It’s that time of the year again: Black Hat 2019 is almost here. As always, it should be a great event with top-of-the-line keynotes, fascinating sessions, amazing options from the vendor community (Expanse included), and of course an opportunity to mingle with friends and colleagues in the security industry.
With nearly 19,000 attendees and hundreds of sessions, booths, trainings, and networking events, it can be challenging to navigate the schedule and maximize your time at the conference. So the team at Expanse has done the hard work for you in bringing you a guide to the sessions at Black Hat you won’t want to miss.
Here are our top three sessions we recommend checking out:
1. Every Security Team Is a Software Team Now
Time: Wednesday, August 7, 9:00am-10:00am
Location: Mandalay Bay Events Center
What it’s about: In this keynote address, Square Staff Security Engineer Dino Dai Zovi will explore the synergies between security and software development teams through the lens of how software development practices evolved with the advent of the Agile methodology and DevOps.
Why we recommend it: Software development methods aren’t just for software teams. When the Agile methodology (a challenger to Waterfall) came on the scene in 2001, it was also adopted by other business functions seeking a way to boost performance and iterate rapidly.
While most organizations know they can and should adopt Agile methods, not all of them have. According to a recent HBR survey, while eight out of ten organizations have committed to adopting Agile, only one-quarter of organizations have fully implemented it. Four-fifths of organizations also said they’re using some form of Agile outside of software development teams. In short, most organizations know Agile can benefit them both inside and outside of the software development realm, but most are also not using the methodology for maximum impact.
Going through the history of Agile and its extension into DevOps, this keynote promises to be an interesting meditation on the best way to structure teams and approach problems for success — not only in the world of software development, but also in security, IT Operations, and beyond. With the security skills shortage getting worse, not better, we all need to be a little more aware of how we can best leverage existing resources to support security goals and initiatives.
2. The Enemy Within: Modern Supply Chain Attacks
Time: Thursday, August 8, 9:45am-10:35am
Location: Islander El
What it’s about: Parent organizations and suppliers increasingly share infrastructure, and thus share the vulnerabilities and risks associated with that infrastructure. This session from Eric Doerr, General Manager of the Microsoft Security Response Center, will be a post-mortem of several previously undisclosed supply chain attacks, including a review of the techniques adversaries used and how organizations defended against them. It will also give practical tips on how to defend against supply chain attacks in your own organization.
Why we recommend it: Supplier attacks are on the rise; some of the best-known data breaches that rose to national concern in recent years were achieved through suppliers. Take, for example, the case of Larson Studies, a Netflix supplier that was hacked in 2016. After the attackers infiltrated, they dumped 10 unreleased episodes of Orange Is The New Black, despite Larson paying the $50,000 ransom the attackers demanded. Target’s data breach of 40 million credit cards was the result of a compromise at a third-party HVAC company, Fazio Mechanical Services, and Home Depot’s loss of 56 million credit card numbers was also caused by a third party vendor.
Supplier attacks can be especially devastating because they can impact several organizations at once. A data breach at American Medical Collection Agency, a third-party billing company, exposed 7.7 million customer records at LabCorp as well as 12 million patients at Quest Diagnostics. In addition, attackers compromised the Indian IT outsourcing firm Wipro and used it to launch follow-up attacks targeting over a dozen Wipro customers.
What have we learned from these attacks? You are only as secure as your least secure supplier. That’s why you need full visibility into the Internet attack surface of your suppliers, and an understanding of how bad actors can use suppliers to cause harm to your organization.
3. Operational Templates for State-Level Attacks and Collective Defense of Countries
Time: Thursday, August 8, 11:00am-11:50am
What it’s about: This session is inspired by the increasing frequency and scope of attacks by and against nation states, including the ongoing targeting of critical infrastructure. Led by Gregory Conti, Senior Security Strategist at IronNet Cybersecurity, and Robert Fanelli, Computer Scientist at IronNet Cybersecurity, it will review templates for attacking and defending nations in cyberspace. Attendees should leave with a playbook for how nations are attacked and defended, and practical strategies for exploring templates in their own defensive planning.
Why we recommend it: Cyberattacks don’t just come from individual or organized cybercrime groups — they also originate from hostile nation states. Take, for example, the DOJ’s allegation that Huawei conspired to steal a robot arm belonging to T-Mobile. While the Chinese government has not been definitively linked to the incident with T-Mobile, there has long been a concern that the Chinese government could use Huawei to spy on US companies. Or for another example, look at Microsoft’s warning to 10,000 people that they may have been targeted by hostile nation-state actors from Russia, Iran, and North Korea. Eighty-four percent of the attacks Microsoft referenced were aimed at businesses.
While this Black Hat session is focused on how nation states can defend against cyberattack from other nation states, it should hold lessons for enterprises looking to defend their networks against hostile state actors as well.
Expanse at Black Hat 2019
Expanse is pleased to be a sponsor of Black Hat this year. We’ll be there talking with attendees about how to discover, monitor, and track their Internet assets and services for better security and IT Operations outcomes.
Be sure to stop by our booth (#466) to say hello and chat with our technical experts about how the Expanse Platform works and what we can do for you. We’re ready to chat about:
- How to reduce your attack surface with continuous discovery and monitoring of your Internet-connected assets and services
- Common Internet exposures and what you can do to remediate them on your network
- How security and IT Operations teams can more effectively work together with a complete, accurate, and current Internet asset inventory
- And more
And if that isn’t exciting enough already, watch a demo of our product to enter a raffle for a free drone! You won’t want to miss it. And as “white hat” hackers beef up their skills and are eager to practice on someone, don’t forget your RFID blockers and Faraday bags.