Another year at Black Hat has come and gone, with attendees from around the world coming together to share and discuss their ideas, research, and discoveries. Did you attend Black Hat this year? If not, don’t worry. We’ve put together the highlights of this year’s conference.
Here are our top takeaways from Black Hat 2018:
1. The Days of Reacting to an Attack are Past
The occurrence of data breaches is growing, as is their size and complexity. We can no longer just react to breaches after they happen, but must be more proactive as to how we detect and defend against attacks..
During Black Hat 2018, there were a variety of hands-on training sessions focused on how security teams can become more proactive. A sold-out session titled A Guide to Threat Hunting Utilizing the ELK Stack and Machine Learning allowed attendees to create their very own enterprise-wide hunting platform and develop a method for retrieving the data from various endpoints and sources. Attendees learned to use normalization and visualization techniques to organize data and find outliers within each dataset as well as how to collect data efficiently from all endpoints in the network. The goal of all of these training sessions was to help bridge the gap between academic knowledge of threat modeling and the real world.
Raffael Marty discussed the dangers of algorithms. He emphasized that many businesses are blindly relying on algorithms to track and detect anomalies without having a deeper understanding of what the algorithms are doing. We shouldn’t rely solely on algorithms to detect all anomalies in our data, but instead, rely on a combination of machine learning and detection strategies driven by human experts.
2. The Influence of Social Engineering
Social engineering continues to be a prevalent attack technique, manipulating individuals into giving away information to be used for fraudulent acts. The Advanced Practical Social Engineering discussion helped attendees to develop a strategy to build the skills, mindset, and tools needed to become a professional social engineer. Attendees learned about human vulnerability, the skills of influence and persuasion, and other psychological and technical tactics to master elicitation. In another discussion, Achieving Security Awareness Through Social Engineering Attacks, the presenter taught attendees about evaluating human vulnerability and using modern techniques to demonstrate this vulnerability through penetration testing.
3. Learn to Think Like a Hacker
Black Hat also held several training sessions on various hacking techniques. In order to stop hackers and disrupt attacks that can happen, one must think like a hacker. Hackers are becoming more sophisticated in the way they attack, so understanding the latest technology and techniques of hacking will assist in the recognition of attacks and allow disruption of the attack to happen faster. There were training sessions about car hacking, basic and advanced infrastructure hacking, and more. To highlight a couple, the Basic Infrastructure Hacking session was used to familiarize attendees with the fundamentals of network hacking and the Advanced Infrastructure Hacking session discussed a variety of penetration techniques to exploit platforms such as Docker, Kubernetes, and Windows and Linux modern operating systems using the latest, cutting-edge technology.
4. The Future is a Growing Concern
The future of security is always evolving, and there will become more concerns as technology continues to advance. One session at Black Hat covering this topic was by Charlie Miller and Chris Valasek on Applied Self-Driving Car Security. They gave insight into potential security concerns of self-driving cars. Should we be worried about cyber attacks in these new vehicles as they become more popular? As we look forward to the future, we must consider all of the additional devices in our lives that require additional security. This presentation focused on security for cars, but as smart products continue to develop (speakers, household appliances, and so on), new security measures may need to be developed.
Did we miss anything? If you attended the conference, let us know what you enjoyed most!
And if you didn’t have a chance to meet with us at the show and you’re interested in how Capsule8 can instantly detect and disrupt zero-day attacks in your production environment, request a demo!
Capsule8 is defining modern enterprise protection by providing detection and response for Linux infrastructure in any environment. Capsule8 provides host-based detection and investigatory data for incident response with on-going support. Unlike anyone else, Capsule8 mitigates the financial, scalability and reliability limitations of protecting your Linux infrastructure.