Key Insights from RSA Conference 2024

Over 40,000 participants from 130 countries attended the RSA Conference (RSAC) May 6-9 at San Fransisco’s Moscone Center. Beyond the bustling booths and marketing conversations, the event featured hundreds of speeches, presentations, and workshops, where the best of the field provided attendees with their research and insights, while addressing the most salient issues of the cybersecurity landscape. In his keynote speech, U.S. Secretary of State Antony Blinken emphasized the role of Artificial Intelligence (AI) and stressed that the United Sates is creating global momentum to “harness AI.” Mandiant at Google Cloud Chief Executive Officer (CEO) Kevin Mandia shared Mandiant’s threat intelligence findings, reminding the audience that they saw innovations by offensive attackers, while there were almost no repercussions for attackers. He mentioned that Mandiant found more than 97 Zero-Day attacks, while this was less than 10 attacks until recently. He attributed part of the reason to deploying AI, which can uncover weaknesses in cyber defenses. Mandia suggested that governments and law enforcement agencies need to impose “risks or costs” on attackers. Akamai Chief Security Officer (CSO) Boaz Gelbord reminded everyone that today’s enterprises run an average 1,061 apps, so securing them is crucial for cybersecurity hygiene. He concluded that organizations need to discover, observe, and enforce application controls. To do this, organizations need to enhance interoperability by connecting and integrating the various tools they use to observe, control, and enforce app policies.

The conference displayed some major themes by speakers, including a changing attack surface where the rapid adoption of AI leads to more sophisticated attacks. The problem of deep fake identification in audio and video verification, and the ways to address the problem was another salient topic. Companies such as Reality Defender, winner of this year’s RSAC innovation competition called Sandbox, deploy AI to identify deepfakes, but their deployment is via multiple concurrent AI models instead of using single models or generation types. In the realm of OT cybersecurity, strategies for better implementing Identity and Access Management (IAM), secure and efficient patch management and secure configuration guidelines, secure coding for Programmable Logic Controllers (PLCs), continuous monitoring of the Operational Technology (OT) network, and anomaly detection using AI were some of the salient topics. Secure coding and how it should be implemented in industrial settings such as secure coding for PLCs, was another topic of debate.

The conference also showcased new and worthy innovations under the RSAC Launch Pad program where early-stage startups pitch their bold ideas and groundbreaking solutions to a group of Venture Capitalist (VC) panelists. This year, three companies made it to the Launch Pad as finalists, namely AI security startup Culminate, Large Language Model (LLM) security and privacy company Knostic, and cloud security startup Tamnoon. All three startups deploy AI for their missions. Culminate deploys AI for automatic alert investigations, therefore decreasing alert fatigue, while addressing all threat alerts. Knostic deploys AI to make LLM chatbots provide answers within a user’s need-to-know without compromising sensitive information. Tamnoon is a managed cloud security platform that deploys AI to help organizations turn Cloud-Native Application Protection Platform (CNAPP) and Cloud Security Posture Management (CSPM) alerts into action and fortify cloud security posture.        

The RSAC is one of the most significant cybersecurity events in the world, and therefore has major influence on a host of domains, including technology trends, market dynamics, policy making, and overall cybersecurity messaging. RSAC is a major force in shaping the tone and direction of trends for the cybersecurity community through its workshops, keynote speeches, and, of course, its attendants and organizational participants. The conference, in a sense, sets the cybersecurity agenda for the year, and technologies and companies that gain recognition could see VC, institutional investors, and private equity firms allocate fresh resources to them. At RSA Conference 2024, an emphasis on governance over AI technologies via robust legal action means there will be strong advocates for increasing regulation in AI-focused segments of the technology market. In terms of market trends, Zero-Trust was present, but not on the top list of topics discussed at RSAC. Instead, an emphasis on incident response mechanisms, and hardening supply chains so they can recover after an attack or external socioeconomic shocks, were on the agenda. Furthermore, there was clear demand for integrated cybersecurity solutions, especially in the OT and industrial sectors. This means we will see more Mergers and Acquisitions (M&A), such as Rockwell Automation’s purchase of OT cybersecurity company Verve, or Cisco acquiring Splunk, which was clearly reflected in the way the two conglomerates marketed their solutions, even impacting their booth setups, where the purchased company was close or adjacent to their booths. Finally, an emerging subject of interest in debates was the topic of insurance coverage in the area of cyberattack. Alluding to the importance of patching, panelists at RSAC stressed that most insurance policies do not cover attacks if organizations fail to patch vulnerabilities. They also shared their observations that extortion, including double and triple extortion, business email compromises, insider threats, and supply chain attacks are increasingly being seen in cyber insurance claims.

Industrial and cybersecurity technology providers attending RSAC will benefit from the exposure the conference provides them, while they get to know the latest technology trends and debates. This year’s RSAC revolved around AI-driven threats and security solutions, alluding to the fact that organizations need to think seriously about their AI deployments, especially in the area of identity management and access control, and threat detection and response. The latter is especially important for industrial organizations where downtime is viewed as a cardinal sin. The adoption of “passwordless” strategies to improve security and access management is another area where investments can lead to avoiding expensive breaches, while contributing to a seamless access control strategy where assets can easily be defined, accessed, and monitored. This is especially important for sectors such as oil & gas, where remote access is essential to mitigate employee mobilization costs. Other recommendations based on insights from RSAC include expanding incident response capabilities, given that even the most secure technologies might be breached, implementing secure by design strategies for the Internet of Things (IoT) and OT devices to achieve security from the bottom up, and finally developing measurable cybersecurity standards that can help determine the effectiveness of an organization’s cybersecurity practices.