Navigating the Cybersecurity Frontier: Highlights from RSAC 2023

The 2023 RSA Conference (RSAC) brought together top cybersecurity experts, venture capitalists, and startups from around the world, bringing the latest innovations in a world of increasing digitalization and distributed work. This year's conference showcased a wide range of innovative cybersecurity technologies and trends shaping the industry, most notably with AI as a centerpiece of discussion. The first day morning session included “The State of Venture Capital in Cybersecurity” run by leading cyber VCs describing the major activity and dynamic changes in venture funding and M&A in cyber. The Innovation Sandbox showcased many companies that reflected key trends such as AI, blockchain, and machine-to-machine opportunities. HiddenLayer ’s winning of the RSAC Innovation Sandbox was well deserved (among a quite strong and mature set of competition) and in line with the recent surge of interest in AI. In-line with this year’s theme of “Stronger Together”, leading companies like Palo Alto Networks , Snowflake , JupiterOne , and Tines showcased their single-pane source of truth across network data, assets, and APIs through partnerships.

The cybersecurity venture funding landscape underwent a noticeable shift between 2021 and 2022. While 2021 experienced a thriving market with 1048 deals and a total investment of $30.4 billion, leading to the emergence of more than 30 new unicorns, 2022 witnessed a decline in total funding. The 1037 deals in 2022 amassed $18.5 billion, marking a 38.9% reduction in funding. This could be attributed to a change in VC behavior, in particular late-stage investors becoming more cautious in their approach in the second half of the year and finding public market prices and assets more attractive. However, there were still 95 funding rounds exceeding $50 million. Furthermore, 15 new unicorns emerged in 2022, including Vanta, Devo, and Material, indicating a continued interest in innovative cybersecurity solutions. A quarterly analysis reveals a decline in funding from $9.6 billion in Q4 2021 to $3.5 billion in Q4 2022 (for context, Q4 2020 was $3.9 billion). This downward trend could signal a cooling off in the market after a period of intense growth and investment and an important time for cybersecurity startups to increase focus on controlling burn and ensuring strong product market fit and revenue growth.

Mergers and acquisitions (M&A) activity, on the other hand, flourished in 2022, with a 48% YoY growth amounting to $119 billion across 263 deals. The most prominent sectors involved were managed security service providers (MSSP), security, and risk, indicating a strategic focus on consolidating expertise and resources within these areas. The 13 $1 billion deals in 2022, including notable transactions such as Keseya's acquisition of Datto for $6.2 billion, KKR's acquisition of Barracuda for $4.0 billion, Thoma Bravo's acquisition of Ping for $2.8 billion, and Vista's acquisition of KnowBe4 for $4.3 billion, further illustrate the ongoing interest and investment in the cybersecurity industry. These large private equity players in addition to established cyber players like Palo Alto (who acquired 13 companies in the last five years) create significant opportunities for consolidation and exits to cyber startups.

Cybersecurity is an industry driven by underlying technology and societal trends. New opportunities emerge because of new technology, new technology innovation, societal behavior, as well as regulation. Four areas that were well represented in the Innovation Sandbox in reflecting these major trends included cyber applied to AI and LLMs, blockchain technology, machine-to-machine communication, and remote work.?

Artificial Intelligence (AI) and Large Language Models (LLMs): AI was the unofficial theme for the week. AI and LLMs have been increasingly integrated into various technology platforms and applications, revolutionizing industries across multiple sectors. Hidden Layer, whose solution enables the protection of AI models, like a combination EDR and WAF for AI (called an MLDR for Machine Learning Detection and Response), won this year’s 18th RSAC Innovation Sandbox. They are well positioned to enable the protection of these highly important assets in a company. The emergence of OpenAI’s ChatGPT has awakened many to the power of AI. LLMs enable natural human language communication as well as understanding. Given recent news on the absorption of proprietary enterprise data onto OpenAI/ChatGPT such as by three employees of Samsung recently, many enterprises are very keen on ensuring that their data does not get subsumed into public-facing systems like ChatGPT. Hence, private model / fenced-off versions of LLMs are necessary to enable the avoidance of data leakage and unintended disclosure.

It is early innings for cyber companies to leverage AI and LLMs but at RSAC 2023, SecurityScorecard , showcased their use of ChatGPT-4 to improve the human-facing Q&A on their platform, such as asking what were the top 10 riskiest vendors in my platform. SentinelOne launched its own Generative-AI solution for facilitating better answers to complex threat and adversary hunting questions using their own natural language. SentinelOne’s CEO Tomer Weingarten said, “There is a huge shortage of cybersecurity talent, and in advancing the capabilities of skilled security practitioners, our new capabilities will allow organizations to quickly scale to secure the cloud and avoid the storm of automated and fast-flux attacks that adversaries using generative AI can create.” Just as AI is creating efficiencies for those in the creative industries for AI-generated articles, photos, and videos, AI can create efficiencies for cybersecurity talent.?

While these technologies have numerous benefits, they also pose new cybersecurity challenges. Attackers can leverage AI to create sophisticated malware, automate cyberattacks, or manipulate data with greater precision. This past year, we’ve seen the large-scale impact that LapSus$ had through social engineering on top companies like Microsoft, Okta, and T-Mobile. The members of this group were between 16 and 21. Imagine what AI-empowered hackers could potentially do with leverage of improving tools, automation, automated social engineering (engaging with human language), and 24/7 improvement like Auto-GPT? Heather Mahalik (Sr. Direct of Digital Intelligence at SANS Institute) noted that ChatGPT could be a tool for social engineered phishing attacks. Certainly, cybersecurity defense companies and professionals need to prepare for these risks. Just the same, AI and ML can be utilized to enhance cybersecurity by improving threat detection, automating incident response, and facilitating real-time analysis of large-scale data. RSA’s CEO said that zero trust needed to be AI-powered in order to be adopted. This trend opens up opportunities for cybersecurity companies to develop innovative AI-driven security tools and solutions to stay ahead of emerging threats and protect against evolving attack methods.

APIs and Machine-to-Machine/App-to-App Communication: The proliferation of APIs, IoT devices, increase in remote work, has led to an increase in machine-to-machine (M2M) and app-to-app communication and API calls. This interconnected environment has expanded the attack surface for cybercriminals, who can now exploit vulnerabilities in APIs and machine-related assets such as keys. As a result, there is a growing demand for comprehensive security solutions that protect these components. Forbes recently reported from IT-Harvest noted there are 27 API security companies. A Sandbox Finalist, Astrix Security , represents this trend well with their “non-human” identity protection. Just as Privileged Account Management in the past has governed admin-level human identity, password, and access control, there need to be governance systems for machines. The rise of AI and potentially autonomous agents in an enterprise will also increase this need for machine-to-machine governance. The same needs in visibility, threat detection, privileged account (including machine) behavior monitoring, and quick remediation is as necessary here as they are in traditional PAM.

Remote Work and Digital Transformation: The global pandemic accelerated the transition to remote work and pushed organizations to adopt digital solutions rapidly. This shift has expanded the attack surface for cybercriminals, as businesses increasingly rely on cloud services, remote access tools, and online communication platforms. This trend has created opportunities for cybersecurity companies to develop and provide cutting-edge products and services to protect remote workforces and digital infrastructure. In particular, this year I saw many Enterprise Browser startups and solutions. Island and Talon (by Palo Alto Networks) were two of the more well-known companies in this space, but also Mammoth Cyber (of which I am an investor) as well as at least four other early-stage startups that boothed at RSA were focusing on security from the browser. The reason why a secure Enterprise Browser is important as encrypted network traffic makes it more difficult to perform behavioral analysis and VPNs only secure the connection, not observe it. However, the browser naturally can observe, detect, record, and identify abnormal or risky behavior such as downloading significant internal code or pasting documents into ChatGPT. During a booth visit, one of the vendors showed how they could also intercept clicks on specific buttons from specific web pages (such as an AWS configuration page) and require additional defined authorization before the user can complete the action. This technical direction alongside other browser-centric security capabilities will likely continue to increase in importance.

Web3/Blockchain: Blockchain technology, known for its decentralized and distributed nature, has gained significant traction in various industries. While it provides several security advantages, it is not immune to cyber threats. Blockchain has a variance of attack surfaces and very large assets in various protocol’s token values. In 2022 there were major blockchain hacks such as the Ronin bridge hack ($600M+) and Wormhole bridge exploit ($300M+) As such, the need for cybersecurity in the blockchain ecosystem is crucial. AnChain.AI ’s inclusion on the Innovation Sandbox Finalist list was a major first step in acknowledgment by RSAC on the importance of blockchain security. Interestingly, most of the questions asked by the panelists to Anchain were regarding whether Web3 was a viable market rather than product-related questions. This may indicate that there is room for more exposure of Web3 technologies to the traditional cybersecurity community. As in recent times, government agencies such as the SEC are increasing crypto asset enforcement and monitoring, cyber services that help provide on-chain intelligence, monitoring, detection, and investigation will be important. Companies like TRM Labs (am an investor in) and Chainalysis are other examples providing threat intelligence for Web3. This in addition to wallet-based multi-party security and fraudulent transaction detection, smart-chain contract and protocol auditing and formal verification, and malicious address libraries are some additional tools being used. Similar to general cybersecurity, web3 cybersecurity will also quickly have both all-in-one and best-of-breed companies. Notably, Anchain was not the only Web3 security company as Zama ’s fully homomorphic encryption can potentially enable more private blockchain transactions by keeping inputs and outputs in smart contracts encrypted and only decrypting in transition. The CEO mentioned at the demo integration with ZK (zero-knowledge proof) enables end-to-end encryption and decryption, which can help with transaction privacy.?

In line with the official theme of RSAC 2023 “Stronger Together”, large technology platform companies and cybersecurity companies are increasingly striving to become the main platform for governing critical aspects of digital infrastructure, such as identity, data, network traffic, assets, and APIs, and are partnering to do so to provide comprehensive security and management capabilities. Many cooperative demos were provided at the RSAC 2023 Expo. Zscaler and Arctic Wolf demoed Zscaler’s centralized cloud internet access and event streaming platform combined with Arctic Wolf’s security operations concierge service and Open XDR platform. Snowflake showcased their one source of truth data platform together with Hunters providing a cybersecurity-oriented data management layer for turnkey security analytics and data. Tines cooperated with JupiterOne by utilizing Tines’ API connectivity and JupiterOne’s asset management technology. Major aspects of cybersecurity will continue to need single-pane sources of truth views of the world and companies are partnering to get there.

Expo browsing and special events: I always like browsing the various expo booths and other side events. Favorite event was Ten Eleven Ventures and KKR 's joint event (thank you Alex Doll , Mark H. and Todd Weber ) where I reconnected with a number of cyber VCs and startups. One especially delightful expo giveaway was a signed copy of "A Hacker’s Mind" by Bruce Schneier sponsored by ThreatX . Other interesting startups of note included: Inside-Out Defense (shout-out to fellow Bainie Ravi Srivatsav ) who is addressing privileged account management abuse. Resourcely enables easy creation of secure workload configuration. SafeBase (a RSAC Sandbox Finalist as well) I believe can be the default 3rd party cybersecurity vendor onboarding tool. William L. 's cyber startup (still in stealth) and new book on cyber entrepreneurship and VC "The VC Field Guide " both are also special to highlight.

The 2023 RSA Conference showcased the latest trends and innovations in the cybersecurity industry, including the increasing role of AI, blockchain technology, and remote work. The conference highlighted the dynamic changes in venture funding and M&A activity, with a shift in VC behavior and late-stage investors becoming more cautious. Despite this, the industry continues to witness the emergence of new unicorns, and remains a significant area of interest for strategic acquisitions. There continues to be plenty of innovation around new technology platforms and it will be exciting to see how AI is applied to cybersecurity this coming year.

Thank you and for more info:

Thanks for reading - would love to connect on LinkedIn with you! Always happy to meet other cyber practitioners, entrepreneurs, investors, and those who want to start getting involved in the cyber startup investment scene. I’m also recruiting for a Sr. Associate / Principal – if you or a friend is interested in the industry please let me know. :) All are also welcome to join an upcoming webinar I am hosting on June 2nd on AI and Startup Innovation .

Edward Tsai is Managing Partner at Alumni Ventures (Westwood and Blockchain Fund). Alumni Ventures has 600k+ community members and 9000+ investors and was the most active VC in the US in 2022 according to Pitchbook.