4 Key Themes from Black Hat USA 2024

In cybersecurity, few events hold as much anticipation as Black Hat USA, where industry experts come together to discuss the latest trends and technologies. This year, over 20,000 people showed up to connect face-to-face and share insights on how to stay ahead in an evolving threat landscape.

Team NetSPI showed up in full force with our updated brand, demos of The NetSPI Platform and our new Cyber Asset Attack Surface Management (CAASM) solution, and two buzzed-about talks.

Here, we summarize four key takeaways from the event, as told by members of our leadership team:

• Aaron Shilts, CEO
• Vinay Anand, CPO
• Tom Parker, CTO
• Nabil Hannan, Field CISO

Read on for their insights and get a glimpse into the excitement of Las Vegas!

NetSPI Heads to Hacker Summer Camp

Beyond the fantastic conversations, product demos, and familiar faces who stopped by on the show floor, this year’s Hacker Summer Camp was jammed packed with events, including our poolside lounge networking event at the Daylight Lounge in Mandalay Bay.

Kicking off day two, our very own hardware hacking duo – Sam and Patch – hit the stage to reveal how they built an affordable laser (or light) based hardware hacking tool. Read their exclusive interview with WIRED’s Andy Greenberg: A $500 Open-Source Tool Lets Anyone Hack Computer Chips With Lasers.

This was followed by Vinay and Tom who discussed how to improve continuous threat and exposure management (CTEM) by pairing External Attack Surface Management (EASM) with CAASM. They addressed the challenge of mapping a complete view of the attack surface, how EASM and CAASM work together to reduce attack surface sprawl, and tangible steps to work toward CTEM.

Additionally, 30+ of our security experts, The NetSPI Agents, went to DEF CON 32 – three of whom presented sessions on Google cloud pentesting tools, mainframe security, and Azure insecurities.

• Scott Weston presented on GCPwn: a Python toolset for easy GCP pentesting and module creation.
• Michelle Eggers discussed the relevance of mainframes and shared five solutions for securing them. And she did it twice, once at BSides Las Vegas and again at the DEF CON AppSec Village.
• Karl Fosaaen analyzed Managed Identities in Azure and shared a tool to automate attacks on them.

Watch our recap below and be sure to check out The NetSPI Agents’ recap of DEF CON 32 for more insights from the Las Vegas Convention Center. 

4 Observations from the Halls of Mandalay Bay at Black Hat 2024 

Whether you attended Black Hat or missed this year’s event, hear from Aaron, Vinay, Tom, and Nabil on the noteworthy trends we took away from the conference.

1. Consolidation of Security Solutions

One of the major themes at Black Hat this year was the shift from point solutions to consolidated security platforms. Aaron highlighted that customers are increasingly seeking integrated solutions that offer greater visibility and advanced features without the burden of managing multiple tools. This trend is driven by budget pressures and the need to replace outdated systems with more efficient platforms.

Forrester Analyst Erik Nost stopped by our booth to demo The NetSPI Platform and continues to be a champion of this consolidation trend, particularly in the proactive security industry.

Tom also observed this trend adding, “while concerns remain about concentration risk, the overwhelming sense from CISOs is that consolidation must happen and the benefits far outweigh the risks. The overwhelming amount of conversations had on site reiterated our platform vision, in particular, the ability to prioritize remediation based on asset and risk data.”

2. Navigating the AI Hype

Artificial intelligence was undoubtedly the buzzword of the event, with vendors across the board showcasing AI-driven solutions.  

Tom noted that AI is currently causing more problems than solving them. While AI offers potential, the cybersecurity industry must implement solutions that help us counter threat actors who are quicker to adopt AI than the security market, at least for now. 

Field CISO Nabil Hannan also noticed the buzz around AI. His take on this is that AI isn’t actually “intelligent” and we must have sound strategies to effectively navigate and harness its power. Read more about Nabil’s take on AI in his recent blog, How Threat Actors Attack AI – and How to Stop Them.

3. Automation in Penetration Testing

Aaron and Vinay both observed a growing trend toward automated penetration testing.  

Aaron shared, “There is strong demand for greater automation in the pentesting process as customers need continuous testing coverage across more of their attack surface. The only way to do this is through greater automation and leveraging technology.” He reiterated, “We still believe strongly in the intersection of technology and talent. While several firms are taking a tech-only approach that we believe still does not yield the same results. This shift toward more automation reflects the industry’s move towards leveraging technology to enhance efficiency and effectiveness.”

Vinay agreed with this sentiment observing, “Automated pentesting is definitely a trend that is catching on. On the show floor there were many vendors claiming to offer automated pentests and an increased number of startups offering a “fully-automated red teaming and pentesting platform.” 

4. Addressing Third-Party Risk Management

In addition to being NetSPI’s Field CISO, Nabil also hosts the Agent of Influence podcast and was able to host seven new guests for on-site recordings. During the interviews, one challenge became evident across the board: third-party risk management (TPRM). This indicates that the current approaches are often flawed and ineffective, and highlights the need for better solutions.

Additionally, the conversations pointed to a broader need for security education, particularly for vulnerable populations such as the less tech-savvy and elderly, who are often targeted by scams. These discussions underline the critical role of awareness and education in strengthening organizational and personal security. 

Black Hat USA 2024 offered invaluable insights into the cybersecurity landscape, emphasizing the need for consolidated solutions, judicious AI use, and enhanced automation. For cybersecurity executives, these trends present opportunities to refine strategies and strengthen defenses.  

As we move forward, staying informed and proactive will be key to navigating the evolving threat landscape. For anyone interested in exploring these insights further, we invite you to connect with our team at NetSPI and discover how our solutions can empower your organization to stay one step ahead.