A brief digest from Black Hat 2019
Upon arriving in Las Vegas, I was welcomed by all the familiar sights and sounds one would expect from this playground – vast oceans of slot machines, blinking lights and chiming bells, all designed with a singular purpose: to entice and disinhibit the adventurous child within us all. It would certainly be easy to ride the endless rivers of booze and become distracted by all the bright, shiny objects, but I was on a mission. I was covering Black Hat to listen and learn from some of the foremost innovators in the cybersecurity Community.
Source: UBM Media and Black Hat Events
As you know, Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together a variety of people interested in information security ranging from non-technical individuals, executives, hackers, and industry-leading security professionals.[1]
[1] Source: Wikipedia, https://en.wikipedia.org/wiki/Black_Hat_Briefings
My goal while attending the conference was to pick the brains of thought leaders from some of the leading providers of cybersecurity products and services and get their opinion on the current state of the cybersecurity ecosystem, what issues their clients are facing, and what they envision for the future of the industry.
A key theme from my interviews was the heightened focus on human behavior, moving from “reactive” to “proactive” approach to product development. “We’re getting better at providing more context about human behavior, and even device behavior,” according to Margaret Cunningham, the principal research scientist at Forcepoint. “[The emphasis is on] understanding how people interact with technology, and how we can actually integrate that knowledge into our products.”
The common theme of “good vs. evil” was prevalent. “We secure digital communications to ensure Humanity prevails over evil!” says Crane Hassold, senior director of threat research at Agari. The need for solutions to human error was abundantly clear, and it seems like there is a movement afoot to empower people to take charge of their cybersecurity destiny. “Our mission is to enable the world to stop phishing attacks in their tracks,” says Aaron Higbee, chief technology officer at Cofense, “and the reason is [phishing] is the number one attack vector that leads to all these breaches we hear about.”
One aspect of the current corporate tech ecosystem that is complicating matters is the proliferation of connected devices, and the resulting strain on network infrastructure. “We’ve got multiple sites and the network is becoming far broader than ever before.” according to Stuart Reed, vice president of product marketing at Nominet, “The touchpoints are also becoming broader.” Again, it comes down to human behavior, as Chris Hass, a principal threat research engineer at LogRhythm puts it, “What we’re seeing in the marketplace is really just a need for user behavior analytics, then building a baseline user behavior over a period of time to identify trending anomalies.” When asked about the biggest challenges facing their clients, Waratek chief executive officer, John Adams replied, “At the end of the day, there are really two points: Number one, humans are still a big part of the equation, and it’s very important that we help mitigate that variability. The second thing is that the bad guys are automating!” This is a major reason why SOAR (Security Orchestration, Automation, and Response) solutions are gaining widespread adoption across the security industry.
Source: UBM Media and Black Hat Events
The SOAR technology market aims to converge security orchestration and automation (SOA), security incident response (SIR) and threat intelligence platform (TIP) capabilities into single solutions.[1]
Of course, the most frequently cited concern facing corporate clients was the mass exodus to Cloud. “Everybody wants to work remotely!” says Hardik Modi, head of threat intelligence at Netscout. “These [cloud-based access] opportunities are bringing risks alongside them, and the main concern is how to indulge in a hugely disaggregated network securely?” With that migration comes another major issue: Legacy systems. Mounir Hahad, head of Juniper Threat Labs, highlights the issue, “[One of] the complicated things that people struggle with is how do you move these Legacy applications into the cloud, because you find yourself very quickly not having to deal with one Cloud, but it’s actually a multi-cloud scenario.”
Source: UBM Media and Black Hat Events
Once again, it comes down to human concerns. Anthony James, vice president of product marketing at Infoblox, puts it bluntly, “The operationalization of security and security tools is still the biggest fundamental problem. It doesn’t matter how many tools you throw at the problem, [clients] can’t afford as many security operations personnel as they want, there’s just not enough budget for it, and even if there were, they don’t have the infrastructure to support a thousand alerts per day… there’s just not enough man-hours to do that.” The bottom line is that the current “alert” based system is putting too heavy a strain on human support, and SOC’s are overwhelmed. Automation solutions are a potential plugin for the dam. According to Gilad Peleg, chief executive officer at SecBI, “What we mean by ‘changing the SOC experience’ is really automating the most core expertise and core activities of the SOC, which is investigation, detection, and response.”
So how does the cybersecurity community act on all this information? After all, actions speak louder than words. “You can understand the context. You can understand relationships. You can understand the risk. Terrific, but also take action on that!” says Tim Eades, chief executive officer at vArmour. That may be easier said than done, given the fact that most corporate infrastructures are so scattershot, they resemble Frankenstein’s Monster more than anything else. Patch management has become a concern for many firms. As Jimmy Graham, senior director of product management at Qualys states, “It makes sense to go back and look at processes. It’s not exciting – it’s not a hot new thing to buy – but if you just look at your general security hygiene, I think that knocks out a lot of problems, and [most of the time] doesn’t necessarily mean buying a new tool.” Graham continues, “Whether it’s vulnerability management or patch management or policy compliance, if you don’t know what assets you have or where they are, then you can’t even begin to solve those things.”
To be sure, there are a plethora of solutions available, all claiming to have the answer, or at least fill in a big piece of the puzzle. Waratek offers patching solutions that avoid the risks inherent in messing with source code. “You can just click and patch, and never touch the source code,” says Adams. Other solutions focus on end-users taking the power into their hands (literally), as Brian Foster, senior vice president of product management at MobileIron boasts, “We’re seeing great success at turning your mobile device into your digital ID for the enterprise. It really relies on three foundations: the first is managing applications on the device, the second is securing the device, and the third is the authentication layer for the device itself. Our mission is to enable these mobile devices to be the center of Enterprise Computing, providing a zero sign-on experience, using biometrics.” Still, other companies are focused on combating malicious hacks by disincentivizing hackers. Kevin Gosschalk, chief executive officer at Arkose Labs, has embarked on precisely that mission. As he puts it, “They are only learning to do these attacks because they can make money from it. We want to increase the cost to hackers, so it’s no longer sufficiently profitable to justify the risk.”
So, what does the future look like for the cybersecurity industry? Well, it depends on who you ask. Some experts see more of the same, with no tidal shift.
Many respondents expressed optimism that there will be more collaboration in the Community. Adams warns, “There’s no silver bullet, and if you’re looking for that as a CTO or CIO, you’re going to be frustrated.” Others predict the scourge of cybercrime will continue to flourish, like Peleg, “Will something fundamental change and make [cybercrime] not worth it? I don’t see that happening. We’re making it more difficult, but the technology – machine learning and A.I. – is also being used by the adversaries!” The solution may come down to – you guessed it – people! As Adams posits, “It’s a combination of the industry and people starting to come together and say, ‘Hey, let’s write this, you know, collectively, as opposed to individually!’”
Source: UBM Media and Black Hat Events
But many are consummate optimists. Costs to enterprises will likely decrease since Cloud security technology is more affordable. Eades suggests, “You can leverage API’s and context to make more secure environments for a fraction of the cost.” Stuart Reed from Nominet goes one step further, saying, “We need to start moving the perception that security is a cost of doing business… versus a business enabler!” Then, of course, you have the future-tech visionaries. For instance, Juniper’s Hahad envisions a future where “we will reach the point where networks are self-defending and self-healing… they will be smart enough to recognize that something weird is going on and take remediation steps toward fixing whatever it is.”
No matter what the “next big thing” turns out to be, one thing seems to be likely: the cybersecurity Community needs to come together, find a bridge over the waters of competition, and share data. Malicious hackers share data constantly and collaborate extensively to identify and exploit vulnerabilities. The only way to effectively combat such a colossus is to form one of our own. It’s time for the Community to earn its capital “C”.
Olivier Vallez, Cybersecurity Reporter
Cyber Defense Magazine
Olivier Vallez is a contributing writer for Cyber Defense Magazine, covering various cybersecurity topics and events. He is the Head of Business Development at The CyberHero Adventures: Defenders of the Digital Universe, a groundbreaking comic platform that distills complex cybersecurity information into a fun and engaging superhero stories and makes cyber hygiene easy-to-understand for non-technical people.
[1] Gartner – Market Guide for Security Orchestration, Automation and Response Solutions