MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

By Byron V. Acohido

The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen.

Related: Demystifying ‘DSPM’

This was my nineteenth RSAC. I attended my first one in 2004, while covering Microsoft for USA TODAY. It certainly was terrific to see the cybersecurity industry’s premier trade event fully restored to its pre-Covid grandeur at San Francisco’s Moscone Center last week.

Rising from the din of 625 vendors, 700 speakers and 26,000 attendees came the clarion call for a new tier of overlapping, interoperable, highly automated security platforms needed to carry us forward.

Defense-in-depth remains a mantra — but implemented much differently than the defense-in- depth strategies of the first decade and a half of this century. Machine learning, automation and interoperability must take over and several new security layers must coalesce and interweave to protect the edge.

Getting a grip on identities

To keep the momentum going, business rivals and regulators are going to have to find meaningful ways to co-ordinate and cooperate at an unprecedented level. Here are four evolving themes reverberating from RSAC 2023 that struck me:

Password enabled access will endure for the foreseeable future. Multi-factor authentication (MFA) has raised the bar, but MFA alone is not enough to slow, much less stop, moderately-skilled bad actors.

New security platforms that can set cloud configurations wisely, automate detection and response and manage vulnerabilities continuously are needed to form the front line of defense.

Consolidating cloud postures

One nascent approach that shows promise:  cloud native application protection platform (CNAPP.)

For a drill down on how the CNAPP space is rapidly evolving, stay tuned for my upcoming RSA Fireside Chat podcasts with a couple of vendors on the leading edge. I had enlightening discussions with Elias Terman and Sudarsan Kannan, of Uptycs, and Markus Strauss and Michiel De Lepper of Runecast.

Identities – or to put it more precisely, user access management — is a fundamental weakness that must be shored up. This is where advanced identity and access management (IAM) tools and practices comes into play.

I spoke at length with  Ravi Srivatsav and Venkat Thummisi of  InsideOut Defense, and separately with  Venkat Raghavan, founder and CEO of Stack Identity, all about reconstituting IAM. My Fireside Chat podcasts to come will get into their insights about reducing the risk of access manipulation by continuously and comprehensively monitoring access patterns.

I also had quick meetings with  Bernard Harguindeguy and Baber Amin, senior execs at Veridium ID, on the latest advances in passwordless authentication and I got the back story about a brand new smart ring (yes, of the Tolkien variety) introduced at the conference by security start-up Token. I spoke with Token CEO John Gunn and his  engineering VP Evan K. about the role of advanced wearable authentication devices, going forward.

Operationalizing threat intel

Collecting and using good threat intelligence has always been important — and never been easy to do well. Two impromptu meetings I had touched on this.

I spoke with Rohan Spledewinde of security start-up CTM360 – which crawls the public Internet for each and every reference to a company’s IP addresses, and uses graph database technology to present useful correlations; and I also had another very lively discussion with Snehal Antani, CEO of Horizon3 about the value of continuous, well-informed penetration testing.

Leveraging threat intelligence at the platform level, of course, remains vital, as well. The trick in today’s operating environment is how to do this well with cloud migration accelerating.

There’s a danger of leaving legacy on-premises systems twisting in the wind. And that’s why emerging frameworks like Secure Services Edge (SSE) and Zero Trust Network Access (ZTNA) got a lot of attention at RSAC 2023, and deservedly so.

In the weeks ahead, be on alert for my deep-dive podcast discussions, with vendors that are shaping the security platforms of the near future. The perspectives I heard from two leading vendors in the security platform space were very similar.

I spoke at length to WithSecure CEO Juhani Hintikka and CTO Tim Orchard; this is the recent rebrand of F-Secure, a longstanding, widely respected cybersecurity systems vendor from Finland.

And I had a deep dive discussion with Cyware’s Willy Leichter and Neal Dennis. While WithSecure is approaching the task at hand from a slightly different angle than Cyware, both rely on interoperability of multiple systems, i.e. ‘stronger together.’

Our smartphone symbiosis

If you’re like me, you’ll lose track of where you last set down your room key, wallet or coat before you misplace your smartphone.

Our mobile devices, and the mobile apps on them, have become our digital appendages. We feel lost without them. And thus they are destined to endure as our primary user interface.

Yet the security of mobile apps hasn’t advanced much in the past 10 years; bad actors don’t really have to work all that hard, or expend much resources, to exploit how we’ve come to use mobile apps.

I spoke with two vendors that are introducing promising innovation to that addresses this. Verimatrix CEO Asaf Ashkenazi described for me how his company is leveraging technologies perfected by the entertainment industry to protect mobile apps.

And Approov CEO Ted Miracco told me how his company’s solution borrows from design principles used to lock down semiconductors.

It’s easier than ever for malicious hackers to get deep access, steal data, spread ransomware, disrupt infrastructure and attain long run unauthorized access. What I saw and heard at RSAC 2023 leaves me encouraged, more so than ever before, that this widening of the security gap will be slowed — and ultimately reversed. I’ll keep watch and keep reporting


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone