RSA Conference 2024 Trends: Offensive Security, Continuous Pentesting, and GenAI with BreachLock’s CEO

The theme of this year’s RSA Conference was “The Art of Possible”- and as Dr. Hugh Thompson, Executive Chairman of RSAC and Program Committee Chair, highlighted in his keynote speech, “It’s a phrase that, on the one hand, is meant to inspire hope, but it also serves as a warning. We should never underestimate what is possible by our adversaries.”
Seemant Sehgal, BreachLock’s Founder & CEO, and Christopher Clark, Director of Sales, sat down at the end of RSA to recap their conversations with fellow practitioners and highlight their observations from the show floor, including the increased emphasis on Offensive Security, genuine interest in continuous penetration testing, growing concern for GenAI security risks, and how cybersecurity providers can help solve these risks. Watch the video to learn more about these topics.

What is Offensive Security?

As Sehgal highlighted in the video, offensive security encompasses proactive cyber strategies, utilizing specialized tools that not only yield measurable ROIs but also outperform traditional defensive solutions. The objective of offensive security is to identify security gaps and fix vulnerabilities before exploitation as opposed to doing damage control post-breach, saving organizations valuable time, resources, mental and financial stress, and their reputations.
Offensive security solutions include:

1. Penetration Testing as a Service (PTaaS)
2. Continuous Pentesting
3. Attack Surface Management (ASM)
4. Breach and Attack Simulation (BAS)

What is Continuous Pentesting?

Our team took note of the heightened level of interest in continuous penetration testing at this year’s conference. Sehgal explained that annual or even periodic penetration testing is no longer enough to keep organizations ahead of the evolving threat landscape. Sehgal emphasized:

• Human-led penetration testing should be conducted by OSCP, OSCE, and CREST-certified experts. This is an excellent start to proactively identify and prioritize vulnerabilities for remediation.
• Automated pentesting or continuous pentesting involves conducting self-service scans.
• BreachLock believes a combination of both approaches or a hybrid approach, utilizing both human-led and continuous scanning is the best solution, enabling organizations to fill in the gaps and remove the guesswork relating to their security posture between quarterly or periodic penetration testing exercises.

What is GenAI?

GenAI is capable of generating text, images, videos, or other data using generative models, often in response to prompts. GenAI models learn the patterns and structure of their input training data and then generate new data that has similar characteristics.
What are the GenAI Risks?
While the capabilities of GenAI are plentiful, they also present risks. In the video, Sehgal explains the following risks in relation to GenAI:

1. GenAI Expands the Attack Surface: Businesses need to secure GenAI applications that introduce new attack surfaces.
2. Hyped Security: Cybersecurity products using GenAI have yet to directly detect or prevent threats.
3. LLM Concerns: GenAI introduces new risks related to data privacy, especially considering that threat actors have access to LLM technologies.
4. GenAI Integration: As organizations integrate GenAI, cybersecurity providers must adapt to changing processes.

What’s Next in the Offensive Security Market?

Sehgal mentioned four key trends for the Offensive Security Market:

1. Focus on Continuous Threat & Exposure Management.
2. Focus on continuous security testing.
3. Focus on consolidation to one platform play. BreachLock offers ASM & PTaaS in one platform to enable security teams to:
   1. Continuously discover data breaches on the Dark Web
   2. Gain a clear understanding of their attack surface
   3. Prioritize vulnerabilities for pentesting
4. More innovation and an integrated approach to offensive security.

About BreachLock

BreachLock is a global leader in Continuous Attack Surface Discovery and Penetration Testing. Continuously discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing and Red Teaming.
Know your risk. Contact BreachLock today!