What’s New In Cybersecurity — Takeaways from the RSA Conference

By James Green

The team at CRV just attended the RSA conference in downtown San Francisco, a premier information security conference, and came away with several key takeaways we want to share with the community. While we met several new faces it’s always nice to see old friends across the CRV family. We caught up with CRV’s burgeoning security portfolio — companies like Cribl, Cybereason, Impart Security, Fleet, Project Discovery, Greynoise, and many more were in attendance.

In a year with banking crises, the rise of AI and a push for corporate efficiency, the conference highlighted the challenges and opportunities facing enterprises in today’s rapidly evolving cybersecurity landscape for founders and buyers alike.

Maybe the most obvious, if you spend five minutes on Twitter, takeaway is the growing trend of enterprises deploying Large Language Model (LLM) solutions and interacting with OpenAI and other AI-powered systems. Interestingly many CISOs are pushing their development teams to use open source LLMs and deploy them inside their environment, so they can reduce the attack surface. While CISOs agree that these technologies offer significant benefits, such as improved efficiency and accuracy, they also raise security concerns such as data leakage, PII, prompt injection or even unauthorized users gaining access to company specific LLMs and stealing information. Clearly, enterprises must ensure that their LLM solutions have adequate security measures in place to protect sensitive data and prevent unauthorized access before we see ubiquitous deployment, in production, within large enterprises. HiddenLayer won the RSA Sandbox this year, but other companies like Protect AI, Calypso AI and Credal all are working on solutions for this area.

Interestingly over the years cybersecurity companies have sprung up almost in unison across the US and Israel. Israel has 8200, IDF and many of the top cybersecurity groups in the world. As Wiz grew in Israel, Lacework grew in Mountain View, California and this has been repeated across all the Gartner cyber categories. So far, this has not been the case with AI companies.

Many of the foundational AI companies (OpenAI, Google, Databricks, Anthropic, etc.) are mostly based in the US and we’re seeing more “AI first” security companies come out of the US. Thus, it makes sense that we’re seeing more AI first companies come out of Silicon Valley. Even in a remote world, network effects and proximity still play a part. This will likely change as LLMs are consumed globally and LLMs become commoditized, but an interesting trend nonetheless as cyber AI starts to become a category.

Identity was the second large category. Enterprises have realized that existing legacy identity solutions are no longer sufficient for the new security environment. CISOs are looking for a range of identity solutions, including human-to-machine identity solutions, app-to-app security and machine-to-machine identity vendors who can cover the next generation cloud native applications and also address on-premise architecture. This highlights the need for more comprehensive and adaptable identity solutions that can meet the evolving security needs of today’s enterprises and take advantage of existing budgets. This is a wide category and we met numerous companies addressing this in different ways (there are lots of different budget lines here), but it’s hard not to be impressed with folks like Lumos, Opal, Spera and far too many to name.

The third takeaway was that existing Source Code Analysis solutions are not sufficient, even those that have “shifted left” and empowered the developer. The sheer amount of noise generated by these solutions can make developers slower and less effective because not all “alerts” are actually relevant for specific applications if particular packages are not being accessed. This highlights the need for more effective and streamlined solutions that can better identify and prioritize security issues while also maintaining that developers need to be empowered when thinking through security. Snyk, Cycode, Endor and others are pushing the boundaries of what is possible here with the introduction of LLMs and we’re deeply excited to see what’s next.

The fourth takeaway was the growing importance of LLM-powered search for security metrics. As users become accustomed to this “chatGPT” like search — it’s becoming a question of when, not if, this becomes actionable for metrics. We’ve seen this trend emerge in the modern data stack and think that security is likely a large market for this sort of solution. Today, CISOs have analysts run SQL queries on databases, SIEM data and a variety of tools to answer basic questions on attack surface, vulnerability posture, and threat intelligence. Over time, this LLM technology should enable enterprises to ask natural language questions about their security settings, software, posture, and more, allowing them to better understand what is going on and take appropriate action. This is early but we are deeply interested in the impact of this sort of technology on the SOC/CISO operations.

Finally on the value of being efficient, numerous companies (who will remain anonymous) have said that while budget remains mostly flat, they are still being asked to do more with their current stack and headcount reductions are being discussed each quarter. New solutions that cut spend but take from existing security spend will likely be the most compelling for CISOs over the upcoming quarters.

If you are a security founder thinking about any of these categories or others, who is looking for a partner with a proven track record across any kind of economic environment, our team with its more than five decades of experience working alongside talented entrepreneurs, would love to connect with you.