The 2024 edition of the RSA show is now in the books. An estimated 40,000 attendees attended the show, and another 40,000 attended events around the Moscone Center to check out the latest and greatest in cyber security.
The massive audience security draws shouldn’t be a surprise, and this industry changes faster than any other IT domain. Also, it applies to everyone in an organization—from C-level executives to IT pros to app developers and, obviously, security pros. While the products are attractive, my interest in RSA was understanding key themes driving security evolution. Below are my top five thoughts from RSA.
Security buyers aren’t ready for AI yet – but they should beArtificial intelligence (AI) has been a top theme at every event I have attended this year, and RSA was no different. The vendor community has been busy building AI tools to help security pros understand possible threats faster and, if required, automate the process of remediating them. I interviewed several CISOs regarding AI and security, and most had a high degree of interest in it but were not ready to pull the trigger on putting it into product environments.
This is why most vendors have a system to “recommend” updates and changes before execution. I believe the “prove it” phase for AI in security should be short as, in general, machines can see far more than people can. I'll issue this warning for security pros holding off AI because they’re concerned about it taking their jobs. AI won’t take your job, but an engineer who’s willing to use AI will.
Generative AI is adopted, but the security implications are still being discoveredSince the launch of ChatGPT, every company I have interviewed has at least a subset of workers using GenAI in some capacity. Some companies have tried to block it, but that has proved futile. The challenge with GenAI is that only some companies understand the long-term security implications. I chatted about this with Dr. Vito Nozza, Director of InfoSec at Systems-Integrator C1 and he told me in a recent study they did, 92% of organizations are highly familiar with GenAI and a whopping 77% say there is a high use of it within their company. Additionally, two-thirds of organizations have already revised their cybersecurity programs to include risk introduced by AI. This will require the security vendors to pivot their AI strategies; most have a strong “AI for security” strategy where AI is used to improve operations, but few have addressed “security for AI.”
Platformization is well underway, but it's an on-going struggleTo consolidate or not consolidate, that has been the question on security buyers’ minds since the birth of cyber. In reality, the security industry has undergone a wave of consolidation. At one time, firewalls, VPNs, intrusion prevention system (IPS) and other services were delivered as standalone functions. Today, those functions have been rolled up into next-generation firewall (NGFX), which gave rise to companies such as Palo Alto Networks, Cisco, and Fortinet. Today, SSE plays a similar role to cloud access security broker (cloud access security broker (CASB)), SWG, zero-trust network access (ZTNA), and other cloud-delivered security services, enabling companies such as Zscaler, Lookout, and Netskope to market.
The challenge for buyers is that big security vendors, such as the ones mentioned above, play the role of consolidators while emerging threats are the domain of startups. This means security is the “Schrodinger's Cat” of the IT industry, and the strategy must be to consolidate and expand the number of vendors one uses simultaneously. It’s a vicious cycle, but it’s the reality of security.
Secure enterprise browsers are on the riseThere has been some debate about whether secure enterprise browsers would ever be a standalone security submarket, but the timing now seems right. Recently, Island raised $175M in funding, Palo Alto acquired Talon, and the week before RSA, Menlo Security announced a partnership with Google. What’s driving this interest? Remote work has been a significant catalyst for secure browsers as many businesses have shifted to using the browser as the primary interface for business applications.
Also, AI has enabled enterprise browsers to be more innovative, uncover and block phishing before users infect their organization. Companies spend billions in aggregate in security every year to protect the infrastructure, and threat actors know that and have targeted users, and a secure enterprise browser is the first line of defense. Lastly, many companies use a secure browser to enable users to use GenAI safely. At RSA, I talked with Nick Edwards, VP at Menlo Security, and he told me that GenAI is rapidly approaching virtual desktop infrastructure (VDI) replacement as the top use case for the company’s products.
DNS security remains the most underutilized 'no-brainer'
In security, there are certain “must-have” technologies. Firewalls, secure access, endpoint security, and multifactor authentication (MFA) are a few. The most underutilized one is DNS security. DNS is a network service and is the backbone of every network. Want to visit sdxcentral.com, DNS must resolve that to point you in the right direction. DNS is also a significant source of breaches as threat actors use it to create lookalike domains and other DNS-related attacks.
At RSA, I met with Renée Burton, head of threat intelligence for DNS security vendor Infoblox, and the company recently conducted some of its research on this market. The Infoblox study found that 92% of malicious activity can be blocked using DNS and 60% of threats blocked before the first DNS query occurs.
Phishing links have continually evolved and become more complicated for even seasoned security pros to identify. DNS security eliminates most of these threats before they hit the enterprise. As an added benefit, Burton told me some customers have reported traffic sent to the firewall is cut by as much as 30%, which indicates how much malicious traffic is being run through corporate networks.
RSA 2024 was ntriguing RSAs in many years. Consolidation, AI, wars, elections and other macro issues have again thrust security into the spotlight. As they say on infomercials, but wait, there’s more as Cisco Live, Zscaler Zenith Live, AWS re:Inforce, Black Hat, and other security-related shows are on the near-term roadmap. See many of you there!