UPDATED 22:40 EDT / MAY 16 2021

SECURITY

At RSA Conference, CEO Rohit Ghai reveals what’s coming next in cybersecurity

As the annual RSA Conference gets underway Monday morning in digital form, it will be a coming-out of sorts for RSA Security LLC, the venerable cybersecurity company that owns the conference.

As RSA continues its disengagement from Dell Technologies Inc., which sold the operation last year for about $2.1 billion to a consortium led private-equity firm Symphony Technology Group, Chief Executive Rohit Ghai (pictured) is aiming to position RSA to contend with ever-increasing cyberthreats. It’s all the more critical now, as millions of people working from home during the pandemic present a much larger attack surface for hackers.

In an interview with SiliconANGLE, Ghai called RSA a “3,000-person startup.” Besides the conference, its business includes its well-known SecurID security token business, the Archer governance, risk and compliance unit, the network forensics and threat analysis suite NetWitness, and a Fraud and Risk Intelligence suite. Dell had acquired the business when it bought EMC Corp. in 2016. In mid-March, the company got an additional investment from Clearlake Capital that also boosted its valuation, though Ghai wouldn’t provide figures on the investment amount or the valuation.

SiliconANGLE spoke with Ghai ahead of the RSA Conference, which starts Monday, May 17, and runs through May 20. The interview was edited for clarity.

Last year’s RSA Conference was pretty much the last major in-person technology event before the pandemic shut everything down. What kind of experience are you trying to create this year in a digital format?

This is our journey to pivoting to a different RSA Conference model. The power of the conference is the community. We felt that the opportunity that the pandemic has presented is to reimagine the conference not as a twice-a-year event but a continuous event. The future of the conference is hybrid, and it’s continuous.

We can attract global participation. The obvious challenge is how do we keep engagement in a virtual format. You’re competing with all sorts of other distractions. The bar is higher in terms of the content. It’s almost like producing a show.

How are things going post-Dell?

We have been working hard to wean ourselves off Dell. We’re working on standing up our own IT stack and looking forward to exiting theTSA [transition services agreement].

The macro charge is to become a scrappier, more focused company. We are smaller, we are hungrier, we are focused in this new configuration. It’s a great way to play our hand in today’s cybersecurity industry.

How do you view the state of the cybersecurity industry today?

We are in a very fragmented market. Customers traditionally have a best-of-breed buying orientation, but they’re realizing all the schisms in the industry are an opportunity for adversaries.

With the SecureID business … we’re saying instead of going to [different vendors], we want to be the identity platform for all your needs. Customers are looking for approaches like that… instead of a siloed approach.

It’s wishful thinking to think there’s one gigantic platform that serves all the needs of cybersecurity. But there’s a mean between that and 20 different screens in the security operations center. It’s integration at the right level of granularity. RSA is uniquely positioned for that opportunity.

How can companies, and vendors for that matter, play offense rather than defense in cybersecurity, when the attackers always seem to be a step ahead?

Cyber-resilience is the key. It’s about getting up when you fall. That’s a better way. Resilience is about falling less often, withstanding the fall and rising up stronger when you do fall. We really have to prioritize efforts. It’s like the pandemic: It’s not about eradicating the virus, it’s about bending the curve.

Fundamentally it’s not that the adversaries are better at using technology. The narrative of our industry is talking about breaches. Cybersecurity is an existential threat to our industry. But we need to do a better job of celebrating our successes.

How so? It’s about more than pure technology, right?

If we are thinking we can outmaneuver our adversaries with better technology, we’re fooling ourselves. We need to think about not just the tools and technology but the approach … zero trust, focusing on integrating tools. Some of the problems we face are self-inflicted.

What do you worry about the most in the coming year or two? Quantum computing that can break encryption? What else?

Quantum computing is also a tool on the good side. But the big thing is the volume and quality of data. Automation relies on data. Data is not organized, there are disinformation campaigns. We don’t have mechanisms to deal with data-related challenges.

How does RSA itself look to help on that front?

The objective of data is to provide insights. We need not to have silos. The SOC analyst sees thousands of alerts. For the human to make sense of it, it just doesn’t work. It’s more of an end-to-end approach.

Security is a data problem. You must aggregate data at the right level of granularity to solve this problem.

Photo: Robert Hof/SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU