Cygilant Blog

Notes from the Field: Black Hat 2017

Posted by John Linkous on Jul 28, 2017

Black_hat.jpgThis week marked the annual descent of thousands of security professionals, hackers, security product vendors and journalists into 100-degree-plus weather in Las Vegas for the venerable Black Hat conference.  This week in Vegas always includes three significant security events: the community-minded B-Sides security conference early in the week, the deeply technical DefCon conference later in the week, and the most mainstream event – Black Hat – wedged in the middle.  All three events provide a forum for those involved in the security industry to get together and share exotic vulnerabilities and attack vectors, talk about the politics related to security (such as privacy and government monitoring), and in the case of Black Hat, see what tools and technologies vendors are coming up with to improve the security posture of organizations.

In today’s blog post, we’re taking a look at some of the key take-aways and “big picture” themes from this year’s Black Hat event:

  1. Black Hat grows up. Historically, the keynote presentations – and nearly all the briefings – at Black Hat have focused on offensive security, i.e., “here’s how to hack something,” whether that something is automobile electronics, smart energy meters, ATMs or Internet of Things devices.  While that type of briefing was certainly still present at Black Hat this year (and incredibly valuable), a fascinating keynote by Alex Stamos, CTO of Facebook, shifted the discussion to defensive security by focusing on security fundamentals – including the kind monitoring, patching and vulnerability management capabilities that are delivered through EiQ’s own SOCVue platform – as well as taking a real risk-based approach to security by avoiding the sensationalism around more exotic vulnerabilities and instead focusing on the real-world trade-offs.  This message was continued through the briefings with additional talks on reinforcing industrial security, pre-breach planning through the use of purple teams, and the effects of human behavior on information security.
  2. IoT threats abound. When it comes to the Internet of Things (IoT), this year’s Black Hat conference shows that, from a security perspective, IoT devices are the Wild West of technology.  Multiple briefing sessions covered successful attacks on everything from smart phones, power grid infrastructure, wind farm control networks, radiation monitoring devices, industrial robots, and more.  Extended further into the hardware world, briefings additionally covered substantial threats to UEFI-based hardware and firmware attacks on SOHO devices such as home routers.
  3. Vendors continue to saturate the market with endpoint security. There continues to be absolutely no end to the plethora of endpoint security solutions on the market.  A walk through the vendor exhibit hall at Black Hat revealed dozens of vendors focused on protecting the endpoint using a range of tools from traditional, signature-based anti-malware and anti-virus solutions to more advanced detection and response (EDR) solutions employing (or at least, saying they employ) methods such as machine learning, user behavioral analysis (UBA), and other methods to detect advanced threats.  While the jury is still out on how successful these endpoint solutions are going to be in actually reducing risks, it’s clear that endpoint security is going to continue to be one of the most highly-focused areas of security over the next few years.

Regardless of whether you’re a security practitioner, researcher, product vendor or journalist, the Black Hat conference is always an exciting experience that gives attendees an opportunity to learn; if you haven’t previously attended, we highly recommend it for next year.  As the conference now extends past 20 years, it continues to be a forum for everyone who has a stake in the security game to have a seat at the table.


Most Recent Posts

Subscribe to Email Updates