RSA 2023: Not Under the GenAI Influence Yet!

Security business is booming! Reportedly 38K people showed up for RSA 2023, and 600+ vendors did too. It is very clear from observing the large booths of many vendors (including some that are doing well unexpectedly) that “there is lots of money in cyberland.” As somebody cynically pointed out to me, a huge booth at the RSA conference doesn’t indicate that the company is doing well — it only indicates that it was doing well 6–8 months ago when they paid for the booth …

This aside, it is very clear from observing the RSA show floor that rumors of consolidation are premature at best (translation: it ain’t’ happening, probably ever). The Cambrian Explosion of Cybersecurity continues unabated.

Stop Glorifying Threat Actors, People! 🙂

In my traditional post-RSA manner, let’s go through the topic areas I care about (translation: not pre/post/in/on/through/over quantum)

Security operations

Let’s look at my favorite topic: security operations / detection and response. One noticeable thing that stood out to us as we wandered the RSA show floor was the relative shortage of XDR. Is XDR finally over? Not quite, but if you recall, my previous RSA blog, the skeletal grin of XDR stared at you from nearly every booth in 2022. Now? Not at all. Sure, somebody didn’t get the memo and launched their XDR at RSA 2023, but they are clearly in the minority. Instead, some notable ex-XDR vendors wisely pivoted to SIEM. Ultimately, this is where detection and response money is. BTW, Managed XDR (MXDR) is the same as MDR.

A few booths actually had “TDIR” on them which stands for Threat Detection, Investigation and Response. Yes, this is yet another acronym from my former colleagues that is starting its life as a name for a domain of practice rather than a market (in the future … who knows).

AI, Obviously

Before the RSA conference, many people predicted that artificial intelligence (AI) for security will be a big presence. Ultimately, it was not. In some sense, it was similar to my “RSA 2019: Happily Not Over-AI’d” post.

Relatively few booths had AI messaging, while others focused on ML rather than on the “new and cool” generative AI. You can hear some vendors ramble about AI in their presentations while their booth visuals didn’t mention it at all. One vendor did propose to “fight AI with AI” (if AI is out to get you, is this truly wise?)

My cynical mind suggests that many of the booth materials were printed before the current wave of excitement about generative AI and LLMs started in November 2022. It is hard to believe, but I think that generative AI took the industry by surprise, and only the most enlightened vendors really do use it today.

Now, what do I think about it? TL;DR: generative AI is a tool, but it is also “a micro game changer”, yet not “a macro game changer.” We are not even remotely close to “Hey, Bard, secure my network” macro game changer, but many micro elements of security work will change as a result. For example, one can paste a script into VT Code Insight and understand its purpose, approximate origin and maliciousness without having any reversing skills.

Still, Forrester said it best: “There’s a lot that remains to be seen with how generative AI should be applied to security tooling.”

Cloud Security

Cloud security is another area we dedicated significant time to. As we said in our podcast, at RSA 2023, cloud security was represented by three vendors with huge booths and one huge vendor with a small demo station.

We’ve explored questions like why choose cloud security from a dedicated vendor and not from a cloud provider, what is the role of multi-cloud in security and whether people still purchase mostly posture assessment or combination of posture assessment with cloud detection / response.

One interesting lesson: people who prefer to buy security from a dedicated vendor and not from a cloud provider do not just do it for multi-cloud, as some previously assumed. Another lesson: CSPM may be “so 2013” but in 2023, most people seem to start their cloud security tool journey with the posture assessment, just as before. Finally, the agent debate is still on, perhaps not surprisingly (for deeper runtime detection and response, especially in VMs, what else can you do?). Acronym wise, we spotted CSPM, some CNAPP, and I think no CDR and absolutely no CWPP (so 2010?). Anyhow, listen to our RSA 2023 podcast episode for more cloud security fun.

One question remains: why did cloud security get so concentrated so quickly? We literally have fewer than 10 credible cloud security vendors plus of course 3 cloud providers. Cloud security space “platformed” very quickly … I wonder why.

Zero Trust and Its Sassy Friends

Zero trust is another topic that seems to be waning a bit. We did expect to see a lot more SASE and perhaps even a SSE or two. However, in reality this was mostly present on booths where it was actually relevant, like remote access vendors with ZTNA messaging. We are definitely past the peak of “zero crazy” where we had “zero trust detection” and even zero trust deception (well, this last one may in fact be legit, just not for the reasons they think…)

All in all, I do expect that ZT will climb out of its hype cycle ditch better and healthier.

Data Security

Data security. Mmmm…. OK. No revolution here yet. DSPM mixed with DDR is still being born, perhaps next year the winners and winning use cases would become more clear. For now, my ex-analyst crystal ball is murky about that.

New and Fun

I learned a random fun thing that used to puzzle me: what is an enterprise browser? I used to think it was just a more secure, more manageable browser like say Chrome. But a visit to RSA early solution showcase changed my mind: enterprise browser is not really a web browser, it is a web-based application access system, essentially a generic enterprise application web client (this change of mind finally explained to me why there are “enterprise browser startups” now).

Another random fun fact: I finally saw a vendor that used “military grade” non-ironically (!). It was a vendor that offered a military-grade CYBER RANGE. Does anybody really want a civilian-grade range? What, to shoot civilian-grade cyber weapons? 🙂

Finally, I also did a quick fun preso at Google/Mandiant booth, and a presentation at a sideshow event we ran (you are welcome to see the slides, buy me a beer later).

To summarize, the reason I love RSA so much has nothing to do with content or even its huge expo hall — but with friends (hugs are back!), people, connections new and old. This year it was very fun … as was every year before that. See you at RSA 2024!

Related posts:

RSA 2023: Not Under the GenAI Influence Yet! was originally published in Anton on Security on Medium, where people are continuing the conversation by highlighting and responding to this story.

*** This is a Security Bloggers Network syndicated blog from Stories by Anton Chuvakin on Medium authored by Anton Chuvakin. Read the original post at: