• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»Black Hat 2022 reveals enterprise security trends
Security

Black Hat 2022 reveals enterprise security trends

August 15, 2022No Comments9 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Black Hat 2022 reveals enterprise security trends
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


The blast radius of cyberattacks on an enterprise is projected to keep growing, extending several layers deep into software supply chains, devops and tech stacks. Black Hat 2022’s presentations and announcements for enterprise security provide a sobering look at how enterprises’ tech stacks are at risk of more complex, devastating cyberattacks. Held last week in Las Vegas and in its 25th consecutive year, Black Hat‘s reputation for investigative analysis and reporting large-scale security flaws, gaps and breaches are unparalleled in cybersecurity.

The more complex the tech stack and reliant on implicit trust, the more likely it is to get hacked. That’s one of several messages Chris Krebs, the former and founding director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), delivered in a keynote to the audience at the Black Hat 2022 conference last week. Krebs mentioned that weaknesses often start from building overly complex tech stacks that create more attack surfaces for cybercriminals to then attempt to exploit.

Krebs also emphasized how critical software supply chain security is, explaining that enterprises and global governments aren’t doing enough to stop another attack at the scale of SolarWinds.

“Companies that are shipping software products are shipping targets,” he told the keynote audience.

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

Cybercriminals “understand the dependencies and the trust connections we have on our software services and technology providers, and they’re working up the ladder through the supply chain,” Krebs added.

Additionally, eliminating implicit trust is table stakes for reducing supply chain attacks, a point Krebs alluded to throughout his keynote. 

Enterprise security: Reducing the growing blast radius 

Infrastructure, devops, and enterprise software vulnerabilities discovered by researchers made the enterprise-specific sessions worth attending. In addition, improving identity access management (IAM) and privileged access management (PAM), stopping ransomware attacks, reducing Azure Active Directory (AD) and SAP HTTP server attacks, and making software supply chains more secure dominated the enterprise sessions. 

Continuous integration and continuous delivery (CI/CD) pipelines are software supply chains’ most dangerous attack surfaces. Despite many organizations’ best efforts to integrate cybersecurity as a core part of their devops processes, CI/CD software pipelines are still hackable.

Several presentations at the conference explored how cybercriminals can hack into software supply chains using remote code execution (RCE) and infected code repositories. One session in particular focused on how advanced hackers could use code-signing to be indistinguishable from a devops team member. 

See also  Third-party app attacks: Lessons for the next cybersecurity frontier 

Another illustrated how hackers quickly use source code management (SCM) systems to achieve lateral movement and privilege escalation across an enterprise, infecting repositories and gaining access to software supply chains at scale.

Tech stacks are also becoming a more accessible target as cybercriminals’ skills increase. One presentation on how Azure AD user accounts can be backdoored and hijacked by exploiting external identity links to bypass multifactor authentication (MFA) and conditional access policies showed just how an enterprise can lose control of a core part of their tech stack in only minutes. 

A separate session on SAP’s proprietary HTTP server explained how cybercriminals could leverage two memory corruption vulnerabilities found in SAP’s HTTP server using high-level protocol exploitation techniques. CVE-2022-22536 and CVE-2022-22532 are remotely exploitable and could be used by unauthenticated attackers to compromise any SAP installation globally.

Malware attacks continue to escalate across enterprises, capable of bypassing tech stacks that rely on implicit trust and disabling infrastructure and networks. Using machine learning (ML) to identify potential malware attacks and thwart them before they happen using advanced classification techniques is a fascinating area of research. Malware Classification with Machine Learning Enhanced by Windows Kernel Emulation presented by Dmitrijs Trizna, security software engineer at Microsoft, provided a hybrid ML architecture that simultaneously utilizes static and dynamic malware analysis methodologies. 

During an interview prior to his session, Trizna explained that  “AI [artificial intelligence] is not magic, it’s not the silver bullet that will solve all your (malware) problems or replace you. It’s a tool that you need to understand how it works and the power underneath. So don’t discard it completely; see it as a tool.” Trizna makes ML code for the models he’s working on available on GitHub at Hybrid Machine Learning Model for Malware Detection based on Windows Kernel Emulation.  

Cybersecurity vendors double down on AI, API and supply chain security 

Over 300 cybersecurity vendors exhibited at Black Hat 2022, with most new product announcements concentrating on API security and how to secure software supply chains. In addition, CrowdStrike’s announcement of the first-ever AI-based indicators of attack (IOA) reflects how fast cybersecurity providers are maturing their platform strategies based on AI and ML advances. 

CrowdStrike’s announcement of AI-powered IOAs is an industry first

Their AI-based IOAs announced at Black Hat combine cloud-native ML and human expertise, a process invented by CrowdStrike more than a decade ago. As a result, IOAs have proven effective in identifying and stopping breaches based on actual adversary behavior, irrespective of the malware or exploit used in an attack.

See also  How development data security operations can benefit the enterprise

AI-powered IOAs rely on cloud-native ML models trained using telemetry data from CrowdStrike Security Cloud, as well as expertise from the company’s threat-hunting teams. IOAs are analyzed at machine speed using AI and ML, providing the accuracy, speed and scale enterprises need to thwart breaches. 

“CrowdStrike leads the way in stopping the most sophisticated attacks with our industry-leading indicators of attack capability, which revolutionized how security teams prevent threats based on adversary behavior, not easily changed indicators,” said Amol Kulkarni, chief product and engineering officer at CrowdStrike. “Now, we are changing the game again with the addition of AI-powered indicators of attack, which enable organizations to harness the power of the CrowdStrike Security Cloud to examine adversary behavior at machine speed and scale to stop breaches in the most effective way possible.” 

AI-powered IOAs have identified over 20 never-before-seen adversary patterns, which experts have validated and enforced on the Falcon platform for automated detection and prevention. 

“Using CrowdStrike sets Cundall apart as one of the more advanced organizations in an industry that typically lags behind other sectors in I.T. and cybersecurity adoption,” said Lou Lwin, CIO at Cundall, a leading engineering consultancy. “Today, attacks are becoming more sophisticated, and if they are machine-based attacks, there is no way an operator can keep up. The threat landscape is ever-changing. So, you need machine-based defenses and a partner that understands security is not ‘one and done.’ It is evolving all the time.” 

CrowdStrike demonstrated AI-powered IOA use cases, including post-exploitation payload detections and PowerShell IOAs using AI to identify malicious behaviors and code.  

AI-generated IOA fortifies existing defenses using cloud-based ML and real-time threat intelligence to analyze events at runtime and dynamically issue IOAs to the sensor. The sensor then correlates the AI-generated IOAs (behavioral event data) with local events and file data to assess maliciousness. CrowdStrike says AI-powered IOAs operate asynchronously alongside existing layers of sensor defense, including sensor-based ML and IOAs. Image credit: CrowdStrike.

For many enterprises, API security is a strategic weakness 

Cybersecurity vendors see the opportunity to help enterprises solve this challenge, and several announced new solutions at Black Hat. Vendors introducing new API security solutions include Canonic Security, Checkmarx, Contrast Security, Cybersixgill, Traceable, and Veracode. Noteworthy among these new product announcements is Checkmarx’s API Security, which is a component of their well-known Checkmarx One platform. Checkmarx is known for its expertise in securing CI/CD process workflows

 API Security can identify zombie and unknown APIs, perform automatic API discovery and inventory and perform API-centric remediation. In addition, Traceable AI announced several improvements to their platform, including identifying and stopping malicious API bots, identifying and tracking API abuse, fraud and misuse, and anticipating potential API attacks throughout software supply chains.

See also  RSA – APIs, your organization’s dedicated backdoors

Stopping supply chain attacks before they get started 

Of the more than 300 vendors at Black Hat, the majority with CI/CD, devops, or zero-trust solutions promoted potential solutions for stopping supply chain attacks. It was the most hyped vendor theme at Black Hat. Software supply chain risks have become so severe that the National Institute of Standards and Technology (NIST) is updating its standards, including NIST SP 1800-34, concentrating on systems and components integral to supply chain security. 

Cycode, a supply-chain security specialist, announced it has added application security testing (SAST) and container-scanning capabilities to its platform, as well as introducing software composition analysis (SCA). 

Veracode, known for its expertise in security testing solutions, introduced new enhancements to its Continuous Software Security Platform, including software bill of materials (SBOM) API, support for software composition analysis (SCA), and support for new frameworks including PHP Symfony, Rails 7.0, and Ruby 3.x. 

The Open Cybersecurity Schema Framework (OCSF) meets an enterprise security need  

CISOs’ most common complaint regarding endpoint detection and response (EDR), endpoint management, and security monitoring platforms is that there is no common standard for enabling alerts across platforms. Eighteen leading security vendors have collaborated to take on the challenge, creating the Open Cybersecurity Schema Framework (OCSF) project. The project includes an open specification that enables the normalization of security telemetry across a wide range of security products and services. Open-source tools are also available to support and accelerate OCSF schema adoption.

Leading security vendors AWS and Splunk are cofounders of the OCSF project, with support from CrowdStrike, Palo Alto Networks, IBM Security and others. The goal is to continually create new products and services that support the OCSF specifications, enabling standardization of alerts from cyber monitoring tools, network loggers, and other software, to simplify and speed up the interpretation of that data. 

“At CrowdStrike, our mission is to stop breaches and power productivity for organizations,” said Michael Sentonas, chief technology officer, CrowdStrike. “We believe strongly in the concept of a shared data schema, which enables organizations to understand and digest all data, streamline their security operations, and lower risk. As a member of the OCSF, CrowdStrike is committed to doing the hard work to deliver solutions that organizations need to stay ahead of adversaries.”

Source link

Black enterprise Hat reveals security Trends
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Bitdefender Total Security review

March 6, 2024

Avast Premium Security review

March 6, 2024

Eset Home Security Ultimate review

January 23, 2024

WD Black SN770M review

November 1, 2023
Add A Comment

Comments are closed.

Editors Picks

Phantasy Star Online 2: New Genesis is heading to PS4 in August

July 4, 2022

SpaceX indicators multi-year settlement with Mattel to make toys and collectibles

July 25, 2022

Huawei MatePad Pro 13.2 review

December 12, 2023

Electronic Arts launch new studio Ridgeline Games to produce new Battlefield “narrative campaign”

September 12, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.