ESG Blog: ESG Cybersecurity Research and a Preview of Black Hat USA 2017 (Video)
In this video blog, my colleague Jon Oltsik and I discuss some of the insights from ESG’s cybersecurity research we expect to be topical at Black Hat USA 2017.
Doug Cahill   ESG Blog: ESG Cybersecurity Research and a Preview of Black Hat USA 2017 (Video)
Author: Doug Cahill


Black_Hat_2017_Teaser.jpgIn this video blog, my colleague Jon Oltsik and I discuss some of the insights from ESG’s cybersecurity research we expect to be topical at Black Hat USA 2017, including:

  • The challenges and solutions around security operations and analytics and the need for a security operations and analytics platform architecture (SOAPA).

  • The constant state of change in the endpoint security landscape in which organizations regularly re-evaluate processes, technologies, and vendors.
  • How cybersecurity professionals learn about how new detection and prevention technologies can be applied to the diversity of threats.

  • How multi-dimensional hybrid clouds and the use of containers and other microservices will impact cybersecurity priorities, including how micro-segmentation and software-defined perimeters (SDP) are poised to play an increasingly prominent role.

These are just a few of the top-of-mind issues we expect to be front and center at Black Hat. We look forward to seeing everyone in Vegas!

Video Transcript

Doug: I'm here with my colleague, Jon Oltsik, to share some of our thoughts and expectations for Black Hat 2017. And you know, Jon, every time we get together to shoot a video like this, we have so much to talk about because so much stuff's gonna happen at Black Hat again this year. And we're doing just a ton of market research, including the recent study you did on security operations and analytics. In that context, what do you think we'll see at Black Hat?

Jon: Well Doug, what the research talked about was, really, the angst that people feel because there's so many problems. I think of death by a thousand cuts with security analytics and operations, so they're understaffed, they're confused, they have too many tools, they don't have the right skill sets…

Doug: Alert fatigue.

Jon: Exactly. But what's interesting is there's a lot of initiatives, there's a lot of innovation in this area. So how do you kind of square those two things? So for instance, companies are really interested in security analytics, and operations automation, or orchestration. Well, where does that sit and what things do they wanna do? They're interested in machine learning, but they're toe dipping. So what's the use case there? And they're integrating technologies like our SOAPA Architecture, Security Operations and Analytics Platform Architecture, but where do they start?

Now, one of the places we're finding that they start is with EDR, so Endpoint Detection and Response, and that calls into question what you're researching, which is endpoint security. So what's going on there and what do you look for at Black Hat?

Doug: You bet. I am just wading through a ton of research data on the endpoint security market in terms of, you know, current state of affairs, internet landscape, and threat landscape. You know, at thematically Jon, what we're finding is we've got a constant stream of change when it comes to endpoint security, you know, because operational issues in terms of, again, alert fatigue, having to re-image systems, the diversity of the threat landscape in terms of file-less attacks, multi-stage attacks, not to mention common malware. Organizations have this sort of, you know, regular cadence of revisiting their processes, their tools, their technologies, and their vendors. There's a bit of thrashing, really.

You know, it's a really dynamic market. We know there are a lot of vendors, a lot of emerging technologies. The organizations are just, you know, trying to keep pace and balance this, you know, the need for greater efficacy for these new advanced threats, but also, try to, you know, gain some level of incremental operational efficiency.

And one of the things we looked at in the research was sort of the understanding of applicability of some of the new detection techniques with respect to machine learning and streamed behavioral analysis, and how they directly are applicable and relate to dealing with new and unknown malware and filous attacks.

And suffice to say I think customers are confused, and so one of the things I'm looking for at Black Hat is how vendors are going to be conveying the use of those new technologies relative to those specific types of threats. And yet another research project we have in the queue there waiting is a joint project for the ISSA. Are we gonna look at how cybersecurity professionals are, you know, getting up to speed and learning about these new technologies in that project?

Jon: Yeah, because we know that companies are understaffed, we know that there's a global cybersecurity-skills shortage, and we know that the people who work in cybersecurity are overwhelmed. So how do they keep up with things like endpoint security, with things like security analytics?

So yes, we're about to kick off our second year, second annual, research project with the Information Systems Security Association, ISSA, to look at these very things, to look at what the life of a cybersecurity professional is like. And not to be even more confusing, but we're seeing the use of hybrid clouds, or multiple clouds, heterogeneous hybrid clouds, lots of different clouds, and that's changing security too. And that way we're teeing that research up, but it's a good opportunity for us to go and see what's going on in the market at Black Hat.

Doug: Yeah, absolutely. I mean this is another research project we're doing the second half of the year, which is really around how multi-dimensional hybrid clouds are impacting cybersecurity priorities. You know, in prior research, there are organizations that are adopting cloud services from multiple CSPs, so that's one sort of dimension of hybrid clouds, but the other one's containers.

What I'm finding, talking to customers, is sort of organizations that have been laggard with respect to the adoption of cloud are containerizing their apps in an on-prem environment and readying that, so sort of cueing it up in dev and test on-prem, and then getting ready to deploy those into the cloud.

So that's the other aspect this research is gonna look like, is not only consuming services from all of the CSPs, but now multiple workload types. So we've still got bare metal, we've got on-prem virtual VMs, right, we've got cloud-based VMs, and now containers and other types of micro-services are gonna hit here, and that, arguably of course, is gonna change the role of traditional network-based, perimeter-based security controls. And we've looked at things like micro-segmentation. Are we gonna be looking at that at Black Hat as well?

Jon: Yeah, micro-segmentation at the network layer, micro-segmentation at the workload layer, and I'm also very intrigued by the whole notion of the software-defined perimeter. So how do we take a user from any device, anywhere in the world, and connect them securely to any service regardless of its location? And of course, this intersects closely with identity and access management, and we're pleased to have Mark Bowker joining us to cover that space more closely. So, a lot to look forward to at Black Hat once again.

Doug: Once again. Well, good. Jon, I'm looking forward to it in just a couple of weeks out here, and I'm looking forward to seeing everybody at Black Hat.

Post a comment

Report Info