Black Hat USA 2024 - Consolidation, AI, Identity & Takeaways for Cybersecurity Founders

Black Hat USA 2024 marked my fifth time attending the conference, with my first experience dating back to 2018. What began as a focused practitioner event, featuring in-depth technical briefings and hands-on bootcamps, has evolved into something akin to a mini RSA. The expo has significantly expanded, and the $800 ticket price (a stark contrast to the almost-free RSA entry) seems to have attracted a higher caliber of attendees. This year, I noticed a notable presence of CISOs and senior security professionals engaging openly on the floor, rather than the more guarded behavior often seen at RSA.

I spent three days talking to founders & practitioners, walking the expo floor and attending a few evening events. It was great to see portfolio companies including Deep Instinct and Hunters.?

Here are some highlights from the expo floor:

1. Application Security, Supply Chain Security, Applications Security Posture Management (ASPM) categories have merged: The landscape of application security, supply chain security, and Application Security Posture Management (ASPM) is evolving as automation in ASPM takes center stage. Vendors are increasingly consolidating various features onto single platforms, even though many initially specialized in point solutions for scanning, ASPM, or CI/CD governance.
2. Consolidation: Consolidation remains a prominent theme, with growth-stage vendors expanding their core platforms to integrate additional functionalities and drive revenue.
3. Identity: Identity remains a critical focus, given that most breaches originate from identity-related issues. Consequently, vendors are incorporating identity aspects into their detection and response strategies, whether through Data Security Posture Management (DSPM), Data Access Governance, or Cloud Detection & Response (CDR). Notably, Zero Trust messaging was less emphasized this year.
4. AI: A few early stage vendors using AI for security and securing AI. We will likely see more next year as these vendors chose to not have a booth
5. Booths Galore: The expo floors featured larger and more innovative booths, with vendors investing significantly to capture attention and engage potential customers.

In the wake of the recent large-scale outage caused by a Crowdstrike error, the topic of resiliency has been a hot discussion point. While many anticipate that Crowdstrike will emerge from this incident stronger, there's concern about whether it might impact the trend toward consolidation and platformization driven by major vendors like Palo Alto Networks, Crowdstrike, and Zscaler.??

My perspective is this incident will prompt customers to reconsider purchasing additional tools from the same vendor. If such errors can happen with any provider, it might lead organizations to evaluate their reliance on a single vendor more critically. We are excited about our portfolio company Deep Instinct building an AI powered predictive prevention platform for endpoints.

Few takeaways for founders:

1. For early stage startups BlackHat is a better conference than RSA in terms of attendance of potential customers
2. Automation is becoming table stakes. Almost every tool is providing an option of automation for remediating findings, alerts, violations, etc.
3. While you still need a narrow, differentiated wedge to get the first 20-50 customers, founders need to plan consolidating features to increase wallet share else the available budget gets split across multiple vendors
4. The recent mishap by Crowdstrike can be used to your advantage to persuade customers to not buy from large platform vendors particularly if the new tool is not a natural extension of existing platform.
5. Observability always sells. Saw a few interesting tools providing very detailed observability and remediation options to improve posture