Black Hat 2023: 10 Events, 13 Meetings & Countless Cups of Coffee – 48 Hours in the Cybersecurity Buzz

Cybersecurity professionals are notorious conference junkies, and after 26 years, the Las Vegas-based Black Hat conference has become the go-to venue for the latest trends, industry gossip and vendor merch. From the many conversations I had on and off the main floor, these are the most dominant buzz-worthy topics on everyone’s minds: 

DSPM

Data Security Posture Management has been a hot cybersecurity space for the past few years, as organizations are leveraging a growing amount of data and storing it in the cloud, increasing organizational risks of breaches and data theft. YLV’s own Eureka Security remains a consistent leader in this space, with an independent growth trajectory for the coming future. Recent shifts in the sector – inevitably amplified by market conditions – have generated rumors and confirmed acquisitions within the DSPM space, which have caught the industry’s attention. 

AI and Cybersecurity

While earlier this year many were quick to crown AI as the industry’s next buzzword, cybersecurity marketers have considerably toned down its use in their jargon in an attempt to curtail audience fatigue with the trendy topic. Notwithstanding the change in messaging, industry leaders remain concerned about the widespread organizational use of Generative AI tools. Many companies have implemented strict policies to restrict this use, but this is an old-world band-aid to a new-generation threat. The business benefits inherent in the use of AI tools abound, making this an acute, urgent and lucrative space for security innovation. 

Whispers about emerging technologies that will allow businesses to use these tools while increasing oversight, visibility and governance were everywhere. We anticipate vendors to populate this space, first as point solutions and then with platforms to provide a comprehensive solution for the use of AI in enterprises.

Another aspect of AI for cybersecurity tools that is generating interest is its potential for augmenting existing tools with capabilities that were previously unimaginable. New LLM and even open-source models are now readily available, and the next step will be attempting to find comprehensive solutions to secure their use. 

Third-party Risk Management

Really, is there anything CISOs hate more than the TPRM questionnaire (don’t answer that)? Third-party risk management (TPRM) continues to be a headline topic and a general headache for practitioners. The apprehension surrounding the use of external vendors and software continues, and the prevailing sentiment is that even with impeccable internal security practices, the inherent risks posed by external entities across the supply chain are difficult to mitigate. TPRM discussions remain relevant, and the urgency to address third-party risks remains a core theme among industry leaders – vendors and CISOs alike. Unfortunately, there is a lack of pain-free, customer-approved TPRM solutions, making this a ripe space for innovation. 

API Security

The BlackHat Business Hall was replete with vendors offering a range of API security solutions, and discussions centered around prominent players in this space. The sheer amount of capital raised, the valuation of these vendors and the attention they’ve garnered over the past few years indicate the increasing importance of securing digital ecosystems. There was some buzz about what future API security innovation may look like. Existing solutions focus on producing API inventories and providing visibility around posture and vulnerabilities, but there is probably more to see, secure and mitigate in this space. 

Remediation

As the industry matures and evolves, vendors want to offer more than just visibility or mitigation – but actual, full-circle find-and-fix capabilities. Amid the proliferation of solutions emphasizing posture assessments, the question of “what next?” gains significance. Although remediation tools are gaining the attention and urgency they deserve, they still have a way to go as far as their dominance and maturity are concerned.  

An underlying element of the past few conferences has been the economic climate and its inevitable impact on the cybersecurity industry, both for vendors and their customers. These trends, therefore, will be interesting to track as 2023 winds to a close and with investors continuing to be bullish about supporting this space despite market challenges. Consolidation, acquisitions and a change in CISO priorities will undoubtedly provide more conversation fodder for next year’s meetup.