Takeaways from BlackHat Europe 2019
My journey at BlackHat
Black Hat Europe, taking place from 2nd until 5th of December in London, is the yearly unmissable event for security experts interested in discovering new offensive and defensive IT security trends.
During the event the participants have the possibility to attend 4 formats of presentations and multiple parallel tracks for each of the formats.
There is the Briefing format that is a 25 to 50 minute presentation related to a new hack, vulnerability of lesson learned, the Arsenal format where researchers are presenting offensive and defensive prototypes in a booth, sponsored session where big security companies are addressing a specific security topic, and the business hall where different security companies and organizations are presenting their solutions and services.
It was a complex task for me to come-up with an efficient schedule out of all these formats, but I decided to put priorities on the topics be choosing talks related to threat intelligence, cyber defense and social engineering.
A lot of presentations and debates happened during this event highlighting the new trends related to the offensive strategy taken by companies and organization to identify more precisely their attackers’ model. Red/Blue teams corporate organizations are more and more democratized in big companies and offensive security is now a serious approach being adopted to neutralize attackers.
Transparency is also a strong message pushed by some CSOs and CISOs especially regarding the lesson learned from cyber attack to reduce the reproducibility of complex malware campaigns. Best practices and education need to be evolving faster to stay coherent with the evolution of the new attack strategies
Threat Intelligence & Automation
Most of the products and companies represented in the business hall were proposing threat intelligence solutions and products. Collecting, gathering, analyzing and interpreting big security data is definitively a competitive challenge. All these companies are pretending collecting the most complete rage of data from a lot of sources including the Dark Web (some of them admitting paying external “researchers” to illegally collect “fresh” rare data from restricted forums and communities).
Gathering a lot of data is good but being able to classify it and deliver exploitable information is a different story. Most of the solutions lack intelligence in the data classification and identification, the output reports remain unstructured and hardly exploitable by alerting tools.
Automation is the trendy word for the threat intelligence solutions but few evidences from useful solutions are perceivable from the demos and the test cases shown in the event.
The human factor, the first vulnerability node of the organization. Social Engineering attacks represent one of the main attack vectors used against organizations. The Insider threat seems to be the most severe issue observed in companies. The risk is under estimated by companies and public organizations. Big organizations like Twitter and Facebook are identifying more and more insiders exfiltrating personal data to foreign governments and criminal organizations. New solutions and approached need to be defined in order to identify more efficiently the insider threat risk without violating the privacy of their employees. Hot debate, a lot of challenges and new attacker model to address.
BlackHat is a very important occasion to observe and learn new security approaches and abstractions. Offensive security is no more a taboo and big companies need to start thinking and implementing this approach.
Please don’t hesitate to also find more information on BlackHat Europe Webpage: https://www.blackhat.com/eu-19/