Reflections from RSAC 2024

RSAC 2024 has come and gone with its usual bluster and bravado. The expo floor was hotter and louder than in previous years, and the talks and keynotes painted a rosier AI-powered future. While some smaller trends change, core issues at the heart of cybersecurity remain the same.

AI-Powered Everything

As expected, AI was the big topic at RSAC this year. Vendors and speakers alike were eager to show their optimism for AI in cybersecurity. At his keynote address, Cisco’s Jeetu Patel went as far as to say that, for the first time in history, we are to enter a period without any scarcity, thanks to AI.

The floor was full of copy that included terms like AI-powered, AI-enabled, and AI-native. The trouble is that for many consumers, this doesn’t mean much. AI in its current state is simply advanced mathematics and heuristics. The more important question is how these AI algorithms are actually making cybersecurity operators’ work easier. Otherwise, we are just squeezing AI and hallucinating LMM technology into products for their own sake.

It was a reality check when it comes to AI. I was expecting vendors to use it in a more transformational way. With the exception of a very few vendors, it was all marketing spinning “find, copy, and replace.”

Platformization: A Cautious Approach

Last year, RSAC’s theme was “Stronger Together.” However, this vision of solidarity is at risk. Only a year later, we see vendors shifting their priorities into a different, more individualistic direction.

Platformization has become a major trend, with vendors consolidating products and offerings into a one-stop shop with all services packaged into a single platform. While a platform approach can be beneficial, it should not mean relying on a single vendor. In a mono-vendor platform, customers often lose out, forced to accept the good with the bad and, in some cases, services that aren’t compatible with their unique networks.

The platform should be open and interoperable. If the platform trend jeopardizes the “stronger together” ethos, I prefer the latter. Small and medium-sized businesses, in particular, are at risk of being priced out of the best technology cybersecurity has to offer.

The Changing Position of the SIEM

There’s absolutely no doubt that SIEM (Security Information and Event Management) has failed at stopping breaches, as George Kurtz from CrowdStrike pointed out. The traditional SIEM approach has been frozen in time, unable to keep pace with the evolving threat landscape. Even Gary Steele from Splunk acknowledged this, stating, “You can’t secure what you can’t see,” emphasizing the critical need for visibility. The limitations of SIEM tools highlight the importance of adopting new, more dynamic solutions that provide real-time insights and actionable intelligence. At RSAC 2024, it became clear that the industry must move beyond the conventional SIEM model and embrace innovative technologies to enhance security operations and effectively combat cyber threats.

The failure of SIEM to deliver adequate visibility is driving the industry towards risk-based approaches. If you have visibility into your network, you know if there is an adversary. Boards might understand and accept risk, but the market seems overly accepting of it. This shift towards risk-based strategies underscores the need for continuous monitoring and assessment to manage and mitigate threats proactively. As vendors and organizations prioritize visibility and real-time intelligence, the focus is shifting from static, reactive measures to dynamic, proactive cybersecurity practices that address risks head-on.

Keynote Highlights Video

Missed the keynotes? Watch this 3-minute recap video to catch up on the major highlights and insights shared by leading experts at RSAC 2024.