The RSA Conference 2023 just wrapped up, and it was a fascinating event for anyone interested in the cybersecurity world. Here are six takeaways that we identified from the conference, which highlight how the industry is evolving:
1. AI is here
Various stakeholders in the cybersecurity space reacted differently to AI and the new opportunities it presents. Large cyber vendors, mid-size startups, AI startups, and CISOs all had varying responses to AI:
- Large, public cybersecurity companies, such as SentinelOne, Palo Alto Networks, Google, and Security Scorecard, showcased and launched new AI products leveraging large language models. This approach makes sense given the immense amount of data these companies generate which is not easily utilized for advanced security purposes.
- On the other hand, mid-size cyber startups in the seed to series B stages were less advanced in leveraging LLMs, with some yet to introduce or pivot to AI features/solutions. For these companies, there is a risk of falling behind as the cybersecurity industry historically has been among the fastest segments to adopt machine learning in their core products.
- AI-security startups, such as HiddenLayer, received much attention at the conference. HiddenLayer has developed a solution that monitors the inputs and outputs of machine learning algorithms for anomalous activity consistent with adversarial ML attack techniques. Despite being few in number, the success of HiddenLayer in winning the RSAC Innovation Sandbox by a landslide suggests a promising future for “Security for AI” companies.
- Surprisingly, CISOs seemed reluctant to embrace AI, with many maintaining a “wait and see” approach. While they were familiar with the topic in general, they were not rushing to make decisions or enter large projects in the space.
Noteably, the industry’s fastest adopter of AI is attackers. Products similar to ChatGPT and LLMs are already being used for cyber attacks with new techniques and improved skills. Considering all these factors, it is likely that we will see a surge in “Security for AI” companies and “AI for Security” pitches at RSA next year.
2. Data is king
At the end of the day, it all comes down to data. In particular, excellent data engineering of proprietary data can be translated into a real competitive advantage in the cybersecurity space. The vendors that perform the best are those who centralize, normalize and generate conclusions out of the data – either for threat detection, enforcing organization-wide policies or prioritizing risks.
3. Geopolitical tensions and cyber attacks
As geopolitical tensions continue to escalate worldwide, so does the frequency and severity of cyber attacks. In many cases, state-sponsored actors are behind these attacks, using them to advance their strategic interests or gain a competitive advantage. This provides attackers a safe haven from which they can launch their attacks with relative impunity. As a result, it’s becoming increasingly difficult for organizations to defend against these attacks, and more and more forms of state-level defense are being discussed.
4. Discovering new perspectives and ideas
While Israel has established itself as a leading player in cybersecurity, there can be a tendency to stick to the familiar and the known within the Israeli community, limiting exposure to new perspectives and ideas. This year’s conference was eye-opening when attendees discovered successful companies in categories they knew very little about, like email security, post-cryptographic encryption, and MDR – categories without an Israeli success story (yet).
5. The potential for disruption in cybersecurity services
While products have traditionally been the focus of cybersecurity startups, there’s an interesting potential for disruption in the services space. Huge companies like Arctic Wolf Networks, or Red Canary are gaining serious attention, and with the upcoming AI revolution, this space could be ripe for innovation.
6. Focus on CISOs’ top priority products
Startups must focus on CISOs’ top priorities, rather than going for the “nice to have.” This is especially important in light of the current financial downturn and macroeconomic environment.
Whether you’re an early-stage startup or a large cybersecurity company, it’s crucial to prepare your company for these trends and adjust to the changing cybersecurity landscape.