Table of Contents
RSAC 2023 brought together the cybersecurity world in San Francisco for a remarkable gathering of minds and cutting-edge solutions from the ever-evolving realm of cybersecurity. Once again, RSAC cemented its place on the calendar as the premier event where industry professionals seek inspiration and emerge not only more motivated but also better informed and equipped to face the threat landscape. Here are my takeaways on the main themes and topics at RSA Conference 2023.
The Necessary Paradigm Shift
There is a growing conviction of a need to change the status quo of cybersecurity operations. The way of doing cybersecurity has to change (Watch these Keynote addresses from Palo Alto and Microsoft). Cybersecurity operators are dealing with increased pressures, including increased alert fatigue, fragmented security ecosystems, and tools that demand more skills and knowledge.
We all need to think collectively of cybersecurity as a solvable problem. The paradigm shift is being enabled by two technological drivers (we’ve been speaking about this since Lumu’s inception):
- Firstly, the advent of unlimited bandwidth, computing power, and unlimited storage capacity
- Secondly, the above developments enable the effective use of data models and AI.
SecOps Evolution
Now is the time to treat cybersecurity as a solvable problem. To build the right SecOps capabilities, we need to bring together all the telemetry to provide better detection and unite the cybersecurity stack to defend better (see this keynote from Cisco). The answer does not lie in legacy technologies like SIEMs, but in a platform that enables operators and defenders to do the job more effectively. More than ever it’s evident that the SIEM isn’t the ideal center for SecOps.
While last year there was a push to view XDR as the solution to cybersecurity operations, those voices were a lot quieter at RSAC 2023. It’s clear that XDR and iterating on legacy technologies is not the solution to the paradigm shift that we need to see.
We at Lumu remain focused on the ultimate outcome. Organizations’ true goal is to continuously assess compromise in their networks, hence Continuous Compromise Assessment is the anchor for proficient cybersecurity operations.
Harder, Better, Faster, Stronger Together
I think RSAC nailed this year’s theme. Certainly, we as a cybersecurity community are stronger together than as individuals. Similarly, siloed and segregated cybersecurity tools are stronger together when they are speaking to each other.
The only way that a cohesive SecOps platform is going to excel at solving the problem that customers have is when defenses can be orchestrated using the current cybersecurity stack customers have in place. Nevertheless, we still face vendors that create a great deal of friction by not allowing integrations among vendors in their pursuit to defend their incumbent position in the market. They have forgotten about the mission that makes them incumbent in the first place, which is to protect their customers at all cost.
MSSP/MDR Disruption
The previous observations will drive a significant change in current enterprise and SMB cybersecurity operations. It will also drive changes in cybersecurity-as-a-service business models, benefitting the customer.
We will see a decrease in the cost of proficient cybersecurity operations—more so when generative AI, if fully absorbed by cybersecurity vendors, lowers the bar for new talent entering the cybersecurity space. Less skilled cybersecurity providers will be able to enter the market and operate cybersecurity as efficiently (if not more efficiently) than today’s leaders in the MSSP/MDR space. This will challenge the business model of established players and it will be interesting to see if they will defend the dated model to the death. Will we see existing players go the way of Blockbuster when they came up against Netflix or will they embrace a new model of cybersecurity operations?
Data Protection Is Maturing
Over the past 10 years companies have purchased all sorts of data protection technologies including DLP (data loss prevention). It was until recently that they started asking the right question, which is ‘How do you classify data effectively to be able to extract value from current investments?’ As a result, automated data classification platforms will become part of the CISO toolkit.
Conclusion
As always, RSA Conference provided plenty of food for thought and insight into the future of cybersecurity operations. This year, it was clear that plenty of disruptions are on the horizon. Alongside the Lumu team, I was able to meet with plenty of like-minded cybersecurity folks on the RSA floor. If you weren’t able to catch us at RSAC 2023, be sure to check our events calendar to see when next we’ll be in your city.