Black Hat Recap: Cybersecurity Insights That Enhance Security Operations
August 16, 2019
Black Hat 2019 was a learning experience and success for all. All of the hackers, presenters, vendors, and attendees have gone home, but what you learned in Vegas doesn’t have to stay in Vegas. Hopefully you are bringing new information and insights back to your daily operations. Here are some of Netsurion’s key takeaways from Black Hat 2019.
1. Government organizations continue to be a primary target for cyber attacks. Guarding governments from threats can be complex due to the types of operations and requirements, not to mention that they have some of the most sought-after sensitive information in the world. The news has been filled with city and state government attacks which are becoming more and more prevalent. We talked with many government employees at Black Hat this year who were concerned about properly protecting their sensitive data from cyber attacks.
2. Supply chains are vulnerable to attacks due to interconnectedness of systems. Thursday presenter, Eric Doerr of Microsoft, reminded us during his talk that supply chain compromises come in many different ways including:
- Manipulation of source code and of dependencies
- Replacement or corruption of supplied binary images
- Spoofing of distribution and update mechanisms
- Adulterated development tools and environments
- Inclusion of malware masquerading as valid manifest items
- Services-based attacks
These compromises will continue to be an issue if the supply chain can’t clean up its act. The best way to mitigate sourcing risk is with comprehensive Security Information and Event Management (SIEM) combined with Endpoint Detection and Response (EDR). Netsurion’s EventTracker SIEM and EDR together help prevent, detect, respond to, and even predict supply chain threats. Read the full blog post that recaps Eric Doerr’s talk here.
3. The cybersecurity skills gap is being addressed. There are over 1 million unfilled cybersecurity jobs, which make it difficult for IT teams to recruit, training, and retain talent. We spoke to many students who were part of a Black Hat scholarship program. While this program won’t be the only answer to the gap, we were happy to see it being addressed.
Due to a lack of staff (and other factors at play), companies utilizing a SIEM, or other cybersecurity tools, struggle to properly protect themselves from advanced threats. In a recent survey, over half of respondents rated their Security Operations Center’s (SOC) ability to investigate and find the source of threats as ineffective. Turnover in a SOC is high due to the demanding workload and long hours, leading 65 percent to quit their jobs. If your company is in this boat, you’re not alone. Building and retaining staff for a 24/7 SOC can be made a reality for your company with SOC-as-a-Service (SOCaaS).
- 4. MITRE ATT&CK framework has gained a lot of traction and it was apparent at Black Hat this year. We saw MITRE ATT&CK everywhere from booth signage to presentations. ATT&CK™ is the adversarial tactics and techniques available from MITRE. It is a curated knowledge base of tactics and techniques that attackers can leverage to compromise enterprise businesses. Frameworks like ATT&CK and the cybersecurity kill chain by Lockheed Martin help us understand attacker’s cycles and how to prevent damage to an organization.
All in all, we also learned many organizations out there still struggle to find the right cybersecurity partner that can offer a turn-key yet customizable solution for their IT security, threat protection, and compliance management needs. If we did not have the pleasure of meeting with you at Black Hat, or you didn’t have time to see a demo of our solutions, we’d like to invite you to our next product demo.