Key Takeaways from RSA Conference™ 2024

Image

This year, the theme of the RSA Conference™ (RSAC) 2024 was “The Art of Possible.” It was especially fitting considering the nonstop Generative AI (GenAI) conversations that I overheard while running around the Moscone Center. (I had 35,907 steps by the way.) And while there are plenty of GenAI-related topics I can discuss, I’ll limit my discussion as there are sure to be many weigh-ins by others in the security community. That said, here is my best shot at making you feel like you were there — minus the steps and the cool swag.  

Related Reading: What’s Changed at RSA Since 2023 

Ransomware: From Obscure to Ubiquitous 

In Mikko Hypponen’s “The First Decade of Corporate Ransomware” presentation, he went all the way back to the origins of ransomware. The year was 1989, and there was a 5 ¼ floppy disk being mailed to a select group of people that included educational content about HIV and AIDS ¡ — along with a trojan. Keep in mind that, back in those days, you had to install the floppy disk on your machine every time you wanted to see the contents. This means that after 90 installs, the ransomware would encrypt the hard drive and display the dreaded ransom note. It was fascinating to see the earliest known concept of such a powerful cyber threat. While a lot of things have changed since then, much remains the same, including:  

• The need for a disciplined patching program 

• The necessity of constant visibility into the dynamic IT estate 

• The importance of testing your backups and incident response plans 

Ransomware started small and is here to stay. We cannot go back and destroy that first initial floppy disk (too bad). But we can be wise in the placement of our tools, processes, and people. We can close ranks and focus our energy on developing a security strategy that can at least stop ransomware from spreading.  

The Impact of GenAI on Humans 

In one of the sessions I attended, someone raised a question to the panelists. That question was, “Do you think GenAI will replace the need for humans?” My immediate thought was that this person is probably new to the industry and didn’t know that there are about 4 million unfilled cybersecurity jobs. It turns out that they were aware of the labor shortage, but the answer is a complex one all the same.  

The panelists all agreed that GenAI has its place, but humans will always be part of our security programs. According to ISC2, there are about 5.5 million people in security roles globally, and that number is not expected to reduce anytime soon. And yet, GenAI growth is not expected to decline either. How do we reconcile room for both?  

The question we should ask is, “How can we embrace GenAI (and other technologies) to supercharge current security professionals in a way that closes the shortage gap?” Ideas include using GenAI to automate highly repetitive tasks such as documentation and triage. This allows humans to spend more time investigating and doing things that move the security needle forward, not just tread water. Something else to keep in mind; GenAI isn’t going to reduce the number of criminal actors. 

The Great Vendor Consolidation 

There was a lot of discussion at RSAC 2024 regarding vendor consolidation, tool consolidation, and the consolidation of security resources in general. Many studies in the past year have shown that security leaders want fewer tools that are tightly integrated to solve a broader set of use cases. And while this continues to be a strategic initiative, there was also sentiment that innovation is happening faster than consolidation in many instances. 

Innovation brings about new threat vectors that require new types of solutions. This may explain why some analyst firms have noted that many organizations are a year into their consolidation efforts and yet remain flat on their number of tools. Some have even increased slightly. On the surface, this may seem like a figure that needs to be re-evaluated. However, I spoke to a few former colleagues to canvass opinions. Some of them had previously led their own security programs, and they stated that in their experience, consolidation efforts are behind improved security outcomes and the reason why the security stack isn’t much larger from a toolset perspective. They said we have ongoing consolidation efforts to thank for toolsets being flat in the first place. And, I would add, for also reducing the risk of Shadow IT. 

With so many new technologies hitting the market, solution sprawl is understandable. But more and more, security leadership is noticing that more is not always better. Even if your enterprise needs multiple solutions (like most enterprises do) looking for best-of-breed tools under a single management umbrella is a strong alternative to creating shelfware that comes from many different vendors without a coherent plan. 

A New Approach to SIEM 

For the past decade, there has been a popular trend of sending all your data to a centralized repository for advanced analysis and actionable insights. However, it seems like we are at a point where we have too much data and can’t handle it all. Therefore, we need to take a new approach. It needs to be an approach where we look at the right data as it relates to the outcomes we want to achieve and then leverage that across the security stack. This is made possible with the right SIEM solution. We can also reach across the aisle and share threat-relevant data with the entire security community so improved protection for one is improved protection for all. 

This year, the cybersecurity sector seems poised for massive changes in several different areas. It will be interesting to see how GenAI developments enhance human productivity in security tasks. We will keep an eye out for companies choosing multi-solution vendors over niche tools, which leads to sprawl. We hope to see companies exchanging threat information to keep us all safer. And, as always, we will look forward to attending RSA next year and coming back prepared for whatever’s next.