* YTD quotes as of May 8th midday regular trading session.
After three COVID-dampened years, 2023 reignited the security industry’s long-running RSA conference in San Francisco (April 24-27). For the first time in years, attendees were excited not only to meet up with friends, but also to tour the booths of over 600 vendors in the exhibition space. There are practical freebies like t-shirts with cheeky sayings and books, coupled with mascots, card tricks and an escape artist powering badge scans that will act as clues for business development teams.
From six-figure awards for the highest-quality exhibit space to tastefully curated meals and happy hours, the show provided a week-long physical connection to discuss the enduring themes of threat evolution, security innovations and governance frameworks – only this year with technology layoffs and generative AI tackling the Add macro twists to conversation. Through it all, a few trends shined as potential investment opportunities.
Big Tech and Pure Play safety bets. A decade of security acquisitions and internal innovation has deepened Big Tech’s expertise in what was once a specialized company. In 2021 alone, Alphabet, Amazon, Apple, Meta and Microsoft spent $2.4 billion funding or acquiring 23 cybersecurity companies. Notably, Microsoft’s security business surpassed $15 billion in revenue last April, a revenue performance few pure-play security companies matched then or now. Stocks* of Alphabet (GOOGL +17.83%), Amazon (AMZN +19.45%), Apple (AAPL +48.48%), Meta (META +107.54%) and Microsoft (MSFT +67.22). %) all trended up year-on-year. Date compared to a mixed sample of security-only vendors including Akamai (AKAM -6.19%), CrowdStrike (CRWD +27.51%), F5 (FFIV -10.73%), Palo Alto Networks (PANW +51, 95%) and Check Point (CHKP -5.34%). Investors reward safety stocks for the most part, but the top performers are mega caps with other companies that can share a huge install base.
Newcomers add security. Phishing is still the main threat vector, but there was a critical mass of vendors on the show floor that went beyond email and endpoints to protect at the hardware and code levels. The age old analogy of bolting doors and windows to secure the home is table stakes. Some of the most exciting innovations at RSA are young, privately held companies that inspect building materials, plumbing, and electrical circuits.
DevSecOps Unicorn Harness brings together siled development and security teams to fix broken code at the heart of all vulnerabilities, “to make it easy to do right and hard to do wrong,” as Field CTO Nick Durkin explained. Another cloud-born vendor, Aqua Security, stops cloud-native attacks that have followed code development to the cloud, a problem that older security vendors were not initially designed to solve. Another vendor, Eclypsium, looks at supply chain uncertainties to find the vulnerabilities that lurk beneath the operating system layer, where most other security solutions typically reside.
AI for security. With the World Economic Forum stating that Generative AI is poised to eliminate 14 million jobs in 5 years, the technology presents a huge target for bad actors, creating a need to secure it. While AI can speed up deepfakes and misinformation, it can also improve security. One example is this year’s winner of RSA’s Innovation Sandbox competition. HiddenLayer monitors a client’s machine learning algorithms for signs of adversary manipulation. This protects systems from machine learning and algorithm drift poisoning, attacks designed to mislead teams that rely on this data to make bad decisions. “The consequences can be severe,” noted Alex Doll, founding partner of TenEleven Ventures. False data could prompt a regional bank, from which many are losing deposits, to approve mortgages and loans to unqualified applicants, increasing its solvency risks. “If the data inputs are corrupted or compromised, so are the outputs.”
RSA 2023 instilled a renewed sense of excitement and energy from booth staff and visitors. Each new security vendor that diversifies security beyond the operating system provides customers with a solution to adapt to the evolving threat landscape.
