Black Hat, the most established and in-depth cybersecurity event in the industry, concluded its 2023 in-person event in Las Vegas, NV, earlier this month. Bringing together nearly 20,000 professionals and over 440 of the industry’s top organizations, the event showcased the latest approaches and innovations to help address the most pressing cybersecurity threats facing our world today. Some of the themes that stood out were:
Similar to RSA earlier this year, artificial intelligence took center stage at Black Hat – not only for its promise of enabling improved outcomes, intelligence, and efficiencies, but also for the countless unknowns in terms of how it could be used by threat actors to develop increasingly sophisticated and scalable attacks.
In the event’s keynote speech, Maria Markstedter, founder of Azeria Labs, noted that “AI systems and their use cases and capabilities are becoming more powerful … we need to take the possibility of autonomous AI agents becoming a reality within our enterprise seriously.” She continued, “We need to rethink our concepts of identity access management in a world of truly autonomous systems having access to our apps.”
Disruptive technologies like AI can bring a sense of possibility, however, it’s often mixed with a healthy dash of uncertainty. The industry is still in the early stages of understanding how to navigate this uncharted territory, and it’s imperative for organizations to safely architect AI in their cybersecurity programs.
Paradigm shift: From one-time to all the time
The prevalent mindset in today’s organizations is to rely on point-in-time penetration testing to identify and address vulnerabilities. As you can imagine, this only provides a single snapshot of the area tested, which can be misleading given the speed and scale at which the threat landscape is evolving given emerging technologies.
As such, a fundamental shift in mindset is needed by organizations to truly be effective – from a single point in time to a continuous model for identifying and tracking risks throughout the vulnerability management lifecycle.
Enter: Hexeon, Coalfire’s groundbreaking offensive security platform.
Announced at Black Hat, Hexeon is a comprehensive offensive security SaaS solution designed to bring together the best of human intelligence and automation to provide actionable insights into these ever-evolving threats and vulnerabilities, allowing cyber leaders to prioritize remediation and fortify operational resilience.
Based on Coalfire analysis of more than 800 penetration tests, the shift away from point-in-time testing looks to be growing roots across some organizations – security leaders are treating penetration testing less and less as an ancillary validation tool supporting annual compliance audits, and more as a critical activity to improve an organization’s ability to defend, detect, and respond to relevant, real-world threats.
You can read more about these trends and more in our upcoming 5th Annual Penetration Risk Report, set to release in mid-September (or, if you can’t wait, here is a sneak peek at the top findings).
We were thrilled to be at Black Hat for the 12th year in a row! In addition to the Hexeon launch and live demos, large crowds stopped by the Coalfire booth to try their hand at our annual lockpicking challenge. Coalfire pen test experts were onsite to teach eager attendees how to break into padlocks and bypass door latches.
The booth was packed from the opening hour to the closing announcement. It was amazing to meet so many people excited about Pen Testing and Physical Red Teaming!
From presenting our unique portfolio of offensive security services and demoing Hexeon, to training future hackers and sharing new pen test research, we had an absolute blast spending time with the hacking community at Black Hat. See you next year!