Being a cybersecurity industry analyst can be a bit like a dog on a walk. Squirrel! And off you go. Which is to say creating a plan for Black Hat next week, be it which sessions to attend, what tech to look for, what trends to double-click on (never mind what parties to hit), can be challenging. With an attempt to keep some of the squirrels out of my peripheral vision, here a few of the ones I’ll be chasing next week at Black Hat 2016.
(click image to enlarge ESG TechTruth)
- Next-gen CASB. OK, so I’m being bit snarky here. I mean, the cloud access security broker (CASB) market is still a new category so how can we already be talking next-gen? Well, because this is a market on the move with a flurry of M&A activity and platform plays that are elbowing into adjacent categories. The initial set of visibility controls centered on Shadow IT app discover and usage profiling is quickly becoming commoditized.
Market makers Netskope and Skyhigh Networks, as well as Elastica (now Blue Coat, soon to be Symantec) and Palo Alto Networks have made cloud data loss prevention (DLP) and threat detection capabilities must-have requirements of a full-fledged CASB. Identity and access management functionality is expanding to include user behavior analytics (UBA). Bitglass includes enough mobile device management (MDM) functionality to give pause on the need for a stand-alone EMM/MDM offering, CloudLock supports custom apps via a set of APIs, and Palerra extends their CASB to securing cloud infrastructure. Such functional expansion certainly blurs the lines between category definitions and begs what comes next.
- IoT front and center. Be the connecting of things operating critical infrastructure or sensors throwing off telemetry, securing IoT devices and the data they generate is topical to be sure. Following the great car hack of Black Hat 2015, IoT will undoubtedly be front and center with more such exploits demonstrated in sessions and solutions to prevent them demo’d on the show floor.
IoT security frameworks from vendors such as HPE and INSIDE Secure seek to span device, data, and gateways. And taking a page out of the Network Access Controls (NAC) playbook, Great Bay Software authenticates and profiles things for an invitation-only approach to IoT security. I’m interested in learning more about how such approaches apply to both legacy and new IoT devices given notable differences with respect connectivity, use of TPM (Trusted Platform Module) chips, and EOL’d operating systems.
- East-west meets north-south with micro segmentation. Hybrid clouds composed of workloads here there and everywhere beg that the prescribed use case of micro-segmentation to secure east-west inter workload traffic be expanded to encompass north-south traffic. For example, micro-segmentation is a compelling approach to secure an app with the database tier on-prem and the web-tier in the cloud.
Vendors such as a Illumio, Unisys, and vArmour offer cloud connectors to enable such arbitration of app tiers between private and public clouds enabling more sophisticated hybrid cloud use cases. I’d love to talk to some customers that are leveraging micro-seg to enable and secure their journey to the cloud.
- Monetizing ransomware. It’s not just for the black hats, it’s big business for security vendors too. And I don’t say that to by cynical because for many, given the rise of this insidious form of crimeware, thwarting ransomware is a top priority. The porous front-door that is the end-user has to be better secured to deal with the right endpoint security controls, but like other threats, since ransomware operates along the kill chain, customers should look for solutions which map to these phases for a full set of countermeasures, a prescription offered by Trend Micro. It will be interesting to see whether other single source security vendors have the right set of the controls to detect and prevent ransomware from multiple attack vectors.
I know — good luck stopping there! But, hey, it’s a good problem to have.