RSA 2020 wrapped up last week in San Francisco, and once again, the show floor was buzzing with innovation and swag. While it’s impossible to capture all the sights and sounds of the show, here are some key observations from this year’s conference:
Automation and Orchestration
Many companies talked about different ways to coordinate, automate and orchestrate a complex security landscape. SOAR (Security Orchestration, Automation and Response) was a hot topic, as was the need to blend Security with other IT and development teams like DevOps, AIOps, PrivacyOps, and so on. For example, privacy AI startup ai won the Innovation Sandbox competition with an AI-based approach to coordinating and automating privacy compliance. Reading between the lines, this trend reinforces the fact that organizations and teams are approaching a point of security overload and need new ways to automate and connect their various security processes and tools.
Cloud Security and Cloud Threat Hunting
A day-long seminar by the Cloud Security Alliance (CSA) covered threat hunting in a cloud environment, including common attack vectors in the cloud and cloud security best practices. Many features of cloud computing platforms, like limits on monitoring and logging capabilities in AWS, make it more difficult to create a secure environment. Configuration errors in these environments also remain a major security issue. Security best practices discussed by the CSA included improving employee training and getting better visibility into cloud data. A lack of visibility also makes threat hunting in the cloud much more complex and difficult. This will be a key development as this field continues to evolve.
Many vendors and keynotes highlighted new types of highly advanced security threats like voice fraud (deepfake audio). Other presentations covered how automated malware obfuscation methods have made it incredibly easy for attackers to send out mass quantities of malware that will slip past signature-based defenses. Organizations are now facing a blend of highly sophisticated attacks alongside the same basic phishing and dropper malware they’ve seen for decades. This indicates the ongoing, critical need for multiple threat detection methods that can block malware efficiently, while also protecting against advanced threats.
An SC Magazine Editor’s Perspective
We got a chance to briefly speak with Brad Barth, one of the senior reporters at SC Magazine. Here is his perspective on the show: “I saw a lot of attendees talking about the increasing role of automation-driven solutions, such as automated endpoint detection and response, to help organizations compensate for IT/security analyst hiring shortages and to help optimize the workforces they do have in place. And on the ‘black hat’ side of things, it was cool to see the topic of voice spoofing, which has the potential to be used to trick employees into thinking their CEO (or other executives, manager, etc.) is calling them to request a funds transfer. Ultimately, voice spoofing can result in employees potentially wiring money to bank accounts that are actually controlled by fraudsters.”
AI/ML for Cybersecurity (and for Attackers)
We saw a heavy focus on machine learning and artificial intelligence (AI) at the show, both for defenders and for attackers. The ML/AI topic track was packed with sessions on incorporating ML into the software development process, how to use ML to protect privacy and AI-powered behavioral forensics. Research shows that attackers are using AI and ML to modify their malware or to create attacks that evade traditional security defenses. As a counter, AI/ML-powered threat detection solutions are being more widely adopted.
Yes, DeLoreans Are Still Cool
(This one is just for fun.) Would Marty McFly attend RSA? Probably not. But what is clear is that if you put the iconic DeLorean on the tradeshow floor, attendees will come for selfies and was quite a draw for attendees looking for a unique photo op.
The Human Factor
RSA’s official theme this year was “The Human Element,” recognizing that beyond the technology, cybersecurity is fundamentally about people working to protect other people. Conference sessions on this topic included “Leading Change: Building a Security Culture of Protect, Detect and Respond,” “Personnel Management and Building Successful Cybersecurity Teams,” and many more. Microsoft’s CISO, Bret Arsenault, also gave a presentation on the company’s progress toward a zero-trust security model, where users must reauthenticate themselves every time they access a network service, and emphasized that security culture played a key role in its success. He noted that technology solutions like implementing multifactor authentication were also important, but that communication and employee policies were absolutely key.
The RSA conference was once again a great gathering of individuals and organizations throughout the industry working to solve complex cybersecurity problems. Many of the conference sessions’ recordings and presentations are available on the conference’s site by accessing the full agenda.
*** This is a Security Bloggers Network syndicated blog from Bricata | Network Detection & Response | Visibility & Analytics | Threat Hunting authored by Bricata. Read the original post at: https://bricata.com/blog/rsa-2020-conference-recap/