Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

5/14/2021
10:00 AM
Yonit Wiseman
Yonit Wiseman
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Security Trends to Follow at RSA Conference 2021

Here are three key categories of sessions that provide an inside look at some of today's most interesting cybersecurity trends.

RSA Conference 2021, appropriately themed "Resilience" in this post-pandemic year, is upon us as an immersive virtual event. As an American-Israeli VC firm exclusively focused on early-stage cybersecurity investments in Israeli startups, we are on top of industry trends, and each year we compile a list of must-attend sessions. 

Related Content:

When AI Becomes the Hacker

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: Cybersecurity: What Is Truly Essential?

In the face of current challenges, the cybersecurity industry has responded by searching deeper to create solutions that can withstand and quickly recover from whatever adversity is thrown at the world. With that in mind, here are three key categories of sessions that provide an inside look at some of the most interesting trends today in the cybersecurity industry. 

1. Supply Chain Attacks
In 2020, the SolarWinds SUNBURST attack and data breach was reported to be among the worst cyber-espionage incidents ever suffered by the US, due to the sensitivity and high profile of the targets and its long dwell time. This attack was a harsh reminder that our ecosystems and risks are intertwined. As the world continues to adapt to digital and cloud transformation, our reliance on third-party vendors continues to increase. The SolarWinds attack proved again that the chain is only as strong as its weakest link. When just one of an organization's third-party vendors is exposed or vulnerable, it can affect the entire organization directly. Supply chain attacks and third-party security are highlighted at this year's conference. 

One of the most exciting sessions will be led by Sudhakar Ramakrishna, president and CEO of SolarWinds, the IT services and remote monitoring services company whose Orion products were the focal point of the SUNBURST attack. This will be a rare opportunity to hear the inside story and lessons learned as well as remediation actions taken post-attack. Most important, Ramakrishna will share insights on what can help the industry better defend against these kinds of attacks in the future.

Our session picks:

2. Securing the Remote Workspace
The COVID-19 work-from-home impact not only continued into 2021, it is here to stay. Cloud migration and the digital transformation expanded the organization's perimeter, continually increasing the challenges for security teams and compressing the time to act. 

For example, research conducted among our community of CISOs and security executives in mid-2020, published in our "CISO Circuit" report, showed that in the wake of COVID-19, cybersecurity executives were primarily preoccupied with the threat of data exfiltration. This was due to a significant rise in phishing attempts, insider threats, use of bring-your-own-device policies, and third-party security threats in combination with security control downgrades.

Our session picks: 

3. DevSecOps
In the past, the role of security teams in securing development environments didn't come into effect until the final stage of development. Development cycles lasted months or even years, but those days ended when agile development entered the industry a few years ago. Effective DevOps ensures rapid and frequent development cycles. Enter the shift-left mentality, which requires organizations to bridge the gap that usually exists between development and security teams to the point where many of the security processes are automated and handled by the development team itself. 

An additional interesting trend in this space is "security as code" — a tool set of resources that helps DevOps professionals secure and protect the software development life cycle throughout the process of development. This requires an enterprise cultural shift that prioritizes security with requirements, encouraging further opportunities to automate security into the process. The paradigm shift is the hard part and the main challenge of adopting a security-as-code approach. For that reason, there are excellent sessions on making the jump to this mindset.

Our session picks:

Lastly, we recommend the prestigious RSAC Innovation Sandbox competition, now in its 16th year. Each year, the highly competitive event presents the cybersecurity industry's 10 boldest new innovators, showcasing their game-changing technologies to a panel of luminary judges. Past winners include BigID, Phantom (now part of Splunk), Axonius,* and, most recently, SECURITI.ai. Among the finalists, Abnormal Security, a cloud-native email security platform that uses behavioral data science to protect enterprises from sophisticated email attacks undetectable by secure email gateways, and Satori,* a DataSecOps company that provides data access, security, and privacy for the modern data infrastructure, are particularly noteworthy. 

*Note: YL Ventures has invested in Axonius and Satori.

Yonit Wiseman, Associate at YL Ventures, champions the Israeli cybersecurity community through deal sourcing and technological due diligence and provides value-add support to the firm's portfolio companies. Yonit leverages her strong technical experience to work closely with ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-38481
PUBLISHED: 2021-10-22
The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string.
CVE-2021-41744
PUBLISHED: 2021-10-22
All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the collaborat...
CVE-2021-41745
PUBLISHED: 2021-10-22
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.
CVE-2021-41747
PUBLISHED: 2021-10-22
Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies.
CVE-2021-36357
PUBLISHED: 2021-10-22
An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endi...