conference and subsequently what is hot in the information security industry. The infosec industry has few quantitative measure of industry trends and priorities. The industry relies largely on human opinion and analysis. This creates the same problems that existed in NCAA football before the computer-guided BCS ranking system rankings were decided solely on human opinion polls. Before the BCS, the top 2 teams only played in the final game of the season- 8 of 56 times. Since the BCS, the top 2 teams have played in 12 consecutive games. Improved analysis has created a more accurately aligned system. We aim to achieve the same in the security industry; by better measuring the priority of topics we can ensure that our attention is aligned with the need. (source: Wikipedia)
How It Works:
As we introduce the system we focus on the largest gathering of information security professionals and companies, the 21st annual RSA conference with 15,000 attendees and 341 exhibiting companies. These companies represent over 90% of the $27 Billion information security industry. (source:IDC)
Each year RSA publishes a program guide that contains the list of exhibiting companies and a company-provided description. This is the most concise explanation of a company’s focus. We used these descriptions in a content analysis system to identify recurring n-grams. These n-grams identify the topics and phrases that are popular in the security industry. We did relevance filtering by eliminating articles and other generic terms. The algorithm then identified the top security topics based on the number of occurrences of each term.
The popular terms identify specific problems or technologies that are trending. We also want to measure the broader categories or markets that are popular. To accomplish this, we mapped each term into one of six security market based on IDC’s security industry taxonomy* (Worldwide IT Security Products Forecast and Vendor Shares: Comprehensive Security Product Review, IDC, Kolodgy et al., December 2011). The categories that we defined are as follows:
- Network Security: (Network security under IDC's SCTM)
- Vulnerability: (IDC's SVM: security and vulnerability management)
- Identity: (IDC's IAM: identity and access management)
- Endpoint: (Endpoint under IDC's SCTM)
- Content Security: (combination of Messaging and Web from IDC's SCTM)
- Encryption: (combination of encryption toolkits and storage encryption under IDC's ‘Other Security')
Floor Space Ratios:
We not only want to measure what percentage of companies are talking about a topic or in a market but we also want to measure how much of the conference (in terms of floor space) is spent on companies discussing each of those topics or in those markets. Every year the RSA conference publishes the official floor plan complete with square footage of each booth. We processed the 2012 RSA Conference floor plan to measure the square footage dedicated to each popular topic and each popular category.
In order to visualize this data, we created a web app that generates a heat map of the RSA exhibition floor based on each security topic and each security market. The heat intensity is based on how much each company focuses on that topic relative to other topics. We've opened access to the site so that you can explore topics and mappings as well. Start mapping at http://hst.barracudalabs.com/
Why Are We Doing This:
At Barracuda Labs, we provide security intelligence, threat forecast and other advice to our product groups to help drive features and product strategy. Therefore we have a need to identify emerging and trending security topics. Furthermore, as a curious group of individuals we wanted an answer to the question of where is the industry focused and heading.
How This Fits In:
Currently the industry has many ways to gauge importance of topics but few are driven directly from data of the industry's activity and overall dialogue. Current forms of analysis include the following:
- Expert analysis and opinion
- Quantitative measures of revenue and customer base
- Surveys and Polls
This is a complementary system to aid in understanding the industry’s priorities and how they relate to the community’s problems. Moving forward we have several enhancements planned for HST:
1. We have this floor plan information available from 2008 RSA Conference. We are building an animated visualization to show how the HST have shifted over the years. (Hi RSA conference organizers, we'd love to have this info for years before 2008. Email us please: pjudge at barracuda dot com)
2. This current view of HST is based on vendors. It does not account for practitioners or researchers. We are building a view of HST that is based on the dialogues created by practitioners and researchers. For example with practitioners, we are analyzing twitter and other accounts of the top CISOs and comparing their dialogue to the topics emphasized by vendors. Similarly for researchers, we are analyzing the talk abstracts from popular security research conferences in order to measure the relationship between the community's research focus, practical problems and vendor priorities.
We look forward to feedback from others as to how we can make HST an even more useful tool for the community.