2 weeks left: Evolution at RSAC 2024

RSAC, we are back. If you thought the RSA Conference returned in full force last year, the 2024 edition has proven to be an even more formidable contender as a hub of innovation for the cybersecurity industry worldwide.

Following a year of high-profile breaches, rapid AI innovation and adoption, an unprecedented volume of federal elections, and geopolitical conflicts around the world, the RSA Conference became the conversation platform for urgently advancing programs and cybersecurity strategies.

The sessions captured the spirit of cyber taking center stage for federal governments and agencies, multinational corporations, and regional entities as a primary consideration in how organizations operate today. At the same time, the showroom captured key trends in the technology landscape and reflected some of the most notable priorities security leaders are pursuing today.

Data protection and data governance

Whether in conversation with CISOs, walking around the show, or participating in panel discussions at Moscone, data security emerged at every corner of the conference as an evolution or perhaps even a replacement for the “ Zero Trust Laundering” last year on the show. floor.

In particular, data governance has emerged as a top priority as data availability, usability, integrity and security continue to be scrutinized and held to higher regulatory and organizational standards. Data security posture management (DSPM) and, to a lesser extent, data detection and response (DDR) were the enabling technologies present in data governance conversations. Today, organizations are motivated to set defense proactive (DSPM) and resilient protection (DDR) goals, create breach-resistant security practices, and answer the questions:

  1. Where does my data reside?
  2. Who can access the data?
  3. What are the current risks to my data?
  4. What security protocols and policies should be applied?
  5. What is my data security posture?
  6. Has there been a material change to the data or access to the data?

Running AI Tastefully and Fighting AI Risks and Threats

The conversation about AI at Moscone was both prolific and surprisingly practical and realistic.

The startup community came prepared with timely solutions to machine-to-machine (non-human identity) risks increasing in an AI-driven world, opportunities to mitigate the threat of synthetic media as engineered threats proliferate social, deepfake and audiofake. Following the biggest headlines, we now know that synthetic media has the power to affect anyone. Cybersecurity technology providers, federal governments, and social media platform providers will need to work together to address this challenge in the coming weeks and months.

The conference also took into account unique approaches to ensure the implementation of AI within the enterprise. The trend was firmly in the generative conversation around AI when we launched our AI Gateway ahead of the conference, providing security teams with tools available to centralize employee access management and use of AI applications (like ChatGPT and others). , inspect messages to prevent data leaks. , filter content to meet compliance requirements, and defend against LLM attacks.

Generative AI opportunities for the SOC continued from last year, as security professionals offered more use cases for the platform’s cybersecurity assistants. My prediction for SOC in 2024 is a shift from user-initiated AI experiences (i.e., exclusively chat-style interfaces) to AI-initiated user experiences, where generative AI assistants bring to light prioritization, tasks and guidance proactively and in context based on telemetry. sources and sources of threat intelligence.

Proactive Mindset and Security Posture Management (SPM) at the Forefront

Point solutions for layer-specific SPMs were highly visible on the show floor. From AI-SPM, Application SPM or the aforementioned DSPM, the trend towards proactive security became evident. This shift in mindset, led by Trend with the introduction of Attack Surface Risk Management in 2021, has become widespread as security teams prioritize accurate inventory of assets across internal, external, and human attack surfaces. While it was promised to see increased interest, innovation and adoption of security posture management technologies in the market, it is worth noting that three key categories were missing from the showroom.

  1. Cyber ​​risk management is largely ineffective when done in isolation. One-off strategies for security posture management lack the necessary prioritization and contextualization of the risk present in the business environment, making it difficult for analysts to focus their efforts on the most critical tasks at hand.
  2. Managing security posture without guidance or corrective action provides a long list of problems with few solutions.
  3. Risk identification and scoring remains challenging and inconsistent. The risk formula calculation must be available and exposed to users for it to be considered a valid and reliable metric.

Trend Attack Surface Risk Management provides an integrated security posture management experience that extends asset discovery and inventory to include continuous risk assessment, prioritization across asset types (i.e. cloud, data, users, devices, IP/domain) and remediation guidance powered by generative AI, and corrective action options in the console.

NGSIEM and XDR convergence begins

If the last RSAC was marked by the explosion of XDR, this year the conversation was balanced by the emerging market category, NGSIEM, as security teams demand more from their SIEM investment.

For platform players to meet demand, it is necessary to recognize the need for security analysis and detection engineering in third-party telemetry sources. Across all sizes of businesses, organizations today have implemented EDR and XDR for stronger security outcomes compared to legacy SIEM, which often acts as an expensive solution for limited compliance requirements. Now, with the evolution of NGSIEM, the value of detections in addition to third-party data and the enrichment of existing events in the business environment and the development of new third-party detections can help bridge the gap between the different products being offered. used in the security stack and improve key metrics such as MTTD and MTTR.

Specifically in the mid-market, fewer engineering resources needed. . As NGSIEM gains speed, security buyers may consider managed NGSIEM or SOC-as-a-service options to take on more of the heavy lifting, as even a well-staffed SOC can benefit from support in detection modeling.

From a security outcomes perspective, native XDR remains the most effective option for detecting and responding to threats. From an implementation and feasibility perspective, NGSIEM offers a realistic detection and response option for very large entities and entities that have significant technology debt. My warning to security buyers: vendors introducing NGSIEM should be able to demonstrate an evolution, not simply a rebranding of a failed XDR strategy.

Prediction Scorecard 2023

In our 2023 RSAC overview, I captured four categories of innovation where I expected to see movement in the market:

Risk prioritization: We saw some improvements in technology risk prioritization solutions; however, the isolated and point-solution approaches left me wanting more.

Cyber ​​risk quantification: Board-level advocacy and the use of cyber risk quantification to elevate the importance and influence of cybersecurity as a risk vector for operations and reputation was prominent. Security leaders explicitly identified risk indices and even the financial translation of cyber risk as important tools in their kit to advocate for increased investment, staffing, and additional resources.

Generative AI Governance: Several AI governance solutions from the startup community and major players, including Trend Micro, were present at the show as SaaS applications integrate AI into their technologies and as the use and abuse of AI increases.

Mergers and Acquisitions Volume: Indeed, the showroom looked different, with key players consolidating with large entities. I expect this trend to continue through 2024, as investment deals decline in volume and dollar amount.