Blog Post

3 Cybersecurity Takeaways from RSA Conference 2019

Like most of the cybersecurity industry, the Awake team was on the ground at RSA Conference last month discussing the latest security trends, threats and solutions. During the show, we surveyed pros who visited the Awake booth to learn more about the issues they’re currently facing. Here are some of the key takeaways uncovered by our survey:

TAKEAWAY #1: Threats are hiding in plain sight

When we asked RSAC attendees to identify what attack stage(s) their organization struggles to detect the most, 33 percent indicated “data exfiltration” while a close 31 percent cited “lateral movement.”

Lateral movement is a means to an end; a technique used to identify, gain access to and exfiltrate sensitive data, so it’s no surprise we see both the technique and the end result (exfiltrated data) ranking among top concerns. If the attacker is able to secure insider privileges (or is a malicious insider to begin with), lateral movement and data exfiltration activities can be especially difficult to detect, as it can appear as “normal” network traffic.

Threats blending in with business-justified traffic is a major trend we’re seeing across the board. In addition, research indicates that 70 percent of attacks will use encryption in 2019. This means analysts are ill-prepared to identify and stop attacks if they are not actively hunting for threats hidden in “normal” traffic.

Unfortunately, many security pros don’t have the skills or time to differentiate, or are overwhelmed by a flurry of alerts. This leads nicely into our next takeaway…

TAKEAWAY #2: Analysts want actionable incidents rather than meaningless alerts

When we asked RSAC attendees which part of the alert investigation and response process takes the most effort, the most popular answer was “correlating all the stages of the attack from initial compromise to data exfiltration,” cited by 22 percent of respondents.

We aren’t surprised that correlating alerts creates a headache for 1 in 5 security pros, but what’s concerning is that the lack of correlation may mean it’s easier to ignore alerts than try to put together the pieces. In fact, the majority (54 percent) of respondents to an earlier Awake survey believe critical alerts sometimes go completely uninvestigated. Yikes.

This is something we aimed to address with our most recent update and launch of Ava – the world’s first privacy aware security expert system. Ava combines federated machine learning (ML) and open source intelligence to identify multi-stage attacks. By using Awake’s comprehensive knowledge of the network, Ava delivers triaged and actionable incidents rather than the often-meaningless alerts provided by traditional security solutions.

Oh, and speaking of machine learning…

TAKEAWAY #3: Industry split on AI

We asked RSAC attendees if they have, or would be, deterred from using AI-powered security tools because sensitive data needs to leave [their] organization to train the system. Survey says? The industry is split on AI, with 50 percent of respondents indicating they haven’t or wouldn’t be deterred from using AI-powered security tools.

Today you might be hard pressed to find a security company that doesn’t tout its AI prowess. Despite the proliferation of promises surrounding AI, security decision makers should avoid feeling tempted to implement an AI solution strictly because it’s the “latest and greatest.” Instead, CISOs and security teams should think critically about the gaps in their security posture that could benefit from specific AI techniques (correlated alerts are a great benefit of AI, for example, but we might be biased ).

RSA Conference offers great exposure to the innovations taking place within our industry – but also acts as reminder that we still have a lot of work to do. As we work together to improve cybersecurity for all, we must remember that the journey is not always going to be easy, and that persistence and commitment are critical to success.

About the Awake RSAC survey:

Responses gathered from 171 security professionals during RSA Conference 2019 between March 4-7, 2019.

Eric Poynton
Eric Poynton

Lead Network Threat Hunter