RSAC 2024: Unleashing the Art of the Possible
In this blog
The RSA Conference has always embodied a strong sense of community. From engaging with our customers to reconnecting with old friends and collaborating with our cyber partners and OEMs, the conference fosters meaningful connections. What truly stands out about this community is its spirit of innovation, perfectly encapsulated by the RSA Conference theme "Art of the Possible."
Together with WWT
This year's conference once again illuminated the cyber industry's latest advancements, strategies and insights. Our team was very busy, executing over 150 client/partner meetings and events during the week. In addition, this year, amidst the fervor of exploration, the conference witnessed a historic milestone as World Wide Technology (WWT) proudly sponsored the third annual NightDragon Innovation Summit.
This visionary event, hosted by industry veteran Dave DeWalt, Founder and CEO of NightDragon, convened a global discussion on the State of the Cyber Union, welcoming distinguished guests from both public and private sectors, including representatives from the White House, CISA, NSA, global intelligence leaders, top Cyber CEOs from Palo Alto Networks and Crowdstrike, and Fortune 500 CISOs. This summit set an electrifying tone for an unforgettable conference, where innovation thrived and possibilities soared.
Also, as a part of the Summit, NightDragon, Cisco and WWT announced a collaboration with NPower to increase diversity and empower individuals from all backgrounds to pursue careers in cybersecurity. The collaboration will work to close the cyber talent gap and advance the state of cybersecurity workforce training and development by hiring NPower candidates within their respective ecosystems and support the non-profit through volunteer engagement. The organizations will work together to evangelize the importance of closing the cyber talent gap and increasing diversity within the industry.
AI security takes center stage
Reflecting on the rest of RSA, (outside the Summit) in the spirit of the "Art of the Possible," it is not surprising that AI Security was top of mind. From the opening keynote's nod to the 1983 film WarGames to the final session, AI was the buzzword of the year. The conference's focus on AI security marked a significant shift from the 2023 debate on AI for good versus AI for evil. This year, the conversation centered on the pressing need to secure Generative AI and Large Language Models (LLMs), dubbed "Security of AI."
In considering all the different ways AI was showcased, three AI themes stood out:
1. AI for security: efficiency and automation
While AI for Security was a prominent topic, it was clear that vendors are now focused on harnessing AI to enhance their existing tools, rather than simply using AI as a marketing gimmick. The emphasis is on delivering efficiency and automation to offload complexity from security professionals' jobs. However, a notable anti-theme emerged: the idea that customers prefer tool consolidation over selecting the best tool for the desired outcome was repeatedly debunked. Innovation remains top of mind for security buyers, and the buzz around innovative startups at RSA 2024 was palpable.
2. Security of AI: supply chain and development pipelines
Conversations around the AI software supply chain were particularly insightful. The launch of CISA's Secure by Design pledge program brought software supply chain security to the forefront, and the new trends of AI/ML operations require a different control approach than traditional DevSecOps. Solutions are needed to address insecure development pipelines for AI and ML applications, but customers are wary of introducing new security work streams.
3. Red teaming and data security
In sessions focused on security of AI, red teaming professionals demonstrated a growing understanding of LLMs' capabilities and limitations. While prompt injections, hallucinations, bias and jailbreaking remain buzz-worthy topics, the focus has shifted from exploiting LLMs' vulnerabilities to securing the data they interact with. Red teamers are now honing their craft to determine whether LLMs can reveal sensitive data, making data security a critical priority for security professionals.
Other noteworthy themes
While AI dominated much of the landscape at RSA, it was not the only area of focus. Some other themes that caught our attention were:
Cyber resilience and recovery: The concept of "when not if" an organization will have a security event was prevalent. Driven by regulatory policies and cyber insurance requirements, customer organizations are leaning into cyber resilience.
Identity and endpoint: Given the heightened threat activity and the regulatory environment, both identity and endpoint security are still high priorities. Proactive assessment, decision-making and training were top of mind for many risk executives, as was the desire for additional platform consolidations and simplification in these areas.
Zero trust and micro / macro segmentation: We saw a resurgence of these themes, which dominated the RSA headlines a few years ago, spurred on by the quick emergence of AI both from an opportunity and risk perspective. One new twist this year was the many risk executives looking to blend solutions from current leaders and start-ups in this space to create a more holistic visibility picture.
Cybersecurity for service providers
A final area of interest at this year's RSA was the long-awaited (and needed) cybersecurity solutions for service providers. In the past, there seems to have been a lack of cyber solutions specific to mobile network architecture or carrier-grade network use cases. Many industry leaders have SP-specific teams or solutions, but it has historically been few and far between when it comes to presence at RSA. This year it feels like the industry has finally started catching up to the idea of securing 5G and mobile network architecture. Whether that is being driven by the increased awareness of threats and threat vectors globally, or if it's due to the need to monetize 5G, we saw an uptick in presence from vendors with telco security solutions.
What we saw at the conference directly correlated to high visibility initiatives our clients are undertaking – such as next-gen SIEM, XDR, and cyber resilience and recovery. For SIEM, clients are ready for new and creative ways to support their security operations teams as vendor after vendor, small to large, were showcasing unique ways to offload spend from traditional SIEM platforms.
Final thoughts
The RSA Conference 2024 exemplified the industry's dedication to exploring new horizons and pushing the boundaries of cybersecurity. While AI continues to transform our digital landscape, risk executives must prioritize and take proactive measures to address not only the risks AI poses, but also more traditional themes like cyber resilience and zero trust.
The need for collaborative approaches, adversarial awareness, AI-powered security tools and supply chain security were some of the key takeaways for our team. The culmination of the conference was the drum beat that it will take the full community to realize the full potential our current "Art of the Possible" landscape poses.
To ensure a safer digital future, we must lean in together, prioritize data security, secure AI development pipeline and harness AI's power while mitigating its risks, all while keeping an eye on the traditional cyber themes that will lay the foundation for our brave new AI Powers world.
All in all, the RSA Conference this year was one for the ages, and we can't wait to start planning for next year.