Black Hat Day 2 Coverage Centers Around Mobile Sec, AI & ML
Attendees Greeted With Numerous Sec. Options
Black Hat Day 2 was loaded with pertinent content, interactive sessions, outreach creativity, booth demos and more cyber excitement.
The Las Vegas-based conference, a leading information security event, has proven to instill best practices, meaningful conversation and networking opportunities. Over the course of the two-day main event, attendees can choose from a myriad of sites and sounds – from walk-throughs to speeches attended by hundreds, or thousands, of others.
Vendors took to their task with fervor on the second day, delivering elevator pitches, product demos and gifting marketing materials to the thousands of passersby. Elsewhere, practitioners and experts delivered 25- and 50-minute sessions on pertinent cyber topics – from governance, risk management and compliance (GRC) methods around the Internet of Things (IoT), to artificial intelligence (AI) and machine learning (ML) algorithms, the latter of which the Cyber Security Hub attended. More details on that to follow!
The text below provides an in-depth look at the day that was – including commentary on the day’s affairs – from demos to sessions. (In that spirit, we’ll give CrowdStrike the “Ingenuity Award” for their hacker profile T-shirt giveaway!)
The Cyber Security Hub kicked off its follow-up coverage in a Symantec demo on the show floor. Presenters discussed iOS trustjacking and (simple) ways a mobile device can be hijacked. A part of that conversation is also persistence and scope, as experts outlined the many ways in which black hats can impose chaos over time, and across accounts and apps.
Beginning stages could be social engineering campaigns or offerings (“high-speed” but actually malicious WiFi). Presenters went as far as to show ways in which threat actors can leverage mobile power to access credentials and profiles, manipulate content and, in half of a second, wreak havoc.
Just before midday, Raffael Marty, Vice President of Corporate Strategy for Forcepoint, led a session entitled, “AI & ML in Cyber Security – Why Algorithms are Dangerous.”
The security and data expert stated that in actuality, there is no true AI yet. Marty said a bulk of the upside comes in the form of human expertise. He suggested the space “stop throwing (methods) at the wall just to see what sticks.”
Some tips from the session, in implementing machine learning technology include: understanding your data, investing in people, capturing expert knowledge and advancing insights.
Marty took some time to outline various AI-related terms, including supervised (give training to systems) and unsupervised (giving systems optimization to solve) machine learning. He also described deep learning, or what he called just a newer machine learning algorithm. The Forcepoint executive described AI as a program that doesn’t simply classify or compute model parameters and comes up with novel knowledge that a security analyst finds insightful.
He also laid out reasons AI is dangerous to implement (and where it’s failed before), and when not to use ML. To the latter point, he said: when you don’t have enough test data, if you have data cleanliness issues, if there is adversarial input, if you have no well-trained domain experts to oversee the initiative, or if the data cannot be explained, verified or interpreted.
Marty then took attendees through a rather technical tour in ways to effectively model ML algorithms. This included data interpretation, a different approach (in probabilistic inferences), introducing “belief networks,” and using the Bayes’ theorem to build graphs.
The goal in all of this computation: observing activities, gaining expert input and verifying/extracting the data.
Marty recommended enterprises: define use cases instead of simply choosing an algorithm, recognize that ML is not a silver bullet, use algorithm ensembles, teach algorithms to ask for input and make sure the model keeps up with change.
“Algorithms are smarter, but experts are more important,” Marty said. “Understand your data, your algorithms and your data science process.”
Detect At Once
In a show-floor demo, Rapid7 presenters outlined the power of detection and response. The company also discussed vulnerabilities and misconfigurations.
In rehashing pen-test research, the company stated that of 268 engagements, two-thirds were able to gain internal admin status, while 61% evaded detection.
Rapid7 provided ways in which enterprises can automate that response, unify their data and augment their security stack. Rapid7 tools, the company said, help augment security functions and carry extensive analytics to meet the environment.
This concludes the Cyber Security Hub’s show-floor coverage of Black Hat USA 2018, but be sure to keep tabs on the site for a “Key Takeaways” piece – discussing major themes, talking points and top methods to mitigate risk.
Be Sure To Check Out: Top CISOs To Confer On Pressing Cyber Security Topics At 'Exchange'