(yes, I know my BlackHat 2012 post is woefully late, but such is life) So, BlackHat this year was, as always, pretty exciting, but I found the vendor expo to be especially fun. Unlike some other events, the booths had people who actually knew what they were talking about. In this highlights post, I wanted to do what I swore to never do on my Gartner blog – talk about vendors. I reread out social media policy and it doesn’t seem to prohibit this as long as I tread carefully …
So, among all the vendors I spoke with, three vendors really, really stood out:
- Red Lambda has really exciting analytics, that can work well for logs and packets/flows. In general, when I hear “neural networks”, I imagine picture of academics who never did operational security in their lives. However, Red Lambda really does seem to be a unique AND useful analytic platform. We loaded some logs into it right there and results that really impressed me came out almost immediately …
- Silicium was the next highlight of the show for me; they are already a Gartner cool vendor. Their technology for highlighting and ranking unusual endpoint activity seems interesting, especially given that so many systems stay infected for months under the protection of major AV – oh, sorry, endpoint protection platform – vendors.
- Immunity SWARM is a hybrid of a scanner, a network discovery tool and exploitation tool, built on a grid of VMs for scalability. Think about this as “a mass exploitation tool.” Want to own all routers in “Country I”? Pick an exploit module, aim the tool, and in a few hours you will have your routers . With reported scan speeds of up to 1,000,000 IP / hour (with simpler checks only, of course) you can compromise all assets of a particular type in a medium sized country within hours , which is unquestionably cool. Is has obvious usage for defense, right?
There you have it.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.