Organizations worry more about the volume and sophistication of cyber attacks and are confused about what tools to use. It's not all bad news, though, as this year's Black Hat highlighted several security advancements, including greater emphasis on application security and automating security operations. Here are my take-aways from this year's event:
The “vibe” has changed. There used to be a clear difference between Black Hat and its larger cousin, the RSA Conference. RSA has become an industry show where you talk about business relationships, M&A activities, and VC investments. Alternatively, Black Hat was always a practitioners’ show where the buzz centered on exploits, IoCs, and defensive tactics. Alas, billions of security dollars are taking its toll on poor Black Hat – there was a definite “hurray for the industry” vibe, fraught with banal cocktail parties, Merlot-drinking VCs, and ambulance-chasing vendors. The industry needs a cold shower to remember that its job is protecting critical digital assets, not celebrating 10-bangers.
The scary factor. In a recent ESG research project, 76% of organizations claim that threat detection and response is more difficult today than it was two years ago. More than one-third (34%) say the volume and sophistication of attacks has increased, while 16% claim that the attack surface has grown. Both issues were front and center at Black Hat. For example, we are seeing attacks on cloud infrastructure like the theft of developer passwords on GitHub, break-ins on Amazon S3 buckets, and exploitation of internet of things (IoT) device vulnerabilities. None of the adversary tactics, techniques, and procedures (TTPs) are new, but the cybersecurity diaspora is being asked to safeguard more new stuff all the time. This imbalance is a recipe for disaster, and all CISOs should have a formal plan for bridging this gap.
Everything is in play. Cybersecurity technology is installed everywhere – on hosts, networks, virtual infrastructure, in the cloud, etc. A lot of this infrastructure has been in place for years, but much has reached a point of obsolescence. Old antivirus software is being replace by endpoint security suites instrumented with machine learning algorithms and EDR capabilities. Network security devices are giving way to virtual network security services that span physical, virtual, and cloud-based infrastructure with central management and distributed enforcement. Individual security analytics tools are coming together in security operations and analytics platform architectures (SOAPA). All these changes are muddying messages and confusing the industry at large. Rather than a security technology flea market, we need some clarity on new types of security technology architectures for the 2020s at next year’s shows (i.e. RSA and Black Hat).
3 ways security is improving
While there is a lot of work ahead, all is not doom and gloom. Here are a few positive observations from Black Hat 2019:To read this article in full, please click here