Attending Splunk .conf21? Join us for our session, Tips from the Trenches: Practical Search and Response to Stop Ransomware with Splunk. Learn More ➞

Black Hat 2020: Session Highlights and a Look Ahead

Last week concluded another valuable Black Hat USA event – although held entirely virtually this year, the impact of the research, trends, and knowledge shared was as strong as ever.

From new industry trends such as extended detection and response (XDR) to current event security considerations and best practices to detect and mitigate some of the most prevalent and challenging threats – the content did not disappoint! In case you missed them, below are a couple sessions that grabbed headlines and high audience engagement:

Stress-Testing Democracy: Election Integrity During a Global Pandemic

In this keynote, Matt Blaze, McDevitt Chair in Computer Science and Law at Georgetown University, explored the new layer of challenges in securing elections that accompanies a pandemic.  Here were the top takeaways:

  • Managing voter confidence is difficult with contradictions between secrecy, security, and transparency.
  • Logistical concerns extend beyond election day with complicated ballots and local government funding.
  • Computerized voting drastically changes and expands the attack surface, potentially reducing visibility.
  • With all this considered, uncertainty is high when prepping for the upcoming November election; what can we do as leaders in the cyber security industry? Reach out to our local election authorities directly or through our associations to offer guidance or support.

Engineering Empathy: Adapting Software Engineering Principles and Process to Security

Can software engineering practices apply to security engineering teams? They certainly can – and should – as we heard from Craig Ingram, Principal Security Engineer at Salesforce, and Camille Mackinnon, Principal Infrastructure Engineer at Salesforce. Here’s a few ways that stood out:

  • Keep it Simple, Sam (KISS) and don’t overwhelm your engineers.
  • Adapt DRY (Don’t Repeat Yourself) principles to security.
  • Apply practices that work from agile development into your security processes.
  • Use SLI (service level indicator) / SLO (service level objective) to measure security and development performance.
  • Shift Left – move security earlier in the development cycle.

ReliaQuest at BlackHat 2020

While we wish we could have spent the week alongside security peers in Vegas, our team nonetheless took the opportunity to share expertise and connect virtually.  This included a couple of speaking sessions featuring Marcus J. Carey, ReliaQuest Enterprise Architect and best-selling author of the book series The Tribe of Hackers. In one panel, Marcus convened two featured cybersecurity leaders from his series, Jayson E. Street of SphereNY and Jeff E. Man of Online Business Systems and co-host of Paul’s Security weekly podcast, to discuss technology trends amid the evolving 2020 landscape.

The speakers emphasized a few recurring themes:

  • The perimeter has disappeared, and security is forever changed in light of increased work from home.
  • Criminals have no ethics; they will continue to exploit FUD around the pandemic and accompanying economic uncertainty to their advantage.
  • Despite the challenges, there are also silver linings for security programs emerging from 2020, such as long-overdue process improvements.

Marcus also led attendees on a journey through the history (and a look ahead!) of security control validation in his presentation: Hack to the Future: The past, present, and future of attack simulation.

In his talk, Marcus looked back at penetration testing, a method of validation that has become more of a checkbox compliance requirement rather than a way for security teams to proactively identify and close gaps.

When it comes to the present, Marcus outlined that we’re seeing a mix of both traditional, ad-hoc pen tests and attack simulations; but security teams are still left having to manually implement changes, updates, and configurations.

What does the future of attack simulation look like? Attack simulation packages continuously running and integrating with your security controls to strengthen your defenses and increase confidence that your controls will work as expected in the event of an attack.

Hack to the Future with ReliaQuest GreyMatter

A snapshot of ReliaQuest GreyMatter's integrated, continuous attack simulations

A snapshot of ReliaQuest GreyMatter’s integrated, continuous attack simulations

The good news is you can experience the ‘future’ of attack simulations today with GreyMatter, ReliaQuest’s SaaS platform that enables automation across the entire security lifecycle, from detection to investigation, response, remediation and threat hunting.

GreyMatter is able to deliver this because it establishes centralized visibility across an enterprise’s technology ecosystem, connecting SIEM, EDR, multi-cloud environments, and third-party apps through its patented universal translator.

To learn more about making continuous, integrated attack simulations a reality at your organization, get the white paper.

More Articles

3 Signs It’s Time to Rethink Your Security Operations Strategy

Today, the security industry is over-saturated with technologies and tools. While many enterprises have established or are setting a foundation for their security operations with Security Information and Event Management (SIEM) and Endpoint Detection and Response (EDR), there are countless point solutions arising to extend them, from SOAR to CASB, UEBA and more. Although each […]

5 Ways to Use Continuous Attack Simulations to Validate Your Security Controls

How confident are security teams that their controls will catch attacks when they arise? Ask around, and you might notice a theme: as enterprise security models grow in complexity, teams struggle to validate their security controls, increasing the likelihood of undetected breaches, gaps in protection, and weaknesses from unpatched systems. These scenarios are indeed worrisome, […]