Black Hat 2019: Monitoring network operations and managing digital risks

Black Hat's Network Operations team members discuss looking for the "bad within the bad." Also, RSA's CTO talks about managing risks to prevent an individual problem from becoming a societal problem.

Black Hat 2019: Monitoring network operations and managing digital risks Black Hat's Network Operations team members discuss looking for the "bad within the bad." Also, RSA's CTO talks about managing risks to prevent an individual problem from becoming a societal problem.

At the Black Hat USA 2019 cybersecurity conference in Las Vegas, CNET and CBS News Senior Producer Dan Patterson spoke with Black Hat's Network Operations team members about looking for the "bad within the bad." He also spoke with RSA's CTO Dr. Zulfikar Ramzan about managing risks to prevent an individual problem from becoming a societal problem. The following is an edited transcript of the interview.

Bart Stump: Black Hat is one of the premier information security conferences in the world that basically the best get together and talk about what they've done, what they've researched, and what they've found out throughout the years. A network operations center for us, what we do here at Black Hat is basically we maintain, monitor, and run the network from this operation center. So everything's built out here. This is where we keep our team, have communication throughout the show, and basically look through all the data and find out what the issues may or may not be at the show.

Neil R. Wyler: The traffic that we see here is what would normally cause an incident response scenario back at any corporate environment. We see the kind of things that make analysts' hair turn white, but they're learning here. We're sharing information, the latest attack techniques and those things are flowing across the network constantly. So when we're seeing that, we let it go.

What we're looking for is bad within the bad. So while we see a lot of bad traffic, it's only the stuff where it's an attendee attacking an attendee. Something where they're targeting directly our infrastructure or the registration network, or, in some cases, the public internet. We will go in and take steps to make sure that that behavior ceases.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Essentially, what we're doing is trying to provide stability and security for the attendees. So we're doing that with a mix of different technologies. We come in much prior to the show and deploy all our own switches, routers, anything that we need to do to help build it up. And we have partners who help us do that. We're not on our own.

So there are 15 other folks who are experts in their field and work for Fortune 500 companies. They're from analysts to VPs, and they come in on their own time on their vacation just to be part of it. But beyond that, we also have partners here. So we've partnered with some vendors with Ruckus, RSA, Cisco, Palo Alto, Gigamon and Century Link. And they send their A-team to come be part of it as well.

Dr. Zulfikar Ramzan: So RSA is like the silent force that puts trust in the entire digital ecosystem. We are the defenders of the digital galaxy. Every time you make a transaction online, every time you type in a search inquiry, every time you open up your mobile banking application, every time you interact with a government entity, the chances are that RSA technology is behind that transaction, behind that set of capabilities. It's making that transaction secure and allowing you to use the internet with confidence.

Well, the key we find is it's not just about focusing on one area of security alone. The reality, security's become so multifaceted. Security is not a monolith. It's a mosaic. It's full of nuances and subtleties. There's so many different aspects of it. We focus not just on encrypting data, but also on detecting threats. We find ways to monitor what's happening. We allow you to respond effectively.
It's almost like if you were building a bank, I can build a strong front door for a bank, but the reality is, at some point, I've got to open that door and let people in for business, which means that a bank robber can get in the bank. But the reality is the bank robber's goal is not to walk in the front door of the bank. The bank robber's goal is to get the money that's, and there's a lot you can do between the time they walk into the time they actually get to the money that can help protect any organization.

SEE: Facebook data privacy scandal: A cheat sheet (TechRepublic)

And so we provide capabilities for monitoring what's happening in digital infrastructure as we find ways to help people respond to those types of threats that they see. And ultimately, we find it's a matter of managing digital risk. And so every time you talk about any form of digital transformation, there is some risk that goes along with it. But if I want to move forward, think about today's world. No organization exists as an isolated entity unto itself. Every organization is part of a much more complex ecosystem. We've got third parties we rely on, other vendors who are part of our supply chain, which means my risk is not just my risk alone. It's an amalgamation of my risk plus the risk faced by all the people I depend upon on a daily basis. If we don't control it effectively, it's not just going to be an individual problem. It's going to be a societal problem.

Also see