Cybersecurity Roundup: Black Hat USA 2019 Edition

Written by Edward Gately
August 15, 2019

More than one-third of security professionals’ defensive blue teams fail to catch offensive red teams.

Last week’s Black Hat USA 2019 conference in Las Vegas drew record attendance and highlighted the latest hot topics in the fight against cybercriminals.

Among the topics explored were the need for security teams to include software developers and others in their efforts to thwart malicious hacking, and how organizational structure and decision processes will directly impact whether organizations fall victim to cybercriminals.

In addition, attendees also learned the vast majority of organizations haven’t adopted multifactor authentication, as weak or stolen user credentials are hackers’ weapon of choice, used in 95% of all web application attacks.

And with thousands of cybersecurity professionals on hand, what better time for a survey? Exabeam polled 276 IT security professionals and found out that more than one-third of security professionals’ defensive blue teams fail to catch offensive red teams. Some 68% find red team exercises more effective than blue team testing, and more companies are practicing red over blue team testing.

Red teams consist of internal or hired external security professionals that emulate cybercriminals’ behaviors and tactics, and gauge the effectiveness of the company’s current security technologies. Blue teams consist of the organization’s internal security personnel, tasked with stopping the simulated attacks. In these test scenarios, the blue team must react without preparation, to give the company the most realistic picture of its defensive capabilities.

Exabeam’s Stephen Moore

Stephen Moore, Exabeam’s chief security strategist, tells us with 74% of respondents stating that their companies have increased investment in security infrastructure because of red/blue team testing results, MSSPs and other cybersecurity providers should consider asking prospects if they have performed these exercises early in the requirements gathering process.

“For many organizations, the MSSP is the only defender, the blue team,” he said. “The MSSP should take the lead and drive a minimum of two exercises a year, one collaborative purple team exercise and one that’s red only. Failures in the collaborative activity must drive visibility, analytic, context and procedural changes.”

Learning where the gaps in their security programs lie can help the providers better customize their solution and services packages to their needs, Moore said.

“This will not only ensure better protection for the company but a better customer/vendor relationship,” he said. “Also, these providers should consider partnering with external red team organizations and offering their services as part of their portfolio.”

The study showed that 72% of respondent organizations conduct red team exercises, with 23% performing them monthly, 17% quarterly, 17% annually and 15% biannually. Sixty percent conduct blue team exercises, with 24% performing them monthly, 12% quarterly, 13% annually and 11% biannually. The fact that so many organizations practice these exercises monthly speaks volumes about their maturity and dedication to fortifying their security posture, according to Exabeam.

Not only do more organizations practice red team testing, but 35% of respondents claim that the blue team never or rarely catches the red team, while 62% say they are caught occasionally or often. Only 2% said they always stop the red team, emphasizing that organizations must constantly evaluate and adjust their security investments to keep up with today’s adversaries.

Promisingly, the study found that 74% of IT…