Goats on the Road: RSA 2023 Recap

Dr. Anton Chuvakin, a noted warrior/poet/security cybersecurity expert, sums up my thoughts about RSAC 2023 marketing messaging perfectly with this post on Twitter.

For those who are new to the vendor hall, the amount of just bad marketing can be overwhelming and confusing. . There’s only one chance to get your message across to your prospects, so make it short and sweet.

Anton’s guess of “zero click zero trust” is closer than you think to the truth. I saw one marketing message that mixed a data security message and the command line which seemed a little off in the world of cloud technology and infrastructure as code. I had no idea F1 race cars and cybersecurity were so closely related. Walk the vendor hall and you will see what I mean.

RSA can be bewildering with all the vendor messaging. It is hard to get a sense of the right directions and where you should invest your time and budget. What are the trends in cyber security? What ideas should you be considering for your company? So many security teams are looking for help so where do you start for advice?

Thankfully there are a range of reliable resources. Here’s a few:

• Start with the webcasts from the RSA Conference  team who provide a range of resources before the conference starts. Aside from the keynote speakers, I highly recommend the virtual fireside chats with noted experts who are frank and open about sharing their thoughts.
• Use the RSAC site to also figure out which sessions you want to watch in person. Plan your schedule in advance. One thing I really appreciate about the RSA sessions is the focus on ideas and community leaders and the absence of anything that smacks of sales or marketing.
• Reference other research and advisory resources like Forrester. I pay attention to some of their analysts like Heidi Shey and Allie Mellen.
• Check out social media for thoughts from Dr. Anton and Jake Williams. Find leaders who are experienced, operate independently, and are generally skeptical of everything.

Highlights of RSA 2023

CrowdStream

Crowdstrike just announced they are partnering with Cribl. With Cribl and Crowdstrike’s new partnership, getting data into Crowdstrike’s LogScale platform will be dramatically easier thanks to a custom version of Cribl’s Stream called Crowdstream. Crowdstream automates data in (GDI) tasks to LogScale. Getting value from LogScale will be a lot easier with this partnership, and admin teams will save lots of time as well. . CrowdStream will be available at no additional cost for the first 10GB of daily streaming data to new and existing Falcon platform customers. The announcement should accelerate adoption of Crowdstrike’s XDR and log management. This is exciting news! Hopefully Cribl will provide this capability with multiple telemetry and SIEM platforms to help customers get value faster from their investments in systems of analysis like LogScale.

Generative AI

Generative AI messaging was everywhere and I mean everywhere. You would think it will cure the common cold and solve all cyber security concerns in the next year. This is something to consider for the future, but please please don’t rush to adopt an LLM driven SOC and fire your SOC team. Task your most innovative thinkers to start to see where AI can help. Notable security influencer @ionstorm has some great threads on the Bird site about how he integrated ChatGPT with Crowdstrike’s LogScale searching tool to help with case management and data enrichment. I have seen other use cases around troubleshooting guidance and access to a phone-a-friend service when an analyst needs help. In every case, limited goals and expectations are required. AI is not ready to start replacing people, yet.

Cybersecurity Concerns

As a result of Russia’s invasion of Ukraine, government and public sector cyber security leaders are very concerned about cybersecurity. Ransomware and supply chain attacks are just a sample of the issues facing everyone. Getting cyber insurance is also a concern l. Companies have long relied on insurance to cover the costs of recovering from an incident, but those days may be over and insurance companies are going to start holding companies with poor security practices accountable by denying claims. In addition, I expect a slew of federal requirements and guidelines to be issued soon from the railroad safety board to disclosure requirements from the SEC. All will keep cybersecurity top of mind of enterprises.

Bottom Line

RSA is always worth the time and sore feet it takes to see everything. Look past the messy marketing and find the nuggets of good information and trends you want to keep your eye on. There are so many good sessions as well. Don’t pass up the opportunity to hear how other organizations are handling challenges. Good chance you have the same challenges and you might learn something. Talk to your peers at the happy hour and make connections for the future. Always keep learning!

I’d love to hear your feedback on your experience with RSAC 2023. What did you think about it? What was interesting and not so interesting? Connect with me on LinkedIn or join our community Slack, and let’s talk!