In today's rapidly evolving cybersecurity landscape, organizations face unprecedented challenges, particularly in the wake of the "new normal" brought about by global events. Remote work, cloud adoption, and digital transformation have expanded the attack surface, necessitating innovative approaches to security. One such approach gaining prominence is External Attack Surface Management (EASM). In this blog, we delve into the significance of EASM in addressing cybersecurity challenges amid the new normal, exploring its key concepts, use cases, and implications for organizations.
Here is the verbatim discussion:
that's a great point I mean and I'll I'll throw this out to you and maybe to Ed um before we jump into into the next topic I wanted to U discuss but what do you think about what do you think the uptake is in the in the and I hate using this term but it is everybody's using it in this new normal world that we're living in right where we have we now have almost like the Wild Wild West again right we have uh we have a lot of people working from home that have never worked from home ever in their careers we have the brick and mortar is now the is now the cloud and and it's the cloud you know part two three four five mid pandemic and hopefully getting toward the end but I don't think the world's ever going to be the same from a market perspective so Paul what are your thoughts there Paul that's a great Point how I say that is the two Z's have taken and catapulted over in the A2Z of our your day-to-day words and that those two z's are one is zero trust and one is zoom these two have basically taken over the world in the last one one one and a half years because zero trust was a term which was Loosely used but all of a sudden it's become so critical because you no longer know who's trying to connect into the network you have to authorize each and authorize authenticate each and every person before they can get into your network you no longer can trust anyone obviously Zoom I won't go into it because we are on Google meet so I'm not going to go and talk about Zoom but I'm just kidding but okay go Google's always list but this as you said The New Normal has been working remotely where people working from anywhere you no longer know where people are connecting from uh to use our current discussion the attack surface has just funded that much more exponentially earlier people were working from their offices so you had a controlled environment now people can connect from anywhere and that basically adds to the problem uh those Discovery assets would never have been captured earlier because now people are using the bods they are bringing their own devices so they are not registered in the asset management tools so the IP addresses are not registered in the asset management tools lot of companies are going away from VPN so things like the secure Gateway Etc have started to take lot of effect like how bkash mentioned about casby similarly secure Gateway also has gained lot of prominence over last couple of years where people are now preferring secure Gateway over VPN so again not here to solve the problem I leave it to Ed but just wanted to know the new normal has only expanded the attack surface has created more more possibilities of an attack than what we had before let me let me throw one over to Ed and this is really for both you you Tas and Ed because you're.
Highlights :
The Emergence of the New Normal:
- Remote work, cloud migration, and digitalization have redefined traditional workplace dynamics, leading to a decentralized workforce and a shift from on-premises to cloud-based infrastructures.
- The "new normal" presents unique cybersecurity challenges, including increased attack surface, endpoint vulnerabilities, and the need for secure remote access solutions.
Significance of External Attack Surface Management:
- EASM enables organizations to gain visibility into their external attack surface, including internet-facing assets, cloud services, and third-party connections.
- By continuously monitoring and assessing the external attack surface, organizations can proactively identify and mitigate security risks, such as unsecured assets, misconfigurations, and exposed sensitive data.
Addressing Cybersecurity Risks:
- EASM complements traditional security measures by providing real-time threat intelligence, asset discovery, and vulnerability management capabilities.
- It enhances security posture by identifying shadow IT, detecting unauthorized access attempts, and prioritizing remediation efforts based on risk exposure.
Use Cases of EASM:
- Asset Discovery: EASM solutions facilitate the identification and categorization of external assets, including websites, applications, and cloud resources.
- Threat Intelligence Augmentation: By correlating external attack surface data with threat intelligence feeds, EASM enhances threat detection and incident response capabilities.
- Vulnerability Management: EASM helps organizations prioritize patching and remediation efforts by identifying vulnerabilities and exposures across the external attack surface.
In conclusion, External Attack Surface Management emerges as a critical cybersecurity strategy in the new normal, empowering organizations to navigate evolving threats and safeguard their digital assets effectively. By leveraging EASM solutions, organizations can gain comprehensive visibility into their external attack surface, proactively identify security risks, and enhance their security posture in an increasingly complex threat landscape. As organizations adapt to the new normal, EASM plays a pivotal role in strengthening cybersecurity resilience and enabling secure business operations in a digital-first world.
Speakers:
Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/
Ed Adams, a seasoned software quality and security expert with over two decades of industry experience. As CEO of Security Innovation and a Ponemon Institute Research Fellow, Ed is renowned for his contributions to advancing cybersecurity practices. With a diverse background spanning from engineering for the US Army to senior management positions in leading tech companies, Ed brings a wealth of expertise to the table.
https://www.linkedin.com/in/edadamsboston
Paul Dibello, based in Duxbury, MA, US, is currently a Senior Vice President Global Business Development at ShadowDragon, bringing experience from previous roles at FireCompass, R9B, Virtru Corporation and iSIGHT Partners - A FireEye Company. Paul DiBello holds a 1986 - 1990 Bachelor of Arts (BA) in Economics @ Princeton University. With a robust skill set that includes Software, Sales, Project Management, Development, Operations and more, Paul DiBello contributes valuable insights to the industry.
https://www.linkedin.com/in/pauldibello11
Tejas Shroff based in Boston, MA, US, is currently a Software Engineer at Tangle, bringing experience from previous roles at Aperion Studios, XPO Logistics, Inc., Oculus VR and Beach Day Studios. Tejas Shroff holds a 2019 - 2019 UX Design Immersive in Design & User Experience @ General Assembly. With a robust skill set that includes Leadership, Social Networking, Start Ups, Social Media, Teamwork and more, Tejas Shroff contributes valuable insights to the industry.
https://www.linkedin.com/in/tejasshroff
Comments