This was the first Black Hat I’ve attended since 2019. It was great seeing old friends, meeting new friends in real life, and learning new things about a fast-moving industry. I was glad to be back, and I took notes. I’ve included my top 5 takeaway list here.
But first, an introduction. Even walking around the floor, you could feel the technology trends. For example, this year the Fortra booth was kept busiest with demonstrating our data protection and offensive security solutions. People want to get ahead of the problem, and they’re tired of being hunted.
Our resident ethical hacker, red team operator, and offensive security developer Max Grim also delivered a great session on Fortra’s Outflank Security Tooling (OST) and highlighted how it evades detection, simulating advanced threat actors better than ever. This helps organizations understand potential blind spots that need to be addressed to prevent an adversary from exploiting them.
At the booth, we were also able to showcase Fortra’s offerings for email and phishing protection, managed detection and response, security awareness training, and secure file transfer. On the flip side, I did enjoy walking the floor and I learned a lot in the process.
Here are the top five takeaways I took from this year’s Black Hat Conference.
1. Generative AI
Generative AI was top of mind again at Black Hat: the opening keynote was about ways it’s already transforming the industry. There was a running theme of using generative AI to detect active attacks faster and with higher precision, with vendors touting AI-driven threat detection and AI threat hunting. It was also being highlighted in vulnerability management, where it can identify vulnerabilities and provide mitigation guidance with little or no human interaction. In another instance, tools were introduced that could identify AI-generated emails, which would obviously be a huge benefit. Generative AI is also creating challenges, as there was discussion on shadow AI. This emerging challenge occurs when employees use AI technologies without visibility or control from IT, creating a blind spot and putting the organization at risk.
2. Automate Everywhere Possible
Organizations are still struggling to find and keep security expertise. This is why automation was another prominent theme at Black Hat. There was automated security validation, and automated penetration testing to validate if patches were applied to vulnerabilities (which would replace manual verification). There was SOC automation, which focuses on using playbooks to execute tasks at machine speed and closing out incident tickets with little to no manual intervention. These use cases free up precious resources, allowing staff to focus on higher-value projects.
3. Proactive Security
There was a strong focus on proactive security with lots of vendors touting adversary simulation, evasive simulation, and penetration testing. Organizations moving towards a higher level of maturity will include in their security strategy the concept of thinking like a hacker. Normally the word “hacker” is something I don’t like using because oftentimes it’s not used correctly. Many perceive it to have a negative connotation, but not all hackers have malicious intent. Nonetheless, hacking skills are used to help build tools and provide services to safely test the defenses of an organization. This includes the ability to get past the first line of defense, bypass detection, and move laterally to see what they can find. This provides valuable insights to an organization because it allows stakeholders to understand stealthy attack paths that allow entry into the network, and therefore tactics that could be used by a malicious actor.
4. A Healthy Reserve for AI
There was also some healthy skepticism surrounding AI and automation. After all, there should always be people vetting any technology, regardless of claims being made. Humans need to ensure that models are trained with data from the organization, and we’re also needed to actively tune AI in order to reduce false positives. It is only when there is strong confidence in patterns and consistency that humans should look to engage less.
5. Nothing Beats In-Person with Peers
All of these relevant security issues are important to watch as we go back to our (remote) desks for the rest of 2023. We will be applying these lessons constantly and keeping an eye out for what’s next. However, the most memorable thing that happened was at the end of the conference. As the expo floor closed, I went to catch a taxi but ended up in a 45-minute wait at the Mandalay Bay lobby. When a bellhop announced a shuttle bus heading to the airport, 20 of us skipped the line to catch it. Little did we know this was a party bus with beverages and karaoke. Say what you will about the future of generative AI, singing Africa by our 80’s band Toto with 19 other cybersecurity professionals was the coolest experience on this trip.