Black Hat Is Back: Scenes From The Show

CRN shows off some of the most zany and offbeat booths from Black Hat’s Business Hall floor as well as the measures taken to protect attendees at one of the first in-person technology conferences to take place since the pandemic.

A Gathering In COVID’s Shadow

Black Hat 2021 was one of the first large-scale technology conferences to take place in person since the arrival of COVID-19 last spring, with 5,000 cybersecurity enthusiasts convening in Las Vegas’ Mandalay Bay Convention Center to hear about ransomware, supply chain and critical infrastructure attacks from leaders including Homeland Security (DHS) Secretary Alejandro Mayorkas and CISA Director Jen Easterly.

While attendees were happy to see friends and colleagues again in person, the show felt much smaller and quieter than the last in-person Black Hat in 2019, where 20,200 attendees packed the Business Hall to gawk at booths from more than 300 security vendors. This time around, there were dozens rather than hundreds of vendors exhibiting in the Business Hall, and there was plenty of space to spread out.

Executives who spoke with CRN said the reduced number of customers and hackers in attendance was the most noticeable aspect, with the in-person audience consisting largely of cybersecurity vendors and investors.

Mandatory Masking For All

Just days before Black Hat began, Nevada enacted an Emergency Directive mandating the wearing of masks in public indoor settings for all individuals regardless of vaccination status. Signs were ubiquitous throughout both the Mandalay Bay hotel and convention center reminding people they must always wear a mask except when actively consuming food or beverage.

Upon arriving at the show, attendees checked in using a contactless system, scanning a QR code that had been emailed prior to the show into a kiosk, which prompted the printing out of a badge in a separate area. If attendees felt ill, there were three different types of COVID-19 tests they could take right from their Mandalay Bay or Delano hotel room for between $140 and $230.

Black Hat said it implemented a more open Business Hall layout, space between seats in meeting rooms and an open registration layout to allow for physical distancing wherever possible. Conference organizers went out of their way to avoid traffic bottlenecks by implementing 20-minute breaks between sessions, which also allowed for more frequent cleaning of meeting rooms.

Still Got Game

Conference organizations made the best of a difficult situation with an array of social and networking activities in the Business Hall for attendees. There were champagne toasts and mimosa bars in the late morning, smoothie and ice cream socials in the midafternoon, and a barbecue reception with drinks, a cigar bar, and live music for 90 minutes late Wednesday afternoon.

Black Hat officials filled some of the empty space in the vacuous Bayside Ballroom with ping pong and foosball tables, games of Giant Tetris and Battleship, and a racetrack with enormous wooden cars.

‘Hacker Summer Camp’

The rollout of the COVID-19 vaccines to the American public during the winter and spring left many in the security industry eagerly awaiting the return of in-person Black Hat and DEF CON, which have affectionately become known as “hacker summer camp.”’ But things took a turn for the worse in July, with the Delta variant breaking through even vaccinated individuals and cases surging in the Las Vegas area.

As a result, many individuals and companies made the difficult decision in the days leading up to the show to forgo traveling to Las Vegas and participate in Black Hat either virtually or not at all. The late cancellations were particularly noticeable in the Arsenal section of the Business Hall, where researchers and the open-source community show off their latest open-source tools and products.

Four of the 29 individuals scheduled to demo their open-source tools Wednesday pulled out of the show after the show’s signage had already been printed and an additional four presenters opted not to demo their tools in person Thursday.

Fortinet Paints A Fabric Picture

Fortinet started Black Hat with one of the walls surrounding its booth completely bare, and then had two staffers spend the entire day Wednesday painting a colorful mosaic depicting the company’s Security Fabric with as well as its four technology focus areas: security operations, adaptive cloud, security-driven networking and zero trust access.

Next to that are three words describing the guiding principles of Fortinet’s Security Fabric: “Broad. Integrated. Automated.” The company hosted a talk on “Breaking The Supply Chain Attack,” and had personnel available to discuss cloud security, SD-WAN, threat intelligence, the evolving threat landscape, and the latest trends in cyberattacks.

The Elephant In The Room

The impact of late cancellations was noticeable as attendees entered the Business Hall, where Titanium sponsors Palo Alto Networks and Qualys were supposed to have large booths in the front row.

But both companies—along with Trend Micro—pulled out in the week leading up to the show, citing the impact of the Delta variant and rising COVID-19 cases in and around Las Vegas. Black Hat ended up filling the space left by the withdrawals of Palo Alto Networks and Qualys with tables and chairs as well as a stage that was used for musical performances.

Keynote addresses by Mayorkas, Easterly and Corellium Chief Operating Officer Matt Tait were given in a much smaller space than what’s normally used during Black Hat, and still the room was noticeably less full than in previous years, with lots of seats available right near the front.

Hands-On Hacking

Web application security provider Invicti offering interactive lock-picking classes at its booth as well as the chance for attendees to test their new skills for prizes at the company’s booth. Five hours after Black Hat’s Business Hall opened, Invicti published a picture to Twitter of the first winner of its expert-level lock-picking, who would receive a $500 Amazon gift card.

Invicti Chief Product Officer Sonali Shah presented on how customers can achieve web app security without tradeoffs, detailing how the company’s technology can help customers secure everything without an army, make friends with the dev team and eliminate bottlenecks. At the booth, Invicti’s application security experts were on hand to answer customer questions and demo some brand-new features.

The Need For Speed

Visitors to Darktrace’s booth were able to experience the thrill of the racetrack with the company’s immersive McLaren F1 Simulator Car. Exclusive prizes were awarded to the top finishers by Darktrace, which is the official AI cybersecurity partner of British Formula 1 racing team McLaren.

Darktrace executives presented during Black Hat on self-learning artificial intelligence, AI red team and attack path modeling, and bringing autonomous response to multi-cloud environments. Darktrace had nine executives available to brief customers on how AI provides comprehensive protection across cloud and SaaS environments and why autonomous response has become critical in fighting ransomware.

SASE Superheroes

Visitors to Perimeter 81’s booth received caricature drawings where they were transformed into SASE (Secure Access Service Edge) Superheroes. Perimeter 81’s CEO Amit Bareket presented during Black Hat on the connection between SASE and SD-WAN and how they are the key to each other’s success since both networking approaches are based on technology that simplifies IT for organizations.

Customers and prospects were able to meet with Perimeter 81’s network security experts to see the company’s platform in action. At its booth, Perimeter 81 conducted live demos, gave out swag and raffled off a Macbook Pro and YETI Cooler.

Larger-Than-Life Adversaries

Visitors to CrowdStrike’s booth could win their very own adversary figure representing a different Advanced Persistent Threat (APT) actor by completing the following actions: engaging in a CrowdStrike product demo; listening to a threat intel briefing from a member of CrowdStrike’s team; and posting on social media a picture with one of the larger-than-life-size adversary statues at CrowdStrike’s booth.

During the show, CrowdStrike Director of Strategic Threat Advisory Group Jason Rivera presented the company’s current understanding of the ransomware landscape and discussed how the ransomware ecosystem has evolved in the past of couple years. The adversary in the picture is Cozy Bear, CrowdStrike’s name for the Russian foreign intelligence service (SVR), which carried out the infamous SolarWinds hack.

Highly Caffeinated And Highly Secure

Intrusion showcased its Shield offering during Black Hat and demonstrated how customers are using it to protect their networks from cyberattacks. Visitors to Intrusion’s booth could enjoy a coffee on the company and observe how its technology kills malicious connections.

Coffee wasn’t the only beverage served at Intrusion’s booth. The company also conducted a Happy Hour at its booth toward the end of the day both Wednesday and Thursday, and broke down how the company’s technology is able to deliver a zero trust architecture and stop zero day attacks.

What About WAFs?

Visitors to ThreatX’s booth had the opportunity to win $100 worth of Mandalay Bay chips by telling the company what drives them crazy about their current web application firewall (WAF). The company said its WAF can minimize rule tuning and false positives with a single risk engine.

ThreatX also debuted a significant product enhancement Wednesday morning on the show floor that provides enterprises with a clearer view of their API attack surface. The company said its new API Catalog gives enterprises visibility into legitimate, suspicious and malicious requests that hit their APIs.

Stopping Cyber And Space Invaders

Visitors to the Forward Networks booth could enhance their security posture and save the world from Space Invaders while playing classic Atari games such as Frogger and Pac-Man. The player with the highest score each day won a refurbished Atari Console from Forward Networks.

At its booth, Forward Networks had experts on hand to demo how the company’s Network Query Engine and Intent-based checks give security operations teams immediate alerts when a device’s configuration is out of compliance. The company’s technology can also visualize east-west traffic flows while delivering an endpoint-to-endpoint connectivity analysis matrix and timely noncompliance alerts.

Testing Your Luck

From a slot machine where visitors could win a Yeti Crossroads Backpack to raffles for a Peloton Bike, Xbox Series X and Oculus VR Headset, customers and prospects stopping by ThycoticCentrify’s booth had multiple ways to test their luck.

At its booth, ThycoticCentrify hosted customized product demos where prospects could explore how to better manage, provision and delegate access to all privileged accounts and explore the company’s cloud-ready privileged access management offerings. The company also demonstrated a real-world security incident that involved CryLock ransomware to show how attackers go about escalating privilege.

Mr. T Would Be Proud

Visitors to Blumira’s booth were encouraged to talk with the company’s security experts to earn a free PrintNightmare t-shirt and get more information on how the company’s automated threat detection and response platform could provide value. The company’s technology is accompanied by a security team that not only alerts users to potential threats but gives them actionable guidance on what to do next.

Blumira co-founder and Chief Technology Officer Matthew Warner presented during Black Hat on the current threat landscape as well as what suspicious activity to detect at each stage in the ransomware kill chain. The company’s technology competes with the likes of AlienVaut, which was purchased by AT&T in 2018 and renamed AT&T Cybersecurity.

Going Back To School

Cyborg Security left the Axe body spray at home, but their booth otherwise represented a high-school locker room with “Do You Even Threat Hunt, Bro?” stenciled onto one of the walls. Visitors to the booth could get T-shirts and stickers with that phrase, along with koozies with the company’s name and logo.

With everyone talking about threat hunting nowadays, Cyborg Security said the term has become used too broad and even more loosely defined. In true behaviorally based threat hunting, Cyborg Security said hunters look for sophisticated post-compromise toolsets, leverage complex behavioral content rather than traditional security controls, and forgo reliance on traditional indicators of compromise.