Image Gallery: Black Hat USA 2018
A record 17,000 people descended on Las Vegas last week for Black Hat USA 2018, a massive cybersecurity conference, as breaches increasingly grab headlines globally.
One of the core themes during the conference was a need for more information sharing in the industry, said John McCumber, director of cybersecurity advocacy at (ISC)2, a global provider of cybersecurity certifications.
“This is not a new concept, but one that has been repeated for years now,” he said. “The technology fix for this is beyond simple and could happen tomorrow. The real issue at hand is that most organizations have data-management policies that stymie this type of open sharing environment. Unfortunately, you can’t solve policy issues with technology. A first step is to ask ourselves, ‘How do our policies align with the need for sharing information?’ Only by tackling that aspect head-on will we make any real impact on how our systems and people are able to communicate to mitigate risks.”
The conference included presentations and briefings, training, job recruiting, and companies demonstrating their latest technology, and was followed by Def Con, a hacker convention.
Scroll through our gallery below for highlights.
Jeff Moss, Black Hat founder and director, told attendees this year feels as though the industry is in the final exam stage to prove “if we’re as good as we say we are.” He also told attendees they need to "build a whole culture around defense," and that together they can navigate the political aspects of cybersecurity.
Parisa Tabriz, Google’s director of engineering, told attendees that "blockchain is not going to solve all of our security problems," which drew laughter and applause. She also talked about strides made toward better overall cybersecurity practices, including widespread adoption of HTTPS and vendors initiating more security updates.
KnowBe4's booth in the Business Hall. Perry Carpenter, its chief strategy officer, said Black Hat "gives us really good association with other great brands. It helps us show that we're thought leaders in the industry because of the conversations we can have. It's great for networking, but it's also just great because we're in the path of people that are looking to solve this type of problem."
SwimLane's booth in the Business Hall. The company provides a security orchestration, automation and response (SOAR) platform. Cody Cornel, SwimLane's CEO and co-founder, said his company grew more than 300 percent last year and it has been expanding internationally.
Chris Braden, eSentire’s vice president of global channels and alliances, said his company’s value proposition for partners is “tremendous, particularly with MSPs.”
"We've seen a lot of interest from MSPs coming on board," he said. "We've taken a fairly deliberate approach. We're not looking to sign up thousands of MSPs, but we are looking to sign up a certain number of them. The MSPs that we have proactively reached out to, we've had a tremendous response from. The hit rate is close to 100 percent in terms of our interest in joining their portfolio and them reciprocating that interest ... and getting back to us with a signed agreement."
At the Disruption Bar in the Business Hall, attendees asked questions about IBM's security offerings, including QRadar, its security information and event management (SIEM) product.
Black Hat included opportunities for those looking for new cybersecurity jobs. The Career Zone connected companies with cybersecurity talent. Cybersecurity professionals are in high demand.
The impact of law and policy on information security was the subject of a panel discussion that included (left to right): Leonard Bailey, special counsel for national security in the U.S. Department of Justice; Amit Elazari, doctoral candidate in the UC Berkeley School of Law and the Center for Long-Term Cybersecurity; Allison Bender, counsel at ZwillGen PLLC; Paul Rosen, a partner at Crowell and Moring; Jennifer Granick, surveillance and cybersecurity counsel for the American Civil Liberties Union; and Joseph Menn, technology projects reporter at Thomson Reuters.
Ashley Holtz, engineering manager at CrowdStrike, gave a presentation addressing the issue of hiring and retaining women cybersecurity engineers. She said a company doesn't have to have a lot of women to attract women, "you just ensure they will be treated fairly."
Webroot
Dave Dufour, Webroot's vice president of engineering, said his company's primary focus at Black Hat is its OEM offerings. It provides cybersecurity and threat-intelligence services.
"From that OEM perspective, it's about making those relationships stronger than we already have," he said. "From a product perspective, this is one of a couple of conferences you want to come to just to make sure your presence is known in the industry and people know what you're doing. Basically what's old is new. We're still seeing lots of ransomware, lots of phishing, lots of fundamental things around just training people and making sure they have the right things to protect companies. So we're spending a lot of time just ensuring people of the fundamentals."
Cofense
For Rohyt Belani, Cofense's CEO and co-founder, last week marked his 17th year at Black Hat. The company's collective defense suite combines attack intelligence sourced from employees with incident-response technologies to stop attacks and stay ahead of breaches.
Cofense's Reporter allows people to click a button when they see a suspicious email, and it packages the email and sends it to the security operations center (SOC), Belani said. The company has been finding malicious campaigns bypassing "every single email security vendor (at Black Hat) on a daily basis because we're playing the response game, we see what gets through things," he said.
Women in Security and Privacy is focused on advancing women in cybersecurity. Masha Arbisman, a security operations analyst with Phobos Group, is part of the organization.
"We’re seeing progress and more to come, hopefully," she said. "I think the industry as a whole is growing, but specifically for women in the industry, I feel like we’ve gotten more of a step to stand on with everybody joining. With more people coming in, we have more people to rely on.”
Many organizations have massive yet critical information for the sustenance of their operations. However, despite safe storage, and enhanced information security, cyber criminals never sleeps. They devise creative ways to have these information. It is good that seminars like this one can educate organizations and individuals to have informed strategies of keeping their information.