Behavioral analytics. Cloud governance. Machine learning. At this year’s Black Hat USA 2015, these were just some of the terms that dominated the sessions and exhibit hall alike.
For healthcare security professionals responsible for protecting incredibly sensitive and increasingly desired patient information, if these aren’t top-line concerns and agenda items, you and your team need to consider revising your to-do list.
First and foremost, from my experiences at Black Hat, the level of quality and professionalism that’s consistently displayed is worth noting. From educational talks to informational and dynamic booth displays, I am never disappointed with my decision to attend and always walk away with new information and connections. For me, this event is a can’t-miss.
From a technology perspective, there were many solutions for improving cloud governance and discussions on cloud management, specifically data loss and data loss prevention (DLP). In addition to offerings that ensure your solutions can interact with staples such as Salesforce and Dropbox, and solving for corresponding data leakage risks.
But in terms of the top takeaways and trends, one topic that stood out at this year’s event was behavioral analytics. Similar to another event I attended this year, RSA, at Black Hat the conversations were focused on how to protect beyond your perimeter by using behavioral analytics.
Now as a cautionary tale, I am eager to see how this market continues to evolve. I suspect that some of the more traditional infrastructure companies, whether focused on IT or security, will likely build behavioral analytics into their existing products, with the result being a collapse of market space.
One example of this is IPS, or intrusion prevention systems. Today when you buy firewalls, IPS is built into them, with companies like Cisco, Palo Alto and Juniper, who were all founded on legacy controls, now having emerging products that include cloud governance capabilities. We’ll have to wait and see what develops and how enterprise organizations continue to evolve.
As far as protecting beyond your perimeter, there are a lot of new companies that are coming into the space as well. Why? Many feel that as organizations continue to utilize the cloud and expand beyond their borders, infrastructure and data – whether intentional or not – will find its way into cloud storage and other sources.
Ultimately, organizations need to extend their controls beyond their own infrastructure and stack, and thus need to learn how to govern without having direct control over the assets. Do I know where my information is? Can I control it? Encrypt it? Protect it? Security leaders must be able to answer these questions.
There has also been positive momentum around big data recently, particularly in terms of machine learning, and this was another key theme addressed. Moving beyond scientific terminology to actual, tactical approaches, machine learning is an example of big data in action.
Security leaders often tend to think on the “defensive,” focused on addressing threats before they become issues. As I have mentioned in my past blogs, companies need to be prepared for threats and breaches, and machine learning enables organizations to detect anomalies through things like signatures, and thus detect threats or breaches on the network when and where they happen.
From expanding cloud governance strategies to the utilization of big data, behavioral analytics and machine learning, there were many trending topics worth consideration at this year’s event. Stay tuned for Part 2 of my Black Hat Round Up, where I’ll dig more into the growing market around breach detection solutions and discuss what this means for healthcare companies.
If you have any questions or comments, please let me know by commenting here and reach out on Twitter at @Surescripts, @PaulCalatayud!