Speed to containment and adaptability were common themes we heard at Black Hat this week. Toward that end, some security teams have turned to platformization for its promises of an interconnected and centralized toolset, but are finding that it lacks flexibility to sustain optimal security operations across a dynamic security landscape.
They are now looking to better integrate their technology infrastructure to allow for more automation, and ultimately, faster containment of threats and more complete investigations.
When it comes to AI, many security leaders are exploring advanced AI applications to enable more automation while protecting privacy.
Below, we dive into the top three topics we heard at Black Hat and how attendees reacted.
Platformization vs. Best-of-Breed
Platformization vendors continue to push their narrative. We spoke to a lot of security leaders, especially those whose companies are early in their security maturity, who were interested in that approach. However, we heard that more mature security organizations are looking for something more flexible.
Instead of depending on a single vendor for an entire security suite, we heard that organizations want the optionality and modularity to bring their existing best-of-breed tools to the platform. Many have found that single-vendor platforms rely heavily on data from endpoint detection and response tools, which can leave gaps in visibility for attacks that occur outside the endpoint.
Fighting Fire with Fire: Advanced AI for Defense
AI is still a big topic at Black Hat, but this year, conversations were more focused on the evolution of AI. As cybercriminals increasingly leverage AI to make their attacks easier and faster, security leaders are looking for ways to apply advanced AI for enhanced defense.
At the ReliaQuest booth, we demoed our AI capability that integrates directly with a customer toolset to identify unusual data patterns, uncover vulnerabilities, and detect potential threats without compromising data security. The demo team received the most positive feedback about the transparency of our approach, as our agents are built so customers can see exactly how the platform is using AI to improve their security operations and give real-time feedback.
Prioritizing Automation to Speed Response
Many of the security leaders we spoke to named automation as a top initiative. In the face of more nimble attackers using AI, these leaders are more willing than ever to automate response actions that risk minor disruption if it means reducing dwell time and mean time to contain (MTTC).
As we showcased our GreyMatter app at the ReliaQuest booth, attendees responded well to the fact that customers can initiate automated response actions directly from their mobile device across multiple toolsets and how it could help them drive down their MTTC.
Conclusion
The evolution of cyber threats continues. We spoke to many security leaders this week who are responding to these changes by taking a multifaceted, adaptable approach to security operations to ensure comprehensive protection. Ultimately, companies are hoping that a streamlined toolset and AI-driven automations can reduce their mean time to contain threats, thereby shortening threat actor dwell time and preventing further compromise.