RSAC 2024: Secretary Blinken, AI Challenges, Opportunities
Also, the latest news from IBM, Proofpoint, Delinea and more.
![RSAC 2024 RSAC 2024](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt5961f9afe1d6e901/663adda838475c7a3b9bede4/Hugh_Thompson_RSAC_2024_Feature.jpg?width=700&auto=webp&quality=80&disable=upscale)
RSAC's Hugh Thompson on stage at RSA Conference 2024 in San Francisco, May 6.
U.S. Secretary of State Antony Blinken said the cybersecurity community has a role to play to “sharpen our thinking, to inform our diplomacy, to help us see around the corners, to prepare for the innovations to come, even to tell us what's missing where we need to do better.”
“Your role as partners in this is the difference between winning and losing the tech competition, and it's essential in helping to bring about a more democratic world where the rule of law is upheld, where dictators and aggressors are held accountable,” he said. “It's perhaps no better example of this in recent years than what we've done together in Ukraine. Russia launched its war of aggression. It subjected the country's infrastructure to an onslaught of cyberattacks. The U.S. government, our international partners and perhaps most consequential by technology, all understood the need to help the Ukrainians batten down the digital hatches. So we helped them harden their networks, migrate vital government data to the cloud, bolster the resilience of national communications and other critical infrastructure that is digital solidarity in action. So it’s that kind of collaboration that we want to scale and apply around the world.”
Jeetu Patel, Cisco’s executive vice president and general manager of security and collaboration, led a keynote on cybersecurity in the age of AI. He said for the first time in human history, we are on the cusp of transitioning from a “world of scarcity” to a “state of abundance.”
“And what I mean by that specifically is that the ability for us to augment capacity to humans is going to be so profound and grow at such a different scale,” he said. “If you had ... 20 developers on your team, expanding that capacity to a 100 through digital workers is not going to be hard to do, and it's going to be very plausible. If you have 40 people in customer service, you can actually expand the capacity to maybe 250.”
All of these digital workers will reside in data centers, and that will necessitate not just reimagining data centers, but also reimagining the underlying infrastructure for security that will power these data centers, Patel said.
During this application and infrastructure change, a few things will remain difficult, namely securing these applications and security infrastructure, he said. Those include segmentation, patching, and updates to critical infrastructure and data infrastructure.
The problems haven’t been solvable until now, Patel said.
“There are three key technological shifts that are occurring that are going to fundamentally change how we are able to go solve these problems,” he said. “The first one is AI. Second is kernel-level visibility (KLV), and third is hardware acceleration.”
These three core technologies “allow us to fundamentally reimagine security in the age of AI,” Patel said.
Kevin Mandia, Mandiant’s CEO, gave a grim cybersecurity year in review for 2023, but offered some glimmer of optimism.
“I don't know if it's really accelerated, but we saw good innovation by offensive attackers and threat actors,” he said. “Ransomware has evolved to data theft, to extortion, to potentially even now harassment and other things where it's more engaged.”
The best part of 2023 was increased partnership between the government and the private sector, Mandia said.
When it comes to ransomware, “we're seeing damages equating to $100 million-$800 million,” he said.
“So the question that we always have is, what do we do about it?” Mandia said. “When you look at the ransomware problem, there are a lot of folks in the camp of we have to do better defense. I get that, and that's why we're all here. We all want to do better defense. The second thing we ... have to look at is cryptocurrency, the means and ways in which we can track cryptocurrency. Some people think it's not always a great idea to have an anonymous currency that can be paid thousands of miles apart from one another. The third thing we have to do is we have to look at the treaties we have and modernize some of these treaties. We need to have attribution and impose risk. So I would ask that all the folks in law enforcement, in the intelligence community and in the private sector revisit some of the ways to do attribution, and for the folks in different governments globally to look at what are the safe harbors and safe havens for the criminal actors, and can we modernize treaties with those nations so that we can impose more risks or costs.”
Another dismal development is the accelerated targeting of vendors in zero-day exploits, he said. The number of vendors attacked totaled 31 last year. There are many potential reasons for this acceleration, but it likely comes down to impact.
“If you do espionage, you get what you want, and if you do crime, you get what you want,” Mandia said. “Cyber intrusions are paying off and that's why I think you're seeing this happen.”
Bryan Palma, Trellix’s CEO, announced a new CISO x CISO initiative, a crowdsourced channel for collaborating with peers, fostering discussions and sharing best practices.
“I've been ringing this bell for a few years now; there is a need for a more collaborative approach to cybersecurity,” he said. “I talked about it here at the RSA Conference in 2023. In 2022, I spoke about soulful work, and the value of community and recruiting great people to join our effort on behalf of the good. I think we in the cybersecurity community need to do a better job of listening to what our customers are saying. Some of us seem obsessed with debating the merits of each other's platforms, but we forget it would be better to operate as one open ecosystem, because that is what our customers repeatedly tell us they want, and that is what our customers need to be successful. This is the era of possibility, because the work we all do will dramatically shift moving forward. So because of this shift, we are going to be the first to do what you ask, to share insight and best practices.”
IBM is on hand at RSAC this week to address securing AI and generative AI (GenAI). A new study from the IBM Institute for Business Value sheds light on C-suite perspectives and priorities when it comes to GenAI risk and adoption, revealing an alarming disconnect between security concerns and demands to innovate quickly.
While 82% of respondents acknowledged that secure and trustworthy AI is essential to the success of their business, 69% still say that innovation precedes security.
The study also identified that one of the biggest concerns for business leaders is they don’t know what they don’t know, with GenAI representing a novel field of risk and opportunity:
Most C-suite respondents were concerned about the new and unpredictable security risks as a result of GenAI. Fifty-one percent of respondents were concerned with unpredictable risks and new security vulnerabilities arising, and 47% were concerned with new attacks targeting AI.
Nearly one-half expressed uncertainty about where and how much to invest when it comes to generative AI and their business operations.
Chris Meenan, IBM’s vice president of product management for security, said when it comes to AI and GenAI, cybersecurity will likely be a “very fast follow” in certain organizations, while others may move security first.
IBM also introduced its Framework for Securing GenAI. This framework aims to help companies understand the threats they are most likely to encounter when it comes to GenAI adoption, and to prioritize defenses accordingly. It can also help companies take a comprehensive view of securing AI, with three core pillars aligned to AI-specific risks: secure the data, secure the model development and secure the usage.
“Fundamentally, when organizations are creating GenAI solutions and models, the first thing they’ve got to do is ensure that the threat actors are kept out at each stage of the model development and usage, and that each stage is appropriately governed and monitored,” Meenan said.
Denny O'Brien, IBM’s director of product management for cloud and service provider security, said securing GenAI provides numerous opportunities for partners.
“We have a lot of partners within the IBM ecosystem who major on big data AI engagements with their customers,” he said. “I think one of the things that it opens up for our partners is to bring security into that engagement with the client as well. In fact, we've been doing a lot of work, across our brands, between security and data, and AI on how we secure watsonx and generating point of view around that. But one of the things that we're doing and we're seeing is giving data and AI partners of IBM an angle to add data security and AI security to their engagement. So it's opening up a new route for revenue for them as well.”
The two main focus areas are AI for better security and securing AI, Meenan said.
“We are innovating around helping organizations secure their AI end to end by filling in a lot of those gaps that existing offerings, existing tooling are unable to do,” he said. “And then secondly, just bringing it all together in a more cohesive workflow so it's easier for organizations to secure, so they’re not taking a piecemeal approach. So that's one main area we're investing in. And then the second big area is obviously AI and security. And there, we're really leaning into innovative solutions that help with the problem of making all of the output of security tooling in a customer's organization more consumable and actionable, at the analyst level all the way up through the decision maker.”
During RSAC, Proofpoint unveiled two AI-powered email security innovations for comprehensive end-to-end email protection.
Proofpoint will now provide pre-delivery defense against both social engineering threats and malicious links. Additionally, new adaptive email security capabilities offer a fully integrated layer of behavioral AI-based defense post-delivery to stop targeted threats such as lateral internal phishing and advanced email fraud for businesses’ most at-risk employees, while offering API integration with Microsoft 365.
Joe Sykora, Proofpoint’s senior vice president of worldwide channels and partner sales, said his company is going to “continue to do what we've always done well, which is email protection.”
“That's the core of the business,” he said. “There's still a lot of addressable market out there for our partners. So I think for our partners, it's redefining or reemphasizing the importance of we are the leader, we are No. 1 out there and they can feel confident going in with the new technologies. We reinvest about 20% back into R&D every single year so this is just a testament that we'll continue to do that for them. Before RSAC, last week I was in France and in the United Kingdom talking with some of our top partners and this is all top of mind for all of them. So especially in international markets, I think we've got a lot of runway with end users, and partners will benefit.”
Proofpoint also recently announced the availability of its human-centric security solutions in AWS Marketplace.
“That's a big one for partners,” Sykora said. “We have advisory councils throughout the world with our partners and this is one of the things that they continue to ask us for, the ability to transact on AWS, so co-selling with partners through their CPO program. We've been working with AWS for awhile. Opening that up for partners I think is huge because we're seeing a lot of demand from end users that want to go that route to market. And taking our partners along with us is just a win-win for both of us. There are a lot of partners that built their practice around the hyperscale marketplaces, with AWS being the leader in the United States. But we also see Azure, Oracle and Google right out there. But AWS is the prominent one. That's what our partners are asking for.”
See more from Sykora and Proofpoint in my May 13 edition of The Gately Report.
During RSAC, Netskope unveiled its Netskope App for ServiceNow, further extending the collaboration between the two companies.
Designed to simplify threat and data protection workflows, the app leverages advanced features such as Netskope real-time user coaching to help security SecOps and incident response (IR) to keep users productive and the business resilient when responding to incidents and alerts.
Dave Rogers, Netskope’s senior vice president of global alliances and channel sales, said Netskope App for ServiceNow means partners can integrate Netskope into their existing ServiceNow practice and integrate security cleanly into what they're already doing.
“The majority of our customers today or partners today are all services driven and more importantly, creating unique offerings,” he said. “So some of our largest customers are big ServiceNow customers with strong consulting practices, and some of them have great security practices, and some of them are just dabbling on the security side. But being able to integrate those is very important for them.”
Rick Hanson, Delinea’s president, was on hand at RSAC to give an update on his company’s latest activity, including its acquisitions of Fastpath and Authomize. Both acquisitions have taken place this year.
Hanson said the Fastpath acquisition is “extremely exciting not only for us, but our partners.”
“It really gives our partners and Delinea the extensibility outside of traditional privileged access management (PAM) into the identity governance and administration (IGA) space,” he said. “So now I can provision accounts. Previously we could check out a secret, we could log into an application and then control that feed, where now we can actually provision, we can see the life cycle and authorization of that identity. And through our acquisition of Authomize, we now can take that identity with that authorization and make sure that it's configured correctly. So if it's a misconfigured identity, we can remediate it through identity threat detection and response (ITDR) and then we can extend it through cloud properties with cloud entitlement manager (CIM).
"Coupled with that, we now have the unique ability to offer segregation of duties (SOD) for customers," he said. "For the majority of our customers, they look for public companies that have that governance within financial applications and I always think of it on the high end, once I know who you are, where can you go and then what can you do when you get there, and so that controls that SOD of an identity. So you’re starting to see Delnea become more of an end-to-end identity player and not just a PAM vendor. So when you look at strategic partners … they have identity practices, and it makes these identity practices wider with more depth because now they can offer more services. As we all know in our ecosystem, services is what our partners want.”
Cowbell Cyber was on hand at RSAC to talk about its recently announced Prime Tech with Cowbell Co-Pilot, its AI solution for efficient underwriting.
Prime Tech is Cowbell Cyber’s adaptive cyber insurance offering that combines Prime 250 cyber risk insurance with technology errors and omissions (E&O) primary coverage. Prime Tech with Co-Pilot can help underwriters better assess risk and provide valuable insights to improve decision-making at speed, driving a 40% faster contract review time on average.
Matthieu Chan Tsin, Cowbell Cyber’s vice president and head of cybersecurity services, said the Co-Pilot feature will allow a faster, more personalized coverage underwriting process at a “level of speed that a cabal of policyholders have been expecting.”
“Now, since we were one of the first ones to automate the whole underwriting policy system, we are entering with the new product better technology in order to continue growth at scale and still being quick, being fast, getting that first quote that they need within seconds or minutes, and not hours,” he said.
One of the challenges in cyber insurance, both on the underwriting side and the security side, is the “sheer number of data points that we have to deal with, and not only the sheer number of data points, but also the frequency at which they change,” Chan Tsin said.
“We're not talking car or home insurance here that have months or years of new technologies,” he said. “Cyber evolves daily, the threat landscape evolves daily, which means risk exposures evolve daily, and that impacts the underwriting process, the pricing, the policies, the coverage levels. And that's what we're hoping that Co-Pilot will help us do, get to that point where not only do we have a policy quote ready to go within seconds, but also the right policy quote, and that would be a first for us, definitely a leading move in the industry where the underwriter becomes a quality control check and not necessarily somebody who has to handwrite the whole policy from zero, knowing that the environment probably moved from the minute the application was submitted to the time that policy was first quoted.”
Cowbell Cyber was on hand at RSAC to talk about its recently announced Prime Tech with Cowbell Co-Pilot, its AI solution for efficient underwriting.
Prime Tech is Cowbell Cyber’s adaptive cyber insurance offering that combines Prime 250 cyber risk insurance with technology errors and omissions (E&O) primary coverage. Prime Tech with Co-Pilot can help underwriters better assess risk and provide valuable insights to improve decision-making at speed, driving a 40% faster contract review time on average.
Matthieu Chan Tsin, Cowbell Cyber’s vice president and head of cybersecurity services, said the Co-Pilot feature will allow a faster, more personalized coverage underwriting process at a “level of speed that a cabal of policyholders have been expecting.”
“Now, since we were one of the first ones to automate the whole underwriting policy system, we are entering with the new product better technology in order to continue growth at scale and still being quick, being fast, getting that first quote that they need within seconds or minutes, and not hours,” he said.
One of the challenges in cyber insurance, both on the underwriting side and the security side, is the “sheer number of data points that we have to deal with, and not only the sheer number of data points, but also the frequency at which they change,” Chan Tsin said.
“We're not talking car or home insurance here that have months or years of new technologies,” he said. “Cyber evolves daily, the threat landscape evolves daily, which means risk exposures evolve daily, and that impacts the underwriting process, the pricing, the policies, the coverage levels. And that's what we're hoping that Co-Pilot will help us do, get to that point where not only do we have a policy quote ready to go within seconds, but also the right policy quote, and that would be a first for us, definitely a leading move in the industry where the underwriter becomes a quality control check and not necessarily somebody who has to handwrite the whole policy from zero, knowing that the environment probably moved from the minute the application was submitted to the time that policy was first quoted.”
RSA CONFERENCE — A big message at this week’s RSAC 2024 is the power of community to prevail over ever-persistent cybercriminals.
Hugh Thompson, RSAC’s executive chairman, in his opening keynote emphasized the vast community that RSAC represents. This year’s event has attracted 40,000 cyber professionals from more than 130 countries.
“What's so interesting about this craft is that you are so open and willing to share with one another,” he said. “That's what this program is all about. That's what this week is all about.”
Based on submissions for speakers, attendees are interested in two big topics concerning AI, Thompson said.
“One is, can I use this stuff, particularly large language models (LLMs), to make what I do better?” he said. “Can I defend better by harnessing this power? But the second set is other parts of the business are applying these technologies at an unbelievable pace, faster than almost any other technology adoption. How do I know that I've got the right compensating controls? How do I know that this new evolving risk surface is under control?”
The problems that seem impossible are actually possible through community, Thompson said.
“I've seen it firsthand: Community unlocks possibility,” he said. “Individuals may be smart, but as a community we are wise, and that's actually more important. People can get overwhelmed and stalled, but a community can endure. And in that drive, individuals are strong. But as a community, we are formidable. It's important to remember that as you're doing your jobs every day. We have such a terrific community here.”
Secretary Blinken Addresses RSAC 2024
In his keynote, U.S. Secretary of State Antony Blinken, said the issues that are the “bread and butter" of (RSAC) are increasingly a major focus of U.S. diplomacy.
“Today's revolutions in technology are at the heart of our competition with geopolitical rivals,” he said. “They pose a real test for our security, and they also represent an engine of historic possibility for our economies, for our democracies, for our people, for our planet. Put another way, security, stability and prosperity, they are no longer solely analog matters. The choices that we make today, that you make today will be decisive, and they will reverberate for generations. That's why it's important for me to be here with you and to share how, under President Biden's leadership, our administration thinks about this inflection point and to talk about some of the steps that we're taking to advance our technological competitiveness, to safeguard our democratic values and to maximize the potential, minimize the risk of critical and emerging technologies.”
There are three developments that have led the Biden administration to elevate technology in national security and in diplomacy, Blinken said.
“First, a new generation of general purpose, foundational technologies for transforming our world. It's no surprise we see six as particularly consequential for our national competitiveness and our national security: microelectronics, advanced computing-quantum technologies, AI, biotechnology-biomanufacturing, advanced telecommunications and clean energy technologies,” he said. “And these six are increasingly converging. Semiconductors are powering progress and AI, and quantum computing. AI is enabling new developments in synthetic biology. Digital technologies are driving advancements in clean energy technologies. The resulting breakthroughs are rewiring every aspect of our lives.”
Second, the distinction between the digital and the physical realms is eroding, Blinken said.
“Today, our cars, our ports, our hospitals, our giant data storage and computing machines are vulnerable to cyberattacks,” he said. “And the digital forces that drive our modern lives are dependent on scarce physical goods, from critical minerals to semiconductors. The third key development is technology increasingly needs to be understood as stacks, and we have to be competitive up and down that stack. That includes hardware, software, talent, and the norms, the rules and structures which govern how technology is used. So the task before us is whether we can harness the power of this era of disruption and channel greater stability, prosperity and opportunity.”
Scroll through our slideshow above for more from Day 1 of RSAC 2024.
About the Author(s)
You May Also Like