Images: Hybrid Black Hat Conference Features 'Intimate' Setting, Meaningful Conversations
Ransomware and supply chain attacks were hot topics at this year's Black Hat.
![Black Hat 2021 Feature Black Hat 2021 Feature](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt552a1f6c38328f8f/65244b096fd13c589d05bc97/Black-Hat-Hero-Image.jpg?width=700&auto=webp&quality=80&disable=upscale)
SentinelOne had a massive booth in the Black Hat business hall. This week, the company unveiled SentinelOne Storyline Active Response (STAR), its cloud-based automated hunting, detection and response engine.
Integrated with SentinelOne’s ActiveEDR, STAR allows security teams to create custom detection and response rules, and deploy them in real time to the entire network or desired subset, to detect and respond to threats. STAR also allows security teams to turn these queries into hunting rules that trigger alerts and automated responses when rules detect matches.
Fortinet recently unveiled its FortiGate 3500F Next-Generation Firewall (NGFW) to protect organizations with hybrid data centers against the increasing threat landscape and ransomware attacks. FortiGate 3500F offers automated threat protection post decryption. Additionally, it’s built with zero-trust network access (ZTNA) capabilities, further delivering security to any user at any location with its security-driven networking approach.
Bitdefender’s booth drew lots of interest on the business hall floor. This spring, Bitdefender enhanced its Partner Advantage Network (PAN) to increase revenue opportunities and make it easier for partners to work with the company. The new program allows partners to sell the company’s solutions and services for threat protection, detection and response.
Last month, Siemplify announced its application is now available in the CrowdStrike Store. That allows CrowdStrike Falcon users to integrate with its security orchestration, automation and response (SOAR) solution for faster, more effective investigation and response.
Corelight, which provides an open network detection and response (NDR) platform, this week launched Smart PCAP for its Corelight AP 3000 Sensor. With Smart PCAP, defenders can capture just the packets needed for investigations and retrieve them with a single click from their security information and event management (SIEM). Corelight works with technology partners.
Deep Instinct drew a lot of interest on the business hall floor. It recently released its midyear Cyber Threat Landscape Report, which found a 244% increase in ransomware compared to the same period in 2020.
Robert Boudreaux is Deep Instinct’s field CTO.
“Ransomware is evolving,” he said. “In a lot of ways, it’s the same top five threats. And you’re starting to see state-sponsored attacks happen more often where it used to be corporate espionage or popularity gaining. Now it’s for a purpose for a profit more and more. There are targets and outcomes in mind. So people are running a more mature, redundant business. How they’re doing it, they’re relying on vulnerabilities in systems and the lack of education of users. It’s happening at such a volume that companies are having to prioritize. They’re having to come up with creative budgeting to be able to handle ransoms by buying their own cryptocurrency and they’re learning that the backups they have, sometimes the backups themselves are already infected, so your recovery is not necessarily the path of least resistence.”
In the sponsored theater on the business hall floor, Christopher Fielder, Arctic Wolf’s director of product marketing, gave a presentation on ending cyber risk with security operations. Last month, Arctic Wolf secured $150 million in new financing, bringing the company’s valuation to $4.3 billion.
On the business hall floor, Black Hat Arsenal is a space for developers to showcase the latest open source tools and products with attendees. Demonstrations are held in an open, conversational environment, enabling presenters to interact with attendees and provide a hands-on experience.
This spring, ZeroFox launched a channel program in an effort to double its contributions from partners in 2021. The ZeroFox Global Partner Program represents what company executives call a partner-first strategy. The company wants to assist partners in reaching new verticals – like health care and financial services – and new geographies.
Microsoft is acquiring RiskIQ, a provider of global threat intelligence and attack surface management, in a deal reportedly worth $500 million. RiskIQ helps customers discover and assess the security of their entire enterprise attack surface in the Microsoft cloud, AWS, other clouds, on premises, and from their supply chain. Moreover, it can help enterprises identify and remediate vulnerable assets before an attacker can capitalize on them.
Also in the sponsored theater, SentinelOne gave a presentation on what it’s going to take to solve the software supply chain problem. The session was topical considering all the supply chain attacks making recent headlines, like SolarWinds and Kaseya.
CrowdStrike had a massive booth in the business hall. It recently unveiled Falcon X Recon+, a new managed solution that simplifies the process of hunting and mitigating external threats to brands, employees and sensitive data. Falcon X Recon+ threat experts manage digital risk protection efforts by monitoring, triaging, assessing and responding to threats across the criminal underground.
The Varonis data security platform helps security teams minimize their blast radius – the damage attackers can do once they land on a network – with data-centric security. For the second quarter of 2021, Varonis’ total revenue grew 33% year over year to $88.4 million. Annual recurring revenue grew to $328.2 million, a 39% increase over the year-ago quarter.
Mimecast has joined Exabeam’s XDR Alliance as a founding member. The alliance is a partnership of cybersecurity industry providers committed to an inclusive and collaborative extended detection and response (XDR) framework and architecture.
“We are thrilled to be a founding member and inaugural email security partner in the XDR Alliance,” said Jules Martin, vice president ecosystem and alliances at Mimecast. “We see collaboration in security being essential in keeping our customers safe, and leveraging the members’ interconnected, best-in-class cybersecurity solutions, which allows joint customers to benefit greatly.”
Two private equity firms have completed their $900 million acquisition of ExtraHop, the network detection and response (NDR) startup. The buyers were Bain Capital Private Equity and Crosspoint Capital Partners. Bain Capital invests in technology companies and is one of the world’s top multi-asset alternative investment firms. Crosspoint Capital focuses on cybersecurity, privacy and infrastructure software sectors.
NetWitness, an RSA business, this week unveiled NetWitness Ransomware Defense Cloud Service, a managed cloud service that monitors endpoints without traditional deployment and administration requirements. It also includes detection intelligence developed from ransomware research and development, combined with threat hunting in enterprise environments.
It also rolled out NetWitness IoT, a new SaaS-native IoT security monitoring solution that addresses the strategic evolution of IoT security.
Arthur Fontaine is NetWitness’ product and solution marketing manager.
“We do a great amount of our business through the channel and channel partners, ISVs, SIs and VARs, and we also have a very strong MSP channel where they’ll take our products and they’ll sell it to an end user and manage it on their behalf,” he said. “So we’re very strong in the channel. Right now, we’re in an environment where there’s so much cybersecurity need out there that we really do need to rely on our channel partners to deliver a lot of it. It’s really all-hands-on-deck time right now with the rise in ransomware, supply chain attacks and other attacks.”
Attendees took time out from business to have some fun in the business hall.
OpenText acquired both Carbonite and Webroot in 2019. In April, it launched a new version of its Webroot Business Management Console for MSPs. The release is designed to provide MSPs with a unified point of management across Webroot’s endpoint, DNS and security awareness training portfolio.
ThreatLocker in May announced it has raised $20 million in Series B funding, bringing the company’s total funding to $24.5 million. Led by Elephant, the company is leveraging the round to expand its global footprint and continue to focus on innovating ahead of the cybersecurity market.
ThreatLocker in May announced it has raised $20 million in Series B funding, bringing the company’s total funding to $24.5 million. Led by Elephant, the company is leveraging the round to expand its global footprint and continue to focus on innovating ahead of the cybersecurity market.
The ongoing COVID-19 pandemic didn’t stop this year’s Black Hat conference from going live again in Las Vegas.
This time, the Black Hat conference was a virtual event, with most participants opting for virtual, while around 5,000 chose to attend in person. In addition, the business hall was noticeably smaller, lacking the presence of cybersecurity giants such as Mircrosoft, IBM, FireEye, Palo Alto Networks and more. That gave the startups and smaller providers a chance to stand out during this Black Hat conference.
Mick Baccio is global security adviser at Splunk. He gave his impressions of the conference.
Splunk’s Mick Baccio
“I think a lot of the smaller companies, the conversations they’re having are more meaningful,” he said. “It’s a more intimate setting, so people aren’t coming to your booth just to get the swag. They’re having a conversation about your product. It’s more exposure. The people who are here want to be here.”
Baccio said it will be interesting to see what happens after this latest Black Hat conference.
“There are a lot of newer companies and this could be their big break,” he said.
Ransomware, Supply Chain Attacks Hot Topics
Stopping ransomware and supply chain attacks were big topics at this year’s Black Hat with all the recent headlines bringing these attacks to the mainstream.
“I think ransomware is a problem and I think it can be combatted by some basic steps,” Baccio said. “Ransomware has always been a problem, but that’s back when it was just your machine that would get locked up. And now it’s enterprise machines. I do think it will get worse. I think with the pivot of everyone moving to cloud architecture, because from a business standpoint it makes sense, you haven’t heard a lot about ransomware attacks in the cloud … and I think that’s going to become a more common thing.”
Getting back to basics is what’s going to help minimize ransomware, he said.
“Know what’s on your network and patch it,” Baccio said. “There is no silver bullet, but we’re trying to raise the bar a little bit. If we had multifactor authentication (MFA) mandated for everything, that would decrease our incidents.”
Threats Beyond Ransomware
On the business hall floor, researchers with Bitdefender were anxious to share their latest findings in terms of cyber threats.
Bitdefender’s Bogdan Botezatu
“What people perceive to be the No. 1 threat is ransomware because it is so visible,” said Bogdan Botezatu, Bitdefender‘s director of threat research. “But while ransomware is more visible, it’s not the only threat that targets endpoint right now. What we have seen in the past few months is the emergence of more generalistic malware that attempts to harvest credentials. We documented a couple of cases of Trickbot or Emotet, which are used for the bad guys to harvest information or gain access to these devices that they have compromised.”
They participate in an underground market that’s filled with initial access brokering, he said. They provide access to these computers in various verticals to the bad guys who monetize on attacks after that.
“Say you’re a bank and you’ve been infected by Emotet or Trickbot,” Botezatu said. “These bots will live on the computer, harvest login information and other credentials, which are then sent back to the bad guys who operate these threats. They are clustering them by verticals. This password provides access to somebody in a bank. This password provides access to somebody in government or pharma, or critical infrastructure. They cluster this information and sell them to the highest bidder.”
Alex Balan is security research director at Bitdefender. He stressed the importance of endpoint detection and response (EDR) and extended detection and response (XDR).
“Those are things that alert us when some is happening in our network,” he said.
Scroll through our slideshow above for more highlights from Black Hat and pictures from the business hall floor. We bet you’ll see some companies you know.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like