Day One of the RSA Conference opened with keynotes diagnosing a security identity crisis, while offering AI, platforms, and big dose of disruption as the cure for what ails the cybersecurity world.
By Joe Fay
The 2023 RSA Conference kicked off in San Francisco this week, with human delegates being confronted with speaker after speaker declaring that AI is taking over much of their jobs. Opening the conference, RSA CEO Rohit Ghai said that over the years, the core purpose of security platforms has evolved, but “in the AI era, it is security first, followed by convenience and compliance.”
“AI will make zero-trust possible,” he said, because it can watch and learn to create fine grained models that humans would struggle to create. “The next generation platform for identity will be open and integrated at the data layer” he said. It will pursue a security first approach and “will be powered by AI.”
As for the “humans of identity” he said it was inevitable that many jobs would be lost, many would change, and some would be created. However, he noted the industry already struggled to find enough people. The fact was AI was already part of the technology and product landscape, he said. It’s just been positioned as “copilot” technology. Increasingly, AI would take the easy decisions and automate processes. Humans would become responsible for training, regulating, and ethics. “Monitoring air traffic control and flight plans,” as he put it.
So, the ultimate question for humans in security to ask, was “How do we ensure alignment of superhuman AI with human values and objectives to ensure that we do have a meaningful role going forward.”
It’s an AI World Now, No Turning Back
Following Ghai, Cisco executive vice president and general manager for security and collaboration, Jeetu Patel, also emphasized the inevitability and desirability of a platform driven, AI powered approach.
The new era demanded much better orchestration, coordination and synchronization, he said. Tools focused on specific domains would only give half the picture. This would demand cross domain native telemetry, giving information that was up to date, coordinated and correlated, not simply aggregated and historical. AI would change the security experience and increase efficiency he said, but existing public models were not domain specific. Over time, he predicted, domain specific models would emerge, that would be fed domain specific data such as threat intelligence and security playbooks. At the same time, he said, technology would move beyond simple mouse and keyboard interactions, towards natural language with prompts, and back and forth dialogue.
Cisco security business group senior vice president and general manager Tom Gillis sketched out an extremely near-term future that builds on Extended Detection and Response (XDR) to create platforms that could spot and remediate problems in near real time by operating in the data path. He predicted that by next year’s RSA conference, when it comes to ransomware, “We're going to be able to talk about how we have evolved this model of an automated response, where we can recover back to an RPO (Recovery Point Objective) of zero.”
VMware president Sumit Dhawan proposed three mindset shifts the security world must undergo as it confronts this new future. He said defenders should assume that attackers have “in-depth knowledge an insider would have”. Today’s attackers are less likely to leave a trail of “clues”, through a series of multiple moves, and once inside a network are likely to be two or three moves away from a “monetizable prize”.
Defenders need to develop an “holistic context” spanning endpoints, networks, users and applications in response. Otherwise, they are relying on “basic anomaly detection that doesn’t address today’s attacks.” The second shift was to realize that good AI needed good data, which means eliminating blind spots in the network, by shifting from a reliance on centralized appliances and distributing that intelligence through the infrastructure.
This allies with the third shift, which he said was particularly relevant to tackling ransomware. He sketched a vision where “Your entire application, that consists of all of the parts running in your private or hybrid cloud … [is] automatically available in an on-demand fashion, completely isolated and air gapped in a recovery environment.”
This would allow quick recovery into another cloud environment, “even though your current infrastructure that's running the environment is not available due to forensics.” Ultimately, he argued, security policies need to move closer to workloads, “So what's getting in the way? Maybe it's time to move away from the love of a box and instead think about security in the intrinsic way in your infrastructure.” But for all the talk of how AI will change the role of humans in cybersecurity, there’s still one area where no-one’s talking about replacing them just yet; politics and policy.
Government Insiders Explain How It Defends Nation Against Cyber Threats
In a fireside chat, former Cybersecurity and Infrastructure Security Agency (CISA) chief Chris Krebs and U.S. deputy attorney general Lisa Monaco discussed how the U.S. government response to cyber threats had evolved.
Monaco said a major change from her time as Homeland Security and Counterterrorism adviser to President Obama was the way that nation state actors had joined forces with criminal groups. Coming back into government with the Biden administration, Monaco said it was clear that the administration needed to change accordingly: “We need to pivot to disruption and prevention and make that our focus. And then the other issue was we needed to put victims at the center of our approach.” She said this was clear with the Colonial Pipeline response, which saw the U.S. Department of Justice (DoJ) work back along the blockchain to seize ransom money and return it to the victim. “But we could only do that because Colonial came forward. Time and time again, we are able to take that disruptive action, take that preventive action, because the victims work with us.” As well as working with victims, she continued, “We want to work hand in glove with the private sector to give as much information as we can about what we're seeing to alert folks.” This must be active cooperation, she said, not just occasional meetings.
This was all necessary as the U.S. government – and the security ecosystem at large – contemplated rival nation states’ efforts to advance their agendas and co-opt disruptive technologies.
“What we're seeing is an increasing effort by nation states to project power at home and abroad, and doing so with technology to repress their people... But now the assets that they're going after are the datasets, the algorithms, the software.”