With the current vibrancy of the cybersecurity industry on both sides of the ledger, there is much to learn this week at Black Hat in Las Vegas. As I prepare for my trip across the country, I thought I’d borrow a term from today’s college student vernacular and offer a few Black Hat pre-gaming thoughts.
- The More the Data, the More the Pixels Matter: Security professionals from the SOC to CIRT are inundated with massive streams of data from logs, sensors, and a plethora of intelligence feeds to speed response and predict the next attack. Beyond the challenges of storing and normalizing these reams of data (enter NoSQL data stores, and STIX/TAXII) the challenge of applying analytics that yield “grokable” and actionable information based on relevance and context for the hunt is a huge issue. This big data security analytics issue is exacerbated by the cybersecurity skills shortage, a gap many vendors are working to fill with easier to understand graphs, charts, and the like. But the more data to synthesize, the harder this design center is to meet. I expect the Black Hat expo hall floor to be a virtual battleground for the best user interface that can both ingest big data and provide a truly actionable interface from design to feature discoverability to usability.
- Cloud Access and Control Security Heats Up: My weather app tells me to expect temps around 106 degrees this week in Vegas. Yes, I know – it’s a dry heat. Equally hot is this category of products that help IT embrace the Shadow IT reality with a set of controls that provide both visibility into and governance of the use of cloud apps and services. I’m interested in better understanding the differentiation between these offerings and the security features being added natively to cloud apps (e.g., encryption, IAM integration, etc.). And with the recent exits of two players in this space, Adallom and Perspecsys, I expect the rumor mill to be frothy about who’s next.
- Integration Depth and Workflows: It’s great to see collaboration between network and endpoint security vendors to provide end-to-end detection capabilities via integrations. These alliances help customers leverage investments and cover up seams between previously disparate technologies. But it’s not clear to me where we are on the good-better-best spectrum of these integrations that make the compelling use cases these integrations enable operationally efficient. I look forward to seeing these integrations demoed to show both endpoint and network sensor-initiated scenarios.
- IoT Fear and Loathing: Well, it is Vegas, after all, and while we won’t see Hunter S. Thompson this week, we will see and hear a lot about the massive attack surface area that is the Internet of Things (IoT). While it still seems to be early days for this category, the number of IP-enabled devices from house to store to hospital and beyond is growing exponentially. And the recent whitehat hack of a Chrysler Jeep Cherokee highlighted just how scary these vulnerabilities can be, especially when projected at scale. I’m highly interested to see whether, as an industry, we will prioritize the highest-value IoT targets and how automated patching will be an immutable, baseline control.
I have only scratched the surface of my to-do list for Black Hat this week. In addition to these topics it will be great to catch up with friends and learn from such an incredible brain trust that is the white and black of cybersecurity. Safe travels, everyone.