Now in its 22nd year, Black Hat USA is the world's leading information security event, providing attendees with the very latest in research, development and trends. The conference opens with four days of technical trainings followed by the two-day main conference featuring Briefings presenting cutting-edge research on information security risks and trends; Arsenal, the open-source tool demo area; Business Hall with opportunities for attendee, vendor, and community engagement; and more.
Don’t miss Black Hat’s hottest party,
Vegas’ most exclusive venue,
Sin City’s swankiest cocktails,
Gaming’s greatest titles.
Right in the heart of Black Hat, DefCon and BSides Las Vegas
Kenna is excited to be one of the hosts of this year’s Level Up party (#LevelUpBH), THE party at Black Hat. Come hang out with us at Skyfall Lounge and enjoy the unparalleled, 180-degree views; signature cocktails; and, for one night only, take the opportunity to Level Up on over 200 classic video games like Zelda, Mario Kart, Donkey Kong and more from the top of Las Vegas.
All Black Hat attendees are welcome, but space is limited so request an invite today!
Visit us on the show floor and talk firsthand with our security experts. While there, get a free backpack while supplies last!
Ed Bellis, CTO, Co-Founder, Kenna Security
Wade Baker, Partner & Co-Founder, Cyentia Institute
Thursday, August 8th from 2:30 PM - 3:20 PM at Oceanside F
In the fourth volume of their Prioritization to Prediction research, Cyentia Institute and Kenna Security analyzed empirical data and real-world practices of hundreds of organizations to identify the key contributing factors of top performing vulnerability management teams and discover the factors that hinder performance.
In this talk, Wade Baker and Ed Bellis walk through the data and key findings, tying real-world practices to actual outcome measures. Aimed at vulnerability and risk management professionals, this session will provide evidence of the practices used by top performers that attendees can apply to their own vulnerability management programs.
Michael Roytman, Chief Data Scientist, Kenna Security
Jay Jacobs, Chief Data Scientist, Cyentia Institute
Thursday, August 8th from 12:10 PM – 1:00 PM at South Seas CDF
Effective prioritization of vulnerabilities is essential to staying ahead of your attackers. While your threat intelligence might expose a wealth of information about attackers and attack paths, integrating it into decision-making is no easy task. Too often, we make the mistake of taking the data given to us for granted – and this has disastrous consequences.
We'll explain what we miss by trusting CVSS scores, and what should absolutely be taken into consideration to focus on the vulnerabilities posing the greatest risks to our organizations. We'll look at tens of thousands of vulnerabilities, CVSS scores, CVE, NVD, scraping mailing lists, collecting data feeds and ultimately end up with a few dozen data points that helped us understand the probability of a vulnerability being exploited.
Finally, we'll use all that data as well as billions of in-the-wild events collected over 5 years in order to create a machine learning model for predicting the probability of a vulnerability being exploited, a scoring system which outperforms CVSS on every metric: accuracy, efficiency and coverage.