Black Hat 2022 Recap

Black Hat 2022 was in full effect this year with the tradeshow floor buzzing and many in-person networking opportunities to be had. After many years of being virtual, we were ready for all the over-the-top things you can expect from sin-city, like the extravagant tradeshow booths, after parties, and pricey dinners.

Just like Mandalay Bay’s beach in the desert, the roller coaster atop New York New York, and the High Roller Ferris wheel – CRITICALSTART^® has been pushing the boundaries of innovation for our MDR service. There are a couple of themes I would like to highlight.

What does Mario have to do with Cybersecurity?

Lots!

Fun fact: Nintendo has released 19 versions of Mario. Each having better levels, graphics, and sound than each other. We had a Mario themed party in our booth, along with everyone wearing shirts saying, “Level Up <your security posture>”. Just like Nintendo, we’re doing the same for our customers within our ZTAP platform. For certain integrations, we are looking for configuration best practices and providing reporting. Not only does this help improve our customers’ detection capabilities, but also helps them level up their security posture (our T-shirts in the booth said this!)

Whac-A-Mole:

Yep. We had the game in our booth. It was a hit, no pun intended. The highest score was 250, can you imagine this person’s reflexes? They hit a TON of lights. Just like alerts coming from various security products, it’s a constant game of Whac-A-Mole. At Critical Start, we are achieving a perfect score by hitting every single alert (mole) – as we resolve ALL alerts regardless of priority. 

I wish I could have thrown our ZTAP platform @ the Whac-A-Mole game. Would that be cheating?

Satya & Cybersecurity:

“What is your Microsoft Security Strategy?” Was one of my leading questions when speaking to someone new. 5 years ago, I would have received no answer. Not anymore.

I also thought I would be coy by telling a person with a Microsoft t-shirt and badge we work with their tools. She replied, “there are about 40 of you on the floor that do this”.

I realized; she is correct. 39 of the companies on the floor integrate with one or two of MSFT’s security tools. Not the way Microsoft intended. Microsoft wants security teams to use as many tools as possible. Critical Start works with all tools within M365D, Windows Defender for Endpoint & MS Sentinel.

User Identity:

A guy who stopped by our booth came back frantically looking for his wallet. He accidently left it on our table on the conference floor. A place where you disable your Wi-Fi and Bluetooth on your phone before going to the conference… I felt for him, luckily one of my co-workers snagged it from our booth, held it for safekeeping, and returned it to him.

If you are not investigating & responding to user identity alerts, you are leaving your wallet at the Black Hat conference floor. If you are considering an MDR provider, make sure you are asking about what they will do with identity alerts. We are not only providing investigations, but also providing the right action when a suspected compromise exists – some examples include disabling the user identity in question and forcing Multi-Factor Authentication.

Next up is Microsoft Ignite in October, we hope to see you there!