A significant and respected collective of global IT security professionals congregate in the U.S. twice yearly, for RSA during the mild and temperate San Francisco winters, and later for Black Hat & Defcon, annually held in the sweltering and abysmal heat of a Las Vegas August.
Unfriendly outdoor temperatures aside, last week's #BHUSA 2016 featured all of the usual demonstrations of 'how to hack anything with a network connection', keynotes by industry luminaries, and parties (it is Vegas after all). The problem with being on the ground at Black Hat is that no matter how much effort you expend, it's only possible to see and absorb a portion of it - even if you spend every waking hour in sessions or on the show floor. Thus, I've made it a ritual to review and read what other attendees had to share in the aftermath of these conferences.
One of the more intriguing #BHUSA "what was hot" summaries I read was on TechCrunch (contributed by Monzy Merza, Director of Security Research at Splunk). His perspective on the four key topics to emerge from Black Hat 2016 were:
Behavior Baselining
Acitve Response
Security Analytics
Public Key Cryptography
We here at Seculert spend each and every day using security analytics to protect our customers from the effects of cyber-attacks, so it's always heartening when an external perspective endorses our approach. As Merza wrote for TechCrunch:
"Security analytics are the result of data analysis across multiple sources of data, often log data enriched with non-log data such as threat intel. The purpose of security analytics is to provide actionable knowledge to the security analysts and to security managers."
The keyword in that sentence, in my view, is "actionable". Almost any security solution today is capable of providing SOC teams with clues and hints as to where the trouble might be hiding, but the power of security analytics (done well), is to point out attacks before they have an opportunity to do any serious damage.
# # #