Las Vegas, NV―Black Hat 2024―Over the past week, security vendors and researchers have released numerous press statements, coinciding with the excitement of Black Hat 2024 in Las Vegas. Among the many media pitches we received, The Readable has chosen the ten most significant announcements for our readers. Please note that none of these selections are influenced by sponsorships. Enjoy the read!
1. [LevelBlue] Report on C-level executive dynamics which create barriers to cyber resilience
On August 7, LevelBlue, a leading provider of managed security services, strategic consulting, and threat intelligence, launched its inaugural LevelBlue C-Suite Accelerator. The accelerator offers both best-practices and a practical roadmap designed to enhance cyber resilience for CIOs, CTOs, and CISOs. Key findings from the report include:
- CISOs are increasingly pressured by AI, cybersecurity risk trade-offs, and budget constraints—73% of CISOs reported concerns that cybersecurity is becoming unwieldy and requires risk-laden trade-offs, compared to 58% of CIOs and CTOs.
- C-Suite alignment could help clarify cybersecurity priorities—92% of CIOs are more willing to embrace uncertainty regarding cyber threats, compared to 81% of CTOs and 75% of CISOs.
- The supply chain harbors hidden risks, and their significance varies—74% of CIOs and 73% of CISOs find it challenging to assess cybersecurity risks from their supply chain, compared to 64% of CTOs. FIND THE REPORT HERE
2. [Forescout, Finite State] Research on the state of OT/IoT routers in the software supply chain
On August 6, Forescout Technologies and Finite State released a new report titled “Rough Around the Edges,” which examines the state of software supply chain vulnerabilities in OT (Operational Technology) and IoT (Internet of Things) routers. These routers are crucial for connecting critical devices to the internet across various environments. The research revealed that OT and IoT cellular routers, as well as those used in small offices and homes, often contain outdated software components linked to existing (“n-day”) vulnerabilities. The report found that popular OT/IoT router firmware images had an average of 20 exploitable n-day vulnerabilities affecting the kernel, highlighting significant and widening security gaps.
“The report reveals a troubling trend of outdated software components in OT/IoT routers, with many devices running modified versions of OpenWrt that include known vulnerabilities,” said Larry Pesce, Director of Product Research and Development at Finite State. “These findings underscore the critical need to address software supply chain risks, as our analysis identified an average of 161 known vulnerabilities per firmware image, including 24 with critical scores.” Barry Mainz, CEO of Forescout, added, “As we witness an unprecedented increase in both managed and unmanaged devices connecting to the internet—extending into critical infrastructure and beyond—the urgency for robust cybersecurity measures has never been greater.” FIND THE REPORT HERE
3. [Sophos] Research reports on adversary landscape including ransomware analysis
As Black Hat 2024 approached, Sophos released several notable research findings. Among them was “Turning the Screws: The Pressure Tactics of Ransomware Gangs,” published on August 6. This report explores the increasingly aggressive tactics ransomware gangs use to intimidate their targets. Additionally, Sophos released its Active Adversary Report on August 3, which highlights insights from the Sophos X-Ops Incident Response team’s global security crisis management. Here are some key findings from the ransomware report:
- Ransomware operators are increasingly exploiting legitimate entities—such as news media, legislation, regulatory bodies, and even law enforcement—to intensify pressure on their victims.
- In some instances, criminals urge affected customers and employees to seek compensation or initiate legal action, often providing the names and contact details of CEOs and business owners.
- Threat actors claim to examine stolen data for evidence of illegal activity, regulatory noncompliance, and financial discrepancies, using these findings to exert further leverage and inflict reputational damage. FIND THE REPORT HERE
4. [IBM] Service launch: Generative AI-powered assistant for threat detection and response
On August 5, IBM announced the integration of generative AI into its Threat Detection and Response (TDR) Services to enhance and streamline security operations. Utilizing IBM’s watsonx platform, the IBM Consulting Cybersecurity Assistant aims to accelerate and improve the identification, investigation, and response to critical security threats. Key features include faster threat investigations and remediation through historical correlation analysis of similar threats, as well as streamlined operational tasks. The generative AI conversational engine provides real-time insights and support for both clients and IBM security analysts.
The Cybersecurity Assistant will be integrated into IBM Consulting Advantage, the AI services platform featuring purpose-built AI assets designed to help IBM consultants deliver consistent, repeatable, high-quality, and rapid value for clients. “As cyber incidents evolve from immediate crises to multi-dimensional, months-long events, security teams face the ongoing challenge of managing numerous attacks with insufficient time and resources,” said Mark Hughes, Global Managing Partner of Cybersecurity Services at IBM Consulting. “By enhancing our Threat Detection and Response services with generative AI, we aim to reduce the need for manual investigations and operational tasks, enabling security analysts to respond more proactively and accurately to critical threats, ultimately improving our clients’ overall security posture.” FIND MORE INFORMATION HERE
5. [PhishFlagger] Product launch: Email validation that highlights suspected phishing attacks
On August 7, PhishFlagger unveiled its patented, human-compatible anti-phishing email solution. This innovative system utilizes a unique identifier protocol called PhishCounter, which adds a sequential number to the subject line of both outgoing and incoming emails. This simple yet effective approach helps recipients easily identify fraudulent emails. “We are thrilled to launch our new phishing solution at Black Hat Las Vegas,” said William Pearce, CEO of PhishFlagger. “Our solution will transform how organizations defend against external threats, addressing one of the leading causes of cybersecurity breaches.” PhishFlagger’s protection and products include:
- Corporate Security Package—Equips security leaders with essential insights and resources to strengthen their email systems against phishing and fraud, protecting the organization’s digital assets.
- Corporate Outgoing Mail License—Offers robust protection against email impersonation, adding an extra layer of security to every message sent to safeguard your client base.
- Marketers and Bulk Emailers License—Protects marketing and bulk email campaigns by numbering outgoing emails, helping to prevent phishing and fraud. FIND MORE INFORMATION HERE
6. [Cybersixgill] Product launch: Cyber threat intelligence with personalized content stream
On August 5, Cybersixgill introduced “Pulse,” a new tool designed to improve how threat analysts and security practitioners consume and act on cyber threat intelligence (CTI). Pulse is the first offering of its kind to provide personalized, streamed CTI content tailored to each user based on relevance, usage patterns, interests, sector, and geography. Key features include:
- Cybersixgill Pulse revolutionizes the CTI experience for cybersecurity professionals by delivering a personalized stream of content tailored to each user’s specific needs and interests.
- Pulse consolidates information from hundreds of sources, including deep and dark web sites, open-source intelligence, and cybersecurity news, providing users with a real-time stream of CTI content.
- Powered by Cybersixgill IQ, the company’s generative AI, Pulse customizes the live stream of CTI content for each user based on organizational relevance, topics of interest, viewing and reading patterns, sector, and geography.
- Managed Security Services Providers (MSSPs) and cybersecurity software vendors can leverage Pulse to enhance the value they offer their customers. Pulse provides structured, contextualized insights that can be integrated into various applications, addressing a wide range of use cases. FIND MORE INFORMATION HERE
7. [Resecurity] Product launch: Accelerated threat intelligence and incident response capabilities
On August 5, Resecurity enhanced its flagship Platform-as-a-Service (PaaS) by offering new AI capabilities to boost its threat detection and response functions. Context AI, developed by Resecurity, aims to enhance analyst workflows and enrich threat intelligence with actionable data and insights. This technology leverages generative AI specifically tailored for cybersecurity, investigations, incident response, and SOC operations. Key features include:
- Applying AI to Analyze Foreign Actors: Context AI aids law enforcement and cybersecurity professionals in tracking ransomware attacks. Utilizing machine learning and AI-powered tools, it helps agencies stay ahead of the evolving threat landscape and build more resilient defenses.
- Accelerating Incident Response: Context AI enhances and accelerates incident response by automating incident identification, allowing teams to focus on the most critical issues. It also orchestrates playbooks and automates tasks, such as blocking malicious IP addresses, to streamline and improve overall response efficiency.
- Multi-Language Support: Context AI supports over 45 languages, including Arabic, French, German, Korean, and Chinese, extending its capabilities beyond English. FIND MORE INFORMATION HERE
8. [ArmorCode] Product launch: AI Remediation in support of developers and security teams
On August 7, ArmorCode announced the general availability of AI Remediation in its ArmorCode ASPM (Application Security Posture Management) Platform. This new feature aims to resolve security issues more quickly, empower developers with security expertise, and reduce friction in DevSecOps processes. AI Remediation is the second major capability in the AI-powered ArmorCode ASPM Platform, following the AI Correlation feature introduced at the RSA Conference 2024. The ArmorCode ASPM Platform utilizes insights from over 10 billion processed incidents to enhance its AI solutions. These AI capabilities help developer and security teams identify and address the most critical risks faster, effectively reducing mean time to remediation (MTTR).
“One of the challenges organizations face is empowering developers with effective guidance on how to remediate various vulnerabilities,” said Dheeraj Khanna, VP of SRE, DevOps, and Cloud Product Security at NetApp. “With the advent of new AI capabilities, there is significant potential in generating targeted and instructive remediation guidance, and that’s precisely what my team is exploring with ArmorCode’s new AI Remediation capabilities.” FIND MORE INFORMATION HERE
9. [Xygeni] Product launch: Advanced software composition analysis and malware early warning
On August 6, Xygeni introduced its latest technologies at Black Hat USA 2024, which aim to set new benchmarks in software security and application protection. “Our Malware Early Warning (MEW) system exemplifies our proactive approach to cybersecurity, providing organizations with an early warning mechanism to stay ahead of cyber threats,” said Jesus Cuadrado, CPO of Xygeni. The new solutions include:
- Streamline Open-Source Supply Chain Security: Xygeni introduces advanced Software Composition Analysis (SCA) capabilities with reachability analysis and automated remediation, enabling organizations to effectively prioritize and address vulnerabilities.
- Pioneering Malware Detection with MEW: The Xygeni MEW system detects and blocks unknown malware threats in open-source packages, offering proactive defense against evolving cyber threats. By continuously monitoring the release of new and updated open-source packages, MEW analyzes them in real-time, providing an early warning system that alerts security teams to potential threats before risky versions are used, thereby blocking attempts to utilize malicious versions.
- High-Performing Prioritization with Xygeni ASPM: The company’s Application Security Posture Management (ASPM) solution provides comprehensive oversight by integrating seamlessly with third-party tools. It employs dynamic prioritization funnels to optimize resource allocation and improve response times. FIND MORE INFORMATION HERE
10. [Pentera] Product launch: Securing Linux environments against ransomware attacks
Recent high-profile ransomware attacks, such as the one targeting OneBlood, highlight the urgent need for organizations to adopt proactive measures against the most dangerous threat actors. In response, Pentera has introduced LockBit 3.0 to its RansomwareReady platform. Featuring a safe-by-design attack engine, RansomwareReady simulates entire ransomware campaigns within an organization’s live environment. The platform includes the following features:
- Emulates Leading Ransomware Strains: Simulates many of the most destructive ransomware variants, including Maze, REvil, Conti, LockBit 2.0, and LockBit 3.0.
- Identifies Vulnerable Endpoints and Lateral Pathways: Detects vulnerable endpoints and potential lateral pathways that adversaries could exploit to target critical assets, encrypt data, and exfiltrate information across Windows and Linux environments.
- Validates Security Controls: Allows security teams to assess the effectiveness of existing security controls and endpoint protection tools against ransomware attacks.
- Uses Authentic Indicators of Compromise (IOCs): Employs the exact IOCs from the original ransomware campaigns to ensure that existing security controls provide real, effective responses.
- Offers Prioritized Remediation Guidance: Provides a step-by-step guide for remediation, helping organizations strengthen their security and ensure they are prepared for ransomware threats. FIND MORE INFORMATION HERE
