According to this article by CRN about this year’s RSA Security Conference, “cybersecurity is now in ‘fast-forward’ mode where attendees are almost in awe at the transformation of the industry since 2020”. I’d have to agree. Here are my three key takeaways from this year’s event.
1. The Shortage of Cybersecurity Talent is Driving Innovation in Automation
Following a trend that has been continuing for the last 3-4 years, product teams continued to talk about artificial intelligence (AI) – particularly machine learning (ML) – as technologies that could detect compromises, find vulnerabilities, and respond to attacks. However, even with AI and ML, companies still need expertise and skilled professionals to work with these tools. According to an (ISC)² Cybersecurity Workforce Study, there are just under 4.2M cybersecurity professionals across the globe and around 2.7M unfilled cybersecurity roles. Another study suggests that the cybersecurity workforce needs to grow by 65% to provide the necessary resources to defend an organization’s critical assets. Many companies are trying to fill this void via automation through new AI and ML tools so the experts can focus on critical issues where they need to intervene and investigate. More companies are spending their limited security budgets expecting automation will reduce or eradicate the need for human intervention, leading to smaller teams of Tier 1 and Tier 2 analysts, thereby introducing the possibility that the overwhelmed and overworked analysts fail to notice some critical alerts among a barrage of alerts being thrown at them due to the daily operational workload. There is no easy solution but the positive to take from here is that this shortage in cybersecurity talent is driving innovation in automation.
2. Extended Detection and Response (XDR)
Extended Detection and Response or XDR is a relatively new approach to threat detection and response. By integrating endpoint, network, and cloud data, XDR solutions provide a holistic view of threats in an environment. Over 20 vendors presented some form of an XDR Solution. While some do combine Endpoint Detection and Response (EDR), Network Detection and Response (NDR) and provide an overall managed service calling it Managed Detection and Response (MDR), others use the acronym XDR focusing on a single domain (Endpoint, Network, Data Detection, etc.). XDR consolidates multiple products into a cohesive, unified security event detection and response platform. Security leaders should see a lot of productivity value in an XDR solution as they have been left to overcome too many disconnected security tools and datasets from multiple vendors resulting in a sea of data that results in alert overload full of false positives and minimal integration with incident response and analytical tools. This puts XDR on an upward trajectory and is something to keep an eye on as it continues to grow and impact the cybersecurity industry.
3. Zero Trust
Zero Trust remained one of the biggest and most used buzzwords at the 2022 RSAC. Zero Trust is an approach to designing and implementing IT infrastructure and devices that advocates for mutual authentication. Its focus is “never trust, always verify,” meaning that all devices should not be trusted by default, even if connected to a trusted network. Cloud Security Alliance (CSA) released a new study based on a survey of 800 IT and security professionals, finding that 77% of respondents are increasing their spending on Zero Trust over the next year. In addition, 80% of C-suite executives have Zero Trust as a priority for their organizations, and 94% are in the process of implementing Zero Trust. Implementing Zero Trust can be onerous and may take years to cross the finish line. It requires strong leadership, continuous learning, executive and employee buy-in, and incremental implementation. You must know that Zero Trust is not something you can buy a license for, as many product managers are touting it. It is an initiative that evolves from the age-old concepts of “Defense-in-depth” and “Least Privileged Access.” Undoubtedly, we will continue to hear about Zero Trust in 2023 RSAC.
With remote work here to stay, cybersecurity is even more critical and challenging to manage. AI and ML tools provide actionable information, and further automation innovation will help organizations get ahead of potential vulnerabilities and attacks. The key will be to bridge the gaps in talent with security solutions that can be implemented incrementally – with cybersecurity now in fast-forward mode, firms that don’t keep up will be left behind or, worse, the victim of a cyberattack.