Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More
CISOs want more efficacy, real-time data visibility and a unified view of endpoints, identities and assets across their networks. They’re also looking for pricing help from vendors to stay within budget. Any new announcement at RSAC 2023 needed to be benchmarked against those two goals.
RSAC proves selling consolidation is a team sport
The conference’s theme, “Stronger Together,” was appropriate given the dozens of new alliances and partnerships being launched. With CISOs pushing their vendors to provide more consolidation of their tech stacks and spending, as well as increased efficacy, leading vendors, including CrowdStrike, Delinea, Google, Mandiant, Accenture and Palo Alto Networks, responded: More alliances and partnerships were mentioned at RSAC 2023 than at any previous edition of the conference.
The work of Accenture and Palo Alto Networks reflects the value that alliances will have to deliver to earn long-term engagements. The two companies are collaborating to deliver joint secure access service edge (SASE) solutions powered by Palo Alto Networks’ AI-powered Prisma SASE, enabling organizations to improve their cyber-resilience and accelerate business transformation.
“Organizations are seeking to reduce the risk of managing their increasingly complex IT environments — in which new technology is layered on top of the legacy infrastructure — while ensuring business resilience,” said Rex Thexton, who leads Accenture’s cybersecurity protection business.
Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.
It was evident which vendors had most quickly identified consolidation as a business opportunity, and which ones are just starting to see the need to create shared systems with solid APIs to address CISOs’ needs.
CrowdStrike’s consolidation strategy anchored with XDR, a platform that can deliver greater threat intelligence with AI, was one of the first to take a product-based approach to the opportunity. Palo Alto Networks had taken an all-in approach to consolidation last year at its Ignite ’22 conference. CrowdStrike followed with partnerships, announced at RSAC 2023, with Google Workspace, CrowdStream (powered by Cribl) and the announcement of the industry’s first native XDR offering for ChromeOS.
Benchmarking alliances by their platform support
An excellent way to benchmark the many new partnerships is to see which ones can share telemetry data and provide a unified view of an enterprise’s network and endpoints. That is what CISOs want. Absolute Software’s Application Persistence-as-a-Service Ecosystem (APaaS) reflects how an alliance program supported by a scalable platform can help CISOs gain efficacy, real-time data visibility and a unified view of endpoints, identities and assets across networks.
Absolute took an innovative approach to designing its APaaS platform, so its ISV partners could capitalize on its expertise with its Absolute Persistence technology. Absolute’s technology is embedded in over 600 million PCs’ firmware, making it the only self-healing endpoint platform that provides an undeletable digital tether to every device and endpoint to help ensure resiliency. By taking a platform-centric approach to their APaaS initiatives, ISV partners can gain the advantages of application resilience and measure every endpoint’s health and integrity.
ISVs integrate the Absolute APaaS SDK into their installer, which allows them to enroll and activate Absolute Persistence and enable their apps for application resilience and self-healing on behalf of their end customers.
Absolute’s APaaS won an award from Cyber Defense Magazine (CDM) at RSAC this year in the Next Gen Cyber Resilience Solution category.
AI is the new DNA of cybersecurity
Cyberattackers routinely use ChatGPT to personalize phishing messages, create ransomware code, fine-tune malware-less attack strategies and automate how they search for open ports in target organizations. Moving faster than the most efficient cybersecurity and security operations center (SOC) teams and technologies, cyberattackers reinvent attack strategies in minutes, relocating attacks from one continent to another to avoid detection.
Every breach attempt is designed to capitalize on human weaknesses, whether through social engineering or overwhelming complexity, speed and scale. Taking on the challenge of containing a breach requires machine learning and AI.
Of the many excellent keynotes given at RSAC, Vasu Jakkal, Microsoft CVP, security, compliance, identity and privacy, and Jeetu Patel, EVP and GM of security and collaboration business units at Cisco, gave two of the most memorable. Both speakers articulated a vision of AI that makes it clear it’s the new DNA of cybersecurity. Each mentioned how critical it is to attain machine scale and speed to counter attacks.
“We have to remember who we are up against as we think about why we need AI,” Vasu explained during her insightful and interesting keynote, titled Defending at Machine Speed: Technology’s New Frontier. “Today the threat landscape is challenging. We’ve gone from 567 attacks per second to 1,287 attacks per second. That translates to tens of billions of attacks. Cybersecurity is very complex. The average defender is dealing with more than 70 tools at any given time, and it takes a long time for us to investigate all of this work and to be strategic so that the AI will be a game changer.”
“The ability to discern between a real threat and legitimate activity is going to get harder and harder and harder to do,” Cisco’s Patel told VentureBeat at RSAC this week. “And so, given that you don’t know what’s a legitimate activity, you don’t know what regular activity you might be conducting. What you end up having is this dilemma: If you cannot deal with these attacks and the increased sophistication of attacks at human scale anymore, you have to deal with a machine scale.
“To deal with it on a machine scale,” he continued, “you need to have data and telemetry that can’t be isolated — there has to be correlation across domains. So this notion of [a] cross-domain native boundary is really important. Because that feeds an AI model that can help you better detect anomalies; that can then make sure that you do the right things to not only detect the breaches faster but also respond to them as fast as possible.”
Patel’s keynote presentation, Threat Response Needs New Thinking. Don’t Ignore This Key Resource, is worth watching.
Integrated AI is table stakes
The events at RSAC also showed which cybersecurity vendors are taking a systematic, platform-based approach to augmenting existing AI systems with more adaptive models. CISOs want real-time data visibility and a unified view of endpoints, identities and assets across their networks, supported with AI-based insights.
VentureBeat spoke with several CEOs at RSAC to learn how each perceives the value of AI in their product strategies today and in the future. Connie Stack, CEO of NextDLP, told VentureBeat, “AI and machine learning can significantly enhance data loss prevention by adding intelligence and automation to detecting and preventing data loss. AI and machine learning algorithms can analyze patterns in data and detect anomalies that may indicate a security breach or unauthorized access to sensitive information well before any policy violation occurs.”
Stack also mentioned that NextDLP is looking at how “AI and machine learning can also be used to predict potential security threats based on patterns and historical data. This can help security teams take proactive measures to prevent data loss or leakage. Our customers and prospects are excited about the potential of AI and ML applied to their DLP use cases. They see great potential in reducing manual efforts around detecting data loss so they can reallocate precious security resources to other tasks.”
Most CEOs and CISOs have insider threats higher on their priority list than they did last year. The reason: While many companies have not announced layoffs, employees are made anxious by frequent news reports of tech leaders letting thousands of workers go. VentureBeat asked Stack how AI can be used to reduce or even eliminate insider threats on the NextDLP platform.
She told VentureBeat, “AI and machine learning integrated into the Reveal Platform from Next and our endpoint agent reduce or even eliminate insider threat via real-time user monitoring. The AI and ML algorithms monitor user behavior and enable organizations to detect and respond to potential data-loss incidents immediately. The behavioral analytics rapidly detect abnormal patterns, such as accessing sensitive data outside of normal working hours or downloading large amounts of data to an external device, and flag them for analyst follow-up without even having triggered a policy violation.”