So many aspects of our lives have changed since the last time we met. Significantly, the way we work has changed: we spend more time at home, connecting remotely to what used to be our offices. We’ve saved time on commuting, postponed work trips, and adopted an entirely new working environment.
The trend of gradually digitizing our lives went into overdrive in the last 18 months. We shop online, chat online, and store our most personal and private information in the cloud. We trust more enterprises and supply chains than ever before to keep all this safe.
In parallel, cybercrime and nation state attacks have become a staple of daily news. We’ve seen the democratization of ransomware, bringing more criminals into the dance of cybercrime. The explosion of the dark web and cryptocurrency has made it easier to get away with ransomware and extortion. Prior to the pandemic, organizations thought they just needed better backups, but criminals have changed their tactics and payouts have increased to the point of forcing market changes. Organizations are now realizing they need better cybersecurity.
We’ve also seen how supply chain attacks are capable of exploiting software widely used in the public and the private sectors. Threat actors utilize zero days to penetrate organizations en masse, including energy pipelines, food supply chains and other critical infrastructure. And for the most part, cybercriminals are getting away with it.
Black Hat USA 2021 – Exactly What You Would Expect
Despite all that, BlackHat was the 1st in-person event since RSA 2019. It’s hard to believe, but it was. With all that is still going on and with so many of us still at different points in our journey to put Covid-19 behind us, it’s no surprise that we didn’t see the kind of attendance rates typical of the past.
However, it was a joy to see how the energy of this community remained undiminished. There was so much action on the floor, in the meeting rooms, and everywhere else: passionate, masked, and mingling. The brainstorming, security talk and, of course, fun were just what we have all come to expect from such an event.
At SentinelOne, we were determined to give back to the community and our team created a stunning, unique booth to delight our visitors. It seems our efforts didn’t go unnoticed either by those that could only attend virtually or follow on social media.
This Year, All The Big Talk Is About Big Data
There are always themes and trends in cybersecurity as our industry responds to attacks and innovations, striving always to be a step ahead and keep our organizations safe. In the past, we have seen how topics like SIEM and Data competition around Splunk came to the forefront. This year, without a doubt, everyone’s thoughts are turning towards big data and the ability to scale XDR data.
Organizations today face a challenging situation, where the traditional network no longer exists. Threats exist exactly where your data resides, which is where your users reside, which is everywhere. You can’t assume anything about the networks your endpoints are connected to. The only defence you can rely on is on the edges of your network, the endpoints themselves. This change, which started long before COVID, is still something most organizations are struggling with.
This new reality brings a set of new problems for organizations: the amount of data that needs to be collected, stored and analyzed is beyond the capabilities of humans to scale. This is why SentinelOne led by selecting Scalyr, and CrowdStrike followed by acquiring Humio to replace their expensive and inefficient Splunk integration.
The challenge is three-fold:
- How to get all the data
- How to make automated security detections out of it
- How to automate and scale the response in real time, not in minutes or hours, as some claim is good enough.
As a defence industry, we need to put behavioral analysis on all edges of our network, to be able to automate responses when anomalies accrue. There is no legitimate reason for non-admin processes to access shadow copies, or to scrub passwords from Windows hive. This is one of many examples that we learned this year: the concept of trust is not what we had thought.
Most companies presenting at Black Hat were focused on data, the growing pains of ransomware, bringing a whole new set of ideas to solve the problem that has been evolving over the last 5 years. While criminals continue to use the tried and tested tactics of the past where they still work, a much larger and dangerous threat has come to loom over us.
Just as the forces of ‘good’ have reaped the benefits of our interconnected world, machine learning and data-at-scale, so cybercriminals have created a growing operation that can scale, with Ransomware as a Service and other tools that make it easy for more players to operate extortion and ransomware operations. On top of that, we see nation states sponsoring and hiding behind the operations of financially-motivated cybercriminals, as SentinelLabs first revealed with TrickBot operations in 2019.
A Defender’s Perspective
From a defender’s point of view, all this is not a pretty sight. Too many organizations still use old technology that cannot cope with the level of sophistication that everyday threat actors are throwing at them. We see governments conducting attacks for monetary gain, to influence elections, to further agendas, and to create damage without the need to fire a single shot. We have not so much slipped as dived head first into the age of ‘Warfare in the Fifth Domain’.
Where Do We Go From Here?
But it wasn’t all doom and gloom at Black Hat USA 2021, far from it. The sessions and presentations were novel, innovative, and encouraging, with more exploit research and more tools that can help defend against attacks.
And if there was one thing we saw and heard at Black Hat this year, it was that there are a number of things that can be done to swing the pendulum back in favor of the defenders.
- Stop considering security as a liability, but as part of business operations – cybersecurity is now an asset and should be viewed as a competitive advantage for any firm in any industry in any geography.
- Do not wait. The cost of a security breach is much higher than the cost of deploying the right technology.
- Involve C-Suite decision makers in the dilemmas of securing your business. Educated leaders can take a more security-minded approach to every decision they are involved with. Knowledge is power and too many cybersecurity professionals are left to fight alone.
- Being “Better today” is much better than “Perfect in the far future”. Every house can be broken into. With that said, malicious actors tend to look for the easy way in (some would call it laziness). Don’t be that weak point. If you are better than most organizations, you are increasing your chances of staying out of the news and defending your organization’s data.
We went to Black Hat USA 2021 excited to see our friends, peers and customers for the first time in two years. It was an experience that reminded us all of the energy and passion in this community. Above all, it reminded us of just how many people are out there working hard to keep cyber attacks at bay. The bad guys often get the headlines, but when the good guys come out into the light at events like this, you realize that we are legion, and we are resilient.
Read more about Cyber Security
- HiveNightmare | Protecting Windows 10 Security Account Manager Against CVE-2021-36934
- MeteorExpress | Mysterious Wiper Paralyzes Iranian Trains with Epic Troll
- The Rise of Big Data | Solving Today’s Challenges with SentinelOne XDR (Part 1)
- Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger
- PrintNightmare | Latest Patch Almost Puts Microsoft Vulnerability to Bed
- CVE-2021-3122 | How We Caught a Threat Actor Exploiting NCR POS Zero Day
- Conti Unpacked | Understanding Ransomware Development As a Response to Detection
- Cyber Insurance: Navigating A Tough New World In the Age of Ransomware
- REvil’s Grand Coup | Abusing Kaseya Managed Services Software for Massive Profits
- Kubernetes Security: Challenges, Risks, and Attack Vectors