Black Hat: Beating the Bad Guys One Collaboration at a Time
BLACK HAT USA — Las Vegas is the global center of cybersecurity this week with Black Hat USA 2018 attracting a record 17,000 attendees.
Whether it’s briefings and intensive training, or HackerOne hosting live hacking events with 100 “white hat” hackers, the event is all about how to keep cybercriminals at bay. One of the big messages of the conference is the need for more collaboration among cybersecurity providers to continue making progress against ever-increasing cyber threats.
Jeff Moss, Black Hat founder and director, told attendees this year feels like the industry is in the final exam stage to prove “if we’re as good as we say we are.” He also said the technology being developed is mostly offensive, while cybersecurity defense is becoming increasingly political.
“The General Data Protection Regulation (GDPR), that’s political, and soon we might have a California law to deal with,” he said. “Business models are running smack into political models.”
Maybe 20 companies globally are in a position to do something about raising “security resiliency for all of us,” Moss said. It’s up to everyone else in cybersecurity to put pressure on those companies to get those features, he said.
Parisa Tabriz, Google’s director of engineering, told attendees that great strides have been made in fighting cybercriminals during the past decade, but to be successful, “we have to stop playing wack-a-mole” and do a better job of identifying and tackling the root cause of cyber threats.
She also said it’s important to pick milestones and celebrate them, and build out your coalition of experts. And she said “blockchain is not going to solve all of our security problems,” which drew laughs and applause from attendees.
Tabriz is responsible for Chrome security and Project Zero, a security research team tasked with reducing harm associated with zero-day vulnerabilities. She also spoke about the team’s effort to gain widespread acceptance of switching from HTTP, the protocol over which data is sent between a browser and the connected website, to the more secure HTTPS. HTTPS adoption has skyrocketed globally since 2015.
“Making real change is hard; it results in pushback,” she said. “Making fundamental change to the status quo is hard. If you’re not upsetting anyone, you’re not changing the status quo.”
There’s so much more “intentional collaboration” that cybersecurity professionals can do together, Tabriz said.
“We don’t always agree on specific strategies, tactics … but we have similar goals,” she said. “The effort is so worth it.”
Marten Mickos, HackerOne’s CEO, tells Channel Futures “we come to Vegas first and foremost to hack.”
“That is the most extraordinary thing we do here,” he said. “It’s an innovation we made two years ago where we started flying in hackers to one physical location to hack for one day on just one program. And then customers come to us and say we would like to be the target this time, and they sign up, they commit to having a good bounty budget available and a security team available, and then everything happens in real time. We analyze and triage the reports in real time, we pay the bounties immediately, and at the end of the events we do a show and tell where we talk about what we learned and what the most significant insights were. It’s a very collaborative, intense and also competitive event where everybody learns, and everybody sees the limits of knowledge and the limits of the defense systems the customers have.”
This week, cloud security provider Netskope announced a product partnership with Cylance, a global provider of artificial intelligence (AI)-driven, prevention-first security services. May Mitchell, Cylance’s vice president of worldwide field and channel marketing, tells Channel Partners it’s “two technology partners coming together with an integrated solution that we can go to market with through our common channel partners, and they can provide that to their customers, and then provide services, whether it’s installation, operational configuration or training services to their customers.
“Netskope resells part of our engine for cloud security and in a few months’ time frame we will have integration with their endpoint so we can talk to the two,” she said. “So in a nutshell, from a customer standpoint, they will have protection for cloud as well as down at the endpoint.”
Also at Black Hat, Proofpoint, a cybersecurity and compliance company, announced three “people-centric” security offerings, including targeted attack protection (TAP) isolation for personal webmail and browsing defense, enhanced threat detection and new threat response.
“Exceptional effectiveness in threat protection requires constant innovation — and today Proofpoint has increased its lead,” said Ryan Kalember, Proofpoint’s senior vice president of cybersecurity strategy. “Technologically, these people-centric innovations are an important step forward for Proofpoint and our customers. We help security teams proactively defend their organizations from today’s most advanced threats at scale, embrace new devices, and safely empower employees to use personal email and browse the web.”