11 Top Cybersecurity Trends To Watch For At Black Hat 2019
As Black Hat 2019 rolls out the red carpet, CRN talks with executives from 11 prominent cybersecurity vendors to see the biggest cybersecurity trends they are watching at this year's event.
What To Prepare For At Black Hat 2019
More than 19,000 attendees and 300 companies will pack Las Vegas' Mandalay Bay Convention Center this week to learn more about the latest technologies and watch demonstrations of the tools security researchers have developed for use in their daily work.
As Black Hat 2019 rolls out the red carpet, CRN spoke with executives from 11 prominent cybersecurity vendors to see the biggest cybersecurity trends they are watching for at this year's event.
From the embrace of security orchestration and open-source technology to a rise in nation-state activity and threats against connected devices, here are the top cybersecurity trends industry leaders are expecting to see at this year's show.
Orchestrating And Automating Security Operations
Security practitioners have long struggled to demonstrate the precise value they provide when blocking clients from threats, according Mike Adler, VP of the RSA NetWitness Platform. But orchestrating and automation security operations has a clear and demonstratable return on investment since customers can actually see the reduction in their labor and capital costs, Adler said.
Organizations in the past year or two have started developing orchestration capabilities as part of their standard security apparatus so that there's an automated response when certain alerts are generated, Adler said. And massive valuations of companies in the SOAR (security orchestration, automation and response) space indicate just how important this area is going to be moving forward, Adler said.
Companies are just now starting to get comfortable their sharing their approaches to scenarios such as whether it's better to monitor or interrupt an attacker that's gained control over a small number of endpoints, according to Adler. As businesses move beyond phishing playbooks, Adler said they'll face tough decisions about what should and shouldn't be orchestrated.
Less Sophisticated Nation-States Pursue Offensive Cyberactivity
Countries without massive cybersecurity arsenals are increasingly turning to cyberattacks during geopolitical skirmishes, passing over custom malware in favor of spear phishing or DDoS attacks aimed, for instance, at taking down voter registration and polls during election season, according to Richard Hummel, manager of threat intelligence at NetScout.
Media attention has showcased the effectiveness of using cybertactics to influence the outcome of an election, Hummel said, with Russian meddling in the 2016 U.S. presidential election still serving as a cause of uproar 2.5 years later.
Less advanced countries are growing to see cyberattacks as low-hanging fruit thanks to the ease of acquiring over-the-counter tools and the ability to wreak havoc even if everything doesn't go according to plan, Hummel said.
"Everybody sees that it works, so why not use it?" Hummel said.
Organizations Opting For Managed Security Services
Many customer IT and compliance departments struggle to keep up with the velocity that attackers are moving at, according to BJ Jenkins (pictured), president and CEO of Barracuda Networks. As the threat landscape continues to evolve, Jenkins said firms under 1,000 employees have become increasingly comfortable with handing protection responsibilities over to outsourced IT providers focused purely on security.
The most successful managed security providers are able to automatically provision core security services and can scale up rapidly to deal with an acceleration in activity during busy times of the year, Jenkins said.
As larger companies move into the public cloud, Jenkins said they've become more open to considering different frameworks for protecting their vital applications. As a result, Jenkins said managed security firms have been embraced within the Fortune 1000 to provide protection in areas such as public cloud and IoT where there are potentially thousands of devices that need to be safeguarded, he said.
High-Profile Fines Redouble Boardroom Focus On Cyber
Recent costly fines and settlements in data breach and privacy violation cases involving Facebook, Equifax, Marriott, and British Airways will redouble the focus of boardrooms everywhere on having more than just a generic cybersecurity discussion, according to Tom Turner, president and CEO of BitSight.
The high-profile penalties are good for the cyber and risk industry as a whole since the elevates the conversation among boards and investors, Turner said. And for IT service providers that are able to articulate the business value in what they're doing, Turner said customers will grow to rely on them to make risk decisions at the speed of business.
Cybersecurity issues tend to involve a narrower set of stakeholders since the problems are expected to be handled by the company's cyber professionals, Turner said. But privacy-focused issues in cases like Facebook tend to elicit a broader discussion across the entire organization about the risks associated with the information the company is handling, according to Turner.
Massive Damage Feared From Attacks On Connected Devices
Non-traditional domains such as the industrial sector and connected cars pose a unique set of risks due to the scale of data and lack of focus on users, according to John Delk, GM of Micro Focus's security, information management and governance product groups.
Delk expects to see adversaries map the ransomware mentality of locking everything down over to industrial control systems and other things that exist in the connected world to create chaos on a much larger scale.
Ransomware conversations typically take place around 1,000 or 10,000 locked desktops or servers, Delk said, but the discussion will take a different tone when it's about a million sensors or devices distributed all over the world and embedded in actual pieces of hardware. Like mobile devices in the past, many see the connected world as impenetrable to hackers, but Delk expects that will soon change.
Impending Arrival Of Quantum Computing
Businesses are collecting data in anticipation of quantum computing in hopes that the supercharged computing will allow organizations like NASA to examine predictive patterns in areas such as weather and space anomalies, according to Tina Stewart, Thales's VP of market strategy.
Cryptography will offer companies exponentially more algorithms to protect themselves in a quantum world, but technology advances will allow breaches to become more sophisticated as well, Stewart said. Firms need to set policies for what they're doing around third-party access to keys, and want to be in a position where they can easily swap out an algorithm if a compromise has occurred, she said.
For now, Stewart said businesses should consider the shelf life of the data they're stockpiling. Data's that no longer sensitive in a half-decade presents less of a dilemma, Stewart said, but businesses need to make sure they can swap out algorithms around information that's expected to have a 50-year shelf life.
Firms Turn To Orchestration To Unify Security Approach To Disparate Technology
Businesses are increasingly looking for ways to apply artificial intelligence and deep learning to automate security functions, according to FireEye CEO and board director Kevin Mandia. Enterprises have leveraged open-source technology, APIs, and additional develop relationships to write more software, Mandia said, which in turn has created the need for more security operations.
Organizations also rely on security operations to craft their own risk management strategy around assorted pieces of legacy technology that have been brought together, Mandia said. But creating a unified approach to security and risk management at large, multinational organizations with lots of disparate technology can be challenging to pull off, Mandia said.
As a result, Mandia said companies to turning to orchestration to provide support around everything from scaling to writing their own software to integrating and simplifying their security posture.
Patching And Updates No Longer Taken For Granted
Companies like Equifax, British Airways, and Facebook face massive fines today primarily for failing to take care of basic security hygiene such as applying patches and updates in a timely manner, according to Greg Cobb, Digital Guardian's vice president of global channels.
But keeping up with the daily onslaught of vendor patches and communications can be challenging to many businesses due to a lack of internal IT staffing, Cobb said. As a result, Cobb said critical security blocking and tackling too often gets pushed off into the future or ends up falling through the cracks altogether.
Threat detection vendors have made a big push in their messaging around their ability to keep up with and remediate the barrage of patches and alerts that are being produced. And feeding information back into a company's SIEM (security information and event management) platform has become more critical as businesses turn toward systems like AWS that continuously need to be patched and updated, he said.
Integrating Siloed Data Across Security Programs
Companies are looking to operationalize their SOC (security operations center) as well as their vulnerability and risk management programs to better integrate pieces of information that had previously been siloed, according to Sean Convery, VP and GM of ServiceNow's security and risk business unit.
The entire incident management and investigation portion of the SOC has traditionally taken place outside of a structured workload, which Convery said creates consistency challenges and makes it difficult for organizations to onboard new analysts effectively.
Businesses are looking to take human-intensive processes that are inhibiting companies from going after specific advanced threats and provide measured reporting in a more cohesive way, Convery said. Having a structured process for user-reporting phishing would minimize human involvement and provide consistently, measurability, and easier interaction, according to Convery.
Enterprises Grapple With The Security Implications Of Open-Source
Businesses today are living in a software-defined world, where the only way they can stay competitive is by getting features out more quickly than their rivals, according to Leslie Bois, Veracode's VP of global channel and alliances. Leveraging open-source components allows companies to iterate more quickly than writing proprietary code, which she said has caused the technology to become extremely popular.
As a result, Bois said open-source components have become a huge attack vector, meaning that organizations need a way to assess which libraries have been updated as well as the severity of potential flaws. Businesses need to make sure they're using the latest version of the software, Bois said, and also have a sense of where it could potentially be vulnerable.
Network Traffic Analysis Spanning From Cloud To Mobile
As cybersecurity shifts from the perimeter to locking down IoT and mobile devices, integrating network traffic analysis and endpoint data will take on an increased sense of urgency, according to Joe Sykora, Bitdefender's VP of global sales and channels. And the ante is set to increase in the near future as 5G technology increases the amount of bandwidth on IT-based networks, Sykora said.
As the number of mobile devices with 5G capabilities explode, Sykora said businesses will need to be able to analyze traffic coming from both cloud and mobile environments. These tools will need to be able to handle millions of endpoints and support management from a single pane of glass, Sykora said.
Sykora recommended that businesses go with a software-based offering that provides partners with management capabilities from a single console.