RSAC 2023: HIGHLIGHTS, LEARNINGS, AND WHAT WE WON ALONG THE WAY
by Serena Raymond on May 2, 2023 9:30:00 AM
Every year, RSA comes and goes as quickly as a car on-track—and this year was no different. It feels like the conference just started, but we’re already back home and back to work after a busy and exciting week.
We met so many amazing folks at this year’s event, reconnecting with some and getting to know others for the first time. Thanks to everyone who made RSAC 2023 such a great event.
Now here’s a quick recap of DNSFilter’s week at RSA:
TOP 5 CYBERATTACKS, ACCORDING TO SANS
In a panel hosted by SANS, they outlined the five attacks they believe will be the biggest threat through the end of 2023. For them, they see the following taking hold:
- SEO attacks
- Attacks targeting developers
- Weaponization and overall leveraging of AI—specifically in social engineering
Some of these line up with our cybersecurity predictions of 2023, which we published back in January. Malicious AI was the first item on our list, with social engineering not too far behind.
Developers as a target isn’t a new concept, but the emphasis is new. We have seen plenty of attacks over the years where malicious libraries made their way into software in-production, as well as hacked GitHub repositories and other vulnerabilities.
But there are some items missing, too. There wasn’t a mention of the risks involving unprotected IoT or public Wi-Fi—both of which pose an increasing threat to organizations. The truth of it all is that all of these threats are inter-connected. Threat actors can leverage AI to be used in social engineering campaigns targeting developers through the use of sophisticated SEO or malvertising. And the attacks themselves can impact IoT and public Wi-Fi in the end.
The attacks aren’t new, but the sophistication of these threats is only increasing.
OUR SR. DIRECTOR, LABS TOOK ON COMPASSION IN CYBERSECURITY
Rebecca Gazda, our Sr. Director, Labs gave a presentation at RSA called “Reducing Cybersecurity Risk Through Caring and Compassionate Leadership.” Her talk centered on how to foster a cybersecurity culture, acknowledging that mistakes will happen. One stat Rebecca shared during her presentation was staggering: 20% of employees will click a phishing link, and 67% of those who click will actually enter their information on a site.
Placing blame on employees who do fall for these attacks will not create a more secure work culture. Instead, it’s important to turn these into learning moments. Meanwhile, it’s important to share with IT and cybersecurity teams and implement security measures like DNSFilter that will block malicious site clicks.
AI…ML…WHAT’S THE DIFFERENCE?
We’d be remiss if we didn’t talk about AI for just a moment. Big AI announcements were a huge component of RSAC 2023, and it’s not a surprise. With ChatGPT at the center of it all, AI has taken the world by storm in 2023. But there’s more to AI than writing song lyrics or creating images of people who don’t actually exist. And part of the conversation centers around: “What is AI, really? And how does machine learning fit in?”
Our blog post on AI vs. ML goes into a bit more depth, but here’s a quick rundown:
AI, artificial intelligence, is a broad concept. But machine learning (ML), is a subset of AI focused on teaching computers how to do things normally done by humans. Our domain categorization software Webshrinker uses machine learning to classify domains up to seven days before competitors. We’ve trained it for more than five years on what certain types of websites look like. Our false positive rate for phishing websites in particular is under 1%.
ADD DNSFILTER TO THE LIST OF GLOBAL INFOSEC AWARD WINNERS
RSAC 2023 was filled with winners. And we were thrilled to be one of them! Thank you, Cyber Defense Magazine for recognizing us along with an impressive list of other security vendors in the space. This award means a lot to us, and we couldn’t be happier to hear these words from Gary S. Miliefsky, Publisher of Cyber Defense Magazine: “DNSFilter embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach.”
WHAT IT MEANS TO BE #FASTERTOGETHER
Our team went from San Francisco to Birmingham last week. After RSA wrapped, team members were on the ground for the Children's of Alabama Indy Grand Prix. As a sponsor of the No. 28 INDY cars of Romain Grosjean and Jamie Chadwick, it was more than exciting to see Romain take pole position for the second time this season and subsequently took second on race day.
Next up: The GMR Grand Prix in Indianapolis on May 12-13 where the No. 28 DNSFilter / DHL Honda will finally take the track!
Our partnership with Andretti Autosport has allowed us to travel all over the country, but even more exciting we were able to raffle off four INDYCAR experiences during RSAC 2023! Congratulations to the four winners whose lucky names were drawn to go to an upcoming race. We can’t wait to host you on the track.
We can’t believe we’re already a year away from the next RSA event. Until then, I’ll leave you with a message from the team at RSA with a look toward August.
Ready to take DNSFilter for a test drive? Get your free trial today
The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.
Industry State of the Art
This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world. And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.
TL;DR: SASE is broadening—it is about more than just access! It is about endpoint protection and user-based access…and it's called Security Service Edge (SSE). All of the aspects of the joint NSA and CISA guidance on Protective DNS (PDNS) and user-level policies are part of the secure category, originally launched by Gartner in January 2022. Regardless, it’s been interesting to see the NSA and CISA create guidance recognizing the breadth of cyber...