RSA Conference Recap for Developers

Internet security professionals flocked to the Moscone Center in San Francisco for the RSA Conference (RSAC). Previously planned to occur in February, this year’s event got moved to June 6-9 after organizers wanted to exercise an abundance of caution during the ongoing COVID-19 threat. Here’s a look at some of the themes and trends explored there this year. 

DevSecOps at the Forefront

DevSecOps was an ongoing theme at this year’s RSA Conference, and some people commented that the content was more focused on developers than at any other time in the past. The conference’s opening day featured an evening reception where people discussed integration and development of the software bill of materials (SBOM). 

There were more than 50 events throughout the conference under the DevSecOps and software integrity category. Supply chain security was another hot topic, with nearly 60 events dedicated to it. Dozens of vendors showed up to offer products to help developers produce stable, bug-free applications and secure their environments, too. 

The increased focus on the development side of cybersecurity was quite timely. Attackers are more frequently exploiting vulnerabilities in open-source repositories, which disrupts the software supply chain. RSAC gave development professionals current information about these issues, providing them with relevant knowledge to take back to their organizations and use to strengthen overall security. 

Progress Made in a Dedicated Global Cybercrime Collaboration

Cyberattacks have now become so severe and frequent that it is more important than ever for people to have a united front against stopping them, even if their primary jobs do not relate to cybersecurity. Statistics show that when the education sector gets targeted by a ransomware attack, the average amount of money demanded for the restoration of access surpasses $300,000. 

At RSAC 2022, teamwork against cyberattacks got highlighted through a panel where participants from the World Economic Forum discussed the development of a multi-stakeholder tool called the Cybercrime Atlas. Some of the project’s main goals are to facilitate better information-sharing and collaboration among people who are working together to minimize cybercrime around the world. 

One of the issues brought up in the panel that the Cybercrime Atlas could solve is that it’s increasingly difficult to link a malware type to a particular criminal group. That’s because many of them are often using the same kinds to orchestrate their attacks. The people working on the Cybercrime Atlas Project have initially targeted a dozen threat groups and intend to compile information about them that cybersecurity experts can access. As of the RSA Conference, they were halfway through the list. 

In the future, participants hope to use the Cybercrime Atlas to scale up and develop analysis efforts. From there, cybersecurity professionals could work together and identify opportunities to disrupt the plans of cyberattackers working as groups. Those are certainly optimistic goals, but they’re arguably not out of reach if people work together and focus on the same milestones. Ideally, the Cybercrime Atlas will help cybersecurity practitioners understand the total online ecosystem and its associated risks in ways they couldn’t before. 

Putting the Cybercrime Atlas in the spotlight at RSAC was a smart decision. Even though the project may be a massive undertaking, it will become more manageable as the overall number of people who know about it and want to take part increases. This year’s conference had both a virtual and in-person component, helping ensure excellent coverage of the topics and intentions discussed. 

Vendors Focused on Identity and Regulatory Compliance

Attendees soon learned that “identity” was a major buzzword among the vendors appearing at this year’s event. They also aimed to connect identity management with regulatory compliance, which was another theme of the gathering. 

Perhaps it’s no surprise, then, that the company behind the RSA Conference took the event as an opportunity to introduce a passwordless and multifunctional security solution that’s reportedly the first of its kind. It’s a hardware authenticator designed for organizations that have adopted the zero-trust security posture. 

Imprivata was arguably one of the prolific identity management companies appearing at RSAC this year. The company, which specializes in security for mission and life-critical applications, won three accolades at the Global InfoSec Awards, which were part of the conference festivities. 

Certified cybersecurity professionals judged the eventual winners based on independent reviews of the product candidates. Yan Ross, the editor of Cyber Defense Magazine, spoke of the selection process, saying, “We scoured the globe looking for cybersecurity innovators that could make a huge difference and potentially help turn the tide against the exponential growth in cybercrime. Imprivata is absolutely worthy of these coveted awards and consideration for deployment in your environment.”

Identity management expanded beyond credentials people type on keyboards, too. The RSA Conference featured a 40-foot recreational vehicle sponsored by voice authentication company Pindrop. People could go inside and engage with several interactive installations. One showed how voice authentication technology could detect the gender, approximate age, and language associated with a person.

RSAC Helps People Stay Abreast of Cybersecurity Developments

It’s impossible to cover everything that happened at a very busy conference like this one. However, this overview reveals some of the major themes and priorities. They’ll help people catch up on what they missed by not being there. Plus, even the most dedicated conference attendees can’t be everywhere at once, so this should serve as a helpful recap for them, too. 

Cybercriminals continually update their attack strategies for the most devastating and surprising effects. Cybersecurity practitioners must take a similar approach by learning, networking with peers, and exploring new products that could tighten security. The RSA Conference is an excellent place to do that, especially with it finally happening in-person again.