Home Black Hat Deep Tech Essays Fireside Chat My Take News Alerts Q&A RSAC Videocasts About Contact
 

Black Hat

 

Black Hat Fireside Chat: Horizon3.ai makes a strong case for continuous, self-service pentesting

By Byron V. Acohido

LAS VEGAS — Penetration testing, traditionally, gave businesses a nice, pretty picture of their network security posture — at a given point in time.

Related: Going on the security offensive

Such snapshots proved useful for building audit trails, particularly for companies in heavily regulated industries. However, manual pentests never really were very effective at shining a light on emerging cyber exposures of the moment.

Enter advanced pentesting. One of the hot topics at Black Hat USA 2023, which ramps up here this week in the desert heat, is how automation and machine learning are underpinning pentesting solutions deeply and continuously. This self-service, self-directed, continuous infrastructure pentesting approach allows organization to discover their exploitable attack surfaces and reduced their risk.

I had the chance to visit with someone in the thick of this important shift: Snehal Antani, CEO of Horizon3.ai, a San Francisco-based supplier of “autonomous” vulnerability

Black Hat insights: JupiterOne’s whodunnit puts CISOs on the trail of solving a devastating breach

By Byron V. Acohido

LAS VEGAS — One fundamental reason some 7,000 or so IT pros are making the trek here this week is that no one ever wants to get caught in the crossfire of a devastating data breach.

Related: A call to regulate facial recognition

That said, a few dozen CISOs attending Black Hat USA 2023 will get to experience, hands-on, what it must have been like to be in the crucible of milestone hacks like Capital One, SolarWinds and Colonial Pipeline.

They qualified, by means of solving a cipher, to attend a unique event put on by JupiterOne, a Morrisville, NC-based supplier of cyber asset visibility technology. On Tuesday evening, these CISOs will head over to a secret location and immerse themselves in The Data Heist, an audience-participation whodunnit starring Sounil Yu, JupiterOne’s Security Ambassador, who is also a CISO and an author, with a supporting cast of professional actors.

The Data Heist’s opening night, if you will, was in Boston a couple of weeks ago. The cybersecurity pros in attendance had a chance to apply their skills in a festive setting – while role-playing as cyber sleuths responding to a catastrophic network breach. The audience members enthusiastically solved ciphers, uncovered hidden

Black Hat Fireside Chat: Easy come, easy go access strengthens ‘Identity Threat Detection & Response’

By Byron V. Acohido

The rise of the remote workforce, post Covid-19, did nothing to make the already difficult task of doing Identity and Access Management (IAM) any easier for CISOs.

Related: Exposing Shadow IT

With Black Hat USA 2023 ramping up in Las Vegas next week, cybersecurity startup Trustle is championing a new product category—Identity Threat Detection & Response (ITDR)—which aims to enhance the capabilities of legacy IAM solutions.

Companies today are struggling to answer fundamental questions about their cloud environments, such as, who are my users and what can they access? How did they obtain this access? When they don’t need this access, do their identities still exist? Questions like these are a driving force behind the adoption of ITDR, which is becoming a crucial component in the realm of Cloud Infrastructure Entitlement Management (CIEM) and access management.

I had the chance to sit down with Trustle CEO Emiliano Berenbaum to learn just how ITDR can help companies much more efficiently manage user identities and access privileges, while also strengthening

Black Hat Fireside Chat: Taking the fight to the adversaries — with continuous, proactive ‘pen tests’

By Byron V. Acohido

Penetration testing – pen tests – traditionally have been something companies might do once or twice a year.

Related: Cyber espionage is on the rise

Bad news is always anticipated. That’s the whole point. The pen tester’s assignment is to seek out and exploit egregious, latent vulnerabilities – before the bad guys — thereby affording the organization a chance to shore up its network defenses.

Pen testing has limitations, of course. The probes typically take considerable effort to coordinate and often can be more disruptive than planned.

These shortcomings have been exacerbated by digital transformation, which has vastly expanded the network attack surface.

Guest expert: Snehal Antani, CEO, Horizon3.ai

I had the chance at Black Hat 2022 to visit with Snehal Antani and Monti Knode, CEO and director of customer success, respectively, at Horizon3.ai, a San Francisco-based startup, which launched in 2020. Horizon3 supplies “autonomous” vulnerability assessment technology.

Co-founder Antani previously served as the first CTO for the U.S. Joint Special Operations Command (JSOC)  and Knode was a commander in the U.S. Air Force 67th Cyberspace Operations Group. They argue that U.S. businesses need to take a wartime approach the cybersecurity. For a full drill down, please give the accompanying podcast a listen.

Horizon3’s flagship service, NodeZero, is designed to continuously assess an organization’s network attack surface to identify specific scenarios by which an attacker might combine stolen credentials with misconfigurations or software flaws to gain a foothold.

Black Hat Fireside Chat: Doing deep-dive API security — as software gets developed and deployed

By Byron V. Acohido

APIs have come to embody the yin and yang of our digital lives.

Related: Biden moves to protect water facilities

Without application programming interface, all the cool digital services we take for granted would not be possible.

But it’s also true that the way software developers and companies have deployed APIs has contributed greatly to the exponential expansion of the cyber-attack surface. APIs have emerged as a go-to tool used by threat actors in all phases of sophisticated, multi-stage network attacks.

Upon gaining a toehold on a targeted device or server, attackers now quickly turn their attention to locating and manipulating available APIs to hook deeply into company systems. APIs provide paths to move laterally, to implant malware and to steal data.

Guest expert: Sudeep Padiyar, founding member, Traceable.ai

The encouraging news is that API security technology has advanced quite a bit over the past five years or so.

I had the chance at Black Hat 2022 to visit with Sudeep Padiyar, founding member and director of product management, at Traceable, a San Francisco-based supplier of advanced API security systems. Traceable launched in 2018, the brainchild of tech entrepreneurs Jyoti Bansal and Sanjay Nagaraj; it provides deep-dive API management capabilities — as software is being developed and while it is being used in the field.

We discussed the Gordian-knot challenge security teams face getting a grip on the avalanche of APIs hooking into their organizations. For a full drill down, please give the accompanying podcast a listen.

Black Hat Fireside Chat: Deploying ‘AI’ as a weapon to win the ‘attack surface management’ war

By Byron V. Acohido

Short-handed cybersecurity teams face a daunting challenge.

Related: ‘ASM’ is cybersecurity’s new centerpiece

In an intensely complex, highly dynamic operating environment, they must proactively mitigate myriad vulnerabilities and at the same time curtail the harm wrought by a relentless adversary: criminal hacking collectives.

In short, attack surface management has become the main tent pole of cybersecurity. A rock-solid, comprehensive battle plan has been painstakingly laid out, in the form of the NIST Cybersecurity Framework. And now advanced weaponry is arriving that leverages data analytics to tighten up systems and smother attacks.

Guest expert: Justin Fier, VP Tactical Risk and Response, Darktrace

One supplier in the thick of this development is Cambridge, UK-based Darktrace, a supplier of security systems designed to help companies“think like an attacker,’ says Justin Fier, Darktrace vice-president of tactical risk and response, whom I had the chance to visit with at Black Hat 2022.

We discussed how legacy, on-premises cybersecurity systems generate massive amounts of telemetry – data which is perfectly suited for high-scale, automated data analytics. This is why it makes so much sense for artificial intelligence, generally, to be brought to bear in attack surface management.

Black Hat Fireside Chat: Replacing VPNs with ZTNA that leverages WWII battlefield tactics

By Byron V. Acohido

The sunsetting of Virtual Private Networks is underway.

Related: VPNs as a DIY tool for consumers, small businesses

VPNs are on a fast track to becoming obsolete, at least when it comes to defending enterprise networks. VPNs are being replaced by zero trust network access, or ZTNA.

VPNs encrypt data streams and protect endpoints from unauthorized access, essentially by requiring all network communications to flow over a secured pipe. VPNs verify once and that’s it. This was an effective approach when on-premises data centers predominated.

By contrast, ZTNA never trusts and always verifies. A user gets continually vetted, per device and per software application — and behaviors get continually analyzed to sniff out suspicious patterns.

Guest expert: Rajiv Pimplaskar, CEO, Dispersive

This new approach is required — now that software-defined resources scattered across hybrid and public clouds have come to rule the day.

I had the chance at Black Hat 2022 to visit with Rajiv Pimplaskar, CEO at Dispersive,  an Alpharetta, GA-based supplier of advanced cloud obfuscation technology. We discussed how ZTNA has emerged as a key component of new network security frameworks, such as secure access service edge (SASE) and security service edge (SSE)

We also spoke about how Dispersive is leveraging spread spectrum technology, which has its roots in World War II submarine warfare, to more effectively secure modern business networks. For a full drill down on our forward-looking discussion, please give the accompanying podcast a listen.