Blog

RSA 2024 RECAP

Jeremy Rasmussen
By: Jeremy Rasmussen
Continuous Compliance, Cyber Defense, Events

Abacode was in full force at the RSA Conference USA 2024, held on May 6-9 at the Moscone Center in San Francisco. The conference featured the following numbers:

  • Attendance: More than 40,000 attendees, including cybersecurity professionals, government officials, and business leaders.
  • Business Expo Hall: Nearly 600 exhibitors showcased their products and solutions on the expo floors.
  • Presentations: RSA featured 25 tracks covering a wide range of cybersecurity topics, 425 sessions, and 650 speakers sharing their expertise.
Photo: Abacode’s Francesca Bellonte and Devin Bender getting ready for a busy week.
Photo: Abacode team getting ready for a busy week.

Focus on AI: When one considers some of the technological advancements of the twenty-first century – cloud computing, mobility, robotics, smartphones, search engines, big data analytics, etc. – generative artificial intelligence (AI) has the potential to surpass all of these. And sure enough, AI was mentioned early and often at RSA. A quick scan of RSA keynote, panel, and presentation titles revealed AI in roughly 25% of all sessions – and no doubt it was mentioned in others as well.

Abacode recognizes the transformative impact of AI on cybersecurity. AI is revolutionizing the anticipation, prevention, and response to cyber threats, and cybersecurity services providers and solution vendors will play a crucial role in this evolution. Look for our AI position paper coming out soon for more information!

According to a Gartner survey that came out during RSA:

·         93% of organizations are implementing or developing an AI strategy.

·         1% of risk leaders feel they are thoroughly prepared for the risks of mass GenAI availability.

 

During the conference, Microsoft unveiled a number of new advances around its AI offerings to help organizations better protect and govern data used in AI, manage data in Security Operations Centers (SOCs), and more effectively disrupt cyber-attacks. For example:

  • Microsoft Defender for Cloud Apps now enables discovering new AI attack surfaces and protecting AI apps.
  • Microsoft Purview has been upgraded to help govern AI usage to comply with regulatory and code-of-conduct policies. One new feature is a snap-in compliance template that allows you to evaluate settings versus a best practices standard (EU AI Act, NIST AI Risk Management Framework (RMF), ISO 42001, and ISO 23894).
  • Microsoft Copilot for Security will also be integrated across more of the Microsoft security stack, allowing for more automated response and orchestration.
Photo: Public announcement of new AI security compliance features in Microsoft Purview.
Photo: Public announcement of new AI security compliance features in Microsoft Purview.

Some Interesting Announcements:

  • On the first day of RSAC 2024, AT&T announced that it had spun out its cybersecurity business into a standalone company called LevelBlue, which is backed by private equity firm WillJam Ventures. Abacode was named AT&T Cybersecurity North American Partner of the Year for 2024 by AT&T Cybersecurity and will continue to offer SIEM/SOC services using the USM Anywhere platform. Rumor has it that the platform will receive some added attention in terms of product development and features roadmap under the new management.
  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced its Secure by Design pledge, which signifies that a software maker will commit to building enhanced security into their products. More than 50 vendors, including many in the cybersecurity industry, have signed the pledge so far. Initial signatories include Microsoft, Google, Palo Alto, Trellix, Proofpoint, Okta, Fortinet, Sophos, Zscaler, SentinelOne, and Qualys.
  • SentinelOne unveiled its own version of Copilot for Security called Purple AI, a chatbot that provides expert analysis to augment the skills of cybersecurity teams. It also provides anomaly detection, automated alert triage, response recommendation, investigation, and threat intelligence capabilities.

 

Trends: At last year’s RSAC, we saw dozens of new threat intelligence companies. This year, we saw a proliferation cloud security posture assessment and monitoring tools. Some of the highlights were as follows:

  • CrowdStrike unveiled a new Cloud Detection and Response (CDR) capability, including cross-domain threat hunting for Microsoft Azure environments, expanding visibility into cloud control plane activity.
  • Tenable showed its Cloud Security Posture Management (CSPM) solution which identifies misconfiguration issues and compliance risks across multi-cloud environments.
  • Orca Security announced that it is now working with Aqua Security (seems like a natural, right?), whereas the two had previously been rivals. This highlights a trend in which “frenemies” are increasingly collaborating because customers demand interoperability of their tools platforms. This new partnership creates a powerful combination of multi-cloud visibility and security provided by the Orca platform combined with multi-and hybrid cloud runtime protection for cloud native workloads offered by the Aqua platform.
  • In its first-ever RSAC appearance, Wiz had one of the most memorable booths at the Expo with its “Magical WizMart,” which showcased some of the company’s capabilities around being able to provide full visibility to all security issues in the full cloud stack, contextualized and prioritized “in less than an hour.” The Israeli cloud security company headquartered in New York also announced a new $1 billion round of funding with a staggering $12 billion valuation for the four-year-old startup. Talk about a unicorn!
Photo: WizMart shelf showing “acronym soup” of various cloud security protocols.
Photo: WizMart shelf showing “acronym soup” of various cloud security protocols.

Zero Trust in Practice: While I did not make it to an abundance of presentations, one of the interesting ones for me was the CISO of Kraft-Heinz Company, Ricardo Lafosse, at the Cloud Security Alliance AI Summit. He spoke openly about getting popped by the Snatch ransomware group due to some admittedly dumb mistakes (misconfigurations around identity, VPN, and vulnerability management), and how the company was going about implementing a zero-trust approach to lower the risk of such attacks in the future. In particular, his firm is eliminating on-premises Web gateways, directing all traffic to a cloud security service (ZScaler), and applying protections through granular security controls. Of course, no plan is perfect. On the same day as that presentation, a threat actor known as IntelBroker claimed to have breached Zscaler. So far, it appears that only a test site was compromised, but the investigation is ongoing. But this only goes to reiterate the need for a defense-in-depth approach and continuous monitoring as Abacode provides through its Cyber Lorica™ 24×7 SIEM/SOC solution.

Photo: Kraft Heinz plan for implementing a Zero Trust Architecture presented at the CSA AI Summit at RSAC 2024.
Photo: Kraft Heinz plan for implementing a Zero Trust Architecture presented at the CSA AI Summit at RSAC 2024.