Gartner Blog Network

BlackHat 2012 Impressions

by Anton Chuvakin  |  August 16, 2012  |  3 Comments

(yes, I know my BlackHat 2012 post is woefully late, but such is life) So, BlackHat this year was, as always, pretty exciting, but I found the vendor expo to be especially fun. Unlike some other events, the booths had people who actually knew what they were talking about. In this highlights post, I wanted to do what I swore to never do on my Gartner blog – talk about vendors. I reread out social media policy and it doesn’t seem to prohibit this as long as I tread carefully …

So, among all the vendors I spoke with, three vendors really, really stood out:

  • Red Lambda has really exciting analytics, that can work well for logs and packets/flows. In general, when I hear “neural networks”, I imagine picture of academics who never did operational security in their lives. However, Red Lambda really does seem to be a unique AND useful analytic platform. We loaded some logs into it right there and results that really impressed me came out almost immediately …
  • Silicium was the next highlight of the show for me; they are already a Gartner cool vendor. Their technology for highlighting and ranking unusual endpoint activity seems interesting, especially given that so many systems stay infected for months under the protection of major AV – oh, sorry, endpoint protection platform – vendors.
  • Immunity SWARM is a hybrid of a scanner, a network discovery tool and exploitation tool, built on a grid of VMs for scalability. Think about this as “a mass exploitation tool.” Want to own all routers in “Country I”? Pick an exploit module, aim the tool, and in a few hours you will have your routers . With reported scan speeds of up to 1,000,000 IP / hour (with simpler checks only, of course) you can compromise all assets of a particular type in a medium sized country within hours , which is unquestionably cool. Is has obvious usage for defense, right?

There you have it.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: conference  security  

Tags: security  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Thoughts on BlackHat 2012 Impressions

  1. Jon Marler says:

    It was great meeting you at the show! Hopefully we will run into each other again soon. Preferably when we have more time to chat.

  2. Same here – hopefully we can chat more.

  3. Rob Bird says:

    I look forward to our next visit, thanks so much for your time!

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.