More than ever before, the RSA Conference 2019 was “where the world talks security.” This year, over 40,000 attendees took part in 600+ sessions and visited the booths of countless technology vendors on the show floor. Keynotes, general sessions and hands-on learning opportunities were all available on mainstay topics such as filling the cybersecurity talent pipeline, as well as advanced topics like the application of blockchain and artificial intelligence to cybersecurity. Above all, the RSA conference continues to be the most important event where security practitioners come to hone their trade, and to understand where it’s headed in the near and distant futures.
The evolution of cybsersecurity was on full display at this year’s conference. Practitioners and vendors alike spent the week discussing and strategizing innovative approaches to defend against an increasing volume and sophistication of cyber attacks. A wide variety of topics was the subject of discussion, but two stood out as central themes during the week:
AI and Machine Learning
Zero Trust The Zero Trust security methodology isn’t new by any definition. In fact, it was introduced almost 10 years ago by former Forrester analyst John Kindervag. Despite its relative age, the ongoing redefinition of the corporate perimeter is vaulting Zero Trust into 2019’s security spotlight. Because remote work, SaaS applications, cloud hosting and BYOD are no longer exceptions but the norm, security professionals seeking guidance are turning to Zero Trust. As this framework requires the removal of “implicit trust from the network,” multiple technologies are vying for its replacement. Nowhere has this been more evident than at this year’s conference sessions, where many provided their own definitions of the term:
And those were just some of the sessions with “Zero Trust” in the title! Many more mentioned Zero Trust in the context of their own sessions, while others like Netflix described their efforts using alternative terminology (Building Identity for an Open Perimeter). And there were no shortage of Zero Trust presentations on the show floor, including our own covering the need for an Authentication Authority and Multi-factor Authentication as foundations for building Zero Trust Access. We also welcomed our partners to the Ping Booth to share their own visions of how they’re impacting Zero Trust deployments.
iovation presented on Managing User and Device Risk in Zero Trust Environments
ID DataWeb discussed Real Time Identity Verification for Zero Trust
Artificial Intelligence and Machine Learning No less prominent at the 2019 RSA Conference were the themes of artificial intelligence and machine learning. If you were a data scientist attending the conference looking for the next big problem to solve, you’d be overwhelmed by the sheer number of opportunities available to you in the field of cybersecurity. At this year’s conference, AI and ML were positioned as key enablers to predicting security breaches, vulnerability scoring, cyber-attack detection and blocking, incident response and more.
Of particular note were educational sessions around validating a vendor’s AI and ML claims, where participants came away with research methods and qualifying questions for these assessments. To be clear, these sessions strongly advocated for the use of intelligence-based security solutions while providing attendees the tools to spot the real thing. Additionally, they provided better understanding of where AI and ML fit into broader security strategies. Armed with this knowledge, attendees could then feel confident in vetting solutions in later sessions or on the show floor. Of course, this year’s conference gave them plenty of reasons to do just that.
“Adversarial” and “offensive” were popular terms used this year to describe the use of AI and ML methods for malicious purposes, with numerous sessions highlighting these practices:
The use of complex statistical analysis in hacking is a frightening proposition. It’s why many organizations are so eager to adopt security solutions that promote intelligence over configuration, which can be insufficient to cover vulnerabilities found and exploited with AI. At the Ping booth, many gathered to learn about the tie between AI-powered API Cybersecurity and Zero Trust, which was no surprise given the broad concerns around API security shared by many.
A Smarter, Less Trusting Way Forward As it has for decades, cybersecurity will continue to evolve within and outside of the walls of the RSA conference. This year’s show revealed industry convergence around Zero Trust to address trends that have showed no signs of slowing down. It also showed an industry hyper focused on using AI and ML to solve a wide variety of long-standing challenges in cybersecurity. The use of these tools and frameworks will continue to proliferate security architectures in ways we haven’t yet imagined, and we can all look forward to RSA Conference 2020 to see them in action!
If you can’t wait that long and would like to learn more about Zero Trust and how it’s being used to broaden enterprise security, join our Zero Trust webinar on April 11th at 11am MT.