Welcome to a deep dive into the realm of cybersecurity vigilance, where External Attack Surface Management (EASM) emerges as a critical pillar in safeguarding digital assets. In today's discussion, we unravel the multifaceted layers of EASM, exploring its role in addressing modern cyber threats and fortifying organizational defenses. Join us as we dissect real-world use cases, delve into the intricacies of threat reconnaissance, and elucidate the transformative impact of continuous security monitoring.
Here is the verbatim discussion:
in a word is awesome uh it is literally a collection of attacker techniques and tactics used in the real world uh so what merer did and merer is a US Government um Think Tank research organization they researched thousands of actual attacks on it systems applications infrastructure iot devices Etc and documented 215 discrete techniques and they organized them in in various groups and with talked about some of those groups already reconnaissance exfiltration privilege uh escalation Etc um but they don't just document the attacks they also uh document mitigations uh that you can that you can put in place for for the attacks but to me the the relevance and importance of the mitro tech framework is it delivers to you exactly what an adversary is going to be doing to your infrastructure and it allows you by practicing or implementing some of these attack techniques which is a typically a red team activity to build a lot of the defensive postures blue team technique so as you're building the products and services that run your Enterprise you can do so with that defensive mindset and a more secure mindset and that's the purple teaming concept so from an attack surface management perspective the external attack surface management um all of the the reconnaissance the discovery um the credential access um that's what attackers are doing anyways and that's what a good external attack surface management platform will do for you a lot of the easm platforms are implementing many of these 215 discret attacker techniques that the miter attack framework documents so um and the miter attack framework by the way is free um they've got downloadable assets uh it's it's just a really really use useful valuable between esm and risk protection C you know DRP um some of the Bas stuff um and you you had mentioned uh one of your clients whose name shall remain uh silent uh to protect the innocent but yeah you you had an interesting use case and it was I think it was back from 2018 and maybe you could explain that use case to the group and then maybe how you might do that differently for your client at this point three years later absolutely absolutely as you as Paul put it in the right perspective it was 2018 so that time no one had experienced this uh as remotely operating things and people who were still working off of the office and yes there were challenges but the challenges in terms of number were relatively lower because some of them were U like the not the known challenges but the seen challenges there were people you could see and you could know based Bas on their behavior but now you're treating with a complete unknown you don't even know who the person connecting if they don't turn their camera on you don't know who's operating on the other side of things so somebody might be working remotely but you don't know who's really working on it but to go into that use case I think the use case we had done for a very large uh client of mine and what we had done was they wanted to get an assessment done uh and we did it on both sides one from a external attack surface management where we compiled a list of uh external assets and uh approached it from the outside with the external attack surface management to identify the list of Discovery and the other one was from the bottom up approach using more of a security architecture and based on that we tried to uh converge and come up with a point and we added the third angle to that some of those external assets we even had some deep and dark web scans and some of the results were so so surprising and one thing which I found as a part of my research was almost 90% of the transactions happen in the dark web me which we are not even aware and a lot of people they are just scratching the surface when they think that everything happens in the clear web while so much work happens in the dark web that we are not even aware and that use case help the client show what's going on in the dark web what's going on what were their assets which were being exposed which they were completely unaware of that Discovery helped clients know about some of the tools some of the tools which were they thought they were already no longer using it but they still had ends open sitting on the internet and as Ed rightly mentioned right means you can run a scan you can try to find out and do the discovery but by the time you finish you probably may have gone and added few more assets so there's no way to go back so that continuous part which Ed was mentioning is the key because if you're not even aware what you add it then you have to wait for the next compliance scan which you're going to do so a lot of people just do it scan for the compliance reasons so they can have that checkbox and that's not going to be too useful if you're trying to be protective are you trying to be a protective or you are you just telling the attackers by put BR out a sign that yes I've done my due diligence so are you doing it for due diligence or are you doing it for proactive security monitoring of your assets that's the key and Paul to say that how we would have done it differently absolutely things would have been so much differently done had we done it right now and I'm I'm sure the results would have been very very different sorry because you are trying to say something No no im good yeah.
Highlights:
Understanding EASM and Its Significance:
- Delving into the genesis of EASM, crafted as a specialized focus on managing the external attack surface by Gartner.
- Highlighting the imperative of gaining visibility into all external assets, assessing associated risks, and proactively addressing vulnerabilities at scale.
Leveraging the MITRE ATT&CK Framework:
- Unveiling the potency of the MITRE ATT&CK Framework as a compendium of real-world attacker techniques and tactics.
- Exploring the framework's role in equipping organizations with actionable insights into adversary behavior, facilitating the development of robust defensive strategies.
Realizing the Power of Continuous Security Monitoring:
- Emphasizing the significance of continuous security monitoring in the face of evolving cyber threats and decentralized deployment practices.
- Illustrating the pivotal role of EASM platforms in implementing attacker techniques documented in the MITRE ATT&CK Framework, enabling proactive threat mitigation.
Navigating Evolving Threat Landscapes:
- Reflecting on the evolution of cyber threats, from network-level compromises to decentralized deployment challenges.
- Addressing the need for organizations to adapt their security postures to combat emerging threats effectively, leveraging EASM principles.
In conclusion, the convergence of External Attack Surface Management, the MITRE ATT&CK Framework, and continuous security monitoring heralds a new era of cybersecurity resilience. By embracing EASM principles and leveraging actionable insights from the MITRE ATT&CK Framework, organizations can fortify their defenses against modern cyber threats. Today's discussion serves as a clarion call to prioritize cybersecurity vigilance, empowering organizations to stay ahead of adversaries and safeguard their digital assets effectively. Thank you for embarking on this enlightening journey with us.
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/
Ed Adams, a seasoned software quality and security expert with over two decades of industry experience. As CEO of Security Innovation and a Ponemon Institute Research Fellow, Ed is renowned for his contributions to advancing cybersecurity practices. With a diverse background spanning from engineering for the US Army to senior management positions in leading tech companies, Ed brings a wealth of expertise to the table.
https://www.linkedin.com/in/edadamsboston
Paul Dibello, based in Duxbury, MA, US, is currently a Senior Vice President Global Business Development at ShadowDragon, bringing experience from previous roles at FireCompass, R9B, Virtru Corporation and iSIGHT Partners - A FireEye Company. Paul DiBello holds a 1986 - 1990 Bachelor of Arts (BA) in Economics @ Princeton University. With a robust skill set that includes Software, Sales, Project Management, Development, Operations and more, Paul DiBello contributes valuable insights to the industry.
https://www.linkedin.com/in/pauldibello11
Tejas Shroff based in Boston, MA, US, is currently a Software Engineer at Tangle, bringing experience from previous roles at Aperion Studios, XPO Logistics, Inc., Oculus VR and Beach Day Studios. Tejas Shroff holds a 2019 - 2019 UX Design Immersive in Design & User Experience @ General Assembly. With a robust skill set that includes Leadership, Social Networking, Start Ups, Social Media, Teamwork and more, Tejas Shroff contributes valuable insights to the industry.
Comments