Armis | IBM | Palo Alto Networks | Splunk | Synack
Q1. What prompted your company's recent purchase of Silk Security? How will customers of both companies benefit from the acquisition?
Organizations need a comprehensive platform that can address the entire lifecycle of cybersecurity threats. Over the past 8 years, Armis has developed our AI-powered Armix Centrix platform to encompass all facets of cyber threat exposure management. Our recent acquisition of Silk Security marks a significant leap forward in supporting Armis customers with cyber risk prioritization and remediation. By integrating Silk Security into Armix Centrix for Vulnerability Prioritization and Remediation. we continue to push the boundaries of security excellence, empowering organizations to stay ahead of emerging threats and safeguard their digital footprint with confidence.
Today, organizations are faced with a deluge of security findings, with no scalable and automated way to prioritize and operationalize remediation. Because of ineffective processes and inconsistent risk prioritization, security teams do not have a clear plan on what to fix, who is responsible and how it should be fixed. This results in costly and suboptimal remediation efforts that consume security team resources and still fall short in prioritizing the findings that pose the greatest risk to the business.
Armis Centrix for Vulnerability Prioritization and Remediation provides security and developer teams with a consolidated view into any security findings, enabling them to manage the remediation process effectively. It redefines how organizations find risk, prioritize response, establish ownership and operationalize the remediation lifecycle.
The Silk Security acquisition, along with the acquisition of CTCI earlier this year, reinforces Armis’ strategy of building a comprehensive platform that supports customers in the full lifecycle of cyber threat exposure management – from asset discovery and management to early warning threat detection and vulnerability discovery, prioritization and remediation.
Q2. In what ways does the integration of AI into cyber exposure management platforms enhance an organization's ability to prioritize and mitigate cyber risks effectively?
AI plays a critical role in helping security teams to identify and mitigate cyber risks effectively. Security teams have historically played an endless game of catch-up, caught in a constant cycle of responding to threats and attacks after they occur. This can lead to compromised data, damaged reputations, significant financial loss and more. As cybercriminals continue to leverage AI to evolve their tactics and exploit new vulnerabilities, AI-powered solutions are the only way to combat AI-driven cyber threats.
At Armis, we have engineered AI into our technology. The Armis Centrix platform is powered by the Armis AI-driven Asset Intelligence Engine, which monitors billions of assets worldwide in order to identify cyber risk patterns and behaviors. The Asset Intelligence Engine learns from past attack attempts on one company and immediately applies those learnings to all of our global customers across different industries. Armis’ AI also has a real-time understanding of risks and threats to critical assets as they change constantly to ensure businesses have the most up-to-date information.
Our newest solution, Armix Centrix for Actionable Threat Intelligence is an early warning, AI-based system that leverages the dark web, dynamic honeypots and human intelligence to anticipate threats, understand their potential impact and take preemptive action. This effectively shifts an organization’s security posture from defense to offense, identifying and stopping attacks before they cause disruption.
We’re moving beyond traditional defense to a proactive, AI-powered future. By tracking potential incidents in real time and preemptively mitigating risks, Armis empowers organizations to flip the script – turning the hunter into the hunted.
Q3. What key technologies or initiatives does Armis plan on showcasing or unveiling at Black Hat USA 2024? What are you hoping customers will take away from your company's participation at the event?
In addition to highlighting our capabilities in early warning threat detection and vulnerability discovery, prioritization and remediation, we’re looking forward to showcasing our other Armis Centrix solutions at Black Hat:
Armis is building a multi-generation AI-driven cybersecurity company. We secure Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society safe and secure 24/7.
The Armis Centrix platform enables organizations to proactively mitigate all cyber asset risks, remediate vulnerabilities, block threats and protect their entire attack surface. Only Armis Centrix protects all verticals and industries including Manufacturing, Health and Medical, Information Technology, Energy and Utilities, Financial Services, Transportation, Telecommunications and Media, Public Sector and many more.
Black Hat is a key event for Armis, so we hope customers, partners and prospects alike will take the opportunity to stop by our Armis booth (#1820) and connect with our experts to learn more about Armis Centrix™. For more details about the activities we have planned at Black Hat, including happy hour events and a vulnerability prioritization boot camp, please visit our website.
Q1. IBM's latest X-Force Threat Intelligence Index showed a substantial increase in attacks involving the use of valid account credentials. What might explain the increase and what impact are these attacks having? What should organizations be doing to reduce exposure to the threat?
For the first time, abusing valid accounts became cybercriminals’ most common entry point into victim environments and represented 30% of all incidents X-Force responded to in 2023. The increase is most readily explained by accessibility. As defenders increase their detection and prevention capabilities, attackers are finding that obtaining valid credentials is an easier route to achieving their goals, considering the alarming volume of compromised yet valid credentials available—and easily accessible—on the dark web. Cloud account credentials alone make up 90% of for-sale cloud assets on the dark web, making it easy for threat actors to take over legitimate user identities to establish access to victim environments.
Attacker's use of valid accounts as an initial access vector has a significant impact on the required response efforts, as well. Major incidents where the attacker leveraged a valid account for initial access were associated with more complex response measures by defenders—190% greater than the average incident.
To reduce exposure, there are a few steps organizations can take:
Q2. What is the X-Force Cyber Range all about? What issue is it that the range is helping federal agencies address?
We know that when it comes to cyber threats, you can’t predict when one will occur, but you can prepare. Organizations must view responding to a cyber incident as not just a security problem but as a business-wide responsibility. Your entire organization should be prepared to react with speed, agility, and common purpose and our Cyber Ranges help organizations do just that.
The IBM X-Force Cyber Ranges offer immersive simulations, available in-person or virtually, to guide your teams or entire organization through realistic breach scenarios, helping ensure you can respond to and recover from enterprise-level cyber security incidents, manage vulnerabilities, and build a stronger security culture in your organization. We have Cyber Range locations in Cambridge, MA, Washington DC, Bangalore, India, as well as a partnership with the University of Ottawa. We meet clients where they are and deliver experiences at their preferred locations.
Since our launch in 2016, over 17,000 business leaders have gone through our immersive training, finding ideas for growth in their response plan within a safe environment, while using industry best practices and real-life data breaches. Our tailored programs address the unique challenges of your organization, but our newly launched DC location does focus largely on federal agencies, given its location. It runs exercises based on key challenges faced by government agencies, including protecting critical infrastructure, compliance requirements, and the safeguarding of sensitive data. Building on nearly a decade of experience operating cyber response training facilities globally, IBM facilitators at the DC range guide participants through mission-disrupting scenarios – ranging from AI code poisoning and destructive attacks to deepfake and zero-day attacks. The experience is immersive and helps participants from companies and agencies work through challenges they would face in real-time such as cross-team communication breakdowns and resource issues.
Q3. What emerging cybersecurity threats or attack vectors does IBM X-Force plan to focus on at Black Hat USA 2024? What capabilities do you plan on highlighting at the event?
The focus for IBM at Black Hat will be around securing AI and leveraging AI for security. Generative AI will have a significant impact on businesses security and risk profile, both as a tool to improve cyber defenses and as a new frontier of innovation to secure. As businesses seek to innovate with AI across their operations, it’s paramount that security is a foundational element of that strategy. In a recent IBM Institute of Business Value study, 96% of executives say adopting GenAI makes a security breach likely in their organization within the next three years. With this in mind, we’ve developed a three-tiered approach that you’ll see across our content, activations, and booth at Black Hat.
Q1. How exactly has AI transformed the cyber-threat landscape? What strategies should organizations employ to effectively counter the threat of AI-enabled attacks.
Think of AI’s impact on the threat landscape in three ways: increasing the speed, scale and sophistication of attacks. We currently see generative AI being leveraged by attackers to launch sophisticated phishing attacks, and AI to create deep fake audio to bypass enterprise controls via the helpdesk or for vishing. We also believe that, given recent observed increases in speed of both reconnaissance and exfiltration, that threat actors are leveraging AI and automation to gather intelligence on their targets, scan for vulnerabilities, exploit them, and even adapt to countermeasures in real-time.
While these are things we’re currently observing, we also see the possibility of how attackers can leverage AI in the future as their use of the technology develops. Threat actors will advance their AI-driven attack methods, requiring continuous innovation in cybersecurity strategies.
CISOs are increasingly recognizing that combating a new age of AI-driven threats requires leveraging AI itself. However, traditional methods have proven inadequate due to inconsistent data quality, security silos, and a shortage of experts proficient in both AI and cybersecurity. A new AI-first approach is essential.
Precision AI by Palo Alto Networks represents the next generation of AI designed specifically for cybersecurity, aimed at countering rapidly evolving threats in real time. It combines machine learning and deep learning with the accessibility of generative AI for real time, AI-powered security. Precision AI enhances the capabilities of cyber defenders by centralizing and analyzing data with security-specific models, enabling automated detection, prevention, and response.
Q2. Threat actors are increasingly leveraging techniques like living off the land, fileless malware and exploiting supply chain vulnerabilities in their attacks. How do threat intelligence practices need to adapt to detect and mitigate these threats? How can AI and machine learning help?
When an actor uses valid credentials - whether stolen or leaked in previous attacks, password spraying, etc. - and living off the land binaries, it makes it extremely difficult for SOCs and threat hunters to identify the activity. Defenders often only detect the activity when the threat actor’s behavior goes against policy and the enterprise has network security monitoring within the perimeter. This is why it’s important to tie identity management into the network segmentation plan. For example, admins should be issued separate accounts for their work within each trust zone and the SOC should monitor for accounts operating outside of their approved trust zone.
AI and machine learning can help SOCs establish the baseline of "normal" user behavior and alert when an account or tool does something that it doesn't normally do in that environment. For example, it may "learn" that an admin runs remote PowerShell every Tuesday against a set of systems and learns to ignore that behavior, but it will generate an alert if that same behavior is observed on a different day or to a different part of the network.
Q3. What are the key messages or takeaways that your organization hopes to convey to customers and other organizations at Black Hat USA 2024? How will you measure the success of Unit 42's presence at the event?
The threat landscape continues to evolve. Both sophisticated cybercriminals and APTs pose a great threat to business continuity and success. We’re seeing firsthand via our Unit 42 Incident Response cases how big of an impact that cyberattacks can have on organizations. With access to advanced technology and by leveraging deep insights into business processes, we can only expect cybercriminals to become more aggressive. Palo Alto Networks believes that the only way we can stay ahead of cybercriminals is through AI-powered security that can outpace adversaries and more proactively protect networks and infrastructure.
At Black Hat this year, our team will highlight Precision AI and its benefits to global organizations, including new solutions that bring new levels of visibility and control, giving organizations an inventory of AI usage while protecting data, AI apps, and AI models.
Palo Alto Networks encourages all organizations to have an incident response plan in place should an attack happen. Our Unit 42 global experts are leaders in incident response, and provide organizations a range of services to tackle the complex challenges of cybersecurity. We integrate deep threat intelligence with leading technology to deliver quick and effective incident response. And, by leveraging the power of Palo Alto Networks, we help organizations create a security strategy that reduces the likelihood of future attacks.
Be sure to check out our booth #1632 if you are attending Black Hat in person. In addition, Palo Alto Networks researchers Edouard Bochin, Tao Yan and Bo Qu will be hosting a session titled, "Let the Cache Cache and Let the WebAssembly Assemble: Knockin' on Chrome's Shell."
Q1. Splunk's "State of Security 2024" report showed that most organizations have already deployed or plan to deploy Generative AI for various use cases, including cybersecurity. What are some of the security issues that organizations need to keep in mind when using these tools?
When using Generative AI tools, organizations must consider several critical security issues to ensure safe and effective deployment. One primary concern is data privacy and protection. Generative AI often relies on vast datasets, including sensitive company data or personal information. If not managed properly, this data can be exposed to breaches, unauthorized access, or misuse and putting the organization at risk. Organizations should constrain these systems' access to sensitive data or the ability to take unbounded actions without human oversight once they’re in production, as they are unpredictable by design.
Model bias is also a concern. Organizations must ensure their AI systems are trained on diverse and representative datasets, as biased models can perpetuate and exacerbate existing security gaps. For example, if a generative AI model is used for monitoring and analyzing certain behavior, it might fail to detect anomalous behavior outside its learned parameters. This oversight can be exploited by attackers who identify and operate within these blind spots to bypass security measures.
Adversarial attacks pose another serious threat. Malicious actors can manipulate AI models to produce incorrect or harmful outputs that can lead to compromised decision-making processes or security breaches. Robust cybersecurity measures, including regular model assessments and updates, are essential to defend against these threats.
Finally, the integration of generative AI into existing systems can introduce new vulnerabilities. As AI becomes more embedded in organizational processes, the attack surface expands. Businesses should conduct thorough security assessments and continuously monitor AI systems for vulnerabilities. The Splunk SURGe security research team is diving into the OWASP Top Ten for LLM Application security and other frameworks, looking for ways to defend AI systems against internal and external threats. The team will be providing more details on this research at Black Hat.
Q2. What new capabilities does Splunk's new Asset and Risk Intelligence service deliver in the SoC? What business or security need does it address?
Our newest Splunk Security product, Splunk Asset and Risk Intelligence, helps businesses streamline compliance, reduce cyber risk and eliminate the sources of shadow IT. While SOCs struggle with an expanding attack surface, limited visibility and complex tooling, the solution delivers continuous asset discovery and compliance monitoring to accelerate investigations and minimize risk exposure.
Splunk Asset and Risk Intelligence can be deployed and configured to be used on-premises in Splunk Enterprise implementations or in Splunk Cloud environments and seamlessly integrate with Splunk Enterprise Security deployments, the industry-defining SIEM. Leveraging the rich data in Splunk, it provides accurate asset inventories and asset data enrichment of all associated IP addresses, MAC addresses, users, software, and vulnerabilities to provide security teams with:
With a unified, continuously updated details of your assets and identities, Splunk Asset and Risk Intelligence eliminates stale data to ensure that your asset inventory is always accurate and comprehensive. This foundational insight is crucial for reducing risk exposure and eliminating blind spots for your business.
Q3. What vendor sessions, training and briefings does Splunk have in store for customers and others at Black Hat USA 2024?
Black Hat participants will have multiple opportunities to delve deeper into Splunk offerings. We are very excited to participate in The AI Summit this year, where we’ll showcase AI Assistant in Security, which helps security teams leverage AI for guided security operations. We’ll also be part of The AI Summit panel discussion Integrating AI with Cybersecurity Strategy - Navigating the Next Five Years. Two of our Splunk Threat Research Team members will be presenting at Black Hat Arsenal on Splunk Attack Range and BadZure: Simulating and Exploring Entra ID Attack Paths. I’m also thrilled to be presenting on strategies and technologies to power the SOC of the future.
Conference attendees can also stop by the Splunk booth to:
Q1. How exactly does Synack's new Attack Surface Discovery and AI/LLM pentesting offering enhance an organization's security posture and their ability to mitigate cyber risk? What security gap does the offering address?
According to a recent Enterprise Strategy Group (ESG) security testing survey, 64% say it’s difficult or extremely difficult to align proper testing methodology with the elements of the attack surface. Moreover, only 26% of the attack surface is being tested. With integrated Attack Surface Discovery, security teams will be able to eliminate the attack surface blind spots and ensure they are adequately testing their attack surface.
The rapid adoption of AI/LLM applications, adds new complexity and risk to their attack surface. With Synack’s AI/LLM security testing organizations can proactively identify and remediate vulnerabilities in the AI/LLM applications to reduce risk and improve resilience of their AI/LLM infrastructure.
Q2. How do you perceive crowdsourced security testing evolving in the coming years? What are the unique advantages and challenges of this approach in addressing modern security challenges?
While Synack does leverage a community of security researchers, it has already evolved well beyond its crowdsourced security origins and is a leader in the emerging Penetration Testing as a Service (PTaaS). Synack’s security testing platform enables organizations to manage the complete testing cycle integrating attack surface discovery and analysis, human-led vulnerability discovery, vulnerability management, and reporting for root cause analysis and trending to improve security posture and reduce risk.
By leveraging its advanced security testing platform and community of 1500+ vetted security researchers, Synack PTaaS provides security teams with the testing efficiency, efficacy, and scale necessary to keep pace with today’s rapid software development cycles, complex attack surface, and sophisticated attackers.
Q3. As a company that heavily relies on a crowdsourced model of ethical hackers, how does Synack plan to leverage its presence at Black Hat USA 2024 to attract and engage with top cybersecurity talent from around the world?
Like previous Black Hat conferences, Synack will continue to educate security organizations that legacy penetration testing can’t keep pace with today’s rapid software development cycles, complex attack surface, and increasingly sophisticated attackers. One Synack customer said, “All the money we spent on security testing and remediation yesterday is gone. We don’t learn anything from the process or leverage the data strategically. We claim success if the regulators are satisfied.” The improved efficiency, efficacy, and scale of Synack’s PTaaS changes that.
Synack also connects with current and prospective security researchers (ethical hackers) at both Black Hat and Defcon to continuously improve breadth and depth of the community, ensuring Synack continues to deliver unmatched testing efficacy and scale.
