A few weeks ago, I highlighted a trend we could see at one of the world’s most important cybersecurity shows, the RSA Conference (RSAC) in San Francisco. The conference lived up to the hype, with nearly 50,000 attendees and over 700 companies attending, recording the highest attendance in the post-pandemic world.
Some of the things we expected met our expectations, including Secure Access Service Edge (SASE), Cloud Security, Shift Left Security, and API Security. There have even been talkative acquisitions. Akamai drew attention to the API security space just weeks before the show by announcing it would acquire her API security specialist, Neosec.
This acquisition gives some of the pioneers in API and shift left security a big boost. In addition to meeting with Neosec, we also met with high-profile startups in the shift left and API security space, including Noname Security and Orca Security. And we interviewed Wib Security CTO Chuck Herrin at a special media event at the Intercontinental Hotel.
It’s all about AI, code and APIs
The cybersecurity movement is about to undergo a major shift in thinking. Previously, the focus was on identifiable threats such as malicious domains, malware, and threat hunting. However, API threats and the emergence of AI are forcing the industry to dig deeper into code and business logic to protect IT assets.
The shift left movement highlighted here a year ago leads to the integration of cybersecurity practices such as security operations (SecOps) and developer operations (DevOps) into DevSecOps, but as many AI tools work , will also be important for companies assessing AI risks. using APIs.
We recently focused on API security and AI and discussed shifting left and how to address emerging threats such as code-level threats, open source software, and threats posted by APIs and AI. I was looking at RSAC to do that. Combine this with the view that organizations need to be more vigilant about the security of their code and data in the cloud, and we see the beginning of the long-term trend we’re tracking. We call this the cybersecurity shift left.
During a Q&A with Wib’s Herrin, he highlighted the threat posed by the sheer number of APIs that can proliferate within an organization, especially zombie or unknown APIs. These APIs can still give attackers access to your code and active applications even if your organization stops tracking them. data.
Herrin pointed out that a key starting point for API security is to identify all APIs in your organization and use tools to proactively track their usage. A more important approach involves monitoring API authentication schemes and business logic to prevent common API attacks like the one above. BOLA attacks, API misconfiguration attacks, attacks using shadow APIs, and injection attacks.
Emergence of AI
There was also much discussion at RSAC 2023 about the impact of AI and machine learning on cybersecurity. As is often the case in the cyber market, AI can be used for and against security. Just as AI/ML technology is increasingly used in real-time analytics and threat hunting, it could be used to create new attacks and breaches.
“AI has a wide range of risks and benefits,” Eric Goldstein, executive assistant director of cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency, said in a Wall Street Journal interview at RSAC. rice field. “We will see this activity accelerate in the next 12 months as vendors integrate his AI tools with their cybersecurity platforms to more quickly analyze data and stay ahead of attacks.”
The new boom in generative AI could make things more fluid for the good guys and the bad guys alike. From a solution perspective, AI/ML tools can streamline tasks such as responding to queries and alerts, and responding to escalating incidents. On the bad guys’ side, generative AI will not only create new social engineering attacks, but it will also become a compliance headache for executives trying to keep secrets and code safe.
Wib’s Herrin said, “Discovering API connectivity to OpenAI is something to consider. It’s not just shadow APIs that we don’t recognize, but outbound calls as well.”
Since AI/ML often starts with new API calls, this could increase demand for new tools to address API and code security.
Some AI/ML related news articles impressed me.
• HiddenLayer was named the Most Innovative Startup in the RSAC Innovation Sandbox Contest. HiddenLayer is an Austin, Texas-based AI application security company with a patent-pending solution that monitors ML algorithms for adversarial attack techniques. It was selected by the commission to help companies protect the ML models behind their critical products with a comprehensive security platform, according to a commission statement.
• SentinelOne said AI threat hunting enables real-time, autonomous response to attacks. Using embedded neural networks and a large language model (LLM)-based interface, security teams can ask complex questions to hunt for threats and adversaries, execute operational commands, and use natural language to You can manage your entire corporate environment.
AI/ML will have a major impact on cybersecurity platforms going forward, both from a risk and solution perspective.
Integration of cloud cybersecurity is also key
In other areas, we heard a lot of input in several areas such as Secure Access Service Edge (SASE), Cloud Security and Cloud Native Application Protection Platform (CNAPP).
Another important trend that we will discuss in more detail later this week involves SASE and SSE (Secure Service Edge). SASE is a framework that unifies network security and access control into a single cloud-based platform for edge applications such as branch networks. This includes common network security features such as NGFW, FWaaS, ATP, SWG, CASB (and others). This approach has become increasingly popular for securing networks using overlays, and has been integrated with ZTNA as the need for remote work and secure access to cloud-based services grows.
Other news highlights from RSAC 2023:
• Orca Security co-founder and chief innovation officer Avi Shua says security professionals want an integrated approach to protecting data wherever it lives rather than focusing on acronyms. said there is.
“They want to find exposed vulnerabilities,” Schur said. “We need an integrated tool that can simplify this complex world.” Orca falls into the Cloud Security Posture Management (CSPM) category, but it also offers cloud workload protection, Kubernetes and container security, shift-left security, API security, and more. It focuses on many other use cases.
At RSAC, Orca announced full integration with Microsoft Azure OpenAI GPT-4. The integration is based on the Orca Cloud Security platform’s ChatGPT implementation announced in January, which Orca says makes him the first of his CNAPPs to support GPT-4 through the Azure OpenAI service. is.
• SentinelOne and Wiz announced joint integration to expand CNAPP. When SentinelOne detects runtime threats in cloud servers or containers, Wiz pulls in relevant context about cloud resources, including vulnerabilities, misconfigurations, and exposed secrets. Both of these vendors are well-known security vendors, so we believe this partnership demonstrates a trend toward platform consolidation.
• Cato Networks, provider of an integrated SASE platform delivered from the cloud, announced the addition of Cato Remote Browser Isolation (RBI) to its Cato SASE Cloud platform. This shows a feature-adding race by SASE providers, with Cato, who recently added CASB, proving to be one of his SASE providers making rapid progress in the space. .
• Open Systems’ managed SASE wins Global InfoSec Award sponsored by Cyber Defense Magazine (CDM). An integrated and integrated set of network and network security features delivered as a 24/7 managed service.
All in all, it was a great RSAC 2023 with a lot to learn and see. I’ve walked over 20 miles in three days, according to the Strava app, and it doesn’t feel like I’ve scratched the surface of the show. It’s great to see the world of live conferences fully back.
follow me twitter. check out You can find my website and other works here.
