Black Hat 2014 was a great conference, and left me with some lasting impressions.
The crowd- First and foremost, the crowd was a much different mix from RSA and other industry events. Attendees were a very focused demographic - the people who have to actually do the work of protecting their organizations and implementing IT Security. Looking at a traditional organization chart, you’d say that they were mostly mid-level security types and very technical. But as the result of their knowledge and expertise, are they are also highly influential in every decision made in their area.
They also know Vormetric. More than at any other conference people recognized us and were happy to see us participating.
Lack of recognition of the threat posed by privileged user access. The threat of privileged user access to data and infrastructure assets is FAR underrated and unrecognized. For a trained penetration tester or hacker, gaining Domain Admin privileges using an insecure Windows box on a network is TRIVIAL. In one class I attended, our instructor told us it's usually only a matter of minutes before they can get Domain Admin level privileges when they are doing a penetration test at a customer. And there wasn’t much variation to this across industries or organization types – it’s a problem for everyone. We learned many, many ways to discovery security flaws for Windows machines, and most of those lead to escalated privileges.
This leads to my next impression - It’s no longer a matter of if you will be compromised, but when. I never appreciated this mantra more than after training at Black Hat. So many vulnerabilities with computer systems were identified that I am convinced a determined attacker will inevitably succeed. One example - We learned no less than 8 different ways to gain privileged access to Windows computers (everything from SQL injection to cross-site scripting, web spoofing, to pass-the-hash attacks). And not only are the tools out there to do this stuff, they are also open source and freely available, even the training to use them is also freely available. When you add to these vulnerabilities the myriad ways that attackers can use social engineering to gain access to a system, it's game over for network and end point defenses.
Vormetric – More relevant than ever. That being said, this is why encryption is SO IMPORTANT. Security defenses are failing. Vulnerabilities are countless. Gaining access to networks and systems is inevitable. Despite all of these things, the one thing that still works is ENCRYPTION.
With Vormetric’s ability to block privileged users from data with encryption and access controls, we’re hugely relevant. As a vendor, our “first touch” with organizations has often been to help them meet compliance requirements. I was well aware that perimeters and other defenses just can’t keep attackers out before the event – but learning the exploits used, seeing how pervasive and easy to obtain they are was a real eye opener. People just don’t seem to recognize how vulnerable they are, and how important it is to implement additional protections directly around their data.
Many of our own customers are also taking the next step – connecting the data access information that we provide with SIEM and Big Data for Security tools for analysis. This lets them see if data access patterns have changed, and quickly highlight potential attacks in process.
One thing you can be sure of, the vulnerabilities are real, and the hacks that attackers are using to gain access to systems and networks won’t just “Stay in Vegas”.