main

Security

My Thoughts on my Recent Trip to Mexico and LATAM’s Position on Information Security: Bigger and More Expensive Means Better?

October 14, 2016 — by Carl Herberger0

Most recently I traveled to Mexico City in large part to support a tradeshow and presentation I was to deliver at Segurinfo Mexico 2016.

My hat’s off to the organizers of Segurinfo Mexico 2016, which is held in Mexico City every year as they held a very powerful event! Over the past few years this event has continued to build attendance and interest at a brisk pace as they achieved a record high attendance and a wonderful gathering of vendors and practitioners alike. All-in-all, I believe that if one couldn’t learn something from the Segurinfo Mexico 2016 show then the problem probably laid more with the seeker than the organizers of this show!

segurinfo-mexico-2

Having said that, I would like to share a few pithy thoughts on my impressions of how information security is progressing in Mexico and Latin America (LATAM) in general now that I’ve had some time for the dust to settle. So, in no particular order:

It’s clear that security is big business – especially in Mexico: When making the rounds at the show, I was getting the sense that information security controls and safeguarding technology has grown up from a “geeky-little industry” that big companies used to just smirk upon, rising to a driving force behind scores of people’s lives and, moreover, money. One has come to expect the vendor booths being often ‘over the top’ with outrageous gimmicks, etc., however this year it was clearly so much more than this, and you really got the feeling of “big businesses” at work.

[You might also like: 5 Recipes For How to Design a Resilient Cyber Attack Environment]

SDN is NOT a consideration in LATAM today – and even for the biggest Mexican carriers still a distant consideration: From walking around Segurinfo Mexico 2016 I got the impression from the vast majority of exhibitors that most are either unprepared for the coming SDN revolution or ignorant to it. As I rounded the booths, I could find few who understood this technology upheaval or were trying to address it with their technologies.

Cloud Migration & Consumerization of IT is Being Ignored: One striking theme of the vendors who attended is that most are speaking to enterprises. They talk as if enterprises are their audience and enterprise technology environments is where the focus needs to be. For example there was a lot of focus on the data breach that affected Target, and little to the fact governments – especially LATAM governments – and numerous Carriers experienced large scale breaches and outages this year. It seemed to me that in our industry our solutions are not keeping pace with the macro trends that enterprises are migrating their IT to the cloud and are no longer controlling (or will not control any longer) the devices in which their employees access their systems going forward.

Most security technology does not do mitigation: The other striking situation is how many vendors don’t really provide their customers with end-to-end solutions. Almost by definition they provide ‘detection’ and then hand the problem to their customers to solve. Have you ever noticed that MOST security vendors don’t remedy the problems they uncover? It’s an amazing situation whereby most end-point security is about detection only – – no way to technically stop a problem, but rather just make you aware that one is underway. We have to get better at solving problems automatically as an industry.

All in all, I was generally impressed with this year’s show and as a security professional, feel Segurinfo Mexico 2017 is a “must attend” event to help keep your finger on industry’s pulse and connect with other like-minded individuals for insight and information. See you in 2017 in Mexico!

Learn more about cyber-attack detection and trends in the 2016 Global Application and Network Security Report.

Download Now

Carl Herberger

Carl is an IT security expert and responsible for Radware’s global security practice. With over a decade of experience, he began his career working at the Pentagon evaluating computer security events affecting daily Air Force operations. Carl also managed critical operational intelligence for computer network attack programs to aid the National Security Council and Secretary of the Air Force with policy and budgetary defense. Carl writes about network security strategy, trends, and implementation.

Leave a Reply

Your email address will not be published. Required fields are marked *