RSAC 2023 Sees Big Moves From SentinelOne, CrowdStrike, Google Cloud, Accenture
While RSA Conference 2023 featured announcements from many in the cybersecurity space, four companies had multiple new offerings to showcase at the massive industry event.
Among the hundreds of cybersecurity vendors and service providers that packed onto the show floor at the RSA Conference 2023 this week, a large number of them announced new products and services in connection with the event.
But a few had more new things in store for the show than others.
The massive security industry conference in San Francisco — widely seen as the first full-throttle RSAC since the onset of the pandemic — prompted multiple announcements from SentinelOne, CrowdStrike, Google Cloud and Accenture.
[Related: 10 Cool New Cybersecurity Tools Announced At RSAC 2023]
In a few of the cases, these companies teamed up among themselves to jointly announce new cybersecurity product or service offerings, several of which involved generative AI and helped to drive the widespread focus on the topic throughout the four-day conference.
CRN spoke with top executives from SentinelOne, CrowdStrike, Google Cloud and Accenture during RSAC 2023 to hear more about their latest product and service announcements.
SentinelOne’s first big product announcement at RSAC 2023 shows where the company is going next in its efforts to bring greater automation to cyber defense, SentinelOne co-founder and CEO Tomer Weingarten said during an interview at the conference.
The new threat hunting tool, dubbed Purple AI, is the first in a series of planned products that will be powered by generative AI.
“I think for us, it’s a whole new way to reimagine cybersecurity,” Weingarten told CRN. “What it can do — even today in the limited preview that we put out there — is astounding. It takes any entry-level analyst and makes them a ‘super analyst.’”
SentinelOne trains the large language model behind Purple AI “with so much security operations data that you virtually create a machine-human analyst with unlimited scale — because you’re not limited by the amount of flesh and blood that’s behind it,” he said. “And it’s a know-all being with whatever you feed it. And it works at speed that a human can’t. And in security, all these things just mean that you can traverse through more data with more speed with more accuracy. And just automate automate away a lot of the grunt work in cybersecurity.”
In other words, “Purple is the future,” Weingarten said.
The large language model that’s helping to power Purple AI leverages both open-source and proprietary offerings, including OpenAI’s GPT-4, the company said.
After debuting Purple AI on Monday, SentinelOne followed up with the unveiling of its Singularity Security DataLake on Tuesday. The offering promises to ingest data from security products — including a number of third-party tools — and unify it in one place for automated analysis.
The Singularity Security DataLake ultimately can perform anomaly detection across the data sources, helping security teams to stop attacks more quickly, according to SentinelOne.
The data lake also works in tandem with Purple AI, which “sits on top of the data lake so that it has access to all the data that you put in,” Weingarten said.
Whether it’s a firewall, email security product or identity security tool, “now Purple can answer questions from all of these different sources,” he said. “And that’s where it becomes just immensely powerful.”
SentinelOne had a third major announcement at RSAC 2023, as well, with the disclosure that early availability has begun for the company’s “exclusive” integration with Wiz, a fast-growing cloud security vendor that recently became the top-valued cybersecurity unicorn at $10 billion.
The integration is between SentinelOne’s cloud workload protection platform and complementary capabilities from Wiz, including its widely used cloud security posture management technology. The move is “really about creating a more-seamless experience” for partners and customers, through simplifying management and creating “compounded value by joining two separate parts of cloud security into one cohesive fabric,” Weingarten said.
Assaf Rappaport, co-founder and CEO of Wiz, told CRN that this type of tight integration between two widely deployed cybersecurity vendors can help meet the rising demand for tool consolidation from customers and partners.
“Everybody talks about consolidation,” Rappaport told CRN this week, but it doesn’t necessarily need to be vendor consolidation. Instead, SentinelOne and Wiz are working together to create “platform consolidation [around] how these things work together” to achieve the same improved outcome for partners and customers, he said.
Cybersecurity giant CrowdStrike had a pair of announcements at RSAC 2023, including what it called the first-ever detection and response (EDR/XDR) offering for ChromeOS devices.
The new offering, which arrived through an expanded partnership with Google, eliminates the need for MDM (mobile device management) on ChromeOS and allows users to secure devices across all of the major operating systems — Windows, macOS, Linux and now ChromeOS — through a single console via the CrowdStrike Falcon Insight XDR platform.
Other key capabilities in the ChromeOS threat detection and response offering include native ChromeOS XDR for improved visibility and faster incident triage and response, through orchestration and automation of notifications using detections from the integrated CrowdStrike Falcon Fusion tool.
Meanwhile, CrowdStrike announced a second new offering this week that also aims to make life easier for security and IT teams. CrowdStrike and observability startup Cribl introduced a new tool that simplifies the method for getting security and IT data onto the CrowdStrike Falcon platform. The new offering, CrowdStream, is powered by the open observability platform from Cribl, a venture-backed company whose investors include CrowdStrike.
The CrowdStream platform natively connects third-party data sources to CrowdStrike Falcon using the Cribl observability pipeline, simplifying and lowering the cost of bringing data onto the Falcon platform, the companies said. Third-party products that CrowdStream can work with include security information and event management (SIEM) tools, firewalls and essentially “any source” — even products outside of cybersecurity, according to Daniel Bernard, chief business officer of CrowdStrike.
The offering ultimately aims to accelerate adoption of CrowdStrike’s XDR and log management technologies, while also helping to aggregate data for the training of AI and machine learning models.
In order to accelerate the deployment of XDR, the key is to “get more data in the platform,” Bernard said during an interview at RSAC 2023. And Cribl, he said, is “leading the market right now when it comes to data movement.”
“In terms of expediting and accelerating XDR, I think that’s something that is highly topical. We’re not just talking about it. We’re doing it,” Bernard said.
The launch of CrowdStream also follows another big move by CrowdStrike to help drive faster adoption of XDR. The company last week unveiled Falcon Complete XDR, a new managed XDR offering that aims to make the technology applicable to more customers and partners than it has been to date.
At RSAC 2023, Google Cloud announced its Security AI Workbench offering that’s powered by a new, security-specific large language model known as Sec-PaLM. The model utilizes Google Cloud’s security intelligence via Google’s broad visibility into threat data and Mandiant’s esteemed threat intel around vulnerabilities and malware, as well as threat actors and threat indicators, according to Google Cloud.
“We have a unique opportunity in Google where we actually have both the infrastructure to cost-effectively deliver next-generation AI, but also to infuse it with threat intel, and a lot of data to train our own large language model,” said Sunil Potti, vice president and general manager for Google Cloud’s security business, in an interview.
“So rather than just say we’re using a Google version of the large language model, we’ve actually built a new security LLM.” While Sec-PaLM is based on Google’s LLM, “it’s customized and purpose-built—custom-trained—using security-related data coming from all of our sources that we have currently,” Potti told CRN.
The Google Cloud Security AI Workbench is aimed at helping to reduce the overload from threat data and the large number of security tools in use, the company said. Customers will be able to provide their private data to the Security AI Workbench platform only at inference time to enhance privacy, Google Cloud said.
The first place Google Cloud will be implementing Security AI Workbench is with a new offering, VirusTotal Code Insight, that uses the technology to analyze potentially malicious scripts and explain their behavior, ultimately helping to improve the detection of which scripts are a real threat, Google Cloud said. The offering is now in preview. Other offerings using Security AI Workbench “will be available in preview more broadly this summer,” the company said in a post.
Rocky Giglio of SADA, a major Google Cloud partner, told CRN that the new generative AI-powered offering does bring a lot of potential for improving cybersecurity.
“We all know Google is really good at AI. They’re good at machine learning, they’re good at data. And so bringing that powerhouse to security intelligence, hopefully, will bring a lot of really good impacts for our customers — lower cost of operation, better insights into those datasets,” said Giglio, who is director of security go-to-market and solutions at Los Angeles-based SADA.
Ultimately, while many vendors announced new products leveraging generative AI at RSAC 2023, none of them have the data that Google possesses, he said.
“It’s significant, purely because the intelligence is going to be better,” Giglio said. “If I have more data — more intelligence about what’s really happening out there — then my predictions are going to be more accurate. The alerts that I’m generating are going to be more accurate. I can cut through the noise more effectively.”
In terms of Accenture’s announcements, the first to arrive this week at RSAC 2023 also included Google Cloud and its new generative AI technology. The IT consulting giant announced that it’s expanding its partnership with Google Cloud around cybersecurity, with the launch of new Managed Extended Detection and Response (XDR) service powered in part by the Security AI Workbench offering.
Accenture, No. 1 on CRN’s Solution Provider 500, expects to see strong demand from customers for the service going forward, due to the fact that “this is something that is not really available in the market,” said Paolo Dal Cin, global head of Accenture Security, in an interview with CRN.
The Accenture partnership is a chief example of how Google Cloud is working to “democratize access” to security-focused generative AI in tandem with its partners, Potti said.
Google Cloud is doing so initially with partners such as Accenture, which have the “vast amount of data to build that synergy,” he told CRN.
Taking that approach with generative AI “is how you actually bring step-function value to the security ecosystem,” Potti said, “versus just [offering] a chat interface.”
The Accenture Managed XDR service is also built on the cloud-native SIEM platform from Google Cloud, Chronicle Security Operations, and leverages threat intelligence from Mandiant.
The Security AI Workbench provides Accenture’s security analysts with improved productivity and faster access to Mandiant threat intelligence, which is embedded in the offering and can be leveraged through the generative AI interface, according to the companies.
As an example, the system might enable an analyst to more quickly determine — in part through using the embedded threat intelligence — that certain findings in an environment appears to represent a novel pattern of activity, Potti said.
In a second announcement from Accenture, the company announced an expansion of its partnership with cybersecurity giant Palo Alto Networks during RSAC 2023, focused around delivery of secure access service edge (SASE) technology.
The joint SASE solutions from the two companies will be powered by Palo Alto Networks’ Prisma SASE platform, and will be delivered with a number of integrated services. Those include diagnostic and advisory services, implementation services and managed services — with a “SASE-as-a-Managed-Service” option for end customers, according to Accenture and Palo Alto Networks.
“As we talk to clients about their next-generation network strategy, SASE and SD-WAN are super important,” said Ryan LaSalle, a senior managing director and North America lead for Accenture Security, during an interview at RSA Conference 2023.
Those technologies are critical to “how they’re going to modernize the flexibility and agility of their environment, and how they’re going to reduce the overall operational risk of their business,” LaSalle said.
At the same time, Accenture also excels at helping customers to address their identity management and security needs — which can produce a powerful offering for customers when combined with SASE, he said.
That combination — of identity and SASE — “is the formula for zero trust for our clients,” LaSalle said. “And it’s going help them get it right.”
Ultimately, in terms of Accenture’s work with Palo Alto Networks, “we’ve had such great success with them as a partner in the market,” he said. “This is a little bit of us solidifying those successes and making it more repeatable for our clients.”