Hot Topics for RSAC 2018
RSAC 2018, one of the largest cybersecurity conference events in the world, is almost here. More than any other, this is the place where leading security companies, researchers, CISOs, and their staffs from across the globe come together to talk, learn, present, and speculate about all things cybersecurity.
Every year, at least some of the topics and new technologies presented at RSAC become the industry’s latest buzzwords and hype. For years to come, many of these hot topics will receive a great deal of attention from industry experts, buyers, investors, and of course cybercriminals.
What will the hot topics be at RSAC in 2018? What will strike a chord with this year’s 40 thousand attendees?
We asked three of the security industry’s leading authorities on cyberthreats what topics they thought would be hot at RSA this year. Fortunately for us, we didn’t have to go too far to speak with them as all three are co-founders here at Lastline: Christopher Kruegel, Ph.D., Co-founder, and CEO; Giovanni Vigna Ph.D., Co-founder and CTO; and Engin Kirda Ph.D., Co-Founder, and Chief Architect.
Collectively, here’s the list of hot topics these industry leaders said to watch for. Perhaps more important, their list of topics that ought to be front and center at the conference but probably won’t be.
Potential Hot Topics for RSAC 2018
- Blockchain. It’s with good reason that so many security experts say that blockchain may very well be the next big thing in cybersecurity. Blockchain technology dramatically disrupts conventional thinking and will in all probability significantly change our world. This relatively new phenomenon will certainly be getting a lot of attention at RSAC this year. Blockchain, by its very nature, is supposed to be secure, but cybercriminals will no-doubt find vulnerabilities. What additional layers of security might be needed?
- Cryptocurrencies and Crypto-Mining Malware. With the rapid rise of cryptocurrencies, it’s no wonder that cybercriminals are leveraging malware to attack this new lucrative eco-system. Since cryptomining doesn’t threaten IP, PII, or other sensitive data, the cybersecurity industry is at risk of underestimating the damage it can do. Will cryptomining malware be the new cybercrime in 2018? The security industry would benefit much if conference attendees will really dive into this topic and gain a deep understanding of how these technologies work and the risks they present.
- Ransomware. Given the numerous recent and widespread ransomware attacks, you can bet this will be a hot topic. Since security experts have a good understanding of how ransomware operates, RSAC attendees might ask presenters why this menace is still pervasive and what’s missing in typical defense mechanisms. Attendees should press vendors for specifics about how their products are better than others at curtailing ransomware madness.
- Artificial Intelligence (AI) and Machine Learning (ML) as They Relate to Security. Many security experts rightly feel that AI and ML have been over-hyped and that these technologies are not, by themselves, a panacea (see Lastline’s blog “How Cybercriminals are Attacking Machine Learning”). Despite these concerns, AI and ML are likely to be hot topics. Attendees should look for measurable proof-points that cut through the marketing hype and demonstrate precisely how a product produces better results at a lower cost when compared to other solutions.
- Automation & Orchestration. The shortage of qualified cybersecurity professionals to fill an ever-growing number of security-related jobs is frightening. Automation and quality orchestration promise, among other things, to help fill the void. Look for a lot of innovation in this area, but will vendors live up to these and other promises? Will products offering automation and orchestration be limited by the ability to ingest needed data, or by other challenges?
What People Won’t be Talking About At RSAC 2018—But Should Be
Here’s a list of what our experts say they would like to see discussed but fear they won’t be. Perhaps we will be happily wrong and RSAC will surprise us with innovations and healthy discussions in these much-needed areas.
A few topics that probably won’t be discussed but really ought to be:
- Fooling and Evading AI-based Security Systems. We already know the adversary is hard at work to defeat AI-based security. Does the cybersecurity industry understand these coming assaults and how to defend against them?
- Fooling and Evading Sandboxes. The latest malware is so sophisticated that it is frequently able to fool and evade conventional sandboxes. Security researchers understand some evasion techniques quite well and are developing effective countermeasures. But there are many additional evasion techniques that are only understood by a few. Raising awareness about them and sandbox capabilities that improve detection would provide huge benefits.
- Adversarial Machine Learning. Although we mentioned ML already, ML in an adversarial environment deserves its own billing. It’s one thing to have an effective ML application where everyone and everything in the environment are pulling for it to succeed. But ML in an environment where cybercriminals intentionally corrupt the foundational data is something else altogether. It’s critical for everyone involved with cybersecurity to understand how criminals attack ML and what steps security experts can take to mitigate these threats. This whole area deserves a lot more attention than it is likely to get.
- How Vendor Solutions Work in a Deeper, Technical Sense. Most security vendors will be presenting high-level, magical-looking solutions that will remain opaque to the typical customer. Their motto will be “Trust us, you don’t need to understand how this solution works.” Unfortunately, by conversing primarily at these high levels, vendors miss important opportunities to show differentiation and help potential buyers solve their security challenges.
Watch for True Innovators, and Press for Details
We hope to see you at the conference and look forward to a new round of buzz words and trends, some of which will actually be useful.
Perhaps the best way to separate the wheat from the chaff is to, as mentioned in a few areas above, press technology vendors for details on how their system actually works and what it actually does. By moving the conversation away from high-level fluff and down to how the technology solves your real-world problems is the best way for show attendees to find your own hot topics.
Other Hot Topics to Watch For at RSAC?
Have your own ideas about what will be hot this year at RSAC, or should be a hot topic? What do you think the industry needs to be talking about to significantly improve our collective ability to secure our networks, data, and people?
We’d love to hear your comments and suggestions.