Artificial Intelligence (AI)
RSAC 2024 Review: AI & Data Governance Priorities
Get our take on the RSA 2024 conference where we review some of the major topics covered such as AI and data governance.
RSAC, we are so back. If I thought RSA Conference returned last year in full force, the 2024 edition proved to be an even more formidable contender as the innovation hub for the cybersecurity industry worldwide.
Coming off a year of high-profile breaches, rapid AI innovation and adoption, an unprecedented volume of federal elections, and geopolitical conflict around the world, RSA Conference became the conversation platform for the urgent advancement of cybersecurity programmes and strategies.
Sessions captured the spirit of cyber moving centerstage for federal governments and agencies, multinational corporations, and regional entities as a leading consideration in the way organisations operate today. At the same time, the show floor displayed key trends in the technology landscape and mirrored some of the most notable priorities security leaders are pursuing today.
Data Protection and Data Governance
Whether in conversation with chief information security officers, walking the show floor, or popping into panel discussions at Moscone, data security surfaced in every corner of the conference as an evolution or perhaps even a replacement of last year’s “Zero Trust Washing” on the ground.
In particular, data governance emerged as a top priority as data availability, usability, integrity, and security continues to be scrutinised and held to higher regulatory and organisational standards. Data security posture management (DSPM) and – and to a lesser extent – data detection and response (DDR) were the enabling technologies present in data governance conversations. Today, organisations are motivated to tick off proactive defence (DSPM) and resilient protection (DDR) objectives, develop exfiltration resistant security practises, and answer the questions
- Where is my data living?
- Who can access data?
- What are the present risks to my data?
- What security protocols and policies should be applied?
- What is my data security posture?
- Has there been a material change to data or data access?
Tasteful AI Execution and Tackling AI Risk and Threats
The AI conversation at Moscone was both prolific and surprisingly actionable and realistic.
The start-up community came prepared with timely solutions for machine-to-machine (non-human identity) risks scaling in an AI-driven world, opportunities to mitigate the threat of synthetic media as social engineering, deepfake and audiofake threats proliferate. Following major headlines, we know now that synthetic media has the power to affect anyone. Cybersecurity technology vendors, federal governments, and social media platform providers will need to work in tandem to get in front of this challenge in the weeks and months ahead.
Unique approaches to secure AI deployment within the enterprise were also top of mind at RSAC. Trend was firmly in the generative AI conversation as we launched our AI Gateway ahead of the conference, providing security teams with available tooling to centralise the management of employee access and use of AI applications (like ChatGPT and others), inspect prompts to prevent data leaks, filter content to meet compliance requirements, and defend against LLM attacks.
Generative AI opportunities for the SOC continued from last year as security pros offered more use cases for platform cybersecurity assistants. My prediction for the SOC in 2024 is a shift from user-initiated AI experiences (i.e. exclusively chat-style interfaces) to AI-initiated user experiences, where generative AI assistants surface prioritisation, tasks, and guidance proactively and in-context based on telemetry sources and threat intelligence feeds.
Proactive Mindset and Security Posture Management (SPM) at the Forefront
Point solutions for layer-specific SPM were highly visible on the show floor. From AI-SPM, application SPM, or the previously mentioned DSPM, the trend toward proactive security was heavily on display. This mindset shift, led by Trend with the introduction of Attack Surface Risk Management in 2022, has become mainstream as security teams prioritise accurate asset inventory across internal, external, and human attack surfaces. While promising to see greater interest, innovation, and uptake in security posture management
- Cyber risk management is largely ineffective when done in siloes. Point strategies to security posture management lack the necessary prioritisation and contextualisation of risk present in the enterprise environment, making it challenging for analysts to focus efforts on the most critical tasks at hand.
- Security posture management without remediation guidance or action provides a long list of problems with little solutions.
- Risk identification and scoring remains challenging and inconsistent. Risk formula calculation must be available and exposed to users to be considered a valid and trustworthy metric.
Trend Attack Surface Risk Management provides an integrated security posture management experience extending asset discovery and inventorying to include continuous risk assessment/scoring, prioritisation across asset types (i.e. cloud, data, users, devices, IP/domain), generative AI driven remediation guidance, and in-console remediation action options.
NGSIEM and XDR convergence begins
If the last RSAC was marked by the XDR explosion, this year the conversation was balanced by the emerging market category, NGSIEM, as security teams demand more out of their SIEM investment.
For platform players to meet demand, acknowledgement of the need for security analytics and detection engineering across third-party telemetry feeds is required. Across company size, organisations today have deployed EDR and XDR for stronger security outcomes compared to legacy SIEM – which often acts as an expensive solution to limited compliance requirements. Now with the evolution of NGSIEM, the value of detections on top of third-party data and enriching existing events in the enterprise environment and developing brand new detections from third parties can help close the gap between different products being used in the security stack and improve key metrics like MTTD and MTTR.
In the mid-market specifically, XDR with NGSIEM capabilities (i.e. integration and ingestion of telemetry feeds from third parties), solves a massive challenge by delivering detection and response use cases more efficiently with less time and less engineering resources required. As NGSIEM picks up speed, security buyers may consider managed NGSIEM or SOC-as-a-service options to take on more of the heavy lifting as even a well-staffed SOC can benefit from support on detection modelling.
From a security outcomes perspective, native XDR is still the most effective option to detect and respond to threats. From a deployment and feasibility perspective, NGSIEM offers a realistic detection and response option for very large entities and entities who carry significant tech debt. My caution to security buyers, vendors pitching NGSIEM should be able to demonstrate an evolution, not merely a rebrand of a failed XDR strategy.
2023 Prediction Scorecard
In our 2023 RSAC round-up, I captured four categories of innovation where I expected to see movement in the market:
Risk Prioritisation: We saw some improvement in technology risk prioritisation solutions – however siloed, point-solution approaches left me wanting more.
Cyber Risk Quantification: Board-level advocacy and using cyber risk quantification to up-level the importance and influence of cybersecurity as an operations and reputation risk vector was highly present. Security leaders explicitly identified risk indexes and even financial translation of cyber risk as important tools in their kit to argue for greater investment, headcount, and additional resources.
Generative AI Governance: Several AI governance solutions from the start-up community and from major players – including Trend Micro – were present on the show floor as SaaS applications integrate AI into their technologies and as AI use and abuse scales.
Merger and Acquisitions Volume: The show floor did in fact look different, with key players consolidating with large entities. I expect this trend to continue into 2024 as investment deals lower by volume and dollar amount.