Anton Chuvakin

(yes, I know my BlackHat 2012 post is woefully late, but such is life) So, BlackHat this year was, as always, pretty exciting, but I found the vendor expo to be especially fun. Unlike some other events, the booths had people who actually knew what they were talking about. In this highlights post, I wanted to do what I swore to never do on my Gartner blog – talk about vendors. I reread out social media policy and it doesn’t seem to prohibit this as long as I tread carefully …

So, among all the vendors I spoke with, three vendors really, really stood out:

• Red Lambda has really exciting analytics, that can work well for logs and packets/flows. In general, when I hear “neural networks”, I imagine picture of academics who never did operational security in their lives. However, Red Lambda really does seem to be a unique AND useful analytic platform. We loaded some logs into it right there and results that really impressed me came out almost immediately …
• Silicium was the next highlight of the show for me; they are already a Gartner cool vendor. Their technology for highlighting and ranking unusual endpoint activity seems interesting, especially given that so many systems stay infected for months under the protection of major AV – oh, sorry, endpoint protection platform – vendors.
• Immunity SWARM is a hybrid of a scanner, a network discovery tool and exploitation tool, built on a grid of VMs for scalability. Think about this as “a mass exploitation tool.” Want to own all routers in “Country I”? Pick an exploit module, aim the tool, and in a few hours you will have your routers . With reported scan speeds of up to 1,000,000 IP / hour (with simpler checks only, of course) you can compromise all assets of a particular type in a medium sized country within hours , which is unquestionably cool. Is has obvious usage for defense, right?

There you have it.

3 Comments »

Category: conference security     Tags: security

Share

Tweet