Talking security at the RSA Conference in San Francisco

Shortly after we announced that we are officially open for business in the US, our team attended the world’s biggest security conference, RSA, at the Moscone Center in San Francisco, California. We were proud to be at RSA for the first time.

RSA is where the world talks security. The four-day event, held during 24th – 27th April, attracted 45,000 participants from around the globe to attend scores of presentations, conferences, awards ceremonies and the opportunity for unlimited networking.

As always, meeting people to share ideas, discuss collaborations and solve problems is the most important element of any conference. For our team in San Francisco, it was great to spend so much time, over several days, with Microsoft executives including Vasu Jakkal, Kelly Bissell, Bret Arsenault, Maria Thomson, Katherine Rooks, Nomi Nazeer, Cedric Depaepe.

“These meetings affirmed the incredible depth of our partnership with Microsoft and give us confidence in our plans,” says Federico Charosky, Quorum Cyber’s Founder and CEO.

Shortlisted for two awards

We were also at RSA as a double-finalist in the Microsoft Security Excellence Awards 2023, organised by the Microsoft Intelligent Security Association (MISA), of which we’re a member. Only five other companies of the 400+ that entered these awards made it to two category finals – so it was quite a feat for us given that we’re in only our eighth year of business defending organisations worldwide against known and emerging cyber threats.

“It was an incredible honour to be a finalist in two categories,” says Federico. “We’re looking forward to bringing those awards home next time, as well as expanding our nominations into other categories as we continue our journey of building the strongest Microsoft partner in cyber security.”

Expanding our business in the US

As we expand our team in the US, RSA also provided a great opportunity for some much needed face-to-face interactions with new staff, and new joiners to the team. “It was great to spend time with people I don’t get to see as much, and it reinforces the importance of physical collaboration, socialising and everyday interactions,” explains Fede. “I will personally be spending a lot more time in the US as I lead the expansion from the frontlines. I can’t wait to be back in two weeks for two weeks of Gartner events, Microsoft workshops, and customer visits.”

Demonstrating our XDR service

MISA had invited us to demonstrate our Managed Extended Detection & Response (XDR) service at RSA. Our US Solutions Director Ricky Simpson, who is based in California, and our Microsoft Alliance Manager Nathan Heard spent an afternoon slot on Microsoft’s MISA partner stand. They highlighted the seamless collaboration between Quorum Cyber and our customers when a cyber incident occurs.

“We showed a scenario where a rogue ChatGPT site was created with ransomware embedded into a download it was prompting users to perform, and tracked the initial incident all the way through to resolution,” explains Ricky. “We highlighted where our analytics rules and threat intelligence help make sense of the noise being generated, as well as the human element of Security Operation Centre experts who enrich incidents with powerful context and insights.”

Product news from Microsoft

During the conference, Microsoft announced some new features landing in Microsoft Sentinel. Workspace manager is a new way for Managed Security Service Providers (MSSPs) to group together and target releases to the various workspaces that they have a view over. “This simplifies the way that new content (analytics rules, playbooks, etc) are deployed at scale. Thanks to our closeknit relationship with the Sentinel product group, we’re already making use of this feature with our customers,” says Ricky.

Microsoft is also changing the way that threat actors are named and classified. After receiving feedback that some of the taxonomy choices had limitations and were often confusing, Microsoft has designed a brand new taxonomy from the ground up, focusing on using weather conditions to describe various entities from around the world, including nation-states. So, Russian backed threats will now be referred to with ‘Blizzard’, China with ‘Typhoon’, financially motivated groups have been assigned with ‘Tempest’ and private-sector offensive actors tagged with ‘Tsunami’.

“This should improve the general understanding of the kinds of threats that are active at any time, and Microsoft has begun to implement this new taxonomy immediately,” says Ricky.