AI, cybersecurity investments and identity take center stage at RSA 2024

It was truly a good use of time attending the 33rd RSA Conference in San Francisco, along with over 40,000 attendees, networking with the leading minds in the cybersecurity industry. For many, this spring’s RSA show was an energized, optimistic experience, similar to the pre-pandemic years of 2017-2019. There was a definite buzz about cybersecurity investments and M&A picking up steam, AI-based defense and AI-delivered industry models, and overall product innovation. Above all, there was a palpable focus on what it will take to make organizations combat-ready for the next waves of cybercrime and how best to manage it all.

Cybersecurity is a strategic battle, and a successful outcome depends on having the right knowledge and tools to stay ahead of attackers. RSA provided strategies and tools for security experts to help defend their networks, with over 600 exhibitors and countless sessions displaying plenty of both.

The CISOs I spoke with are looking to secure the deployment and use of AI within the enterprise, automate their Security Operations Center (SOC), and understand the pressing new challenges related to identity management. These and more were all part of the thought-provoking meetings and conversations I had at RSA.

A rise in VC funding

VC funding for cybersecurity startups, especially those utilizing AI/ML, grew again in the first quarter of 2024. Crunchbase numbers show cybersecurity startups raised nearly $2.7 billion in 154 deals in Q1. Cybersecurity firm Wiz announced at RSA another $1 billion round to give it an astounding $12 billion valuation. That news helped contribute to an industry-wide excitement echoed in my meetings with bankers, corporate development execs, enterprise customers, and growth-stage private equity teams about market demand, funding, and M&A activity as well.

Enterprises are investing significant budget dollars in AI startups focused on threat detection, identity verification and management, cloud/data security, and deception security. As cyber threats continue to grow, investment is pouring into next-gen AI defensive security solutions.

Increased AI attacks

AI adoption in the enterprise is driving a wave to protect the AI models and the data they are training. CISOs are worried about data contamination, data leakage, and who is attacking or stealing the models. This is a primary concern, and there’s a wide range of companies, both established and startups creating a firewall or defenses around AI models.

Worries about AI-based attacks are also driving increased security adoption in organizations. In one presentation, an Akamai senior vice president noted that his company had seen a 48% increase in web attacks over the previous year, with nearly 30% targeting organizations’ APIs.

While organizations increasingly use AI and machine learning to detect and prevent cyber threats in real-time, cyber thieves use combative AI tools to create deepfakes, copy user access passwords, and use other fraudulent tactics to bypass security measures. Several discussions focused on the need for CISOs, CTOs, and CIOs to adopt AI-driven cybersecurity solutions or risk being outmaneuvered by cyber criminals who are already using these tech tools to launch attacks, which echoed the focus of my last column, The AI cat and mouse game has begun.

Another area of focus was the SOC. AI-based assaults are expected to drive a higher frequency of attacks. Given that attacks will be on the rise and AI will make it easier to do more sophisticated attacks, the professionals inside an enterprise security operations center will be inundated with alerts. How do you filter through that in an automated and cost-effective way, especially since talent is scarce? SOC incident automation, analysis, and response are a hugely promising and necessary area ripe for innovation.

Focus on identity management

Identity management emerged as a predominant theme, underscoring ongoing challenges within the security industry following incidents like the Okta breach and recent vulnerabilities in password reset MFA. Clearly, there are innovations still left to be done within the identity market.

AI identity solutions designed to combat AI-generated deepfakes and structure user access management piqued attendees’ interest. These solutions significantly enhance organizations’ identity management frameworks by analyzing biometric data (face, voice, etc.) for far more accurate verification, and CISOs are keen to understand and implement this. Another area CISOs were interested in was managing the identities of third-party vendor relationships, which have seen a great number of cyber-attacks in recent months.

AI efficiency key in battling cybersecurity threats

The range of exhibitors and panel sessions at the RSA conference provided insight into the innovation happening across the board and how AI and machine learning are being used more widely to detect and prevent cyber threats. Generative AI is increasingly being implemented by vendors to comply with the requirements and demands of top-line enterprises. The emergence of ‘all-in-one’ cybersecurity platforms suggests a promising trend that could greatly help CISOs in the coming years.

Efficiency was a word used more than once to describe how AI algorithms can analyze massive data streams to identify patterns and system behavior, allowing CISOs to anticipate an imminent attack.

Final thoughts

To sum up RSA, buyer signals are clear that security is still, and maybe more so, where enterprises are driving budget dollars. The need for AI and the worries about AI requiring the next generation of defenses are steadily driving increased adoption. Cybersecurity is an area that’s getting funded; there’s money being put into both venture investing and M&A. All of these takeaways made for a more exciting RSA than we’ve seen in several years. The industry has renewed confidence, and many innovative AI cybersecurity solutions are ready to battle today’s increased security challenges. For CISOs, the messages were clear. Prioritize security across every aspect, encompassing data protection, AI model security, and, crucially, identity safeguarding. A breach in identity could render all other defenses futile. Embrace automation within your security operations centers and introduce novel barriers to thwart cyber adversaries, fortifying your enterprise’s resilience against evolving threats.