Top Five Observations From RSA Conference 2023

After three days, 34,219 steps, numerous interesting conversations, and attending various demos and theater sessions, I’ve gathered five key takeaways from last week’s RSA Conference (RSAC). 

Historically, the RSA Conference has been one of my go-to events for insights into key themes, initiatives, partnering, and networking opportunities — it’s the best place to meet old connections and form new ones. This year was no exception. With more than 40,000 security professionals in attendance and many following online, the event seems to have returned to its pre-pandemic level of attendance. 

In this post, I’ll share a summary of my top five observations from RSA Conference 2023.

In this article:

1. Unified approach
2. The shift away from autonomous SOCs
3. XDR takes a backseat
4. AI and ChatGPT
5. Waning interest in legacy offerings

Unified approach

Many security vendors are taking a unified and integrated approach to their offerings and talking about it in their pitches. This was achieved either by acquiring different products or building out their portfolios. A few vendors highlighted cloud-delivered data lakes, and interoperability within the ecosystem was emphasized. Unification is something we hear our customers and prospects asking about. While we see a lot of energy here, we wonder how much unity there really is. Are these loose partner integrations, weak technical integrations, or integration in name only and driven by a shiny UI? There was a lot of noise. We hope it’s real, but we still see a vast majority of offerings that lack the unification that customers are asking for. When I spent time at the Exabeam booth and interacted with our customers, the feedback was consistent. They were already seeing the benefits of New-Scale SIEM^TM and the unified offerings we introduced in Oct. 2022.

The shift away from autonomous SOCs

Last year’s RSAC featured several vendors pushing the message that their products would lead to autonomous and completely automated security operations centers (SOCs) and that they have built products that fully automate tasks. It seems this vision and message was far from reality, and this year saw a noticeable shift away from that message. My take on this topic is that while automating many of the manual processes and tasks within the SOC is feasible, human involvement remains a necessity. 

XDR takes a backseat

Unlike last year’s conference, few vendors placed XDR front and center in their products and messaging. While the promise of XDR seems to best fit as an extension of EDR, it hasn’t risen as the killer app to replace a security information and event management (SIEM) platform. Without a commonly accepted definition or direction for XDR, many vendors opted to focus on their core offerings when discussing their products. The Exabeam approach of Open XDR and leading the XDR charter was seen as an important step in the right direction by our customers and technology partners.

AI and ChatGPT

Despite expecting a lot of buzz around ChatGPT and AI embedded in product offerings and messaging, many vendors acknowledged the long road ahead to integrate AI into SOC workflows. This begins with embedding machine learning and algorithms to identify variances, which could help automate repetitive tasks and address the cybersecurity talent gap. A few vendors talked about AI-powered security solutions for threat detection, investigation, and response (TDIR), as well as identity and access management (IAM) — there’s nothing new in that. Most of the AI and ChatGPT talk was limited to marketing messaging; most vendors did not demo any products incorporating ChatGPT. Concerns over privacy and the fact that ChatGPT has produced incorrect data based on unreliable crowdsourcing is probably a reason why vendors are cautious. We can expect more chatter around this topic in the coming years.

Waning interest in legacy offerings

Some of the more established security vendors I visited seemed stuck, and failed to capture attendees’ attention due to a lack of innovation and difficulty keeping up with changing market requirements and customers’ evolving needs. Some vendors claimed their platforms were unified and integrated, but demos often revealed incomplete integrations from multiple acquisitions. High costs to manage and diminishing value from these products left end users we spoke with seeking alternatives that: 

• Are cloud-native
• Are easy to manage
• Don’t require experts to do basic tasks
• Leverage user and entity behavior analytics (UEBA) to baseline normal user behavior
• Are cost effective

Specifically, the growing complexity of the threat landscape and the slow adoption of innovation and cooperation with other security vendors put pressure on security teams to keep up. 

Final thoughts

A common realization among attendees we spoke to was the importance of detecting insider threats and compromised credentials for effective threat response. Exabeam has been highlighting the importance of compromised credentials since our first product release.

Security professionals I spoke with were frustrated with the limitation and user experience of legacy SIEM offerings. Many of them were excited about New-Scale SIEM, which helps them get cloud-scale security log management, offers powerful behavioral analytics that distinguish between normal and abnormal behavior, and automates the TDIR workflow to close the SIEM effectiveness gap in a cost-effective manner.

Till next year’s RSAC!

Learn more

A CISO’s Guide to Adversary Alignment

“Are we secure?”

Executives and board members always want the answer to be “yes,” but CISOs know it’s irresponsible to make such a blanket statement. An adversary could be any potential threat — whether external or internal, intentional or unintentional. So, the question CISOs should be answering is: “Are we adversary aligned?” 

Adversary alignment is the ability to understand your organization’s visibility and capability gaps to detect threats across the entire cyberattack lifecycle. The adversary-aligned CISO has the power to profoundly shift their organization to create a culture of risk awareness, empowerment, and communication, where security leaders and teams can speak candidly about the security capabilities the organization has — and the capabilities that it lacks — and confidently hold senior decision-makers to account.

Download this white paper to learn how your people, processes and tools can be adversary-aligned, and the benefits of doing so.