Black Hat USA is one of the industry’s oldest and most well-established security events. Last year, the conference was held virtually for the first time in its history. This year’s conference brought together the best of both worlds, with a hybrid event that was held virtually and in person in Las Vegas.
Historically, Black Hat has seen about 20,000 attendees at its in-person conference. This year’s Black Hat was no different from a numbers perspective, but the bulk of attendees actually attended virtually. Black Hat reported that nearly 14,600 attendees logged into Swapcard (the platform that hosted the virtual event), which likely makes it the largest hybrid conference in cybersecurity since the shift to virtual.
The Datadog team was excited to participate in this year’s conference as both an exhibitor and speaker. In this post, we’ll share highlights from the show floor, major themes from the conference, and our picks for noteworthy Briefings.
This year’s conference marked Datadog’s first time participating in the Black Hat Business Hall. Even though attendance was a little lower in person this year, we were especially excited to share our Cloud Security Posture Management product with this particular audience. We also announced the general availability of Datadog Cloud Workload Security, which monitors real-time file, process, and kernel activity in hosts and containers across your environment. Both are part of the Datadog Cloud Security Platform, which protects an organization’s production environment with a full-stack offering providing threat detection and posture management, as well as workload and application security.
We were not surprised to see a good number of threat detection solutions on the show floor. SIEM (Security Information Event Management) has been a hot-ticket item for years now, and this event made it clear that it is still very much in high demand. Regardless of your choice of SIEM vendor, it’s clear that companies are increasingly seeking solutions that are cloud native, managed, and integrated with other security tooling, which can be key for maximizing usage.
Black Hat was also a treat for swag seekers everywhere. Whether you wanted to find a new T-shirt, socks, or even shop for an XDR solution, you’d find it all in the Black Hat Business Hall.
With more than half of attendees joining the conference virtually, Black Hat’s keynotes were enhanced by an especially lively chat. Whether you attended a keynote from Jen Easterly (Director of the Cybersecurity and Infrastructure Security Agency), Alejandro N. Mayorkas (Secretary, Department of Homeland Security), Matt Tait (Chief Operating Officer, Corellium), or all of the above, you would have seen a ton of great questions coming in from the audience.
Across all three keynotes, the message was clear: collaboration will be key for moving our security efforts forward. DevOps has heralded breaking down barriers since its inception. With the rapid evolution of DevSecOps, the industry is now placing even greater emphasis on driving collaboration among development, security, and operations teams. We also expect that external government partnerships like CISA will help catapult private and public security to the next level.
Every year, it seems like the breadth of material covered in Black Hat Briefings grows. It was refreshing to see a mixture of Black Hat veteran speakers and new faces. This year, two of the briefings stood out to us:
- Cloudy with a Chance of APT: Novel Microsoft 365 Attacks in the Wild was a great Briefing on the rise of cloud-targeted attacks. It’s worth noting that advanced nation-state threat actors are specifically targeting SaaS applications such as Microsoft 365. If you want to learn more about securing your Microsoft 365 environment, check out our blog post.
- I’m a Hacker Get Me Out of Here! Breaking Network Segregation Using Esoteric Command & Control Channels was one of the few Briefings that focused on privilege escalation and lateral movements. These topics often don’t get as much attention as they deserve in the cybersecurity space, as there is a lot of focus on infiltration. A CSPM solution can help with applying the principles of least privilege, while a cloud workload security solution can detect lateral movements.
Datadog’s team of researchers also spoke at DEF CON and Black Hat on the relative attack surface of eBPF. We also shared ebpfkit-monitor, an ethical hacking toolkit that detects and protects against suspicious eBPF activity at runtime. More information about our Black Hat Briefing is available here, and you can watch our DEF CON talk here.
This year’s Black Hat conference gave us an invaluable opportunity to connect with the rest of the cybersecurity community, and we look forward to participating in more Black Hat events in the future. Check out our docs to learn more about how Datadog’s Cloud Security Platform can help break down barriers by helping every team across your organization leverage detailed observability data. If you’re not yet using Datadog, you can sign up for a free trial today.