Black Hat: Collaboration Needed to Fight Cybercriminals

Written by Edward Gately
August 8, 2018

A record 17,000 attendees are expected during Black Hat's six-day run.

(Pictured above: Google’s Parisa Tabriz on stage at Black Hat USA 2018, Aug. 8.)

BLACK HAT USA — More collaboration among cybersecurity providers is needed to continue making progress against ever-increasing cyber threats.

That’s one of the overall messages at this week’s Black Hat USA 2018 conference in Las Vegas. A record 17,000 attendees are expected during its six-day run.

Jeff Moss, Black Hat founder and director, told attendees this year feels like the industry is in the final exam stage to prove “if we’re as good as we say we are.” He also said the technology being developed is mostly offensive while cybersecurity defense is becoming increasingly political.

Black Hat’s Jeff Moss

“The General Data Protection Regulation (GDPR), that’s political, and soon we might have a California law to deal with,” he said. “Business models are running smack into political models.”

Maybe 20 companies globally are in a position to do something about raising “security resiliency for all of us,” Moss said. It’s up to everyone else in cybersecurity to put pressure on those companies to get those features, he said.

Parisa Tabriz, Google’s director of engineering, told attendees that great strides have been made in fighting cybercriminals during the past decade, but to be successful, “we have to stop playing whack-a-mole” and do a better job of identifying and tackling the root cause of cyber threats.

She also said it’s important to pick milestones and celebrate them, and build out your coalition of experts.

Tabriz is responsible for Chrome security and Project Zero, a security research team tasked with reducing harm associated with zero-day vulnerabilities. She also spoke about the team’s effort to gain widespread acceptance of switching from HTTP, the protocol over which data is sent between a browser and the connected website, to the more secure HTTPS. HTTPS adoption has skyrocketed globally since 2015.

“Making real change is hard; it results in pushback,” she said. “Making fundamental change to the status quo is hard. If you’re not upsetting anyone, you’re not changing the status quo.”

There’s so much more “intentional collaboration” that cybersecurity professionals can do together, Tabriz said.

“We don’t always agree on specific strategies, tactics … but we have similar goals,” she said. “The effort is so worth it.”

During Black Hat, managed detection and response provider eSentire and secure infrastructure provider Cyxtera announced a strategic partnership to deliver prevention and detection capabilities across customers’ hybrid IT environments. The two companies will jointly go to market to maximize customer reach for this midsize enterprise offering.

Chris Braden, eSentire’s vice president of global channels and alliances, tells Channel Partners that his company’s value proposition for partners is “tremendous, particularly with MSPs.”

“There’s a shortage of skilled security IT workers in the country; it’s very difficult to find and even more difficult to retain these employees,” he said. “It’s difficult for large enterprises to do so, and it’s particularly a challenge for …