Top 3 takeaways from BlackHat USA 2022
This year BlackHat celebrated its 25th year anniversary in Las Vegas from Aug 6-10, bringing in the best minds from over 111 countries to provide the security community with the latest cutting-edge research, development, and trends that define tomorrow’s security landscape.
Following a hiatus due to Covid, it was invigorating to see a solid, in-person presence and have thoughtful conversations with a variety of audiences from Security Architects, App security leads, government personnel, and risk managers to pen testers, reverse engineers, vulnerability researchers, and many others.
With a greater emphasis on cybersecurity, application security, and supply chain attacks, the conference provided great insights into tomorrow's ever-mounting challenges and solutions.
Here are our top 3 takeaways from the event:
- Complexities in software are making it harder to manage risks
Businesses today operate in fast-changing market dynamics and time to market can impact the success probability. In this race, Security is largely viewed as slowing things down and causing friction. In the keynote address, Chris Krebs, former Director of CISA, rightly pointed out a core problem: As we are integrating more and more products (that are insecure by design) into use cases, we are making it even more complicated to manage risks.
Although vulnerabilities are being actively addressed, they aren’t tackled at the same pace as the software growth. The talk further pointed out that until the benefits of insecure products continue to outweigh the downside, software will continue to remain vulnerable. And the solution to make it better is a shift in mindset and actions from: technology, the government, and us, the security community.
- Application security is a hot topic
Organizations need to be resilient in this era of digital dominance. Minimizing the attack surface by putting in the right cybersecurity controls is imperative. Proactive security with a continuous push to 'shift-left' with DevSecOps helps mitigate these risks.
- Securing the cloud is tough, but essential
Securing the cloud with specifically tailored tools can be expensive and overwhelming. The CISO is in the midst of it all and has quite a balancing act in this. For end-user organizations, using a low friction approach to security, such as integrating security with CI/CD and using responsive and timely feedback loops is key.
We were pleased with the many thoughtful discussions and interesting questions at our booth. Our many happy customers stopped by to tell us how much they loved using our solution. Thanks for the good vibes!
Sonar strongly believes that Security is best addressed at the core. Most security vulnerabilities are in the source code of business applications. Using Clean Code principles to empower the developers to address security issues at the root i.e. in the source code as it’s written, truly shifts security focus to the left and reduces the burden downstream. If this is intriguing and you haven’t discovered the power of the Sonar solution yet, you can learn more here.
Although we didn’t have any $$$ luck at the Vegas casinos, the conversations and insights from the BlackHat event were priceless! We look forward to seeing you at the next BlackHat event!