RSA Conference 2024: More AI, Less XDR

This week, along with many others, we attended the RSA Conference 2024 at the Moscone Center in San Francisco. We were surprised at how few companies highlighted XDR marketing campaigns, especially compared to the activity at RSAC 2023. Unsurprisingly, Artificial Intelligence (AI) was the more prominent marketing message. We also saw a power-play by security heavy-weight Palo Alto Networks; It decided not to attend RSAC 2024 and instead held a mini-conference of its own at its headquarters to highlight its new AI-related offerings. And, last, we saw a change in how Observability companies position themselves somewhat more as Security companies than they had in the past.

XDR. A year ago, we think the CyberSecurity industry was looking for a new acronym to glom onto, following all the excitement and traction of SASE, and collectively, that was XDR. This year, though, the excitement died down somewhat. Perhaps that’s because XDR is hard to define (and some describe it as quite similar to EDR, NDR and SIEM), or perhaps because AI sucked up all the marketing and product development budgets leading into RSAC24. Trellix, interestingly, was very prominently marketing XDR, while companies like Fortinet, Cisco and Palo Alto barely mentioned it.

AI. Since ChatGPT was released about half a year before RSAC23, it and many Generative AI technologies have been rapidly adopted by many industries. This week, and in the weeks running up to RSAC24, we saw numerous Cyber companies announce initiatives that can be put into perhaps two categories: (a) AI for Security and (b) Security for AI. For instance, in mid-April, Cisco announced Hypershield, which is described as an impressive, new type of firewall that leverages AI. Likewise, in early April, Fortinet announced at its partner conference, its FortiAI capabilities. And this week, some twenty miles from the RSAC24 show, Palo Alto Networks announced AI Access, AI SPM, and AI Runtime, as well as AI enhancements coming to existing products; these are in beta and expected to be available in 2H24.

Observability. Since Cisco closed on the acquisition of Splunk, tying it for first place with Palo Alto Networks in the total Security market defined by the various Security market segments we track, we’ve seen both Cisco and others emphasize Observability more while, at the same time, Cisco is associating Splunk with Security. Take, for instance, privately-held, hyper-growth startup Cribl, which just surpassed the $100M Annual Recurring Revenue (ARR) benchmark recently was a prominent vendor at RSAC24, highlighting its security capabilities while on stage with two other security companies (Armis and Cato Networks). On the other hand, Cribl also heavily marketed its new “Data Engine for IT and Security” vision in meetings with the fast-growing vendor, calling its Cribl Lake product which expands beyond security and observability as its “act two,” in its evolution as a company.