How Black Hat Has Evolved Beyond Its Hacker Roots

You might wonder why Tufin was attending Black Hat, the preeminent show for hackers and the vendors that attempt to thwart the most nefarious of the hacker community. Black Hat is a show that might seem more suited to vendors focused on pen testing, vulnerability assessments and detect-and-respond solutions. But the truth is that Black Hat has broadened the tent to include just about any and all solutions having to do with information security. Having previously attended the show when I worked at one of the aforementioned vulnerability management vendors, I was curious to see just how much the audience has changed over the years. My conclusion is that while the audience remains principally technical in nature, attendees come from all areas of IT security - sort of a smaller, more technical version of RSA Conference.

Of course, the highlights of the Black Hat conference are the creative hacks that are demonstrated on the main stage and this year was no different. Rapid7 demonstrated how the “chip and PIN” smart payment cards that we've all received over the last six months in the US may not be as safe as we've been led to believe, showing how the new ATM machines can be compromised netting hackers up to $50,000 per machine.

These bold and elaborate demonstrations are the hallmark of the conference, but this year the stage was shared by a keynote from Dan Kaminsky, Chief Scientist and Co-Founder of White Ops cybersecurity services firm, who challenged the entire industry and U.S. government to come up with a “better Internet”. His talk emphasized the need for better solutions than the status quo if we are to continue to use the Internet as an engine of economic and social growth, particularly in light of the obvious and increasing security risks associated with current applications and infrastructure. I think it is this message that was emblematic of the fact that the conference has moved beyond its hacker roots to more broadly embrace the industry as a whole.

For Tufin, this meant that we were able to have meaningful discussions with customers, partners and prospects alike at our booth regarding the best way to manage network security policy through automation and orchestration in order for businesses to maintain an effective and robust security posture while staying agile and responsive. This marriage of security and performance seemed to echo Dan's discussion of the perceived inherent tradeoff between performance and security in e-commerce and online payment that he has been debunking with his prototype IronFrame browser and a new firewalling technology Autoclave.

In the end, it was nice to see the evolution of Black Hat now embracing a broader industry perspective, especially for vendors like Tufin. There's always DEF CON for the hardcore hacker community!