Black Hat has evolved from a hacker’s playground to a commercial event with a show floor mimicking the RSA of years ago. It has become a premiere showcase for established vendors, new security technologies, and a plethora of announcements covering new hacking techniques and solutions (aka products).
One thing is certain, and based on conversations with various peers and our own marketing team, you can expect some interesting trends to confuse, bedazzle, and attempt to lure in prospective clients.
Unlike the Black Hat of years past, we can honestly expect a synergy (I am guilty, read on) on specific problems everyone is trying to solve. Let us begin with some high level thoughts.
This year will be the best Buzz Word Bingo event ever! Our VP of Marketing and I firmly believe that certain words like synergy, future proof, the only vendor, no competitors, we are the only ones, the cloud, protection, etc. we will be rampant. As an attendee, try to see past the marketing buzzwords and really look at the solutions. If nothing else, try to keep a tally on the amount of times you hear any of these monotonous words. If their booth is overly technical, all it means is that marketing has not figured out which buzz words to use yet.
Don’t get Owned
It’s Vegas and it’s Black Hat. The same rules apply as every other year, especially for newbies. You can count on someone to try and hack your phone or laptop. It’s a given, so heed the following:
- No WiFi – WiFi should be disabled on all devices the ENTIRE time in Vegas for Black Hat. This means use a broadband card or cellular to access the internet even in your hotel room.
- No Bluetooth – Bluetooth should be disabled as well and could be compromised just as easily as WiFi. Wired headsets only and disable any communications with other Bluetooth devices – like fitness monitors.
- No USB memory sticks –You should not accept or pick up a USB memory stick the entire time you are in Vegas. Ones left behind by attackers are seeds for unsuspecting attendees.
- As an attendee, if you have a system that is not company property (assuming your IT follows security best practices), then make sure to update all security patches including third party applications and end point protection solutions (anti-malware).
Now that the rules for Black Hat have been established, what can you expect for the showcase floor?
Ransomware Will be a Huge Topic
The biggest buzz word out there will be how solutions solve the ransomware problem. Expect to see ransomware everywhere in messaging and how every vendor has some form of solution to mitigate the risk. Admittedly, it is a real problem and expect every vendor to play this buzz word game with their solutions.
Cloudy with a Chance of Overused Puns
While the Cloud is coming, and not dark rain storms our American politicians predict, it is inevitable every successful business will be using more of the cloud, and cloud resources, for everyday business. While the jury is still out on the cost effective nature of the cloud for many functions, some business tasks are just exponentially more efficient in the cloud. With this migration also comes with old and new security risks. Expect to see almost every vendor have cloud messaging, a strategy, and solutions to solve their piece of the puzzle. Of course, this will lead to even more buzz word bingo.
I expect Black Hat to have one or two major announcements. For example, at RSA 2016 in San Francisco, we heard about the demise of Norse. Whether acquisitions, companies shedding resources, or the announcement of a merger, tradeshows like Black Hat have been a traditional place to announce major news.
What I fail to see is why? Every vendor tries to jump on the press band wagon and is forced to compete with everyone else for air time. Ergo, expect some ground breaking news that will bubble to the top until the next press release is issued, and look out for those buzzwords. They are probably the focal point of the announcement itself.
I would be remiss if I did not mention IoT (Internet of Things). While I think buzz word bingo on this might be relatively low, the hype of hacking your lights, refrigerator, and medical devices is a real concern. In addition, do not exclude mobile IoT devices from automobiles to augmented reality games and their peripherals. No Black Hat show would be complete with hacking a completely unexpected device that is commercially available and probably in many homes.
As we approach the show in Las Vegas, we can predict certain things. Plenty of people losing money in the Casinos (remember Vegas is built by losers) and a few nights of hearing buzz word phrases like “that was awesome last night”!
One thing is for certain, the security concerns for businesses, people, and countries represent real risks to our economy and way of life. As security professionals we see them every day and must learn to focus beyond the buzz words in marketing and see if the solutions available will really solve the real word problems we have. Black Hat is a fantastic event to see both perspectives of the IT security industry and learn what can really happen if we do not heed our own warnings.
And, yes, we’ll be there. Check us out in booth 240. We’ll be doing some cool stuff including the Crane Game with Amazon prizes. Minimal buzzwords, promise.
P.S. Avoid the airport taxi lines and ride in our bus for FREE!
Morey J. Haber, Chief Security Officer, BeyondTrust
Morey J. Haber is the Chief Security Officer at BeyondTrust. He has more than 25 years of IT industry experience and has authored three books: Privileged Attack Vectors, Asset Attack Vectors, and Identity Attack Vectors. He is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud based solutions and regularly consults for global periodicals and media. He originally joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition where he served as a Product Owner and Solutions Engineer since 2004. Prior to eEye, he was Beta Development Manager for Computer Associates, Inc. He began his career as Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelor of Science degree in Electrical Engineering from the State University of New York at Stony Brook.