RSAC 2024

Day Two At RSAC 2024: Insights From Bugcrowd, Huntress, Qualys, And Forescout

We spoke to security experts from Bugcrowd, Huntress, Qualys, and Forescout at the 2024 RSA Conference.

The Moscone Center at RSAC 2024

This year’s RSA Conference has started with a bang in San Fransisco, as thousands of IT professionals and security leaders from around the world come together to discuss trending topics and product updates, and catch up with a network of cybersecurity enthusiasts.

Expert Insights are on the expo floor to learn from some of the industry’s leading cybersecurity experts. On the second day of the conference, we spoke with leaders from Bugcrowd, Huntress, Qualys, and Forescout to get their advice for IT professionals and CISOs attending the show. Here’s what we learned.

Bugcrowd CEO And Founder & CSO On AI Bias

Bugcrowd is a crowdsourced security platform that encompasses pentesting, bug bounty, attack surface management, and vulnerability disclosure.

The challenge they’re here to discuss:

One vulnerability that organizations are particularly concerned about at the moment is the use of generative AI tools and LLM applications.

“The biggest thing that people should be concerned about is the speed with which we’re trying to integrate [GenAI and LLMs], and also the ambiguity created by all the hype around it,” says Casey Ellis, Bugcrowd’s Founder and Chief Strategy Officer. Additionally, from a consumer standpoint, security leaders need to be aware of the privacy, safety, and bias associated with using GenAI and LLMs, says Bugcrowd’s CEO, Dave Gerry.

“We’ve seen a strong push—both from the public sectors and government, as well as from our commercial sector—for bias assessments; the ability to have somebody come in and actually say whether an inherent bias exists. We know [these models are] trained by humans, so there’s going to be bias that exist inside of them. So, how do you make sure that you’re aware of what exists in those models, and how do you then mitigate against it and remove bias from the models that exist?”

Bugcrowd’s solution:

To help solve this challenge, Bugcrowd has recently launched an AI Bias Assessment as part of their platform, which leverages the knowledge of experts in the Bugcrowd community to search for undeclared biases that exist within LLMs.

“We’ve been talking to customers about this ever since the chatbots dropped. We partnered with CDO, the innovation arm of the Department of Defence, to do our first assessment; that was the pilot project that brought the thinking together and it was successful.

A word of advice for CISOs at RSAC:

My advice would be, get back to security fundamentals and foundations; don’t get distracted by the hype,” says Gerry. “Yes, AI is going to revolutionize the way we do a lot of things, but ultimately, the weakest link still exists in your business as the human. If they’re not secure, if they’re not trained, if they’re not practising the right processes and you don’t have the right policies in place, then the rest of it really doesn’t matter. So, focus on the fundamentals, focus on the security foundations, and then build from there.”

“There are so many exciting, innovative, very noisy tools competing for your attention in this place,” says Ellis. “I think the antidote to that is to go in understanding what the priorities are for you as an individual CISO leading your unique organization from a security standpoint, and just being diligent about getting an answer to those questions. And for anyone who’s struggling with that or trying to figure out what those things are, there’s an incredible community around RSAC, so spend as much time as possible with peers, figuring out what priorities they’re thinking about, and what you can learn from that.”

Huntress VP Of Product Marketing On Securing SMBs With MDR

Huntress is a managed detection and response (MDR) solution that caters specifically to small-and-midsized business with under 1,000 users and a small—or no existing—security team.

The challenge they’re here to discuss:

“[SMBs] experience the same threats as a larger organization—maybe less specifically targeted towards them, but they fall victim to crimes of convenience because they’re ‘low hanging fruit’ for attackers,” says Seth Geftic, Vice President Product Marketing at Huntress. “But when you walk the showroom floor here, most vendors here could care less about them. They don’t care about SMBs or the MSPs that serve them—they’re really an afterthought. Instead, they’re focused on Fortune 500 and Fortune 1000 organizations with big 24/7 security operations teams and big budgets, so they can buy their expensive products.

“But when you look at the mission of cybersecurity—if you’re in it for that mission—the people who are the most underserved, under protected, and under resourced are our target market. So, we built our business to service them, both from a technology and a human standpoint, and make sure that they can stay protected, so they can just focus on what they do.”

Huntress’ solution:

“All the things we do are managed,” says Geftic. “Managed endpoint security, managed identity protection, managed security awareness training, and then soon managed SIEM. We combine the tech with our 24/7 team of experts, so that if you’re a small business, your IT teams and junior IT analysts can use us. We’re going to only inform them of what’s going on when we find something; we do all the heavy lifting for them, we apply all the expertise for them, and we only bother them when we need their help to finish rectifying the situation.”

A word of advice for CISOs at RSAC:

“Get help! If you’re trying to do it on your own, it’s a losing battle,” says Geftic. “There is no way as an SMB you could build up the defenses internally to match the attackers’ side. And there’s no way you can compete in terms of hiring, training, and retaining a staff compared to large, well-funded security organization; even if you found that unicorn and you got someone you could afford and you could train and keep them, once they prove their value for you, they’re going to get poached by a large organization.

“So, you need to work with outsourced vendors like MDR providers who can do that work for you. Don’t try and do it alone.”

Qualys VP Of Cloud Security On Scanning At All Stages Of Development

Qualys is a leading provider of cloud-based security, compliance, and IT solutions. Qualys’ solutions help organizations worldwide to streamline and automate their security and compliance processes—all via a single platform.

The challenge they’re here to discuss:

Around 80% of successful breaches are caused by new or unknown zero-day attacks, which either involve new or evolved malware variants, or the exploitation of undisclosed vulnerabilities.

“Attackers now have tools that allow them to automate the generation of malware,” says Nayeem Islam, Vice President of Cloud Security at Qualys. “There are about a million new malware variants a day, so it’s impossible to analyse all of them manually—which is what was done before.”

However, whilst detecting unknown vulnerabilities is certainly an important challenge, many attacks also involve known CVEs that are included in automated attack toolkits. Although software and firmware providers are likely to know about these vulnerabilities, it often takes significant time for them to assess, patch, and deliver fixes for them.

“This is a really interesting problem that also leads to supply chain attacks because, even if you shift left, people are pulling code from all kinds of random places,” says Islam.

Qualys’ solution:

“In our container security solution, we actually scan for vulnerabilities in three different places: we allow you to scan for vulnerabilities in the CI/CD or the development pipeline; when you put it in registries, we allow you to scan for vulnerabilities there; and we also scan for them at runtime,” says Islam. “So, we have made the transition to shift left, but we recognize that you can’t catch everything when you shift left. Code still gets downloaded when you’re running, and you have to scan that as well. So, our philosophy is scanning at all times.”

A word of advice for CISOs at RSAC:

“It’s really important to take a holistic approach and make sure that you educate your team on the effectiveness of these tools so they can be deployed at each point. And it’s not just educating the security professionals; in today’s agile environment, you need the developers to tag along. The whole organization needs education on why security’s important and how they can all work together to keep a company secure.”

Forescout SVP of Worldwide Sales On Managing Risk Across A Diverse Network

Forescout is a cybersecurity provider dedicated to identifying, securing, and ensuring the compliance of all managed and unmanaged cyber assets connected to a network. To achieve this, Forescout’s flagship platform offers extended detection and response (XDR), risk and exposure management, and network security capabilities.

The challenge they’re here to discuss:

“In our research, we’re seeing a trend that the non-traditional devices—the unmanaged and unmanageable, the un-agented and un-agentable devices—are showing up at a much higher rate than the traditional ones,” says Rob Amezcua, SVP of Worldwide Sales at Forescout. “People lack an understanding of those devices; nobody is really asking for permission to put them on networks, so now they’re showing up on parts of the network that they don’t really understand or, worst of all, that they don’t expect. And what our research is showing—and what our customers, prospects, and partners are showing an interest in—is bridging that gap. There’s this convergence of a network that now contains IT, IoT, and OT devices, and they need a platform that can give them a full understanding of that picture, and the ability to assess the risk associated with it.”

Forescout’s solution:

“This is all about the data plane,” says Amezcua. “People want to be able to create, store, and analyze mountains of data. And the only way in which you can do that cost effectively, is to basically get it up in a cloud plane, and start to run machine learning and artificial intelligence and analytics against it so that you can develop a broader understanding, You need the computing power of the cloud to be able to do that.

“As people build an understanding of what they’re connecting and collecting in terms of data, we’re now giving them the ability and the power to be able to send that up in the cloud. So, you have a store there over longer durations of time, which you can use not only to make a control decision, but also to take other tools and other feeds that you have in your environment and obtain a very rich contextual view about your risk. We also offer AI-assisted recommendations around what you can do to address the exposure and limit the risk and then, utilizing our platform and that agnostic connection to your other tools, you can orchestrate a proper response.”

A word of advice for CISOs at RSAC:

“Community matters—not one of these guys has the blueprint or the playbook alone. And community matters with respect to partners as well. Find a vendor that you can partner with and be open and honest with; find one that is really working in your best interest. “And the most important thing is to be informed, not influenced. There are a lot of ways in which the organizations here at the show look to influence people, or try to sway their thinking or their direction. Make sure that you’re informed […] by working with a vendor and having that open and honest conversation.”

Looking For More RSA Coverage?

You can see more of Expert Insights’ coverage at RSA here: RSAC 2024

About Expert Insights

Expert Insights is a B2B research and review platform for IT solutions and services. We help over one million IT managers, CISOs, small business owners, and other professionals discover the best IT and cybersecurity solutions.