From Endpoint Protection To Threat Intel: Black Hat Day 1 In Review

Trade Show Exhibitors Talk Pressing Cyber Topics


Dan Gunderman
08/08/2018

Black Hat USA, one of the world’s largest information security events, opened its two-day main conference on Wednesday, Aug. 8 at the Mandalay Bay Hotel in Las Vegas. The conference included an insightful keynote, business meetings, product demos and extensive offerings on the show floor.

The latter was vibrant, as vendors, experts and attendees commingled, talking strategy, development, best practices, pain paints and industry-leading products. Leaders from hundreds of companies were on hand to deliver elevator pitches and discuss the uniqueness of their products. The Cyber Security Hub was in attendance, sitting in on sessions and demos. Here, we aim to break down the show’s most interesting parts. What follows are the highlights from Day 1 (including the "Booth Creativity Award," which we’ve given to ObserveIT for their “80s basement” theme!).


Keynote

To kick off the entire show, Google’s Director of Engineering, Parisa Tabriz, delivered an hour-long keynote before a packed arena. In the discussion, entitled “Optimistic Dissatisfaction with the Status Quo: Steps We Must Take to Improve Security in Complex Landscapes,” Tabriz offered guiding advice for security practitioners and leaders.

Tabriz drew from her experiences leading some of the biggest, ongoing security efforts that aim to make technology safer for all users. She explained how throwing out the “rule book” on vulnerability disclosure has been moving giants of the software industry toward measurably faster patching and end-user security.

Tabriz also shared how a grassroots side project grew to shift the majority of the web ecosystem to secure transport, nearly 25 years after the technology was first made available. The Google director also reviewed a major effort to implement an intern’s publication in one of today’s largest open source projects.


Throughout her speech, Tabriz underscored various soft skills and cultural aspects that make security teams excel. She pointed to collaboration and “working together on shared security goals.” She also called for a “hacking of our various bureaucracies” to streamline security efforts and instill better defense.

“Part of what my job is to believe that change is possible,” Tabriz told the Black Hat audience. She also highlighted efforts such as building a “coalition of support” inside and outside of security, and “communicating upwards and outwards.” Overall, she suggested practitioners and experts and “band together to tackle root causes and stop playing ‘whack-a-mole.’”

“We have to reflect on progress, and celebrate it,” Tabriz said, before calling on security to continue to make people safe in a space ripe with growth potential.

See Related: Industrial IoT Concerns Worsen As More Devices Connect To The Web

‘Situational Awareness’

In a briefing, Awake Security CEO Rahul Kashyap told the Cyber Security Hub that in today’s illicit, black-hat activity, there is a “low barrier to entry,” meaning folks like persistent Ukrainian hackers with no other sources of income can get into Dark Web business.

In discussing the widening attack surface – thanks in part to the Internet of Things (IoT) – Kashyap said that security efforts become dependent on visibility (and getting smarter in areas such as insider threats and allowing for skills to develop in the security operations center (SOC) and in threat hunting).

Overall, Kashyap said that the operating system has evolved. While there has been a slight drop in ransomware attacks (because the campaigns are more targeted), attackers have still adapted to new tech. Because of that, they’re “embedded in the operating system.” The CEO added that social engineering remains the largest vector, especially in a wave of connectivity, because once these threat actors are in, they can move laterally toward the crown jewels.

‘Zero Trust’

Centrify’s Chief Product Officer, Bill Mann, told the Cyber Security Hub that overall, enterprises have taken on a “defragmented nature.” In such an ecosystem, identity and access management (IAM) takes on a new level of importance – to reduce privileges to what is needed in order to reduce risk and insider threats, etc.

Some pillars of this next-gen access include: verifying the user, validating the device and limiting access and privileges.

In discussing these codified goals, Mann said that folks at the C-Level must rethink their approach to security. That could mean moving toward a single platform, where one pane beats disparate communication across products and platforms. On the matter, Mann said, “The platform approach is better than discrete component parts.”

Further, Mann called for the (eventual) exile of the password as a credential. He added that the shift from the unguarded password to multi-factor authentication (MFA) brings an enterprise’s risk posture down significantly.

Is there a silver bullet? No, and Mann acknowledged that, but he also said that movement away from static passwords toward MFA leaves the industry in a better position than it was in previously.

See Related: Inside The Mind Of A Hacker: Stolen Identity To Full-Blown Data Breach


‘The Dark Side’

Jérôme Segura, Lead Malware Intelligence Analyst at Malwarebytes, spoke to the Cyber Security Hub about trends in the space, including new research on hacker activity and even remediation.

Segura pointed to new research, highlighting startling numbers on IT professionals who go to the “dark side,” or the “gray side,” meaning from white hat to black hat, or some double agent work in between. Segura said one in 10 relevant professionals were approached to go toward illegal hacking. The analyst pointed to disgruntled employees, or folks who feel underpaid or stuck in their jobs.

The Malwarebytes analyst also underscored other salient industry topics: from business email compromise (BEC) to LinkedIn reconnaissance work that leads to eventual phishing efforts.

He even described today’s more intentional and targeted ransomware attack, and the rise of crypto-mining. What’s more, Segura also mentioned supply-chain attacks, a “return to old-school malware/worms,” attacks on hardware and the residual effects of a breach, including visible/accessible credentials on the Dark Web (leading to enrollment in services, for example).

Show-Floor Demos

The Cyber Security Hub was also in attendance for numerous demos throughout the day, including LogRhythm’s work in the SOAR space (security operations, analytics and reporting), and enhancing response capabilities. A presenter walked attendees through the solution, and spoke specifically about the enterprise/analyst response – through each step.

Finally, CrowdStrike, a SaaS endpoint protection provider, discussed the misuse of point solutions, and ways to embrace “better protection, performance and value.” CrowdStrike attendees reminded folks gathered at the booth that a single agent can enable all controls. In the back half of the presentation, the presenter reviewed the Threat Graph database, the company’s threat hunters, mitigation efforts and even attacker profiles (which they’ve dubbed “baseball cards”).

Altogether, Black Hat Day 1 was insightful, diversified and loaded with pertinent content for today’s practitioners and their respective organizations. Stay tuned to the Cyber Security Hub for additional Black Hat coverage!

Be Sure To Check Out: Top CISOs To Confer On Pressing Cyber Security Topics At 'Exchange'