Surprise insights from the Black Hat security conference

You may have heard the adage, “The best defense is a good offense.” As Chief Marketing Officer at NopSec, I closely follow trends and sentiment in the IT security industry. At the Black Hat conference last week I got the opportunity to meet with some of our existing customers as well as speak with a broad group of industry professionals. The most surprising take-away for me was the prevalent topic of active defense and offensive security.

What is offensive security?

TechTarget defines offensive security as, “a proactive and adversarial approach to protecting computer systems, networks and individuals from attacks.” I had a number of conversations with individuals who talked about cyber defense exercises and described their preference for “red team”. The attacking team is called the red team and the defending team is called the blue team. It was interesting to get a perspective of how attackers think, and it is exactly what you might expect.

Hackers do not abide by the rules

This might be stating the obvious but is worth repeating just the same. Hackers do not follow the rules. In an article posted to Dark Reading last week, Tim Wilson wrote in “Moving Security Outside The Lines” that, “many of [the new] vulnerabilities stray into territory that would be outside the purview of most IT security departments, or might fall between the cracks of departmental boundaries.” For example, it was frightening how pervasive phishing attacks hiding exploit kits have become. NopSec’s CTO related a story about how at past conferences, social engineering was considered “too easy” to be considered a legitimate attack. However, the determination of attackers has not diminished and some of the recent examples from the past year demonstrate that the bad guys are willing to undertake a high level of expense, time, and effort to achieve their objectives.

Proactive defense as the path forward

“Active defense” was a term that I came across in a blog post by Dmitri Alperovitch, CTO at CrowdStrike. He outlined a strategy of “attack detection, attribution, flexibility of response, and intelligence dissemination.” At NopSec, we have a small but significant twist on this term.  We believe in PROactive defense, which begins with identifying your most valuable corporate assets and prioritizing your security team’s time and effort to sufficiently safeguard the most important data. In my conversations with prospective customers last week I was astounded to learn that many companies, even those sending individuals to an industry IT security conference, still defined their security strategy using the lowest common denominator.

Our engineering team came away with some amazing insights, some of which Michelangelo Sidagni – NopSec’s Chief Technology Officer – will post later in the week. In preparation please subscribe to this blog and social media updates. Start looking at security from the attacker’s perspective and get on the offensive… or the proactive defense.