Cybersixgill’s takeaways from Black Hat USA 2022

Authors: Brad Liggett, Chris Strand, Michael-Angelo Zummo

Recently, we attended the 25th annual Black Hat USA 2022 in Las Vegas the week of August 7 – and we were excited to be there. As one of the premier information security events, Black Hat brings together leading security experts, developers, practitioners, and vendors. We look forward to this time of the year, as Black Hat allows us to connect with our customers and create new relationships as we share insights into the latest technology innovations, research, and challenges in cybersecurity.

What was particularly exciting for us was that we showcased our newest solution, Dynamic Vulnerability Exploit (DVE) Intelligence. This innovative, game-changing product delivers the cybersecurity industry’s first end-to-end intelligence across the entire Common Vulnerabilities and Exposures (CVE) lifecycle while meeting the requirements of many evolving cybersecurity mandates. DVE Intelligence was met with great enthusiasm and interest from current and prospective customers, and CRN recognized us as one of the top 10 hottest cybersecurity products at this year’s event.

Additionally, this year we decided to take a different approach by hosting a Dark Lab Challenge where security professionals got hands-on experience with our solutions. Participants faced a series of challenges where they explored real and active threats. Because our tools are so user-friendly, many newcomers to our solutions successfully navigated the sources where threat actors plan and hunt – which was quite exciting for everyone.

As we walked the conference floor, there was an air of enthusiasm. Everyone was happy to be there, and after two years of scaled-back events, in-person attendance in the security community is back. As the security community grows, inclusivity will be driven by meeting in person and fostering genuine relationships face-to-face.  

We also noticed several trends at this year’s event. Most notably, Black Hat is becoming more mainstream and business-focused. We believe this change goes hand-in-hand with how the industry has evolved over the past ten years. For instance, there is more self-education and awareness about the organization’s needs, and today’s security professionals want deeper discussions beyond the latest malware.

Our key takeaways from Black Hat USA 2022 include:

Attendees at this year’s event wanted to talk about regulatory-driven vulnerabilities and prioritization related to their enterprise’s enforceable security posture. Cybersecurity is a top business concern among CEOs and board members who want a better understanding of security and risk management. As a result, security professionals need deeper insights that are based on intelligence enrichment. Many organizations and their security teams have a better understanding of what constitutes good intelligence, and as an intelligence-based company, this is a timely and notable shift for us. 

We observed a noticeable increase in the number of asset management attack surface vendors, ranging from the large, established brands to startups just entering the market. This uptick is mainly due to the number of people working from home. Employees are using multiple devices from their networks, making it more difficult for security professionals to track who has access to what, from where, and the vulnerabilities. As a result, organizations are more concerned with the risks of external asset management. 

As the vendor community continues to expand capabilities in their toolsets, we noticed that the trend of mergers and acquisitions which began before the pandemic remains strong. Companies continue to look to achieve more with shrinking budgets and will be driven to tool rationalization and vendor consolidation.

With the growth of new hires in the industry, companies are looking for ways to automate decision-making before it reaches an analyst’s eyes. At Black Hat, there was a lot of talk about ways for the vendor community to address automation in all aspects of their security program. Whether through partnerships and integrations or building something bespoke, we believe that vendors will continue to drive progress in this arena – an underpinning of what we at Cybersixgill do.

Anecdotally, we spoke to many people who attended Black Hat for the first time. The increase in first-time attendees shows how much the security community has worked to include newcomers in the past few years. Collectively, we as an industry need to recognize that coding experience or being a technology expert is not a prerequisite to having an impact in cybersecurity. As we experienced at this year’s Black Hat, we’re a community of learners and can benefit from that.

Want to learn how Cybersixgill can help you assess, measure, prioritize, and address emerging threats? Contact us to discuss your threat intelligence needs and goals.