Black Hat USA: Three insights driving proactive security forward

Cybersecurity strategy starts with knowing what you have and being willing to face the gaps. During the Black Hat USA event, conversations about AI-driven defenses, proactive security measures and zero-trust frameworks were matched by an equally urgent refrain: Do the basics well, and do them every day.

That shift was front and center in practitioner-led discussions across the show floor. Executives and security leaders traded stories of pressure, scrutiny and high-stakes decision-making, often under the watchful eye of boards and regulators. The message was clear: Innovation without operational discipline leaves enterprises exposed.

Axonius’ Liz Morton talks with theCUBE about fundamentals in building resilient security programs.

“Look, it’s no joke trying to run security for any organization, especially if you’re running critical infrastructure; the pressure can be immense,” said Liz Morton (pictured), field chief information security officer of Axonius Inc., during the event. “It can be very daunting to really take a look at what you really have and then say, ‘OK, today, day one, we’re going to start a program of continuous improvement. We’re going to do the basics. We’re not going to buy the fancy whizzbang tool.’”

Morton, along with leaders from top security companies, spoke with theCUBE Research’s Jackie McGuire at Black Hat USA, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They explored how visibility, disciplined identity management and human-AI collaboration are reshaping security strategy in an era of constrained resources. (* Disclosure below.) 

Here are three key insights you may have missed from theCUBE’s coverage of Black Hat USA:

Insight 1: Clear visibility and disciplined fundamentals anchor modern cybersecurity strategies.

Expanding visibility into high-risk environments is a growing priority for security leaders as they confront asset sprawl, the limits of traditional monitoring and the need for proactive security. Axonius’ recent acquisition of Cynerio Israel Ltd., a healthcare internet of things and medical device security company, reflects a push to secure critical infrastructure in direct response to customer demand, according to Ryan Knisley, chief product strategist at Axonius.

Elasticsearch’s Mike Nichols talks with theCUBE about the importance of agentic models over LLM hype.

“The reason we made the acquisition was our customers told us … what they wanted next for Axonius was to improve the quality of security within healthcare,” he said during the event. “Axonius, because of the incredible platform that we’ve built, it’s a natural fit for us to then expand into the IoT, OT and medical device environment because it is such critical infrastructure for our country.”

Visibility is also the foundation for sound decision-making under pressure, especially in an era when budget scrutiny and economic uncertainty are reshaping security priorities. Even strong internal advocates can’t always secure the investments they believe are essential, forcing security leaders to demonstrate value beyond the security team, according to Morton.

“Very often, what I’m hearing from [chief information security officers] is that their teams love us and really want us and won’t leave them alone about buying us, but they can’t get the spend,” she told theCUBE. “They can’t get the buy-in, they have to cut, they have to justify. I’m having some pretty sophisticated conversations about how to make that happen, how to structure a deal that works [and] how to get us in the door.”

Extending visibility to the capabilities and limits of emerging tools, such as agentic AI, is just as critical as tracking physical or digital assets. While the technology offers speed and automation, adopting it without governance and context can erode trust and performance, making proactive security a critical part of evaluating new tools, according to Mike Nichols, vice president of product management at Elasticsearch B.V.

“Everything is agentic now; it was AI last year, now it’s agentic AI this year,” he told theCUBE. “I wonder if people know what it means when they’re asking for it. I would hate to be in the customer’s shoes right now, trying to hear the reality.”

Here’s theCUBE’s complete video interview with Mike Nichols:

Insight 2: Controlling identity and access remains central to defending against modern threats.

Zero-trust security models are rapidly becoming the default posture for defending against ransomware that increasingly targets data theft over encryption, forming a cornerstone of proactive security strategies. Zscaler Inc. applies this approach by replacing outdated perimeter defenses with identity- and context-based access controls that treat every request as potentially hostile, according to Deepen Desai, chief security officer of Zscaler.

Delinea’s Jon Kuhn talks with theCUBE about why companies can struggle to prevent unauthorized access.

“This is one of the largest clouds where we’re protecting thousands of global customers,” he said during the event. “Just to give an idea on the scale, we’re seeing close to 500 billion transactions daily. We’re extracting 500 trillion signals from it. Prioritizing a zero-trust framework becomes very important because you need to assume that employees may make a mistake and that identity may get compromised, that assets may get compromised. We saw about a 146% year-over-year increase in the number of ransomware attacks that were seen against these organizations that we blocked in Zscaler Cloud.”

Protecting access to critical assets also demands tools that can adapt to user behavior and intent. Delinea Inc. minimizes the “blast radius” of identity-based threats through its Iris AI platform, which analyzes session activity and can automatically terminate risky connections, according to Jon Kuhn, senior vice president of products at Delinea.

“We have the technology now with Iris AI, which is able to understand the authorization pieces, what is happening throughout that session and be able to flag that for the administrator to take action in an automated way,” he said during the event. “That may be destroying the connection; it may be stopping the access altogether.”

As identity management expands beyond people to machines, securing those nonhuman actors is emerging as a new frontier in cybersecurity. Keyfactor Inc. embeds durable, verifiable identities into devices, workloads and software systems to ensure trust in a hyper-connected environment and strengthen proactive security across both human and machine identities, according to Ted Shorter, chief technology officer of Keyfactor.

“[Machine identity] involves machines, devices, workloads … it’s anything that needs an identity, both in the enterprise and in the IT space,” he told theCUBE. “About 70% of our business is in large enterprises. That’s identities for web servers, workloads, Kubernetes clusters, mobile phones, that sort of thing. The 30% is more interesting, at least to me. It’s the medical devices, planes, trains, automobiles … people making things that need identities so that when they phone home or get a firmware update, they know that it’s legitimate.”

Here’s theCUBE’s complete video interview with Ted Shorter:

Insight 3: Proactive security defenses protect against the exploitation of trust in technology and relationships.

Ransomware operators are increasingly using “Living Off The Land” techniques, which exploit trusted, built-in system utilities to evade detection. These attacks let malicious actors operate unnoticed, making them harder to stop and more expensive to recover from, according to Martin Zugec, technical solutions director at Bitdefender SRL.

Bitdefender’s Martin Zugec talks with theCUBE about how the company is helping organizations deal more proactively with cyber threats.

“Ransomware affects everyone today,” he said during the event. “You have less than 24 hours to patch it now, or they get inside. Once they get inside, very often it can take weeks or maybe months when nothing happens because what we are seeing is that they are attacking so many companies in such a short time that they need to go over them, and it takes some time. More and more threat actors [and] ransomware affiliates are pretty much completely switching to only using the ‘Living Off The Land’ attack.”

To counter this trend, Bitdefender launched GravityZone PHASR, a proactive hardening and attack surface reduction platform that disables unused components of built-in tools favored by attackers. This approach moves organizations away from a reactive security mindset and toward preventative controls as part of a broader proactive security approach, according to Zugec.

“Many ransomware groups literally have manuals that say, ‘You do this in this order, and you are done,’” he said. “We’ll need to think, ‘I cannot do this, I cannot use this tool, I need to behave differently.’ We as an industry will have to adapt, and we will need to start implementing more preventative controls and proactive security instead of just responding.”

Proactive defense also relies on protecting the trust that underpins vendor relationships, especially when the systems and safeguards meant to protect users can be turned against them. Cloudflare Inc.’s research into link wrapping shows how attackers can exploit the inherent trust in “safe” links to deliver malicious content. This risk reinforces the need for transparency and responsiveness when incidents occur, according to Grant Bourzikas, chief security officer of Cloudflare.

“Every cloud provider has abuse on the platform,” he said during the event. “But if you call … the people, if you follow the process, it gets fixed. I think if you ask me to do something, I do it. I think this is [the] trust thing … you have to do business with that organization. Because eventually — maybe not today, maybe not tomorrow, maybe not in a year — there will be a problem you’ll have with that vendor of non-performance or poor quality. It’s still, ‘Who do you trust in the organization? Do they have your best interests in mind?’ I think it’s very valuable to understand that.”

Here’s theCUBE’s complete video interview with Grant Bourzikas:

To watch more of theCUBE’s coverage of Black Hat USA, here’s our complete event video playlist:

https://www.youtube.com/watch?v=videoseries

(* Disclosure: TheCUBE is a paid media partner for Black Hat USA. Sponsors of the event do not influence editorial content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

Enjoy the perfect blend of retro charm and modern convenience with the Udreamer Vinyl Record Player. With 9,041 ratings, a 4.3/5-star average, and 400+ units sold in the past month, this player is a fan favorite, available now for just $39.99.

The record player features built-in stereo speakers that deliver retro-style sound while also offering modern functionality. Pair it with your phone via Bluetooth to wirelessly listen to your favorite tracks. Udreamer also provides 24-hour one-on-one service for customer support, ensuring your satisfaction.

Don’t miss out—get yours today for only $39.99 at Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!