Highlights from RSAC 2021: Zero Trust, XDR, Cybersecurity Careers, and More

RSA Virtual Conference 2021

In the months since the global pandemic impacted the U.S., people shifted to new ways of working and living, and new obstacles to overcome. As if the Covid-19 pandemic wasn’t challenging enough, this year we’ve already witnessed prominent cybersecurity attacks and incidents, including a Microsoft Exchange server hack and a Facebook breach.

Despite everything, people and cybersecurity continue to endure. This sentiment of Resilience also carried through as the theme of last week’s RSA Conference 2021. Below is a recap of just some of the sessions and trends I spotted.

Lesson Learned for Cybersecurity from 2020

The year 2020 was not immune to its own cybersecurity issues and headlines. Cyberattacks are the fifth top rated risk in 2020, according to a World Economic Forum’s The Global Risk Report 2020. The December 2020 SolarWinds attack is just one example of such an incident.

During the RSA Conference 2021, RSA CEO Rohit Ghai, who gave one of the keynote sessions, noted that in cybersecurity being resilient isn’t good enough. Instead, you must be good at resilience. This means learning to fall less often, withstand the fall better, and to rise stronger every time.

The keynote offered some important takeaways:

  • Embrace Chaos in Cybersecurity: It’s impossible to predict an attack, so expect the unexpected. Trust no one and compartmentalize your failure zones.
  • Rebuild to be Better: Returning from an incident stronger should be an end goal. Organizations should focus on bringing in diverse talent to achieve that.
  • Find strength in a security community: Together, you are stronger as a group. By sharing knowledge and effective techniques, you can achieve the greatest security resilience.

Zero Trust Gains Momentum

Beyond attacks and data breaches in 2020, the cybersecurity industry also experienced changes in how it traditionally dealt with incidents. The traditional security perimeter has eroded, and now more than ever, you should focus on the concept or Zero Trust. As described in one session, Zero Trust is more than a mindset. It is a notion that every user, device, and service that requires access should be considered hostile. While the legacy was about protecting the perimeter, the focus is now about protecting assets, users, and resources.

The journey to Zero Trust is a challenge because implementation isn’t easy, but it can be done. During the “Zero Trust Best Practices with VM Ware Security Strategies” session, reps from VMware said Zero Trust is about end-to-end visibility and analytics, and the ability to automate and orchestrate response across these different dimensions. Part of the difficulty in implementing a Zero Trust strategy is that it can’t be accomplished by a single vendor — it takes a team of multiple vendors.

What’s exactly is a Zero Trust strategy? It is a model focused on tailored controls, micro-perimeters, and the notion of trusting nothing. In the “Lessons from Our Zero Trust Journey: Successes, Failures, & Dodging Pitfalls” session, LogRhythm CSO James Carder spoke about LogRhythm’s four-year journey. When LogRhythm began its process in 2017, the technology wasn’t really Zero Trust-enabled, Carder said. Fast forward to today, you can go from nothing to full Zero Trust in less than a year.

“The key takeaway here is your strategy may be sound, but it’s how you execute that actually matters as it relates to Zero Trust,” Carder said.

During its journey, LogRhythm encountered typical challenges, such as budgetary constraints, adapting to business change as technology matured, the need to develop models from scratch, and indirect costs, such as building customized integrations, automations, workflows, and processes. To navigate it all, Carder advised attendees to be patient, plan ahead, and persevere.

Carder offered the following lessons learned from the LogRhythm Zero Trust journey:

  • You don’t have to implement Zero trust all at once: There are benefits to do it in pieces, such as starting with aligning mapping your system architecture and data flows, and then gaining buy-in on a Zero Trust plan from key stakeholders.
  • Re-architecture is OK: This ensures implementation of the most effective Zero Trust architecture for your business.
  • Ensure organizational and cultural alignment: Review the appetite for Zero Trust with executives and your relationship with IT.
  • Budget ahead for unknown costs: Consider future needs, such as people and other needed resources.
  • Take time and re-evaluate things periodically: Don’t rush your strategy. Take time to re-evaluate and adjust as needed.

Interested in learning more? Find out how LogRhythm embarked on its Zero Trust initiative, in this whitepaper.

XDR — Cybersecurity’s Next Big Thing

Beyond Zero Trust, RSA Conference 2021 focused on a growing area in cybersecurity — extended detection and response (XDR). Some consider XDR an architecture to pull different tools together wrapping with people and process, where others view it as a tool to be installed. XDR addresses two major problems that has plague the industry — alter fatigue and tool overload. Others consider the issue a data problem.

“What we need to move toward as an industry is toward data management and how we can scale and automate,” Jared Phipps, SVP, Solutions Engineering, SentinelOne, said in a panel session. “XDR is the fundamental architecture that enables that.”

XDR isn’t a new concept, but it’s one that’s gaining steam because the focus is shifting to orchestrated and automated response to reduce time to response and minimize damage. One change that’s propelled XDR to the forefront is the explosion of cloud. Digital transformation, software as a service (SaaS), and the threat landscape have expanded as a result.

Contrary to some beliefs, XDR won’t replace a security information and event management (SIEM) platform — SIEM is complementary. A big of the benefit of XDR is that detection and response can be automated for repeatable use cases that are relevant across industries. SIEM, however, is ideal user and entity behavior analytics (UEBA) and custom use cases that are unique to your environment or security concerns.

When pursuing an XDR strategy, be mindful of vendor/toolset fatigue, Phipps advised. It’s not just the expense of XDR you need to worry about. You have to train your employees how to use the tools and work with vendors, and you have to sustain them. That can contribute to fatigue overtime. Another caution is vendor lock-in. The problem with that is you are limited by the vendor’s ecosystem.

To ensure success, your path to adopt an XDR approach should start with identifying where you have integrations gaps that cause silos. Review your incident response process to note what steps take the most time and can be automated. Over the long term, your organization should build and execute on a roadmap that focuses on greater integration and automation. In addition, identity which tools give you real value and which don’t. Panelists advised working with your vendors to integrate on your behalf.

The Many Faces of Cybersecurity Careers

Beyond strategy and products, people in cybersecurity took center stage at this year’s RSA Conference. Chris Wysopal, co-founder and CTO at Veracode, and Joshua Corman, chief strategist of Healthcare and COVID at CISA, spoke about the need for a new role — Chief Product Security Officer (CPSO).

Cybersecurity careers span the gamut, but why do you need a CPSO? Businesses are no longer writing code for themselves — they are building products, which affects customers. What’s more, managing product risk spans many departments. Software failures are also growing in volume and variety.

“The idea is we need this new individual to do something that spans many different departments now,” Wysopal said, including engineering, compliance, provider administration, and data danger.

Corman said the role of CPSO requires someone who can be bimodal, adding that the individual has to engage with the individual developer, and get that individual developer to find and fix the vulnerabilities in the code as well as consider the bigger picture in the lens of enterprise risk management. To create a CPSO position for your organization, it’s crucial to find champions, Wysopal advised. You should inspire a team of vendors to help you do accomplish this.

No matter what your role in cybersecurity, the way into the industry isn’t a straight line or a defined path. Beyond the individual role of a CPSO, panelists in the “Lessons Learned from Diverse Paths to Successful Cybersecurity Careers,” shared their experiences and advice for those in the field.

SANS Director John Pescatore, who moderated the session, advised attendees to make cybersecurity career moves based on what they think they would like, and to not be timid of making lateral moves. To get to the right position, you may have to take a salary cut in the beginning, Inno Eroraha, chief strategist, NetSecurity, added.

Panelists echoed the importance of creating and maintaining a network to build a support system and aligning yourself to other people with the same interests or goals.

“Build your network,” Lodrina Cherne, principal security advocate, Cybereason, said. “People you meet today may help you find your next role.”

In the same vein, Xena Olsen, senior cybersecurity analyst, Fortune 500 company, encouraged attendees to find a mentor or support system. She explained how management is imperative in helping you in your cybersecurity career.

“You need help and support along the way,” Olsen said. “Your manager is very important.”

My RSA Takeaways

As a product marketer, I attended on sessions geared toward XDR, cloud, and Zero Trust to better understand how other organizations are approaching these topics. The RSA Conference 2021 offered insight into how the cybersecurity industry is expanding and shifting, and how vendors are transforming their businesses to meet new demands. As the cybersecurity industry continues to evolve, so too will the products we market.

The conference also gave a glimpse into the pulse of what’s on the horizon. With 2021 only at the halfway mark, I can’t wait to see what’s to come.

While RSA Conference 2021 has concluded, the season of security conference is just beginning! To learn more about cybersecurity and the latest trends register for LogRhythm’s fifth annual security conference, RhythmWorld 2021.