A few weeks ago, I highlighted trends I thought we’d be seeing at one of the world’s most important cybersecurity shows – the RSA Conference (RSAC) in San Francisco. The conference lived up to the hype, with nearly 50,000 people and more than 700 companies showing up, marking a new high for attendance in the post-pandemic world.
Some of the things we expected, such as secure access service edge (SASE), cloud security, shift left security, and API security, lived up to expectations. There was even an acquisition to talk about: Akamai announced just a couple weeks before the show that it was acquiring API security specialist Neosec, drawing attention to the API security space.
This acquisition gives a nice boost to some of the pioneers in API and shift-left security. In addition to meeting with Neosec, I had meetings with other hot startups in the shift-left and API security arena, including Noname Security and Orca Security. And we interviewed Wib Security CTO Chuck Herrin for a special media event at the Intercontinental Hotel.
ADVERTISEMENT
It’s About AI, Code, and APIs
The cybersecurity movement is about to undergo a massive shift in mindset. The former focus was on identifiable threats such as malicious domains, malware, and threat hunting. But with the advent of API threats and AI, the industry is now going to have to reach deeper into code and business logic to protect IT assets.
The shift left movement – which we highlighted here a year ago – guides the merging of cybersecurity practices such as security operations (SecOps) with developer operations (DevOps) into DevSecOps – will be important for companies also evaluating AI risks, as many AI tools function using APIs.
ADVERTISEMENT
With our recent focus on API security and AI, we were looking at the RSAC for discussions about shift left and how it will deal with emerging threats, such as code-level threats, open-source software, and threats posted by APIs and AI. Combine this with the view that organizations will have to keep a more careful eye on the security of their code and data in the cloud, and we have the beginning of a long trend we are tracking, which we are calling shift left for cybersecurity.
In my Q&A with Wib’s Herrin, he highlighted the threats posed by the huge number of APIs that can proliferate in an organization – especially zombie, or unknown, APIs, which an organization stops tracking but can still give attackers access to code or active applications and data.
Wib Security CTO Chuck Herrin and Futuriom analyst R. Scott Raynovich at the API Security event at … [+]
ADVERTISEMENT
Herrin pointed out that a key starting point to API security means using tools to identify and inventory all APIs in an organization that is actively tracking their use. More key approaches include monitoring API authentication schemes and business logic to prevent common API attacks such as those listed above. BOLA attacks, API misconfiguration attacks, attacks using shadow APIs, and injection attacks.
Here Comes AI
At RSAC 2023, there was also lot of discussion around the impact of AI and machine learning on cybersecurity. As is typical in the cyber market, AI can be used both for and against security. Just as AI/ML technologies are increasingly used in real-time analysis and threat hunting, they can be used to create new attacks and breaches.
“There is a wide breadth of risks plus benefits with AI,” said Eric Goldstein, Executive Assistant Director for Cybersecurity at the U.S. Cybersecurity and Infrastructure Security Agency, in an interview with the Wall Street Journal at the RSAC. “We’ll see an acceleration of this activity in the next 12 months, as vendors integrate AI tools with their cybersecurity platforms to more quickly analyze data and stay a step ahead of attacks.”
ADVERTISEMENT
The new boom in generative AI can make things more fluid for both the good guys and the bad guys. On the solutions front, AI/ML tools can streamline tasks such as responding to queries and alerts and responding to escalating incidents. On the side of the bad guys, generative AI will create new social engineering attacks as well as compliance headaches for CxOs trying to keep their secrets and code secure.
“Detecting the API connections to OpenAI is something you should be thinking about,” Wib’s Herrin told us. “It’s not just shadow API of which you are unaware, it’s also outbound calls.”
This is likely to boost demand for new tools that address API and code security, because AI/ML often starts with a new API call.
A couple AI/ML-related news stories stuck out:
• HiddenLayer was named Most Innovative Startup in the RSAC Innovation Sandbox contest. HiddenLayer is an AI application security company based out of Austin, Texas, that has a patent-pending solution to monitor ML algorithms for adversarial attack techniques. It was selected by a panel for helping enterprises safeguard the ML models behind their critical products with a comprehensive security platform, according to the statement from the panel.
ADVERTISEMENT
• SentinelOne said its AI threat-hunting can deliver real-time, autonomous response to attacks. Using embedded neural networks and a large language model (LLM)-based interface enables security teams to ask complex threat- and adversary-hunting questions and run operational commands to manage their entire enterprise environment using natural language.
AI/ML is likely to have a huge impact on cybersecurity platforms going forward, from both the risk and solutions standpoints.
Cloud Cybersecurity Integration Also Key
In other arenas, we heard a lot in some of the other areas such as secure access service edge (SASE), cloud security, and cloud native applications protection platform (CNAPP).
Another key trend, which I’ll detail later this week, involves SASE vs. SSE (secure service edge). SASE is a framework that integrates network security and access controls into a single cloud-based platform for edge applications such as branch networking. This includes popular network security functions such as NGFW, FWaaS, ATP, SWG, and CASB (and much more). This approach is becoming more popular to secure networks with an overlay, and it’s merging with ZTNA as remote work and the need for secure access to cloud-based services continue to grow.
ADVERTISEMENT
Some other news highlights from RSAC 2023:
• Orca Security’s Cofounder and Chief Innovation Officer Avi Shua told us that rather than focus on the acronyms, security practitioners want an integrated approach to protecting data no matter where it is.
“They want to find the exposed vulnerability,” Shua told us. “You need a consolidation tool that can simplify this complex world.” Orca falls into the cloud security posture management (CSPM) category, but it focuses on many other use cases, such as cloud workload protection, Kubernetes and container security, shift-left security, API security, and others.
At the RSAC, Orca announced full integration with Microsoft Azure OpenAI GPT-4. The integration builds on the ChatGPT implementation in the Orca Cloud Security platform announced in January, which Orca says makes it the first CNAPP to support GPT-4 through the Azure OpenAI Service.
ADVERTISEMENT
• SentinelOne and Wiz announced a joint integration to expand CNAPP. When SentinelOne detects a runtime threat in a cloud server or container, it ingests relevant context from Wiz about the cloud resource, including vulnerabilities, misconfigurations, and exposed secrets. Both of these vendors are high-profile security vendors, so we think this partnership demonstrates the trend toward platform integration.
• Cato Networks, provider of an integrated SASE platform delivered from the cloud, announced the addition of Cato Remote Browser Isolation (RBI) to its Cato SASE Cloud platform. This demonstrates the race by SASE providers to add features, and Cato, which recently added CASB, has proven to be one of the fast-moving SASE providers in this area.
• Open Systems’ Managed SASE won a Global InfoSec Award presented by Cyber Defense Magazine (CDM). Its suite of integrated and unified network and network security functions is delivered as a 24/7 managed service.
ADVERTISEMENT
Altogether, it was a great RSAC 2023 with much to learn and see. According to my Strava app, I walked more than 20 miles over three days, but I don’t feel like I scratched the surface of the show. It’s good to see the live conference world back in full force.
