It hasn’t even been a week since Black Hat Conference 2019. Somehow, it seems like it’s been longer than that. Speaking from both the vendor and attendee perspective, it was a fantastic event overall. I managed to squeeze in a couple sessions, and I had the opportunity to speak to a variety of attendees and visit vendor booths on the show floor. After 4 days and nearly 50,000 steps—some of it in 100-plus degree heat outdoors—I’m back in Houston and back to the daily grind and I’ve had some time to reflect on the time in Las Vegas.
With hundreds of vendors and tens of thousands of attendees, there are plenty of great conversations and valuable insights to be found, but there are two topics that kept recurring as key themes throughout the week. No matter what company size or industry, there seems to be an increased focus on visibility and asset inventory, and recognition that machine learning and artificial intelligence are not a magic silver bullet that will replace humans.
Comprehensive Visibility
It’s a simple concept. You can’t protect what you can’t see. If you aren’t even aware of servers, endpoints, routers, applications, or data on your network, there is no way you can effectively identify vulnerabilities and mitigate your risk. The key is comprehensive visibility and the ability to maintain an accurate, real-time inventory of what’s on your network.
The idea of IT asset discovery is not new, but in the age of DevOps, containers, hybrid cloud environments, mobile devices, and IoT, it has become a much greater challenge and a more critical focus at the same time. Many of the vendors and attendees I spoke to at Black Hat were focused on this issue—either offering tools to help companies with maintaining an accurate asset inventory in real-time or searching for solutions that can provide the comprehensive visibility they need.
The Human Factor
The other key theme I saw throughout the week at Black Hat was the idea that machine learning and artificial intelligence are effective—even necessary—tools, but they can’t replace a human being. More importantly, it seems that many vendors and individuals realize that replacing human cybersecurity professionals is not a goal we are even striving for.
This conversation has evolved over recent years. As machine learning and artificial intelligence exploded into the mainstream, the terms were quickly adopted as buzzwords. Many vendors made bold and incredible claims about the power of ML and AI to magically and automatically solve every cybersecurity challenge.
That conversation has matured over time. There are certainly still vendors making fantastic claims about ML and AI, but what I see more of now are vendors who recognize both the potential advantages of the technologies, as well as the caveats and pitfalls. The volatility of network infrastructure today and the sheer volume of information make it virtually impossible to effectively monitor for potential threats with any traditional tools or manual processes. ML and AI are uniquely suited for those tasks. Once possible suspicious or malicious activity is identified, though, there is no replacing the experience and intuition of a human cybersecurity analyst to be able to separate the signal from the noise and find the threats that should be prioritized.
That’s Just How We Do Things
I had a great time at Black Hat Conference 2019. I got to connect with many friends—old and new—and I always appreciate the opportunity to learn new things from smart people and to find out what’s new from cybersecurity vendors. My time in Las Vegas was also very encouraging and validating because the ideas of comprehensive visibility and the human touch are not new to Alert Logic. They are core concepts that form the foundation of our managed detection and response (MDR) service and the value that we provide for thousands of customers around the world.