By Dr. Robert Buccigrossi, TCG CTO
The 2024 RSA Security Conference was a lavish demonstration of marketing dollars at work. With flashy booths and gobs of “swag” (free T‑shirts, charging pads, batteries and toys), it was a challenge to cut through the jargon and sales pitches to discover the core capabilities of vendors’ offerings. However, the trends were clear:
Zero Trust vs Next-Generation Firewalls — Surprisingly, I found two vendors that actually offer Zero Trust services that match the NIST SP 800–207 definition: ZScaler (“Bringing NIST Special Publication 800–207 down to Earth”) and AtSign (“Zero Trust Sockets”). Both require significant buy-in: you depend upon them to function as the protective shell around all of your application components. The benefit is that they provide isolation and authorization between and among your app components and your users. ZScaler also provides high-level services including transaction anomaly detection, security audit logs, denial-of-service protection, and analytics. Of course, their pricing is opaque, requires a re-architecture of your existing services, and does not work at all with traditional firewall and network monitoring tools.
These Zero Trust services are in competition with Next-Generation Firewalls (NGFW). NGFWs still have standard firewall capabilities, but tack on application awareness to control and block unusual requests or behavior, threat intelligence, and integrated intrusion prevention. NGFWs work better with existing application configurations and third-party security tools, but lack the inherent security posture that Zero Trust architectures do.
Real GenAI-Integrated Security Tools — While everyone was talking about AI last year, this year I found real examples of effective uses of generative AI (GenAI). Microsoft Copilot for Security sits on top of Microsoft’s security solutions (XDR, Sentinel, and Intune) and provides plain-text explanations of results, executes actions from plain-text requests, and describes incident response next steps. It leans directly into GenAI’s strengths: query processing, text summarization, and document look-up. In addition, Cyera’s Data Security Posture Management is one of multiple services that use ML categorization capabilities to scan your data repositories (Google Drive, AWS S3 buckets, Sharepoint files, databases, etc.) for PII and corporate sensitive information, ascertain risk, and make suggestions for labeling, masking, or de-identification.
Defense from AI — There was a lot of discussion about threats facilitated by AI: sextortion, faked identities, election interference, and one-day attacks (discovering vulnerabilities from released patches and using them to attack before the patches have been applied). From one presentation to another I saw a significant split between those who wish to limit ML models and use (even restricting what prompts users can make) and those who wish to expand open-source exploration and research (the “democratization” of AI). However, the issue of restricting ML may be moot: Many researchers believe that the “genie is out of the bottle” since amazingly powerful models can now be made by anyone using cloud services and even personal computers.
The majority of vendors were selling traditional firewall, WAAP (Web Application Firewall), XDR (extended detection and response), EDR (endpoint detection and response), compliance enforcement, and SIEM (security information and event management) tools. In the end, however, the focus of the 2024 RSA Security Conference was overwhelmed by the risks and promises posed by AI.
Dr. Robert Buccigrossi is TCG’s Chief Technology Officer. He received his Ph.D. in Computer Science from the University of Pennsylvania, where he conducted his thesis work on machine learning models in computer vision. He brings a wealth of knowledge and experience in machine learning (ML), natural language processing (NLP), and artificial intelligence (AI). Dr. Buccigrossi heads TCG’s R&D Lab, where he actively researches emerging technologies such as ChatGPT and Pinecone, Scikit-learn for NLP tasks, and other advanced systems.