RSA Conference Last Look: From VC Investing to Cybersecurity CEOs
A snapshot look at the need to combat deepfake-fueled social engineering, the rise of a more grounded investment mindset, and the fight to find threats in wireless networks.
![RSA Conference 2024 in San Francisco. RSA Conference 2024 in San Francisco.](https://eu-images.contentstack.com/v3/assets/blt69509c9116440be8/blt628bf50484b687ac/6647e1fc6e488f4f464ccf49/RSAC2024SANSpanel1-JPRUTH.jpg?width=700&auto=webp&quality=80&disable=upscale)
RSA Conference 2024 in San Francisco.Photo by Joao-Pierre S. Ruth
A panel moderated by Dave DeWalt, CEO of NightDragon, included thoughts from panelists Mark Hatfield, partner with Ten Eleven Ventures; Yoav Leitersdorf, managing partner with YL Ventures; Chenxi Wang, general partner with Rain Capital; and Nadav Zafrir, managing partner with Team8.
“The group you’re about to meet has deployed billions of dollars of capital in cyber and has had billions of dollars of outcome in the world of cyber as well,” said DeWalt as he introduced the panel.
Cybersecurity investments cooled last year after seeing a peak in 2022, he said. “When we say a down year, it was down 30% roughly from an all-time high of $242 billion in a single year in 2022,” De Walt said, with 2023 seeing about $170 billing in investments.
Growth and later stage rounds felt the pinch of the pullback while early stage and seed rounds were up, he said. “About 42% of all the deals done were early seed stage in 2023.” In prior years, significant late-stage investment rounds, sometimes to the tune of $500 million to $1 billion, were seen, De Walt said.
The reduction in investments in 2023 may have been more of a tempering of the market than a drastic fall, according to Zafrir. “We started the year on the heels of 2021-2022, where valuations were just going crazy,” he said. During such frothy times, founders could land significant backing with relative ease, according to Zafrir. “In some ways, I think what happened in 2023 is a good thing for the industry. I think that we got a little bit more grounded, a little bit more humble.” Companies need to have a product and a business plan, he said. Aspirations of things to come would not suffice.
The surge of bad actors, potentially backed by nation states, De Walt said, has brought geopolitical conflict to the enterprise sector with some of the most significant breaches and disruptions ever seen.
Hatfield said narrative attacks are not something that is really talked about from the enterprise’s perspective, but the threat is present. “Think of disinformation and the use of that and everything is so digital, everyone’s on the phone walking around,” he said. “The ability for bad actors to actually impact organizations, just leveraging the social media platforms -- disinformation has become, especially within the US with an election coming, some of the ramifications … narrative attacks are something that is not talked a lot about, but the impacts are massive.”
Nokia talked up its GenAI assistant in the NetGuard Cybersecurity Dome at the conference, highlighting its telco-specific knowledge. Rodrigo Brito, head of cybersecurity for Nokia’s cloud and network services, spoke one-on-one with InformationWeek about his company’s security portfolio to service public and private wireless telco networks, which he said can require different types of defenses than IT networks.
He said Nokia’s security product takes data from multiple sources, such as telemetry from network elements, to display where problems happen, including attacks to eavesdrop on information, attempts to compromise the network, or the insertion of a Trojan horse to do damage later.
Brito said Nokia is leveraging GenAI as part of its security product, using the data gathered to train the model. “We use Microsoft OpenAI, ChatGPT-4 as a base,” he said. “Then we augment the data that the model has.” That additional information includes telecom standards, regulatory standards, security, and Nokia’s own use cases,” Brito said. “Imagine ChatGPT, but with specific telco security knowledge.”
Dynamic augmentation of the data includes information from incidents, he said. “When an incident comes up on the solution, the LLM model becomes aware of that incident.” That allows the LLM to chat with engineers about specific incidents, Brito said.
Robert Boyce, global cyber resilience lead at Accenture, sat down with InformationWeek to discuss some of the more recent implications companies and their CISOs face from elevated threats. One of the biggest disinformation issues affecting companies, he said, is disinformation with deepfakes, with threat actors using that for malicious financial gain and other attacks. This includes deepfakes used in video meetings to trick staffers to send them large sums of money.
“We have seen very, very targeted activity in that space using that type of AI technology,” Boyce said. “If we think about how threat actors are using AI in general, that’s really the primary use case. It’s really still around social engineering, or disinformation, or deepfakes.” The proliferation of such technology has made it simpler and less expensive to pull off such attacks. “It’s terrifying how easy it’s become,” he said.
Deepfakes have also been deployed in ransomware schemes, Boyce said, with threats of posting false images and other bogus media to cast companies, or executives, in negative light if they do not pay. There has also been targeted harassment via deepfakes, he said. Tweaking social engineering lessons cybersecurity training for the GenAI world should be a top priority for companies, according to Boyce. “The efficacy of the attacks are becoming so good now, with the deepfakes and the GenAI, it’s very hard to distinguish.”
A recurring feature of the conference is the SANS Institute’s latest list of dangerous cyber threats to watch out for.
For example, Heather Mahalik Barnhart, DFIR curriculum lead at SANS Institute, said many people know someone who has been targeted with sextortion, which could include the release of images they did not want revealed in order to terrorize them or out of revenge. “It is on a growing trend,” she said.
Barnhart pointed out the AI-generated deepfakes of singer Taylor Swift that circulated earlier this year, which elevated public awareness of this type of threat. “When that happened, it blew up and everyone became aware they could do this, but people also realized it could happen to anyone,” Barnhart said.
She was part of a SANS Institute panel that included Terrence Williams certified instructor; Stepehen Sims, offensive operations curriculum lead; Johannes Ullrich, dean of research at SANS Technology Institute; and Ed Skoudis, president of the SANS Technology Institute.
This year’s rundown included:
The security impact of technical debt that companies accrue over the years, and the vulnerabilities that arise with old code that fewer and fewer developers understand.
How to establish identity online in the current environment with fake videos and audio proliferating.
Sextortion -- The extortion of money, or sexual favors, under the threat of the victim’s intimate behavior or activities would be publicized.
Fragility of trust in the digital age, where deepfakes and other AI-generated sources of disinformation spread quickly, especially in a critical election year.
AI as a force multiplier in offensive capabilities for vulnerability discovery, reverse engineering, automated red teams for digital intrusion, and other tricks to aid hackers.
During his keynote presentation on the final day of the conference, Crowdstrike CEO George Kurtz told the RSA Conference audience that the frequency and speed of attacks is forcing change throughout the cybersecurity industry. “I really like speed, and I like going fast. The problem is that in today’s environment the legacy SIEM (security information and event management) has a hard time keeping up with the atmosphere where it takes two minutes and 31 seconds to get malware installed.”
He said the next generation of SIEM will need to be integrated directly with the security platform to allow for faster security responses. AI systems will need to evolve as well, along with compliance reporting.
Splunk CEO Gary Steele talked about the future of observability giant Splunk after its $28 billion acquisition by Cisco. What the crowd couldn’t have known was that Steele would only a few days later be tapped to join Cisco as president of the company’s go-to-market.
The Splunk executive team will still report to Steele, according to an announcement by Cisco.
During his RSA Conference 2024 talk, Steele talked about the future of SOC (security operations center) monitoring as technology shifts towards more toward automation and artificial intelligence.
“We think AI is integral in how people work,” Steele said. “But you need a human in the loop. We don’t think that organizations are just going to let AI just randomly take users offline and reconfigure networks … But we do believe that AI can be particularly instrumental in driving productivity for analysts in the SOC, getting insights across security applications where that’s really hard today.”
Splunk CEO Gary Steele talked about the future of observability giant Splunk after its $28 billion acquisition by Cisco. What the crowd couldn’t have known was that Steele would only a few days later be tapped to join Cisco as president of the company’s go-to-market.
The Splunk executive team will still report to Steele, according to an announcement by Cisco.
During his RSA Conference 2024 talk, Steele talked about the future of SOC (security operations center) monitoring as technology shifts towards more toward automation and artificial intelligence.
“We think AI is integral in how people work,” Steele said. “But you need a human in the loop. We don’t think that organizations are just going to let AI just randomly take users offline and reconfigure networks … But we do believe that AI can be particularly instrumental in driving productivity for analysts in the SOC, getting insights across security applications where that’s really hard today.”
The breadth of RSA Conference 2024 in San Francisco included a glimpse of venture capital plans in the space and the directions CEOs in cybersecurity want to aim their attention.
Across the industry, defenders have been confronted with a rise in geopolitical-driven attacks, concerted campaigns in disinformation, and finding the right balance to work with AI -- sometimes against AI.
This year’s conference saw numerous celebrity and government players make appearances, as InformationWeek previously reported. In addition to those high-profile keynotes, there was plenty more to discuss about cybersecurity’s current trends and where the sector may need to focus its attention next.
The slideshow that follows includes a gamut of one-on-one meetings, panel discussions, and keynotes that InformationWeek covered during the conference.
About the Author(s)
You May Also Like