The annual RSA Conference (RSAC) was held again this week in San Francisco and did not disappoint. The event is a who’s who of cybersecurity stalwarts, all vying for the attention of customers, prospects and partners. The news cycle flowing from RSAC will continue for some time, so I want to share my insights into what I found most compelling.
Artificial intelligence emerges as a central theme
It is no secret that zero trust has been at the forefront of conversations at the last few RSACs. I have often lamented the whitewashing of zero trust and the confusion it creates as enterprises sift through claims from various security infrastructure providers to separate fact from fiction. This year marked a new theme at RSAC in the form of artificial intelligence (AI), which is not surprising given the recent attention paid to generative AI, especially in the form of ChatGPT. Generative AI presents some interesting challenges in terms of literary license and intellectual property rights, but the application of AI in cybersecurity is equally complicated.
During his opening remarks to kick off RSAC, Rohit Ghai, chief executive officer of RSA Security, underscored the importance of AI, given its ability to strengthen zero-trust architectures and identity management. However, on the flip side, bad actors will also embrace AI to increase the sophistication of cybersecurity attacks. It’s a double-edged sword that will require continued sharpening by security operations teams and the organizations they support.
As with the application of any new technology to a given domain, learnings from AI are yet to be realized. AIOps is a well-established technology component within networking offerings from Cisco, HPE Aruba Networking, Juniper and others. However, AIOps has so far aimed to improve the deployment and management of connectivity and the automation of information and operational technology environments. As security and networking continue to converge, its role will expand to the mitigation of security threats arising from AI.
There were hundreds of announcements made at RSAC this year. Ironically, it would be possible to analyze them all only if I relied on AI to do the work for me! With that said, I have distilled my comments down to half a dozen topics that I found especially noteworthy.
- AT&T released its Cybersecurity Insights Report at RSAC. The company holds a leadership position given its depth in security honed through internal development efforts, acquisitions and its AT&T Lab’s operations. As RSAC opened, Jeff McElfresh, AT&T’s chief operating officer, spoke to the critical nature of protecting its telecommunications infrastructure through native security integration that provides visibility across its fixed and mobile networks. The importance of AT&T’s efforts should not be underestimated, given public reports about how its rivals have been compromised.
- I had the opportunity to speak to Blackberry ahead of RSAC, and I continue to be impressed with the company’s journey away from its secure smartphone. Like AT&T, Blackberry published a threat intelligence report, using it to position its CylanceIntelligence subscription service to arm security operations teams with timely access to threats, actionable insights and the ability to prevent, hunt and respond to threats quickly. I like where the company is heading, leveraging its past credibility and strong brand reputation.
- Cisco unveiled a new extended detection and response (XDR) capability at RSAC to simplify security operations and improve outcomes across multi-domain environments. The company also enhanced its Duo access management platform, providing all paid Duo editions with its Trusted Endpoints feature, which historically was available only in its highest tier. I applaud Cisco for making this move, given that identity compromises are at the root of some of the most devastating cybersecurity attacks on enterprises. I also spoke with Tom Gillis, Cisco’s security lead, ahead of RSAC, and you can read more about our conversation if interested.
- Fortinet used RSAC to speak to a CyberRatings security effectiveness score for its FortiGate 600F series next-generation firewall (NGFW). CyberRatings is the industry’s only independent, third-party testing non-profit, and it awarded Fortinet a 99.88% near-perfect “AAA” mark. This is a compelling recognition for Fortinet, given the company’s strength in firewalls and the price-to-performance value that it continues to deliver.
- Palo Alto Networks used RSAC to announce an expansion of its Unit 42 Digital Forensics and Incident Response Service. It’s a comprehensive offering that encompasses assessments, preparedness, incident response, threat hunting and detection and response. The company claims to generate five hundred billion cybersecurity events daily—an impressive statistic that points to its telemetry strengths.
Zscaler released the findings of its 2023 ThreatLabz Phishing Report, a twelve-month look back from its well-established security cloud that identifies phishing trends, emerging tactics and the corresponding industries and regions that are vulnerable. Unsurprisingly, AI tools such as ChatGPT make it easier to steal credentials. Consequently, this is an eye-opening report and worth a read. Given the dynamic and ever-evolving nature of phishing attacks, I appreciate Zscaler’s effort to increase awareness and visibility.
RSAC 2023 could be best characterized by its emphasis on the advantages and disadvantages of AI and numerous published cybersecurity reports designed to raise awareness of threats and subsequent remediation, in addition to cybersecurity platform enhancements. These subjects are a definite departure from the past few RSAC events, which seemed to be zero-trust “me too” conventions. It is a welcome change, given that the emphasis on improving security outcomes benefits everyone.