August 22, 2024 Key Takeaways from the 2024 Black Hat Conference

With the RSA Conference barely in the rear-view mirror we made our way once again to Black Hat’s
annual gathering in Las Vegas this month. Notwithstanding the usual sauna-like temperatures (one
hopes BH gets a major seasonal discount from Mandalay Bay), attendance was robust and the mood was
generally positive. Our takeaways from the conference:

• CrowdStrike can take a punch
  • The biggest news in the industry during the interregnum between conferences was the CrowdStrike debacle, so attendees were curious to measure the fallout at the conference. While “CrowdStruck” T-shirts and other memes were seen, most people we spoke with believed the incident was not a death knell, reiterating CrowdStrike’s position as best-in-class. One person stated that the outage will end up being good for the industry, believing that it will lead to better QA among all vendors.

• We are still in the early innings of cloud security
  • Implementing zero trust and least privilege is now table stakes for security professionals but there is still a lot of greenfield for innovative companies to help secure the cloud, as a shockingly small percentage of organizations believe that their sensitive data in the cloud is secure.
  • As increasing amounts of sensitive data sit in external data repositories, customer and regulatory compliance requirements become critical, driving organizations to be particularly conscientious of access governance.
  • The projections for sustained growth in cloud computing will cause large incumbents to be continuously on the M&A prowl to fortify their cloud security offerings, particularly for companies with run-time security in cloud-native environments.

• Application security is paramount as the software ecosystem becomes more complex
  • Software bill of materials (SBOM) seems to have leapfrogged Software Composition Analysis (SCA).
  • SBOM looks beyond software in development and into software in the wild. It provides a more comprehensive list of all the components in an application, covering both open source and proprietary dependencies.
  • SBOMs are essential for assessing third-party risks, supply chain management and compliance.

• AI (of course!)
  • We are beginning to see the incorporation of Gen AI and LLMs into existing disciplines and tools. The era of AI for AI’s sake has transitioned to practical applications that enhance security operations. At Black Hat, there was a clear shift towards exploring how teams can use AI to improve threat detection, automate responses, and enhance overall security posture.
  • Current authentication techniques will need to keep up. We saw an example of AI getting past MFA by using proxies with code from GitHub. The user thinks he is talking to Windows 365 but is actually talking to the proxy server. The attacker harvests the user’s password and then steals the session key to get full access to the company’s OneDrive.
  • Attackers are using AI to pull social media profiles (e.g., LinkedIn) at scale to send thousands of phishing emails to look personalized, enhancing the email’s scripting with Chat GPT.
  • Increasingly sophisticated deepfakes have caused employees to facilitate fraud, account takeover and exfiltration. We are beginning to see a nascent response to combat deepfakes by embedding detection capabilities in EDR and video applications.
  • Nevertheless, IT protection alone is not sufficient and needs to be augmented by human behavior. Companies must invest in security awareness as a vital element in defeating deepfakes. Organizations will need to train and empower employees to challenge their bosses when asked to engage in suspicious behavior, such as transferring funds outside the organization. One method to employ involves the subordinate asking the person on the other end of the video to turn their heads (many visual deepfakes have only mapped the face of the ‘boss’ but not the entire head). Another is asking questions the other person should be able to answer.
  • AI for cybersecurity or cybersecurity for AI? While virtually every vendor showcased how their solution is enhanced by AI, perhaps the more interesting market opportunity is with companies that are using cybersecurity for AI, that is, protecting companies that are leveraging LLMs, either off-the-shelf or custom models. Because questions abound about the security of LLMs and the prevalence of prompt injections, there is a growing number of companies addressing AI security risks, including startups such as Harmonic Security, which addresses data leakage outside of the company and Protect AI, which provides tools to reduce the risks associated with AI development.

• Cloudy financing climate
  • Many companies are contending with a financing environment that has turned less hospitable. There is a surfeit of companies generating $1-3M ARR that do not enjoy the allure of being the next ‘shiny new thing’, resulting in cash runways getting short and the likelihood of a satisfactory next round uncertain. Making matters worse, most are point solutions that have a tough time competing with large platforms. A few companies have traversed the ‘valley of death’ and have received substantial funding (Chainguard, Abnormal Security, Kiteworks), but others with several years of history and slowing growth are being forced to evaluate their options.

The cybersecurity industry continues to be one of the most dynamic sectors within information technology. Enterprises with extensive defensive postures still need to contend with ever-evolving threats and many SMBs, hospitals and schools are just beginning to implement basic security hygiene. The technologies showcased at Black Hat span solutions for companies of all sizes and needs.

We welcome the opportunity to discuss these findings in further depth. Berkery Noyes specializes in creating options for our clients as they consider the best way to maximize value. If your capital needs currently or will exceed $10 million, or you are beginning to consider strategic options, let me know if you have an interest in exploring the paths to growth that may be available to you.