Contributed by Jason Bloomberg
The phrase ‘black hat’ refers to a hacker with criminal intentions, so I expected my first trip to the Black Hat USA conference held in Las Vegas this year to give me exposure to the shady underbelly of the cybersecurity world.
On that account, I was disappointed. Black Hat has gone corporate.
Oh, I’m sure there were a few bona fide criminals in the mix and a far greater number of individuals up for some not-quite-illegal mischief-making. But the vast majority of attendees were more of the ‘white hat’ variety – hackers who seek to find, understand, and exploit software vulnerabilities in order to help protect their employers.
Fortunately for the vendors exhibiting at the show, the white hat hackers brought their bosses as well. Many a CISO roamed the floor, seeking that essential piece of gear that would keep their organization out of the dog house where Capital One, Equifax, and so many others have found themselves of late.
For CISOs and others who routinely attend the much larger RSA Conference, however, Black Hat was indubitably a disappointment, as the exhibit floor was essentially ‘RSA light.’ Many of the same names and faces show off their wares at both shows, so picking one’s way among the booths revealed little that was worthy of Black Hat’s reputation as a hacker show.
The sessions, in contrast, are reasonably different from the fare at RSA. However, with titles like Exploiting the Hyper-V IDE Emulator to Escape the Virtual Machine and Infiltrating Corporate Intranet Like NSA – Pre-auth RCE on Leading SSL VPNs, it’s clear the speakers at Black Hat were targeting the hacker more so than the CISO.
Highlights of the Show Floor
There was still a lot for security professionals to learn on the floor regardless. Established vendors like NETSCOUT discussed the full integration of its 2015 acquisition of security vendor Arbor Networks, combining Arbor’s ability to rapidly identify and characterize threats with NETSCOUT’s extraordinary access to network intelligence, both on the Internet and on corporate networks.
Another established cybersecurity vendor, Securonix, discussed its new network traffic analysis (NTA) product offering that monitors and correlates network traffic events, security events, and user activities to detect even the most advanced threats, thus offering a combination of a standalone traffic analysis tool and security information and event management (SIEM) in one product.
There were also a number of startups on display at Black Hat. Among the more interesting examples is Armis, an Internet of Things (IoT) security vendor. The IoT is remarkably vulnerable, as most devices from baby monitors to hospital MRI machines lack sufficient security, or contain software with known vulnerabilities.
In many situations, furthermore, it’s impractical or impossible to update the software on such devices. In some cases, the devices simply do not allow for updates, and in others, any attempt at such an update would damage the device.
Armis responds to this challenge by securing the network interactions with IoT devices. It can detect vulnerable or compromised devices by looking at their network traffic and then either mitigate vulnerabilities or segment the network, isolating compromised devices from the network.
Most Disruptive: QOMPLX
I spoke with a number of other vendors, and perhaps the most exciting and disruptive is QOMPLX, formerly known as Fractal Industries. QOMPLX is commercializing technology its team originally built for the US Air Force, which required complete situational awareness in cyberspace. In other words, the Air Force wanted a holistic way of understanding who was doing what to whom.
To meet this requirement, QOMPLX’s core innovation is technology for combining time-series and graph data into a single hybrid data platform. Time series data include log files, IoT telemetry, and any other operational data that stream continually from their sources. Graph data include the relationships among entities, allowing for complex, natural language searching.
Never before has a vendor combined these two approaches for storing and managing data in such a high-performance manner. The result is the ability to glean relationships among timestamped data even in situations where the data sets are massive and streaming.
The use cases for QOMPLX’s technology are remarkably varied, and extend well past cybersecurity. However, given the prevalence of time series data relevant to the security domain, Black Hat proved an appropriate forum for the technology.
Case in point: QOMPLX is able to solve the perennial security challenges with Kerberos, an established authentication protocol favored in Windows environments.
Kerberos depends on exchanging tickets that must expire quickly because given enough time, a hacker can compromise them. QOMPLX brings sufficient context to bear in order to solve this problem, which has proven to be one of the knottier cybersecurity challenges of the last 20 years.
QOMPLX, however, is no one-trick pony. It also provides sufficient context for cybersecurity insurers to calculate accurate rates – a problem that has limited the ability of such insurers to cover more than a narrow set of risks.
Expect to see many other disruptive use cases from this startup. QOMPLX is not without its own challenges, however. Top of the list: just explaining what it does. Here’s how its web site explains its platform: “An Enterprise Operation System designed to enable data-driven, contextualized decision platforms that are risk-centric and highly customizable for virtually any business domain.” Got that?
Taking Risk Management to the Next Level
Black Hat may no longer be for the black hats, but its central mission is all about finding and exploiting the software vulnerabilities that represent enterprise cybersecurity risk.
Understanding such risk is essential to managing it – and managing such risk is really what Black Hat is all about. Cybersecurity personnel – white hat or no – are not able to manage such risk by themselves. “Risks are shared. Security is everybody’s job,” explained Dino Dai Zovi, Head of Security – Cash App at Square, in his morning keynote.
As a result, the hacker as outsider is rapidly becoming an obsolete trope in the enterprise. “We’re not outsiders anymore,” Dai Zovi continued. “We’re inside communities and inside organizations.”
Black Hat may have gone corporate, but that’s just what the enterprise needs.
NETSCOUT and Securonix are Intellyx customers. None of the other organizations mentioned in this article are Intellyx customers. Black Hat provided Jason Bloomberg with a free pass to the conference.
The writer is founder and president of Digital Transformation analyst firm Intellyx. He is also a leading IT industry analyst, author, keynote speaker, and globally recognized expert on multiple disruptive trends in enterprise technology and digital transformation. He is ranked #5 on Onalytica’s list of top Digital Transformation influencers for 2018 and #15 on Jax’s list of top DevOps influencers for 2017, the only person to appear on both lists.
The opinions expressed in this article are the personal opinions of the author. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.