The News: More than 20,000 security professionals attend Black Hat 2024 at the Mandalay Bay Convention Center in Las Vegas, Nevada from August 5–8, 2024. Please visit this website for more information on Black Hat events.
Black Hat 2024 Reflections: Security Challenges Demand Rethink on Tools and Processes
Analyst Take: As the threat landscape evolves at an unprecedented pace, The Futurum Group’s research and conversations show that requirements for cybersecurity-related technologies and processes are also changing. More than ever before, it makes sense for organizations to re-think their solution implementation and processes in areas such as penetration testing and network segmentation. Artificial intelligence (AI) can play a role here, in helping to increase both the efficiency and efficacy of security and IT Operations teams. Ultimately, the goal is to empower security and IT teams to make informed decisions about mitigating critical vulnerabilities and empowering them to take swifter and more informed actions. Top of mind for customers is the need to optimize security investments while mitigating risks – striking the right balance between platform consolidation and best-of-breed flexibility.
Platform Versus Best-of-Breed
The cybersecurity market has long been driven by user desire for best-of-breed solutions that address specific, immediate threats and vulnerabilities. The result is that today’s given enterprise uses dozens – if not 100 or more – cybersecurity tools. The subsequent, inevitable complexity and sprawl needs to be addressed for a number of reasons including increased cost, reduced efficiency, security gaps, and difficulty in proving regulatory compliance. Platforms can address these pain points by consolidating functions – including those offered by mature technologies – while offering the additional benefit of reducing the frequency with which security teams need to bounce between diverse user interfaces, consoles, and tools. A range of vendors including Fortra, Palo Alto Networks, and Wiz are responding in kind.
On the other hand, platforms – and especially those offered by vendors with long-entrenched traction in the marketplace – often lack agility and dedicated expertise. As The Futurum Group’s conversations at Black Hat underscore, there are a host of nimble startups that are stepping up to more quickly deliver viable products addressing niche problems, providing functionality that could ultimately become integrated into platforms. This specialized focus lends confidence among Security and IT teams to address tier targeted challenges and security threats.
With this in mind, the most feasible way forward for most enterprises includes adopting as much vertical integration as possible, while retaining the ability to plug in niche, best-of-breed tools. The value of a healthy degree of diversification is also evident following the July 2024 CrowdStrike outage. The Futurum Group’s conversations have uncovered that, naturally, those organizations that were all-in on CrowdStrike were most impacted by the outage.
Shift from a Reactive to a Proactive Approach
Another key theme coming out of The Futurum Group’s conversations at Black Hat is the need to shift from a reactive approach that centers on incident detection to proactive and preventative risk mitigation. While incident detection – and, in fact, more advance threat hunting – is critical, threat vectors are evolving more rapidly, and becoming more sophisticated, than ever before, as the attack surface sprawls with the introduction of cloud-hosted applications and infrastructure, mobile and IoT devices, and most recently, generative AI applications. The convergence of these trends results in a game of whack-a-mole, with security and IT teams needing to plug ever-emerging and evolving threats, while at the same time addressing the vast, complex, and constantly changing attack surface.
Against this backdrop, Security and IT teams must continuously evaluate applications and software code, data, and systems for gaps. Specifically, and not surprisingly, The Futurum Group had a number of conversations about using AI strategically to improve threat insights. Security solutions, network and compute devices, and software emit large amounts of log and telemetry data. Because many security vendors now offer or augment their offers with SaaS versions of the productions, the solutions are sitting on large amounts of current and historical data for analysis with AI and machine learning. For example, tools are being introduced that can correlate various data sets for enhanced insights and that are designed to escalate and prioritize only the most pertinent and potentially impactful alerts. Especially following the CrowdStrike outage, which was perpetuated in its impact by automation, Security and IT teams rightly will still desire control over subsequent actions and outcomes.
Especially as it continues to develop and become proven, the value of AI tends to be in helping security operations teams find what they’re looking for. Examples include not only making sophisticated correlations across complex and divergent data sets to identify emerging attack patterns, as previously described, but also querying data sets in natural language, for example, to identify personally identifiable information (PII) in emails.
Don’t Throw Stones at Glass Security Houses
While the CrowdStrike outage and its consequences were very much front and center in discussions at Black Hat, most security vendors were cautious about overly criticizing CrowdStrike. There was a common agreement and appreciation for the transparency CrowdStrike CEO George Kurtz showed about CrowdStrike’s incident, their investigation, and follow-up actions. Some but not all vendors recognized CrowdStrike’s root causes were more than just testing and QA deficiencies. The widespread impact was due to the unfettered distribution of the errant content update for over 90 minutes, something everyone who delivers updates must consider going forward. Customers of software solutions must also consider staging updates before they hit production systems rather than give security vendors carte blanche to update their software as they see fit. The questions to be answered are: will customers stage updates, and how do they resource the testing and evaluation of updates before they are released into production environments?
The bottom line is that vendors recognize this type of outage could just as easily have been caused by their software and updates, a hot seat no one wants to experience. From this analyst’s perspective, if CrowdStrike is the only security vendor to learn important lessons from this incident, the entire industry will lose a critical learning opportunity.
Security User Experience – Simple Is Hard
Software and user interface designers know very well how difficult it is to create a user experience that is “easy” and fits well into users’ workflows and processes. Security products are particularly challenging as they display technically deep security information and intricate workflows. Wiz’s cloud security platform and an innovative identity management product from newcomer Oleria stood out because of their understandable and useful user experience designs. Any product demo should have every onlooker thinking this is a product, even if they could understand it well enough to use.
Confidential Computing Gets Tested
To advance the security of confidential computing products, Intel and Microsoft released the results of a joint collaboration to test the security of Intel’s Trust Domain Extension (Intel® TDX) product. Before the release of Intel® TDX 1.5, an extensive security review was conducted over several months, encompassing architectural, design, and code evaluations. The process concluded with a joint hackathon where teams identified security weaknesses requiring defense-in-depth measures, as well as a few vulnerabilities, all of which have since been addressed.
Read more about the jointly issued technical report here.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other insights from The Futurum Group:
Security Investments Rise as Threat Landscape Darkens
AI-Augmented DevOps: Trends Shaping The Future
Platform Engineering Delivered Infrastructure as Code
Author Information
Mitch Ashley is VP and Practice Lead of DevOps and Application Development for The Futurum Group. Mitch has over 30+ years of experience as an entrepreneur, industry analyst, product development, and IT leader, with expertise in software engineering, cybersecurity, DevOps, DevSecOps, cloud, and AI. As an entrepreneur, CTO, CIO, and head of engineering, Mitch led the creation of award-winning cybersecurity products utilized in the private and public sectors, including the U.S. Department of Defense and all military branches. Mitch also led managed PKI services for broadband, Wi-Fi, IoT, energy management and 5G industries, product certification test labs, an online SaaS (93m transactions annually), and the development of video-on-demand and Internet cable services, and a national broadband network.
Mitch shares his experiences as an analyst, keynote and conference speaker, panelist, host, moderator, and expert interviewer discussing CIO/CTO leadership, product and software development, DevOps, DevSecOps, containerization, container orchestration, AI/ML/GenAI, platform engineering, SRE, and cybersecurity. He publishes his research on FuturumGroup.com and TechstrongResearch.com/resources. He hosts multiple award-winning video and podcast series, including DevOps Unbound, CISO Talk, and Techstrong Gang.
With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.
Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.