Virtualization Technology News and Information
Article
RSS
Black Hat USA 2024 Q&A: Black Kite Will Showcase the Industry's First Cyber-aware AI Engine Designed for Cybersecurity Compliance Automation - Black Kite Parser 2.0

blackhat-vmblog-qa 

Are you getting ready for the upcoming Black Hat USA 2024 event, an internationally recognized cybersecurity event providing the most technical and relevant information security research, now in its 27th year.  The event is quickly approaching, taking place August 3-8, 2024, returning to the Mandalay Bay Convention Center in Las Vegas, NV with a 6-day program. 

Ahead of the show, VMblog received an exclusive interview with Jeffrey Wheatman, SVP, Cyber Risk Evangelist at Black Kite, a leader in third-party cyber risk intelligence.  Make sure to add them to your MUST SEE list.

black kite logo 

VMblog: Before we get into it, can you give us a quick overview of the company? What should folks know?

Jeffrey Wheatman:  Black Kite is transforming third-party risk management (TPRM) with the industry's most accurate, actionable, comprehensive cyber third-party risk intelligence platform. Addressing a critical security gap, it simplifies the quantification and monitoring of cyber risk across numerous third parties without invasive measures. Offering insights from technical, financial, and compliance angles, Black Kite eliminates false positives, ensuring a comprehensive vendor risk management strategy.

Black Kite offers complete visibility across the digital supply chain, easing manual burdens with its automated, continuous monitoring platform. Unlike legacy vendors' arbitrary scoring, Black Kite provides transparent, accurate threat intelligence. Leveraging over 1,000 OSINT resources, it delivers multidimensional insights aligned with industry standards like MITRE and FAIR. And it assesses compliance with regulations like CMMC, GDPR, PCI-DSS, and HIPAA, ensuring precise compliance ratings.

VMblog: Black Hat is known for its energetic and interactive booths. What unique experiences or demonstrations do you have planned to engage attendees at your booth? Will you be giving away any interesting tchotchkes?

Wheatman:  Black Kite is all about showing you where to find the most critical risk factors in your supply chain, and we've found a fun way to illustrate this concept at our booth this year. We're bringing in a Wack-a-Mole game - calling it "Wack-a-Risk" - to demonstrate how difficult it can be to simply respond to risk when you don't have data about where it is coming from. Plus, we think it will be fun for Black Hat attendees to get out some of their conference stress.

VMblog: Is this your first time sponsoring Black Hat? If not, how many times have you sponsored before? And what keeps you coming back?

Wheatman:  This is our second year sponsoring Black Hat. We returned this year because we find it important to be involved in conversations with customers and industry leaders at the show about the problems that need to be solved. We are also actively involved in research and find it valuable to bring those results to share with the community. Collaboration and information exchange are important for growth and innovation in the industry, and we find consistent value with both at Black Hat.

VMblog: What is your message to Black Hat attendees coming out to the show this year? If they take back one message about your company, what should it be?

Wheatman:  We know managing cyber ecosystem risk can be stressful. It is constantly evolving and the threats never stop. Companies need a partner that can illuminate the weak spots so they can act quickly to address those issues and protect their business. At Black Kite, we've automated the process of providing real-time and accurate risk intelligence so you can make informed risk decisions and bring cyber resilience to your supply chain. We focus on accuracy, speed and transparency. We believe these attributes are key to delivering the best possible information to make informed decisions fast.

VMblog: Black Hat attendees are known for being security professionals at the forefront of the industry. What specific challenges do you anticipate they'll be facing, and how will your solutions help them overcome those challenges?

Wheatman:  There are two major challenges we see customers and prospects facing.

First, it is clear that securing the cyber supply chain requires collaboration between companies and their vendors/suppliers. Historically, there has been no effective way for the multitude of players to engage together, quickly, to mitigate issues when a new vulnerability is discovered. Instead, a company faces the cumbersome process of reaching out to individual vendors to determine first if they are impacted and how they are responding to the issue. Responses are tracked manually and often take days, weeks or longer to track down, and meanwhile, companies are left in the dark without a clear picture of risk.

The second major challenge is the need for continuous monitoring. Cyber ecosystems are dynamic, and point-in-time snapshots of supply chain risk have little value in the modern connected IT environments. Companies are consistently updating software, altering configurations, and adopting new apps and technologies, all of which can introduce new vulnerabilities and alter an organization's risk profile. Companies need real-time insight into company and supply chain risk in order to understand overall risk, rapidly detect threats and proactively mitigate issues before they can be exploited.

VMblog: The market is a crowded space. What is it about your company and technology that sets you apart from the competition? What are your differentiators?

Wheatman:  Traditional TPRM methods rely on questionnaires, lack standardization and produce qualitative, not quantitative, data. These outdated approaches yield arbitrary risk scores not grounded in factual standards. This is why many organizations are unhappy with the results. Unlike legacy vendors that use arbitrary scoring systems, Black Kite delivers the highest quality data and threat intelligence. In fact, in a recent market evaluation from Forrester, it was the only cyber risk ratings provider whose customers were unanimously satisfied with its rating accuracy.

Also, as digital connections increase, companies must manage not only their security but also that of interconnected parties. In today's dynamic threat landscape, Black Kite enables continuous risk monitoring and mitigation, surpassing the limitations of legacy vendors. Built from a hacker's perspective, Black Kite fills a fundamental security gap by making it simple for businesses to non-invasively quantify and monitor cyber risk across thousands of third parties. It is also the first in the industry to combine Nth-Party and high-profile cyber risk intelligence, including cascading and concentration risk (for instance, based on how many third parties those vendors rely on or specific products/services/geographic regions in the supply chains), so organizations can anticipate and mitigate security incidents in their supply chains.

Black Kite also offers the industry's first cyber-aware AI engine designed for cybersecurity compliance automation - Black Kite Parser 2.0. With this game-changing, patent-pending technology, organizations can easily measure the compliance level of any company based on a host of industry regulations and standards, substantially simplifying third-party risk efforts. Customers also have the ability to automate assessments and check compliance levels based on customized compliance frameworks, by cyber-aware AI mapping to standardized controls. While other vendors are white-labeling existing AI models, Black Kite Parser was built and trained in-house by Black Kite's cybersecurity research and development team. They invested heavily in manual tuning, focusing on data creation and labeling to ensure high accuracy and performance.

VMblog: Looking ahead, what excites you most about the future of cybersecurity, and how do you see your company playing a role in shaping it?

Wheatman:  At Black Kite, we are excited about how AI is being used, and will continue to be used, to simplify understanding data to make better business decisions.

We already offer the industry's first cyber-aware AI engine designed for cybersecurity compliance automation - Black Kite Parser 2.0 - built and trained in-house by Black Kite's cybersecurity research and development team. The tool transforms third-party risk efforts, saving companies substantial time and effort through automation by parsing, analyzing and mapping results to all cybersecurity controls within our platform within minutes to measure third-party compliance.

While our team is already invested heavily in manual tuning, focusing on data creation and labeling to ensure high accuracy and performance, we know the security market is constantly evolving which is exciting because it sparks innovation. We plan to continue to be leaders in cyber-aware AI solutions for third-party risk to help our customers gain smarter insights so they can be prepared to take action with more knowledge to make better business decisions.

VMblog: Beyond your specific offerings, what valuable cybersecurity knowledge or insights can you share with Black Hat attendees visiting your booth?

Wheatman:  Black Kite's research team BRITE will be on hand to discuss their findings from our recently published State of Ransomware report and our Third Party Breach Report, published earlier this year. The ransomware report in particular takes a deep dive into the constantly shifting world of cybercrime, the key players, and what companies need to know to protect themselves.

VMblog: Is your company involved in any parties during the event? How can attendees get involved?

Wheatman:  We host a whiskey tasting in our suite at the Delano every year. Anyone interested in attending can reach out to our team to request an invite!

VMblog: As a show sponsor, do you have any tips for attendees to better prepare for the conference?

Wheatman:  You're paying a lot to be there, so make the most of it. These conferences can be overwhelming, and if you go into the exhibit hall without an agenda you aren't going to get much out of it. Map out the issues your company is facing, take a look at the exhibitor list and then make a plan for which booths you want to visit. The same thing goes for the conference sessions. Review the agenda and create a schedule for yourself beforehand. Finally, reach out to contacts or vendors you know you want to meet with and set up times to talk. This is a great opportunity to network and meet in person. Be proactive in your approach and you'll get a lot out of the event.

##

Published Monday, July 22, 2024 7:34 AM by David Marshall
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<July 2024>
SuMoTuWeThFrSa
30123456
78910111213
14151617181920
21222324252627
28293031123
45678910