Multiple news stories have been published about this year’s RSA Conference (RSAC). I won’t attempt to cover the same ground. Instead, I’ll give some overall impressions and highlights of talking with some of the vendors.
This was my first time at this event — something I was reminded of every day. Apparently, it’s a thing — they even gave me a “first year” pin (which I didn’t wear). But nonetheless, it was as constant a topic of conversation as the weather.
RSAC is the largest and most important cybersecurity event in the world, and it apparently counts for something if you’ve been before.
Overall, it seems like too many cybersecurity vendors jockeying for positions in too few open seats — a bit of musical chairs going on in the industry. Acquisitions, partnerships and failures continue as new defense mechanisms emerge to take center stage.
Antony Blinken and Hugh Thompson Keynotes
Secretary of State Antony Blinken, in his keynote address, spoke about the Biden administration’s “technical diplomacy” program, and how they are working with many other countries to ensure technology is used for positive purposes. Cybersecurity is of course a big concern in the international arena.
RSA Conference Chair Hugh Thompson, in his keynote, compared the cybersecurity role as analogous to a “lighthouse keeper,” remaining vigilant to protect organizations against potential cyber incidents. We can use the RSAC gathering to foster collaboration, he said, to keep our metaphorical coastline safe.
Down on the exhibit floor, however, the atmosphere was competitive. Over 600 exhibitors and dozens of early-stage companies engaged in serious jockeying for attention from the 41,000 attendees.
It was impossible to talk with all of them, of course. But I did speak with many vendors working to address critical cyber risks and vulnerabilities across the areas of network protection, data protection, and incident monitoring and remediation, among others.
Assessing the cybersecurity landscape helps you understand the protections available for your applications, and whether you might need one or more of them.
Anti-Scammer GenAI Bot
Generative AI is certainly on the top of everyone’s mind these days, and the approaches to adopting it for cybersecurity vary widely. Some questioned the relevance of GenAI to what they were doing, while others approached it with an almost complete embrace.
One of the most interesting approaches involving GenAI is the new Conversational Scam Intelligence Platform from Netcraft, a network threat detection and protection platform. (Almost everything is a “platform” of some kind, although the term has a widely varied meaning.)
The Conversational Scam Intelligence Platform uses GenAI bots to interact with and expose phishers, social engineering attackers and scammers who use one-on-one channels such as email and text to solicit victims.
Such attack channels are typically outside the scope of threat detection tools that protect bulk internet traffic, but are also one of the largest sources of break-ins and ransomware attacks — and of course, a source of significant consumer fraud.
Netcraft sets up honeypot profiles, email addresses and phone numbers to attract phishers and scammers. Netcraft’s GenAI bots converse with the attackers and scammers to discover what they are ultimately asking for so they can report the activities to the relevant authorities or financial institutions involved.
“At the start of the scam you don’t know what will happen at the end – whether you need to do anything about it or not. More than $5B in losses last year occurred through email and SMS fraud. This is the only way to detect it,” said Robert Duncan, Netcraft’s VP of Product Strategy.
GenAI Advice
Another interesting example of GenAI adoption, which is in line with what many vendors are doing, is providing a GenAI chat interface for recommendations and advice.
For example, Tines is a workflow platform that automates cybersecurity operational processes. According to Tines co-founder and CEO Eoin Hinchy, the company develops a new product feature by first looking at how people interact with it, rather than approaching it as a purely engineering problem.
Recently Tines added a GenAI feature through an eighth action type called the AI Action (otherwise known as the eighth building block — Tines building blocks build workflows). “Our AI Action provides direct access to the LLM, allowing users to, amongst other tasks, summarize instructions, confirm decisions, and recommend next steps,” Hinchy said.
Validating IDs and Detecting Deepfakes
In addition to vendors providing basic authentication and authorization capabilities, Incode is a cybersecurity vendor providing additional identity verification services, such as those that may be necessary to open a bank account, verify an ID or detect fraud.
“Our platform is used for a broad range of facial recognition use cases,” said Domingo Guerra, VP of Trust and GM of North America. “For example, soccer stadiums in Mexico use our system to validate ticket holders for entry.”
Incode can detect the difference between an AI-generated face or video and the real thing. Governments, banks and other organizations use their system to compare a current selfie to an ID photo to confirm the identity of the person opening an account, applying for a loan or requesting a benefit payment.
“We can also detect video deepfakes by comparing a video we take against the fake,” Guerra added.
Anticipating Post-Quantum Crypto
Quantum computing has the potential to solve problems beyond the reach of “classic” computers, famously (at least in the cyber world) such as breaking current cryptographic algorithms and allowing bad actors to steal your data.
It’s one of the key technology areas to watch in the cybersecurity space. The RSAC agenda featured multiple sessions on the potential impacts of quantum computing.
Bad actors are already said to be harvesting encrypted data now so they can steal it later, once quantum technology breaks the current encryption encoding.
Of course, quantum computing can also create new and stronger cryptographic encodings. These are called post-quantum cryptography and are also expected to be available around the same time quantum computers break the current codes.
No one knows exactly when this might happen, however, but when it does, you should be prepared, according to Kevin Weiss, CEO of Sectigo and Vladimir Soukharev, VP of Cryptographic Research and Development at InfoSec Global.
Weiss and Soukharev both recommend adopting a certificate lifecycle management solution, such as the ones their companies offer, to be ready to install the new encodings once the current ones are broken.
Mobile Device Security
As mobile device usage grows for banking and e-commerce, mobile devices will increasingly become the target of cyberattacks.
Two companies, Appdome and Zimperium, offer different approaches to defend against such attacks.
Zimperium deploys an agent on the device and through that provides dynamic runtime defense against known threats and fraud attempts, said Kern Smith, VP Pre-Sales Americas. “And not just by using a library of threats, but also through machine learning analysis of multiple factors that may constitute a threat.”
“Mobile security is the top of mind topic — protecting consumer apps against fraud and bots, detecting threats to enterprise apps using EDR (endpoint detection and response) and protecting developer SDKs that power the mobile app economy,” said Chris Roeckl, Chief Product Officer at Appdome.
“We know what modern mobile cyber pros want and don’t want. They don’t want agents, manual coding, or point products. They want a platform that offers a broad portfolio of defenses, CI/CD integration, automated app testing, production monitoring, and more.”
The Battle Over Microsegmentation
Network microsegmentation is growing in popularity as a “second-line defense” capability. It’s only a matter of time and effort before a bad actor penetrates your perimeter defenses.
Recent entrant Zero Networks focuses exclusively on microsegmentation, while other players tend to include microsegmentation as part of a larger platform.
Zero Networks co-founder and CEO Benny Lakunishok said that existing solutions are “very manual intensive,” and that the typical agent-based approach is “intrusive and buggy.”
They started Zero Networks to create a better solution, without using agents, relying instead on host-based firewalls. Their microsegmentation system is managed using APIs and is fully automated, “without any AI stuff,” he added.
Lakunishok said he was hearing from CISOs that they were “relieved to hear there’s no AI” in his products, mainly due to privacy concerns.
Zero Networks uses deterministic algorithms to decide what to keep open, and they observe the traffic, Lakunishok explained. Private parts are always closed and require multifactor authentication (MFA) to access. Their solution integrates with any identity management system (IDM) and automatically restricts all admin ports, requiring a second authentication to use them.
“This effectively kills all ransomware attacks because they can’t access and use privileged ports,” Lakunishok added.
Other vendors offer microsegmentation as part of an integrated set of products.
For example, Akamai’s Zero Trust Platform is built around their Guardicore microsegmentation product, which features “multiple capabilities within the same footprint with ease of deployment and a common control plane,” according to Pavel Gurvich, SVP of Enterprise Security. The additional platform capabilities include threat hunting and a firewall.
Akamai has “had products in this space for a while and invested in integrating them for deployment and use,” he added. The Zero Trust Platform uses a single agent and provides a single user interface.
The advantage of the Zero Trust Platform, Gurvich said, is that it does more than just segmentation.
Data Protection
Another important “next line of defense” when an attacker breaks in is data protection. Encryption of data in transit and data at rest is a good start, but additional protections are available.
Cigent, for example, offers multiple layers of data protection at the endpoint. “We start with step-up authentication to control access to folder and file types,” said Brett Hansen, Chief Growth Officer.
“Then we use strong encryption techniques to ensure that the attacker cannot access the data, or even read the data. We also offer the option of protected drives that use our own firmware, built initially for the U.S. government, which includes storage-embedded AI that prevents even advanced persistent actors from compromising sensitive data,” he added.
Backup and restore specialist Zerto, acquired by Hewlett-Packard in 2021, offers hypervisor-based data replication for block-level backup and restore for any database or file system.
“Our solution creates air-gapped immutable copies on isolated storage systems, protecting data against ransomware attacks and supporting cyber recovery scenarios for continuity of business,” said Andrew Silva, technical marketing manager at Zerto, a Hewlett Packard Enterprise company.
Growing Need for Browser Security
Modern enterprise applications are primarily on the browser today, including SaaS-based applications, office applications, internal applications and so on.
No one is going with “thick client” apps anymore, or at least hardly anyone, given the power and versatility of the modern browser and web-based coding such as JavaScript and TypeScript.
So of course bad actors are increasingly targeting browser-based apps, and security for the browser-based computing environment is a growing need.
Browser security companies such as Menlo Security suggest you increase the security for browser-based applications as breaching them becomes more and more of a significant threat.
“Menlo Security deploys a cloud-based secure browser and connects back to your local browser session from there, ensuring you have a secure connection. The browser session goes over the internet to the Menlo Cloud, gets reassembled, and connects back. This “disposable” browser is a hardened digital twin that processes dynamic content and user inputs. The secure cloud browser prevents cyberattacks aimed at the local browser.” said Nick Edwards, the company’s VP of Product Management.
“Users don’t have to switch browsers to get the security features,” added Andrew Harding, Menlo Security’s VP of Security Strategy. “We also don’t leave the browser in default settings mode. We shut off risky features such as Bluetooth and USB access, and adhere to Center for Internet Security (CIS) approved browser policies.”
The company announced a partnership with Google, essentially promoting Menlo as an alternative for organizations considering switching from Chrome for security or privacy reasons.
Overall Impressions From RSAC
It’s clear that cyberattacks are a growing global threat to commerce, government, education, utility and other types of IT systems.
Cyberattacks are lucrative and therefore well-funded. Cyber defense technologies generally keep pace with attackers, but organizations are not consistently investing in adequate protections.
The U.S. government clearly sees a role to play in setting standards, providing education and helping to defend against nation-state attackers.
Security vendors continue to innovate and fill gaps that need filling. They’re starting to use AI to level up their defense game — more quickly weeding through vast amounts of telemetry data to identify significant, actionable intelligence, and applying it to better defend against attacks and remediate more quickly when attacks occur.
Still, with the explosion of investment in cybersecurity comes inevitable consolidation, continued acquisitions and even some divestitures, as the industry looks to settle on solid ground that keeps shifting.
The post From Blinken to Bots: The Battle for Cyberspace appeared first on The New Stack.
Assessing the cybersecurity landscape helps you understand the protections available for your applications and whether you might need one or more of them.