I was at CiscoLive a few weeks ago in the 100-plus degree heat of Las Vegas, and like other cybersecurity professionals I am off to Sin City again next week for Black Hat.
Black Hat has become a technically focused little brother of the RSA Security Conference, chock-full of cybersecurity geeks at the beginning of the week and forensic investigators, researchers, analysts and hackers at the end as Defcon takes over. Given this focus, I’m looking forward to hearing about a number of things, including:
1. Anti-ransomware fact and hyperbole. Last December, I predicted a rise in ransomware, even going so far to talk about enterprise ransomware that impacted multiple systems on the network simultaneously. Unfortunately, I was right about this one, as ransomware has become a cybersecurity scourge of 2016. It's nasty stuff, and once you’re hit, there is little you can do except replace the hard drive, reimage systems and hope you’ve done a recent full backup. Alternatively, you can pony up a bunch of rubles to Vladimir in Odessa.
Nevertheless, there are ways to prevent ransomware before it bricks your system. New types of algorithms can scan files before execution and finger ransomware. Virtual sandboxes can execute malware without impacting system resources. You can also condition your employees to ignore social engineering scams using tools like PhishMe and Wombat Security. Anyway, I expect everyone to be talking about ransomware, and I'm anxious to learn the latest about threats, countermeasures and industry rhetoric.
2. Endpoint security progress. This is a fast-moving area where I’ve done a lot of research. The big AV players are still selling suites, but next-generation endpoint security vendors such as the three “Cs” (Carbon Black, CrowdStrike and Cylance) along with others like CounterTack, Digital Guardian, Invincea and SentinelOne are making progress and taking money out of AV vendor pockets. I’ve blogged about the endpoint security continuum, which spans from advanced prevention to advanced detection and response. I’m interested in learning more about what enterprise organizations are doing with endpoint security, which vendors are gaining traction and which of the multitude of technology solutions CISOs are passing on.
3. Security analytics: Immature science project or useful tool? I’ve been doing a lot of research into this area, and my feeling is that the technology is in its early stages. Useful? Yes, but limited in terms of scale and flexibility. I have seen progress in structured machine learning tools like UEBA, while unstructured machine learning is great if you know how to build models to derive value. How is this technology progressing? That’s what I want to find out at Black Hat.
4. Bridging security to the cloud. My colleague Doug “Cloudy” Cahill is all over this, and it sure seems like big security vendors want to add cloud security to their portfolios: Blue Coat acquired Elastica, Cisco purchased CloudLock, Microsoft grabbed Adallom, etc. Traditional network security vendors such as Check Point, Fortinet and Palo Alto are also moving in this direction. I’m interested in hearing about the uptake of these tools and whether cloud security is considered an add-on or replacement for traditional controls.
5. IoT security: A vertical industry application? I posted a blog about this recently, as I believe IoT along with increasing regulations and the growing business angle on cybersecurity will turn cybersecurity into more of a vertical industry application over time. Of course, not all IoT is the same, so I’m interested in learning about threats, vulnerabilities, defenses and best practices in industries such as energy, healthcare, manufacturing and transportation that are blazing the IoT trail.
There will be plenty of other things to talk about at Black Hat, and I’ll be blogging about everything I learn over the next few weeks. See you in Vegas.