We are witnessing a transformation in the security landscape across all aspects of our digital world. As cyber threats become increasingly sophisticated and frequent, they pose new challenges for individuals and organizations alike. A single security breach can have crippling consequences for potentially millions of internet users — from the disruption of daily life and loss of access to everyday services to identity theft and loss of privacy.
A silver lining, though, is that these threats are driving a wave of cutting-edge innovations and solutions that can help safeguard our sensitive data and ensure continuity of operations. At the forefront of this evolution are artificial intelligence and machine learning (AI/ML). These technologies are equipping cybersecurity professionals with tools to identify and mitigate threats more effectively than ever before with unprecedented speed and accuracy.
It’s no surprise that the proliferation of AI/ML has become a central focus at industry conferences and among cybersecurity professionals. This was evident at this year’s RSA Conference, where tracks focused on automation using AI/ML, as well as the benefits and threats due to generative AI and large language models (LLMs).
Other key topics included increased usage of software bills of materials (SBOMs) and security threats associated with it, and zero-trust sessions focused on policy-based authentication. In case you missed it, CableLabs covers these topics and provides more detailed key findings from the RSA Conference 2024 in a recent tech brief, available exclusively to members. Below are a few general observations from the conference.
A Double-Edged Sword
Generative AI and LLM came up in summits hosted by organizations including the Cloud Security Alliance (CSA), the Open Worldwide Application Security Project (OWASP) and the Techstrong Group. Among the topics were:
- The use of LLM and generative AI to accelerate code analysis and patch code vulnerabilities, speed up incident responses, detect multimodal malware as well as improvements in threat detection, continuous vulnerability and risk management for organizations.
- Demonstrations of LLM attacks that can produce outputs that are entirely or partially incorrect and/or harmful. Common attacks presented in various sessions included prompt injection, insecure output handling, poisoning of training data, denial of service on the LLM, exfiltration, etc.
The OWASP Foundation provided a summary of their work on the “Top 10 for LLM” project that addresses common LLM security risks and provides guidance and checklists when implementing and managing LLMs.
There are also several policy-related challenges of generative AI like copyright protection of AI-generated work and tracing back the training data to the original owners, lack of recommendations or regulations from the United States Patent and Trademark Office regarding AI and human inventorship and also around privacy of personal data shared with generative AI vendors with the risk of such data being reidentified by the AI tools.
Long Live Shorter Certificates
An ongoing trend in the public key infrastructure (PKI) world is the shortening of the lifespan of operational certificates. Specifically for web and cloud infrastructure environments, Google published a roadmap that limits the TLS certificates’ validity period from 398 days to 90 days. The primary benefits touted for shorter validity certificates include reduced exploitation time of compromised certificates and crypto-agility, collectively termed as certificate agility.
However, this also poses challenges for access network operators and certificates meant for device identities whose validity period can extend into decades. Typically, the purpose of such device certificates is to provide immutability, attestability and uniqueness and, they are primarily used for access network authentication. In this context, providing a consistent identity using rotating certificates necessitates a change from existing deployment models. It highlights the need for implementing automated certificate management tools and incorporates the additional costs and time to deploy it as part of the network infrastructure upgrade.
Software and Cryptographic Bills of Materials
SBOMs are gaining traction as one of the key ingredients of the software development lifecycle. The RSA Conference also included some interesting sessions and demonstrations of adversarial use of SBOMs and developing guidance on how to correctly use them.
From the security perspective, cryptographic bills of materials (CBOMs) provide a mechanism to track cryptographic assets and their dependencies. It also provides a path toward introducing and tracking quantum-safe solutions by making it easier to track deprecated ciphers. This is one area with rapid development and many vendors demonstrating SBOM tools and SBOM best practices.
Other Hot Topics
Other notable technologies and topics covered at the conference included:
- Zero Trust and Identity Protection — Identity compromise continues to be a top threat and the root cause of data breaches. With the current trends around remote work, virtualization and cloud deployments, data and identities are now stored outside of corporate perimeters. Incorporating a zero-trust model (never trust, always verify) plays a crucial role in protecting identity and corporate assets.
- Multi-Factor Authentication — More and more companies are moving towards MFA to reduce account compromises. However, different attack methods to bypass MFA — like MFA fatigue, SIM swapping and session hijacking — complicate this.
- Post Quantum Cryptography (PQC) — The discussion around PQC continues with the general guidance that the industry incorporate a “hybrid mode” of deployment for any new cryptographic solutions. As of August 2024, there is not yet a stable quantum computer capable of widespread practical use; however, cybercriminals continue to steal encrypted data with the expectation of decrypting it in the future. NIST plans to publish the first set of PQC standards by the end of this summer.
The RSA Conference is the flagship conference for cybersecurity experts. This year it brought together 41,000+ professionals, 650 speakers across 425 sessions and over 600 exhibitors in San Francisco. Read more about these cybersecurity trends and more RSA Conference topics in the tech brief, available exclusively to CableLabs member operators.
Did you know?
In addition to in-depth tech briefs covering events like the RSA Conference, CableLabs publishes short event recap reports — written by our technologists, exclusively for our members. Catch up on recent recaps (member login required).