In so many ways, the speakers and vendors pitched ideas that sound new and novel until you take a closer look – a cutting edge that proves dull upon inspection. Behind these innovative products are a lot of familiar, well-worn concepts put in a different package and billed as transformative when in fact they do little to nothing that hasn’t been done before.
Transformation really matters in cybersecurity – it’s urgent and overdue. So stale thinking needs to be challenged, and alternatives need to be proposed. With that mission in mind, here’s our take on some of the biggest talking points to emerge from the 2022 RSA Conference.
Attack Surface Management
If the conference had a buzzword, it was attack surface management. Vendors are eager to attach themselves to this concept, which has gained a lot of traction as security starts to prioritize proactive security measures that prevent attacks over measures that detect and remediate them after the fact. Attack surface management reveals where vulnerable entry points exist so that security teams can lock them up early.
What often went unsaid is that attack surface management is just one component of exposure management, and it’s not sufficient on its own. In addition to considering external entry points, security teams must be aware of how attacks might move through their internal environment, and where defenses can and can’t stop them. They also need to consider digital risk: how cyber attacks effect business operations/outcomes. Exposure management addresses all these factors in concert to prevent more attacks, stop them sooner, and avoid the worst consequences.
XDR was everywhere, and it seems like every vendor defines it differently. Each solution offers, in various ways, to ingest more data, apply stronger analytics, and provide keen detection and early warning of all attacks. But that’s exactly what MDR providers do as well. So, is XDR nothing more than a service provider turned into a technology?
In many cases, yes, but there’s an opportunity for XDR to go much further. The emphasis right now is on detection. More important is the response and remediation – taking action to achieve the desired outcome. XDR solutions are good at exposing but not stopping attacks, leaving an organization no more secure than they were before. This underscores an important but often overlooked fact: operational remediation capabilities are the measure of a changing security posture. Unless those improve, nothing else does.
Another term that felt inescapable at this year’s conference was zero trust. Every solution, it seems, is suddenly a zero trust solution – and equipped with next-generation defenses as a result. What’s ironic is that the concept of zero trust – trust nothing, verify everything – is nothing new at all. There was a very similar principle in the old days of information security – that which can’t be explicitly allowed is implicitly denied.
This is actually a good thing. The concept of zero trust feels a lot less distant and unobtainable when put in the proper context: this is something we’ve succeeded at before. That being said, it will be important to acknowledge how concepts of identity, access, and trust have changed (a lot) over the last 20 years. The right approach learns from the past but updates for the future.
After the Covid-19 pandemic led to a massive and continuing surge in cloud adoption, it makes sense that cloud security was a hot topic this year. We saw many vendors adapt old products/services to have a cloud component, along with plenty of upstarts focusing on cloud security specifically. Cloud security has been around for a while but has never felt as vital as it does now.
That’s a step in the right direction, but it also underscores how much work remains on cloud security. Yet to appear are robust cloud detection and response (CDR) platforms that take the coordinated defenses used on endpoints and networks and apply them to clouds. More importantly, cloud security hasn’t been integrated with XDR, leaving a massive blind spot in detection. The trajectory of cloud security suggests these developments are likely. How soon remains to be seen.
An Important Caveat
We stand by the observations laid out above, even when they are critical or provocative, but it’s important to add some missing context. Much of what we heard at the 2022 RSAC sounded familiar, but not everything. Some vendors have made legitimate progress on things like XDR, zero trust, and cloud security, turning them into accessible and effective defenses that have a meaningful impact on security and cyber risk. It’s just that these vendors are rare. Our intention is not to dismiss concepts like XDR or zero trust. Rather, it’s to highlight that most (but not all) the current offerings on the market still have work to do. Don’t avoid these technologies – just choose wisely.
Our Biggest Takeaway from the 2022 RSA Conference
The products and services we saw may not have been as transformational as they claimed, but that’s not surprising – real innovators are rare. Nor is it particularly problematic, though, because the biggest issue in cybersecurity right now is one that no one seemed to be talking about: people.
People, not technology, are what’s missing from cybersecurity. The best technology in the world doesn’t matter if there’s no one there to operationalize the offense and defense. So much of the conversation, this year and every year, is about building out the security stack. From here out, building out the security team, by whatever means possible, should get just as much emphasis.
What was your take? Let us know what you are facing out there. Contact Us.