All Articles

Enhancing Cybersecurity Resilience with External Attack Surface Management by Ed Adams, Paul Dibello, Tejas Shroff and Bikash Barai

Posted by Priya R on May 12, 2024 at 7:26pm in Blog

 Enhancing%20Cybersecurity%20Resilience%20with%20External%20Attack%20Surface%20Management.png

 

 In today's ever-evolving cybersecurity landscape, organizations face an array of threats that require proactive and robust defense mechanisms. External Attack Surface Management (EASM) emerges as a critical component in fortifying organizational defenses by providing visibility into external assets, vulnerabilities, and potential threats. In this blog, we explore the significance of EASM and its key capabilities in mitigating cyber risks and enhancing overall security postures.

  

 

Highlights :

Understanding the Evolution of Cyber Threats:

  • The cybersecurity landscape has evolved significantly over the past decades, with threats ranging from network-level vulnerabilities to sophisticated zero-day attacks.
  • Traditional security measures like Dynamic Application Security Testing (DAST) and penetration testing are essential but may not adequately address the breadth and depth of modern cyber threats.

Key Capabilities of EASM:

  • Asset Discovery: EASM solutions enable comprehensive discovery of external assets, including cloud resources, applications, APIs, and subdomains.
  • Active Assessment: By simulating real-world attacks, EASM platforms identify vulnerabilities and assess the efficacy of security defenses.
  • Integration with MITRE ATT&CK: Leveraging frameworks like MITRE ATT&CK provides actionable insights into adversary tactics, enhancing defensive strategies.

Complementing Security Practices:

  • EASM serves as the "tip of the spear" in cybersecurity defense, providing organizations with a broad view of their external attack surface.
  • It complements traditional security practices like threat intelligence feeds, Security Information and Event Management (SIEM), and cloud security solutions.
  • By streamlining investigation and remediation processes, EASM enhances organizational resilience and accelerates response to discovered vulnerabilities.

 

In the face of evolving cyber threats, organizations must adopt proactive measures to safeguard their digital assets. EASM emerges as a cornerstone of modern cybersecurity, offering unparalleled visibility and risk mitigation capabilities. By leveraging EASM solutions and integrating frameworks like MITRE ATT&CK, organizations can strengthen their defenses and stay ahead of cyber adversaries. As organizations navigate the complex cybersecurity landscape, EASM remains a vital tool in their arsenal, empowering them to mitigate risks and protect their most valuable assets.

 

Speakers:

Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/

 

Ed Adams, a seasoned software quality and security expert with over two decades of industry experience. As CEO of Security Innovation and a Ponemon Institute Research Fellow, Ed is renowned for his contributions to advancing cybersecurity practices. With a diverse background spanning from engineering for the US Army to senior management positions in leading tech companies, Ed brings a wealth of expertise to the table.

https://twitter.com/appsec

https://www.linkedin.com/in/edadamsboston

 

Paul Dibello, based in Duxbury, MA, US, is currently a Senior Vice President Global Business Development at ShadowDragon, bringing experience from previous roles at FireCompass, R9B, Virtru Corporation and iSIGHT Partners - A FireEye Company. Paul DiBello holds a 1986 - 1990 Bachelor of Arts (BA) in Economics @ Princeton University. With a robust skill set that includes Software, Sales, Project Management, Development, Operations and more, Paul DiBello contributes valuable insights to the industry.

https://www.linkedin.com/in/pauldibello11

 

Tejas Shroff based in Boston, MA, US, is currently a Software Engineer at Tangle, bringing experience from previous roles at Aperion Studios, XPO Logistics, Inc., Oculus VR and Beach Day Studios. Tejas Shroff holds a 2019 - 2019 UX Design Immersive in Design & User Experience @ General Assembly. With a robust skill set that includes Leadership, Social Networking, Start Ups, Social Media, Teamwork and more, Tejas Shroff contributes valuable insights to the industry.

https://www.linkedin.com/in/tejasshroff

 

Views: 17
Tags: asm, easm, attack surface management, external surface management, gartner, upcoming
E-mail me when people leave their comments –
Follow

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)