What to expect at Black Hat: Security hype and reality

I’ve been looking forward to this year’s Black Hat conference in Las Vegas for several months. In my mind, Black Hat has become the industry’s premier event for digging into cybersecurity technology. RSA seems to be leaning toward business development and Sand Hill Rd. schmoozing these days.

With Black Hat upon us next week, I anticipate a lot of activity in four areas:

1. Machine learning/artificial intelligence (AI). While machine learning and AI have a lot of potential for cybersecurity, the technology is really in a hype cycle right now. Vendors are talking about machine learning as a panacea, but I view it as supplemental for use cases such as threat intelligence synthesis, multi-behavioral anomaly detection, and insider threat detection. Given this, I encourage technology vendors to be very specific about what AI technology can and can’t do. 

Furthermore, suppliers must do a better job educating the market. According to recent ESG research, only 30 percent of cybersecurity professionals consider themselves “very knowledgeable” about machine learning and its application to security analytics and operations, so there’s plenty of work to do to transform hype to knowledge. I look forward to being further educated myself next week.

2. Automation and orchestration. This is probably the hottest cybersecurity technology category today—and for good reason: 45 percent of organizations have a problematic shortage of cybersecurity skills, and most firms find it difficult to recruit and hire additional headcount. These organizations have two choices: Make their cybersecurity staff more efficient or outsource. Little wonder then, why 19 percent of organizations have implemented technologies for security operations automation/orchestration “extensively,” while another 39 percent have done so on a limited basis.

Enterprises certainly want automation/orchestration technology, but they aren’t sure where it should reside or what to automate/orchestrate first. I have my opinions, but I’m looking forward to learning more in Vegas.

[ Related: The best of Black Hat: The consequential, the controversial, the canceled ]

3. Integration. If you’ve been following my blog posts, you know that ESG has come up with the concept of a security operations and analytics platform architecture (SOAPA). SOAPA is an integrated software architecture based upon a common distributed data management layer, a software services integration layer, an analytics layer, and an orchestration layer. This isn’t technology for technology sake; it’s an attempt to create a systematic loosely coupled architecture that promotes technology interoperability to improve security efficacy while streamlining security operations. 

Recent ESG research indicates that 21 percent of organizations consider the creation of a SOAPA architecture as one of their highest security priorities, so it is truly catching on. In my humble opinion, the cybersecurity technology industry must become more cooperative so it can move in this direction. I plan to monitor Black Hat to see where things stand today and what steps are needed to push the industry. 

4. Threat intelligence. This one is easy and really at the historical heart of Black Hat.  I’ll be looking at emerging threats and cyber adversaries to understand what types of cyber attacks, malware and data breaches may be coming down the proverbial pike. 

I’ll be blogging again soon about my impressions after Black Hat. Stay tuned, and see you in Las Vegas.