Artificial intelligence may have grabbed a disproportionate share of headlines this week during the annual RSA Conference in San Francisco, but another strong theme emerged—the need for collaboration in fighting cyber threats.
In that spirit, nearly 70 companies joined a U.S. Cybersecurity and Infrastructure Agency (CISA) initiative to make products that are more secure, both for customers and the service companies that deliver and manage them. Many of the IT industry’s biggest names, including Microsoft, AWS, Cisco, and Google, signed CISA’s “Secure by Design” pledge.
“This is a call to action for the technology community at large to raise their standards when it comes to the security of their customers by not only shipping more secure code but also making the secure choice the easy choice,” said Chester Wisniewski, director, field CTO, at security vendor Sophos, one of the pledge signatories.
To beat back cybercriminals, Wisniewski said, the private and public sectors need to collaborate on a global level. By signing the pledge, companies agree to measures such as increasing the use of multifactor authentication, reducing default passwords in their products, and making it easier to gather evidence of cybersecurity intrusions.
A Formidable Community
Hugh Thompson, executive chairman of this year’s RSA Conference, spoke during a keynote address about the need for a collective approach to building defenses. With technology developments occurring at a rapid pace, Thompson stressed that the cybersecurity community needs to share strategies, threat intelligence, and best practices to protect digital ecosystems.
“We are formidable as a community,” he said.
U.S. Secretary of State Antony Blinken, who also delivered a keynote at the event, spoke about collaborative efforts to enhance cybersecurity and fight cybercrime. He said the government has a cyber strategy to engage partners, allies, and stakeholders across the globe “to shape the design, development, governance, and use of cyberspace and digital technologies.”
Earlier this week, the Biden-Harris Administration released Version 2 of the National Cybersecurity Strategy Implementation Plan.
“We are rallying coalitions of governments, businesses, and civil society to shape the digital revolution at every level of the technology stack, from building subsea cables and telecommunication networks, to deploying cloud services and trustworthy artificial intelligence, to promoting rights-respecting data governance and norms of responsible state behavior,” Blinken said.
AI In The Spotlight
Besides the need for cyber collaboration, the conference delivered a slew of AI-related security news. Each day brought a stream of announcements about AI-powered solutions and offerings.
But there was also a word of caution in the form of a study by IBM and AWS. In the study, focused on securing generative AI, 82% of C-suite respondents said secure and trustworthy AI is essential to businesses success, but 69% of respondents admitted they prioritize innovation over security. In addition, the survey found that less than 25% of current gen-AI projects are being secured.
AI-related product announcements included one from Microsoft about new security capabilities in Microsoft Defender and Microsoft Purview to secure and govern generative AI applications and data. The capabilities provide “end-to-end AI security posture management, threat protection, data security, and governance for AI.”
Egnyte, a cloud content security and governance vendor, introduced an integration giving customers better control of their cloud content. Organizations can use it to get insights and drive actions from labels generated by an AI-powered classification engine compatible with Microsoft Purview Sensitivity labels.
CrowdStrike launched CrowdStrike Falcon for Defender, a tool designed to stop attacks that bypass Microsoft Defender. The solution delivers threat hunting and elevates the security posture of endpoints running Microsoft Defender, the company said.
Cybersecurity and compliance vendor Proofpoint introduced enhanced core email security packages providing end-to-end protection across the entire email delivery chain. The offering combines new pre-delivery, click-time, and post-delivery detections, including AI-based post-delivery defense to threats such as “lateral internal phishing and advanced email fraud.”
Another new offering came from Liongard, which introduced its Managed Attack Surface Solution for SMBs, midmarket, and enterprise clients. The solution combines the company’s Attack Surface Management platform with the expertise of its global managed IT service partner network, “providing comprehensive visibility, protection and resources against evolving cyber threats,” according to the company.
RIP Passwords?
Finally, RSA made some announcements of its own, including product enhancements to help organizations leave passwords behind and replace them with passwordless alternatives. Those include an RSA Authenticator App that will support device-bound FIDO (Fast Identity Online) passkeys, and a secure self-service credential recovery offering, which will allow users to pre-register a second FIDO authenticator or use synched passkeys without helpdesk support.
“The only obituary I ever want to read is the one that’s written for passwords,” said Jim Taylor, RSA chief product and technology officer.
Image: Courtesy of RSA Conference
