I recently attended the Black Hat 2015 conference in Las Vegas, along with ESG Senior Analyst Doug Cahill and Research Analyst Kyle Prigmore. This video summarizes our impressions of the event.
Jon: Black Hat is a colorful show. You see a lot of quirky characters, but it's also a really serious show. And I talk to a lot of people about threat intelligence, about vulnerabilities, about exploits. What I realized is that when we talk about threat intelligence, we're talking lots of different languages. People have different definitions of threats. They have different characterizations of threat actors. And I realize that we really need to improve upon our communications and really get this story straight.
Doug: One of my takeaways from Black Hat is we still have a lot of confusion on the basics around cloud security, in terms of defining cloud security, securing cloud infrastructure, using the cloud as a delivery mechanism for cloud services and threat intel. But also, this new wave of cloud accessing control security products that provide governance and data loss prevention controls around the use of cloud applications. Part of the confusion in cloud security is also we have the use of pure-play cloud access control products, but also secure gateways that can provide some of the similar functionality. As an industry, we need to a better job for our customers in defining cloud security.
Jon: There was a big emphasis at Black Hat on cybersecurity skills training, cybersecurity education. Now, we've been talking about this for years, but at Black Hat, there was actually a career development section. We saw vendors recruiting right out of their booth. Of course, we saw a lot of classes for cybersecurity skills and education, but it became a recruiting event. It became a nexus of skills and discussions about skills development, which was pleasing to me for all the research I've done.
Doug: There were a number of exploits that were discussed and demonstrated that really highlight the expanse of the mass attack surface area that has grown exponentially with the proliferation of mobile devices and the introduction of the Internet of Things. With that said, I spoke with a number of CISOs and customers that, while mindful of this, are really focused on a couple of other priorities: being able to address the endpoint attack factor and also prevent data leakage from the unauthorized use of cloud applications.
Kyle: What I saw at Black Hat is a hyper-competitive consumer market that's coming into play. So you have two segments. You have the segment of users that use whatever the device comes with and they're happy. But I think you have an increasingly discerning secondary market, where people are choosing the programs they want to use, and they care more about what they're getting, how their privacy is handled. All the back end things that historically haven't been a huge deal are starting to come into play.
So what you're going to start to see, I think, is a slide towards more robust single solutions from vendors who are providing an all-in-one solution. And then you're going to start to see more creative solutions for more discerning consumers, so things like fobs that tunnel open Wi-Fi back to an encrypted box that you keep at your house, increased use of two-factor authentication in programs that maybe haven't been big users of that so far. So we're going to start to see some diversity in the market as consumers figure out what they like and what's important to them. And then eventually we'll start to see some consolidation down the road.
Jon: It's really a cat-and-mouse game with the bad guys and the good guys. So we've developed sandboxes, but the bad guys develop evasion techniques to get around the sandboxes. And so there's a lot of innovation now going on to the network security to overcome or counteract these evasion techniques and get much more accurate on the network so that we can move just from detection of malware to actual prevention of malware. And that's really where we have to go to really streamline operations for cybersecurity.
Doug: So one of the things from customers around endpoint security is lowering operational cost and layering on initial endpoint security controls and the need for integration to really coordinate the detection and prevention and response of threats from endpoint to network. I spent some time on the show floor at Black Hat and saw a number of first-level integrations between network vendors and endpoint vendors that are really very compelling, that are highly effective in being able to shorten the time to detection and response.
Jon: So we all had a lot of fun at Black Hat, but you can't leave Black Hat without being a little scared because we're seeing hacks of Internet of Things technology and we're seeing just regular old data breaches and hacks of networks and endpoints and mobile devices. So the crowd of people who go to Black Hat are very good at this, but it just goes to show how bad we all are at protecting our IT assets and even our personal devices. So I left scared, and I'm sure a lot of my colleagues did too.