Welcome to an enlightening panel discussion on External Attack Surface Management (EASM), an essential component of modern cybersecurity. Today, we gather insights from esteemed cybersecurity leaders to explore the significance of EASM, its common use cases, and its role in augmenting threat intelligence and vulnerability management programs. Let's dive into how organizations can leverage EASM to enhance their security posture and mitigate risks effectively.
Here is the verbatim discussion:
there you take it at a high priority whereas a normal ping you don't take it at a high priority right so the Intelligence coming from esm could help this sock the fourth use case could also be where esm augments threat intelligence threat intelligence is more about actors and their TTP is for the broad industry level how can you make it pinpointed to a specific uh like how that uh threat intelligence that actor pose a risk for your organization if you can correlate that with your attack surface and the risk then you can make it more actionable so augmenting TI will be another augmenting vulnerability Management program is another use case because um if you don't know the assets you can't put them in under the vulnerability Management program right if you don't know that here is a pre-production system which is out there online and has got critical data obviously gone taking exploits in their past um Ed Ed Adams like to introduce you uh to say a little few lines about yourself sir hello thank you Paul welcome everyone uh I am Ed Adams I'm the president and CEO of security innovation an organization that specializes in software security I'm also a research fellow for The pamon Institute and I am a leader and board member for the international Consortium of minority cyber Security Professionals otherwise known as icmcp in the cyber security program so um and I'm also board member of North Texas infragard which is a collaboration between FBI and private sector in strengthening the processes and practices around um both FBI actually Department of Homeland Security and private sector coming together to uh understand the common grounds and have some collaboration so thanks Paul again for having me on the panel.
Highlights :
Significance of EASM:
- EASM enables organizations to proactively identify, monitor, and manage their external digital footprint.
- Understanding the attack surface is crucial for prioritizing security measures, detecting vulnerabilities, and fortifying defenses.
- EASM complements traditional security practices by providing continuous monitoring and threat intelligence to address emerging threats.
Common Use Cases:
- Asset Discovery: EASM facilitates the identification and cataloging of external assets, including websites, applications, and cloud services.
- Tagging and Classification: Efficient tagging of assets by type aids in prioritizing remediation efforts and streamlining security management.
- False Positive Mitigation: EASM solutions strive to reduce false positives by accurately categorizing assets and minimizing noise in security alerts.
- False Negative Identification: Addressing false negatives ensures comprehensive coverage of the attack surface and minimizes blind spots in security defenses.
Augmenting Threat Intelligence:
- EASM augments threat intelligence by correlating external attack surface data with threat actor profiles and tactics, techniques, and procedures (TTPs).
- Pinpointing specific risks posed by threat actors to the organization enhances the actionable insights derived from threat intelligence.
Enhancing Vulnerability Management:
- EASM enhances vulnerability management programs by providing visibility into external assets and their associated risks.
- Identifying overlooked assets and vulnerabilities enables organizations to prioritize patching and remediation efforts effectively.
External Attack Surface Management is instrumental in advancing cybersecurity strategies, offering organizations comprehensive visibility and actionable insights into their external attack surface. By harnessing EASM solutions, organizations can proactively identify and mitigate risks, strengthen their security posture, and stay ahead of evolving threats. Let's embrace EASM as a vital component of modern cybersecurity and empower organizations to safeguard their digital assets effectively.
Speakers:
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/
Ed Adams, a seasoned software quality and security expert with over two decades of industry experience. As CEO of Security Innovation and a Ponemon Institute Research Fellow, Ed is renowned for his contributions to advancing cybersecurity practices. With a diverse background spanning from engineering for the US Army to senior management positions in leading tech companies, Ed brings a wealth of expertise to the table.
https://www.linkedin.com/in/edadamsboston
Paul Dibello, based in Duxbury, MA, US, is currently a Senior Vice President Global Business Development at ShadowDragon, bringing experience from previous roles at FireCompass, R9B, Virtru Corporation and iSIGHT Partners - A FireEye Company. Paul DiBello holds a 1986 - 1990 Bachelor of Arts (BA) in Economics @ Princeton University. With a robust skill set that includes Software, Sales, Project Management, Development, Operations and more, Paul DiBello contributes valuable insights to the industry.
https://www.linkedin.com/in/pauldibello11
Tejas Shroff based in Boston, MA, US, is currently a Software Engineer at Tangle, bringing experience from previous roles at Aperion Studios, XPO Logistics, Inc., Oculus VR and Beach Day Studios. Tejas Shroff holds a 2019 - 2019 UX Design Immersive in Design & User Experience @ General Assembly. With a robust skill set that includes Leadership, Social Networking, Start Ups, Social Media, Teamwork and more, Tejas Shroff contributes valuable insights to the industry.
Comments