top of page

Cybersecurity Solution Highlights from Black Hat 2022

Solutions are trending in three areas.

I had the opportunity to meet with 12 cybersecurity solutions providers during the 25th Black Hat Cybersecurity Conference.

I observed three trends at this conference that are represented by the solutions the following companies offer: 1) API security, 2) DarkWeb research and tracking, and 3) reducing security tool sprawl with integrated solutions. Here's what I learned and who I learned it from: -- enables digital-first companies to transact business over marketplaces and social channels as these touchpoints are becoming the new attack vectors. Bolster employs deep learning, computer vision, and natural language processing to identify suspicious web pages. The technology has been used to identify, and take down, thousands of sites mimicking, Uber, and Zoom, as well as a number of banks and credit unions. The platform is being used to supplant three to five other solutions in the cybersecurity tech stack and for brand protection as well as cybersecurity.

Cobalt -- provides pen testing-as-a-service (PtaaS) through a subscription model whereby Dev teams can spin up pen tests in 48 hours versus six-to-eight weeks at 50% of the cost. This removes the pain of waiting for developers who are driven to fail fast and iterate. Each client is on a Slack channel with the testers so they're able to see the security issues in real-time and address them in the sprint. The platform integrates with JIRA and GitHub and enables DevSecOps to learn how hackers are exploiting applications. Cobalt offers free retesting during the contract period and many active development organizations keep Cobalt on retainer.

CyberSixGill -- collects data where threat actors are talking and communicating, on the deep and dark web. Companies do not have the time, bandwidth, or access to search for all these threats. CyberSixGill automates the collection of data from Telegram, Twitter, dark web forums, markets, and file shares. Ten million items are collected each day. These are integrated into users' existing security stack to identify exposure and risk, and pre-empt threats before they become attacks. Threat scores are provided based on discussions taking place on the dark web to help security analysts, threat hunters, and fraud team members to know the level of risk to expect.

Exabeam -- enables security teams to get away from Splunk, which requires 30 days of training, and several other security solutions to perform threat detection, investigation, and response (TDIR). The cloud-native SecOps platform enables security team members to focus on threat detection using behavioral analytics. The platform also uses ML modeling to learn what the normal behavior of employees looks like since 90% of security risk is from people within the company. It provides end-to-end data and visibility to parse and analyze abnormal activity from anyone in the company.

Intel 471 -- provides cyber threat intelligence for intelligence, security, and fraud teams. They released The 471 Cyber Threat Report; 2022-2023 Trends & Predictions which analyzes recent and commonly used tactics, techniques, and procedures that have been adopted by prominent threat actors, how these threats have affected enterprises, along with predictive intelligence assessments on threats that organizations should be prepared to thwart over the next year. A key takeaway from the report is that hacktivism has returned driven by Russia's attack on Ukraine with the splintering of the cybercrime ecosystem and key players pledging allegiance to Ukraine or Russia.

Keeper Security -- expanded its password management solution for enterprises with a cybersecurity platform with a secrets manager that secures the environment and eliminates "secret sprawl" by removing hard-coded credentials from source code, config files, and CI/CD pipelines; and a connection manager that provides DevOps and IT with easy, highly-secure access to RDP, SSH, database, and Kubernetes endpoints through any web browser. The platform is one of several solutions I observed consolidating the number of security solutions needed by the enterprise, as well as small and medium-sized enterprises.

OPSWAT -- provides critical infrastructure cybersecurity solutions and Deep Content Disarm and Reconstruction (CDR) to protect mission-critical organizations from malware and zero-day attacks. To minimize the risk of compromise, OPSWAT Critical Infrastructure Protection solutions safeguard public and private sector organizations with technology, processes, and hardware scanning to secure the transfer of data, files, and device access. Recent enhancements include the OPSWAT Sandbox for OT with detection of malicious communications on OT network protocols and support for open-source third-party tools in its MetaDefender Malware Analyzer.

Salt Security -- provides an API security platform that enables IT to harden their application infrastructure and defend against cybersecurity threats targetting APIs. This is critical as the number of APIs continues to grow at more than 400% per year and they must be continually enhanced and tuned to provide a great user experience. However, bad actors have figured out that APIs are a lucrative target. The security platform uses data and AI/ML to identify problems and vulnerabilities and updates documentation so developers and make better, and more secure APIs, with less hassle and more confidence.

Sonar -- enables developers and dev teams to write clean code and remediate existing code organically. Clean code minimizes maintenance time and costs, reduces developer attrition, increases software longevity, and reduces operational, reputational, and security risks. More than 40% of developers' time is spent remediating bad code and technical debt. Code security is part of clean code as most security vulnerabilities are in the source code. Code security that's not clean code is worthless. Only developers can own code and therefore code securely via short feedback loops, integrated with DevOps, and education.

Traceable -- is an API security platform that discovers, manages, and secures APIs for the enterprise. According to Akamai, 87% of web traffic today is via APIs. Traceable protects APIs by understanding the business logic, user attribution, and context of each API – from development through production. Distributed tracing technology and context-based behavioral analytics, provide API security to cloud-native and API-based applications. Analytics enable SOC and security analysts to hunt for hidden IOCs and breaches, track and trace suspicious users, analyze security incidents, and speed incident response thereby lowering mean-time-to-resolution.

Xcitium (formerly Comodo Security) -- helps customers avoid breaches by neutralizing ransomware, zero-day malware, and cyberattacks with their active protection solution. The company also provides containment technologies to deliver an endpoint detection system for critical components such as advanced endpoint management toolsets to provide a single cloud-accessible SOCaaS platform that offers high-security implementations for enterprises and government agencies.

ZeroFox -- provides a unified platform for external cybersecurity. ZeroFox believes cybercriminals are a much bigger threat to private enterprise than nation-states. Business email compromise results in 7-times more financial damage than ransomware. Enterprises need a culture that allows employees to challenge executives who are asking employees to transfer funds or PII. Use cases include social media monitoring and brand protection, physical security, SOC signatures, telemetry, data, dark web, DarkOps research, and attack surface management. They work with clients to proactively address security threats and risks rather than after a breach has occurred.


bottom of page