RSA Conference 2024: How AI will impact cybersecurity

In the 12 months since security professionals gathered in San Francisco for the 2023 annual RSA conference, views on artificial intelligence have expanded. Where once AI was either bad for business or good for improving protection, it now poses entirely new challenges that require novel approaches.

This emerges from four days in which SiliconANGLE Media's livestreaming studio, theCUBE, interviewed industry executives, government officials, and analysts to hear the latest insights on the future direction of cybersecurity. That was one of the important themes. The widespread adoption of AI is driving a fundamental shift in the way we think about security, as organizations realize the need for internal security protection and better understand the role of AI.

Zscaler's Jay Chaudhry speaks with theCUBE at the RSA Conference.

“We have to deal with agile security and all these things that people don't normally know about,” said David Linthicum (pictured, right), principal analyst at theCUBE Research. , he said in the second keynote speech at the conference. Day. “We typically encrypt, protect, and build firewalls for things that can be attacked from within. We need internal security. I think people are trying to think differently.” (*Disclosure below.)

Below is a complete underlying analysis of theCUBE by David Linthicome, joined by Shelley Kramer (pictured, left), Managing Director and Principal Analyst of theCUBE Research.

Here are three key insights you may have missed during the event.

1. The RSA Conference presented evidence that AI is being used by both attackers and defenders.

There is growing evidence that AI is widely used by malicious actors. Presentations from industry speakers and government officials during the conference highlighted how nation states and cybercriminals are using AI to improve social engineering attacks and scan systems for vulnerabilities.

“You're going to ask ChatGPT and say, 'Tell me all the VPN systems that this company has and what vulnerabilities they have,'” said Zscaler Inc. Founder and CEO Director Jay Chaudhry said in an interview with theCUBE. “It would have taken days to gather this information. Now it's available in seconds. So once you identify the attack surface area, you have an easier starting point for an attack.”

Here is the full video interview with Jay Chowdhury of theCUBE:

The use of AI by malicious actors has led businesses to deploy AI as a defense against more sophisticated attacks. One solution, as exemplified by new technology released last month by Cisco Systems Inc., is to create AI-native platforms that can automatically detect malware as it passes through corporate environments.

“Rather than thinking about AI as an afterthought or an afterthought, we built it from the ground up this quarter, which we call AI Native,” said Jeetu Patel, executive vice president and general manager. He's on theCUBE about security and collaboration at Cisco. “So when we thought about how to solve all of these problems, we said, 'Let's definitely incorporate AI.'”

Here is the full video interview with theCUBE's Jeetu Patel:

Companies are also developing new solutions to implement security defenses against AI threats early in the software development lifecycle. This has proven to be particularly necessary in application security.

“The reality is, I think the only way to truly solve application security is to shift left or early in the software development lifecycle,” said Peter, CEO of Snyk Ltd.・Mr. McKay said this in a conversation with theCUBE. “We don't want to slow down developers, and we don't expect them to be security experts. We need to build in security in the background so developers can continue developing quickly. The risks of doing so have never been greater.”

Below is theCUBE's full video interview with Peter McKay, joined by Snyk's Chief Technology Officer, Danny Allan.

2. Regulatory activity is intensifying in the world of cybersecurity.

This year's RSA gathering featured a lot of news and discussion around regulation and governance. During the conference, 68 tech companies, including AWS, Google, Cisco, Microsoft, and IBM, signed the Secure by Design pledge led by the U.S. Cybersecurity and Infrastructure Agency. By signing this pledge, companies agree to commit to achieving their seven security goals over the course of one year.

Fortinet's Jim Richburg (pictured, far right) appears on theCUBE with former DHS official Suzanne Spaulding (second from right) at the RSA conference.

“This is a regulatory-agnostic solution that we can say is ‘progress-driven,’” Jim Richberg, Fortinet's head of cyber policy and global field chief information security officer, said in an interview with theCUBE. Told. Publicly report on how you went about your implementation. And this pledge has clear goals. [It’s] The companies that signed the pledge were not told that they had to do this. ”

Below is theCUBE's full video interview with Jim Richburg. He was joined by Suzanne Spalding, former deputy secretary of the Department of Homeland Security and a member of his Fortinet team.

Several executives interviewed by theCUBE noted increased regulatory pressure in both the U.S. and Europe. This includes Europe's NIS2, which comes into force in October and expands on existing cybersecurity obligations for businesses, and DORA, the EU regulation on digital operational resilience that all businesses must comply with from January. included.

“In Europe, NIS2 and DORA are emerging. We've seen GDPR impact other privacy regulations,” said Sam Currie, global vice president and chief information security officer at Zscaler. he said in a conversation with theCUBE. “We've seen the Securities and Exchange Commission take another step in 2023, and we're all wondering, where is this going? We'll see what that actually turns out to be. Dew.”

The full video interview with Sam Curry by theCUBE is below.

The increase in cyber-related regulatory activity is creating an ecosystem of organizations designed to help build governance and compliance platforms. According to Amit Elazari, co-founder and CEO of Open Policy, this issue becomes even more important as AI adoption continues to expand.

“CISOs who are not considering AI governance may be left behind,” Elazari said during an appearance on theCUBE. “This web of regulations, with cyber, privacy and AI requirements and regulators focusing on compliance certification, measurement and deliverables, is creating significant opportunities for governance companies.”

Here's theCUBE's full video interview with Amit Elazari:

3. Acquisitions and partnerships will have an impact as companies seek to leverage AI for data protection.

The overall theme of this year's RSA conference was “The Art of the Possible,” but it could have been “Better Together.” Acquisitions and partnerships continue to shape the narrative of many companies in the cybersecurity space.

When Snyk acquired DeepCode Inc., a provider of AI-powered real-time semantic code analysis, it didn't seem like a big move at the time. Things have changed since then, with his AI and machine learning being used to address security challenges around the world.

“DeepCode is probably one of the most important. [acquisitions]” said Danny Allan, Snyk's chief technology officer, in an interview with theCUBE. “DeepCode was interesting because it allowed us to participate in SaaS static application security testing in a very meaningful way. Looking at the way they do static application security testing, we can identify vulnerabilities in the code. Symbolic regression testing has been used to find the gender, and we continue to iterate on it.”

Here is theCUBE's full video interview with Danny Allan, which also featured Snyk CEO Peter McKay.

Another high-profile acquisition was CrowdStrike Inc.'s acquisition of cloud log management and observability company Humio Inc. in 2021. A year later, CrowdStrike announced a new product based on Humio's technology, rebranded as Falcon LogScale. CrowdStrike acquired Bionic.ai in 2023 to further enhance its Falcon platform offering and strengthen endpoint security.

CrowdStrike's Elia Zaitsev speaks with theCUBE at the RSA Conference about the latest trends in cybersecurity.

“We are witnessing the next wave of consolidation in security,” CrowdStrike Chief Technology Officer Elia Zaitsev explained in a conversation with theCUBE. “So I think it started 10 years ago with the endpoint wars. I think we won this problem pretty easily by eliminating legacy AV and a lot of other point-of-sight solutions on the endpoint.”

Here's theCUBE's full video interview with Elia Zaitsev:

Cribl Inc. this month announced a partnership with Microsoft Corp. aimed at accelerating the use of Cribl's security products on the Azure cloud platform. This latest partnership highlighted the interest of companies like Cribl in pursuing data-centric solutions in the world of cybersecurity.

“All security and IT comes down to data,” said Abby Strong, chief market officer at Cribl, on theCUBE. “We want to become experts in that kind of data and have security experts build solutions to detect and respond to them.”

The full video interview with Abby Strong by theCUBE is below:

For more of theCUBE's coverage of RSA Conference 2024, check out our complete event video playlist.

https://www.youtube.com/watch?v=videoseries

(*Disclosure: TheCUBE is a paid media partner of the RSA Conference. Neither RSA Conference LLC, the sponsor of theCUBE's event coverage, nor any other sponsors have editorial control over theCUBE or SiliconANGLE content.)

Photo: SiliconANGLE