AI Requires More Confidence and Clarity
AI was less of a marketing play on the show floor than I expected, perhaps because cybersecurity has already been touting AI as a capability for years, equating it with machine learning and big data. The big questions about AI were less about promoting it as a feature or solution and instead focused on what the impact will be of cybercriminals harnessing its power, and how bad actors will exploit weaknesses in its features. Organizations are looking for insights into the risks and how they can prepare to safeguard against them. I’m excited about the work ethical hackers are already doing to push AI’s boundaries to understand what its capabilities and limits are. These insights will be invaluable as we build systems on the basis that AI is the future of technology.
A Focus On Tactics Rather Than Tools
The marketing language at RSA has moved on from talking about the types of attacks a tool can prevent, shifting to the tactics required to combat the efforts of the humans behind the attacks. “Secure by design”, “DevSecOps”, and “secure code” all featured heavily at this year’s conference, with a focus on building security at an earlier stage. There was also a strong turnout for authentication and Zero Trust solutions. We’re moving away from a world where endpoint security and technological tools are touted as the ultimate solution to a more realistic one, requiring secure design and development, and continuous monitoring, testing, and authentication to minimize risk.
We have begun to recognize that attackers are humans; in the words of Eric Goldstein, the Executive Assistant Director for CISA, “Attackers have bosses and budgets too.” Cyber experts have begun to take the view that the goal needs to be to make it as difficult and as expensive as possible for attackers to conduct their campaigns to put them off trying. The best way to keep up with cybercriminal tactics continues to be leveraging greater and more diverse human intelligence to test defenses, tactics, and tools.
Platforms Are Winning Over Products
The RSA show floor was predictably overwhelming, with the sheer number of booths and companies offering a multitude of solutions that promise to solve your security worries and provide peace of mind. It’s not surprising that something I hear a lot from CISOs is that it’s very hard to make a decision on what products they really need to ensure they’re sufficiently resistant to attack. With so many conflicting products out there, organizations could easily end up with hundreds of vendors, all protecting some small part of their digital infrastructure, with many having almost identical functionality. Consolidation was something I heard a lot from the security leaders I spoke to. Products and tools are becoming features of platform solutions as cybersecurity vendors look to add more value for their customers. This was our thinking behind the Attack Resistance Platform, so our customers can leverage our legion of ethical hackers for all their security testing throughout the software development lifecycle and beyond.
Click here for more information about HackerOne’s Attack Resistance platform.