This past week I got the chance to attend my first RSA Conference and hang out with 40,000 of my best friends in cybersecurity. “Wait, you’re in tech and it’s your first time attending RSAC in San Francisco?” (That was a direct quote from a teammate.) And believe it or not, the answer is yes!
Between staffing the booth, walking the floor, interviewing clients, talking with prospects, meeting with analysts, listening to sessions, and connecting with coworkers and industry contacts, all while wearing the iconic JupiterOne neon green jeans, it was an eventful week. Now that the dust has settled and I’ve recovered from the lack of sleep, here are some of my top takeaways.
TL;DR
- One of my favorite sessions from Mandiant | Google
- Zero Trust is still the thing
- Security “from ____ to ____” is gaining momentum
- In-booth presentations are in
- AI isn’t quite ready for the spotlight
- The Cyber Defense Matrix is as relevant as ever
- Mascots are awesome
The State of Cybersecurity with Mandiant | Google
It was hard to miss the presence of big players like Microsoft, IBM, and Google at RSAC. In particular, I found this session from Kevin Mandia, Mandiant CEO, Google Cloud, really insightful. Kevin, also an investor in JupiterOne, was recapping the current climate of threats and cyber attacks over the last year.
Click here to watch the session: The State of Cybersecurity – Year in Review
After talking about the growing statistics and sophistication of attacks, Kevin goes on to say “So what do you do about it? Because that’s what this conference is about. The threats will change all the time. If you’re in an industry like defense industrial base, financial services, or you make something that is critical to the health and welfare of 1.7 billion people, you may be targeted by these types of attacks. So what do you do? Don’t ever forget the advantage you do have. You should know more about your business, systems, topology, and infrastructure than any attacker does. The reality is this is an incredible advantage and if you can baseline normal, you can detect anomalies faster.“
“Don’t ever forget the advantage you do have. You should know more about your business, systems, topology, and infrastructure than any attacker does. The reality is this is an incredible advantage.” – Kevin Mandia, Mandiant CEO, Google Cloud
What a statement! At JupiterOne, we often refer to your systems, topology, and infrastructure as your cyber asset environment and attack surface. In fact, we just published an exclusive report that shows the average enterprise security team is responsible for almost 400,000 assets, and has to correlate information from nine data sources. That topology is a lot to manage and secure, but our thought process and hope of empowerment are the same as Kevin Mandia: you have the advantage IF you know what you have, and can get answers and insights quickly to security related questions.
Zero Trust is still the thing everyone is talking about
Similar to last year, Zero Trust was a leading message for a lot of companies. It was plastered on booth walls, t-shirts, and koozies. Based on a handful of conversations though, the definition of Zero Trust still seems to be a bit hazy.
I asked ChatGPT for some quick help simplifying Zero Trust:
"In simple terms, Zero Trust means that you don't automatically trust any device, user, or network traffic just because they are on your network or have the right login credentials. Instead, you continuously verify the identity and security posture of these entities before granting them access to resources."
Since its inception, Zero Trust has been co-opted by marketers and misunderstood in the larger marketplace. And like most things in cybersecurity, the definition expands to encompass numerous applications of this concept from identity authorization, to access control to inspection. If this is a focus area for your security team or organization, take the necessary time to understand all the concepts for implementing a holistic approach to Zero Trust.
At JupiterOne, we provide the ability to query your assets and continuously verify the identity and security posture of entities. While we don’t use the term directly, our platform can play a critical role in your Zero Trust initiatives.
“Security from ___ to ___”
It’s helpful when vendors define the boundaries of their solution, or communicate clearly what they do. I saw numerous instances of messaging that resembled the following:
- From dev to runtime
- From cloud to on prem
- From workloads to APIs
It wasn’t always apparent what these tools did over that span, and you also have to assume that they’re implying “and everything in between.” At least it provided a sense of how they fit in the security stack. If I were to co-opt this messaging structure for JupiterOne, I could say something like:
- From Chaos to Context
- From Questions to Answers
- From Assets to Insights
To quote our CEO and Founder, Erkang Zheng, “I created JupiterOne because I believe that security should be as simple as asking a question and getting the right answer back in context – right away – to take the right actions.” Improving asset visibility and reducing your attack surface should be as simple as moving from questions to answers, and assets to insights.
In-booth presentations are in
I really enjoyed this part of the conference. A large percentage of exhibitors had a presentation area set up in their booths and were giving live talks throughout the show. As a passerby, this was a great way to get some information on a given vendor or topic in a short amount of time. I stopped to listen to a number of presentations. Two that stuck out were about exposure management and frontline threat intelligence, both of which I’d like to do more research on. Aside from competing microphones and adding to the decibel level, these mini-talks were a hit.
The JupiterOne booth had multiple presentations about asset management and unified cyber insights. We also showcased a number of partners including AWS, Cisco, Splunk, Tines, and Intelliguard. In addition, we had the famous Sounil Yu presenting about the Cyber Defense Matrix, which I’ll dive into more later.
AI isn’t quite ready for the spotlight
As marketers, we put a lot of time and energy into the words we use at a conference. The messaging has to be clear and concise, and is usually finalized months ahead of time. From what I could see, almost no one had printed messaging at the conference related to AI or ChatGPT. I get the feeling AI is still too new to headline at RSAC.
While AI/ML wasn’t in bold print across booth banners, in-person conversations and live demos told a different story. We worked hard to launch our initial J1 AI offering in beta in time for the show, and I heard a lot of buzz around leveraging AI, ChatGPT, and other LLMs to help improve security products.
The prevailing sense that I got from analysts and industry insiders was that they wanted to know how AI will be used to solve new and novel problems. Ideas around simplified products and streamlined data and workflows didn’t have the same allure. But I don’t know how much I agree with this view. I believe we all need to take a step back and look at our expectations for AI in cybersecurity.
A lot of the security or technical challenges that we help customers solve are already new. Asset management, for instance, has been around forever (think ITAM and CMDBs). But solving this challenge across a cloud-native and hybrid world with a proliferation of ephemeral resources and APIs is new and different. If we can do something better, easier, and faster, and make it more accessible to a wider range of people by leveraging AI and natural language search, is that enough? I don’t have the answer, but I’m open to debating this over a cup of coffee at our next conference.
The Cyber Defense Matrix is as relevant as ever
If you aren’t familiar with The Cyber Defense Matrix or its author, Sounil Yu, I can’t recommend it enough. And don’t just take my word for it. Between the packed session, booth presentations, and droves of people waiting in line for book signings, I was finally able to get a firsthand look at the true value of this framework for organizing and understanding different technologies.
With the proliferation of vendors and technologies across all spectrums of cybersecurity (there were over 650 registered vendors at the show this year) you need a way to cut through the noise, understand how these tools relate to one another, and figure out how to leverage the best combinations of solutions to protect your organization.
And the last thought I’ll leave you with today…
Mascots are awesome
This was the first year we featured Pickles the Alien, our rockstar mascot, who fits with the intergalactic theme of JupiterOne. Pickles did a great job engaging our visitors and bringing a smile to the faces of attendees. If you didn’t get a chance to meet Pickles in person, check out some of their adventures throughout the week, and make sure you look for Pickles and JupiterOne next year at RSAC 2024.