RSA 2023: The Year of Exposure Management
It is now just over a week since the end of RSA Conference 2023, the cybersecurity industry’s annual commiseration in San Francisco. Now that the jetlag has gone, it’s a chance to review the week, both from Noetic’s perspective, but also to consider some of the wider trends on show.
The first thing to say is that the conference seems back to its pre-COVID scale. The official post-show press release stated that the event had over 40,000 attendees, including 650+ speakers, 500+ exhibitors and 500+ members of the media. From a personal perspective, the show floor of the Moscone center felt as busy as it was in 2019.
The booths and hallways were crowded, and the evening party circuit was also back in full force as vendors, agencies and investors competed with a range of live acts and DJs at the different San Francisco nightspots. Noetic was delighted to sponsor the FOMO party, led by our partner and investor, SentinelOne.
Takeaways from RSA 2023
The current state of the cybersecurity industry
It is worth noting, however, that this year’s RSA reflected budget decisions made in 2022. The cybersecurity industry is certainly not immune to wider economic trends, and many vendors, both large and small, have announced layoffs in the months leading up to the show. Another prevailing aspect to the RSA conference were the discussions between venture capital firms, private equity, and cybersecurity leaders on the future of the industry, how best to drive innovation and ensure the right levels of investment.
A common theme in the discussion was the impact of the adverse financial climate, driving a more measured approach to CISO buying behaviors and venture investment, as can be seen in the drop in cybersecurity funding year on year. Cybersecurity companies need to show good financial discipline and a strong fundamentals to raise additional capital, which brings the industry more in line with other sectors.
The irresistible rise of artificial intelligence (AI)
If there was one trend to be seen across the show floor this year, it was the cyber industry’s embrace of AI across different use cases. Arguably the show came too soon for ChatGPT to have made a significant impact on product roadmaps, but the broader adoption of AI in mainstream cybersecurity tools was a consistent theme in keynotes and on vendor booths. Google Cloud and Mandiant made a significant announcement about their Security AI Workbench, which introduces a new, security-specific large language model (LLM) which leverages Mandiant’s threat intelligence. Cisco and RSA Security were among nearly a dozen large vendors to announce new capabilities in this area.
There was also the recognition that AI can be both a positive and negative force too, as attackers leverage tools to generate sophisticated phishing campaigns and create new malware using ChatGPT. Additionally, there is the risk of a company’s AI investments being ‘poisoned’ with purposely bad data, and a fellow Ten Eleven portfolio company, Hidden Layer, which was founded to safeguard AI assets, won this year’s Innovation Sandbox.
Exposure management goes mainstream
Over the past six months, we’ve discussed the need for security teams to evolve from a siloed approach to attack surface management to a wider, continuous threat exposure management (CTEM) strategy. This evolution of current vulnerability and attack surface management initiatives was one of the common themes at this year’s RSA conference. We heard it from large, established security vendors such as Tenable and from industry analysts. Our Field CTO, Craig Roberts, also spoke on the topic at the Early-Stage Expo and we saw a consistent level of interest from security leaders throughout the week.
CISOs know that they need to think more broadly about how they tackle exposure management in their organizations. This is an area that is gaining broad traction well beyond RSAC 2023 as part of wider zero trust initiatives.
With another successful event to the books, the Noetic team is excited to build on those discussions with existing customers, prospects and partners. Moving forward, we expect to see broader adoption of exposure management, and CAASM as a foundational building block to this new approach.
See firsthand how Noetic is changing the exposure management and CAASM landscape by joining our upcoming live demonstration webinar here: https://noeticcyber.com/live-demo-caasm/.
About The Author(s)
