Inside RSA Conference 2023: Notable Takeaways and Insights

RSA Conference 2023! What a fantastic event. I have been to RSA for the first time, and every bit was worth it. Yes, it was a long travel from Qatar to San Francisco, but it was a fantastic experience. The conference featured presentations, keynotes, and discussions from industry leaders, providing insights into emerging threats and solutions. Additionally, it offers opportunities to connect with peers, vendors, and potential employers and explore new tools and technologies that can enhance their skills and capabilities. In my four-day trip, I could not even visit all the expo booths – it was so much to explore.

For those who could not attend, I am presenting the key highlights for the larger community.

General Highlights:

XRD: At the conference, XRD (eXtended Detection and Response) was a hot topic, with XDR solutions ruling the SOC space. With so many new players in the market, the speakers emphasized the importance of building harmony among different security components. By enabling devices to communicate, understand signals, and take action, you can build a more robust security posture. However, one of the key challenges observed was the limited integrations available with XDR solutions. Currently, vendors have only integrated with their product lines or limited third-party integrations, so it's essential to consider this when buying.

ChatGBT: Every single speaker talked about ChatGBT. It looked like to be the theme of the conference. An unlimited number of use cases were presented, from using the tool for coding to pen testing to automation.

Generative AI and Machine Learning: Generative AI and machine learning are transforming cybersecurity by providing more accurate and efficient ways to detect, prevent, and mitigate cyber threats. Cyber professionals are actively using the technology both in offensive and defensive space.

Application Security & DevSecOps: It was another hot topic during the conference. In the cloud, applications are often deployed continuously, with new code releases pushed to production multiple times daily. DevSecOps ensures that security is not an afterthought but is instead integrated into the development process from the beginning.

Cloud Security: The expo was abuzz with suppliers, and sessions focused on Cloud Security, which is becoming increasingly crucial with rapid cloud adoption and migration. Cloud security presents unique challenges in responsibility, visibility, configuration, access control, scalability, and compliance compared to on-premises security. It was impressive to see a wealth of startups developing cutting-edge cloud security products to address the critical issues of reducing exposure and attack surface.

Zero Trust and Identity: The Zero Trust strategy is gaining momentum, with increasing organizations embracing its principles. Several speakers shared their experiences of successfully implementing Zero Trust across their enterprises at the conference. Zero trust is a security model that assumes that all users, devices, and network traffic are untrusted and that access to resources should be granted on a need-to-know basis. Identity solutions, such as IAM tools, play a critical role in a zero-trust model by ensuring that only authorized users and devices are granted access to resources.

Key Notes Highlights:

Rohit Ghai , CEO RSA - The Looming Identity Crisis :

In RSA's opening Keynote, he discussed what he refers to as "The Looming Identity Crisis." Ghai emphasized that identity while acting as a defender's shield, is also the prime target for attackers. The most attacked part of the attack surface is, in fact, identity. Ghai predicted that the advancement of AI technology will challenge our self-perception. With the advent of avatars, AI-built deep fakes, false identities, and misleading chatbots, the online world is flooded with bad and/or useless data, leaving us questioning who we really are and who we can trust.

As we have navigated the three waves of technology, our expectations around the core purpose of an identity platform have shifted. In the internet era, compliance was the priority, followed by security and convenience. In the mobile/cloud era, convenience was the priority, followed by security and compliance. In the AI era, security is the top priority, followed by convenience and compliance. The traditional term "identity and access management platform" is now outdated, and the core purpose of an identity platform has shifted to security in the AI era. According to Ghai, an identity security platform is necessary to ensure online security in the future.

Jeetu Patel , Executive Vice President, and General Manager, Security and Collaboration, Cisco & Tom Gillis , Senior Vice President and General Manager, Security Business Group, Cisco

- Threat Response Needs New Thinking. Don't Ignore This Key Resource :

During a recent talk at RSA 2023, Jeetu Patel from Cisco emphasized the importance of extended detection and response (XDR) as a crucial component of a unified cross-domain security platform. Patel highlighted that cross-domain telemetry, which enables real-time tracking of exploits as they move across enterprise domains, requires an end-to-end integrated platform to ensure effective defense against threats. According to Cisco, its XDR service provides a turnkey, risk-based solution that leverages analytics to prioritize detections. The cloud-based service is designed to integrate seamlessly with third-party vendors, enabling easy sharing of telemetry, promoting interoperability, and delivering consistent outcomes irrespective of vendor or technology.

Sumit Dhawan , President, VMware

Alicia Lynch , Senior Vice President, Chief Security Officer, Cognizant

The New Ground Truth for Security:

"As the cyber threat landscape evolves, our customers require their infrastructure to play a more active role in protecting their enterprise," said Sumit Dhawan, president of VMware. "VMware is deeply committed to driving innovation in infrastructure, delivering enhanced protection against threats of today and tomorrow. I am proud of the innovations we are announcing at the RSA Conference to provide our customers with rich contextual visibility and greater protection against cyberattacks targeting their multi-cloud environments."

During the RSA Conference 2023, VMware announced the introduction of several enhanced features to its suite of security solutions aimed at addressing the rising sophistication and scale of cyberattacks. These enhancements include:

1. DPU-based acceleration, which leverages SmartNICs to improve the performance of VMware NSX.
2. VMware Carbon Black Workload and Cloud Configuration, designed to provide cloud-native architecture with secure cloud and workload configurations.
3. Enhanced Firewall Service offerings, which extend NSX Security capabilities to VMware SD-WAN edge appliances, enabling simplified operations at the enterprise branch.
4. VMware Secure App IX, offering more secure application connectivity across different applications and clouds.
5. Updates to VMware Workspace ONE for improved phishing and content protection, secure access, and patch management.

Bruce Schneier, Security Technologist, Researcher, and Lecturer, Harvard Kennedy School

Cybersecurity Thinking to Reinvent Democracy:

At the RSA Conference 2023, Bruce Schneier discussed how cybersecurity concepts could be used to reinvent democracy. He pointed out that current political systems are not suited for the 21st century, and democracy and capitalism should be treated as information systems that require constant improvement. Schneier suggested that trust is essential for a functioning society, but there is a current trust deficit, and the societal cracks are beginning to show. He proposed rethinking the nature of growth and creating a game where everyone wins to address zero-sum politics. His thoughts on how to improve systems are thought-provoking and timely in a world where elections and politics have come under increasing scrutiny.

Ram Shankar Siva Kumar , Data Cowboy, Microsoft; Harvard

Vijay B. , CISO, Deep Mind

Dr. Rumman Chowdhury , Founder, Bias Buccaneers

Daniel Rohrer , VP of Software Product Security, NVIDIA

Security as Part of Responsible AI: At Home or At Odds?:

A panel of experts discussed the security uses of generative AI, including incident response, while warning of the potential unintended consequences, especially with regards to the spread of disinformation. The panelists highlighted how AI adoption has led to concerns around job loss, inherent bias, and hallucinations. They emphasized the need for building tools to manage unintended consequences and addressing problems with a systems-based approach. While generative AI is seen as the merging of ethics and security, the panelists warned of the need to differentiate between well-meaning and malicious attackers to solve the problem of disinformation effectively.

Bryan Palma , Chief Executive Officer, Trellix

SIEM There, Done That: Rising Up in the SecOps Revolution:

Many organizations are still investing in SIEM while neglecting more advanced options like NDR and XDR, leading to overwhelmed SOC professionals who need to get the right insights to make decisions. This has resulted in increased pressure on teams and concerns about morale. Bryan Palma, Trellix CEO, suggests that the SOC of the future must embrace offensive security to get the upper hand on attackers, who are increasingly targeting businesses with ransomware. In his keynote at RSAC 2023, Palma suggested that defensive tactics alone are not enough and that organizations need to have the opportunity to strike back and even strike first.

Lee Klarich , Chief Product Officer, Palo Alto Networks

Why I'm Optimistic (And You Should Be, Too):

Despite the increasing difficulty of cybersecurity, there is a sense of optimism around the advancements in cloud and AI technology, which are making security architectures more effective in thwarting attacks. Lee Klarich, Chief Product Officer at Palo Alto Networks, believes that cybersecurity is solvable and that it is a winnable battle. However, to achieve a more secure future, the industry must prioritize security over compliance and become more prescriptive in how to accomplish needed outcomes.

George Kurtz , Chief Executive Officer & Co-Founder, CrowdStrike

Michael Sentonas , President, CrowdStrike

Hacking Exposed: Next-Generation Tactics, Techniques, and Procedures:

During the RSA Conference 2023, CrowdStrike's CEO George Kurtz and President Michael Sentonas presented a case study on a real-world attack technique that was used to exfiltrate and ransom sensitive data. The cybercrime group behind the attack has targeted organizations in the telecommunications and business process outsourcing industries. The group has forgone actual encryption of systems and instead stole sensitive data and extorted victims. The attack technique involves credential theft and bypassing multifactor authentication protection. The group also used vishing calls where they imitated help desk workers and spent up to an hour on the phone with targeted employees.

Vasu Jakkal , Corporate Vice President, Microsoft Security Business

Defending at Machine Speed: Technology's New Frontier:

Microsoft's corporate vice president of security, Vasu Jakkal, will deliver a keynote speech titled "Defending at Machine Speed: Technology's New Frontier" at the RSA Conference 2023. Jakkal will emphasize the need for combining automation and analytics with human ingenuity to achieve faster and better outcomes in cybersecurity. She believes that AI, hyperscale data, and threat intelligence will lead to a paradigm shift in cybersecurity, enabling security-specific AI models to augment human capabilities and improve productivity while breaking down barriers for diversity and inclusion. Jakkal will also highlight the importance of aligning these advancements with responsible AI principles of ethics, privacy, and diversity.

Ahmed Al Hammadi, Director of National Cyber Fusion Affairs (Operations), National Cyber Security Agency

Chris McCurdy , General Manager and Vice President of Worldwide IBM Security Services, IBM Security

No More Time: Closing the Gap with Attackers:

Seeing a representative from the State of Qatar at RSA was a pleasure

The National Cyber Security Agency (NCSA) of Qatar participated and presented its cyber achievements, its cyber plans, and preparations to confront potential cyber risks before, during, and after the FIFA World Cup Qatar 2022. The agency's Director of National Cyber Fusion Affairs, Ahmed Mohamed al-Hammadi, called for international cooperation to ensure a safe cyberspace and urged countries hosting future events, like the World Cup 2026, to share information and tools to ensure a successful tournament.

Kevin Mandia ,Mandiant CEO, Google Cloud

The State of Cybersecurity – Year in Review :

At RSA Conference, Kevin Mandia, CEO of Mandiant at Google Cloud, discussed the cybersecurity trends for 2022 based on 1,163 investigations. He talked about intrusion numbers, their impact on organizations, and how they compare to previous years. Mandia also discussed the Apex attack of 2022, attributed to China, and shared best practices for CISOs to defend against Apex attackers and keep their organizations safe in a rapidly changing threat landscape.

Other keynotes:

Real World Stories of Incident Response and Threat Intelligence:?An excellent session where leafing incident responders share their experiences in the last 12 months.

The Role of Partnerships in Advancing Cyber Diplomacy: Cyber diplomacy is playing an increasing role in protecting digital freedom and democratic institutions. A discussion at the RSA conference will feature cyber envoys from the Netherlands and the US, as well as private sector representatives, examining how international collaboration can limit state behavior in cyberspace and contribute to effective internet governance.

Survive the Breach-Protecting People & the Company When the Worst Happens: Experienced CISOs, legal advisors, and communication experts offer practical advice on protecting organizations and people during a crisis. As incidents can end careers and result in litigation, the panel discusses actionable steps to take. Drawing from their personal experiences, they offer insights and guidance to mitigate risks.

The keynotes and activities were the main highlights of the event. RSA Conference serves as a powerful platform for Original Equipment Manufacturers (OEMs) to launch and showcase their latest products and services related to cybersecurity. Many leading companies in the industry use this conference to unveil their latest innovations, making it an essential event for cybersecurity professionals looking to stay up to date with the latest trends and technologies.

If there is only one cybersecurity event professionals should attend in a year, it should be RSA Conference. It is worth every penny as it is jam-packed with valuable information and knowledge, featuring some of the industry's top experts and leaders. With a wide range of sessions, keynotes, and networking opportunities, attendees can gain insights into the latest trends, technologies, and best practices in the field.

See you at RSAConference2024 !

#RSAConference #Cybersecurity #InfoSec #CloudSecurity #ThreatIntelligence #ZeroTrust

#DataProtection #IncidentResponse #NetworkSecurity