APIs and Shift Left Security Report w/ RSAC Wrap


By: R. Scott Raynovich

We recently attended the RSA Conference (RSAC), which I have been attending on and off since 1994. This iconic conference shows the cybersecurity boom remains in full swing, with nearly 50,000 people and 700 companies estimated to be in attendance.

Attack threats are ever-increasing, and board-level awareness of cybersecurity threats continues to grow. But it’s clear that after years and billions of dollars of investment, new approaches are still needed. Many security professionals continue to have gaps in visibility and would like more assistance in integrating their cyber approach.

We picked up on a number of strong themes at the conference, including new trends in shift left security, API security, and AI. This report is published just two weeks after the show to highlight some of the strongest trends and hottest companies in the shift left security markets.

APIs, AI, and Code Represent New Threats

New threats such as code-level threats, open-source software, and threats to APIs and AI are complicating the situation. Combine this with the view that organizations will have to keep a more careful eye on the security of their code and data in the cloud, and we have the beginning of long trend we are tracking, which we are calling shift left for cybersecurity.

Shift left encompasses several areas, but the key elements include API security, securing business logic, and supply-chain security – ensuring that the code, APIs, and data platforms companies use are secure and in proper compliance. The idea of shift left is that security code and policy can be implemented earlier in the development process, such as a zero-trust policy approach that verifies code from several vectors to stop threats before they become part of the application fabric.

AI, SASE, and CNAPP Integrations

There was also lot of discussion around the impact of AI and machine learning on cybersecurity at the RSAC 2023. As is typical in the cyber market, AI can be used both for and against security. Just as AI/ML technologies are increasingly used in real-time analysis and threat hunting, they can be used to create new attacks and breaches. The new boom in generative AI also can make things more fluid for both the good guys and the bad guys.

Other topics that were hot: Secure Access Service Edge (SASE), as always, was popular. We are also seeing more discussions about how a cloud-native application protection platform can be integrated with other tools and platforms, a focus of announcements by Wiz and SentinelOne.

This report includes a detailed breakdown of the trends and needs in API security, as well as the leading companies. In addition, we highlight some of the newer trends and news announcements we heard about at RSAC.

Companies mentioned in this report: Cequence, HiddenLayer, Neosec (Akamai), Noname Security, Salt Security, Orca Security, SentinelOne, Wib, and Wiz.

Total pages: 15

Cost: FREE

Download the report now and see all of our insights from RSAC!