RSA Conference Key Takeaways for Cybersecurity Defenders
March 06, 2020
RSA Conference 2020 has come and gone. It still maintains its status as the largest security event in the world, although attendance dipped from last year due to virus jitters and travel restrictions. While the mood at RSA Conference (RSAC) overall was a bit more subdued than in the past, attendee engagement with the Netsurion team to discuss co-managed SIEM in the expo hall was at an all-time high. We were also honored with recognition in CSO’s Hottest New Cybersecurity Products at RSA Conference 2020 for our holistic MITRE ATT&CK integration with our managed SIEM, EventTracker (more details below).
Here are our insights from conversations with cybersecurity decision makers at RSA Conference 2020.
1. The “human element” theme underscores both the people risk and future opportunity.
Humans are the leading cause of data breaches, whether unintentional errors or disgruntled employees or persistent external cyber criminals. While automation and technologies like artificial intelligence (AI) and machine learning (ML) play an important and evolving role in cybersecurity, they do not replace the people and processes still required for risk management and mitigation. There is no silver bullet for all vulnerabilities and threats. Our human ability to adapt and persevere are crucial attributes in improving our cybersecurity posture. It was refreshing to see the human element front and center at RSA Conference, including a focus on topics like developing younger cyber professionals, avoiding security staff burnout, and leveraging managed service providers to augment skills. For most organizations, particularly with skilled cybersecurity professionals in short supply, the total cost of ownership (TCO) of a co-managed solution has a much higher ROI than a Do-it-Yourself solution.
2. MITRE ATT&CK integration detects advanced threats faster.
RSAC illustrated that businesses, government agencies, global partners, and vendors of all sizes and geographies are widely adopting MITRE ATT&CK® as a methodology to bolster defenses and share threat intelligence. ATT&CK is a repository of real-world cybersecurity adversary techniques that serve as an early warning for defenders to reduce attacker dwell time. Our demonstration of EventTracker SIEM integration with ATT&CK was extremely well received as organizations saw firsthand how our SOC-as-a-Service detected advanced threats faster.
3. Lifelong learning is key in our fast-paced industry.
Navigating the many concurrent tracks and presentation opportunities at RSAC is always a challenge. One crowd-pleasing session at RSAC is The Cryptographers’ Panel. This year saw moderator Zulfikar Ramzan join with cryptographers Whitfield Diffie, Arvind Narayanan, and Tal Rabin along with two of RSA’s founders, Ronald Rivest and Adi Shamir. These well-known mathematicians and scientists covered a wide range of issues from ethics to privacy to the human role in cybersecurity. RSAC has now posted the keynote presentations online.
4. MSP involvement at RSAC is on the upswing.
Managed IT service providers’ attendance at RSAC has continued to grow in recent years. With an estimated 70% of all high-tech sales going through a channel partner of some type (MSP or VAR), it’s the perfect timing for increased participation in RSAC’s knowledge transfer, personal development, and solutions development. Netsurion, as a Master MSSP, is focused on arming and equipping IT service providers and resellers with the means to provide managed security services.
5. Cybersecurity staffing challenges require a realistic approach.
With 3.5 million open cybersecurity positions, one approach to overcome the staff and skills shortage is to (A) prioritize efforts and projects, (B) weigh which projects could and should be performed internally versus with a managed security service provider, and (C) be realistic about risk management. We often hear from enterprises that purchased a SIEM software that the departure of their primary SIEM admin has left them understaffed to navigate the SIEM for threat detection and analytics. If you are experiencing this scenario, you are not alone. SOC-as-a-Service can augment your skills and enable your team to work on other initiatives they are best suited for. Look beyond the buzz at RSAC to Managed Security Service Providers (MSSPs) such as Netsurion with a proven track record and customer successes of managed SIEM organizations with 24/7/365 capabilities. On a different note, it was encouraging to meet the students who attended RSAC’s College Day and used the opportunity to advance their cybersecurity skills.
While it’s easy to focus on the risk caused by humans, RSA Conference 2020 also left us feeling upbeat about the future and our collective role in protecting customers, employees, and data. Public-private partnerships, threat intelligence sharing, managed services to augment staff and skill shortages, and cyber preparedness are all crucial to rebound from the inevitable data breach. It’s not about the myth of perfect protection, but the reality of rapid detection and thorough remediation. Whether you attended RSA Conference 2020 in person or are committed to ongoing personal development and staying on top of new threats, solutions, and proven practices, we can all learn from each other and collaborate for a more cyber resilient world. If we didn’t connect at RSA Conference 2020, we invite you to check out an upcoming EventTracker solution demo that will also include how we leverage MITRE ATT&CK integration to further improve your threat detection and response time.