Day 1 of Black Hat USA 2023 | Generative AI, Automation & The Security Landscape of Tomorrow

SentinelOne has landed in Vegas for this year’s Black Hat security conference! Each year, Black Hat invites security gurus, researchers, hackers, and cyber enthusiasts from around the world to join in on two-days of keynotes by industry leaders as well as cutting-edge presentations and exclusive tech demos.

We’ll be sure to keep you in the loop on all the event activities so you don’t miss out on any thought leadership or announcements from the event. Read on for a recap of all the essentials that happened on Day 1 of Black Hat 2023.

Black Hat 2023 | Bringing Together the Cyber Community

Established in 1997, Black Hat stands as a globally recognized series of cybersecurity events, offering leading research on information security. Over the years, Black Hat has developed into an international platform for the infosec community with the gatherings serving as a trusted resource of the latest advancements and emerging patterns within the security community. At the heart of Black Hat are its briefings and trainings, tailored to meet the demands of the current security business needs.

This year, Generative AI steps into the spotlight as the main event theme, sparking discourse on the role of automation and AI in accelerating detection and response capabilities. In the nearly one year since ChatGPT and others like it exploded onto the scene, security leaders have been dedicated to understanding how AI is transforming the cyber defense landscape as well as acknowledging its benefits and challenges. At SentinelOne, we believe that generative AI has the power to generate incredible value and disrupt the way we secure our data and systems.

We’re excited to once again join up with our fellow security defenders, foster collaboration, and share knowledge to help keep businesses in every industry vertical safe.

Come Meet Team SentinelOne!

For those of you joining us in person at Vegas, come visit Booth #1520 in the BlackHat Business Hall at the Mandalay Bay Convention Center. We are excited to unveil our biggest booth yet with our legendary tree at the center of it. Our iconic neon purple tree, spruced up with a new shade of blue to it, has come to symbolize the intricate yet organized flow of data between all of cybersecurity spaces. From ceiling to floor, the tree shows the movement of data to and from various solutions into one powerful and stunning platform. Stop by to meet the team, learn more about our latest offerings including PurpleAI and Ranger Insights, and pick up some super limited event swag!

 

On both Wednesday and Thursday, the first 20 BlackHat attendees to show the below social media post to a SentinelOne team member receives a sleek rucksack as our Formula 1 friends say across the pond in Silverstone. Simply take a screenshot of the below post (formerly known as a Tweet) and follow the instructions! Note that Thursday (Day 2) is your last chance to win an Aston Martin F1 Team and SentinelOne backpack, so don’t miss out!

Big congratulations to everyone on Wednesday who went home with an Aston Martin F1 Team swag, including our first two visitors to claim their backpacks.

New Product Announcement | SentinelOne Launches Singularity™ Ranger Insights

As the number of exploitable vulnerabilities available to threat actors continue to climb, security leaders are faced with the challenge of managing them faster than ever before. To help enterprises build up their offensive capabilities, SentinelOne launched Singularity™ Ranger Insights. This innovative solution, named by CRN Wednesday as one of the 10 coolest products to be unveiled at BlackHat, is designed to remove the complexities from vulnerability management so businesses can focus on continuously discovering unmanaged assets, closing blind spots, and prioritizing incoming threats through a single console and agent.

From Lana Knop, Vice President of Product Management, Endpoint and Identity Products at SentinelOne: “More than 25% of all breaches are the result of vulnerability exploitation, and the average cost of remediating them can top $4.5 million. With Singularity Ranger Insights, security teams have a powerful tool they can use to reduce the time, cost and complexity of vulnerability management and significantly improve their security posture.”

Ranger Insights provides the following for SentinelOne customers:

  • Increased Visibility, Simplified Management – In a remote-first world, traditional network vulnerability scanners are no longer enough to keep threat actors at bay. Ranger Insights helps security teams identify and prioritize risks by deploying in minutes; all without the need for lengthy scans and network hardware.
  • Real-Time Risk & Vulnerability Insights – Real-time insights provided by the SentinelOne agent minimize reliance on network connectivity removes legacy point-in-time scans. Ranger Insights delivers continuous visibility into application and OS vulnerabilities across Windows, macOS, and Linux and shaves off precious minutes by prioritizing risks based on their likelihood of exploitation.
  • True Network Visibility & Granular Control – IT and security teams rely on accurate information to protect against incoming threats. Ranger Insights combines passive and active scanning to identify and fingerprint devices to capture the exact data you need and at the depth and breadth of your choosing.

Presentation Highlight | HypeGPT – What LLMs Really Can and Can’t Do for Security

Speaker: Juan Andres Guerrero-Saade, Sr. Director of SentinelLabs

Though large language models (LLMs) have become a useful tool for reverse engineering and educational purposes, there’s a broader discussion in our industry about their current and future role in the infosec community and how they will continue to shape modern cybersecurity capabilities. While we’re living through unprecedented breakthroughs in Generative AI and the many uses of LLMs, many continue to wade through a sea of hype and misunderstanding, bad marketing, and even worse sales tactics.

At Wednesday’s presentation, Juan Andrés Guerrero-Saade broke down the practical uses of LLMs that are actually impacting problematic areas enterprise businesses face today: reverse engineering malware, niche security tooling, and the growing security talent pipeline just to name a few.

Guerrero-Saade explained of ChatGPT, “It’s not going to solve every cybersecurity problem, but it is going to make your lives better when you learn how to use it.” The key takeaway? Spend time writing good prompts.

Some of the “real fun” of ChatGPT, he said to the crowd, is what it can do for democratizing reverse engineering; a significant and very difficult skill for malware analysis. He described how both he and the rest of SentinelLabs have experimented with ChatGPT, which you can read more about in this December blog post from Aleksandar Milenkoski and Phil Stokes.

Guerrero-Saade also emphasized how the tool can be especially beneficial for lowering the steep learning curve associated with reverse engineering. “We don’t even understand all of the uses for [ChatGPT], but it should be helping folks out that have less [reverse engineering expertise].”

To further illustrate some of the educational applications of LLMs, Guerrero-Saade described his experience teaching the very first university course to use ChatGPT as a TA. Offered through the Alperovitch Institute for Cybersecurity Studies, this malware analysis course encouraged the students to first ask ChatGPT their questions before they asked the instructors. “The beauty of ChatGPT as a teaching assistant is it has really fast and really relevant answers.” Read more about the results here.

As a parting thought, Guerrero-Saade encouraged the audience to keep experimenting and playing with ChatGPT. “These things are iterating insanely quickly and quietly.”

What’s Happening At The SentinelOne Theatre?

Wednesday was jam-packed with two dozen presentations in the SentinelOne Theater at Booth #1520. Our leaders and valued partners spoke back-to-back throughout the day, with topics ranging from “Tales from the Front Lines of Cyber Defense” to “Wiz and SentinelOne: Better Together” and “Cleaning Up ITDR Confusion”. One featured session featured our friends and partner, Netskope, hosted by their Business Information Security Officer, Damian Chung. “This integration is really important to us to drive operational efficiency,” Chung told the crowd.

Chung described how this SentinelOne-Netskope partnership brings comprehensive integration capabilities for securing remote work from endpoint to cloud. SentinelOne Singularity XDR provides leading protection for enterprise attack surfaces, including user endpoints, cloud workloads and identity infrastructure. Netskope Intelligent Security Service Edge (SSE) secures access to web, SaaS, public cloud and data center infrastructure through a converged SWG, CASB, and ZTNA suite. After his talk, Damian elaborated on how the “operational efficiency” this partnership provides analysts to “do more with less.”

“[SentinelOne is] really strong on endpoint and XDR and [Netskope is] really strong in the cloud and SaaS space. If we can marry those two things together, we cover a much wider range and that best of breed helps us sell that internally to our executives and our board, but also on the operational side it allows our analysts to be able to leverage the tools properly, not just get noise.”

“When you talk about IoC sharing, do I want an analyst to look at that and then manually map IoCs across platforms? No, we’ve got to have that automated,” continued Chung. “It’s automatically done, automatically remediated. Then, maybe there’s a ticket that gets automatically populated to say, “Look, we just found these threats in this cloud environment that maybe SentinelOne had found and we eliminated that threat that’s sitting dormant”.”

Conclusion

Day 1 of this year’s Black Hat event may be over, but we’ve got one more day ahead of us! Make sure you swing by the SentinelOne Booth #1520 and see all of our new product demos for yourself. We’ve still got some swag left to snag and our team is excited to meet you.