Most Recent Blogs

Black Hat Impressions

Posted: August 01, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, Black Hat, CISO, home network security, SDP

many-ideas.jpgLike many others in the cybersecurity community, I attended Black Hat in Las Vegas last week. Here are my thoughts on the show:

Read More

Black Hat 2017: Disruption in the Wind

Posted: July 31, 2017   /   By: Doug Cahill   /   Tags: Cybersecurity, Black Hat

cybersecurity-connections.jpgSuch blogs typically offer 3 or 4 takeaways from seminal industry events; I have one from Black Hat 2017—disruption of core cybersecurity markets is in the air.

Read More

Anticipating Black Hat 2017

Posted: July 21, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, Black Hat

GettyImages-622974406.jpgI’ve been looking forward to this year’s Black Hat event in Las Vegas for several months. In my mind, Black Hat has become the industry’s premier event for digging into cybersecurity technology.  RSA seems to be leaning toward business development and Sand Hill Rd. schmoozing these days.

Read More

Anticipating Black Hat

Posted: July 28, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, IoT, endpoint security, Black Hat, cloud security, ransomware

black hat previewI was at Cisco Live a few weeks ago in the 100+ degree heat of Las Vegas and like other cybersecurity professionals, I am off to Sin City again next week for Black Hat.

Read More

Two CISO Priorities from Black Hat: Endpoint Security and Cloud DLP

Posted: August 11, 2015   /   By: Doug Cahill   /   Tags: cloud, endpoint security, Black Hat, CISO

Blackhat_USA_2015With the frenzy of the largest Black Hat to date in the review mirror there is much to reflect upon. The range of hacks demonstrated highlight the massive expanse of the attack surface area with mobile and IoT exploits front and center including the now famous car hack of 2015. While the sheer scope of IoT vulnerabilities is staggering, CISOs and practioners I spoke with cited the endpoint attack vector and preventing the loss of data via the use of unauthorized cloud apps as two of their more immediate concerns. The high level of competition between vendors in the advanced endpoint threat protection and cloud access and control security markets correlate to this demand; their markets have indeed arrived.

Read More

Black Hat PreGaming Thoughts

Posted: August 03, 2015   /   By: Doug Cahill   /   Tags: Cybersecurity, Black Hat

Blackhat_USA_2015With the current vibrancy of the cybersecurity industry on both sides of the ledger, there is much to learn this week at Black Hat in Las Vegas. As I prepare for my trip across the country, I thought I’d borrow a term from today’s college student vernacular and offer a few Black Hat pre-gaming thoughts.

 

 

 

  

Read More

Black Hat Is About Cybersecurity People and Processes

Posted: July 30, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, Black Hat, cybercrime, Black Hat 2015

Blackhat_USA_2015Over the past few years, the RSA Security Conference has become a marquee technology industry event. It has really outgrown its humble roots in cryptography and Layer 3 and 4 packet filtering – now RSA is where technology industry bigwigs meet, drink exquisite Napa Valley wine, get a broad perspective of the cybersecurity industry, and do deals.

RSA’s emergence as a “must-attend” technology industry event is a good thing on balance. For one week of the year, business, government, and technology leaders descend on San Francisco and shed a spotlight on the global state of cybersecurity. But while this attention is a good thing, RSA has evolved into a high-level affair, focusing on the “why” questions surrounding cybersecurity.

Enter Black Hat, which takes place next week in Las Vegas. Rather than concentrate further on “why” questions, Black Hat is where you go to explore “how.”

Read More

Anticipating Black Hat

Posted: August 01, 2014   /   By: Jon Oltsik   /   Tags: IBM, Check Point, Palo Alto Networks, Fortinet, Cisco, Data Management & Analytics, Information and Risk Management, Juniper, HP, McAfee, Enterprise Software, Security and Privacy, Crowdstrike, Lockheed Martin, Black Hat, trend micro, RiskIQ, 21CT, Leidos, Norse, CybOX, BitSight, Symantec, RSA, TAXII, ISC8, Blue Coat, STIX, Webroot

RSA 2014 seems like ancient history and the 2015 event isn’t until next April. No worries, however, the industry is set to gather in the Las Vegas heat next week for cocktails, sushi bars, and oh yeah – Black Hat.

Now Black Hat is an interesting blend of constituents consisting of government gumshoes, Sand Hill Rd. Merlot drinking VCs, cybersecurity business wonks, “beautiful mind” academics, and tattooed hackers – my kind of crowd! As such, we aren’t likely to hear much about NIST frameworks, GRC, or CISO strategies. Alternatively, I am looking forward to deep discussions on:

  • Advanced malware tactics. Some of my favorite cybersecurity researchers will be in town to describe what they are seeing “in the wild.” These discussions are extremely informative and scary at the same time. This is where industry analysts like me learn about the latest evasion techniques, man-in-the-browser attacks, and whether mobile malware will really impact enterprise organizations.
  • The anatomy of various security breaches. Breaches at organizations like the New York Times, Nordstrom, Target, and the Wall Street Journal receive lots of media attention, but the actual details of attacks like these are far too technical for business publications or media outlets like CNN and Fox News. These “kill chain” details are exactly what we industry insiders crave as they provide play-by-play commentary about the cybersecurity cat-and-mouse game we live in.
  • Threat intelligence. All of the leading infosec vendors (i.e., Blue Coat, Cisco, Check Point, HP, IBM, Juniper, McAfee, RSA, Symantec, Trend Micro, Webroot, etc.) have been offering threat intelligence for years, yet threat intelligence will be one of the major highlights at Black Hat. Why? Because not all security and/or threat intelligence is created equally. Newer players like BitSight, Crowdstrike, iSight Partners, Norse, RiskIQ, and Vorstack are slicing and dicing threat intelligence and customizing it for specific industries and use cases. Other vendors like Fortinet and Palo Alto Networks are actively sharing threat intelligence and encouraging other security insiders to join. Finally, there is a global hue and cry for intelligence sharing that includes industry standards (i.e. CybOX, STIX, TAXII, etc.) and even pending legislation. All of these things should create an interesting discourse.
  • Big data security analytics. This is an area I follow closely that is changing on a daily basis. It’s also an interesting community of vendors. Some (i.e., 21CT, ISC8, Leidos, Lockheed-Martin, Norse, Palantir, Raytheon, etc.), come from the post 9/11 “total information access” world, while others (Click Security, HP, IBM, Lancope, LogRhythm, RSA, etc.) are firmly rooted in the infosec industry. I look forward to a lively discussion about geeky topics like algorithms, machine learning, and visual analytics.
Read More

A Multitude of Mobile Security Issues

Posted: July 20, 2012   /   By: Jon Oltsik   /   Tags: Apple, Microsoft, End-User Computing, Check Point, MDM, Cisco, Information and Risk Management, McAfee, mobile, Security and Privacy, google, BYOD, android, Good Technology, Juniper Networks, Black Hat, trend micro, Symantec, Anti-malware, Interop, MobileIron, DLP, RSA Security Conference, iPad

The Black Hat USA conference takes place next week. If it's anything like RSA and Interop, there will be a fair amount of discussion about BYOD and mobile device security. Yup, a lot of hype but this is a topic worth discussing as nearly every enterprise organization and CISO I speak with is struggling here.

Read More

Posts by Topic

see all