Join us in returning to NYC on June 5th to collaborate with executive leaders in exploring comprehensive methods for auditing AI models regarding bias, performance, and ethical compliance across diverse organizations. Find out how you can attend here.
Quickly progressing from first-generation chatbots to an essential ingredient of the high-octane fuel that’s running hyperscalers and cybersecurity platforms, AI’s dominance at RASC 2024 proves it is the DNA of cybersecurity.
RSAC’s theme of “the art of the possible” sums up how cybersecurity vendors are looking to capitalize on the inherent strengths of the technology. There’s a strong focus across all vendors offering platform-level AI support for everything from automating security operations center (SOC) workflows to predicting threats to deciphering data to find inside threats.
RSAC 2024 is the Formula 1 race that cybersecurity needs
This year’s RSAC 2024 was like a Formula 1 race, complete with 40,000+ fans and new technologies focused on greater acuity, accuracy, speed and visibility. Vendors are seeing AI, visibility (ideally to the kernel level), and hardware acceleration made possible by stepwise gains in graphics processing units (GPUs) and data processing units (DPUs).
Drafting behind Nvidia’s momentum in hardware acceleration is the racing strategy of choice for everyone from hyperscalers, platform providers, best-of-breed apps and startups. GPUs and DPUs contribute high-octane fuel to new generative AI platforms, large language models (LLMs), apps and tools making it possible to move beyond limited gen AI chatbot use cases into infrastructure-level challenges. Cisco, CrowdStrike, Commvault, Microsoft, Palo Alto Networks, SentinelOne, Splunk and many others say hardware acceleration is a strong influence on the future of cybersecurity.
Improving accuracy, speed and visibility of threat data was a core message of RSAC 2024. Of the many keynotes mentioning applying genAI to the challenges of automating SOC reporting and streamlining workflows, CrowdStrike’s president, CEO, and co-founder George Kurtz, keynote Next-Gen SIEM: Converging Data, Security, IT, Workflow Automation & AI summed it up well. “It can take days to ingest data can take days to actually get through queries. So if you want to find and investigate an alert, you can’t be waiting days, particularly when you’re trying to triage an incident and it all goes back to that concept of how do you bend time and how do you actually move faster than the adversary,” said Kurtz during his keynote.
Enabling more adaptive, secure data center infrastructure is the goal
The combination of AI, visibility and hardware acceleration opens up opportunities for vendors to take on far bigger challenges. At the top of the list are what many CISOs and CIOs consider their most dreaded and riskiest project from a career standpoint: revamping legacy data center infrastructures to make them more efficient and secure.
“But the reality is, as you see application and infrastructure change there’s a couple of things that still remain very hard. Securing these applications is pretty hard, and securing the infrastructure is even harder,” Jeetu Patel, executive vice president and general manager of Security and Collaboration for Cisco, told the audience at his co-presented keynote with Tom Gillis, senior vice president, and general manager of Cisco Security, The Time Is Now: Redefining Security In the Age of AI. Patel and Gillis’ keynote provides the clearest narrative provided at RSAC 2024 of how the industry is trying to combine AI, visibility and hardware acceleration.
What CISOs were talking about at RSAC 2024
VentureBeat’s briefings and discussions with CISOs and CIOs found strong interest in cloud security, cloud-native application protection platform (CNAPP), container security, endpoint security, IAM (identity access management), risk management, SASE (secure access service edge), extended detection and response (XDR) and zero trust.
VentureBeat spoke with several CISOs attending RSAC 2024 to learn what’s new in SASE and meet with vendors’ senior management teams. All of them want to know what’s coming on SASE roadmaps.
“When thinking about the future of SASE, we believe it will address the biggest threat we have in cybersecurity. Which is not a specific threat group or hacking tool, but rather the complexity of the security stack by consolidating networking and security into a single platform with a single console,” Etay Maor, chief security strategist at Cato Networks, told VentureBeat. “A SASE platform will enable any organization to achieve an optimal security posture, regardless of changing business needs or an evolving threat landscape, without depending on massive grunt work and extensive resource investment.”
Noteworthy among the many SASE solutions at RSAC 2024 was Cradlepoint’s NetCloud SASE. A single-platform secure access service edge (SASE) solution optimized for 5G and Wireless WAN, NetCloud SASE includes zero trust security and SD-WAN. Cradlepoint showed how cellular optimization and intelligent bonding boost performance, while advanced isolation technologies and a focus on minimizing the attack surface for managed and unmanaged devices protect against cyber threats. Their AI-based NetCloud Assistant (“ANA”) uses natural language processing to assist NetCloud users with everyday queries about the operation of their network, providing recommendations on cellular endpoints for specific use cases to troubleshoot network performance.
Additional noteworthy announcements at RSAC 2024 included the following:
Google launches Threat Intelligence, combining Mandiant’s frontline security expertise with VirusTotal’s user network and Google’s data analytics of indicators of compromise from devices and emails. Capitalizing on its core strengths to launch a competitive service into the cybersecurity market, Google launched its Threat Intelligence solution at RSAC 2024 last week. Gemini 1.5 Pro is integrated into Google Threat Intelligence, enabling conversational searches across threat data repositories. Google promises organizations advanced malware analysis and automated data enrichment by monitoring global threats through crowd-sourced and human-curated intelligence.
Palo Alto Networks launched a series of copilots for Strata, Prisma, and Cortex Platforms, enhancements to Cortex XSIAM, and their Precision AI initiative, including a new security bundle. Copilots for the Strata, Prisma, and Cortex Platforms were introduced to improve productivity and outcomes through natural language processing queries by SOC analysts and teams. Prisma Cloud AI-SPM was also introduced, providing capabilities to reduce risks in AI environments, with a focus on model risk and data exposure. Enhancements to Cortex XSIAM include an integrated AI-driven security operations platform, improved cloud detection threat analysis, and a BYOML framework for creating custom ML models. The Precision AI Security Bundle uses machine learning, deep learning, and generative AI to combat advanced threats such as web-based and zero-day attacks, as well as DNS hijacking. AI Access Security offers robust controls and proactive threat prevention. AI Security Posture Management (AI-SPM) improves AI ecosystem security by identifying vulnerabilities and misconfigurations. AI Runtime Security protects AI-powered applications against threats like prompt injections and model DoS.
SentinelOne Introduces Singularity Cloud Native Security CNAPP and new capabilities within its Singularity Platform. The result of SentinelOne’s recent acquisition of PingSafe, Singularity Cloud Native Security CNAPP, is designed to emulate attack strategies and provide security teams with a prioritized, evidence-based list of potential exploit pathways. The goal is to give security teams the flexibility of allowing for preemptive security measures against critical vulnerabilities. The platform’s Offensive Security Engine minimizes false positives and increases the relevance of alerts, setting it apart from competing products in the market. Purple AI, SentinelOne’s AI platform. Now has AI-powered anomaly detection, automated alert triage, AI-powered response recommendations, hyper-automation rules and 24/7 auto-investigations. The company also added an integration to Mandiant Threat Intelligence. All current and future Purple AI capabilities are integrated across the Singularity Platform and accessible using the company’s new Singularity Operations Center.
SEC Compliance and CISO Liability dominated discussions. One CISO who spoke on the condition of anonymity told VentureBeat he has two major goals this year: secure the enterprise to drive greater growth and not go to jail. CISOs are concerned about compliance and staying within SEC guidelines for reporting material events. CISO liability, guidance on how to stay in compliance with the U.S. Securities and Exchange Commission (SEC), secure-by-design, and software supply chain security dominated discussions with CISOs and CIOs.
CISOs welcomed the Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design initiative, which requires vendors to secure customers’ data and identities as a core business requirement.