Skip to main content

The Future of Identity Security: Insights from CyberArk IMPACT 24

Nashville skyline illustration, with abstract musical and identity security and machine identities notes.

CyberArk IMPACT 24 in Nashville was a week packed with firsts for me:

  • My first time in Nashville.
  • My first time at our flagship global event.
  • My first time being involved in a genuinely significant acquisition: Monday’s Venafi announcement.

And not to be too trite – IMPACT 24 is a conference, after all – it was a week packed with The New. Day One of IMPACT is typically a quieter day, with many side events and no keynotes, serving as the calm before the storm. This time, Day One began at 7 a.m. with the zero-to-sixty-mph-in-three-seconds news that CyberArk announced the $1.5 billion acquisition of machine identity management leader Venafi.

As well as sparking an immediate media frenzy, this news and what it means for identity security – particularly for securing machine identities – infused the whole IMPACT 24 event. CyberArk CEO Matt Cohen talked about it in terms of broken models and the need to change, to introduce new thinking and a new model. He drew a parallel with the record industry. He took us back to the days of buying a vinyl album from a physical store and listening to it all the way through*. He then reminded us of what happened to that industry and its once-major players when they stayed still. They waited for events to happen to them instead of driving the change, many soon ceasing to exist as a result. A guest speaker on Day Three perhaps put it best: “Waiting for something to occur is not a luxury that firms have anymore.”

Matt also discussed the need for a paradigm shift in how we secure identities, a framework that will create a better path to the desired result. Why is this necessary? We all face immense and growing identity challenges, and how we currently secure these identities is often siloed and inefficient. But they must be secured; it is critical to do so. As another speaker from a global consultancy firm bluntly stated, “Everything bad that happened to your organization started with a compromised identity.”

The Future of Identity Security: Harnessing the Power of GenAI

The proliferation of identities was a thread running through many of the IMPACT 24 talks from the CyberArk team and our customers and partners. Organizations have so much more to deal with today than in the quaint, dim-and-distant days of, say, five years ago. Security has moved from perimeter-based to identity-centric and can only be delivered effectively through the use of automation built on Zero Trust principles. In the succinct words of one of our customers on what multi-cloud means for his organization’s employees, their identities and access demands, “It’s global, it’s everywhere, it’s all hours.”

How is this new paradigm of identity security going to be delivered? New paradigms are not just about knowing where you want to get to – they must include how you get there – or they’re just hot air. GenAI was, of course, a key theme of the conference and will be one of the building blocks of this new model of securing human and machine identities. GenAI has changed our relationship with data, allowing us to interact with it more conversationally rather than simply searching for it. GenAI will play a pivotal role in attacks by enabling the democratization of advanced attacks. It will also be central to cyber defenses. At IMPACT 24, the announcement of CyberArk CORA AI represents, in part, how this new model will be delivered through a new set of AI-powered capabilities that, over time, will be embedded across the CyberArk Identity Security Platform.

A Look Back: (a Couple of) My Favorite IMPACT 24 Moments

I mentioned at the outset that this was my first time at our flagship U.S. conference. Our IMPACT World Tour events take place throughout 2024 and are a great way of bringing the experience closer to our customers, but Nashville is on a larger scale. Among the many aspects that I enjoyed:

   1. CyberArk Labs sessions are always a favorite of mine, particularly when VP of Cyber Research Lavi Lazarovitz presents. As usual, he didn’t disappoint at IMPACT 24. The big reveal included his team’s work on attacking AI models via malicious prompts. They used the privileged access of an AI model to send data to attackers and jailbroke large language models (LLMs). By taking advantage of their design flaws, they manipulated the LLMs to share information they were not supposed to. These included psychological manipulations, context attacks and moral bugs, where certain words and phrases overcome the LLM restrictions.

   2. One of the event’s highlights was the Day Three fireside chat with CyberArk VP of Brand Experience Anna Walsh, our Founder and Executive Chairman Udi Mokady and Robert Herjavec. Yes, that Robert Herjavec. Robert, of course, is the CEO of Cyderes and Shark Investor on ABC’s “Shark Tank.” The learnings of their formative years in the industry were poignant, from Robert talking his way into the IT industry to sell mainframes by offering to work for free to Udi’s early days at CyberArk selling the idea that leaving – metaphorically – the valuable stuff (critical data and assets) lying on a table in a locked house with an open window was a flawed concept.

Finally, IMPACT wouldn’t be IMPACT without the people who make it happen, from the event team to all our speakers, sponsors, partners and customers – a huge thanks to all of you.

*Yes, I still listen to albums all the way through.

Nick Bowman is director of media relations at CyberArk.