Walking the Black Hat Conference Floor - 2014 Edition

Last updated at Fri, 21 Jul 2017 14:50:18 GMT

Alright. I am back in, and mostly adjusted to, my regular time zone again, so let's review what I saw on this year's Black Hat "Business Hall".

As I mention every 6 months or so (Black Hat 2013 and RSA Conference 2014), I always try to find time at industry events to walk around the conference floor and talk to the vendors that are new (to me, at least). While I love catching up with the funny sales guy at <insert giant vendor here>, I was already time-challenged to find the innovation this year because of responsibilities with the Rapid7 Race-to-Root booth competition and my own little song and dance in South Seas CD.

Thankfully for me, UBM decided to add an Innovation City to the Business Hall this year to give my exploration a focal point. I also visited other booths on the outer edges, but this section of the floor lived up to its name with a combination of start-ups I know from colleagues recently joining the team and some in my bucket of "new to me".

This time, as I always find it unfair to classify these innovative vendors by their yet-to-be-defined solution type, I am going with 3 classifications:

• I knew them, but only because I am so cool - Yeah, I know "cool" is an interesting choice of words for knowing security start-ups, but I cannot ignore vendors that I know because of colleagues.
  • ThreatStream promises to use the machine learning built into their OPTIC platform to add actionable threat intelligence to your dusty old SIEM. I did not have the chance to ask Alex Pinto for his take on ThreatStream's machine learning, but I am very curious to hear from any security teams that have integrated it into their environments.
  • It is no shock that I know Cybereason, since no security company emerges from stealth in Cambridge, MA without catching Rapid7's eye (or departing employees), but their endpoint agent promises to detect Malops across your network upon install. Sounds promising, but can the (approximately) five remaining members of the Israel Defense Forces Intelligence Corps pause and give someone else a chance at venture capital dollars? You are putting the rest of us to shame.
• How did this cool technology sneak by me?
  • It is a good thing that CyFIR's marketing team opted to buy a banner on Black Hat Boulevard because I didn't see them on the sponsor list and they were not in Innovation City. However, their "computer forensic analysis solutions" were interesting enough for me to visit, even if I am unsure from the booth if the software is usable by someone not on the CyTech Services team.
  • Checkmarx knows how to draw in a father of toddlers when they offer a plush bear with a "Softbear Security" sleeveless turtleneck (only a little bear could pull off that look). As someone not currently in the market for a source code analysis solution, I wish them luck in a market that continues to challenge software vendors to cut off vulnerabilities before they reach end users.
  • Deja vu Security was touting their "Peach Fuzzer" solution in Innovation City and I love the concept of exposing vulnerabilities before they are published thanks to the use of "Fuzzing". I give them extra credit for repeatedly using "fuzz" as a verb throughout their marketing materials.
  • I don't normally spend a lot of time at booths for services companies, but Synack is pushing their Crowd Security Intelligence platform as "human-powered cyber security". Despite their heavy use of "cyber" throughout their materials, their founders and investors give them significant credibility in the market.
  • If you have read my other Conference blogs, you know that I always need to geek out once on a new mobile solution and Bluebox takes that honor this time around. IT departments may be a bit reluctant to shift their risk from mobile devices to Bluebox's cloud, but it is probably the only way to disrupt the MDM market through a reduced cost of ownership on both IT and end users.
  • Novetta Cyber Analytics had two taglines that were effective enough to stop me on my path to Innovation City. "The truth is in your network" is a strong way to introduce a solution that makes use of PCAP data, but I hope that their console delivers on their second tagline better than their 8-page booklet. "From Complexity to Clarity" sounds like a paraphrasing of our CEO's "Simple, innovative solutions to complex security challenges" [apologies for quoting from memory, Corey]
  • Farsight cornered the market on acronyms and hopes to do the same to threat intelligence subscriptions with SIE (Security Information Exchange) and the related DNSDB (Passive DNS Database). Wow. An acronym within an acronym definition. Impressive. Reminds me of Homer's BBBQ. [If you haven't seen every Simpsons episode because you have a life, the added 'B' in BYOBB was a typo.]
• You sound familiar. Did you just go through an acquisition? -
  • Ixia went from a name I recognized, but knew nothing about, to an interesting suite of technologies with the acquisition of Net Optics at the end of 2013.
  • Mocana Corporation stands to benefit a great deal from the world's decreasing trust in OpenSSL after the Heartbleed and the less-fun-for-reporters CVE-2014-0224, their NorthStar solution can be installed on Apache "with a single command". An interesting new direction (apparently not caused by acquisition) for a vendor previously focused on mobile devices and the data moving between them.

This year's takeaway for me was that the most innovative security vendors have stopped trying to slightly differentiate from established solutions in the market, and instead look to challenge with a new approach ("fuzz everything!") or way to automate existing data analyses (Cyber!).

Either the floor is shrinking or I am just getting older (remember how big your grade school seemed?). The line for Rapid7 party passes once again challenged the Business Hall's layout by either stretching to the Business Hall Theaters or wrapping our own booth like a whorl shell, depending on DK's mood and number of times Black Hat staff had scolded him.

If you missed Jeff Myers's and my briefing, let me know what you think when you buy the videos. Also, the comments section below is the best way to tell the world that I am a fool for leaving off your innovative company.