Black Hat USA 2018: Targeted Threat Hunting, Managed Everything, Serverless Security and Other Trends

Quenching your thirst in the desert is a major challenge, but seeing everything at BSides Las Vegas and Black Hat is even more difficult.


While I am there every year, hydrating, I try to take note of the innovation I see. Luckily, the Black Hat team has named Innovation City to make it a little easier on me, so I started there and walked the full business hall to ask questions and listen. This year, I took note of a few key themes.

Targeted Hunting Tools

As the threat hunting revolution hit the industry, the rare experts with hunting skills were building their own or making due with whatever tool they had available. EDR solutions, log management tools, forensics solutions… in the hands of the right hunter, any can provide a lot of value for tracking down unexpected behavior. But whenever tools need significant adaptation for use in an important activity, there’s room for a targeted solution to emerge. I spoke to two teams looking to fill this very void:

  • Infocyte has built an agent-less solution for collecting forensic state across endpoints and using principles like data stacking and triage scoring. 
  • Active Countermeasures takes an alternative approach of simplifying beacon analysis by helping strip out known and common network activity to reveal the potentially malicious. 

Managed Everything, but Not Like Traditional MSSP

MSSPs have, over time, obtained the reputation of being your one-stop shop for managing any security device your organization happens to acquire. Then, MDR services (Read more...)

*** This is a Security Bloggers Network syndicated blog from Uptycs Blog authored by Matt Hathaway. Read the original post at: