RSA Conference 2024 brought together industry experts, practitioners, and policymakers to discuss the latest trends and challenges in cybersecurity. We showcased our commitment to CISA's Secure by Design, explored the potential of AI in risk management, and emphasized the significance of global collaboration. Here are some highlights from our time at RSA Conference, providing insights into the discussions and announcements that shape the future of cybersecurity.
Major pledge to a future that's Secure by Design
A significant development emerged at the conference with the Cybersecurity and Infrastructure Security Agency's (CISA) announcement of a major pledge around Secure by Design. This initiative brought together 68 leading technology firms, including Microsoft, Google, IBM, and many others, to build better security into their products in the next year.
"CISA's Secure by Design pledge is a strong, pragmatic step forward in its commitment to work with the industry to materially reduce exploitable flaws in products our citizens' use," remarked Veracode co-founder and CTO, Chris Wysopal.
"Secure by Design is an important and game-changing cybersecurity standard for the whole network connected world. Veracode is proud to be among the leading companies making its pledge today and continuing its commitment to raising the bar on cybersecurity by working closely with the government and industry partners to promote widespread adoption of Secure by Design principles."
CISA Director, Jen Easterly, aptly summarized the significance of this pledge, stating, "More secure software is our best hope to protect against the seemingly never-ending scourge of cyberattacks facing our nation."
AI and managing app risk at scale
For another year at RSAC, AI held the spotlight. Artificial intelligence (AI) has emerged as a game-changer in the realm of cybersecurity, enabling organizations to manage risk at an unprecedented scale. AI provides the necessary tools and techniques to analyze vast amounts of data, identify patterns, and predict potential vulnerabilities.
However, AI also presents its own set of challenges, as Wysopal shared with BankInfoSecurity in an interview at the conference, The Crossroads of AI and Application Security. While Generative AI is being used to create code faster than ever, we run the risk of vulnerabilities being created faster than ever, too.
This raises the crucial question of how to effectively manage app risk at scale in the age of AI. To keep pace with rapid code creation, teams need a solution that empowers developers to write secure code with AI-powered remediation guidance in the environment where they work.
Veracode provides real-time feedback and suggests fixes right in the Integrated Development Environment (IDE), enabling developers to identify and address security issues early in the development process. Leveraging a curated set of reference patches from our security research team, this proactive approach significantly reduces the risk of policy-violating vulnerabilities making their way into production.
Cloud security and reducing the most risk with the least effort
One of the key challenges in cloud security is the sheer volume of data that needs to be processed and analyzed. Even if you're fixing vulnerabilities in the IDE, how are you analyzing, verifying, and reporting on it when there are so many different languages, features, branches, dependencies, etc.?
This is where Veracode's acquisition of Longbow Security became the topic of many conversations during RSAC. In an interview at the conference, Veracode CEO, Brian Roche, shared: "The Longbow Security acquisition was one that was born out of many conversations with both prospects and customers, which is: everyone in the AST space leaves a question unanswered, 'Are we good or not? Do we understand the security risk we have or not?'"
This strategic move paves the way for organizations to effectively reduce the most significant risks while minimizing the effort required. Merging Veracode and Longbow Security's strengths creates a comprehensive app risk management platform, covering both source code and cloud environments.
The importance of global collaboration at RSAC
RSAC is a global platform for sharing knowledge, insights, and best practices in cybersecurity. The conference fosters collaboration and cooperation among industry professionals from around the world. The conference lets attendees discuss and partner to protect against cyber threats and boost global cybersecurity.
We especially enjoyed getting to share meals, games, and good conversations with our customers and new acquaintances from across the globe at an array of events and at the booth. I invite you to check out our LinkedIn for photos.
Coming together to help you and your team
Many of our participants, both at RSAC and other gatherings worldwide, are experienced security professionals who also work in the field and understand the challenges your team encounters daily.
We believe that by working together as a team, we can help you and your team achieve your security goals. An event like this is exemplary of all the go-to-market functions coming together. It really takes a whole village to bring the caliber of experience we hold ourselves to.
We know there's no cybersecurity silver bullet, but we do believe in delivering elite, security-first innovation with transparency. Please reach out to me on LinkedIn with any favorite memories or feedback on these events, or schedule a demo to see our solution in action.