RSAC 2024 has come and gone with its usual bluster and bravado. The expo floor was hotter and louder than in previous years, and the talks and keynotes painted a rosier AI-powered future. While some smaller trends change, core issues at the heart of cybersecurity remain the same.
AI-Powered Everything
As expected, AI was the big topic at RSAC this year. Vendors and speakers alike were eager to show their optimism for AI in cybersecurity. At his keynote address, Cisco’s Jeetu Patel went as far as to say that, for the first time in history, we are to enter a period without any scarcity, thanks to AI.
The floor was full of copy that included terms like AI-powered, AI-enabled, and AI-native. The trouble is that for many consumers, this doesn’t mean much. AI in its current state is simply advanced mathematics and heuristics. The more important question is how these AI algorithms are actually making cybersecurity operators’ work easier. Otherwise, we are just squeezing AI and hallucinating LMM technology into products for their own sake.
It was a reality check when it comes to AI. I was expecting vendors to use it in a more transformational way. With the exception of a very few vendors, it was all marketing spinning “find, copy, and replace.”
Platformization: A Cautious Approach
Last year, RSAC’s theme was “Stronger Together.” However, this vision of solidarity is at risk. Only a year later, we see vendors shifting their priorities into a different, more individualistic direction.
Platformization has become a major trend, with vendors consolidating products and offerings into a one-stop shop with all services packaged into a single platform. While a platform approach can be beneficial, it should not mean relying on a single vendor. In a mono-vendor platform, customers often lose out, forced to accept the good with the bad and, in some cases, services that aren’t compatible with their unique networks.
The platform should be open and interoperable. If the platform trend jeopardizes the “stronger together” ethos, I prefer the latter. Small and medium-sized businesses, in particular, are at risk of being priced out of the best technology cybersecurity has to offer.
The Changing Position of the SIEM
There’s absolutely no doubt that SIEM (Security Information and Event Management) has failed at stopping breaches, as George Kurtz from CrowdStrike pointed out. The traditional SIEM approach has been frozen in time, unable to keep pace with the evolving threat landscape. Even Gary Steele from Splunk acknowledged this, stating, “You can’t secure what you can’t see,” emphasizing the critical need for visibility. The limitations of SIEM tools highlight the importance of adopting new, more dynamic solutions that provide real-time insights and actionable intelligence. At RSAC 2024, it became clear that the industry must move beyond the conventional SIEM model and embrace innovative technologies to enhance security operations and effectively combat cyber threats.
The failure of SIEM to deliver adequate visibility is driving the industry towards risk-based approaches. If you have visibility into your network, you know if there is an adversary. Boards might understand and accept risk, but the market seems overly accepting of it. This shift towards risk-based strategies underscores the need for continuous monitoring and assessment to manage and mitigate threats proactively. As vendors and organizations prioritize visibility and real-time intelligence, the focus is shifting from static, reactive measures to dynamic, proactive cybersecurity practices that address risks head-on.
Keynote Highlights Video
Missed the keynotes? Watch this 3-minute recap video to catch up on the major highlights and insights shared by leading experts at RSAC 2024.
Celebrating Diversity in Cybersecurity
As a Black Latino, it was fantastic to see the vibrant and growing Latin community around the streets of San Francisco. During the expo hours at the Moscone Center, the mix of accents from Mexico to Argentina and the sonorous Portuguese created a lively and diverse atmosphere. This cultural richness extended beyond the conference floor, spilling into the city’s restaurants, bars, and coffee shops. With Lumu Technologies, we’re excited to put Latin America on the map as an incubator of top cybersecurity companies, showcasing the innovation and talent that our region has to offer.
Conclusion
A quick glance at the size and scope of the RSAC floor shows that the cybersecurity industry is still faced with a massive problem. At its core, the problem is that adversaries continue to bypass cyber defenses and persist in networks without being detected for long periods of time. We believe that this problem results in a clear conclusion: cybersecurity needs to be operated. Our mission, therefore, is to help cybersecurity analysts operate cybersecurity in a way that is efficient.
I’m more excited than ever about our journey to transform cybersecurity operations for companies of all sizes and verticals.