By: Michelle Radlowski

Survey shows that Black Hat attendees are feeling vulnerable on the inside

Attendees cite social engineering and targeted attacks as the greatest threats, compounded by concerns over user behavior.

Some of the world’s most experienced InfoSec professionals attended Black Hat last week in Las Vegas. And yet, with all their expertise, the Black Hat Attendee Survey showed that the majority believe their organizations remain vulnerable to security attacks. An astounding 72 percent of those surveyed expect to be hit with a “major” breach in the coming year and 40 percent said that such a breach is either “highly likely” or that they had “no doubt” it would occur. These percentages are higher than the prior year, and the main cause for the increasing concern is internal user behavior. When asked about the weakest link in enterprise defenses, the top answer, by far, was, “End users who violate security policy and are too easily fooled by social engineering attacks.”

It’s no surprise that the concern is growing, with today’s workplace increasingly decentralized, users increasingly mobile, and the threats designed to exploit these trends increasingly sophisticated. But, while security practitioners reported that their greatest concerns are about social engineering or targeted attacks, they also reported that their days are mostly spent reacting to emergencies and tending to mundane tasks, like maintaining compliance and addressing vulnerabilities in internal applications. They are largely unable to find the time to plan or carry out defense strategies. Worse, they are hamstrung by security appliances that don’t communicate with one another, making risk assessment and compliance unnecessarily cumbersome.

Given the problems with traditional security appliances — and the fact that security practitioners have little faith in their ability to protect against emerging threats — the Zscaler Cloud Security solution came as a revelation. Visitors at the Zscaler booth grilled our staffers about our 100 percent cloud-based security-as-a-service approach, as opposed to other vendors at the show who were muddying the water with buzzwords and cloud-washing. Because Zscaler integrates multiple layers of security in a cohesive platform with deep visibility and reporting, it quickly solves the problems with compliance and reporting. And, because it automatically scans every byte of traffic, sandboxing unknown files in the cloud, it protects against the kinds of attacks that rely on end-user errors or misjudgment. 

Bringing down the hammer on appliances

Zscaler returned to Black Hat this year with its Smash Booth, in which scores of attendees were able to test security appliances against a primitive yet pernicious threat: the sledgehammer. During these “tests,” attendees attacked the boxes with gusto; many requested specific brands on which to take out their frustrations. With each strike of the sledgehammer, they were demolishing the boxes’ limited performance and functionality, their inability to generate intelligible reports, their endless patches and updates. And at the end of it all, the boxes were truly EOL.

        


Several attendees asked why we were smashing appliances. The simple answer is because it’s fun and raucous and it attracts a lot of people to our booth. But the truth is pretty simple, too. Appliances are simply no longer effective in protecting organizations whose traffic is primarily coming and going across Internet links. With our cloud security platform, Zscaler is helping organizations increase security, reduce complexity, and become cloud-enabled operations. At the same time, we’re helping to reduce or eliminate many of the concerns revealed in the Black Hat attendee survey. Learn more at www.zscaler.com.

Read more about Black Hat:

Interview with Zscaler CISO Michael Sutton

Dark Reading Live from Black Hat

Dark Reading article about the survey

The attendee survey (PDF)

Learn more about Zscaler.