In the ever-evolving landscape of cybersecurity, organizations are constantly seeking effective solutions to manage their external attack surface and mitigate risks. One approach gaining traction is the utilization of open-source tools for reconnaissance and asset discovery. In this blog, we'll explore the value proposition of leveraging open-source intelligence in external attack surface management (EASM) and its role in enhancing cybersecurity resilience.

Here is the verbatim discussion:

basis there's also this there's a lot of new acronyms out there as well continuous automated red teaming cart continuous automated security testing cast right automated exploitation right Ed talked a little bit about breach uh attack simulation um key capabilities of a full endtoend easm solution what are your thoughts Picos on that and then I know that we had I think we have some folks on the phone as well that come from the Consulting world right that are Consulting they're doing cyber security Consulting talk a little bit about how you think that a comprehensive easm SL continuous testing you know package could assist in potentially helping to automate what has been uh let's say automate some of what has been a traditionally manual process a little bit about me thanks bicash appreciate it I know bicos pretty well we work together he's my boss I have to say that b you the man uh anyway got we're gonna keep this very light today I do want to say before we get into uh the discussion about um external attack surface management um the value proposition overall and what the industry is bearing uh I'd like to do as as much interaction as we possibly can I know this is a we have everybody muted and it's a it's a webinar type of panel discussion and we're all on zoom and hopefully one day we're very soon we're all doing this with microphones like the old days and pass it around the you know pass it around the uh the auditorium but um any questions that anybody might have please please make this as interactive as you possibly can throw it into the chat um into the uh which could also be part of suppose picking up open source tools so let me start with open source tools what you can do with open Source tools and I will also talk about later on the other Technologies which are out there available so if you look at esm the primary capability is nothing but reconnaissance right and if you find out or if you try to find out the reconnaissance tools which are out there if you just try out do a Google search you will find more than five 500 such kind of reconnaissance tools which are out there which can help you to uh discover various types of assets which can help you to do subdomain Discovery etc etc so there are I'm not naming all these tools largely these are various small small tools which you can tie together string it together and use it or or somebody a consultant could use it so you can use these reconnaissance tools but these tools are not good enough along with the reconnaissance tools you also need a lot of data like for example uh you need the IP who is information of the entire Globe then you'll be able to pick pinpoint your assets in a more accurate in a accurate manner so you also need to find out all get all this who is information the domain registration details now these data are unfortunately you can't get everything for free so some of this data you have to buy you need uh dark WB uh information uh which could also be utilized as a part of reconnaissance so there are all these data which is out there which you need now the next part is using this tools and this data you may initially just focus on open source intelligence don't buy any kind of data which is um proprietary or which companies are selling so I think there's a good start where you can start with all these open source tools.

Speakers:

Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/

Ed Adams, a seasoned software quality and security expert with over two decades of industry experience. As CEO of Security Innovation and a Ponemon Institute Research Fellow, Ed is renowned for his contributions to advancing cybersecurity practices. With a diverse background spanning from engineering for the US Army to senior management positions in leading tech companies, Ed brings a wealth of expertise to the table.

https://twitter.com/appsec

https://www.linkedin.com/in/edadamsboston

Paul Dibello, based in Duxbury, MA, US, is currently a Senior Vice President Global Business Development at ShadowDragon, bringing experience from previous roles at FireCompass, R9B, Virtru Corporation and iSIGHT Partners - A FireEye Company. Paul DiBello holds a 1986 - 1990 Bachelor of Arts (BA) in Economics @ Princeton University. With a robust skill set that includes Software, Sales, Project Management, Development, Operations and more, Paul DiBello contributes valuable insights to the industry.

https://www.linkedin.com/in/pauldibello11

Tejas Shroff based in Boston, MA, US, is currently a Software Engineer at Tangle, bringing experience from previous roles at Aperion Studios, XPO Logistics, Inc., Oculus VR and Beach Day Studios. Tejas Shroff holds a 2019 - 2019 UX Design Immersive in Design & User Experience @ General Assembly. With a robust skill set that includes Leadership, Social Networking, Start Ups, Social Media, Teamwork and more, Tejas Shroff contributes valuable insights to the industry.

https://www.linkedin.com/in/tejasshroff