Last week, Black Hat USA 2017 brought an impressive 15,000+ cybersecurity professionals to Las Vegas to talk shop about the biggest issues facing businesses today. Here’s a recap from the perspective of the Webroot security experts who attended.
A hacker’s economy
Black Hat 2017 continued a recent trend of more corporate and business involvement than ever before. We are witnessing history-in-the-making as the threat landscape continues to evolve… and not for the better. Nation state-grade security tools, techniques, and vulnerabilities are increasingly more available to cybercriminals. The price of entry has dropped. It’s as if we’ve lost plans for the atom bomb, while plutonium is just a dollar a pound.
Fortunately, Black Hat continues to be an engaging forum for cross-pollination of security ideas, as well as some scary tactical discussions, but most of all it provides education for individuals and businesses who want to find out how to defend themselves and their employees. My advice to CTOs everywhere is to become conversant in security trends and best practices, whether it’s writing secure code, deploying secure apps, or making sure colleagues are aware of the risks they face every day.
– Hal Lonas, Chief Technology Officer
A CISO’s view
One thing I found interesting this year is that everyone seems to have acknowledged they need machine learning, artificial intelligence (AI), and analytics for their security platforms. Many of the security vendors were talking about using machine learning and AI to differentiate themselves, but I still thought something was missing: nobody was really talking about integration and automation. More vendors are now offering APIs to plug their products into an organization’s SIEM of choice, but from a CISO’s point of view, I want solutions that I can automate to perform specific functions and orchestrate into my security suite.
Unfortunately, I didn’t see much designed to fill that need. With small security teams and tight budget resources, I find CISOs want to implement solutions that can be integrated into their current security platform and exchange/provide data to create a more comprehensive view of the organization’s threat profile in real time. Black Hat has always showcased some amazing technologies, and this year was no different. But from a practical point of view, I was hard-pressed to understand how I would integrate these innovations without having to make major changes to my current security investments.
– Gary Hayslip, Chief Information Security Officer
Understanding machine learning
Industry confusion continues around machine learning and artificial intelligence with the terms being used synonymously. There is still ground to cover to eliminate misnomers when identifying these types of technologies.
That aside, savvy consumers are beginning to understand that machine learning has some limitations. It takes years of experience to properly implement and even more time to build and refine the models to achieve a high level of accuracy. It also isn’t a silver bullet to solve all security problems. Many companies in our space are new to machine learning and haven’t yet had the time to understand its nuances. With over 10 years of experience in machine learning, Webroot is in a unique position, both to provide machine learning technology, but also to educate organizations about how to make the best security decisions for their business.
– David Dufour, Senior Director Engineering
Cryptocurrency fueling ransomware
Ransomware will continue to be a pervasive threat, there is absolutely no questioning this. As long as blockchain payment systems remain (relatively) anonymous, attackers have a direct way to force victims to launder the ransom themselves. Ransomware operators can also shift payments between blockchains, creating another layer of obfuscation. At Black Hat, researchers presented a small glimmer of hope. While methods are far from perfect, they’re developing tactics for tracking payments as they move through the blockchain.
With regard to the malware development, authors are aware of the growing prevalence of machine learning throughout the cybersecurity industry. As such, we can expect to see ransomware developed with a specific emphasis on defeating these models.
– Eric Klonowski, Sr. Advanced Threat Research Analyst
Integrating FlowScape™ Analytics for comprehensive threat coverage
I spent a lot of time on the show floor with our new FlowScape solution, which is great to discuss and to demo, not only for the unique network anomaly and threat detection that it covers, but also for its integration with so much of our other technology. For example, it uses our BrightCloud® IP Reputation threat intelligence to detect communications with known bad IPs. It also enables alerts and monitoring of infected and unprotected hosts through our SecureAnywhere® Business Endpoint Protection management systems via our Unity API.
With FlowScape Analytics, users can clearly visualise the impact of an infection or other cyberattack throughout their network. Getting to demonstrate this solution to other professionals in the cybersecurity space, it was clear we weren’t the only ones excited about the implications of this kind of technology for business security worldwide.
– Matt Aldridge, Solutions Architect