Cybersecurity Roundup: Black Hat USA 2019 Edition
…security professionals have seen their companies increase security infrastructure investment as a result of red and blue team testing, with 18% calling the budget changes significant. Only 25% claimed that their company has never upped its security budget after performing these tests.
The survey also identified communication and teamwork (27%) as the top skill blue teams need to work on, followed by knowledge of the attacks and tactics (23%), threat detection (20%), incident response time (17%) and persistence (8%).
Deception Technology Hasn’t Yet Gone Big
Deception technology, aimed at preventing a cybercriminal that has managed to infiltrate a network from doing any significant damage, is steadily gaining ground. The technology works by generating traps or deception decoys that mimic legitimate technology assets throughout the infrastructure.
So when is deception technology set to go big? We spoke with Michelle Marchand, Illusive Networks‘ director of channels for the East, at Black Hat to find out.
“I have been in deception technology now for about 14 months, and before that the endpoint and network side, so coming over here was new and exciting,” she said. “What I’ve seen in 14 months is a little bit better recognition of the market. It’s still a lot of evangelizing, to be honest, and within that you’re educating. It’s something that people consider a want right now versus a need.”
The early adopters are those that “get the sensitive data thing and they don’t want to be in the paper, so they really are proactive,” Marchand said. However, that doesn’t mean they have the right funding set aside, which puts deception technology second in line, she said.
And while early adopters are larger organizations, some smaller organizations have come forward with “just as much of a force in their belief in it,” she said.
“They don’t always have to be the big shops to realize that this technology is legit and it does what it says at the end of the day, true deception technology,” Marchand said. “We’ve added some new functionality and add-ons to the product, which are awesome, and that’s exciting because you get that true deception piece and you can piggyback off it. As long as the real product does what it says, it’s a wonderful add-on, wonderful gravy to offer.”
In the meantime, it’s all about education and “you have to get it into people’s environments,” she said.
“When those happen, that is usually an amazingly good sign because now we’re at the point where we just have to find the budget, which doesn’t always happen, but if they see that value behind it and what it really does protect, and how feasibly it is rolled out, it’s impressive,” she said.
MSPs are increasingly expressing interest in adding deception technology to their managed services offerings, Marchand said.