Security operations · 2 MIN READ · MATT JASTRAM · MAY 9, 2024 · TAGS: Company news / MDR / Tech tools / vulnerability prioritization
One of the aspects I’ve always enjoyed about RSA Conference is the deep sense of community I feel when I’m around so many security practitioners. From the keynotes to the technical sessions, to wondering the show floor for demos, there’s a sense that we’re in this together. As the RSA Conference chair Hugh Thompson pointed out in the opening keynote, this year’s theme–The Art of Possible–is meant to both inspire hope in what we can accomplish together, as well as remind us all of what our adversaries are capable of.
I’ve spent a significant time in the expo hall, evaluating how vendors (and our competitors) are innovatively approaching security challenges. Being in the SOC and experiencing our customers’ incidents, I can personally speak to which vendors are actually generating true signal versus vendors offering only lots of glitz and giveaways. Once you drill down and see the intricacies the legit vendor tools are offering, you see that as a community, we’re fighting the same fight that we always have, just with new approaches to sophisticated tools, in new arenas, against ever-changing attacker tactics and techniques.
Generative AI continues to stand out for me, as last year was its coming out party! The majority of presenters weaved genAI into their sessions (even if it didn’t quite fit the topic). This year, the genAI topic is more around large language models (LLMs) and the application of them in solutions, as well as asking how AI is being secured. Thompson noted that AI was a consistent trend in most of the speaking submissions this year (along with security professional burnout and risk management). It’s encouraging to see that the conversation around AI has matured past including an example of an AI-generated deepfake in a session presentation, to being much more about how practitioners can leverage AI technology to improve their proactive and reactive approaches.
Pivoting to my role on Expel’s vulnerability prioritization team, it’s fascinating to experience first-hand how many vendors are weaving elements of vulnerability management into their tools. The vulnerability risk discussion continues to pair customer context with exploit risk factors to calculate various scoring approaches. The key here is equipping practitioners with clear threat intel and exploit messaging that will convince responsible management and designated remediation team members to act.
So many vendor offerings rely upon scoring approaches that fail to articulate a transparent method as to how they reached their score. The practitioners considering tool options don’t have time to research exploit risk; rather, they require a third-party to evaluate and prioritize risky vulnerabilities. Expel can help, our UI allows for easy exploit source filtering with a human recommendation.
And I won’t name names, but some notable brands are simply missing from the show floor. (You know who you are!) It will be interesting to see if these are one-time occurrences, or related to acquisitions or some sort of budgetary impact. I know I’ll be paying close attention.
But with all that being said, the show continues to attract massive crowds. The expo hall is packed, people are getting product demos (especially in Expel’s booth), and it’s sometimes worthwhile to pivot in different directions to avoid the crowds. It’s a positive sign that practitioners see the value in financially commiting to send security leaders even when ‘budgets’ are tight. Now as an industry we must continue this momentum, go back to our homes and offices with the big picture in mind, and turn what’s possible into action.