An Insight into RSAC 2023: 6 Keywords of RSAC 2023

An Insight into RSAC 2023: 6 Keywords of RSAC 2023

junho 7, 2023 | NSFOCUS

Keyword 1: Stronger Together

Alone we can do so little; together we can do so much.” – Helen Keller

The theme of this year’s conference is “Stronger Together”. What does “Stronger” mean? What is the specific scope to be “Together”?

“Stronger” refers to the ability of the business itself to resist security risks. Although defensive measures must be taken to achieve strong capability, it is also necessary to consider network security at the very beginning of the business design and try to achieve endogenous security.

“Together” means that it is not possible for any organization or sector to do a good job in network security independently. All of them should work together to build a security system around the full life cycle of assets.

Keyword 2: Web 3.0

Web X.0 is generally used to summarize distinct directions and characteristics of Internet technology at a certain stage.

Web 3.0 appears in some topics. What does Web 3.0 mean specifically and what does it have to do with network security?

Web 3.0 emphasizes the popularization of Artificial Intelligence (AI) technology and the concept of decentralized data storage. ChatGPT, a recent hot topic, is one representative of Web 3.0 technologies.

In the Web 3.0 environment, the security issues of distributed storage technologies such as AI technology and blockchain will become more critical. These innovation directions in the field of network security are also the key research directions of NSFOCUS in recent years.

Keyword 3: Security Operations

The security operations is a complex system engineering that solves the network security risks faced by assets through technology, process and human-computer integration.

Every year at the RSA Conference, there will be a lot of topics about security operations, which may also be the area where security practitioners are most exposed. What are the differences in this year’s discussion about security operations?

With regard to security operations, the concepts of security left shift and DevSecOps, which have always been emphasized, are still widely discussed this year. At the same time, a series of technologies led by XDR are enabling more flexible security operations.

Cloud and virtualization technologies also enable organizations to obtain high-quality security operation capabilities through cloud computing-based security operation platforms. NSFOCUS proposed the concept of SOC-as-a-Service, and spoke at this year’s RSA Conference on the topic: NSFOCUS: Reshaping Cyber Security with the Evolving SOC-as-a-Service.

Keyword 4: Supply Chain

A supply chain is a link in an organization’s IT assets that consists of dependent components developed and operated by a third party.

Many issues related to supply chain security emerged at this year’s RSA Conference. Is supply chain security important?

In a narrow sense, there are few products that are completely self-developed. Almost all products use third-party libraries or open-source software. That’s why the consequences of the Log4J security event are wide-ranging.

In addition, the application of new technologies also needs to rely on new supply chains. Some previously ignored supply chain nodes (supply chain security), such as third-party cloud services and third-party data, have begun to attract attention with the development of cloud computing and AI technology.

Keyword 5: Cryptography

Cryptography is a technical science that studies the preparation and decoding of passwords.

There are many cryptography topics on the RSAC agenda. What are the more cutting-edge cryptography topics this time?

Quantum computing makes some mathematical problems no longer difficult for computers, leading to encryption methods based on these mathematical problems, such as RSA, can be cracked by computers. Post-quantum cryptography is committed to studying encryption algorithms that cannot be cracked in the context of quantum computing. Some topics introduce some initial implementations of this technology.

Privacy computing is committed to making data available and invisible through cryptography to protect confidential plaintext data and user privacy. Some topics this time introduced the application scenarios of privacy computing in financial technology and machine learning.

Keyword 6: Data Security/Privacy Protection

What about the discussion on data security compliance governance and privacy protection?

The topics of data security and privacy protection still occupy a large proportion of this conference. What are the main concerns in this field?

Technically, some topics discussed the practice of using new technologies and concepts such as zero trust architecture and AI technology to creatively empower related work.

From the perspective of the environment, the cloud environment, especially data security and privacy protection in the public cloud and hybrid cloud are key issues of this conference.

From the perspective of attack and defense, ransomware, as an important means of attack in data security and privacy leakage events in recent years, has been given priority attention by the industry. Some topics discussed the specific practice of ransomware governance.