Last week, I spoke at The-C2 conference in London. The-C2 conference is an invite-only threat intelligence conference run by the team at SE LABS. The core themes of the event were timely and provoked interesting discussion: artificial intelligence, supply chain security, and cyber hygiene. All three of these dominated the conversations surprisingly equally and were — unsurprisingly — very interlinked. Below are a few thoughts on each coming out of the conference.

Generative AI Innovation In Security Tools Starts Now

We’ve had over two years of generative AI (genAI) developments in security tools, from copilots to AI analyst claims to a resurgence of the autonomous security operations center. “The Blob” strikes again! Yet we’ve seen that many of the features introduced aren’t providing the value that analysts really need. The most common use cases have been content creation (such as human-readable case descriptions or query language conversion) or knowledge articulation (such as chatbots).

  • Human-readable case descriptions are novel, but few security professionals want to read paragraphs on paragraphs of text instead of getting a fast and direct answer.
  • Query language translation from human language is interesting but is only really effective for simple queries. Plus, it may give you less efficient output.
  • Chatbots can be fun to interact with but take the analyst out of their workflow and require even more context switching to use, negatively affecting analyst experience.

There are a few cases where genAI features have been very useful, such as automating report writing, translating and localizing between human languages (i.e., Japanese to English, etc.), and script analysis. But the true innovation is on the horizon with AI agents.

Some vendors have already released agents that automate alert triage for phishing use cases and some others, including endpoint. Others have built generative AI features to simplify security information and event management (SIEM) migration via translation between SIEM query languages and parsers at scale. The combination of simplifying mundane tasks and doing it all at scale in an explainable way is driving better outcomes for analysts. These innovations are where security professionals should be looking for feature enhancements.

Supply Chain Resilience Is A Messy Hair Ball That’s Just Getting Messier

Supply chain resilience comes from two sides: securing the software supply chain and building resilience with the nth-party vendors you use via third-party risk management. The software supply chain becomes more complex as generative AI applications grow, particularly when it comes to understanding how data is being used and how to protect it. In some ways, it’s the same old principles. In others … it’s a bit different.

One of the highlights of the conference was the conversation around software bills of materials (SBOMs). SBOMs should be a critical requirement for software providers to produce, as they enable teams to know exactly what software is being used and why. And yet the industry has lagged. In my Forrester Wave™ evaluations, I always include a question regarding SBOMs to push security vendors to lead the charge in providing better visibility for customers into their software supply chain.

None Of This Matters If You Don’t Do Basic Security Hygiene

Enterprise cybersecurity is all about managing trade-offs and resources. All the flashy new technology in the world may help solve the problem but only incrementally. In contrast, if you have a list of critical common vulnerabilties and exposures that you haven’t patched, prioritizing and addressing the ones at the top can have a major, positive impact. Forrester’s research on proactive security strategies shows how to continuously enhance visibility, prioritization, and remediation while customizing prioritization to your business case.

We expect these three topics to be major themes in 2025. Check out our report, Top Recommendations For Your Security Program, 2025, to read more about how to defend against the most important changes happening this year.

If you have more questions about AI, supply chain resilience, or security hygiene, book an inquiry or guidance session with me or one of my colleagues.