What you missed at Black Hat USA 2016

Last week, a record breaking 15,000 cybersecurity professionals descended upon Las Vegas to attend the annual Black Hat conference. Kevin Pouche (COO, K logix) and Rick Grimaldi (CSO, K logix) both attended the event to meet with CISOs, examine new security trends, and discuss strategy with technology vendor executives.

Some of their takeaways from the conference:

• Pulling Back the Chaos: Making an investment in a technology solution is no easy feat with hundreds of companies, including startups, promoting the ‘secret sauce’ to solving your security problems. Security professionals who carefully planned out their Black Hat conference visit, tackled the vendor floor with a clear plan around their needs for their varying security initiatives. With so many vendors touting similar messages, it was clear that security professionals should look to seek help from third parties to help them understand which products address their business needs. Having a partner who analyzes and tests products and ensures they meet specific criteria for each organization is vital in choosing the right solution.
• Endpoint Shift: The buzz at the RSA Conference back in February was centered on Endpoint security and which companies provided capabilities to detect, respond to, or prevent advanced threats. Endpoint is often the weak link and targeted in security breaches, and something almost every organization continues to focus on.  Something evident at Black Hat was the message focusing on EDR (Endpoint, Detect, Respond) and IDR (Incident, Detect, and Respond). The Risky Business Podcast live from Black Hat addressed this issue in a specific interview.
• Cyber Insurance: CISOs are beginning to pay more attention to the importance of a cyber insurance plan, yet there is still a lack of strong baseline policies and universally accepted benchmarks. This topic is only going to become more prevalent and scrutinized, and something all security professionals should consider.
• Application Security: This was a hot topic at the conference and clearly an important issue for all security professionals right now. With more than half of all breaches being associated with application flaws, it continues to stay top of mind and part of many conversations throughout the halls of the expo. The focus on application security including application coding vulnerabilities and securing web applications as well as securing data in cloud applications was apparent with many vendors elevating their messaging to address these threats.
• CISOs Elevating their Role: During many of the CISO panels, discussions, and the summit, the topic of CISOs earning recognition beyond their technical expertise was apparent. CISOs provided examples of how they achieved alignment with the business priorities and corporate goals to further their position in the organization. Many security professionals recommended attending events specific to this topic as beneficial for personal growth.