Blogs

There was a lot to take in at Black Hat 2019 in Las Vegas. Fortunately, ESG covered a lot of ground with our expanded team of analysts. With the dust now settling from Black Hat 2019, ESG analysts share some takeaways from the event in this ESG On Location Video, including:

Just as I expected, my conversations at BlackHat 2019 mostly centered on how to define MDR, whether MDR will replace MSS, and which vendors are really MDR and which are not. Oh, and xDR was discussed too.

About this time every year, the cybersecurity industry heads to “summer camp” in Las Vegas, heading to BSides, Black Hat, and/or DefCon. I attended Black Hat last week along with many members of the ESG cybersecurity team. Here are a few of my takeaways:

1. The “vibe” has changed. There used to be a clear difference between Black Hat and its larger cousin, the RSA Conference. RSA has become an industry show where you talk about business relationships, M&A activities, and VC investments. Alternatively, Black Hat was always a practitioners’ show where the buzz centered on exploits, IoCs, and defensive tactics. Alas, billions of security dollars are taking its toll on poor Black Hat – there was a definite “hurray for the industry” vibe, fraught with banal cocktail parties, Merlot-drinking VCs, and ambulance-chasing vendors. The industry needs a cold shower to remember that its job is protecting critical digital assets, not celebrating 10-baggers.

Judging by this week’s Capital One breach and Equifax settlement, cybersecurity remains a topical if not ugly subject. The timing couldn’t be better for these unfortunate events. Why? Because the cybersecurity community will get together next week in Las Vegas for Black Hat and Defcon to discuss how to better deal with security vulnerabilities and improve threat prevention, detection, and response. 

Black Hat has gotten a lot bigger over the past few years, so many security insiders now compare Black Hat to the RSA Security Conference circa 2012 or so. 

This is an accurate comparison from an attendance perspective but there is still a fundamental difference between the shows. In my humble opinion, RSA is an industry event, while Black Hat is more of a cybersecurity professional gathering. The focus is on cyber-adversary tactics, techniques, and procedures (TTPs), threat intelligence, and defensive playbooks. Rather than host lavish cocktail parties, vendors who participate in Black Hat must roll up their sleeves and demonstrate their technology acumen to gain street cred with this crowd.