RSA 2024 is a wrap. After multiple conversations with security leaders and partners on the show floor and during different sessions and happy hours, it’s time to look back and reflect on the biggest takeaways from the conference.
It shouldn’t be a surprise but AI was everywhere at RSA 2024. From securing Gen-AI capabilities and weaponized Gen-AI to leveraging AI-powered cybersecurity tools for pentest, detection and response, AI was ever-present on the show floor and in the sessions. However, there was no consensus yet regarding the net impact of AI on analysts and defenders. AI in everything was overwhelming and distracted from the true value of AI/LLM, which only a few vendors were able to demonstrate. Some vendors at RSA 2024 incited fear with the evolution of attacks with AI, while most promoted the possibility of positive impact from AI-powered tools.
Although AI will be prevalent in the cybersecurity industry, security leaders need to understand how AI can help secure their infrastructure and improve SOC efficiency.
Corelight believes that defenders can leverage AI-powered tools to analyze complex data sets and accelerate triage through AI-assisted SOC workflow improvements. Learn more about how Corelight uses AI here.
Industry leaders continue to promote their acquisitions and innovations like eBPF from Cisco, NG-SEIM from Crowdstrike, and new threat intel offerings from Google, etc. At the same time, as security functionality becomes standardized, consolidation of security capabilities is imminent. On average there are 50-75 tools in the SOC, which, together with the skills gap, continue to challenge SOCs in terms of visibility and coverage. However, as attacks and attack surfaces continue to evolve, opportunities arise for new solutions that solve specific security challenges.
For security leaders, understanding the risk across the infrastructure is critical to deploying the right solutions to secure the enterprise. A firewall may be appropriate for an enterprise private cloud whereas a cloud firewall may be sufficient for branch offices.
However, any new technology adoption needs to work seamlessly with existing infrastructure. Re-tooling and re-training the team is not a security strategy for most security leaders.
Corelight’s customers have leveraged network evidence seamlessly with existing infrastructure including EDRs, SIEMs, multi-cloud infrastructure, threat intel and vulnerability management tools. Learn more about Corelight’s Open NDR ecosystem and partnerships to see how Open NDR can drive more value for your existing security investments.
In recent years, Network Detection and Response (NDR) has evolved as a solution for analyzing network traffic, surpassing traditional Network Traffic Analysis (NTA) systems. Unlike older NTA systems that only set baselines for traffic, NDR systems employ a combination of signature-based, behavioral, and machine learning methodologies to scrutinize network data for signs of anomalous activities. Moreover, NDR solutions equip analysts with capabilities to react to security incidents, offering either built-in response mechanisms or compatibility with external security tools.
As workloads move to the edge and the cloud, it is becoming increasingly difficult to get the ground truth with just posture management, EDR and SIEM based SOC architecture. Agent based approaches don’t work to understand the extent of attacks (blast radius) or control traffic that masquerade as legitimate network traffic. Organizations who are looking for better context and understanding of new threat vectors, are realizing the need for quality data from NDR.
In a recent research by Enterprise Strategy Group, nearly half (45%) of security operations leaders believe that increased workload is their biggest threat detection and response challenge while nearly 70% leaders believe that right NDR can help improve SOC analyst efficiency.Read the study about how Open NDR can help.
If you’d like to learn more, reach out. We’d love to talk to you.