10 Top Cybersecurity Trends To Watch For At Black Hat 2018

What To Expect At Black Hat 2018

The annual Black Hat conference has grown over the past two-plus decades into a premier stage for security researchers to demonstrate the latest hacks on devices, systems and critical infrastructure.

More than 17,000 attendees and 300 companies will pack Las Vegas' Mandalay Bay Convention Center to share critical security research and insight and demonstrate the latest products and technologies.

As we head into Black Hat 2018, CRN sat down with executives from nine prominent cybersecurity vendors to see what trends they're expecting to hear more about at this year's event.

From product interoperability and third-party vulnerabilities to data loss prevention and threats to critical infrastructure, here are the top cybersecurity trends industry leaders are watching out for at this year's show.

Taking SOAR To The Next Level

The first generation of Security Operations, Analytics and Reporting (SOAR) products have held their own when it comes to detecting and aggregating voluminous amounts of security information, but are ripe for displacement as customers seek more interoperability, according to FireEye CEO Kevin Mandia.

Organizations – particularly those that are multinational in nature – want to have all of their products work better together to go from alert to fix in the fastest way possible, Mandia said. Therefore, the next generation of SOAR products will need to have exceptional down-selection to help find the needle in the haystack as well as the ability to automate as much as possible, he said.

All told, Mandia said the center of security operations of the future will provide more single-click functionality from a central portal, automate many of the things still being done by humans today, and facilitate more seamless communications between products from different vendors to help solve security issues more quickly.

AI Comes To Behavior Analytics

Artificial intelligence will help the User and Entity Behavior Analytics (UEBA) market finally realize its potential by making the inputs more manageable and cutting down on the false positives, according to Sophos Principal Research Scientist Chester Wisniewski.

Up until now, Wisniewski said the amount of data has made it very hard for UEBA tools to write an algorithm that can make sense of all of it. As a result, Wisniewski said organizations get a lot of false alarms, meaning that they won't trigger an enforcement action even if something anomalous is detected.

At best, Wisniewski said they'll just flag the problem for their Security Operations Center (SOC) to look into. But thanks to AI-driven advancements, Wisniewski expects false positives to become infrequent enough that organizations will eventually become open to automatically blocking anything that generates an alert.

AI should also free up time that security professionals currently spent triaging, Wisniewski said, enabling them to dig much more deeply into the two or three most significant alerts.

Data Takes Center Stage

Businesses are hamstrung in trying to keep up with all of the threats and potential attack vectors, limiting how much can be accomplished by investing in the latest prevention technologies, according to Digital Guardian CEO Ken Levine.

But companies aren't going to find themselves on the front page of their local newspaper just because there's an intruder in their corporate network, Levine said. The more serious problems typically arise only if an intruder is able to take data from the corporate network, according to Levine.

To keep data from leaving a corporate network, Levine said businesses must understand which portions of the information are confidential or classified, as well as which users are authorized to access that information. This approach makes it possible for companies to focus on anomalous activity around the data itself rather than merely searching for threat actors in the corporate network, he said.

Infrastructure In The Crosshairs

Bad actors are increasingly targeting infrastructure through botnets or routers, going after energy and utility systems or even the internet itself, according to SonicWall CEO Bill Conner.

Some 95 percent of all infrastructure lies in private hands, Conner said, meaning that solution providers will need to work with utility providers and government oversight authorities when pursuing a fix. Bad actors will also target the supply chain supporting the infrastructure -- which is often based in labs or academic settings -- looking for the weakest possible link, Conner said.

Infrastructure has become a more viable target thanks to new chip-based capabilities and non-commercially found malware that goes after PDFs or Microsoft Office files, Conner said. The new weaponry is better at disguising itself, making detection and prevention more laborious for infrastructure providers, according to Conner.

Third-Party Vulnerabilities Loom Large

Recent examples of breaches that have occurred due to someone in a company's supply chain as well as heightened awareness and interest from board members have placed third-party risk squarely in the spotlight, according to BitSight President and CEO Tom Turner.

Third-party risk -- or the risk that exists to an organization because of the people they do business with -- is a popular topic of discussion for senior decision-makers since it's a much easier topic for nontechnical personnel to wrap their heads around than something more arcane like advanced persistent threats or polymorphic encryption, Turner said.

Last year's WannaCry ransomware attack was a watershed moment for third-party risk given the massive downstream effect associated, for instance, with shipping companies that could no longer get their ships out of the harbor, Turner said. WannaCry made senior-level people realize that controlling third-party risk was essential for maintaining resiliency and avoiding a significant stock price hit.

Dealing With A Largely Remote Workforce

An ever-more-dispersed workforce has increasingly resulted in workers bringing sensitive corporate data off-premises either in the form of files or access to applications, according to John Delk, general manager of Micro Focus' Security and Information Management and Governance Product Groups.

Having users log in from a tremendous variety of access points can create a pretty complex security infrastructure challenge, Delk said. He recommended that solution providers start with simple things like multifactor authentication, and then work their way up to products that help support a distributed data and universal workforce environment such as data loss prevention.

Data in motion can also be a challenge for businesses with a highly distributed workforce. In those instances, Delk recommends examining technology on the market today that can help with managing data once it moves outside the organization.

From Passive To Proactive

Customers are moving from passive cybersecurity approaches – including everything up to next-generation anti-virus – to proactive ones where they actively hunt for threats, according to Cybereason Co-Founder and CEO Lior Div. Building walls around an organization can sometimes provide protection in the short term, Div said, but they'll eventually fail.

Despite massive cybersecurity investment and spending over the past six years, Div said there's only been an increase in the rate of new attacks as well as the rate of high-profile cases where a business has become exposed to hackers.

The greatest amount of success has been enjoyed by businesses that have adopted a new mind-set, Dior said, embracing proactive activities such as war games against red teams (third-party adversaries). Those businesses that embrace proactive exercises typically become far more effective at pushing actual hackers out of their environment, Div said.

Data Loss Prevention's Second Act

Data loss prevention has enjoyed a resurgence as one of the fastest-growing markets in all of cybersecurity as advancements in the cloud offer better integration opportunities, according to Digital Guardian Vice President of Global Channels Marcus Brown.

Aside from the occasional DDoS attack, Brown said virtually all of the breaches and hacking events occurring around the globe are about stealing data. The relentless drumbeat of data breaches has resulted in greater industry awareness, Brown said, putting the matter squarely in the purview of CEOs, CFOs and board members.

Compounding the emphasis on data loss prevention are new regulations such as the European Union's GDPR rules and data privacy regulation in California that's similar to GDPR in its breadth, Brown said. Given the damage a data leak poses to a company's reputation, share price, intellectual property and competitive advantage, Brown said businesses have returned to investing in data loss prevention in a big way.

Threat Vectors Continue To Proliferate

Threats are increasingly coming from a variety of sources such as email, web, IM and social media, meaning solution providers must provide customers with a viable offering that allows them to manage the disparate challenges, according to Mimecast Vice President of Channel Programs Julian Martin.

Bad actors are looking to infiltrate an organization by exploiting a gap rather than breaking down the entire fortress, Martin said. As a result, Martin said they'll profile users via email, social media and LinkedIn to ascertain what they're working on from a security perspective and then identify a different way of getting into the enterprise.

Solution providers shouldn't keep sending out emails and hope people start to learn about security threats by being called out in a traditional way, Martin said. Instead, Martin said they need to boost awareness by figuring out ways to make the information relevant to employees sitting at their desk trying to do their day job.

Connected Devices Add More Complexity

The Internet of Things offers the potential to improve life for businesses and consumers alike in connecting everything from cars to dishwashers to the internet, according to Faraz Siraj, RSA Security's regional vice president of Americas channels, distribution and alliances.

Although these new ways of access allow for more modernization, Siraj said they also pose a security threat since bad actors can manipulate the access point and use it for an unintended purpose. And when it comes to new technology, Siraj said the initial focus of designers is around making it faster and better rather than zeroing in on protection.

To make these technological advances work, Siraj said they must be secured in a way that doesn't slow down the entire system.