Embark on a journey into the world of cybersecurity resilience, where External Attack Surface Management (EASM) intersects with the powerful insights of the MITRE ATT&CK Framework. In this exploration, we unravel the key capabilities of EASM solutions and delve into the symbiotic relationship between EASM and the MITRE ATT&CK Framework. Join us as we navigate through the realms of threat discovery, active assessment, and continuous security monitoring to fortify organizational defenses against evolving cyber threats.
Here is the verbatim discussion:
that uh the you I wish I wish everybody knew the client because uh we'd like to talk to them I'd like to talk to them uh I'm just kidding um so so changeing gears a little bit we only have we have 16 minutes left but I I wanted to talk a little bit or or kind of go down the dire two two different directions first direction is back to yacos who we let you be quiet long enough here um the some of the key capabilities of external Tech surface Management Incorporated with some of the let's let's tie the modules together I'm just going to kind of go there right so there's the you know there's the easm component again Recon Discovery asset inventory whatever the buzz is right boom that's must have right and and that in a continuous kind of on a continuous basis there's also this there's a lot of new acronyms out there as well continuous automated red teaming cart continuous automated security testing cast right automated exploitation right Ed talked a little bit about breach uh attack simulation um key capabilities of a full endtoend easm solution what are your thoughts Picos on that and then I know that we had I think we have some folks on the phone as well that come from the Consulting world right right that are Consulting they're doing cyber security Consulting talk a little bit about how you think that a comprehensive easm slash continuous testing you know package could assist and potentially helping to automate what has been uh let's say automate some of what has been a traditionally manual process we will never I want to make this statement we will never get rid of the human that is not the intent of ASM or you know cart or cast or whatever right it is about making the human smarter right it is about making the human giving the human the ability to do the high dollar stuff and then I'm again I'm just focusing on Consulting right right now right in that world add you and you know and T as you live in that world because you have big you have practices that are focused on that so making the human been smarter as it relates to some of the Automation and giving and allowing them to focus on the stuff that really really the C client really needs which is that repeatable process and that you know that continuous um security architecture design or whatever it might be so talk a little bit peau about key capabilities of a of a holistic program and then maybe some of the nuances there in from a from from an overall Market perspective sure sure so if you look at esm and and these terminologies are kind of created by different groups right you have esm you have bass uh and there's some overlap there you have ASM which is there let me talk about it as broad concept like what are the key capabilities that one should look for so one of the primary capability is Discovery right so discovery of Assets Now when you look for the discovery of assets uh the key things to look for is what kind of assets does it discover does it discovered the cloud buckets does it discover the applications does it discovered the apis the subdomains the IP addresses Etc so the coverage of Discovery is one of the things the second thing is the false positives so when you do esm it's a very hard problem because there are ephemeral IPS which are continuously changing on the cloud how well can you discover those now there's no perfect solution in the world today everybody is working towards that but look for the false positives out there there are um suppose um W uh IPS and CDN IPS so you those are not exactly your IPS so how how does the system discover those and appropriately tag those assets so the coverage of asset Discovery as one thing the tagging of asset Discovery by type is the second thing the third is the false positive rate over there and the fourth thing is also going to be the false negatives what am I missing out what are those assets which are out there but the system is not able to discover so this is one part the other part is how frequently is the system doing it I mean how how many times does the database get uh refreshed I mean does it get refreshed every day does it get refreshed every week so that's the other part the frequency the quality of data source which you have does it cover the dark WB does it cover only the Deep Web Etc so that's another part of the critical capability so this is more around the discovery and let's move to the next part which is the active assessment so does the system also do active assessment because when you just do passive Discovery through Banner grabbing and open source intelligence there can be a lot of false positives the vulnerability Discovery is not going to be accurate so can does the system have the capability to run real um kind of um safe attacks so or active assessments so that's the other so if there are active assessment modules what type of modules are there knowing those I mean does it cover applications or IPS Cloud um Docker container etc etc so the the active assessment capability in depth is the other part which one should look into then the third part will be the kind of run books which are there if if also red teaming as um some of you have noticed Gartner also mentioned in the ASM report that there are two kind of directions in which the ASM Market is heading towards One Direction is more about the discovery another direction is about the red teaming and the attack so in that case what kind of red teaming capabilities does the system have uh or the solution have so these are some of the broad kind of capabilities one should look for while while evaluating a solution and uh of course the use of this tool could be in two ways one is like and and end or end user organizations using it the other could be manage services Consulting companies using it but whatever be the use um largely these are the critical capabilities but if you are a consulting company or a managed services provider then there are some more use cases which becomes more important but I'm not getting into that direction um in the interest of time so that's broadly about the critical capabilities call thanks bicash I appreciate that so I'm going to do a time check we have nine minutes left I have a couple of I I keep looking over here and I feel bad because you're seeing like my bald spot on the top of my head I'm looking at my phone but my our lady behind the curtain pulami is sending me a couple of really important questions that I like to have answered before we get off the phone but before that one kind of last point that you had mentioned earlier that I'd love to maybe get your take on and that is the kind of the overview of the miter attack framework as relates to the easm kind of world from your perspective because I know that you know those types of requirements are always kind of dangling out there as much as we like to as much as we don't like to admit it it's it is a the nature of our Beast so maybe for three or four minutes we can do that talk about that and then we can jump over to a couple questions absolutely so I'll I'll try to keep this brief so we have some time to answer questions but uh in in my opinion the miter framework.
Highlights:
Key Capabilities of EASM Solutions:
- Comprehensive asset discovery capabilities, encompassing cloud resources, applications, APIs, subdomains, and IP addresses.
- Mitigation of false positives and false negatives, ensuring the accuracy and reliability of threat identification.
- Active assessment modules for conducting safe attacks, enabling organizations to proactively address vulnerabilities.
- Runbook functionalities for red teaming and attack simulations, empowering organizations to test and enhance their security postures.
Harnessing the MITRE ATT&CK Framework:
- The MITRE ATT&CK Framework serves as a compendium of real-world attacker techniques and tactics, providing actionable insights into adversary behavior.
- Facilitates the development of robust defensive strategies by enabling organizations to understand and counter adversary tactics effectively.
- Empowers organizations to focus on high-value security initiatives by automating repetitive tasks and enhancing security architecture design.
As organizations navigate the complex landscape of cybersecurity threats, the integration of EASM solutions and the MITRE ATT&CK Framework emerges as a potent strategy for bolstering cyber defenses. By leveraging the comprehensive capabilities of EASM solutions, organizations can gain unparalleled visibility into their external attack surface, proactively identify and mitigate vulnerabilities, and enhance their security postures. Furthermore, the MITRE ATT&CK Framework equips organizations with invaluable insights into adversary behavior, enabling them to develop robust defensive strategies and prioritize security initiatives effectively. Together, EASM and the MITRE ATT&CK Framework pave the way for a proactive and resilient cybersecurity posture, safeguarding organizations against the evolving threat landscape.
Speakers:
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/
Ed Adams, a seasoned software quality and security expert with over two decades of industry experience. As CEO of Security Innovation and a Ponemon Institute Research Fellow, Ed is renowned for his contributions to advancing cybersecurity practices. With a diverse background spanning from engineering for the US Army to senior management positions in leading tech companies, Ed brings a wealth of expertise to the table.
https://www.linkedin.com/in/edadamsboston
Paul Dibello, based in Duxbury, MA, US, is currently a Senior Vice President Global Business Development at ShadowDragon, bringing experience from previous roles at FireCompass, R9B, Virtru Corporation and iSIGHT Partners - A FireEye Company. Paul DiBello holds a 1986 - 1990 Bachelor of Arts (BA) in Economics @ Princeton University. With a robust skill set that includes Software, Sales, Project Management, Development, Operations and more, Paul DiBello contributes valuable insights to the industry.
https://www.linkedin.com/in/pauldibello11
Tejas Shroff based in Boston, MA, US, is currently a Software Engineer at Tangle, bringing experience from previous roles at Aperion Studios, XPO Logistics, Inc., Oculus VR and Beach Day Studios. Tejas Shroff holds a 2019 - 2019 UX Design Immersive in Design & User Experience @ General Assembly. With a robust skill set that includes Leadership, Social Networking, Start Ups, Social Media, Teamwork and more, Tejas Shroff contributes valuable insights to the industry.
https://www.linkedin.com/in/tejasshroff
Comments