The Gately Report: RSA Conference 2023 First Look — Hot Topics, New Tools
This is the year of AI and security.
![RSA Conference 2023 malicious hacker RSA Conference 2023 malicious hacker](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltf0f82ad9e7ebaad6/6523fe5ccf5385cd47bfba45/Malicious-Hacker.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
This will be the year of artificial intelligence (AI) at RSA Conference, said RSA’s Jim Taylor.
“It will be the big theme that’s talked about a lot this year at the conference,” he said. “There’s so much media and energy around ChatGPT and all of these kinds of things. We’re already starting to see AI initiatives, AI-initiated malware, security threats from AI … So AI is going to be a huge talking point. Everybody has an AI-related story.”
Other hot topics will be zero trust, passwordless, and threat detection and response (TDR), Taylor said.
“You’re now seeing zero trust become a reality,” he said. “The Cybersecurity and Infrastructure Security Agency (CISA) has published version two of its zero trust maturity model. So they’ve laid out a well-nuanced blueprint. It’s targeted at federal, but obviously enterprises take advantage of … what is a realistic zero trust road map.”
In the security operations area, several vendors will launch new next-generation security information and event management (NG-SIEM) solutions, giving enterprises more options when choosing a NG-SIEM, said Omdia’s Eric Parizo. NG-SIEM is distinct from traditional SIEMs by way of being cloud/SaaS-based. It provides broad support for nontraditional telemetry, and includes integrated threat detection and incident response (TDIR) life cycle capabilities including analytics, investigation and response orchestration.
“Perhaps even more intriguing is where vendors may be going in regard to generative AI,” he said. “The recent announcement of Microsoft Copilot was a game-changer, heralding not only a new era of AI-driven SecOps, but also signaling the software giant’s intent to dominate AI-driven SecOps. Key Microsoft rivals such as IBM, Crowdstrike and many others will need to respond. And we’re hoping to get a sense of what that will look like at RSA Conference.”
The world just changed so much, and security needed to change with it and catch up, Taylor said.
“So we’re now in that cycle where you’ll start to see a lot of innovation delivered,” he said. “We’ll be announcing a lot of stuff at the show ourselves. We will be adding a lot of AI-based capabilities and risk insight, those kinds of things. The dynamic of security had to change when the workforce started working from home. We have to secure them in a different way. Right now, enterprises have really diversified their environments. They’ve gone to the cloud — the public cloud and private cloud. You can’t build a fence around it anymore. We can’t have a perimeter-based security model. So I think it all plays in together.”
RSA will showcase innovation around cloud infrastructure and entitlement management, Taylor said.
“When you look at these clouds, Amazon Web Services (AWS) or Google, they have just vast amounts of permissions and entitlements, and they’re not being effectively managed,” he said. “They’re outside of traditional identity infrastructure. So you’re seeing this rise of cloud governance, cloud entitlement management, those kinds of things. I saw a really interesting stat from a CloudKnox report that … 95% of users only use 2% of their cloud-provisioned entitlements. That’s a real problem. AWS has more than 4 million different permissions, 4 million different switches you can change. It’s a minefield. So you’ll see a lot of innovation around those things as business has moved and consuming technology in a different way. Security has to move to match it. So it’s going to be an innovation year.”
RSA Conference does have an impact on the industry, Taylor said.
“Speaking from my own personal experience as a veteran security practitioner, security is a little bit under siege,” he said. “We’re understaffed. There’s a hiring problem. There’s a skill shortage. There’s a changing dynamic in the problem. So we all are just running so hard and so fast to cope with what’s in front of us. It’s rare for us to get the opportunity to kind of come together, and collaborate and communicate with peers. So it’s almost like a bit of a breather for the security industry. And when we’re in an acquisitive mode, it’s a great shopping trip. You get to see everybody showcasing their wares. So I think conferences like ours and Black Hat … really bring the security community together. And you do see a lot of initiatives come out of them. So, yes, it’s super important for us to kind of get together.”
RSA Conference attendees talk to one another, and share common problems and solutions in security, Taylor said.
“My biggest recommendation is don’t stick to just what you know,” he said. “Don’t go talk to the vendor who you use all the time. Get outside of your lane, look around and see what else there is. See what else is going on. I think the biggest thing that people can take away is ideas. It’s a very fertile ground for that kind of thing.”
RSA Conference’s status as the industry’s premier enterprise cybersecurity conference has come into question in the post-COVID era, and the continued growth and success of Black Hat USA, Parizo said. (Omdia and Black Hat are both owned by Informa Tech, Channel Futures’ parent company.)
“But it is still an important point during the first half of the year where cybersecurity vendors can make a splash with new products and services, and talk one-on-one with customers, partners, analysts and media,” he said. “A good week at RSA Conference can provide the momentum an up-and-coming vendor needs to have a breakthrough year.”
During Day 1 of RSA Conference, SentinelOne announced the launch of Security Data Lake, a new unified security data platform.
The cloud-native solution provides a comprehensive view into data across security ecosystems, enabling organizations to uncover threats and respond to them in a real-time manner.
Leveraging new, AI-powered anomaly detection capabilities, SentinelOne’s Security Data Lake identifies anomalies and stops attacks by eliminating the need for manual analysis.
“Centralized visibility is the key to effective cybersecurity operations,” said Tomer Weingarten, SentinelOne’s CEO. “With SentinelOne Security Data Lake, organizations can clearly see data across the enterprise and easily interact with it to drive informed actions that protect their most critical assets.”
In addition, SentinelOne unveiled a new threat-hunting platform that integrates multiple layers of AI technology to deliver security capabilities and real-time, autonomous response to attacks across the entire enterprise.
Photo courtesy: rafapress/Shutterstock
Elsewhere at RSA Monday …
Cisco unveiled its newly built, cloud-first Extended Detection and Response (XDR) solution to simplify security operations in the hybrid, multivendor and multivector landscape.
Cisco XDR prioritizes and remediates security incidents using evidence-backed automation. It’s in beta now with general availability coming in July.
Also, to protect against multifactor authentication (MFA) attacks, Cisco is now offering advanced features in all editions of Duo, an access management solution.
“The threat landscape is complex and evolving,” said Jeetu Patel, Cisco’s vice president and general manager of security and collaboration. “Detection without response is insufficient, while response without detection is impossible. With Cisco XDR, security operations teams can respond and remediate threats before they have a chance to cause significant damage. Cisco continues to ensure that if it’s connected, then rest assured you’re also protected. We are uniquely positioned to deliver integrated solutions that simplify securing today’s increasingly complex, hybrid multicloud environments without compromising user experience.”
Photo courtesy: Sundry Photography/Shutterstock
Huntress unveiled a new managed detection and response (MDR) for Microsoft 365, extending protection to the Microsoft 365 suite of tools.
This new product protects Microsoft 365 users from attacks by monitoring identities to detect and respond to suspicious user activity, permission changes, anomalous access behavior and deviations from security best practices. It includes 24/7 monitoring by the Huntress security operations center (SOC) with the ability to remediate compromised accounts.
“With modern, cloud-based infrastructure, even a single stolen credential or compromised account can be used to launch an attack,” said Kyle Hanslovan, Huntress’ co-founder and CEO. “Huntress MDR for Microsoft 365 provides protection from identity compromise, including instant detection, one-click fixes and, if needed, automated account lockdown and our 24/7 human-powered threat operations analysis to protect businesses, their assets and their customer data. The feedback we’ve gotten from partners and customers to date demonstrates how we add value doing what we do best, closing the resource and technology gaps faced by SMBs from these threats.”
Torq introduced its new enterprise-grade security hyperautomation platform capable of automating security infrastructures.
Torq provides the ability to automate workflows and processes across enterprise security organizations to deliver end-to-end cybersecurity protection. The platform also offers GPT AI-based analytics for auto-analyzing cybersecurity incidents, making strategic responses and informing defensive measures.
“Only Torq provides the comprehensive hyperautomation today’s enterprises demand as they face ever-increasing cybersecurity challenges and threats,” said Ofer Smadari, Torq’s co-founder and CEO. “The Torq hyperautomation platform is helping the world’s most advanced and experienced security teams tame today’s incredibly elaborate and intersecting suites of security tools. Torq enables them all to work together seamlessly to deploy the most secure and unified cybersecurity postures possible.”
Flashpoint has launched Ignite, a new intelligence platform that accelerates cross-functional risk mitigation and prevention across CTI, vulnerability management, national security and physical security teams.
Ignite combines Flashpoint’s intelligence with an integrated user experience to help organizations streamline workflows, find relevant information, and reduce exposure to cyber and physical threats. Ignite delivers a real-time picture of all pertinent risks while reducing silos that can result from disparate intelligence feeds from multiple specialized partners.
“Flashpoint Ignite is built for practitioners, helping them rapidly locate the most relevant team-tailored intelligence from our world-class collections, returning search results in less than a second,” said Patrick Gardner, Flashpoint’s chief product and engineering officer. “It’s also a unifier, a bridge between teams that catalyzes an organization’s ability to fully understand its risk profile, prioritize operations and efficiently tackle daily challenges.”
Trellix announced the launch of its Endpoint Security Suite. Its products and advanced capabilities provides SOC analysts with visibility and control to secure all endpoints.
“Endpoint remains the first line of defense for every organization,” said Aparna Rayasam, Trellix’s chief product officer. “To strengthen operational resiliency, organizations need a seamless, comprehensive solution for endpoint protection, detection and response. By integrating endpoint detection and response workflows with deep forensic capabilities, Trellix Endpoint Security Suite is the best solution to effectively manage endpoint security.”
Trellix also plans to expand its threat intelligence portfolio to increase threat expertise and intelligence to help global customers stay ahead of cyber adversaries. The new offerings include vulnerability intelligence and Trellix intelligence as a service.
Through a planned partnership with Intel 471, Trellix insights and Trellix advanced threat landscape analysis system (ATLAS) customers will add underground malware insights. This new intelligence feed will complement Trellix’s native threat intelligence capability of over 2,500 threat campaigns and 250 threat groups, bringing increased contextual intelligence to global customers. Intel 471 is known for its advanced cyber crime and adversary intelligence. And through this partnership, customers will gain specific insight into malware families.
Zimperium unveiled its new mobile-first security platform. It unifies Zimperium mobile threat defense (MTD), formerly known as zIPS, and mobile application protection suite (MAPS).
The platform is designed for teams who bear security responsibility across the entire mobile security spectrum. Customers now have centralized access to and management of both Zimperium’s mobile application security and endpoint security solutions, providing them full mobile coverage to dynamically adapt to emerging threats.
“Today’s CISOs need to prioritize a mobile-first security strategy to stay ahead of attacks,” said Shridhar Mittal, Zimperium’s CEO. “There are a host of point solutions on the market for securing devices and applications, but none come together to provide an end-to-end platform to unlock the power of a mobile-powered business strategy. The Zimperium mobile-first security platform uniquely provides the most comprehensive mobile capabilities for risk reduction, global visibility, threat detection and response for both endpoints and apps.”
Zimperium unveiled its new mobile-first security platform. It unifies Zimperium mobile threat defense (MTD), formerly known as zIPS, and mobile application protection suite (MAPS).
The platform is designed for teams who bear security responsibility across the entire mobile security spectrum. Customers now have centralized access to and management of both Zimperium’s mobile application security and endpoint security solutions, providing them full mobile coverage to dynamically adapt to emerging threats.
“Today’s CISOs need to prioritize a mobile-first security strategy to stay ahead of attacks,” said Shridhar Mittal, Zimperium’s CEO. “There are a host of point solutions on the market for securing devices and applications, but none come together to provide an end-to-end platform to unlock the power of a mobile-powered business strategy. The Zimperium mobile-first security platform uniquely provides the most comprehensive mobile capabilities for risk reduction, global visibility, threat detection and response for both endpoints and apps.”
RSA CONFERENCE 2023 — The cybersecurity world has descended on San Francisco for this week’s massive RSA Conference USA.
RSA Conference 2023 is where the security industry converges to discuss current and future concerns, and have access to experts, content and ideas to help individuals and companies advance their cybersecurity, and build stronger and smarter teams.
RSA’s Jim Taylor
Jim Taylor, RSA‘s chief product officer, said attendance is “getting back up” to pre-pandemic levels with about 45,000 attendees expected. Stronger together is the theme of RSA Conference 2023.
Collaboration, Info Sharing Big at RSA Conference 2023
“It’s really about collaboration and cooperation, particularly in the information security community,” Taylor said. “We’re seeing in the industry a lot of trends around things like identity, identity fabric and vendor integrations, those kinds of things. So I think zero trust has very much pushed a holistic kind of umbrella view of security, which personally I think is a good thing. I think we should be more of an integrated standards-based, open kind of collaborative community. Security is much better when it works that way.”
Eric Parizo, managing principal analyst at Omdia, said this is the first year since 2019 that it feels like it could be a “normal” year at RSA Conference 2023.
Omdia’s Eric Parizo
“All the analysts I know are booked all day every day, and have been for weeks,” he said. “For obvious reasons, it’s probably the one time I’m looking forward to crowded exhibit halls and busy sidewalks in and around Moscone Center.”
Scroll through our slideshow above for more on RSA Conference 2023, and announcements by SentinelOne, Cisco, Huntress and more.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like