Black Hat USA continues to be one of the perennial security conferences in the country and often provides a glimpse into what’s hot in the cyber security world. Black Hat has a vibrant and active user community with all major security vendors participating. Black Hat also draws many new start-ups and offers them a chance to showcase their technology and services. The conference is also the primary event where academia and independent security researchers release newly identified vulnerabilities and discuss the advanced exploits being used to compromise governments and corporations.
To keep the classroom relevant, professors often attend such conferences to identify cutting edge technologies, advances in control frameworks, and new research that needs to be incorporated into the information assurance curriculum. I had the opportunity to attend this year’s conference and wanted to share the following highlights.
This was the 18th year of the Black Hat USA conference. As usual, the lineup was impressive, including more than 115 briefings and workshops, with 70 deeply technical trainings and 100 hours of high-intensity content and new vulnerability disclosures. Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and Society, presented the keynote titled, “The Lifecycle of a Revolution.” Ms. Granick looked to the future and discussed the forces shaping and determining the next 20 years in the revolution that is the Internet, including the balkanization of the Internet, influences of the Digital Millennium Copyright Act, and the fact that the next billion Internet users will come from the developing world.
Another major theme running throughout the conference was the use of machine learning within the information assurance domain. Machine learning is a subfield of computer science that evolved from the study of pattern recognition and computational learning theory in artificial intelligence. The best briefing on the topic, in my opinion, was delivered by Joshua Saxe and was titled, “Why Security Data Science Matters and How It’s Different: Pitfalls and Promises of Data Science Based Breach Detection and Threat Intelligence.” Mr. Saxe did an amazing job explaining the primary methods of data science and showed multiple real world examples of where data science helped solve some difficult cyber security problems.
The other major theme running throughout the conference was that the endpoint is the new battleground and therefore agent-based technologies are a must. I realize this is not news to most in the security world, but the past few years saw resurgence in network based technologies over agents installed on every endpoint. For years, agents have received negative reviews as they made endpoints unbearably slow and were very difficult to maintain and administer. However, today’s workforce is rarely if ever connected to the corporate network thereby render most network based technologies ineffective. More and more people work remotely or require mobility as part of their jobs. In such cases, the only alternative is an agent-based defensive approach. Many existing and new companies revealed cutting edge agent-based technologies to identify and prevent advanced attacks on the endpoint. Other agent-based tools released at Black Hat were related to endpoint vulnerability scanning, indicators of compromise hunting, and automating the incident response and forensics processes.
I was fortunate to attend Black Hat this year and look forward to bringing what I learned into the classroom and ensuring Regis’ graduates, as always, stay ahead of the game.