Black Hat 2018: Securing the Expanding Cyberattack Landscape
Sep 17, 2018
There is a recurring theme at Black Hat every year: security researchers come together and show the world how to hack into systems and things. This year was no exception.
The sheer size of the cyber-attack surface becomes more daunting by the day. Networks now connect data centers and on-premise hardware to private and public clouds and IoT devices operating at the network edge, exposing more potential entry points and increasing vulnerability. The growing attack landscape places defenders and security teams at a disadvantage against cybercriminals. From the booth demonstrations to the keynote speeches and session presentations, this reality was inescapable at Black Hat.
Especially with IoT devices, the explosion of endpoints creates more vulnerabilities and exacerbates potential security risks. As consumers and enterprises witness the rapid proliferation of IoT – from smart watches and home security systems to medical devices and industrial equipment – security has widely been an afterthought. The majority of stock IoT devices are not designed or constructed with cybersecurity in mind, which is why we see PoCs compromise smart city systems and telecom gateways.
There were two sessions that I particularly enjoyed and that stood out to me, both centered around machine learning. The first session showed how supervised machine learning can lead a security solution down the wrong path when data scientists training the models are not paired with subject matter experts. The other session showed how deep neural networks can be used to mount a targeted attack where both the intended victim’s identity and the malicious payload are hidden within the ML models and are impossible to extricate by reverse engineering.
When touring the exhibit floor, a striking observation was that the majority of exhibiting vendors act as though they have solved the security problem for everyone. As an industry, it’s important we remember that our customers are people responsible for defending their networks against all kinds of attacks and in turn we have to help them achieve that goal, not swamp them with flashy screens that bypass the difficult use cases. Security vendors are for-profit companies and there is nothing wrong with that, but we need to make sure we are wowing customers with real capabilities that solve some of the tough problems they’re facing while at the same time clearly showing them where the gaps exist. No single vendor can solve the security challenge on their own – this is an already established reality. So, we need to help customers identify the gaps that they need to close with a handful of solutions. It comes down to the fact that we are all fighting the same fight, vendors and customers alike.
New security challenges are emerging from the explosive growth of connected devices, multicloud adoption and 5G, and they do not have clear solutions. Although the conference shed light on the challenges the security industry needs to address, unfortunately, solutions were not abundant because these challenges are complex and lack a silver bullet. There is no quick fix for securing the vast attack surface created by our networks. But, as a defender, I’m optimistic at the industry’s commitment to meet these challenges head-on. One initiative worth mentioning is the creation of the Cyber Threat Alliance in which major security vendors are sharing threat intelligence data on a daily basis to raise everyone’s customers’ security posture to a better level. Juniper Networks is a member of this alliance and strongly believes that defending all customers’ networks, not just those with Juniper security products, is a cause worth pursuing.