Menu
Become a Client
Mitch Ashley
Krista Case
 & 

Black Hat 2024 Reflections: Security Challenges Demand Rethink on Tools and Processes

Black Hat 2024 Reflections Security Challenges Demand Rethink on Tools and Processes

Analyst(s): Mitch Ashley, Krista Case
Publication Date: August 30, 2024

The News: More than 20,000 security professionals attend Black Hat 2024 at the Mandalay Bay Convention Center in Las Vegas, Nevada from August 5–8, 2024. Please visit this website for more information on Black Hat events.

Black Hat 2024 Reflections: Security Challenges Demand Rethink on Tools and Processes

Analyst Take: As the threat landscape evolves at an unprecedented pace, The Futurum Group’s research and conversations show that requirements for cybersecurity-related technologies and processes are also changing. More than ever before, it makes sense for organizations to re-think their solution implementation and processes in areas such as penetration testing and network segmentation. Artificial intelligence (AI) can play a role here, in helping to increase both the efficiency and efficacy of security and IT Operations teams. Ultimately, the goal is to empower security and IT teams to make informed decisions about mitigating critical vulnerabilities and empowering them to take swifter and more informed actions. Top of mind for customers is the need to optimize security investments while mitigating risks – striking the right balance between platform consolidation and best-of-breed flexibility.

Platform Versus Best-of-Breed

The cybersecurity market has long been driven by user desire for best-of-breed solutions that address specific, immediate threats and vulnerabilities. The result is that today’s given enterprise uses dozens – if not 100 or more – cybersecurity tools. The subsequent, inevitable complexity and sprawl needs to be addressed for a number of reasons including increased cost, reduced efficiency, security gaps, and difficulty in proving regulatory compliance. Platforms can address these pain points by consolidating functions – including those offered by mature technologies – while offering the additional benefit of reducing the frequency with which security teams need to bounce between diverse user interfaces, consoles, and tools. A range of vendors including Fortra, Palo Alto Networks, and Wiz are responding in kind.

On the other hand, platforms – and especially those offered by vendors with long-entrenched traction in the marketplace – often lack agility and dedicated expertise. As The Futurum Group’s conversations at Black Hat underscore, there are a host of nimble startups that are stepping up to more quickly deliver viable products addressing niche problems, providing functionality that could ultimately become integrated into platforms. This specialized focus lends confidence among Security and IT teams to address tier targeted challenges and security threats.

With this in mind, the most feasible way forward for most enterprises includes adopting as much vertical integration as possible, while retaining the ability to plug in niche, best-of-breed tools. The value of a healthy degree of diversification is also evident following the July 2024 CrowdStrike outage. The Futurum Group’s conversations have uncovered that, naturally, those organizations that were all-in on CrowdStrike were most impacted by the outage.

Shift from a Reactive to a Proactive Approach

Another key theme coming out of The Futurum Group’s conversations at Black Hat is the need to shift from a reactive approach that centers on incident detection to proactive and preventative risk mitigation. While incident detection – and, in fact, more advance threat hunting – is critical, threat vectors are evolving more rapidly, and becoming more sophisticated, than ever before, as the attack surface sprawls with the introduction of cloud-hosted applications and infrastructure, mobile and IoT devices, and most recently, generative AI applications. The convergence of these trends results in a game of whack-a-mole, with security and IT teams needing to plug ever-emerging and evolving threats, while at the same time addressing the vast, complex, and constantly changing attack surface.

Against this backdrop, Security and IT teams must continuously evaluate applications and software code, data, and systems for gaps. Specifically, and not surprisingly, The Futurum Group had a number of conversations about using AI strategically to improve threat insights. Security solutions, network and compute devices, and software emit large amounts of log and telemetry data. Because many security vendors now offer or augment their offers with SaaS versions of the productions, the solutions are sitting on large amounts of current and historical data for analysis with AI and machine learning. For example, tools are being introduced that can correlate various data sets for enhanced insights and that are designed to escalate and prioritize only the most pertinent and potentially impactful alerts. Especially following the CrowdStrike outage, which was perpetuated in its impact by automation, Security and IT teams rightly will still desire control over subsequent actions and outcomes.

Especially as it continues to develop and become proven, the value of AI tends to be in helping security operations teams find what they’re looking for. Examples include not only making sophisticated correlations across complex and divergent data sets to identify emerging attack patterns, as previously described, but also querying data sets in natural language, for example, to identify personally identifiable information (PII) in emails.

Don’t Throw Stones at Glass Security Houses

While the CrowdStrike outage and its consequences were very much front and center in discussions at Black Hat, most security vendors were cautious about overly criticizing CrowdStrike. There was a common agreement and appreciation for the transparency CrowdStrike CEO George Kurtz showed about CrowdStrike’s incident, their investigation, and follow-up actions. Some but not all vendors recognized CrowdStrike’s root causes were more than just testing and QA deficiencies. The widespread impact was due to the unfettered distribution of the errant content update for over 90 minutes, something everyone who delivers updates must consider going forward. Customers of software solutions must also consider staging updates before they hit production systems rather than give security vendors carte blanche to update their software as they see fit. The questions to be answered are: will customers stage updates, and how do they resource the testing and evaluation of updates before they are released into production environments?

The bottom line is that vendors recognize this type of outage could just as easily have been caused by their software and updates, a hot seat no one wants to experience. From this analyst’s perspective, if CrowdStrike is the only security vendor to learn important lessons from this incident, the entire industry will lose a critical learning opportunity.

Security User Experience – Simple Is Hard

Software and user interface designers know very well how difficult it is to create a user experience that is “easy” and fits well into users’ workflows and processes. Security products are particularly challenging as they display technically deep security information and intricate workflows. Wiz’s cloud security platform and an innovative identity management product from newcomer Oleria stood out because of their understandable and useful user experience designs. Any product demo should have every onlooker thinking this is a product, even if they could understand it well enough to use.

Confidential Computing Gets Tested

To advance the security of confidential computing products, Intel and Microsoft released the results of a joint collaboration to test the security of Intel’s Trust Domain Extension (Intel® TDX) product. Before the release of Intel® TDX 1.5, an extensive security review was conducted over several months, encompassing architectural, design, and code evaluations. The process concluded with a joint hackathon where teams identified security weaknesses requiring defense-in-depth measures, as well as a few vulnerabilities, all of which have since been addressed.

Read more about the jointly issued technical report here.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other insights from The Futurum Group:

Security Investments Rise as Threat Landscape Darkens

AI-Augmented DevOps: Trends Shaping The Future

Platform Engineering Delivered Infrastructure as Code

Author Information

Mitch Ashley

Mitch Ashley is VP and Practice Lead of Software Lifecycle Engineering for The Futurum Group. Mitch has over 30+ years of experience as an entrepreneur, industry analyst, product development, and IT leader, with expertise in software engineering, cybersecurity, DevOps, DevSecOps, cloud, and AI. As an entrepreneur, CTO, CIO, and head of engineering, Mitch led the creation of award-winning cybersecurity products utilized in the private and public sectors, including the U.S. Department of Defense and all military branches. Mitch also led managed PKI services for broadband, Wi-Fi, IoT, energy management and 5G industries, product certification test labs, an online SaaS (93m transactions annually), and the development of video-on-demand and Internet cable services, and a national broadband network.

Mitch shares his experiences as an analyst, keynote and conference speaker, panelist, host, moderator, and expert interviewer discussing CIO/CTO leadership, product and software development, DevOps, DevSecOps, containerization, container orchestration, AI/ML/GenAI, platform engineering, SRE, and cybersecurity. He publishes his research on futurumgroup.com and TechstrongResearch.com/resources. He hosts multiple award-winning video and podcast series, including DevOps Unbound, CISO Talk, and Techstrong Gang.

Krista Case

Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Related Insights
AWS re:Invent 2025: Wrestling Back AI Leadership
December 5, 2025
 

AWS re:Invent 2025: Wrestling Back AI Leadership

Futurum analysts share their insights on how AWS re:Invent 2025 redefines the cloud giant as an AI manufacturer. We analyze Nova models, Trainium silicon, and AI Factories as AWS moves...
Mitch Ashley
Fernando Montenegro
Brad Shimmin
Alex Smith
 & 
Pure Storage Q3 FY 2026 Results Revenue Up 16% YoY, Guidance Raised
December 4, 2025
 

Pure Storage Q3 FY 2026 Results: Revenue Up 16% YoY, Guidance Raised

Futurum Research analyzes Pure Storage’s Q3 FY 2026 results, highlighting enterprise platform adoption, hyperscaler momentum, and Portworx-led modernization....
Futurum Research
NetApp Q2 FY 2026 Earnings Mix Shift Lifts Margins, AI Momentum Builds
November 26, 2025
 

NetApp Q2 FY 2026 Earnings: Mix Shift Lifts Margins, AI Momentum Builds

Futurum Research analyzes NetApp’s Q2 FY 2026 results, highlighting AI data platform traction, first-party cloud storage growth, and all-flash mix that lifted margins, alongside raised FY EPS and margin guidance....
Futurum Research
Commvault’s Strategic Shift Redefining Resilience as a Strategic Imperative
November 25, 2025
 

Commvault’s Strategic Shift: Redefining Resilience as a Strategic Imperative

Fernando Montenegro, VP and Practice Lead at Futurum, shares insights on Commvault Shift 2025, highlighting the new Cloud Unity platform and the strategic shift to ResOps to unify IT, security,...
Fernando Montenegro
Microsoft Ignite 2025 AI, Agent 365, Anthropic on Azure & Security Advances
November 21, 2025
 

Microsoft Ignite 2025: AI, Agent 365, Anthropic on Azure & Security Advances

Analysts Nick Patience, Mitch Ashley, Fernando Montenegro, and Keith Kirkpatrick share insights on Microsoft's shift to agent-centric architecture, cementing the role of Agent 365 as the operational control plane and...
Mitch Ashley
Fernando Montenegro
 & 
Cisco Q1 FY 2026 AI Demand Lifts Outlook and Orders
November 14, 2025
 

Cisco Q1 FY 2026: AI Demand Lifts Outlook and Orders

Futurum Research analyzes Cisco’s Q1 FY 2026 results, highlighting AI infrastructure demand, campus refresh momentum, and a cloud-first security transition that lifts recurring revenue visibility into the second half of...
Futurum Research

Welcome to The Futurum Group

Login to The Futurum Group
Login to Futurum Intelligence Platform
Login to Futurum Labs Research Library

Book a Demo

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.