It probably comes as no surprise that the 2023 RSA conference was very heavy on AI.
Dozens of sessions focused on, or at least touched on, the intersection of AI and cybersecurity. The same was true for new products unveiled at the show. AI has reached almost a fever pitch this year, with vendors scrambling to highlight their AI-based features and tools.
With the explosion of ChatGPT, everybody wants to get in on the action. “We’re very much at the peak of the hype curve for LLMs [large language models] right now,” said Mark Ward, a senior research analyst with the Information Security Forum.
Andy Thurai, a vice president and principal analyst with Constellation Research, said that while AI took a few decades to reach its place of prominence, advances in other areas may have put it center stage today: unlimited capacity via the cloud, massive processing power with a virtually unlimited supply, and technologies like Snowflake and Databricks that enable developers to create secure data lakes that contain structured and unstructured data.
These advances, combined with the improvement of machine learning (ML) processing algorithms and neural networks, make this an opportune time to use AI to address cybersecurity threats, Thurai said.
Vendors Unveil AI-powered Tools
Here’s a roundup of several vendors that highlighted AI at the 2023 RSA Conference.
Armorblox launched a language-based threat protection product for email that incorporates ML, LLMs, and user behavior analysis to detect and prevent malicious emails, including graymail and recon attacks. More specifically, the system detects and classifies graymail like newsletters, marketing emails, and unwanted solicitations. It also monitors end-user preferences to automatically filter out future incoming graymail communications.
Cisco introduced an extended detection and response (XDR) offering that uses evidence-based automation, AI, and machine learning to simplify security operations across platforms and quickly detect advanced cyber threats. Cisco XDR correlates data from critical telemetry sources such as endpoints, networks, firewalls, email, identity, and DNS, as well as telemetry from other security vendors, to prioritize and remediate security incidents. The new offering will be integrated into Cisco’s Security Cloud, which is an AI-driven cross-domain security platform currently under development.
Abnormal Security rolled out three new AI-imbued capabilities to its email security platform. The first capability is email-like messaging security, which enables administrators to prevent malicious activity, monitor systems for messages containing suspicious URLs, and flag potential threats for further review. The second capability analyzes authentication activity in collaboration platforms like Slack, Teams, and Zoom, and alerts the team about suspicious sign-in events. The third capability is email-like security posture management, which identifies user privilege changes to ensure appropriate administrative rights.
Data protection vendor NextDLP enhanced its Reveal platform by adding ChatGPT visibility, policy templates, and adaptive controls. The policy templates educate employees on potential risks associated with ChatGPT by triggering alerts when employees interact with the chatbot. Another policy detects and alerts employees to the use of sensitive information in ChatGPT conversations. These enhancements aim to provide better data protection and security in the context of ChatGPT usage.
Cloud-based Security Tools and More
RSA Conference 2023 also saw a host of new cloud-based security tools, many with AI-based features.
Forcepoint announced two products. The first one, Data Security Everywhere, extends data loss protection (DLP) policies from endpoints to the cloud. This is achieved by adding Forcepoint ONE SSE channels to Forcepoint Enterprise DLP. Data Security Everywhere can also apply DLP policies across cloud access security brokers, secure web gateways, and zero-trust network access channels. The second product, Forcepoint ONE Insights, uses machine learning and AI to analyze security data from multiple sources, providing real-time insights into an organization’s security status.
Comcast launched its cloud-native DataBee fabric for security, risk, and continuous controls monitoring. The product aims to improve the operationalization and optimization of security data. The platform partners with Snowflake to ingest data from multiple feeds and then aggregates, compresses, standardizes, enriches, correlates, and normalizes the data before transferring it to a specified data lake.
Oak9 said Tython is the first open source security-as-code framework and SDK. Essentially, Tython’s goal is to use the infrastructure-as-code model for security as code, allowing security teams to build custom security reference architectures and design patterns as code.
Paladin Cloud rolled out a new SaaS cloud security platform to help organizations keep track of their cyber assets and security controls more effectively. The platform features real-time cyber asset inventory, agentless cloud monitoring and alerting capabilities, and third-party integrations, to reduce exposure to vulnerabilities and threats. The platform also offers continuous monitoring of multi-cloud environments, verifies that security controls are providing protection, implements SLAs to improve resolution times, and automates incident management.
Flashpoint unveiled Ignite, an intelligence platform that accelerates threat detection and cross-functional risk mitigation. The platform provides text, video, and image optical character recognition, as well as rule-based alerting, intelligent reports, and personalized dashboards.
Sevco Security released a cyber asset attack surface management (CAASM) platform that uses a four-dimensional cybersecurity asset intelligence correlation and intelligence engine. The CAASM platform can correlate device information from multiple security sources, aggregate all attributes and characteristics into a single asset, and show groups of assets in relation to their status or membership to a security or IT source.
Editor's note: A previous version of this story contained mention of a launch that was pulled by the vendor in the 11th hour. We regret this oversight.
About the author
Karen D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a broad range of technology topics for publications including CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek and Government Executive.
