• United States



Contributing Writer

What to expect at Black Hat: Security hype and reality

Jul 21, 20173 mins
Cloud SecurityData and Information SecurityEndpoint Protection

Look for machine learning, automation, orchestration, integration and threat intelligence to dominate the Black Hat security conference

I’ve been looking forward to this year’s Black Hat conference in Las Vegas for several months. In my mind, Black Hat has become the industry’s premier event for digging into cybersecurity technology. RSA seems to be leaning toward business development and Sand Hill Rd. schmoozing these days.

With Black Hat upon us next week, I anticipate a lot of activity in four areas:

1. Machine learning/artificial intelligence (AI). While machine learning and AI have a lot of potential for cybersecurity, the technology is really in a hype cycle right now. Vendors are talking about machine learning as a panacea, but I view it as supplemental for use cases such as threat intelligence synthesis, multi-behavioral anomaly detection, and insider threat detection. Given this, I encourage technology vendors to be very specific about what AI technology can and can’t do. 

Furthermore, suppliers must do a better job educating the market. According to recent ESG research, only 30 percent of cybersecurity professionals consider themselves “very knowledgeable” about machine learning and its application to security analytics and operations, so there’s plenty of work to do to transform hype to knowledge. I look forward to being further educated myself next week.

2. Automation and orchestration. This is probably the hottest cybersecurity technology category today—and for good reason: 45 percent of organizations have a problematic shortage of cybersecurity skills, and most firms find it difficult to recruit and hire additional headcount. These organizations have two choices: Make their cybersecurity staff more efficient or outsource. Little wonder then, why 19 percent of organizations have implemented technologies for security operations automation/orchestration “extensively,” while another 39 percent have done so on a limited basis.

Enterprises certainly want automation/orchestration technology, but they aren’t sure where it should reside or what to automate/orchestrate first. I have my opinions, but I’m looking forward to learning more in Vegas.

[ Related: The best of Black Hat: The consequential, the controversial, the canceled ]

3. Integration. If you’ve been following my blog posts, you know that ESG has come up with the concept of a security operations and analytics platform architecture (SOAPA). SOAPA is an integrated software architecture based upon a common distributed data management layer, a software services integration layer, an analytics layer, and an orchestration layer. This isn’t technology for technology sake; it’s an attempt to create a systematic loosely coupled architecture that promotes technology interoperability to improve security efficacy while streamlining security operations. 

Recent ESG research indicates that 21 percent of organizations consider the creation of a SOAPA architecture as one of their highest security priorities, so it is truly catching on. In my humble opinion, the cybersecurity technology industry must become more cooperative so it can move in this direction. I plan to monitor Black Hat to see where things stand today and what steps are needed to push the industry. 

4. Threat intelligence. This one is easy and really at the historical heart of Black Hat.  I’ll be looking at emerging threats and cyber adversaries to understand what types of cyber attacks, malware and data breaches may be coming down the proverbial pike. 

I’ll be blogging again soon about my impressions after Black Hat. Stay tuned, and see you in Las Vegas. 

Contributing Writer

Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.

More from this author