RSAC 2024

RSAC 2024 Day #1: Insights From Cloudflare & Delinea, Covering Election Security, Privileged Access & More

Expert Insights opens our coverage of the RSAC 2024.

RSAC 2024

The RSAC Conference 2024 kicks off today in San Francisco, with thousands of security leaders from around the world converging to discuss the latest trends and tech. With hundreds of cybersecurity companies in attendance, this is one of the biggest weeks in the cybersecurity calendar.

There have already been a number of important announcements made, with a lot of focus at the conference on enabling safe usage of AI, increasing sophistication of cybersecurity attacks, supporting SOC teams to reduce burnout, and developing cybersecurity policy. 

Expert Insights spoke with top executives from Cloudflare and Delinea on the opening day of the conference to get their take on the show, and to discuss their new product launches and get their advice for CISOs attending the show.

Cloudflare VP On Election Security And AI

The Cloudflare team are at RSA covering a range of issues; including AI, mitigating supply chain attacks, and election security, Larry Wiggins, the Vice President of Security Technology and Operations at Cloudflare tells Expert Insights. 

“Anytime there’s geopolitical problems, we see a significant uptick in attacks. We see it when Sweden and Finland joined NATO, and we started seeing the number of DDoS attacks against their sites spike up.  We see it pre-empting and during the troubles in the Middle East in October.” 

“Anytime we see those types of geopolitical problems, or there’s an election at play, we start seeing websites attempted to be taken offline. We start seeing more requests to have sites taken offline or DNS removed as a way to impede information flow.”

Cloudflare are at the forefront of helping nation states and enterprises secure against web-based attacks. “And ultimately, where Cloudflare wants to be in the middle of, and often does get in the middle of, is our ability to protect that data flow and protect that information flow. And to make sure that elections can go on go unimpeded. Or as unimpeded as possible.”

Wiggin’s advice for CISO’s attending the show this year? “Continue to learn”

Continue to learn. Always. AI is currently the big thing. Obviously, there’s risks, threats and opportunities on all sides of AI. Whether you’re looking at it from the standpoint of: How do I protect my data going into the LLM? Or, how do I better leverage an LLM to get better information and better insights?

I think every CISO out there is struggling with multiple stakeholders in their company that want to leverage AI to do things faster and do things with fewer people. Ultimately, it’s going to come down to the actual business use case. And CISO’s are going to be expected to manage those use cases securely.

Taking the opportunity here at RSAC to learn more about it, learn how they can protect it, learn how they can use it to further their own security needs. I think learning is the best opportunity they’ve got.”

Delinea Chief Security Scientist & Advisory CISO On Improving PAM 

Privileged accounts are a lucrative target for hackers trying to gain access to critical business data. Despite this, 63% of security decision-makers say that high-sensitivity access for users in their organization is not adequately secured, 77% of developers have too many privileges, and almost half of all organizations have at least some users with more access privileges than are required for them to carry out their work. 

One reason that many organizations are still struggling to secure their privileged accounts, says Delinea’s Joseph Carson, is that they simply don’t have the right tool set. 

“Organizations have tended to try to use unsuitable tools to do various aspects [of privileged account management], such as using password managers to manage privileges. 

What you’re still doing there is delegating security decision-making to employees to make the right decisions. You’re not integrating it across your different solutions, platforms, and services, so you have a lack of visibility and auditability.”

Additionally, though many organizations are aware of the risks associated with unsecured privileged accounts, they don’t know what best practices to follow to reduce that risk, or what steps to take to get started, says Carson. 

On the technology side, Delinea is helping organizations tackle the complexity associated with managing privileged identities by converging authentication with authorization. 

“Delinea has historically been in the PAM area, focusing on privileged accounts and privileged access for those accounts,” says Carson. “But there’s been a convergence that’s been happening in two areas. You’ve got identity access management, which focuses on the authentication side of things and making sure that you can consolidate those ‘who’ tools, like single sign-on, multi-factor authentication, and identity federation. 

The other area of convergence is the authorization side. This refers to what are you allowed to do in the organization after you’ve verified who you are. 

“That’s where Delinea sits. It’s not just about the managing the privileges; it’s about managing every interaction after the access—whether it’s machines needing access to resources and networks, APIs needing to access databases, users who are elevating and accessing servers and workloads in cloud and SaaS-based infrastructure. 

“Delinea is here to provide that visibility, discovery, control, security, and entitlement, and bring all of those components together.”

Looking for more RSAC Coverage?

You can see more of Expert Insights’ coverage at RSAC here: RSAC 2024.

About Expert Insights

Expert Insights is a B2B research and review platform for IT solutions and services. We help over one million IT managers, CISOs, small business owners, and other professionals discover the best IT and cybersecurity solutions.