Blog contributed by Janelle Davis
The humans behind technology innovation are often missing from the conversations in the security industry. With cybersecurity stuck in an always-evolving cycle, cybercrime has now democratized, and data breaches have become commonplace in today’s news cycle. Worries around lines of code and stacks of open-source frameworks often take priority over the human element in the battle against cybercriminals.
Over the past 29 years, the RSA Conference has become the meeting place for security professionals and IT leaders to discuss the latest technologies and innovations their companies offer. Held in San Francisco’s Moscone Center, the conference attracted more than 36,000 people, 704 speakers and 658 exhibitors despite big names like Verizon, AT&T Cybersecurity (previously AlienVault) and IBM pulling out amid health concerns around coronavirus. The theme this year was ‘Human Element,’ chosen to remind us all that humans are still the most vital weapon in the security arsenal. Don’t worry, there were still plenty of discussions about viruses—of both the digital and medical variety.
THE BIGGEST PRODUCT ANNOUNCEMENTS AND HONORABLE MENTION
During Intel’s presentations, it highlighted four new capabilities to address consumer challenges: application isolation, VM and container isolation, full memory encryption, and Intel Platform Firmware Resilience. Senior leaders on the Intel team shared insight into how the next decade will see far more architectural advancements than in the previous five decades.
Google revealed its enhanced tools for detecting malware in today’s threat landscape. Mentioned were Chronicle’s advanced threat detection capabilities and timelines as well as the general availability of reCaptcha Enterprise and Web Risk API. reCaptcha Enterprise is the system used to verify login requests that come from legitimate users while Web Risk API allows web applications to check URLs against Google’s list of unsafe websites.
Crowdstrike, which made an initial public offering last year, announced Endpoint Recovery Services, a new offering combining the power of its CrowdStrike Falcon platform, threat intelligence and real-time response to accelerate business recovery from cyber intrusions. This offering will save businesses from drowning in expensive downtime after being hit by a cyber attack and allow them to allocate resources to other critical business functions: communications, threat assessments, employee security training, etc.
Proofpoint, an enterprise security company, announced the industry’s first offering to address business email compromise (BEC) and email account compromise (EAC) attacks. To accomplish this, Proofpoint combined its secure email gateway, advanced threat protection, threat response, email authentication, security awareness training and cloud account protection. Additionally, an innovation called Cloud App Security Broker (CASB) was also announced as a way to protect cloud applications that employees access daily —things like Slack, Google G Suite and Amazon Web Services.
Be on the lookout for more news from Nullafi, a startup that is making hacked data useless to hackers by creating an architecture that protects new and existing infrastructures while making any original data impossible for hackers to access.
The honorable mention goes to SECURITI.ai, a privacy compliance solutions provider that took home the title of ‘Most Innovative Startup’ for the RSAC Innovation Sandbox Contest, a competition that brings out cybersecurity’s newest innovators who are committed to minimizing risk.
The key takeaways from the conference
1) Communication really is key, even for CSOs and CISOs with a company. With over 2,000 speaker submissions submitted for RSA this year, the human need for clear communication was seen in a majority of those submissions. An important trend going into the year ahead will be communication across teams, in presentations to clients and to customers, and the media. Coming off a decade piled high with data breaches and miscommunications, companies can no longer afford not to communicate efficiently and effectively with everyone in its network.
2) Privacy across products, services and organizations. General Data Protection Regulation (GDPR) was big last year, with a mission to give control to individuals over their personal data. Privacy conversations dominated the conference this year and will likely inspire new data security trends in the coming months and years.
3) The marriage between humans and machines is more profound than ever. As the world becomes even more interconnected with people relying on devices, machine learning and artificial intelligence to inform decisions, it is important to continue building awareness and training the humans behind technology. Threats do not discriminate, and everyone in a company or on a team should be properly trained and know what to do when a cyber attack hits.
Most importantly, when we all come to recognize and accept that cybersecurity is simply just about people protecting people, we can learn to not only keep our own security posture firm, but build a more secure world.
