In this ESG On Location Video, ESG's Jon Oltsik and Doug Cahill report on Black Hat USA 2016, held in Las Vegas.
Announcer: The following is an ESG on location video.
Doug: Jon and I are back from Black Hat last week in Las Vegas. Jon, it was another really vibrant and interesting show this year to say the least.
Jon: Yeah. I really like Black Hat. I feel like I learn more at Black Hat than any other show. It's because the focus is in the weeds. The focus is about the problems, the threats and the vulnerabilities. It's not kind of patting ourselves on the back that we have such a great industry. It's really talking to people in the know about what's going on in kind of the scary part of cyber security.
Doug: Very true.
Jon: With that, we heard a lot about threats and vulnerabilities, Doug.
Doug: We sure did. Ransomware was front and center. I think at this point fortunately we're all aware just how insidious ransomware is. The bad actors are using new attack vectors. We heard about malware being inserted in Cloud applications and then being disseminated via file sync and share solutions. We also heard about new types of ransomware including hijacking the find my iPhone app and extorting a ransom vis a vis that application.
Jon: Yeah. I predicted a growth in ransomware at the beginning of the year. I'm sorry to say I was right.
Doug: You did. I know.
Jon: I also had a lot of conversations about mobile malware, which we tend to dismiss it in the industry as really not being a threat. There's a lot of focus on PUAs, potentially unwanted applications - the growth of those, things like flashlight applications hijacking your contents, which isn't new but it's just growing.
Doug: It's really starting to happen, yeah.
Jon: Yeah. On the technology side, what's your takeaway?
Doug: The endpoint market is heating up to say the least.
Jon: Oh, yeah.
Doug: There was a lot of noise, and it's getting a little edgy. I think there are vendors that are really staking out their ground around next gen antivirus. We need a definition for what that is. We need to help customers be able to more effectively test next gen A/V products.
Jon: Yeah. I thought the same thing. It's just a marketing transition. Because of that, there's a lot of innovation about hype and uncertainty. I think it's really important for us as analysts in the industry to talk about what's needed for endpoint security cumulatively, not just some defenses but what's needed across different types of endpoints for different types of risks.
Doug: And also holistically as part of a more complete cyber security solution including for analytics. What'd you see at the show respecting analytics?
Jon: There was a lot of talk about analytics and a lot about machine learning and algorithms. That's good, but I do think we're on the onramp of that technology, meaning that there's a lot of data science activity but not a lot of subject matter expertise involved. That still means that we see models and anomalous activity, but we have to go in and understand what that anomalous activity means if anything. I'm bullish on the technology. There's certainly a lot of investment there. It's important to kind of put things in perspective.
Doug: I think that's fair. There's a lot of innovation there, but the practitioners need pragmatic prescriptions to be able to employ that technology. I went to a session on hunting. I was encouraged that it was, like I said, a very sort of pragmatic prescriptive approach being able to start now to have a lean forward approach to be able to find threats that are already in your environment. Taking a quote from the recent political campaign, the presenter said that perfection is arguably the enemy of good. You should start with good enough when it comes to hunting for threats in your environment.
Jon: That's a good point, because hunting is a highly skilled area. To the effect that we can can that or make it easier for junior people to learn and start helping with that hunting, we all benefit. That's the kind of thing that I like about Black Hat is that methodology and that kind of communal education process. I'll be there again next year. I really do think that it's a worthwhile place to learn. I had a lot of conversations with not just technology vendors but actually users and security researchers.
Doug: Yeah, I did as well. I think I mentioned to you I had a really interesting conversation with a CISO at an organization that very much employs a Cloud first initiative for an aggressive growth strategy. They've acquired 15 companies in 12 months. The only way that they can grow inorganically like that was through a really aggressive use of the Cloud. All the onboarding these new companies happens and the security of those new companies happens vis a vis the Cloud.
Jon: That's a new model for security.
Jon: Much more proactive. Sounds like you had as good a week as I did, Doug.
Doug: It was a fascinating week, and looking forward again next year. Please stay tuned.