Black Hat 2013: 14 Security Firms That Piqued Hackers' Interest
Black Hat Known For Research, Not Products
Annual attendance at the 2013 Black Hat security conference has increased significantly in recent years. This year, more than 7,500 were in attendance, according to conference organizers.
The hacking conference has been known for research that showcases high-profile attacks targeting hardware and software vulnerabilities. With attendance at its highest, there was a heightened need for security vendors to gain security professionals' attention on the expo floor. The following security firms appeared to be getting the lion's share of attention for the roles they play in network monitoring, malware detection and analysis capabilities.
Irvine, Calif.-based CrowdStrike, which sells "active defense" services and a threat intelligence platform, was getting interest from Black Hat attendees. The firm, founded by former McAfee executives George Kurtz and Dmitri Alperovitch, has preached the need for organizations to use active technologies to combat cybercrime rather than passive detection measures. CrowdStrike's cloud-based Falcon platform provides detection, attribution and a range of response actions, including deceptive tactics and other ways to disrupt targeted attacks.
The future of Round Rock, Texas-based Dell as a publicly traded company may be in doubt, but its presence in the security market is continuing to grow. Beginning in 2011, the company acquired SecureWorks for security services. The company also acquired network security vendor SonicWall and added Quest Software for IT management capabilities and AppAssure for secure backup. Last month, Dell rolled out its Dell Data Protection Protected Workspace brand PCs and unveiled an agreement with security vendor Invincea, which will ship a customized version of its secure virtual containers software to protect the browser and other applications from attack.
Palo Alto, Calif.-based Hewlett-Packard unveiled a big channel refresh in April and is readying a managed security services program. The company is attempting to widen its reach with its ArcSight security information and event management (SIEM) appliances and is actively recruiting partners for its Fortify software for application security. It's also reworking its TippingPoint line of intrusion prevention appliances. At Black Hat, the firm highlighted its data protection tools and network infrastructure security technologies to conference attendees.
Boulder, Colo.-based LogRhythm is seen positively by many security analysts for its line of security information and event management appliances. At the core of the company's technology is its Advanced Intelligence engine, which performs the correlation and analysis of enterprise log data. Security experts have long pointed out the need for network security pros to monitor network logs to detect and contain suspicious activity before it becomes a serious problem. The company manages a reseller program through LogRhythm Connect and a program for managed security services providers, offering various deployment options.
Network monitoring appliance maker Solera Networks was acquired by Blue Coat systems in May. The firm showed off the latest components of its security analytics and advanced threat protection platform at Black Hat. The company's appliance acts as a DVR for the network and competes against RSA NetWitness. Both appliances are coveted by forensics teams and incident responders who use them to conduct deep analysis on systems following a breach. In recent years, the firms have touted the ability to detect attacks in real time.
Alexandria, Va.-based Mandiant has raised more than a few eyebrows with its report in February that connected the Chinese government to a hacking group believed to be responsible for hundreds of targeted attacks. The company performs incident response services for businesses and government agencies. Mandiant was in active recruitment mode at Black Hat as well as showcasing its forensics and incident response platform to prospective clients.
Palo Alto Networks
Santa Clara, Calif.-based Palo Alto Networks has been seen by industry analysts as an innovative next-generation firewall (NGFW) vendor. The firm touts secure application enablement to control application-function usage across the corporate network. Its WildFire service uses a cloud-based sandbox to test suspicious files and monitor behavior in an attempt to identify new malware. The company competes in a market that has been consolidating. Sourcefire was acquired by Cisco Systems, and McAfee recently acquired Stonesoft. Both firms were seen as innovators in the NGFW market.
Santa Barbara, Calif.-based malware detection startup Lastline was getting interest from Black Hat attendees. The firm sees itself as a competitor to FireEye, which touts a technology capable of detecting targeted attacks and zero-day threats. Lastline recently announced that it raised a $10 million round of funding. Its CEO is Jens Andreassen, a former executive at Fortinet, who helped build out that appliance vendor's channel program. In a recent interview with CRN, Andreassen said his company's approach would be channel friendly.
Mobile device vulnerabilities and threats received a great amount of attention at Black Hat, and security experts say the vendors that are in place to capitalize on the interest are those that focus heavily on mobile data security and application control. San Francisco-based Mocana helps companies mobilize applications without the need for coding or a software development kit. The company can create an application container to enable a business to set and enforce corporate policies and control access to backend systems. Analysts at research firm Gartner told CRN that mobile security firms that will endure are innovating around application control and the idea of containerizing mobile applications to isolate corporate data from the mobile device itself.
Denver-based security firm Accuvant has touted a strong security research arm and incident response team that have presented at a variety of security conferences. In addition to consulting work, the firm provides managed security services and network monitoring. At Black Hat, the company's researchers presented on conducting forensics on embedded systems and exploiting smart grid systems. Researchers also discussed ways to defend against a pass-the-hash attack, a technique that uses a cryptographic hash collision to exploit authentication weaknesses to gain remote access to a server.
Lindon, Utah-based AccessData Group is known for its e-discovery platform, but Chad Gailey, vice president of worldwide channel sales, said his firm is creating strong partnerships in the channel with Accuvant, IBM and others with its forensics tools. The company touts its SilentRunner network forensics software and other forensics tools for data collection. Its e-discovery software is used for processing, case review and management, and it also has a services arm for incident response, litigation and forensics. Gailey told CRN that the company's products combine to create a complete, end-to-end platform for handling security incidents.
Antivirus firm ESET, with its U.S. headquarters in San Diego, is playing in a crowded field of antivirus firms. The security firm focused on its enterprise software with its NOD32 antivirus, remote administrator server and console, and support of two-factor authentication. Black Hat attendees lined up to fire at a target in an attempt to win a small prize at the security vendor's booth.
U.K.-based antivirus vendor Sophos wanted to stress the simplicity of its portfolio at the Black Hat conference by keeping its vendor booth void of much messaging. Company executives told CRN that its portfolio is easy to use and deploy, which is attractive to small and midsize businesses. The company recently unveiled a managed services program and added two new channel executives to help shape out its channel initiatives while it cloud-enables its entire portfolio. Sophos touts a complete package, with many of its core security capabilities in its unified threat management appliance.
Lake Mary, Fla.-based Foreground Security attracted Black Hat attendees interested in learning more about its security consulting, training and services offerings. The company was also in recruitment mode, seeking penetration testers and other experts at the conference. Foreground said it helps both private and public sector firms conduct a risk analysis, to determine what systems and processes need improvements. The company also recently unveiled its virtual security operations center for hardening the network and around-the-clock traffic monitoring. In addition to penetration testing services, the firm conducts a user education training program.