Corellium | Hack the Box | Swimlane | Sysdig | Varonis
Q1. What prompted Corellium's recent effort to update its brand? What is the dichotomy between how the company is perceived externally and how you view the company yourselves?
Corellium’s mission has always been to revolutionize how software developers build, test, and secure the next generation of devices. Since these devices run on Arm processors, we invented the world’s first Arm-native virtual hardware platform, designed to bring the power of true virtualization to developers working across mobile, IoT, automotive, and beyond.
But we had to start somewhere, so we started with mobile, and we started with a focus on security. And to many of the attendees at Black Hat, that’s all they know us for — they don’t know about our capabilities in IoT or automotive, or in the broader software development lifecycle. In fact, even within the realm of mobile security, developers may not be aware of our fantastic pen-testing features or our malware analysis tools. So our brand evolution this year is about telling this wider story, including our industry-leading partnership with Arm on IoT and automotive device models.
Q2. How does Corellium plan on leveraging AI and machine learning technologies in its products? Where do you see AI making the biggest difference in the mobile security space going forward?
In today’s AI-hyped marketplace, it’s tempting for companies to exaggerate the potential impact of this technology, or to integrate it superficially just to say they have it. We tend to take a more circumspect view. We think AI can be a powerful assistant for security experts, but certainly not a replacement for them. At this stage in its evolution, we see AI primarily making the biggest difference in mobile security by helping engineers increase efficiency and automate repeatable tasks. We also see it having a substantial impact in areas that use predictive analytics for threat detection and prevention — from ransomware to network attacks to fraud.
Within the Corellium suite of products, we plan to leverage these core principles to meaningfully enhance our users’ experience. First, we’ve road mapped AI integrations to assist engineers in doing their work substantially faster and more efficiently, especially through intuitive automation. Second, we plan to leverage AI for powerful predictive analytics to improve the detection of security anomalies, from static analysis of mobile app code to dynamic identification of sophisticated malware threats.
One of the first features we plan to enhance with AI is our new MATRIX technology. This automated testing and reporting tool already makes pen-testing processes more efficient by automating the mundane and simplifying the testing process. With AI, we plan to provide even more robust dynamic and static testing to better identify vulnerabilities, as well as an integrated assistant to help security teams further accelerate everything from setup and integration to report analysis, response, and remediation.
Q3. What innovations and technologies does Corellium plan to highlight at Black Hat USA 2024? What training sessions and other events does your company plan on holding at the event?
This year, we’ll be introducing Black Hat attendees to MATRIX: our exciting new mobile application security testing (MAST) automation and reporting tool.
MATRIX gives you the same automated security reports you’d normally get from an outsourced service provider, but instead of paying per app, your in-house team can test as many apps as you want for a fraction of the cost. Running a test requires no special expertise — just upload your app, select your settings, and click a button. Integrating these automated tests with existing CI/CD frameworks is a breeze with our robust set of APIs. Plus, this powerful feature comes with our comprehensive testing and development platform, so your red team can use the same platform for manual pen-testing, your QA team can use it for replicating bugs, and your development team can use it for remediation work.
Imagine your AppSec teams being able to generate an updated security report for any of your internal apps at any time, without worrying about spiraling costs. Imagine your development team being able to easily run automated MAST reports as part of their standard testing lifecycle, and a bug report with a snapshot for easy replication being automatically filed for QA triage when an issue is detected. With MATRIX, shifting left gets a whole lot easier — and more affordable.
As with all our solutions, deployment options include cloud, private cloud, or onsite server and desktop appliances, which our high-security customers love.
If folks are interested in learning more, swing by our booth, or schedule an appointment with us at sales@corellium.com. Also be sure to check out the Black Hat trainings from SensePost and Mandiant that will be using Corellium!
Q1. What exactly is Hack The Box's Cyber Performance Center about? How is it different from traditional approaches to cybersecurity training?
Hack The Box’s Cyber Performance Center redefines cyber performance. It provides a platform for business and tech leaders to develop their workforce with plans aligned with organizational objectives, and for teams, professionals, and students to grow.
Hack The Box’s methodology is divided into three pillars inspired by the People, Process, Technology (PPT) framework:
HTB's methodology and leadership position in the market has been recognized in The Forrester Wave Cybersecurity Skills And Training Platforms, Q4 2023.HTB's methodology and leadership position in the market has been recognized in The Forrester Wave: Cybersecurity Skills And Training Platforms, Q4 2023.
Q2. In a recent article, you described university cybersecurity degrees as not always being a good indicator of success for early candidates. Why is that the case? What are some better indicators of success?
Currently, there’s a severe shortage of over four million cybersecurity experts and cyberattacks are on the rise. Given these challenges, recruitment strategies need to adapt and address this gap.
Our research conducted at the beginning of 2024, titled "Securing the future of cybersecurity: From classroom to every career stage" revealed an alarming reality.
Specifically, we surveyed 3,000 professionals across the US and the UK about cyber recruitment, and almost two-thirds (64%) expressed dissatisfaction with current hiring processes, particularly in accurately evaluating candidates’ practical skills. Furthermore, 80% of global professionals attribute the primary entry barriers in the field to favoring degrees over real-world, practical experience.
We have to rethink the way we hire, moving away from a traditional model that focuses solely on university degrees or specific certifications. This doesn’t mean candidates with a university degree aren't worthy; it's that businesses are overlooking a hidden pool of talent who don’t have formal qualifications. I know many very skilled individuals and professionals who don’t have any of the above, but they are very good at what they do. Therefore, we need to reassess how we evaluate candidates in this industry. For example, assessment tests, demos, or practical exercises can effectively measure a candidate’s abilities.
Additionally, instead of only seeking candidates with cybersecurity degrees, recruiters can welcome individuals from all backgrounds. This includes self-taught hackers, those who enhance their skills through online training, Capture The Flag (CTF) competitions, and bug bounty programs. Relying solely on university degrees can sabotage hiring efforts, especially in such a scarce candidate environment.
Q3. What kind of hands-on demos and other events do you have planned for attendees at Black Hat USA 2024? What do you want them to know about your company's approach to cybersecurity training?
On Thursday, August 8, from 12:00-13:30, in the South Pacific G meeting room at Mandalay Bay Convention Center, Level 1, Hack The Box is calling attendees to be among the first cohort to experience our new, enhanced tabletops for executives and global teams to test crisis readiness. You will have the opportunity to assume different roles based on your background and test-drive the powerful capabilities of our new solution in an exclusive scenario focusing on election security. The scenario, called "Operation Secure Code," involves the United States of Luminthia (USL), which is in the midst of a critical election period. Due to heightened political tensions and the importance of maintaining the integrity of the electoral process, the nation faces increased risks of cyber attacks and other forms of interference. HTBSS has been contracted to protect critical systems belonging to various entities within the USL. As a contractor working for HTBSS, a major MSSP based in the USL, you must ensure the confidentiality, integrity, and availability of the systems set up for the USL.
Additionally, CISOs and Tech leaders interested in exploring how Hack The Box can help empower their cyber team's performance with its 360º solutions for recruitment, upskilling, retention, and tracking success, can attend our Happy Hour event on August 7th from 17:00 to 19:00, request a meeting with the HTB team and schedule a demo for Black Hat US 2024. Fill out the following form to secure a slot with one of Hack The Box’s on-site team members: https://resources.hackthebox.com/bh-usa-2024
Q1. In your experience, how do you effectively communicate cybersecurity materiality to the board and non-technical stakeholders? What strategies have you found most successful in bridging the gap between technical cybersecurity metrics and business-oriented materiality assessments?
It's crucial to distinguish between compliance and proactive risk management. We’ve seen the "check-the-box" approach fall short time and time again.
Leveraging technology is key to streamlining incident response. Automation and playbooks free up security teams for critical analysis and decision-making. Imagine having playbooks handle routine tasks, empowering security analysts to make informed choices for leadership. This efficiency translates to faster, more effective responses, minimizing the impact of cyberattacks.
However, technology is just one piece of the puzzle. For a truly effective strategy, continuous risk assessments are essential. These assessments, tailored to an organization, go beyond frameworks like the NIST Risk Management Framework (RMF) to accurately assess potential incidents. Regular tabletop exercises also play a vital role. Simulating real-world scenarios allows teams to practice using playbooks, identify gaps and refine communication. Tabletops foster a culture of proactive risk management and ensure everyone understands their role during an incident. By combining technology with a strong foundation and continuous improvement, organizations can build a powerful incident response strategy.
At the end of the day, performing impact and projected loss assessments as they relate to dollar amounts helps bridge the perceived gap between cybersecurity and business-oriented materiality.
Q2. What are some of the most common causes for SecOps failures in modern enterprise organizations? What approaches should organizations be considering for alleviating these problems?
Many organizations struggle to prevent security breaches due to siloed SecOps tools and teams. These isolated tools often lack the ability to communicate and share data effectively, leading to a fragmented view of the security landscape. This limited observability makes it difficult for security analysts to identify potential threats. Additionally, separate SecOps teams working with different tools may struggle to communicate effectively, leading to delayed responses and incomplete threat analysis. This disjointed approach can leave vulnerabilities unaddressed, increasing the risk of a successful attack.
Low-code automation bridges the siloed SecOps gap by streamlining workflows across diverse tools. This frees analysts for strategic work and delivers a unified view of the security landscape. Scalable and featuring intuitive interfaces, these platforms foster collaboration, empowering SecOps teams.
Q3. What are Swimlane's goals and objectives at Black Hat USA 2024? What topics and/or technologies does Swimlane plan to highlight at the event?
Beyond continuing to elevate our brand as the largest and fastest-growing pure-play security automation company, our primary goal at Black Hat is to demonstrate that security leaders can’t go it alone: They need automation in and around their SOC. Swimlane is setting a new standard with our human-centric approach to incorporating AI with the automation-building experience in a highly-responsible and efficient way.
We will drive new conversations around AI-enhanced, low-code security automation for helping organizations tackle what can seem like a never-ending barrage of alerts, regulatory penalties, talent shortages, and increasing board scrutiny.
We’re looking forward to highlighting the power of our latest AI-enhanced innovations for automation, packaged in what we refer to as Hero AI. This is a game-changing SecOps companion that incorporates a potent combination of human and machine intelligence to optimize SecOps workflows and maximize the efficacy of security operations, helping analysts work faster and more effectively.
Swimlane remains committed to empowering security teams to combat increasingly complex and severe threats, as well as enabling MSSPs to take advantage of automation so that they can support companies of all sizes. We’re ready to help companies break the cycle of 'good enough' automation.
Q1. As container and serverless technologies continue to grow in popularity, what do you see as the most critical emerging security challenges? What capabilities do organizations need to stay ahead of these evolving threats in cloud-native environments?
At this point, it’s common knowledge that the average dwell time in traditional, on-premises environments is about 10 to 16 days. In the cloud, you have minutes.
The ephemeral nature of containers and serverless technologies does not allow much time for investigating, gathering forensic evidence, and responding. In fact, in their 2023 Global Cloud Threat Report, the Sysdig Threat Research Team found that it takes attackers just 10 minutes to exploit a vulnerable cloud target. Therefore, speed is essential when it comes to cloud security.
But what does speed mean in a container and serverless context? Two things are nonnegotiable: real-time insights and a tool that consolidates detections from across your cloud infrastructure, so you have the full scope of a potential breach at your fingertips within a few seconds. To be real time, detection and response need to happen at the edge. If your cloud security tool is sending everything to a SIEM or XDR, you have delays, and the blast radius has time to grow.
Even if your tool is real-time, if it does not correlate data across sources, it is impossible to quickly understand what happened. The 555 Benchmark for Cloud Detection and Response states that companies have 5 seconds to detect a threat, 5 minutes to investigate, and 5 minutes to respond. You need to ensure that you not only have the right tools in place, but you are planning for an attack and have the right procedures in place as well. An organization’s remediation and forensic efforts should be automated as much as possible.
Q2. Why are runtime insights critical to cloud security? What are some of the key requirements for enabling runtime insights in a multi-cloud environment?
The detections and telemetry that are happening at runtime in workloads are critical to proper protection in the cloud.
In order to shift left of “boom,” organizations must implement vulnerability management and posture management, but if you don’t have those runtime insights, it is like driving down the road at 100 mph only using your rearview mirror for guidance. Combining the two sides of the equation – pre-deployment and runtime insights—is one of the most powerful things an organization can do to achieve a greater level of protection and to make prioritized judgments faster.
Identity is the fulcrum when it comes to cloud infrastructure and multi-cloud environments. For organizations operating in a multi-cloud environment, by design or by regulation, tying identities across different technologies and different cloud platforms is pivotal for getting to the bottom of who or what truly did something.
Put simply, runtime insights are crucial for cloud security — and anything less than real-time is too slow.
Q3. How does Sysdig plan on using its presence at Black Hat USA 2024 to engage with customers and other organizations at Black Hat USA 2024?
We have a lot planned for Black Hat. Sysdig is built upon our open source technology, Falco, and conferences like this give us a chance to really engage the security community.
This year, we have two Falco demonstrations in the Black Hat Arsenal. The first is focused on combining Falco’s powerful detections with the automation of Event-Driven Ansible to achieve faster incident response times in the cloud. The second is about using newer features in Falco to detect container drift and fileless attacks. Ever wonder what comes after an exploit? Well, it is most likely something written to disk or memory for further execution. Check them out.
Also, as you’re picking up your badge, you can see us right there in the business hall at booth 1750. Members of Sysdig Threat Research Team (TRT), the people behind groundbreaking discoveries like SCARLETEEL, SSH-Snake, and LLMjacking, will be on-site to answer any cloud threat questions you have. TRT has been exposing cybercrime and using its research to continually improve cloud security as a whole at a remarkable pace.
Our team is excited to talk to attendees about the speed of the cloud, something we’ve already talked a bit about. TRT will be able to connect with participants about 10-minute cloud attacks and discuss detection and response within the 555 Benchmark.
We’re also excited to unveil a few new Sysdig announcements. I don’t want to give anything away, but we’re excited to showcase how we’re supporting cloud-native investigation with identity security capabilities that empower customers to deliver 5-minute investigations; harnessing the power of AI with Sysdig Sage for faster threat detection; and updating the industry’s most comprehensive instrumentation to unlock complete cloud coverage.
Q1. What's it going to take for organizations to effectively protect against AI-enabled threats in coming years? What new capabilities will defenders need to add to their security stack to deal with the threat?
Threat Actors and their tactics, tools, and techniques are constantly changing and evolving. AI represents another tool for actors to level up how they recon, launch, and carry out attacks.
Attackers will leverage AI-generated phishing emails, crash your Zoom meetings with fraudulent AI copies of your coworkers, and incorporate AI-like Copilot for GitHub in creating and operating their malware and command and control infrastructure.
The biggest gap in the AI protection stack is protecting your organization's data from your own employees. Most generative AI has pass-through permissions where the AI or Copilot has the same access as a user, and since users only need and use 1% of the permissions they are granted, the blast radius for AI is huge.
Q2. What are some of the biggest challenges organizations currently face when it comes to standing up an effective incident response capability? What are some of the metrics they should be looking at to gauge the effectiveness of their IR capabilities?
Keeping IR enhancements on pace with technology innovation is challenging. As they adopt new technologies, many organizations perform a security review and approve the use of a new SaaS/IaaS service. What they miss is making an IR plan for how they will react to an attempted intrusion, successful attack, or data breach attached to this new technology. A good metric is to gauge your response time and work on reducing it over time with newly deployed technologies. For instance, the first time you investigate an incident in an object store like S3, you will probably be making your tools and playbooks for the first time, which will be time-consuming. The more you practice it and enhance your toolkit, the faster your response will be.
Another big challenge in IR extends beyond typical attacker tools and technical impact and covers the business impact of a particular incident. Is it a breach? Is there a duty to report to a particular regulator, client, or overseeing body? Many IR plans miss this step and are entirely focused on identifying patient zero and restoring systems from the attack but not dealing with the business and regulatory impact.
Q3. What can customers and other organizations expect from Varonis at Black Hat USA 2024? What competitions, hacking tests, attack simulations, and other events has Varonis planned for the event?
We've got a lot planned for Black Hat, where we'll focus on demonstrating capabilities for defenders to protect their data. We also will showcase several novel cloud attack vectors and vulnerabilities we've found and reasonably disclosed. Attackers are updating their capabilities, and defenders need to as well. Black Hat will be a great place to highlight this.
