Source: www.cybertalk.org – Author: slandau EXECUTIVE SUMMARY: Last week, over 40,000 business and cyber security leaders converged at the Moscone Center in San Francisco to attend the RSA Conference, one of the leading annual cyber security conferences and expositions worldwide, now in its 33rd year. Across four days, presenters, exhibitors and attendees discussed a wide […]
RSA (“RSAI”) Conference 2024 Powered by AI with AI on Top — AI Edition (Hey AI, Is This Enough AI?)
Where do we have “41,000 attendees, 650 speakers, 600 exhibitors and 400 members of the media” who all care about cyber security? Ha, an easy question: RSA Conference 2024, of course!
I started my post-RSA blog tradition in 2006 — most of the blogs of course didn’t age well (“NAC is cool?!? What Year is This!?!” — “Eh… that’s 2007, Anton!”)
First, remember my bias: SecOps, cloud security and now securing AI, some data security and some odds and ends. I may not be looking at your favorite security segment (hi AppSec!) as intently as I am looking at SIEM, SOC, D&R, various cloud things and securing AI too.
Themes on the rise:
AI and GenAI: is there anything more obvious? Well, this is definitely the year where “AI” and “AI-powered” decorated every booth (they missed the bus last year). Many are annoyed by this, but I think this is a healthy sign of a use case discovery phase of GenAI for security. Many tool vendors summarize with GenAI, some explain, some vaguely “assist”, some try to generate playbooks or rules, and, yes, there is occasional magic too. We perhaps will see a lot more GenAI for report writing and yes, some for detection and remediation code creation (but carefully!). BTW, I think “AI-powered ML” is pushing it a bit…
Still comparatively little of “securing AI” (coincidentally the topic of my RSA presentation): my guess is that we need to wait for more organizations to “trip and fall” with this, before the vendor ecosystem arises to help.
Cloud security: Cloud security posture management (CSPM) remains very popular (even if hidden inside a CNAPP “combo-monster”), while cloud detection and response (CDR) is gaining traction, with some vendors focusing on other niches (in terms of money spent, “CNAPP = CSPM + CDR + misc”, it seems). And yes, securing various cloud-native services is still growing in popularity, as more organizations a) move to cloud and b) try to evolve from lift/shift to cloud native approaches in their practice (so expect fewer firewalls and more observability). Just as in 2014, cloud security problems are configuration problems, identity problems and — here is the real shocker! — identity configuration problems…
SecOps, SIEM and SOAR spiced with various flavors of TDR and TDIR: naturally, I’ve looked through all the SIEM with SOAR, SOAR without SIEM and everything in between (now “powered by AI”, obviously). I sense that many organizations have been stuck in the past here (some in distant past… some even in the pre-SIEM, ancient past), and that we can expect more disruption. Some want more detection engineering, others vote for the opposite (essentially, the “EDR-ization of SIEM” where you consume detections rather than engineer them). The latest batch of SIEM vendors were born in 2019 (hi Chronicle now called Google SecOps) and 5 years have passed since that day. Will a new batch of SIEM be born? Who knows, but what I do know that it ain’t the security data lakes… these are so 2014 (hi Hadoop … born in 2006, BTW).
Vulnerability management (VM): first, I thought that I accidentally time-traveled to RSA 2014, but then I realized that “prioritize what vulnerabilities to fix” is actually rising in importance. Perhaps it is time for the next wave of vendors, perhaps some sort of “Kenna 2.0” will rise as a result. Not sure, frankly, what they can do differently — the problem is often the process/culture, not the tool. By the way, I think that CSPM vendors have rediscovered vulnerability management and so they seem to be intent on repeating and then relearning the mistakes that the VM vendors (“the Q/R/T”) made in the late 2000s and early 2010s (“We can prioritize using exploit data, OMG WOW!!” — “Eh… welcome to 2009?” )
Identity-Centric Security: while very cliche, “identity is becoming the new security perimeter” and it finally shows in real life. ITDR is rising (many types of it), non-human/workload identities proliferate. I suspect this area will become more fun in the coming months. IAM is not just password changes :-)
ASPM is here, this means … ADR is coming. I definitely spotted application security posture management on a few booths, some focused on complex enterprise applications, internal application building and some cloud applications (but then it would be CSPM / CDR, no?). BTW we have SSPM (for SaaS) and DSPM (for data). Somebody tried DDR a few years ago (dead now?) and I have not seen people shoot for “SDR” for SaaS Detection and Response name (even though there are vendors effectively doing just that).
Themes on the wane:
Zero trust: I sense it is lower from a very high point of last year, but I also sense that vendors are finally showcasing tools that extend zero trust principles to many parts of the digital environment, so this may actually be a good thing! ZT is still largely a buzzword, but it may have started the climb towards maturity…
XDR: there was less emphasis on XDR, with some vendors still promoting it (like why? like … don’t?), but it seems to be falling into the trough of disillusionment.
Random themes we also spotted:
Email security had a surprising presence at RSA 2024, with several new vendors emerging despite the prevalence of existing solutions, and built-in email security.
Other fun things and ideas:
The debate between platform solutions and best-of-breed tools continues, with the market showing an obvious preference for single-purpose tools, indicating a vast number of niches in cybersecurity. How do I know that? Well, RSA expo has 600+ security vendors and some sources show 3000–5000 security vendors on the planet. They exist, ergo people buy them, ergo market favors niches. End of the debate. Sorry, broad platform fans. People complain about “too many security vendors” but what do they actually do? Buy from even more different security vendors! Exhibit A: RSA Expo hall 1991-2024+
The pull of the past remains strong in cybersecurity: with established vendors still present and organizations continuing to use older technologies. Mid-2000s SIEM vendor and early 2000s DLP vendors had decent presence, and some of them can barely spell “cloud”, much less “AI.” Yet they exist, they have customers, the past is real. You say “container”, I say “mainframe” :-)
Elie B two presentations on AI are just epic (and both are on YouTube, 1 and 2; here is a podcast with him where he tells a scary AI story… it’s just radioactive!)
P.S. I also had my first Waymo ride (with no driver at all). It probably changed my life … ok, not really …but it definitely made me shut up about “but Tesla sort of can do it too” because it is absolutely, utterly, unequivocally not the same…
P.P.S. Here is how an AI suggested I start this blog: “From the moment I stepped onto the bustling expo floor, I was immersed in a whirlwind of cutting-edge technology, thought-provoking discussions, and a shared passion for safeguarding our digital world. The sheer scale of the event was awe-inspiring, with thousands of cybersecurity professionals from around the globe converging to learn, network, and chart the course for the future of our industry.” (and no, if you have to ask, I am not doing it … real humans don’t talk like this, sorry AI!). Gemini does an epic job correlating the themes on the Expo floor to presentation topics, for example… It is all about the use case!
In this first-ever in-person recording of Shared Security, Tom and Kevin, along with special guest Matt Johansen from Reddit, discuss their experience at the RSA conference in San Francisco, including their walk-through of ‘enhanced security’ and the humorous misunderstanding that ensued. The conversation moves to the ubiquity of AI and machine learning buzzwords at the […]
RSA Conference delivers in terms of interesting dialogues with other cybersecurity professionals, and this year while there is not much on the conference agenda related to IoT security there is a lot of discussion about it. Whether it’s the UK’s Product Security law going into effect at the end of April, the growing focus by […]
Login
