Generative AI Takes Center Stage at Black Hat

Generative Artificial Intelligence (AI) was the dominant theme at Black Hat 2023 in Las Vegas. Attendees could tell what they were in for, given that about 30 presentations mentioned AI or Large Language Models (LLM) in the title or description.

But the wealth of knowledge, depth of research, and number of insights shared during the briefings was impressive. In addition to the briefings, the cybersecurity community is an incredibly diverse bunch. Our team was privileged to meet a range of attendees, from military veterans who are now women-in-cybersecurity CEOs, to security response teams sharing their tales of last-minute, pressure-filled fights to rescue their organizations.

Among the stories shared by presenters were tales of attacks and other highlights that made us appreciate the community that has been built within this industry:

  • Vulnerabilities do not need to be software bugs. Many of the attacks discussed were due to misconfigured environments — or organizations not using the security controls available to them.
  • Misconfigurations can wreak havoc. One cybersecurity researcher explained how they were able to manipulate search results on Microsoft’s Bing search engine by logging into (as themselves) to an unprotected database, due to a misconfiguration in Microsoft’s own Azure Active Directory.
  • Attackers are using AI, too. If you think generative AI can be a helpful tool for defense, consider how helpful it can be for attackers. Imagine phishing emails that write themselves in multiple languages. Malware that mutates on the fly. All at machine speed.

Ontinue Discusses A New MXDR Paradigm at Microsoft Booth

The Microsoft booth at Black Hat 2023 featured MISA members with solutions and services aligned to 4 featured product pillars: SIEM and XDR; Cloud Security; Threat Protection; and Identity. Among the MISA members presenting was Ontinue, represented by Prabh Thind, Senior Cloud Solution Architect, a product owner in the MDR platform engineering team for Ontinue ION AI-Powered MXDR.

In his presentation at the Microsoft booth, Prabh discussed “The New MXDR Paradigm: Nonstop SecOps through Real-time Collaboration and AI-Driven Automation.” SecOps teams need to get faster at threat detection and response, proactive threat prevention — and he noted they’re expected do it all with fewer tools and less overhead. Legacy approaches are holding companies back: traditional ticketing systems, manual incident investigation and response, myriad tools each with their own portal, siloed responsibilities, and a lack of communication. All of which leads to nonstop firefighting, frustration and stress.

Microsoft and Ontinue, the 2023 Microsoft Security Services Innovator of the Year, introduced “Nonstop SecOps,” a new paradigm for MXDR that is characterized by a focus on operationalizing security through real-time collaboration and AI-driven automation, all using the Microsoft products you already own.

In his demo, Prabh showed how Ontinue delivers real-time collaboration and access to critical information via dashboards embedded directly in Microsoft Teams — where Microsoft Security customers are already working. He also discussed how AI can be used to understand and improve defender behavior for enhanced automation that accelerates incident detection, investigation and resolution.

Ontinue also met with fellow information security executives during the Information Systems Security Association (ISSA) Forum, held during the same time as Black Hat. ISSA’s exclusive Cyber Executive Membership program provides an environment for security executives to achieve mutual success. Professionals can connect and network with peers, gain valuable information, and hear from top industry experts, as ISSA helps advance personal and industry understanding of critical issues in information security.

If you missed the Ontinue session at Black Hat, you can read more about how we deliver Nonstop SecOps with Ontinue ION. And you can contact us to schedule a demo just for you.

Article By

Dean Ellerby
Senior Cloud Security Architect

Dean is a dual Microsoft MVP, Microsoft Certified Trainer, experienced Senior Cloud Security Architect, content creator on YouTube and Pluralsight Author. Having created hundreds of in-depth training videos on his YouTube channel and recognized by Microsoft for his work within the community, Dean is considered to be a thought leader in Security and Endpoint Management.