ESG Blogs

There was a lot to take in at Black Hat 2019 in Las Vegas. Fortunately, ESG covered a lot of ground with our expanded team of analysts. With the dust now settling from Black Hat 2019, ESG analysts share some takeaways from the event in this ESG On Location Video, including:

Just as I expected, my conversations at BlackHat 2019 mostly centered on how to define MDR, whether MDR will replace MSS, and which vendors are really MDR and which are not. Oh, and xDR was discussed too.

About this time every year, the cybersecurity industry heads to “summer camp” in Las Vegas, heading to BSides, Black Hat, and/or DefCon. I attended Black Hat last week along with many members of the ESG cybersecurity team. Here are a few of my takeaways:

1. The “vibe” has changed. There used to be a clear difference between Black Hat and its larger cousin, the RSA Conference. RSA has become an industry show where you talk about business relationships, M&A activities, and VC investments. Alternatively, Black Hat was always a practitioners’ show where the buzz centered on exploits, IoCs, and defensive tactics. Alas, billions of security dollars are taking its toll on poor Black Hat – there was a definite “hurray for the industry” vibe, fraught with banal cocktail parties, Merlot-drinking VCs, and ambulance-chasing vendors. The industry needs a cold shower to remember that its job is protecting critical digital assets, not celebrating 10-baggers.

Judging by this week’s Capital One breach and Equifax settlement, cybersecurity remains a topical if not ugly subject. The timing couldn’t be better for these unfortunate events. Why? Because the cybersecurity community will get together next week in Las Vegas for Black Hat and Defcon to discuss how to better deal with security vulnerabilities and improve threat prevention, detection, and response. 

Black Hat has gotten a lot bigger over the past few years, so many security insiders now compare Black Hat to the RSA Security Conference circa 2012 or so. 

This is an accurate comparison from an attendance perspective but there is still a fundamental difference between the shows. In my humble opinion, RSA is an industry event, while Black Hat is more of a cybersecurity professional gathering. The focus is on cyber-adversary tactics, techniques, and procedures (TTPs), threat intelligence, and defensive playbooks. Rather than host lavish cocktail parties, vendors who participate in Black Hat must roll up their sleeves and demonstrate their technology acumen to gain street cred with this crowd.

I’m not sure how many people attended Black Hat in Las Vegas last week, but it surely felt like a record crowd. Optimistic attendees lauded the show for its threat research and focus on cybersecurity skills while skeptics bemoaned Black Hat changes, disparagingly referring to the show as ‘RSA in the desert.’

As for yours truly, my week was educational, albeit exhausting. I started early by participating in the CISO Summit on Tuesday where I hosted a panel on AI and machine learning in cybersecurity. My week ended with a Thursday dinner brainstorming session on cybersecurity operations. There were dozens of formal and informal meetings in between. 

I’m about to leave New England and brave temperatures of 110 degrees or above. It may sound crazy, but I’m actually looking forward to the trip next week. Why? I’m heading to Black Hat USA in Las Vegas, and I’m excited to learn more about:

1. Artificial intelligence in cybersecurity. I am hosting a panel at the CISO Summit titled, The Real Impact of AI on Cybersecurity. As part of this panel discussion, we will cut through the industry hype around AI/ML and talk about how real enterprise organizations are using and benefiting from the technology. It should be a fruitful and enlightening discussion.

Like many others in the cybersecurity community, I attended Black Hat in Las Vegas last week. Here are my thoughts on the show:

Such blogs typically offer 3 or 4 takeaways from seminal industry events; I have one from Black Hat 2017—disruption of core cybersecurity markets is in the air.

I’ve been looking forward to this year’s Black Hat event in Las Vegas for several months. In my mind, Black Hat has become the industry’s premier event for digging into cybersecurity technology.  RSA seems to be leaning toward business development and Sand Hill Rd. schmoozing these days.