In the intricate realm of cybersecurity, vigilance is paramount. As the digital landscape continues to evolve, organizations face a myriad of threats, from network vulnerabilities to sophisticated zero-day attacks. In this blog, we delve into the dynamic nature of cybersecurity threats and explore the role of External Attack Surface Management (EASM) in fortifying organizational defenses. Join us as we unravel the complexities of the cybersecurity landscape and discover how EASM strategies can mitigate risks and enhance security postures.

Here is the verbatim discussion:

Is causing a large organization to get breached and many of those are like Shadow it unknown assets um which are not known to the organization and then there are others which are nuclear weapons kind of stuff which is um zero day attacks I mean those are very rare very rarely somebody gets compromised because of a zero day or a very complex multi-stage attack so those are more like nuclear weapons so most of the battles are lost not because of a nuclear bomb being deployed it is lost because of a nail and that nail those small issues which are there in the attack surface this is kind of proliferating in a b very very big way so how do we then manage that so managing our external I since probably couple of decades so if I look at the way the hacking landscape has kind of changed over a period of time so it went through a lot of interesting phases so there were times when the hacking used to happen more through compromise of the network level vulnerabilities then came a phase where application Level vulnerabilities took over and then a little bit later something very strange happened when the industry went through like two decades of vulnerability assessment penetration testing and all this super cool stuff we started seeing some strange stuff happening in last few years and I'll give you an example one of the strange stu stuff is like one of the topmost names in the financial services companies got compromised because they analysts will give you some critical insights common use cases talk a little bit about some comparisons and and contrasts with a lot of the different types of uh of of again Gardner and Industry Forester and Industry acronyms that we see out there as it relates to the concept of of a tech surface Recon and and and surface management as well as exploitation and continuous testing um and talk a little bit how it relates to the mitor attch framework uh this session today will be a precursor to the 13th annual siso platform Summit which will uh which will take place next week on I believe June the 2D and 3 so it's a little little little teaser um in advance of the sessions uh that we'll all be a part of next week um we're going to touch upon understanding a little bit about this um especially in where we are in our our up crazy little upside down world that we are all living in today.

Highlights :

Evolution of the Hacking Landscape:

• Over the past decades, the hacking landscape has undergone significant transformations, from network-level vulnerabilities to application-level exploits.
• Despite advancements in vulnerability assessment and penetration testing, the emergence of new attack vectors poses unprecedented challenges to organizations.

Understanding the Importance of EASM:

• EASM addresses the critical need for visibility into an organization's external attack surface, encompassing assets, vulnerabilities, and potential threats.
• By proactively managing external attack surfaces, organizations can mitigate risks associated with shadow IT and unknown assets, thereby enhancing their security posture.

Mitigating Risks with EASM:

• EASM solutions facilitate comprehensive asset discovery, enabling organizations to identify and prioritize vulnerabilities across their digital footprint.
• Active assessment capabilities empower organizations to simulate real-world attacks and test the efficacy of their security defenses.
• Integration with frameworks like MITRE ATT&CK provides actionable insights into adversary tactics, enabling organizations to develop robust defensive strategies.

As cyber threats continue to evolve, organizations must adopt proactive strategies to safeguard their digital assets. EASM emerges as a crucial component of modern cybersecurity, offering unparalleled visibility and risk mitigation capabilities. By leveraging EASM solutions and integrating frameworks like MITRE ATT&CK, organizations can bolster their defenses against a diverse range of threats, from network vulnerabilities to zero-day attacks. As we navigate the ever-evolving cybersecurity landscape, EASM remains a cornerstone of organizational resilience, empowering organizations to stay one step ahead of cyber adversaries.

Speakers:

Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/

Ed Adams, a seasoned software quality and security expert with over two decades of industry experience. As CEO of Security Innovation and a Ponemon Institute Research Fellow, Ed is renowned for his contributions to advancing cybersecurity practices. With a diverse background spanning from engineering for the US Army to senior management positions in leading tech companies, Ed brings a wealth of expertise to the table.

https://twitter.com/appsec

https://www.linkedin.com/in/edadamsboston

Paul Dibello, based in Duxbury, MA, US, is currently a Senior Vice President Global Business Development at ShadowDragon, bringing experience from previous roles at FireCompass, R9B, Virtru Corporation and iSIGHT Partners - A FireEye Company. Paul DiBello holds a 1986 - 1990 Bachelor of Arts (BA) in Economics @ Princeton University. With a robust skill set that includes Software, Sales, Project Management, Development, Operations and more, Paul DiBello contributes valuable insights to the industry.

https://www.linkedin.com/in/pauldibello11

Tejas Shroff based in Boston, MA, US, is currently a Software Engineer at Tangle, bringing experience from previous roles at Aperion Studios, XPO Logistics, Inc., Oculus VR and Beach Day Studios. Tejas Shroff holds a 2019 - 2019 UX Design Immersive in Design & User Experience @ General Assembly. With a robust skill set that includes Leadership, Social Networking, Start Ups, Social Media, Teamwork and more, Tejas Shroff contributes valuable insights to the industry.

https://www.linkedin.com/in/tejasshroff