Trends from the 2023 RSA Security Conference

By Dr. Robert Buccigrossi, TCG CTO 

The RSA 2023 Conference was a gala affair of security companies demonstrating their cutting-edge services.  I saw four key trends to which Federal agencies should pay attention, if they aren’t already. 

XDR: eXtended Detection and Response — One of the buzzwords at the conference was XDR, which stands for “eXtended Detection and Response.” XDR is a natural evolution of both “endpoint detection and response” (EDR), which looks for suspicious behavior at an application’s endpoints, and “network detection and response (NDR), which looks for suspicious behavior at network boundaries and traffic. XDR inserts appliances and tools across multiple domains, such as endpoint, network, cloud, email, and identity. By correlating and analyzing data from different sources, XDR aims to provide a holistic view of the threat landscape and enable faster and more effective response actions. XDR vendors claim that their solutions can reduce complexity, improve efficiency, and enhance visibility for security teams. XDR is rather new (both Cisco and Microsoft are promising XDR solutions “in the near future”). If you are interested in an open source XDR platform, consider the community version of Wazuh, which can be run without depending upon a SaaS platform.

Zero Trust: Beyond Perimeter Security — The government has released two different Zero Trust Models: CISA’s Maturity Model (which has 5 pillars across “Identity”, “Devices”, “Networks”, “Applications & Workloads”, and “Data”) and NIST SP 800–207 (which presents a focused Zero Trust Architecture for implementing services). Because CISA’s model has much more breadth than NIST’s, many vendors I encountered had “Zero Trust” emblazoned on their booth and would happily preach how their solution fits into some of the CISA pillars. One booth exclaimed, “Ask how our solution helps you achieve Zero Trust!” So I introduced myself, briefly described the authorization requirements of SP 800–207, and asked how their solution would help us develop services that met NIST requirements. The representative paused, pointed his thumb up to the Zero Trust statement and dead panned, “that’s marketing.” There’s still a gap in the ability of vendors to achieve NIST’s requirements for Zero Trust Architecture standards in government.

A Spoonful of AI Makes the Medicine Go Down: ML-enhanced Security - A third trend that was evident at the conference was the increasing use of artificial intelligence (AI) and machine learning (ML) in security tools. During the show, the cynic in me quipped, “everything is made better with a sugar coating of AI.” That said, ML models do enable systems to analyze baseline behavior and automatically identify anomalies and threats (for XDR, phishing, virus, and malware detection). Some companies also used large language models to summarize observations and volumes of data into plain text. The challenge is to identify which companies truly use AI to improve their systems, and which use it as a buzzword.

Open Source Library Supply Chain Security — Three years ago I went from vendor to vendor asking who could help us protect our clients from hijacked open source libraries (ones in which new releases may have intentional vulnerabilities). No one had a solution (though the senior engineer from JFrog was intrigued). Since then NPM protestware became a thing and security companies took notice. However, commercial solutions aren’t ready… yet. JFrog did state that they are releasing a new service (next month) called “curate” that will hold the publication of libraries until they are vetted. This would make the JFrog Artifactory unique because it would then protect against both aging libraries and newly released protestware.