RSAC 2024: Increasing Cybersecurity Burnout a Prominent Issue
Plus, the latest news from SentinelOne, Arctic Wolf and more.
![RSAC 2024 Day 3 RSAC 2024 Day 3](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt6fc0c348cf081bc1/663c04254b54e2ef6acced37/RSAC_2024_Day_3_Cover.jpg?width=700&auto=webp&quality=80&disable=upscale)
Other key findings from the XM Cyber report include:
Over half (56%) of exposures affecting critical assets reside in cloud platforms.
Different industries have vastly different exposure risk profiles, underscoring the need for industry-specific strategies.
The median number of exposures affecting health care providers is five times higher than the energy/utilities sector.
XM Cyber’s Sharon Malaver said many organizations lack an understanding of what’s at risk.
“It's not just about understanding what high exposures exist in the wild, for instance, but how can an attacker combine different exposures in my environment in order to lead them laterally toward the critical assets?” she said. “And once you build that attack graph, then you're able to focus on what we call choke points … in order to cut off the attack paths towards critical assets. So I think it's all about contextualization of risk, but also understanding not only the prioritization, but what you can filter out. I think that's what's making organizations struggle to get ahead of the long lists of exposures that they have and get ahead of the attack.”
XM Cyber’s report does point to some encouraging signs in the fight against cybercrime, Malaver said.
“One of the encouraging things is there are just 2% of exposures that actually lie on choke points, and by solving those 2%, you're reducing risk dramatically,” she said. “By focusing on those choke points, organizations can actually do a lot with very minimal effort to reduce risk. And so that's very encouraging because there's always a resource issue, and rather than wasting time on fixing the wrong stuff, it's all about focusing on the right stuff to fix and the stuff that really matters, the ones that will cause a dramatic improvement in security posture.”
The explosion of AI will likely increase demand for NightVision, a startup that will launch later this month. NightVision offers web and API security testing with the main differences/innovations emerging in speed, quality, coverage and vulnerability pinpointing.
NightVision was on hand at RSAC to talk about its upcoming launch. The company says it can perform security testing with a fraction of the amount of work/expertise needed by any dynamic application security testing (DAST) alternative, typically in three to 10 minutes.
NightVision was founded by CEO George Prince and CTO Kinnaird McQuade. The startup has raised $5.4 million.
McQuade previously held security engineer positions at Square, Salesforce and Synopsys. He was at Square during the height of the Log4J crisis.
“I'd been hired by Square three weeks prior, and then Log4J happened and somehow I was put in charge of finding all of our external endpoints that were vulnerable to Log4J, and I was sweating because there were all these family businesses that depend on Square being secure,” he said. “And if Square would get popped, it would impact all of them. So I was using the same scanner that everybody else was using, and it took eight hours to scan all our external endpoints, and I needed to be able to hit a button and know that, OK, this team says that they fixed it, let me hit a button and know that we're OK. Let me get a refreshed picture of our security posture. So I went to my manager and I said, 'You guys know I have a side project. Let me build this into my tool and I'll run it and let's see what happens. And I did it and got results in 30 seconds. And that was the point when I said I need to start a company. I felt like I had a duty to bring it to the market, and then it evolved into so much more.”
MSSPs and pen testers could use NightVision to do 80-90% of their job “super fast,” Prince said.
“So we're hoping to talk to the forward-looking people here who say, 'Hey, you're not really replacing me, you're just making me seven, eight, nine times more productive. I can do way more in less time with higher margin,” he said. “So those are the people we're starting to go after. The first thing is to really prove the product with some customers and then it could grow pretty rapidly.”
NightVision’s timing for launch couldn’t be better, McQuade said.
“I was at BSides (information security conference) this weekend and half the conference is about AI, so I was talking to all these other hackers and security folks all weekend about it, and what they're concerned about, and everybody's concerned about, is all the garbage code that is getting put out there by GitHub Copilot,” he said. "Developers are responsible for the code that they put out, so they're accepting the code that p[Microsoft] Copilot is suggesting to them. But developers are shipping code four times faster at least, and there are more bugs and more security issues, and they're going overlooked. So from the security side, we were already unable to keep up with the pace of development with DevOps and cloud, and now it's going to get more impossible with AI-assisted development. And we have to prioritize what's actually exploitable, not noise. And so this is really resonating with a lot of people.”
During RSAC, DoControl introduced its latest advancements with the release of two critical product capabilities, identity threat detection and response (ITDR) and SaaS misconfigurations management (SMM).
DoControl said these additions fortify its position as a leader in providing comprehensive SaaS security solutions, enabling organizations to proactively protect their sensitive SaaS data from evolving threats in the digital landscape.
Omri Weinberg, DoControl's CEO and co-founder, was on hand to talk about his company’s latest offerings. He said his company’s main focus for now is to enrich its ITDR and SMM capabilities.
“We are trying to expand our platform,” he said. “When people wake up in the morning and after they brush their teeth, and they say hey, what's happening with my SaaS today, I want them to come to DoControl, and I want them to make sure that we have all the tools in the world to be able to give them the right visibility that they need and the right remediation action that they need to take upon it, because giving you visibility and telling you how messy your bedroom is not helping you clean it up. So we help clean the history prior to DoControl. We call it spring cleaning because we connect to a company and we show them how the exposure is and what's the attack surface. And once they clean up this environment, basically moving on to the future, we are able to do that automatically on the fly with user engagement.”
DoControl is focused on partners who “see eye-to-eye” with its vision, Weinberg said.
“So we need someone to be our champion, to be our voice, to educate those prospects about what they have today is lacking, what they bought and have used for the last 15 years is just not good enough,” he said.
On Tuesday, we reported that Sophos signed the Cybersecurity and Infrastructure Security Agency (CISA)’s Secure by Design pledge. According to the Wall Street Journal, more than 60 companies are expected to sign the pledge at RSAC.
CISA said secure-by-design principles should be implemented during the design phase of a product’s development life cycle to greatly reduce the number of exploitable flaws before they are introduced to the market for broad use or consumption. Products should be secure to use out of the box, with secure configurations enabled by default and security features such as multifactor authentication (MFA), logging and single sign-on (SSO) available at no additional cost.
Fortinet is among those signing the pledge.
“At Fortinet, we have a longstanding commitment to being a role model in ethical and responsible product development and vulnerability disclosure,” said Jim Richberg, Fortinet’s head of cyber policy and global field CISO. “As part of this dedication, Fortinet has proactively aligned to international and industry best practices, and upholds the highest security standards in every aspect of our business. We applaud CISA’s continued call to the industry to follow suit and appreciate CISA’s willingness to collaborate with Fortinet on the development of these important goals. We strongly encourage others in the technology community to join this effort to keep organizations secure.”
Gigamon is also signing the pledge.
“At Gigamon, we’re focused on helping our customers secure and manage their hybrid cloud infrastructure,” said Chaim Mazal, Gigamon’s CSO. “We fully support and embrace secure-by-design principles and are honored to join together with other enterprise software leaders to sign the Secure by Design pledge here at RSAC. Our commitment to delivering products that are developed using secure-by-design principles that reduce risk for our customers is at the core of everything we do, and we applaud CISA for raising the bar across the industry.”
Also at RSAC, SentinelOne announced its new Singularity Cloud Native Security.
Built on SentinelOne’s acquisition of PingSafe in February, the agentless cloud-native application protection platform (CNAPP) is designed to assess environments like a hacker would, simulating attack methods to provide a prioritized, evidence-based list of exploit pathways that security teams can use to prioritize their time and prevent attacks before they happen.
“Attackers today think and act in totally different ways, and to keep their systems and information safe, security teams need to do the same,” said Anand Prakash, SentinelOne’s senior director of product management and a top-five ethical hacker. “With SentinelOne Singularity Cloud Native Security, defenders can see things from an attacker’s perspective, understand how they operate, and stop them in their tracks.”
Nozomi Networks and Mandiant, part of Google Cloud, have expanded a longstanding global partnership to further strengthen and streamline the way industrial and enterprise CISOs and their teams anticipate, diagnose and respond to cyber threats across all their critical business operations.
Through this partnership expansion, Nozomi Networks and Google Security Operations customers will have the option to combine Mandiant threat intelligence and incident response with Nozomi Networks threat intelligence to gain comprehensive access to real-time information about threats to their IT, OT and IoT systems.
“The cybersecurity threat landscape is rapidly evolving, with attacks growing in both number and impact enterprise-wide,” said Edgard Capdevielle, Nozomi Networks’ CEO. “To minimize risk and maximize operational resilience, CISOs and their security teams need comprehensive solutions that enable them to quickly assess and respond to threats across their IT, OT and IoT systems. We are pleased to be able to give our customer the option to easily incorporate Mandiant’s world-class threat intelligence and threat hunting services as part of a whole solution that delivers superior security outcomes.”
Arctic Wolf said its platform now supports integrations with security service edge (SSE) solutions from Cato Networks, Netskope and Zscaler.
These integrations allow Arctic Wolf Managed Detection and Response (MDR) customers to better operationalize their SSE investments and accelerate the ability to detect, respond to and recover from advanced cyber threats targeting their organizations.
“Through our support and integration of multiple SSE solutions, not only is Arctic Wolf helping our customers better operationalize emerging security technologies, but also we continue to expand our commitment to creating a full-service, turnkey cybersecurity platform that addresses the broadest possible set of use cases for our customers,” said Dan Schiappa, Arctic Wolf’s chief product officer.
Arctic Wolf also announced the release of Arctic Wolf Cyber Resilience Assessment, a risk assessment tool designed to help businesses of almost any size advance their cyber resilience and improve insurability by mapping their security posture against industry-standard frameworks.
Graylog, a TDIR provider, announced the release of Graylog Security 6.0 to help enterprises combat continuous cyber threats.
The updated solution provides TDIR capabilities designed to address today’s cybersecurity challenges without the complexity and high costs associated with traditional security information and event management (SIEM) platforms.
“Today’s organizations face a barrage of cybersecurity challenges and often use a mix of tools that might cover some areas, but leave others exposed,” said Andy Grolnick, Graylog’s CEO. “With Graylog Security 6.0, our focus extends beyond robust threat detection and response. We’re committed to providing a comprehensive platform that effectively secures enterprises while minimizing total costs, including licensing, infrastructure and personnel. This approach ensures that our customers enjoy enhanced cyber resilience, as well as a lower total cost of ownership.”
RSAC’s Britta Glade said it’s important for attendees to make use of what they did at the conference.
“I hope to see a whole lot of people having some different conversations with the leadership at their organizations,” she said. “I hope to see all kinds of people looking at, 'What are our reporting structures? How do we make sure we're compliant with these kinds of things?' I hope to see all kinds of people looking at the code that they have, 80% of open source code that everything is being built on, and [asking, 'How are we making sure it's secure?' I think there are going to be very specific things that people can do as a result of what they've learned here. And I hope that they've loaded some new contacts into their phone, they've found them on LinkedIn and they're leaning into their people.”
Linda Gray Martin, RSAC’s senior vice president, said she hopes, apart of what they’ve learned in sessions, that attendees leave with some new contacts and people who can help them.
“I love what Hugh Thompson, [RSAC’s executive chairman], said in his keynote about whatever is happening in your world, there'll be someone who's rowing a boat toward you to help you,” she said.
RSAC’s Britta Glade said it’s important for attendees to make use of what they did at the conference.
“I hope to see a whole lot of people having some different conversations with the leadership at their organizations,” she said. “I hope to see all kinds of people looking at, 'What are our reporting structures? How do we make sure we're compliant with these kinds of things?' I hope to see all kinds of people looking at the code that they have, 80% of open source code that everything is being built on, and [asking, 'How are we making sure it's secure?' I think there are going to be very specific things that people can do as a result of what they've learned here. And I hope that they've loaded some new contacts into their phone, they've found them on LinkedIn and they're leaning into their people.”
Linda Gray Martin, RSAC’s senior vice president, said she hopes, apart of what they’ve learned in sessions, that attendees leave with some new contacts and people who can help them.
“I love what Hugh Thompson, [RSAC’s executive chairman], said in his keynote about whatever is happening in your world, there'll be someone who's rowing a boat toward you to help you,” she said.
RSA CONFERENCE — Cybersecurity burnout was among numerous top industry issues addressed during this week’s RSAC 2024.
Wednesday capped off nearly a week of vendors unveiling their latest offerings and threat research, much focusing on AI. High points during RSAC 2024 include keynotes focused on the importance of community, and challenges associated with AI and generative AI. Also, big announcements dominated, such as the launch of LevelBlue, formerly AT&T Cybersecurity, and Google Cloud and Cisco’s latest AI innovations.
Britta Glade, RSAC’s vice president of content and curation, said cybersecurity burnout is an ongoing issue in the industry as evidenced from RSAC speakers and content.
![RSAC's Britta Glade RSAC's Britta Glade](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltad9799de6ce495cc/663c02fb5223515b519bce89/Glade_Britta_RSAC_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
RSAC's Britta Glade
“There's always been work-related burnout and stress … this is what we go through, but to have a spike similar to COVID-19, which of course COVID-19 turned all of our worlds inside out, I think from the human standpoint, the difficulty does seem to be manifesting itself in the burnout,” she said. “And that's definitely a red-flag warning for all of us as individual practitioners, but also as a community. What can we do for each other? We had specific sessions focused on burnout, focused on mental health. We need to exercise some caution and help each other, and build this community because it is a challenging time.”
XM Cyber at RSAC 2024
Also during RSAC 2024, XM Cyber released the findings of its third annual research report, “Navigating the Paths of Risk: The State of Exposure Management. ” Produced in collaboration with the Cyentia Institute, the report examines the cyber exposure landscape based on data gathered from over 40 million exposures that present high-impact risks to millions of critical business entities.
Sharon Malaver, vice president of marketing, was on hand to discuss the findings and said the number of exposures being discovered monthly is increasing. Organizations typically have about 15,000 exposures across their environments that attackers could exploit. That's up from 11,000 last year. However, traditional CVE-based vulnerabilities account for less than 1% of those and just 11% of all exposures to critical assets.
![XM Cyber's Sharon Malaver XM Cyber's Sharon Malaver](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltb7cb2780cc0843ad/663c0383f072fb64b92e5e4e/Malaver_Sharon_XM_Cyber_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
XM Cyber's Sharon Malaver
“We found that 80% of exposures are actually related to misconfigurations and credentials,” she said. “That's what was very surprising. Another thing that we found that was super interesting was the fact that we have so many exposures in the environment, organizations are often struggling with understanding what needs fixing right now, what's putting their environment at risk. One of the things that the survey found was that 75% of exposures found actually lead to dead ends, meaning that if an attacker is in the environment and they're moving laterally, 75% of those exposures won't allow them to actually move on toward critical assets. So it's all about finding those focused exposures that can create high-impact breaches, what is actually leading to critical assets that we need to focus on and remediate. I think today the industry is wasting a lot of time on fixing the wrong things. It's all about focusing on the right things, filtering out the ones that are irrelevant and can't really cause so much harm in order to be able to focus on, let's say, the 25% that can actually put critical assets at extreme risk.”
Scroll through our slideshow for more from RSAC 2024.
About the Author(s)
You May Also Like