I was at Cisco Live a few weeks ago in the 100+ degree heat of Las Vegas and like other cybersecurity professionals, I am off to Sin City again next week for Black Hat.
Now Black Hat has become a technically-focused little brother of the RSA Security Conference, chock full of cybersecurity geeks at the beginning of the week and forensic investigators, researchers, analysts, and hackers as Black Hat turns to Defcon. Given this focus, I’m looking forward to hearing about a number of things including:
- Anti-ransomware fact and hyperbole. Last December, I predicted a rise in ransomware in my blog, even going so far to talk about enterprise ransomware that impacted multiple systems on the network simultaneously. Unfortunately, I was right about this one as ransomware has become a cybersecurity scourge of 2016. Nasty stuff and once you’re hit, there is little you can do except replace the hard drive, reimage systems and hope you’ve done a recent full backup. Alternatively, you can pony up a bunch of rubles to Vladimir in Odessa.
Nevertheless, there are in fact ways to prevent ransomware before it bricks your system. New types of algorithms can scan files before execution and finger ransomware. Virtual sandboxes can execute malware without impacting system resources. You can also condition your employees to ignore social engineering scams using tools like PhishMe and Wombat Security. Anyway, I expect everyone to be talking about ransomware and am anxious to learn the latest about threats, countermeasures and industry rhetoric.
- Endpoint security progress. This is a fast moving area in which I’ve done a lot of research. The big AV players are still selling suites, but next-generation endpoint security vendors like the 3 “Cs” (Carbon Black, CrowdStrike, and Cylance) along with others like CounterTack, Digital Guardian, Invincea, and SentinelOne are making progress and taking money out of AV vendor pockets. I’ve blogged about the endpoint security continuum which spans from advanced prevention to advanced detection and response. I’m interested in learning more about what enterprise organizations are doing with endpoint security, which vendors are gaining traction, and which of the multitude of technology solutions CISOs are passing on.
- Security analytics — immature science project or useful tool? I’ve been doing a lot of research into this area and my feeling is that the technology is in its early stages. Useful? Yes, but limited in terms of scale and flexibility. I have seen progress in structured machine learning tools like UEBA while unstructured machine learning is great if you know how to build models to derive value. How is this technology progressing? That’s what I want to find out at Black Hat.
- Bridging security to the cloud. My colleague Doug “Cloudy” Cahill is all over this and it sure seems like big security vendors want to add cloud security to their portfolios: Blue Coat acquired Elastica, Cisco purchased CloudLock, Microsoft grabbed Adallom, etc. Traditional network security vendors like Check Point, Fortinet, and Palo Alto are also moving in this direction. I’m interested in hearing about the uptake of these tools and whether cloud security is considered an add-on or replacement for traditional controls.
- IoT security: A vertical industry application? I just posted a blog about this recently as I believe that IoT along with increasing regulations and the growing business angle on cybersecurity will turn cybersecurity into more of a vertical industry application over time. Of course, not all IoT is the same so I’m interested in learning about threats, vulnerabilities, defenses, and best practices in industries like energy, health care, manufacturing, and transportation that are blazing the IoT trail.
There will be plenty of other things to talk about at Black Hat and I’ll be blogging about everything I learn over the next few weeks. See you in Vegas.