Last week, London was the centre of the biggest security conference of the year, Black Hat Europe. The annual event took place at the ExCel Centre in London Docklands. Code Red attended this year’s Black Hat, as a part of our strategy to grow key partnerships across the industry and gain insight from some of the leading security experts.
Here is a snapshot of some of the biggest insights we’ve come across in this year’s Black Hat event.
The importance of simulation-driven exercises took the centre stage
During the two-day event, several keynote speakers emphasised the significance of transforming our traditional approach to cybersecurity training. Threat actors are continuously innovating their tactics and tools, therefore, generalised training exercises are no longer sufficient to build a resilient workforce.
During this year’s Black Hat, there was an extensive conversation about increasing scenario-based training programs for organisations. Members of the Dutch Anti-DDoS Coalition discussed how businesses should develop large-scale DDoS exercises for their workforce. Other leaders from across the industry emphasised the idea of developing penetration testing campaigns for social engineering attacks.
Overall, we observed a lot of critical discussions around the importance of simulation-driven exercises. Going forward, we are likely to see a lot of businesses across all industries adopt this next-gen training approach, as the importance of building a resilient cyber workforce is being echoed across the board.
Why aren’t we collectively building a more defendable internet?
This keynote question was voiced five years ago by Thomas Dullien at Black Hat 2017. Five years later, security researcher Daniel Cuthbert revisited this same question to understand how far have we come. Spoiler alert, we haven’t made any notable progress in terms of collectively building a defendable internet.
Daniel Cuthbert discussed that although we have some prominent partnerships and collaborations across the security industry, it’s not nearly accomplished to the extent required.
A critical focus of this year’s Black Hat was to form more strategic and value-added cyber partnerships. The security industry might be highly competitive, but we all have one common goal, which is to build a secure and defendable digital world. It’s high time businesses came together with shared resources to address this critical problem.
Rezilion Unveils new updates to its open-source risk assessment tool
This year’s Black Hat Europe featured a critical update to MI-X, the highly effective open-source risk assessment tool developed by Rezilion.
Available as a download from the Github repository, MI-X already has more than 100 stars on GitHub since its debut in August 2022. The CLI tool is a free, open-source companion to Rezilion’s enterprise solution for software supply chain security and helps researchers and developers identify if containers and hosts are impacted by a specific vulnerability, thus allowing organisations to target remediation plans more effectively.
The several new updates announced during the Black Hat will give teams vital information about the exploitability of known critical CVEs in their environment. Through these new updates on MI-X, users can:
- Identify and establish the exploitability of a known critical CVE.
- Receive a detailed overview of the criteria that need to be met for the vulnerability to be exploitable.
- This allows organizations to adopt the correct remediation strategy.
If you weren’t able to cath this year’s Black Hat europe live, you can still tune in for the live webinar taking place on December 14th.