Black Hat is a security conference like no other. It brings together the great, the good and the slightly dodgy from the information security world to share techniques, swap stories and trade information on the latest security exploits.
This year’s event in Las Vegas heard that Apple, which traditionally claims to be above the security woes of us mere mortals, would begin offering rewards for ‘bug hunters’ – people who identify potential security holes in its products.
This technique, although controversial, has been a major way for much of the technology world to test the security of its software.
One major theme this year was increasing moves to behavioural detection of malware intrusion instead of the traditional perimeter protection. In part this is recognition of the failure of perimeter protection – research shows most attackers have access to systems without being detected for months.
Instead of relying on just keeping hackers out enterprises are turning to detection systems which look at what people, and machines, within the network are doing, and how this behaviour differs from normal practise.
If the systems find unusual behaviour – like someone downloading thousands of customer records – it can alert security staff or even take its own action by freezing activity on the relevant accounts.
Such systems require a different sort of reaction from enterprise security – called ‘active response’ this will need be partly automated in order to deal with the number of alerts received.
Another reason for the declining reliance on perimeter protection is because defining where exactly the perimeter is for a typical enterprise network is now almost impossible. Increased use of mobile devices and the use of Internet of Things devices means that almost all of an enterprise’s infrastructure is now a potential doorway for hackers.
Black Hat saw demonstrations of attacks on car systems and via medical devices and solar panels, there was even a demonstration of malware which can take control of smart lightbulbs. The Wall Street Journal said organisers received 50 proposals for presentations based on IoT attacks although only 13 were accepted.
But is not just new technology which can pose a risk.
An often over-looked risk can come from legacy hardware and software. This equipment might not be getting security updates any more – or its manufacturer might not even still be in business – but it can still provide a potential hole for an attacker.
Large enterprises are often especially reliant on legacy systems – and often do not have an accurate picture of what equipment they are running, never mind what security problems are associated with it.
Another clear theme is that attackers are getting ever faster at accessing systems and are increasingly professional. Security guru Dan Kaminsky warned that attacks which once took months to materialise are now appearing in minutes.
Kaminsky did see some good news for the future with improved security products and better sharing of information between organisations.
He also expects to see an increased role for government to improve enterprise security as it gets increasingly important to all aspects of our lives.