RSA 2023 Recap - AI, Cyber Risk and Solution Consolidation. Oh My!

The Red Report 2024

The Top 10 MITRE ATT&CK Techniques Used by Adversaries

DOWNLOAD

And… it’s back. Whether you attended RSA USA in person this year or not, it was clear that the cybersecurity community came out in numbers. It was busy! Once again, the 4 days of RSA felt like the busiest month of my life. 

The momentum had been building for a while. As Britta Glade and Hugh Thompson discussed in the RSA Conference’s recap video, RSA received over 2400 session submissions this year, a new record. There were also a lot of stickers - hopefully your picked up your favorites to decorate your laptop. 

Between the sessions, hallway discussion and vendor announcements, several themes stuck out to me. 

AI

If you had AI on your buzzword bingo card this year, you were the big winner. This year, AI was mentioned in almost every session. In addition, there were multiple keynotes and sessions focused on AI including one trying to separate the hype versus the reality, and another discussing the need to harden the security of AI/ML systems themselves.

Of course AI, machine learning, and data science more generally, are not new to cybersecurity. Over the past 5 years or so, AI has been responsible for upending the largest segments of cybersecurity technology. AI has driven endpoint security from signature-based tools to modern endpoint detection and response (EDR) solutions and allowed behavior analytics-based SIEMs to leapfrog their rule-based predecessors. 

What is different is the pace of change and ubiquity of AI being integrated into cybersecurity solutions. AI has now become very accessible to both solution providers and to end users alike. ChatGPT in particular has also whetted people’s appetite to include AI in cybersecurity. It is a big wave crashing over all aspects of our lives. At RSA, there was tremendous hope that we can harness its benefits. But, there was also awareness that its accessibility could also lead to increased adoption by our adversaries.

Cyber Risk

Another second key theme was that cybersecurity is increasingly about managing business risk. The change is being driven by the continued growth of ransomware, higher overall costs of breaches, increased regulation and the need for a rethink of the cybersecurity insurance market. As a result, there is now Board level accountability for cybersecurity.

From speaking sessions to hallway conversations, it is clear that security teams are increasingly talking to their CFO, CEO and the Board. It was no surprise then that one of the keynote panels simulated a board meeting

Cyber risk can be thought of as: impact multiplied by likelihood. S&P Global Market Intelligence dedicated their concurrent industry briefing event to “the measurement of impact” that security incidents have on the business. 

Of course, it's not just the impact of risk that is growing, but also the likelihood. Many sessions and discussions centered around how the attack surface has grown, leading to greater likelihood of breaches. The growth on non-traditional IT environments were covered in many places including a panel on critical infrastructure and a session on protecting the electric vehicle (EV) charging network. The complexity of protecting a hybrid workforce was also on display, including BH Consulting’s session on hybrid workforce. It was also reinforced by Talon winning the innovation sandbox contest for developing an enterprise browser meant to secure the hybrid workforce. 

Solution Consolidation

A third theme was solution consolidation. And while I will sidestep the age-old debate about whether the cybersecurity vendor landscape will consolidate, or not, it was clear at RSA that there are some powerful forces driving solution consolidation.

The first was the ongoing political and economic uncertainty. Right on cue, a session about taking advantage of a recession to push a program to world class, focused on developing a plan to consolidate solutions and simplify operations.

To borrow from RSA’s “Stronger Together” theme for 2023, the second driving force was a belief  that there are benefits from having capabilities being integrated together into technology platforms, via technology alliance partnerships, or both. Folks are simply tired of bouncing from one dashboard to another through swivel chair security operations. They feel hampered by having their data siloed across dozens of applications.

Case Study - Exposure Management

The three themes – AI, cyber risk and solution consolidation – are converging in segments across cybersecurity like detection (XDR) and identity (zero trust). But, it is the exposure management category where they have been particularly active leading up to, and during, RSA. 

Theme #1: Artificial intelligence underpins the technologies in exposure management. Moreover, it is increasingly the glue that is allowing a broader solution to come together by filling in gaps and adding context to the huge volume of data and alerts involved.

Theme #2: The ultimate objective of exposure management is to help security leaders measure and reduce their cyber risk.

Theme #3: Solution consolidation is definitely in progress. What has been a very fragmented market is quickly coming together through platform extensions, partnerships and acquisitions. To that end, consolidated exposure management solutions increasingly consist of the following components:

  1. Understanding the attack surface. This entails aspects of cyber asset attack surface management, external attack surface management, IoT/OT security, and application security

  2. Understanding exposure. This entails aspects of risk-based vulnerability management, cloud security posture management, and breach and attack simulations (to validate security controls and identify attack paths)

  3. Measuring and reducing risk. Risk prioritization, mitigation and measurement capabilities are typically part and parcel of the above components but can also be complemented by dedicated cyber risk quantification solutions.

  4. Inputs and outputs. Of course the data to drive these solutions needs to come from somewhere. A consolidated exposure management solution rests on integrations with detection solutions (SIEM, EDR/XDR), threat intelligence, other security policy enforcement tools and IT tools (CMDB, Active Directory). Similarly, integrations with ticketing and SOAR solutions make mitigation more automated and efficient.

Picus has embraced these themes and recently announced that we have extended our continuous threat exposure management solution with new attack surface management and cloud security posture management capabilities. Security teams can combine these new capabilities with our existing breach and attack simulation solution to consolidate their security solutions and use real-world data to measure and reduce their cyber risk.