RSA Conference 2024 Highlights, Insights And Companies To Watch
This year, I attended the entire week of RSA Conference 2024, and it was well worth the time spent. Over 40,000 attendees were treated to a bevy of pre-events, keynotes and breakout sessions on a wide range of topics in security and adjacent areas of tech. To no one’s surprise, generative AI was at the forefront of the event, replacing last year’s resounding theme of zero trust. Some might argue that this meant trading one area of whitewashed messaging for another, but a number of cybersecurity companies and announcements stood out for me as having genuine value.
Generative AI — Cybersecurity’s New Superpower
The excitement and market momentum tied to generative AI seems to be at its apex, and rightly so. The application of GAI stands to disrupt industries on a broad basis and deliver new levels of productivity. One of many infrastructure areas that stands to benefit is cybersecurity. AI operations is not a new concept in networking and security circles, but the introduction of natural language interface is.
From my perspective, two early use cases for generative AI are emerging for security professionals: SOC analyst onboarding and situation report generation. It’s no mystery that there continues to be a shortage of security practitioners. Generative AI, however, has the potential to rapidly onboard analysts who have a modicum of knowledge and improve accuracy as these employees get up to speed on the job. The other intrinsic generative AI benefit is the ability to create sitreps quickly and easily so SecOps can inform other enterprise stakeholders (including legal, human resources, finance, compliance and operations) about any threat situations that arise. From my perspective, generative AI’s ability to shorten the learning curve and dramatically improve security breach and risk communications within an organization are crucial steps for levelling the playing field for defenders against adversaries.
This year, I also networked with security professionals at several informal events and dinners including Techstrong’s security content creator annual RSAC party. It was the first time ever that I had the opportunity at RSAC to meet with practitioners and hear first-hand the challenges they face in the security fight. I left with an even more profound respect for what these individuals do on a daily basis and impressed with their dedication to addressing an ever-increasing threat landscape.
Announcement Highlights And Insights
The amount of announcements at RSAC 2024 was dizzying, but several stood out to me as significant. Let’s dive in.
Microsoft — The Microsoft Security team held a pre-day event the Sunday before the conference opened, highlighting new capabilities in its Defender and Purview solutions as well as in generative AI through the April GA release of Microsoft Copilot for Security. However, what I found especially noteworthy at the RSAC session was a deeper dive on the company’s Secure Future initiative that it announced late last year. Microsoft aims to raise the bar for security by introducing new standards throughout the design, build, test and operational phases of its product development. It is also embedding new deputy CISO positions in each of its product teams and tying senior leadership compensation to defined objectives. From my perspective, SFI is a model for other companies to follow, one that has the potential to bring deeper accountability for ensuring the highest levels of security.
I also had the opportunity to speak on camera at RSAC with Microsoft Security executives discussing SFI, Copilot for Security and other topics. If you’re interested, check out these videos.
Infoblox — There are only a handful of companies that offer domain name system security solutions; DNS serves as an architectural foundation that allows Infoblox to deliver higher levels of visibility, threat insight and SOC operational efficiency. The power of DNS lies in its ability to provide an additional layer of protection for defenders that complements existing tool investments, something that is drastically needed given the ever-increasing sophistication of attacks by bad actors. The company recently announced SOC Insights, a new set of capabilities that extend its BloxOne Threat Defense platform. SOC Insights does this by applying AI to vast amounts of DNS and network data to provide proactive versus reactive guidance and, in the process, deliver more effective security outcomes. I also had the opportunity at RSAC to speak with Infoblox’s chief product officer and threat intelligence lead; you can listen in on those conversations in the following videos.
Cisco — The networking giant continues on a journey to strengthen its security offerings with its recent acquisition of Splunk, and RSAC served as a platform for several announcements. From my perspective, the most notable ones included Cisco’s efforts to imbue its extended detection and response capabilities into Splunk’s SIEM, Cisco AI Assistant for Security in XDR, new cloud detection and response capabilities within the Panoptica suite and identity intelligence enhancements within Duo. Cisco is still building its security depth, but Splunk could serve to supercharge these efforts. The successful integration of Splunk to date, just a few months after the transaction closed, points to immediate and measurable progress as well as the practical power of network and data observability for cyber defenders.
Hewlett Packard Enterprise — In one of my product briefings at RSAC, HPE executives discussed the company’s Zerto platform, which is aimed at ransomware recovery, as well as what the HPE Aruba Networking group is doing with generative AI to thwart attackers. Speaking of the latter, the company announced new observability and monitoring capabilities within its Aruba Networking Central management console that aim to address IoT security risks. IoT is one of the largest contributors to an ever-increasing attack surface given the sheer volume of devices and profiles, including headless and embedded sensors that are often difficult to manage. These feature investments by HPE also have the potential to safeguard the AI data underlying large language models and AI applications. I often draw comparisons between generative AI now and the early days of cloud adoption. In the case of the cloud, with its rapid adoption we saw the rise of shadow IT and capital expense creep; with AI, the challenge is ensuring its security. Eventually, organizations were able to manage cloud provisioning and usage with new tools, and the same approach is needed to manage and secure the use of generative AI given its hyper-accelerated adoption.
Fortinet — Fortinet continues to cement its position in the secure networking category, and at RSAC the company was among the first to commit to CISA’s Secure by Design pledge. If you’re not familiar with the initiative, it mirrors Microsoft’s SFI on a broader scale. CISA is the U.S. federal government agency charged with protecting the United States against nation-state attacks on critical infrastructure. Secure by Design principles ensure basic security hygiene through active and default multifactor authentication, single sign on and other considerations at no additional cost to customers. It’s a shocking statistic, but on average nearly a third of organizations don’t deploy something as simple as MFA. From my perspective, Secure by Design should go far to ensure proper endpoint protection, and I applaud Fortinet for making it a priority within its product offerings.
Trusted Silicon
Trusted silicon plays an important role in fortifying and hardening IT and OT infrastructure against attack with deeper levels of security control. This is especially important given the rise of generative AI and the need to process such large amounts of data for AI training and inference. This year at RSAC, three companies stood out for me that are furthering root-of-trust principles—Intel, SafeLiShare and Keysight Technologies.
Last year, I published a research paper on the work that Intel is doing on Confidential Computing. At RSAC, the company shared its perspective on AI for Security with Intel Threat Detection Technology, AI for SecOps with Intel Device Health and Security for AI through Intel Tiber Trust Services. What I appreciate about Intel’s approach is that it is end-to-end, spanning on-premises clients and servers, the network edge and the cloud. Furthermore, the company is collaborating with a broad ecosystem to address critical security issues and vulnerabilities; these partners include Crowdstrike, Fortanix, Fortinet, Google Cloud, McAfee and many others.
SafeLiShare is an early stage startup to watch. The company is focused on using secure enclaves at the silicon level to facilitate AI workload data processing. At RSAC, the company announced its ConfidentialRAG private beta. RAG refers to retrieval-augmented generation, and SafeLiShare aims to ensure the confidentiality of generative AI prompt queries through runtime encryption schemes that protect private data within a trusted execution environment. This capability also extends to LLM content filtering that is designed to mitigate hallucinations, prevent the use of copyrighted materials and eliminate malicious executable software. The potential applications for what SafeLiShare is offering in its beta could be very broad, but is especially compelling when it comes to highly regulated industries such as healthcare, financial services and critical infrastructure.
Keysight Technologies is a company that has a long history in test and measurement as a spinoff from Hewlett Packard. The company’s device security research lab is heavily focused on strengthening the security of automobile manufacturers and their supply chains given the increased use of silicon and computational systems in cars. Electric vehicles and autonomy compound this challenge, introducing even more new silicon. At RSAC, the company announced its designation as a technical service provider for the United Nations automotive cybersecurity and software regulations. To see things firsthand, I was given a demo on the RSAC show floor at the Keysight booth. While I don’t profess to be an engineer, it was interesting to witness the functionality that exposes vulnerabilities in silicon design.
Companies To Watch
I also had an opportunity to spend time with a handful of companies for the first time at RSAC, including Darktrace, OpenText and LevelBlue. Darktrace offers lifecycle protection across a wide swath, including applications, email and endpoint (spanning the network edge to the cloud) as well as OT environments. It accomplishes this by using AI to ingest business data to provide visibility to threats, provide correlations to business operations and automate threat response. I like the proactive versus reactive nature of what the company delivers. It is also worth highlighting that Darktrace used RSAC to announce support for an observability-driven security policy management solution for Kubernetes—an industry first that leverages its recent acquisition of Runecast. Containers are challenging infrastructure elements to secure and manage, given the volume of instances and lifecycle variability, which makes Darktrace’s new offering intriguing.
OpenText is a Canadian company that offers a suite of solutions that include network detection and response, endpoint security and identity access management. Even though the company has grown mostly through acquisitions, there is solid integration between its offerings. What I also find interesting is that cybersecurity is an element of a broader portfolio of information management solutions, including content management, developer and IT operations and more. That facilitates a broad cross-selling approach and allows the company to tailor complete offerings based on industry and application set.
In November 2023, AT&T announced its intention to spin off its cybersecurity business unit in a transaction that would marry it as a standalone entity with WillJam Ventures, a private equity firm that invests in cybersecurity companies. Flash forward to RSAC, and the LevelBlue company brand was unveiled. I had an opportunity at the event to speak with the company’s chief marketer and came away with an appreciation for the logic behind the transaction. From my perspective, while tethered to AT&T, the value of the operator’s investment in security was never fully articulated or realized. However, now that AT&T has launched its Dynamic Defense embedded security within its network fabric, it provides an opportunity to allow LevelBlue to broaden its reach and vie for share of SecOps wallet. It’s still early days, but the spinoff could serve as a runway for possible future success.
Wrapping Up
The specifics I’ve given above underscore the point that generative AI was a major theme at RSAC 2024. However, there was so much more to unpack at the event. My biggest takeaway was the focus on prioritizing security within the product development process as evidenced by Microsoft’s Secure Future Initiative and CISA Secure by Design. These efforts have the potential to reduce vulnerabilities, improve security posture and drive better security outcomes for infrastructure providers and the customers who deploy the solutions. That’s a win-win by all measures.