RSAC is back: We thought RSA Conference was back with a bang last year, but the 2024 edition has proven to be an even stronger contender as the innovation hub for the global cybersecurity industry.
After a year of high-profile breaches, rapid AI innovation and adoption, an unprecedented number of federal elections, and geopolitical conflicts around the world, the RSA Conference became a conversation platform for the urgent advancement of cybersecurity programs and strategies.
Sessions demonstrated how cyber has taken center stage for federal governments and agencies, multinational companies and local organizations as a major consideration in how organizations operate today. At the same time, the exhibit floor showcased key trends in the technology space, reflecting some of the most noteworthy priorities security leaders are currently pursuing.
Data Protection and Data Governance
Whether talking with chief information security officers, touring the expo floor or participating in a panel discussion at Moscone, data security was a ubiquitous topic at the conference, perhaps as an evolution or alternative to the “zero trust washing” that was on the show floor last year.
Data governance has emerged as a top priority, especially as data availability, usability, integrity, and security continue to come under scrutiny and regulatory and organizational standards become stricter. Data Security Posture Management (DSPM) and, to a lesser extent, Data Discovery and Response (DDR) have been enabling technologies featured in data governance discussions. Today, organizations are motivated to achieve proactive defense (DSPM) and resilient protection (DDR) goals, create breach-resistant security practices, and answer the following questions:
- Where is my data stored?
- Who has access to the data?
- What are the current risks to my data?
- What security protocols and policies should be in place?
- What is your data security posture?
- Have there been any significant changes to the data or data access?
Doing AI right and addressing AI risks and threats
The conversations about AI at Moscone were incredibly meaningful and incredibly practical and down-to-earth.
The startup community has been readying timely solutions to the growing machine-to-machine (non-human ID) risks in our AI-driven world, and the opportunity to mitigate the threat of synthetic media amid a surge in social engineering, deepfakes, and audiofake threats. Following major headlines, we now know that synthetic media has the power to affect anyone. Cybersecurity technology vendors, the federal government, and social media platform providers will need to work together to stay ahead of this challenge in the coming weeks and months.
Our unique approach to securely deploying AI within the enterprise was also top of mind at the conference: trends were firmly positioned around the topic of generative AI, and we released our AI Gateway ahead of the conference to provide security teams with the tools to centrally manage employee access and usage of AI applications (such as ChatGPT), inspect prompts to prevent data leaks, filter content to meet compliance requirements, and defend against LLM attacks.
The opportunity for generative AI for the SOC has continued from last year as security professionals provided more use cases for the platform cybersecurity assistant. My prediction for the SOC in 2024 is a shift from a user-driven AI experience (i.e. chat-style interface only) to an AI-driven user experience, where a generative AI assistant proactively and in-contextually presents prioritization, tasks, and guidance based on telemetry sources and threat intelligence feeds.
Proactive thinking and security posture management (SPM) at the forefront
Layer-specific SPM point solutions were very visible on the show floor. The trend towards proactive security, from AI-SPM, application SPM, or the aforementioned DSPM, was heavily on display. This mindset shift, which Trends led in 2021 with the introduction of Attack Surface Risk Management, has gone mainstream as security teams prioritize accurate asset inventory across internal, external, and human attack surfaces. While we expect to see increased interest, innovation, and adoption of Security Posture Management technologies in the market, it was notable that three key categories were lacking on the show floor:
- Cyber risk management is largely ineffective when done in a silo. Point strategies for security posture management lack the necessary prioritization and contextualization of the risks present in your environment, making it difficult for analysts to focus on their most important tasks.
- Security posture management without remediation guidance or actions creates too many problems with too few solutions.
- Identifying and scoring risk remains difficult and inconsistent, and for risk formula calculations to be considered valid and reliable indicators they must be publicly available for users to use.
Trend Attack Surface Risk Management extends asset discovery and inventory to provide a unified security posture management experience that includes continuous risk assessment, prioritization across asset types (cloud, data, user, device, IP/domain, etc.), generative AI-driven remediation guidance, and in-console remediation action options.
NGSIEM and XDR integration begins
Whereas last RSAC was marked by an explosion in XDR, this year the conversation was balanced by an emerging market category: NGSIEM, as security teams seek more from their SIEM investments.
For platform players to meet the demand, they must recognize the need for security analytics and detection engineering across third-party telemetry feeds. Organizations of all sizes today are adopting EDR and XDR to gain stronger security outcomes compared to traditional SIEMs, which often serve as an expensive solution for limited compliance requirements. Now, with the evolution of NGSIEMs, the value of detections based on third-party data, enriching existing events in the enterprise environment, and developing entirely new detections from third parties can bridge the gap between different products used in the security stack and improve key metrics such as MTTD and MTTR.
Particularly in the midmarket, XDR with NGSIEM capabilities (i.e., integration and ingestion of telemetry feeds from third parties) solves a major challenge in the midmarket by delivering detection and response use cases more efficiently, requiring less time and engineering resources. As NGSIEM becomes more prevalent, security buyers may consider managed NGSIEM or SOC-as-a-Service options to take on more of the heavy lifting, as even well-staffed SOCs can benefit from detection modeling support.
From a security outcomes perspective, native XDR remains the most effective option for detecting and responding to threats. From an adoption and feasibility perspective, NGSIEM offers a viable detection and response option for very large organizations and those with significant technical debt. As a warning to security buyers, vendors touting NGSIEM need to be able to demonstrate an evolution, not just a rebranding of a failed XDR strategy.
2023 Predictions Scorecard
The 2023 RSAC roundup highlighted four categories of innovations that are expected to see movement in the market.
Risk prioritization: While there was some improvement in technology risk prioritization solutions, the siloed point solution approach left room for improvement.
Quantifying Cyber Risk: There was a noticeable movement towards board-level advocacy and using cyber risk quantification to elevate the importance and impact of cybersecurity as an operational and reputational risk vector. Security leaders clearly saw risk indices, and even financial interpretations of cyber risk, as important tools to make the case for increased investment, headcount, and additional resources.
Generative AI Governance: As SaaS applications integrate AI into their technology and the use and abuse of AI grows, several AI governance solutions from the startup community and major corporations (including Trend Micro) were on display on the expo floor.
Mergers and acquisitions volume: Indeed, the landscape on the exhibition floor has changed, with leading companies merging with larger players – a trend we expect to continue through 2024, as the number and value of investment deals declines.
