Here are three key categories of sessions that provide an inside look at some of today's most interesting cybersecurity trends.
May 14, 2021
4 Min Read
RSA Conference 2021, appropriately themed "Resilience" in this post-pandemic year, is upon us as an immersive virtual event. As an American-Israeli VC firm exclusively focused on early-stage cybersecurity investments in Israeli startups, we are on top of industry trends, and each year we compile a list of must-attend sessions.
In the face of current challenges, the cybersecurity industry has responded by searching deeper to create solutions that can withstand and quickly recover from whatever adversity is thrown at the world. With that in mind, here are three key categories of sessions that provide an inside look at some of the most interesting trends today in the cybersecurity industry.
1. Supply Chain Attacks
In 2020, the SolarWinds SUNBURST attack and data breach was reported to be among the worst cyber-espionage incidents ever suffered by the US, due to the sensitivity and high profile of the targets and its long dwell time. This attack was a harsh reminder that our ecosystems and risks are intertwined. As the world continues to adapt to digital and cloud transformation, our reliance on third-party vendors continues to increase. The SolarWinds attack proved again that the chain is only as strong as its weakest link. When just one of an organization's third-party vendors is exposed or vulnerable, it can affect the entire organization directly. Supply chain attacks and third-party security are highlighted at this year's conference.
One of the most exciting sessions will be led by Sudhakar Ramakrishna, president and CEO of SolarWinds, the IT services and remote monitoring services company whose Orion products were the focal point of the SUNBURST attack. This will be a rare opportunity to hear the inside story and lessons learned as well as remediation actions taken post-attack. Most important, Ramakrishna will share insights on what can help the industry better defend against these kinds of attacks in the future.
Our session picks:
2. Securing the Remote Workspace
The COVID-19 work-from-home impact not only continued into 2021, it is here to stay. Cloud migration and the digital transformation expanded the organization's perimeter, continually increasing the challenges for security teams and compressing the time to act.
For example, research conducted among our community of CISOs and security executives in mid-2020, published in our "CISO Circuit" report, showed that in the wake of COVID-19, cybersecurity executives were primarily preoccupied with the threat of data exfiltration. This was due to a significant rise in phishing attempts, insider threats, use of bring-your-own-device policies, and third-party security threats in combination with security control downgrades.
Our session picks:
Hackers Paradise: Top 10 Biggest Threats When Working From Home — Monday, May 17 | 12:05 PM PT
Lessons Learned From Taking Justice Remote During the COVID Pandemic — Monday, May 17 | 11:20 AM PT
In the past, the role of security teams in securing development environments didn't come into effect until the final stage of development. Development cycles lasted months or even years, but those days ended when agile development entered the industry a few years ago. Effective DevOps ensures rapid and frequent development cycles. Enter the shift-left mentality, which requires organizations to bridge the gap that usually exists between development and security teams to the point where many of the security processes are automated and handled by the development team itself.
An additional interesting trend in this space is "security as code" — a tool set of resources that helps DevOps professionals secure and protect the software development life cycle throughout the process of development. This requires an enterprise cultural shift that prioritizes security with requirements, encouraging further opportunities to automate security into the process. The paradigm shift is the hard part and the main challenge of adopting a security-as-code approach. For that reason, there are excellent sessions on making the jump to this mindset.
Our session picks:
The State of the Union of DevSecOps — Tuesday, May 18 | 09:20 AM PT
Security-as-Code to Accelerate DevSecOps, a Practical Guide to Get Started — Thursday, May 20 | 01:55 PM PT
Attack & Defend: Protecting Modern Distributed Applications and Components — Monday, May 17 | 09:50 AM PT
Lastly, we recommend the prestigious RSAC Innovation Sandbox competition, now in its 16th year. Each year, the highly competitive event presents the cybersecurity industry's 10 boldest new innovators, showcasing their game-changing technologies to a panel of luminary judges. Past winners include BigID, Phantom (now part of Splunk), Axonius,* and, most recently, SECURITI.ai. Among the finalists, Abnormal Security, a cloud-native email security platform that uses behavioral data science to protect enterprises from sophisticated email attacks undetectable by secure email gateways, and Satori,* a DataSecOps company that provides data access, security, and privacy for the modern data infrastructure, are particularly noteworthy.
*Note: YL Ventures has invested in Axonius and Satori.
About the Author(s)
Associate at YL Ventures
Yonit Wiseman, Associate at YL Ventures, champions the Israeli cybersecurity community through deal sourcing and technological due diligence and provides value-add support to the firm's portfolio companies. Yonit leverages her strong technical experience to work closely with the firm's portfolio companies and entrepreneurs in its pipeline on market and technological validation research and customer-facing support.
Prior to YL Ventures, Yonit was a Solutions Engineer and Product Manager at Rookout, where she led special technical efforts to support its sales pipeline and designed and finalized projects for product releases. She worked directly with high-profile customers across their initial stages, POCs, and deal closures. Yonit spent six years as a Cyber Team Lead and Software Engineer in an elite technological intelligence unit of the Israel Defense Forces. She holds a Bachelor of Science in Computer Science from The Open University of Israel.
You May Also Like
A screen displaying many different types of charts and graphs to show what data is being analyzed.Cybersecurity Analytics