As Black Hat 2023 comes to a close, security leaders are once again left to reflect on some of the most important strategic insights gathered from this year’s event.
Throughout the conference, the role of artificial intelligence (AI), and generative AI, in particular, was a running theme for their role in helping to detect and respond to threats.
In the realm of AI, Tenable announced the launch of a new language model-driven solution in Exposure AI, which uses an LLM to summarize threat actor attack paths, and Abnormal Security released CheckGPT, a tool that uses language models to detect whether emails are AI-generated or not.
At the same time, CrowdStrike unveiled a new threat-hunting service designed to identify identity-based attacks and infiltration techniques, and cloud security startup Sweet Security emerged from stealth with $12 million in seed funding with a real-time cloud detection and response solution.
To dig deeper into the event, Techopedia reached out to security analysts, CEOs, CISOs, and CTOs following the conference to get their thoughts on the top cybersecurity trends to take note of from Black Hat 2023.
Their comments have been edited for brevity and clarity.
1. Moving Past the Hype of AI
“In my humble opinion, the biggest trend is moving past the hype of “AI.
Although AI is a common topic, I see more of an emphasis on understanding the reality of where it is today and the challenges it presents as organizations look to leverage AI. What’s the cost of convenience?
The three common questions are:
- How does your org want to utilize AI?
- How will you protect your company and data?
- How will you enable your users to use ai securely and within company guidance?
In layman’s terms: AI is no easy button for the many challenges organizations face.”
Manuel Acosta, Sr. director, advisory for Gartner.
2. Hardening the Software Supply Chain
“Black Hat tends to be stronger technically than many other conferences, and this will be reflected in the trends we see coming out of it.
As uncovered in our most recent ransomware research, abuse of zero-day/one-day vulnerabilities has led to a 143% increase in ransomware victims. We expect to see more on this trend and breaking insights around supply chain issues during this year’s conference and in the months to follow, not just from us but within the security community.
Another recent survey we released in collaboration with the SANS Institute found less than 50% of security professional respondents had API security testing tools in place. I believe we will see more on this coming out of this conference, in addition to more reports on attack trends, new attack techniques, and defensive approaches.
Steve Winterfeld, Advisory CISO at Akamai.
3. Managing Costs and Showing the Value of Cybersecurity
“Early indications from a Black hat – not just from the business hall, but also from the schedule of briefings and conversations with my fellow CISOS – is that AI’s impact across cybersecurity is a consistent theme.
We’re also seeing the challenge of how to manage costs and show value from security programs and the ever-growing list of tools we’re incorporating into the SOC.
Zooming out, there’s a lot of chatter about funding, budgets, and the overall macroeconomic environment. Lots of topics are up for debate that are poised to shape the future of cybersecurity.”
Greg Notch, CISO of Expel.
4. Cyber Insurance and IoT Security Maturity
“We’re at the edge of AI performing impactful security work, both on the defensive and offensive sides.
Cyber insurance sellers are maturing and taking on complex policies and will be the real driver of moving security forward in many organizations.
IoT and embedded system offensive techniques continue to be a real focus and spread to the quirkiest technologies.”
Kurt Baumgartner, principal security researcher global research and security team, Kaspersky.
5. Cloud Security Remains Top of Mind
“There are two significant trends that I think are interesting to watch, mainly around cloud security, a sector in which I’ve been innovating for over a decade.”
Cloud Security
“Cloud security is maturing. Customers are advancing from pure visibility and posture management to observability, i.e., near real-time detection and response.
While this is not new per se, it is getting more attention recently due to the increase in the number of customers that, despite having deployed a Cloud Native Application Protection (CNAPP) solution, still got breached.
Organizations now understand that they need to deploy a dedicated Cloud Detection and Response (CDR) solution. This requirement is also being amplified by analysts creating new categories, such as Gartner’s Cloud Investigation and Response Automation (CIRA).”
Generative AI
“Generative AI in cloud security is definitely a topic to watch. It is being mentioned frequently; however, many are using it in a shallow manner. For example, vendors that are using ChatGPT to generate remediation actions such as terraform code.
I’d recommend looking for vendors that integrated generative AI into the security workflow, like threat detection. This would indicate innovative, deep technology products.”
Chen Burshen, CEO of Skyhawk Security.
6. Automated Models Becoming Platforms
“The industry is witnessing the emergence of “Models as Platforms,” where developers prioritize “Automation, Analysis, and Prediction” over specific cloud infrastructures like Azure, AWS, or GCP.
This utility is underpinned by the core ML assets driving AI-enabled applications, such as unique datasets, pipeline tools, and hardware-based accelerators.
With AI representing an entirely new application ecosystem akin to mobile web, IoT, and Web3, its security evolution follows a similar trajectory: identifying vulnerabilities, detecting them, contextual comprehension, and ultimately automated remediation.”
Daryan Dehghanpisheh, president and co-founder of Protect AI.
7. Protecting the Identity Perimeter
“Experts have discussed how identity has emerged as the core pillar of any security program since credentials are used in 4 out of every 5 data breaches, and it’s only getting worse.
This accounts for the rise in focus on Identity Threat Detection and Response (ITDR), which protects user directory stores, and Secure Access Service Edge (SASE) – an architecture that brokers access to cloud apps and data.
While those approaches are useful, it underscores the fundamental need for a new approach to validating and authenticating users and their devices individually and at scale, which all comes down to policy-driven automation.”
Jasson Casey, CTO at Beyond Identity.
8. Fixing AppSec
“Traditional AppSec is broken. The world runs on apps, and organizations still struggle to gain complete visibility and control over their applications, dependencies, and risks. AppSec tools generate too much noise while, at the same time, attack surfaces continue to expand, creating huge gaps in coverage that leave pipelines exposed.
For organizations to accurately assess their security risk, they need AppSec and Cloud security to converge. ASPM addresses these problems while also taming the proliferation of security tools by consolidating all alerts and risk intelligence onto one central platform. There isn’t a more critical time to bring peace to all the chaos.”
Ronen Slavin, co-founder and CTO of Cycode.
9. Getting to Grips with ChatGPT
“Controlling the use of ChatGPT presents a significant challenge for cybersecurity professionals due to the model’s autonomous nature. Implementing effective monitoring, content filtering, and user guidelines becomes essential to mitigate potential risks and ensure responsible use of the technology.
However, achieving complete control remains challenging, demanding a balance between maximizing utility and minimizing potential security and ethical concerns.”
Maurina Venturelli, vice president of marketing at Opus Security.
10. Pinning Down Communication and Automation
“One of the standout themes dominating discussions at this year’s Black Hat conference is the new SEC cybersecurity rule. The spotlight is on CISOs as they analyze the rule’s implications, contemplating how it will shape their future security program strategies, redefine board reporting responsibilities, and influence technology stacks.
The elevation of cybersecurity to the board level has never been more critical, emphasizing the need for efficient security program management and performance, as well as allowing CISOs the ability to clearly communicate risks and business impact to executives in the corporate space.”
Automation
“AI-powered automation is taking center stage this year as attendees and speakers delve into its responsible integration within the cybersecurity landscape. As these conversations unfold, we are seeing the convergence of budget considerations, communication strategies, and the automation revolution shaping the future of cybersecurity.
The crux lies in the responsible utilization of AI to tackle the most pressing challenges faced by CISOs and the entire industry. Harnessing AI’s potential becomes pivotal in steering cybersecurity toward more effective solutions.
Black Hat continues to be the stage where these trends find their voice and pave the way for an even more secure and optimized digital realm.”
Sivan Tehila, CEO of Onyxia.
11. All Eyes on Cybersecurity Policy
“Unsurprisingly, AI has been the talk of the town at Black Hat this year. Specifically, at SURGe, we’ve paid special attention to how the explosion of AI and large language models (LLMs) in the market is creating new risks for organizations to defend against.
Additionally, with the new National Cybersecurity Strategy and the SEC’s recent landmark ruling, all eyes have been on cybersecurity policy and policymakers’ choice to release it. Understanding the responsibility of the government in the face of ransomware attacks is critical.
Lastly, I’ve been focusing on threat hunting’s progression – or lack thereof -at Black Hat this year, and the importance of model-assisted hunting, as well as the recent strategy shift by threat actors toward infrastructure.”
Ryan Kovar, security strategist and leader of SURGE, Splunk.
Demonstrating the Defensive Possibilities of AI
If Black Hat has demonstrated anything this year, it’s that AI has a role not just in detecting and responding to threats on-premises and in the cloud but can play a role in almost any defensive process, from vulnerability to workflow management.
Ultimately, it’s down to defenders to be creative in how to apply it. As hackers look to weaponize AI with tools like WormGPT and FraudGPT, organizations need to be ready to turn to automation, streamline SOC operations and reduce their exposure.