pritha's Posts (578)

Sort by

We had a community webinar on "From Chaos To Control : Lessons Learned From The Ransomware Attack". We discussed the importance of cybersecurity and the growing threat of ransomware attacks. Described the specific incident we experienced, highlighting the impact on our organization and the challenges we faced. Key lessons we learned from the incident, including what worked well and what could have been done differently. Emphasize the importance of having a comprehensive backup and employee training.

 

Session Agenda

  • Importance of having a comprehensive incident response plan
  • Need for regular backups and employee training
  • Best practices for preventing ransomware attacks
  • Need for ongoing monitoring and testing of security measures to ensure they are effective and up to date
  • Importance of learning from the experience and continually improving security measures to stay ahead of evolving threats

 

About Speaker

Prabhakar Ramakrishnan, CISO & General Manager - IT Infrastructure at TNQ Technologies

 

(PPT) Presentation From The Discussion

 

Discussion Highlights

1. Growing Threat of Ransomware Attacks

  • Ransomware is a type of malware that encrypts files on a victim's computer system, making them inaccessible until a ransom is paid
  • The threat of ransomware attacks is growing as cybercriminals are becoming more sophisticated and using new tactics such as double extortion, where they not only encrypt the victim's data but also threaten to leak it if the ransom is not paid

 

2. Impact of Ransomware Attacks

  • Ransomware attacks can have a devastating impact on individuals and organizations, causing financial losses, reputational damage, and even legal liabilities
  • In addition to the direct costs of paying the ransom and restoring the encrypted data, there are also indirect costs such as lost productivity, business interruption and regulatory compliance

 

3. Personal experience and lessons learned :

1.jpg?profile=RESIZE_710x

 

Backup - RPO : 2hours, 8hours, 24hours

Incident Response Plan

2.jpg?profile=RESIZE_710x

 

4. How we recovered

3.jpg?profile=RESIZE_710x

 

4.jpg?profile=RESIZE_710x

 

5.jpg?profile=RESIZE_710x

 

6.jpg?profile=RESIZE_710x

 

5. Incident Summary

  • Threat actor used a compromised account to access the servers over RDP
  • Using the Admin account the Threat actor copied and installed an open-source softwarefor anonymous communication named TOR (The Onion Router). During this installation, Threat Actor masqueraded the anonymity software TOR as Applocker.exe which is a legitimate Microsoft Windows application
  • TOR is an open-source software that creates a multi-hop proxy network which allows Threat Actors to communicate with the installed systems over an encrypted channel
  • To further maintain persistence in the environment, the Threat Actor installed multiple remote management software like Atera agent, AnyDesk, LogMeIn and BitVise and ZeroTier
  • Threat Actor attempted to perform lateral movement by installing the Remote Management tool named Action1
  • Threat Actor used the compromised privileged account to copy a compressed file which contained multiple legitimate system administration tools, different variants of ransomware encryptor and text files
  • Threat Actor created an account MS_BACKUP on the Domain controller and added the Account Domain Admin Group

 

6. Ransomware Deployment Activity

  • The Threat Actor copied multiple binaries of Windows and Linux based ALPHV ransomware encryptors to the system
  • The Threat Actor targeted ESXi systems by copying the Linux ALPHV ransomware executable and linkable format (ELF) binaries on multiple VMware ESXi systems
  • Once connected to the ESXi systems through SSH connections using the root account, the Threat Actor copied over the ALPHV ELF binary encryptor to the ESXi systems and executed the ransomware encryptor. This resulted in the encryption of several virtual machine disk (VMDK) files stored on the datastore attached to these ESXi systems

 

7. Major Gap’s

  • EDR was not installed in the servers that were compromised
  • Weak password, Same password used for multiple devices
  • 2FA was not configured for all external facing applications
  • Backups stored in the same environment
  • Lack of centralized logging

 

8. Important Documents

  • Situational Awareness Report
  • Communication Plan
  • Recovery Process

 

 

 

Read more…

We are excited for the next ‘Best Of The World’ Session On "Impacts of Web3 on Cybersecurity : Cyber Security Incidents; Loopholes; Prevention; Mitigation & More" by Gregory Pickett (Blackhat USA Speaker, CISSP, GCIA, GPEN, Head of Cybersecurity Operations, Hellfire Security)

 

The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. It has featured great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).

 

Key Discussion Points :

  • Discuss Security Incidents & Business Use Case
  • Understanding Web 3 Pros
  • Understanding Web 3 Cons. Prevention mechanism
  • How to make sure that it doesn’t happen to you ?

 

You can join us here: https://info.cisoplatform.com/stories-from-the-web3-battlefield-a-hackers-point-of-view?utm_src=cpblog

 

Gregory%20V4.png?profile=RESIZE_710x

 

Please Note : Since the speakers are across the globe (best of the world in security), the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.

 

Read more…

We had “Best Of The World In Security” Webinar On "Analysing Cybersecurity Industry In Quarter 1". We discussed the latest analysis of the 3,251+ vendors in the cybersecurity industry. A bottoms up analysis of all the vendors derived from platform for industry research reveals the overall health of cybersecurity. Which companies and segments are growing and Which are failing Learnt how do these numbers compare to historical trends.

 

Session Agenda

  • Zero signs of industry consolidation
  • Digital Mercantilism is driving the growth in number of vendors
  • Still no solution to the SolarWinds problem

 

About Speaker

Richard Stiennon is the Past VP Research, Network Security @Gartner, Author of Security Yearbook 2023. He is the Chief Research Analyst for IT-Harvest and has presented on cybersecurity in 29 countries in six continents, A Lecturer at Charles Sturt University and the Author of Surviving Cyberwar and There Will Be Cyberwar. Richard held leadership roles at Blancco Technology Group, Fortinet, Webroot Software and Gartner.

 

(Webinar) Recorded

 

Discussion Highlights

1. The vendor companies are categorization process & Industry experts. There are 3359 vendors company which create their own technology for security. The vendors are breakdown into categories by the country. The top 5 bucket of cybersecurity have always been - Government Risk Compliance (GRC), Data Security, Identity & Access Management (IAM), Network security, Endpoint Security.

There were 71 vendors that took in new capital. They were spread across 16 of the 17 categories we track, Deception was the one category with no new investments. As usual, the US led in funding rounds, followed by Israel and then the UK.

1.jpg?profile=RESIZE_710x

 

2. Vendors graph by founding dates, average date is 12 years.

2.jpg?profile=RESIZE_710x

 

3. Vendors category Differences by Country 

3.jpg?profile=RESIZE_710x

 

4. 50 more vendors are from India

4.jpg?profile=RESIZE_710x

 

5. Growth by Sector, 2022

  • Training
  • Fraud Prevention
  • Testing
  • Security Analytics
  • Deception
  • GRC
  • IOT Security
  • Network Security
  • Endpoint Security

5.jpg?profile=RESIZE_710x

 

6. Growth by Sector, Quarter 1 2023

  • Training
  • Fraud Prevention
  • Testing
  • Security Analytics
  • Deception
  • GRC
  • IOT Security
  • Network Security
  • Endpoint Security

6.jpg?profile=RESIZE_710x

 

7. Fastest Growing Quarter 1, 2023

7.jpg?profile=RESIZE_710x

 

8. Investments - $17 billion 2022, while at $2.4 billion in Q1 on track to be under $10 billion in 2023. Last year saw 330 total investments, so Q1 is running at a lower annualized rate of 284. The top rounds below were all over $50 million, with NetSkope taking in the largest round of $401 million and Wiz taking in an additional $300 million at a $10 billion valuation.

8.jpg?profile=RESIZE_710x

 

9. Is the Industry Heading into a Recession?

  • 54% of vendors grew in 2022
  • 26% lost head count
  • $17 billion is up 70% from 2020 level
  • There were 338 acquisitions compared to 2021’s 415

 

Total funding was $2.413 billion, on track for a paltry $9.6 billion which will fall short of 2020’s $10 billion (which was a record at the time.) When I was a Gartner analyst we pegged the entire industry at a $2.2 billion market.One explanation for the short fall in new funding rounds could be that the March collapse of Silicon Valley Bank disrupted deal flow across the entire tech center. We will know if that is the case as Q2 plays out. An upswing in activity may be explained by delayed Q1 deals. (Reference link here)

 

Read more…

We are excited for the next ‘Best Of The World’ Session On (Can't Google It | Best Of The World) Richard Stiennon (Past VP Research, Network Security @Gartner; Chief Research Analyst, IT-Harvest) On "Analysing Q1 Cybersecurity Industry" | CISO Session. 

 

The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. It has featured great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).

 

Key Discussion Points :

  • Zero signs of industry consolidation
  • Digital Mercantilism is driving the growth in number of vendors
  • Still no solution to the SolarWinds problem

 

You can join us here: https://info.cisoplatform.com/q1-entire-cybersecurity-industry?utm_src=cpblog

 

Richard%20v3.png?profile=RESIZE_710x

 

Please Note : Since the speakers are across the globe (best of the world in security), the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.

 

Read more…

We had “Best Of The World In Security” Webinar On "DevOps Lesson For Your SOC (SRE)". We discussed Google-inspired lessons of transforming detection and response practices using the approach we call Autonomic Security Operations. DevOps transformed IT and changed roles, practices and skills within IT. Security in general and security ops, in particular, are sometimes left behind. 

 

Session Agenda

  • How does the security analyst role evolve?
  • How security processes change in an ASO SOC?
  • How automation reduces toil (and what is toil, anyway)

 

About Speaker

Dr. Anton Chuvakin, Past Gartner Analyst and very well known in the information security community. He is currently the security advisor at Office Of The CISO At Google Cloud. He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance.

 

(Webinar) Recorded

 

Discussion Highlights

1. 2003 or 2023? Sec Ops is Ripe for Transformation

  • We can’t store and analyze all data, resulting in blindspots
  • It’s cost prohibitive to ingest all the data we need
  • It takes too long to investigate alerts
  • We struggle to build effective detection and have too many false positives/negatives
  • Our processes are too manual, we are too slow to respond to and remediate threats
  • We don’t have enough skilled engineers to make everything work

 

2.  What Outcomes did DevOps / SRE achieve?

b1.jpg?profile=RESIZE_710x

 

3. Google vs Enterprise “SecOps”

- What does Google do?

  • Automation/SRE is a mindset – part of the hiring process, part of OKRs, and performance reviews
  • Requires coding interviews, high pay, attracts the best, invests in growth
  • 40/40/20 between eng, operations, and learning
  • Investment in efficiency solves for human costs
  • Intel strongly embedded in D&R, mostly utilized towards proactive work, strong collaboration across Alphabet & benefits from developer hygiene

- What do most enterprises do?

  • Experimenting with SOAR, full adoption is tough due to minimal automation culture
  • Hires traditional roles, no coding, rarely outsources, less pay, less growth, more stress
  • Utilization is almost always >100%
  • Cost-prohibitive data ingestion, oftentimes paying SIEM + DIY, increasing $ from complexity
  • CTI team produces great reports, SOC consistently doing fire drills, >90% false positive rate, uneven distribution of skill (Tier 3)

 

4. Autonomic Security Operations Principles:

- ASO should

  • Eliminate toil
  • Embrace change
  • Strive for continuous improvement
  • Bridge all siloes
  • Use service level objectives
  • Avoid hero mentality
  • Aim for simplicity

- ASO should not

  • Restrict hiring to top professionals
  • Require an engineering-only culture
  • Increase overall tooling footprint
  • Aim for incremental gain

 

5. Eliminate Toil : manual, repetitive, automatable, tactical, devoid of enduring value, and that scales linearly as a service grows

- Causes of Toil

  • Too much technical debt
  • Priorities or goals are not aligned
  • Lack of training or support
  • Lack of collaboration
  • The business value to fix is too hard to realize

- Less Gathering, More Analysis – basics to automate

  • Gathering machine information
  • Gathering user information
  • Process executions
  • All context needed to help get to final (human) judgement

- Key Activities To Implement

  • Train your team on toil & automation
  • Create an Automation Queue
  • Implement Blameless Postmortems
  • Conduct Weekly Incident Reviews
  • Implement SOAR
  • Hire Automation Engineer(s)
  • Implement CD/CR pipelines with metrics

 

6. Evolve Automation

b2.jpg?profile=RESIZE_710x

 

7. Practice Release Engineering

b3.jpg?profile=RESIZE_710x

 

8. Strive for Simplicity

Complex systems require substantial human expertise in their operation and management. This expertise changes in character as technology changes but it also changes because of the need to replace experts who leave. In every case, training and refinement of skill and expertise is one part of the function of the system itself. At any moment, therefore, a given complex system will contain practitioners and trainees with varying degrees of expertise. Critical issues related to expertise arise from (1) the need to use scarce expertise as a resource for the most difficult or demanding production needs and (2) the need to develop expertise for future use.

 

9. The Power of Continuous Improvement

b4.jpg?profile=RESIZE_710x

 

10. Actions

  • Reduce toil in your SOC - shift toil to machines
  • Evolve automation in SIEM, SOAR, threat intel, etc
  • Use SLOs / metrics to drive change
  • Practice release engineering for consistent improvement
  • Strive for simplicity with processes, technology stack, etc
Read more…

We are hosting “Best Of The World In Security” Webinar On "DevOps Lesson For Your SOC (SRE)".

The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. This series has featured many great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).

This is a community discussion with Dr. Anton Chuvakin (Ex Gartner Analyst, Security Advisor at office of the CISO, Google Cloud). We encourage you to make the most of it by inviting your teams and peer. You can send us your questions in advance or even ask live during the session in Q&A sections.

 

Why DevOps (SRE) ? 

DevOps transformed IT and changed roles, practices and skills within IT. Security in general and security ops, in particular, are sometimes left behind. This session will share Google-inspired lessons of transforming detection and response practices using the approach we call Autonomic Security Operations.

 

Key Discussion Points :  

  • How does the security analyst role evolve?
  • How security processes change in an ASO SOC?
  • How automation reduces toil (and what is toil, anyway)

 

You can join us here: https://info.cisoplatform.com/sre/devops-lesson-for-your-soc?utm_src=CPblog

 

Anton%20v4.png?profile=RESIZE_710x

Read more…

We had a community webinar on "Zero Trust : Architecture Principles; Threats; Architecture Components; Guidance Documents - NIST, CISA, NSA, DOD". We discussed history of the zero trust model, why is it relevant now ? (perimeter is dead, people work from anywhere and data is on endpoints and in the cloud), Zero trust architecture principles and tenets, Zero trust threats, Zero trust architecture components, Policy enforcement point types, Cloud deployment models, Zero trust guidance documents - NIST, CISA, NSA, DOD and more.

 

Session Agenda

  • History of the zero trust mode
  • Why is it relevant now ? (perimeter is dead, people work from anywhere and data is on endpoints and in the cloud)
  • Zero trust architecture principles and tenets
  • Zero trust threats
  • Zero trust architecture components
  • Policy enforcement point types
  • Cloud deployment models
  • Zero trust guidance documents - NIST, CISA, NSA, DOD

 

About Speaker

Wayne Tufek (Frequent Speaker RSAConference APJ, ISC 2, SACON & Renowned Security Architect) Wayne is currently on the board of the Melbourne Chapter of ISACA and holds the position of Vice President.

 

(Webinar) Recorded

 

Discussion Highlights

1. Why Zero Trust?

  • Previous security models did not  holistically apply important well known security principles
  • Most Security architectures are like a cocunut

 

2. History of Zero Trust

1.jpg?profile=RESIZE_710x

 

3. Definition of Zero Trust

  • Security model and set of design principles
  • Threats exist both inside and outside traditional network boundaries
  • Model Eliminates implicit trust in any one element
  • Instead requires continuous verification
  • Via real time information from multiple sources
  • Model assumes that a breach is inevitable or has likely already occurred
  • Limits access to what is needed and looks for anomalous or malicious activity
  • Embeds comprehensive security monitoring; granular risk based access controls
  • Data centric model allows the concept of least privilege to be applied for every access decision

 

4. Tenets

  • Identity & Inventory is key - know your users, devices, services and data
  • Trust is not based on device's network location - the network is always assumed to be hostile
  • Every device, User and network flow is authenticated and authorised
  • Access is based on context, for example the identity of the user, the device being used etc
  • Devices may be company owned or owned by the User
  • Access is granted on a per session basis
  • All communication is secure
  • Access to resources is determined by dynamic policy and observable state
  • Strong authentication is used
  • Continuous logging, monitoring and posture assessment
  • Monitoring should be an ongoing basis to access risk, access is adaptive and varies based on context
  • Assume breach - an attacker is already on our network
  • External and Internal threats exist at all times

 

5. Foundation Of Zero Trust

2.jpg?profile=RESIZE_710x

 

6. Logical Components

3.jpg?profile=RESIZE_710x

 

7. Benefits

  • Support work from anywhere
  • Prevention First
  • Protect resources regardless of their location
  • Better address threats
  • Limit an attacker's ability to move laterally
  • Users connect directly to services and not to the network
  • Improve incident detection and response
  • Improve visibility
  • Dynamic risk-based assessments = better defence

 

8. Capabilities and Services

4.jpg?profile=RESIZE_710x

 

9. Implementing Zero Trust

- Users

  • Centralised enterprise managed identities
  • MFA (application layer enforcement, Phishing resistant, passwords)
  • Check password against known breaches
  • At least one device level signal during authentication
  • PAM
  • ABAC
  • RBAC

- Devices

  • Maintain a complete reliable inventory of assets
  • EDR

- Networks

  • Network visibility
  • Encrypt DNS requests
  • Use HTTPS for web application and APIs
  • Plan for Network isolation

- Applications and Workloads

  • Understand your network protect surface
  • Treat all applications as internet connected
  • Have a dedicated application security testing program
  • Operate an effective and welcoming public vulnerability disclosure program
  • Work towards employing immutable workloads

- Data

  • Categorise and tag your assests
  • Audit access to any data encrypted at rest in a commercial cloud
  • Implement comprehensive logging
  • Automate security responses

- Key Steps

  • Decide to adopt a zero trust strategy
  • Inventory your environment 
  • Determine your current state 
  • Set desired maturity
  • Don't forget governance
  • Start with identity and device security
  • Slow and steady - work with your existing capabilities first
  • Ditch passwords

 

10. Zero Trust In Action : Deconstructing the Uber Attack - what we reportedly know

5.jpg?profile=RESIZE_710x

 

 

 

Read more…

We had a community webinar on "XDR : A Holistic View Through Security Analytics – Across Endpoint, Network And Cloud". We discussed the fundamentals; Endpoint solutions vs XDR; Implementation experience, challenges; post implementation feedback, outcome vs expectation, use cases; MDR vs human skills.

 

Session Agenda

  • What is EDR, XDR
  • Endpoint solutions vs XDR
  • Implementation experience , challenges
  • Post implementation feedback, outcome vs expectation, use cases
  • MDR vs human skills

 

About Speaker

  • Abdur Rafi, Head IT Infrastructure & CISO,  ABP Group
  • Soumya Biswas, IT Infrastructure & Security Specialist, ABP Group
  • Debajyoti Das, Senior Executive IT Security, ABP Group

 

(Webinar) Recorded

 

Discussion Highlights

1. Extended Detection and Response (XDR) solutions are designed to provide automated threat detection and response through data visibility and the use of threat intelligence and data analytics. XDR collects activity data from multiple vectors including endpoints, servers, and networks.

 

2. Automobile Attack Surfaces : Fifteen of the most hacable and exposed attack surfaces, including several electronic control units on a next generation car. Like - Smartphone, Remote link type app, Airbag ECU, OBD2, USB, Bluetooth, DSRC-Based Receiver (V2X), Remote key, Passive keyless entry, Vehicle access system ECU, Steering and Braking ECU, Engine and Transmission ECU, Lighting system ECU, ADAS system, TPMS

 

3. Endpoint Detection & Response

  • Spam Phishing email
  • Known Rogue eebsite
  • Unknown Rogue website
  • Known Malware
  • Unknown Malware
  • Fileless Attack
  • Exploit

1.png?profile=RESIZE_710x

 

4. Endpoint Protection Plan (EPP)

Detection : Ioc scan, Advanced detection techniques, Behaviour analysis

Investigation : Root cause, Attack Visualization, Enriched alert data

Response : Automated response on discovery, Multiple response options, Quick response during the investigation

 

5. How XDR works : XDR isolates and dissects threats on different attack surfaces

  • Endpoints
  • Email
  • Network
  • Servers
  • Cloud workloads

 

6. Endpoint Protection Policies

  • Threat Protection
  • Peripheral control
  • Application control
  • Data Loss Prevention
  • Web Control
  • Update Management
  • Windows Firewall

 

7. Threat Analysis Center - ML / PE-A

2.png?profile=RESIZE_710x

 

 

Read more…

We are hosting CISO Community Webinar on "Zero Trust : Architecture Principles; Threats; Architecture Components; Guidance Documents - NIST, CISA, NSA, DOD"

Join us for "CISO Webinar : Zero Trust From A Practitioner's Perspective (Architecture Principles; Threats; Architecture Components; Guidance Documents - NIST, CISA, NSA, DOD)" with Wayne Tufek (Frequent Speaker at RSA APJ, ISC2, SACON & Renowned Security Architect). In current enterprises, data and resources are distributed across multiple clouds and premises with users needing access anytime anywhere. Thus, data protection needs to be beyond the enterprise environment perimeter. A zero-trust architecture (ZTA) enables secure authorised access to each individual resource, whether located on-premises or in the cloud, for a hybrid workforce and partners based on an organization’s defined access policy. The challenge for security professionals investigating a Zero Trust strategy is looking beyond the buzzwords of vendors and the hype.

 

Key Learning Points : 

  • History of the zero trust mode
  • Why is it relevant now ? (perimeter is dead, people work from anywhere and data is on endpoints and in the cloud)
  • Zero trust architecture principles and tenets
  • Zero trust threats
  • Zero trust architecture components
  • Policy enforcement point types
  • Cloud deployment models
  • Zero trust guidance documents - NIST, CISA, NSA, DOD

 

You can join us here: https://info.cisoplatform.com/zero-trust-architecture-principles-threats-architecture-components-guidance-documents-nist-cisa-nsa-dod

 

Wayne%20Tufek.png?profile=RESIZE_710x

Read more…

We had a CISO community Fireside on "Practical Approach To Understanding Attack Surface Management (ASM) In 2023" with Chris Ray (security architect) and Bikash Barai (cofounder CISO Platform, FireCompass)We discussed on how ASM dramatically improves visibility, how ASM can be a force multiplier for security teams that are stretched thin, case studies, ASM solution market and how to evaluate a 'Good Fit for your organization'.

 

Key Points

  • How ASM Improves Visibility And Creates Practical Risk Reduction?
  • ASM Case Studies
  • ASM Solution Market And How To Identify A Good Fit For Your Organization?

 

About Speaker

  • Bikash Barai, Co-Founder, CISO Platform & FireCompass
  • Chris Ray, Security Architect

 

 

FireSide Chat (Recorded Version)

 

 

Executive Summary (FireSide Chat Highlights) : 

1. What Is Attack Surface Management (ASM) ? 

ASM is just too concise it's too accurate it's it's very descriptive. When we are talking about attack surface management, it's really important to understand if you have never considered it, you have never looked under the covers. It's really important to understand, it is a paradigm shift away from a lot of security practices and tooling. I'll give examples from EDR to help illustrate this. You need to know end point to install the agent on it and take advantage of the EDR solution. For vulnerability management, one must know their repositories to be able to scan and protect them. ASM takes away the shortcomings of legacy vulnerability scanning platforms that are network based. Legacy vulnerability scanners continuosly scan available assets, however this approach could fail if the assets being scanned is not the universe of assets of the company. That's a major problem for a lot of organizations. ASM takes a different approach, it scours the internet, uses automation and human expertise to look for breadcrumbs of data and information based off from One initial starting point like a company domain. With this, ASM build a very comprehensive understanding of an organization's digital footprint. 

Sometimes ASM is split as External Attack Surface Management (EASM) and Internal Attack Surface Management. EASM is the publicly exposed data which attacker's could easily misuse. However, this differentiation is not so crucial, I won't care if it's internal or external, I would care about the priority based on high-risk low-risk vulnerabilities. 

 

2. What is the reason behind the rise of ASM ? 

It is wise to note majority of attacks that take place are at a much lower sophistication level. Shodan is the search engine for IoT, Shodan it's like Google but for Internet connected stuff. Attacker focused enablers of technology have now existed for a while and that puts a lot of data in the hands of attackers which could get misused. I see this as a catalyst for products like ASM. The next I think that drives a solution like ASM are small teams at startups. A good ASM not only enables the security team with an organization's attack surface but also helps with understanding comtext and provide a method of prioritizing where to start. This is a pretty hard problem ASM solves the prioritization. ASM also comes in handy since it immediately notifies when a new patch is released. 

 

 

3. What Are The Key Pain Points And The Use Cases Of ASM ? 

There are 2 main segments here the large enterprises with merger and acquisition activity, ASM helps with a scan of all resources which is a very time consuming and expensive activity otherwise. Another use case is for large enterprise and government where they are consolidating their business units, a unified list of assets for each unit is a quick view very meaningful to them. Discovering the assets becomes a beginning point for defining their cyber security framework.

Another place of use for ASM comes in smaller organizations or SMB or startups with overworked small security teams. An ASM which prioritizes the vulnerabilty and what to work on, makes sure you are putting the right fire out. The smaller teams don't have the bandwitdth to figure this out, there are way too any things to attend to already.

Another place of ASM value comes in for all security teams, vendor risk management tools might throw vulnerabilities not deduplicated while the ASM could add a very comprehensive report in this case. It save the security team from spending hours on vendor risk management.

ASM adds a huge amount of insight for the security architects. They build the framework and have a deep understanding. The ASM report is of great help to them vs the engineers and analyst who often have a top level view. 

ASM reports are extremely useful for security teams like the GRC team, vulnerability management team, security leadership, cloud security posture management teams. There's interesting augmentation amongst SOC and ASM; Threat Intelligence and ASM, it just gives them more data to work on and adds value on it.

 

4. How ASM Helps In The Risk Management Story ? 

 

Many organizations and security leaders have become comfortable with making risk management decisions in a vacuum. An ASM bridges that gap and empowers a leader with the assets and repository information to help protect their organization. It is adding the context for risk management decision making. That doesn't need to be manual or ad hoc, ASM is doing it in a structured way. With the ASM reports, the security leader (or leadership team) has comprehensive asset data and context with each, so now he/she no longer is making decision in the vacuum but with context and priority. The ASM tool basically starts with base information like IP DNS hostname and it builds on it like the AWS asset or unbuntu server with context on the asset. It could add context like the DNS records changed on this date and previously it was owned by this organization and in this geography, later start stringing together additional context. So now, the person no longer had to make decisions in a vacuum, he/ she has a more comprehensive understanding of where this asset fits into the bigger picture of the organization.

 

5. From Where Do Organizations Get The Budget ?

Is it like they're taking some existing budget or creating a new budget and also like how are they justifying the budget ? 

There are two primary ways that this is getting purchased. Shifting away from their vulnerability management. The best way to think about this is ASM is doing what you should already be doing but you can't. Organizations did not have the full view of all the assets once they got to know all those assets these are like half of it we don't need it they shouldn't be online. 

I see there are 2 primary ways this is being purchased - one is creating budget by shifting away from the vulnerability management (not entirely since there are a few must like the compliance frameworks, regulatory frameworks, network-based vunerability scans) by primarily using ASM and then complimenting it with the compliance, regulatory, network based scans. So now you need not spend as much money on the remaining vulnerability management (compliance, regulatory, vulnerability scans). So cutting out a part of this for ASM and cobbling these with ASM.

Another area for ASM budget is asking for new money. It is always hard to get new money and really needs good justification. For ASM one major justification for a security leader is it allows him/her to get a comprehensive view of their asset repository which is a primer for being able to secure in the first place. Most security leaders agree they need to do this but donot have the resource (army of engineers and skill and continuos monitoring) to do it. An ASM is that tool that gives you value out of the box. Not many security teams will have the resource to hire the army of engineers and map out their attack surface thought they know it's a necessity. It is also a lot more expensive while an ASM tool is doing just that for much less.

It is interesting, we noticed in the past some organizations (even large Fortune 500), found out plenty of online resources they were still paying for and weren't using. With ASM, they found it and took it off, saving them cloud costs (turned out it was a big annual expense save).It was an asset marketing created and had collected customer data on it. Nobody was maintaining it anymore. So it was laying out there anyone could have exploited it. With GDPR, it would have then costed them a huge amount for this too. So, in ways ASM actually helped them reduce their attack surface and saved them money by preventing a data breach and saving cloud costs. 

 

6. What Are The Challenges In ASM As A Space ? 

It is a hot space but not in its super mature stage

Firstly, ASM maps your attack surface which is like 95% but there will be some parts more to it. ASM is improving with time and evolving. So a mistake easy to make is ASM is giving me the full picture. There may still be a few areas undiscovered, it's nor perfect and it's important to be ready for that 5%. It's the low hanging fruits that get jabbed first and cause the breach mostly. One has to remember ASM is still a tool made by humans to help you make secuity decision but it will have its flaws. ASM as a technology is excellent at discovering and it's almost perfect, but one must be vary of the little part that still stays uncovered (no tool is perfect). Despite the best efforts, computer science is very effective but not perfect, so there will be misses even from the ASM tool, be vary of it.

ASM is really good at the external attack surface mapping and there seems to be a direction where some vendors and ASM solutions are building similar capabilities (not exactly same) for the internal attack surface too. Whether on premise or on cloud, one must not leave out this area of 'internal attack surface' as this still can be a major threat area. Your organization attack surface includes the external attack surface (EASM) and the internal attack surface for a holistic view, even if multiple tools do it. 

ASM faces a challenge as to many false positives and prioritizing this. Legacy vulnerability management shows you what's broken while ASM finds more assets more broadly and is more comprehensive but their functionalities are separate. ASM is trying to handle the problem of false positives by adding context, it comes back with the vulnerability and proof like screenshots or commands and potential damage. ASM Tools are trying to automate this and also adding humans in the loop at the last mile for validation. Another way to solve this could be by ASM becoming a part of security suite rather than being a standalone tool. It could become a part of cloud security or SOC or vulnerability management. Essentially ASM will evolve and possibly become a part of the security suite.

blog-header-23.jpg?w=930&ssl=1&profile=RESIZE_710x

Read more…

We are hosting CISO Community Fireside chat on "Practical Approach To Understanding Attack Surface Management (ASM) In 2023". 

Join Chris Ray (Analyst, Gigaom, Domain expert Attack Surface Management), Bikash Barai (Co-founder, Cisoplatform , CEO, Firecompass). We will understand how ASM dramatically improves visibility, how ASM can be a force multiplier for security teams that are stretched thin and how ASM creates practical risk reductions because of these (visibility and force multiplier). We will also understand the ASM solution market and 'How To Identify A Good Fit For Your Organization.

 

Key Learning Points :  

  • Fundamentals : What Is ASM? How Does ASM Work ?
  • How ASM Dramatically Improves Visibility ? 
  • How ASM Can Be A Force Multiplier For Security Teams ?
  • How ASM Creates Practical Risk Reduction ?
  • Understanding ASM Solution Market
  • How To Identify A Good Fit For Your Organization ?

 

You can join us here: https://info.cisoplatform.com/practical-approach-to-understanding-attack-surface-management-asm-in-2023

 

approved%20banner.png?profile=RESIZE_710x

 

Read more…

We had a CISO community webinar on "Exposure Management For Financial Institutions To Overcome Resource Limitations And Regulatory Reporting". We discussed how to overcome resource limitations and the manual burden of regulatory reporting. How exposure management can help your Institution navigate the ever-increasing regulatory burden.  

 

Session Agenda

  • How to Overcome Resource Limitations: automate and lighten your workload by providing continuous programmatic assurance
  • Discover, Prioritize & Proactively Reduce Cyber Risk: Discover your attack surface risks & prioritize the most important ones to help mitigate the risks faster
  • Security Posture Reports to Meet Regulatory Requirements: How to continually assess and provide automated reports on your security posture to meet regulatory requirements

 

About Speaker

  • Bikash Barai, Co-Founder & CEO, CISO Platform & FireCompass
  • Dave Lawy, Co-founder QunatumSmart and Senior Technology Executive
  • Nasheen Liu, Partner & SVP, CIO Program Strategy

 

(Webinar) Recorded

 

 

Discussion Highlights

1. In both USA & Canada the regulators are stepping up the level of sophistication demanding higher level of cyber security maturity from Financial Institutions. Any comments ? 

  • What are some of the ways Financial Institutions provide continuous assurance of their cyber posture?
    Context: Good process is always important however automation is the key to being successful in any space.. automated cyber tooling will help setup the company for success
  • What is a general trend of interactions observed by regulators with industry on cyber?
    Context: Better processes, Less tolerance for poor hygiene, better questions & maturity matrix

 

2. Is Cyber Insurance important and how does it best serve the organization ? 

  • The price of insurance is significantly increasing YearOnYear, retention (deductible) is increasing while exclusions and / or endorsements are reducing risk for the insurance carrier. Mitigating controls are more and more necessary

 

3. How can FI (Financial Institutions) best demonstrate they are adhering to security standards and compliance frameworks such as PCI DSS or SOC 2 and how are these standards maintained and updated ? 

  • Standards require regular maintenance, adhering to a process and providing evidence. The more that can be automated the better the evidence is to showcase the organization adheres to such standards, better consistency, repeatable, predictable output
  • As the environments increase complexity so does the ability to adhere to increasingly more stringent standards and frameworks. It is important to have systems and applications designed, built, and delivered leveraging automation. DevSecOps is a somewhat newer term however this has been around for some time in different forms. Ultimately security has to be built into the design. The systems state must be controlled programmatically which would allow proactive and reactive security changes to be made efficiently and in a scalable manner

 

4. What is External Attack Surface Management (EASM) and why is it Important ? 

  • Failure to conduct an extensive attacker-like reconnaissance frequently leaves low-hanging fruits easily exploited by cybercriminals. And because attack surfaces are dynamic you will want continuous attack surface mapping and security testing especially on assets residing in “Shadow IT” for your organization and third parties

 

5. What are some of the trends being seen regarding cyber people resources and how are companies coping with the ever increasing demand on cyber resources as the threat landscape increases ? 

  • War on talent, shortage of staff, constraints on budget, increasing demand to protect / defend, more sophisticated attack vectors…shortage of CISO thought leadership

 

6. Financial Institutions must adhere to standards and practices. How can the Financial Institutions perform expensive security exercises to protect and defend with a security team that has a long list of priorities, along with a shortage on staff and time

  • FireCompass CART - Our CART platform gives you multi-stage attack playbooks to mimic a real attacker and accurately pinpoint prioritized vulnerabilities that would be targeted first. CART delivers shorter mean time to remediation (MTTR) and increased depth and breadth of coverage so you can focus on your mission of keeping attackers out and keeping IT/OT services running smoothly and securely.
    Gartner says “Nation-state actors and criminal organizations operate with a level of sophistication that surpasses the preventative and detection capabilities of most security and risk management teams.”

 

7. How about leveraging SaaS security solutions and automation to augment the security team

  • Having such tooling with repeatable predictable output and evidence of processes not only helps with regulators but this can be a powerful tool for Third Party Risk Management. If your customer or vendor is using automation, there is a clear audit trail a known process in place that is standardize…this helps in audits as both a customer and vendor…. Third-party risk management: Financial institutions must ensure that third-party vendors and partners who have access to their systems and data are appropriately vetted and managed for cybersecurity risks.

 

8. What is Cyber risk and how can today’s FI best manage risk

  • FireCompass is a SaaS platform for Continuous Automated Red Teaming (CART) and External Attack Surface Management (EASM) that acts as an integral part of a good exposure management program.
    -Single Platform for Attack Surface Management and Automated Penetration Testing & Red Team
    -Daily Risk Port Scanning & Adversary Emulation through multiple Attack Playbooks
    -Prioritized Risks with real-time alerts for faster detection and remediation
  • Understand your holistic technology landscape. Understand all your assets logical, physical. Understand your level of maturity measured against regulatory standards, understand your exposures, Understand your processes to mitigate, Understand your tooling and systems to mitigate and understand your organization and culture.

 

Read more…

We did 3 panel discussions in 3 cities, engaging over 25+ CISOs on the Gartner Hype Cycle for Security Operations that is used by CISOs to identify the hype and expectations and insight into what technologies and trends are likely to become more important in the near future.

 

 

Panel Speakers

  • Somshubhro Pal Choudhury, Partner, Bharat Innovation Fund
  • R Nantha Ram, Leader - Cyber Security Operation, 3M TCOE
  • Naseem Halder, CISO, ACKO General Insurance Ltd
  • Nitish Goyal, Director, Ocwen Financial Services
  • Philip Varughese, Global Head - Applied Intelligence, Platforms and Engineering, DXC Security
  • Sandeep Bansal, Head ICT, Reva University
  • Harmeet Kalra, Regional Sales Director (India & SAARC), Picus

 

Topic%209.jpg?profile=RESIZE_710x

 

 

Discussion Highlights

1. From the Gartner Hype Cycle- Pick 1-2 areas you are personally excited about… what you think is the need of the hour

Here are the top emerging technologies picked by CISOs:

  • External Attack Surface Management
  • Exposure Management
  • Automated Penetration Test & Red Teaming
  • PTaaS
  • Digital Risk Protection Services
  • XDR

 

2.  What's your focus on the new entrants and its importance in the near future

The new hyped entrants are Exposure Management, External Attack Surface Management and Automated Penetration Test & Red Teaming… XDR (which in a way is a better EDR and was already there).
 
- Exposure Management: It is important to note that exposure management should be approached as a comprehensive program and not just the use of a single tool. This includes conducting activities such as identifying the likelihood of exploitation based on visibility into the attack surface, inventorying and categorizing exposure in terms of vulnerabilities, threat intelligence, and digital assets, and validating the effectiveness of security controls in detecting or preventing potential attacks.
As Gartner recommends, “Expand to a broader exposure management to include unpatchable attack surfaces and assess the need for solutions, such as digital risk protection services (DRPS), external attack surface management (EASM) and/or security rating services (SRS) for coverage of other exposure points, such as supply chain and shadow IT in the cloud”.
 
- External Attack Surface Management: The evolution of External Attack Surface Management EASM has been driven by the need to stay ahead of the constantly changing attack surface and learning what is being exposed to the hackers. As Gartner defines it, EASM describes a set of products that help organizations in identifying risks coming from internet-exposed assets that may be unknown to the organization and may contain unknown vulnerabilities. EASM is seen to be expanding into aspects of BAS, digital risk protection services (DRPS), and Security Rating Services (SRS). As a CISO said, “EASM solution has the ability to automatically identify risks in subsidiary companies and affiliated entities, whereas traditional security measures such as VA,PT and BAS can only detect such risks if we have prior knowledge of these environments and have deployed the system in those locations.
 
- Automated Penetration Test & Red Teaming : One of the key ways that Automated Penetration Test & Red Teaming has evolved is through the use of AI and machine learning. Through automation, it can run a large number of emulated attacks through playbooks in a short period of time, allowing organizations to identify their security risk posture. Additionally, it reduces false positives and focuses on the most critical vulnerabilities that might be attacked first. As a CISO said, “Automated Red Teaming adds value by eliminating repetitive manual tasks and significantly increasing the speed and scope of the testing.”
 
- XDR (Extended Detection and Response): is a security solution that aims to provide a more comprehensive and integrated approach to threat detection and response than traditional EDR (Endpoint Detection and Response) solutions. It typically includes the capabilities of EDR and also integrates data from other sources such as network and cloud to provide a more complete view of the threat landscape, enabling more effective detection and response to security incidents. Some experts believe that XDR is a better solution than EDR as it provides a more holistic approach to threat management. As a CISO, “it is my belief that XDR (Extended Detection and Response) is a more effective solution than traditional EDR (Endpoint Detection and Response)”.
 
 
3. What CISOs should keep in mind while adopting disruptive cyber security technologies ?
 
Several points were mentioned by CISOs and here are some key considerations:
  • Scalability: The technology should be able to scale to meet the organization's future needs
  • Continuous monitoring: CISOs should continuously monitor the technology for any issues or vulnerabilities and have a plan for incident response
  • Compliance & Governance: The technology should comply with any relevant regulations and industry standards. CISOs should ensure that the new technology aligns with the organization's overall governance and compliance policies
  • Automation: products can be leveraged to improve the efficiency and effectiveness of security processes, and can free up resources to focus on more strategic initiatives. Automation can also help to reduce the risk of human error and improve the speed of incident response
  • Integration: The technology should be able to integrate with existing systems and processes within the organization
  • Risk Management: CISOs should assess the risks associated with the adoption of new technology, and have a plan in place to manage those risks
  • Staffing: Adequate staff and resources should be in place to support the new technology, including training and support for end-users
  • Business Impact: The new technology should align with the organization's business goals and objectives
  • Continuous improvement: CISOs should view the adoption of disruptive technologies as an opportunity to continuously improve and adapt the organization's security posture, and not as a one-time event
 

 

Read more…
We are hosting a CISO community webinar on "exposure management for financial institutions to overcome resource limitations and regulatory reporting"

Join Bikash Barai (co-founder CISOPlatform Community & FireCompass) and Dave Lawy (Co-founder QunatumSmart and Senior Technology Executive), as they discuss how to overcome resource limitations and the manual burden of regulatory reporting for Financial Institutions. 

Learn how exposure management can help your Financial Institution navigate the ever-increasing regulatory burden.
 
 
Key Learning Points :  
  • How to Overcome Resource Limitations: automate and lighten your workload by providing continuous programmatic assurance
  • Discover, Prioritize & Proactively Reduce Cyber Risk: Discover your attack surface risks & prioritize the most important ones to help mitigate the risks faster
  • Security Posture Reports to Meet Regulatory Requirements: How to continually assess and provide automated reports on your security posture to meet regulatory requirements
 
 
 
 
Banner%20with%20partner%20logo.png
 
 
Speakers.png
 
Read more…

A Guide To CyberSecurity Phishing Attack

Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. This article highlights some major phishing types as a guide for reference.

Phishing scams are a type of social engineering attack that use fake emails or websites to trick individuals into revealing sensitive information, such as passwords, credit card numbers, and social security numbers. These scams often appear to come from legitimate organizations, such as banks or online retailers, and may contain urgent requests for personal information or threats to close accounts if information is not provided. To avoid falling victim to a phishing scam, it's important to never click on links in suspicious emails, verify the sender's email address, and never enter personal information on a website unless you are certain it is legitimate. 

From a recent report, SlashNext's State of Phishing report reveals that there were 255 million phishing attacks in 2022, a 61% rise from the previous year. The attacks are getting more sophisticated. Recent examples show phishing emails are able to bypass Gmail's filter. The examples below might help prevent yourself from a few common phishing attacks patterns by raising awareness.

P.S. I have taken excerpts from various interesting blogs online mentioned in the reference section

 

The types of phishing include : 

  • Spear Phishing : Spear phishing involves targeting a specific group or individual, such as a company's system administrator. The following is an example of a spear phishing email. Observe the focus on the recipient's industry, the requested download link, and the urgent nature of the request.
  • Whaling : Whaling is a highly targeted form of phishing that targets "the whales" - high-level executives within an industry or business, such as a CEO, CFO, or CXX. These attacks often claim that the company is facing legal trouble and require the recipient to click a link for further information.
  • Vishing : Is similar in nature to other phishing attacks, with the goal of obtaining sensitive personal or corporate information. This type of attack is carried out through voice calls, hence the "v" in the name instead of "ph".
  • Smishing : It is a type of attack that uses text messaging or SMS to deceive the target. A typical smishing tactic involves sending a message to a cell phone through SMS that contains a clickable link or return number.
  • Email Phishing : The most prevalent form of phishing, has been in use since the 1990s. Attackers send these emails to any email addresses they can obtain, often claiming that there has been a breach to your account and requesting immediate action through a provided link. These attacks are often easy to identify due to spelling and grammar errors in the email. However, some phishing emails are harder to detect, especially when the language and grammar are polished. Checking the email's source and the linked website for suspicious language can provide clues as to its legitimacy

 

A.Password Reset

This phishing scam appears to originate from a system administrator responsible for my email domain and attempts to entice me into clicking a button. Although the text is poorly written, the buttons are well-designed, making it easy to imagine someone clicking without fully reading the text, especially if they are scanning quickly. 

Screenshot%20pwd%20reset.png

 

B.PayPal Money Request

These are exceptionally clever as they utilize authentic PayPal messages and include multiple anti-phishing warnings in the text. Despite this, there are still signs that give away their true nature. These messages arrived a week apart and are likely the result of a single phisher.

Screenshot%20paypal.png

 

C.Server Maintenance

Consider this message claiming to be from my company's IT Support team. Its goal is to obtain your email password, as once an attacker gains control of your email, they can reset passwords on other sites and access sensitive accounts. It is crucial to safeguard your email password the most!

Screenshot%20server%20maintainance.png

 

 

Some common patterns to be aloof of : 

  • Give emails a full read. Do not click if you have only skimmed through it. Be careful with easy emails and big buttons. Read the text carefully firsy before clicking. Look for grammatical errors, spelling mistakes in the email
  • Verify with your IT department in person before honouring the claim on email
  • An email with only an attached image and nothing else is mostly problem
  • Be vary of the sender name and email addresses. Check for known ones.

 

An interesting question..can you mention the tell away signs in each phishing email example ? Comment below

 

 

 

Reference

Read more…

On January 19, 2023, it was reported that thousands of PayPal accounts have been hacked. This news has caused concern among PayPal users who are now wondering if their own accounts have been compromised. In this blog post, we will provide an overview of the situation, as well as some tips on how to protect your PayPal account from being hacked.

It is currently unclear how the hackers gained access to the PayPal accounts. Some experts believe that the hackers may have used phishing scams or malware to steal login credentials. Others speculate that the hackers may have found a vulnerability in PayPal's systems that allowed them to gain unauthorized access. Regardless of the method used, it is clear that the hackers were able to gain access to a large number of PayPal accounts.

PayPal has stated that they are working to resolve the issue and have implemented additional security measures to prevent further breaches. The company has also urged users to be vigilant and check their account activity for any suspicious activity. If you notice any unauthorized transactions or changes to your account information, it is important to contact PayPal customer service immediately.

To protect your PayPal account from being hacked, there are several steps you can take. First, make sure to use a strong and unique password for your account. Avoid using easily guessed information, such as your name or date of birth, in your password. Additionally, be wary of phishing scams and never click on links in emails or text messages that ask for your PayPal login credentials. If you receive an email or text message that appears to be from PayPal, but seems suspicious, it is best to log in to your account directly through the PayPal website.

Another important step is to enable two-factor authentication for your PayPal account. This will require you to enter a code sent to your phone or email in addition to your password, making it much more difficult for hackers to gain access to your account.

In conclusion, the recent hack of thousands of PayPal accounts is a reminder that we must all be vigilant when it comes to online security. By following the tips outlined in this blog post, you can greatly reduce the risk of your PayPal account being hacked. Remember to check your account activity regularly, use strong and unique passwords, be wary of phishing scams, and enable two-factor authentication. By taking these steps, you can help protect your PayPal account and your personal information.

Read more…

The RSAC Innovation Sandbox Contest brings out cybersecurity’s boldest new innovators who have made it their mission to minimize infosec risk. Each year, 10 finalists grab the spotlight for a three-minute pitch while demonstrating groundbreaking security technologies to the broader RSA Conference community. Since the start of the contest, the top 10 finalists have collectively seen over 73 acquisitions and raised over $11.46 billion in investments. (Source : RSA Conference )

RSA Innovation Sandbox is one of the platform where information security startups can showcase their research and innovation. For the past 16 years, it is working as interface for cybersecurity companies to promote their new technology and connect with venture capitalists, industry veterans and experts at RSA Conference. "RSAC Innovation Sandbox is widely recognized as a springboard for startups in our field and since 2005, the top 10 finalists have collectively celebrated over 69 acquisitions and received $9.8 billion in investments. Two previous finalists have also completed IPOs in the last two years: SentinelOne (2015) and SumoLogic (2012)," said Linda Gray Martin, Vice President, RSA Conference. (Reference)

This year, out of 10 finalists, RSA Conference awarded Talon as the Most Innovative Startup 2022 for creating a secure enterprise browser, which empowers organizations to simplify their security programs while providing a secure and improved hybrid work experience.

FB%20Ad%20-%20RSA%20Conference%202019%20(Sandbox%20Finalists%20at%20RSA).png?profile=RESIZE_710x

 

Process Of Selection

In the final round of the contest, each finalist has to give a presentation to jury panel (a team of industry experts). Jury team includes Dorit Dor (Chief Product Officer, Check Point Software Technologies), Niloofar Howe (Sr. Operating Partner, Energy Impact Partners), Paul Kocher (Independent Researcher), Shlomo Kramer (Co-founder and CEO, Cato Networks) and Christopher Young (Executive Vice President of Business Development Strategy and Ventures, Microsoft), Hugh Thompson (Program Committee Chair, RSA Conference). For more information about the current standing status and funding of the past finalists of RSA Innovation Sandbox, visit the RSAC Innovation Sandbox Leaderboard.

 

 

Top 10 finalists of RSA Innovation Sandbox 2022

Talon%201.png?profile=RESIZE_400x

Talon- Named as “RSAC Most Innovative Startup 2022”

Talon modernizes security programs and improves user experiences for hybrid work by delivering a secure browser purpose-built for the enterprise. The TalonWork browser gives customers the deep security visibility and control over SaaS applications needed to simplify security for the future of work.

Bastion.jpg?profile=RESIZE_400x

BastionZero, Inc- Runner up at RSAC Innovation Sandbox 2022

BastionZero is a cloud service that offers engineering teams zero-trust access to their infrastructure (servers, clusters, databases, etc). They use novel cryptographic protocol design to ensure that a compromise of their service won't lead to a compromise of your infrastructure.

 

Araali.png?profile=RESIZE_400x

Araali Networks- Araali is a threat management solution for cloud-native environments. It can both detect as well as block threats. Powered by eBPF, you can enforce explicit policies for "who can do what" in your virtual private cloud, blocking malicious code from establishing a backdoor or accessing your services.

 

cado.png?profile=RESIZE_400x

Cado Security- Cado Security provides a cloud investigation platform. Designed to bring incident response into the cloud era, Cado Response delivers forensic-level detail into cloud, container and serverless environments. Cado empowers security teams to investigate and respond at cloud speed.

 

cycode.png?profile=RESIZE_400x

Cycode- Cycode is a software supply chain security solution that provides visibility, security, and integrity across the SDLC. Cycode integrates with DevOps tools and infrastructure to harden security postures, implement consistent governance, detect threats, and reduce the risk of breaches.

 

dasera.png?profile=RESIZE_400x

 

Dasera- Dasera is pioneering DataGovOps to solve the challenges of protecting data at scale while empowering employees with more data. They operationalize data governance by continually monitoring context and automatically integrating security and compliance throughout the data lifecycle.

 

lightspin.webp?profile=RESIZE_400x

Lightspin- Lightspin's graph-based platform reduces the time, cost, and resources DevOps and security teams need to keep their cloud stack secure. By identifying critical attack paths, Lightspin connects the dots between disparate security issues to prioritize and remediate critical issues that matter most, from build time to runtime and operations.

 

neosec.png?profile=RESIZE_400x

 

Neosec- Neosec is reinventing application security by bringing XDR techniques to protecting APIs. Its SaaS platform gives security professionals visibility into behavior across their entire API estate. Neosec discovers all your APIs, analyzes their behavior, and stops threats lurking inside.

 

sevco.png?profile=RESIZE_400x

 

Sevco Security- Sevco Security is a cloud-native asset intelligence platform providing visibility to all assets, users and applications both on-premise and in the cloud, creating a comprehensive and reliable source of truth for better decision making. Its patented telemetry engine finds and reduces security and IT risk.

 

torq.png?profile=RESIZE_400x

 

Torq- Torq is a no-code automation platform for security teams. Limitless connectivity, drag & drop editing, and hundreds of templates make it easy to automate any process. Security teams from large organizations to cutting edge startups trust Torq to help them minimize complexity and maximize protection.

 

Read more…

CISO Platform Breach And Attack Summit 2022

Learn About Top Breches, Attack Trends & Techniques And How To Defend Against Them. Our editorial team has handpicked the top sessions at Breach & Attack Summit held in Bangalore, Mumbai and Chennai. Here are the list of top sessions in Breach & Attack Summit 2022. 

350+ CISOs & Members joined us, 80+ Speakers shared their knowledge with the community and 47K+ engaged on social media. Attendees experienced keynotes, panel discussions and hands on workshops. 

 

Generic%20Banner%20for%20marketing%20mail.jpg?profile=RESIZE_710x

 

 

1 - (Keynote) Dissecting Verizon DBIR: What's Causing Most Breaches?

Speaker: Jitendra Chauhan

Analysis Of Verizon DBIR & Top Attack Vectors. The cyber security world has been very active last year - from very well-publicized critical infrastructure attacks to massive supply chain breaches. In this event, we will look deep into Verisign DIBR report and find out how attackers navigate to your valuable assets and what you can do about it.

 >> Go To Presentation 

Topic%201.jpg?profile=RESIZE_930x

 

 

2 - (Keynote) Shift Left Of Boom: The new "Shift-Left" Movement That CISOs Must Keep An Eye On

Speaker: Sachin Deodhar

At its core, “boom” is an unwanted, bad event for the defender — the initial contact from the offender. “Left of boom” is the set of events that occur in the timeline before the boom and “right of boom” is the set of events that follows. If we applied this to the cyber domain, Left of Boom would refer to those proactive initiatives and actions that are designed to prevent/preempt (or minimize risk associated with) an adverse cyber event. 

>> Go To Presentation

Topic%202.jpg?profile=RESIZE_710x

 

3 - (Keynote Panel) Building A Reference Architecture For Detect, Respond And Recover Capability

Moderator: Sanil Anad Nadkami     

Panel: Aditi Lath, Manikant R Singh, Dheemanth R, Rajesh Jain, Satya Maddela, Senthil N, Vikash Kumar Singh, Purna Reddy Bolla, Anshuman Singh
Topic%203.jpg?profile=RESIZE_710x

 

 

4 - (Workshop) Practical Approaches For Securing IoT Ecosystems 

Speaker: Maithri Nadig, Rahul U, Krishnaa Srinivasa
Topic%204.jpg?profile=RESIZE_710x

 

 

 5 - (Keynote Panel) Strategies To Manage The Unknown Unknowns In Your Attack Surface

Moderator: Navaneethan M, 

Panel: Yogesh M, Manoj Kuruvanthody, Samrat Bhatt, Satya NM, Shaik Javeed Ahmed, Srinivas Thimmaiah, Arnab Chattopadhayay
Topic%205.jpg?profile=RESIZE_710x

 

 

6 - (Workshop) Purple Teaming With Adversary Emulation

Speaker: Sachin Deodhar

Adversary emulation involves leveraging your Red Teams to use real world adversary tactics, techniques and procedures (TTPs), alongside attack frameworks such as MITRE ATT&CK to: Identify control gaps (and weaknesses); Validate your monitoring, detection and response capabilities; Prioritizing your security investments towards mitigating any shortcoming that may be observed using this approach.

>> Go To Presentation
Topic%206.jpg?profile=RESIZE_710x

 

 

7 - CISO Platform Task Force Initiative 2022

Speaker: Bikash Barai

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

1200650%20Breach&Attack%20Summit%20Blog%20.jpg?profile=RESIZE_710x 

 

8 - (Keynote Panel) Managing Security During Turbulent Times

Moderator: Roshan Williams

Panel: Prathap R, Raghavendra Bhat, Satish Kumar Dwibhashi, Shetty KV, Vishal Kalro, Murali Krishnaam, Aditya Kakrania
1200650%20Breach&Attack%20Summit%20Blog%20%20(1).jpg?profile=RESIZE_710x

 

 

9 - (Keynote Panel) Analysing Recent Gartner Hype Cycle And Emerging New Technologies

Moderator: Somshubhro Pal Choudhury

Panel: Asif Nalakath, Nantha Ram, Naseem Halder, Nitish Goyal, Philip Varughese, Sandeep Bansal, Anirudha Nayak, Harmeet Kalra

Topic%209.jpg?profile=RESIZE_710x

 

 

10 - (Workshop) Decoding CIS Risk Assesment Method V2.1 : How To Leverage

Speaker: Aditya Kakrania

Risk assessments are valuable tools for understanding the threats enterprises face, allowing them to organize a strategy and build better resiliency and business continuity, all before a disaster occurs. Preparation is key – after all, the worst time to plan for a disaster is during a disaster.

>> Go To Presentation

1200650%20Breach&Attack%20Summit%20Blog%20%20(2).jpg?profile=RESIZE_710x

 

 

11 - (Keynote Panel) Building A Reference Architecture For Detect, Respond And Recover Capability

Moderator: Bijender Kumar Mishra     

Panel: Urvish Acharya, Tejas Shah, Pradipta Patro, Suresh A Shan, Vasudevan Nair, Satyanandan Atyam, Anshuman Singh
11.jpg?profile=RESIZE_930x

 

 

12 - (Keynote Panel) Analysing Recent Gartner Hype Cycle And Emerging New Technologies

Moderator: Vijay Kumar Verma

Panel: Hiren Pandey, Shitij Bhatia, Sanjay Jaiswal, Rohit Yeshwant Rane, Satyavrat Mishra, Melwyn Rebeiro, Harmeet Kalra
12.jpg?profile=RESIZE_930x

 

 

13 - (Keynote Panel) Managing Security During Turbulent Times

Moderator: Ambarish Kumar Singh

Panel: Balram Choudhary, Dr. Naresh Kumar Harale, Shankar Jadhav, Shobhana Lele, Venkata Satish Guttula, Satyanandan Atyam, Aditya Kakrania
13.jpg?profile=RESIZE_930x

 

 

14 - (Keynote Panel) Managing Stress During Crisis

Moderator: Bikash Barai

Speaker: Ajay, Harshad Mengle, Mohd Imran

1200650%20Breach&Attack%20Summit%20Blog%20%20(3).jpg?profile=RESIZE_710x

 

 

15 - (Keynote Panel) Strategies To Manage The Unknown Unknowns In Your Attack Surface

Moderator: Dilip Panjwani

Speaker: Kedar Telavane, Sachin Kawalkar, Gopal Gupta, Kalpesh Doshi, Ananth MS
Topic%2015.jpg?profile=RESIZE_710x

 

 

16 - (Keynote Panel) Building A Reference Architecture For Detect, Respond And Recover Capability

Moderator: Gowdhaman Jothilingam     

Panel: Prabhakar Ramakrishnan, Venugopal Parameswaran, M Sivasubramanian, Srinivasulu Thayam, Maharajan S, Anshuman Singh

16.jpg?profile=RESIZE_930x  

 

17 - (Keynote Panel) Strategies To Manage The Unknown Unknowns In Your Attack Surface

Moderator: Vijaykumar Radhakrishnan

Panel: Vijayakumar KM, Lakshmi Narasimhan R, Venkatasubramanian Ramakrishnan, Palanikumar Arumugam, Vijay Anand, Gokulavan Jayaraman, Thamaraiselvan, Arnab Chattopadhayay
1200650%20Breach&Attack%20Summit%20Blog%20%20(4).jpg?profile=RESIZE_710x

 

 

18 - (Workshop) Purple Teaming With Adversary Emulation

Speaker: Jitendra Chauhan

Adversary emulation involves leveraging your Red Teams to use real world adversary tactics, techniques and procedures (TTPs), alongside attack frameworks such as MITRE ATT&CK to: Identify control gaps (and weaknesses); Validate your monitoring, detection and response capabilities; Prioritizing your security investments towards mitigating any shortcoming that may be observed using this approach.

>> Go To Presentation

1200650%20Breach&Attack%20Summit%20Blog%20%20(5).jpg?profile=RESIZE_710x

 

 

19 - (Keynote Panel) Chennai Chapter Presentation

Panel: Gokulavan Jayaraman, Prabhakar Ramakrishnan, Thamaraiselvan S, Suprakash Guha, Gowdhaman Jothilingam, Srinivasulu Thayam
Topic%2020.jpg?profile=RESIZE_710x

  

 

20 - (Keynote) Shift Left Of Boom: The New "Shift-Left" Movement That CISOs Must Keep An Eye On

Speaker: Arnab Chattopadhayay

At its core, “boom” is an unwanted, bad event for the defender — the initial contact from the offender. “Left of boom” is the set of events that occur in the timeline before the boom and “right of boom” is the set of events that follows. If we applied this to the cyber domain, Left of Boom would refer to those proactive initiatives and actions that are designed to prevent/preempt (or minimize risk associated with) an adverse cyber event. 

>> Go To Presentation
1200650%20Breach&Attack%20Summit%20Blog%20%20(6).jpg?profile=RESIZE_710x

 

 

21 - (Keynote Panel) Analysing Recent Gartner Hype Cycle And Emerging New Technologies

Moderator: AVS Prabhakar

Panel: Balakrishnan Kanniah, Gopi Krishna Togarcheti, Madhavan GG, Kavitha Srinivasulu, Suprakash Guha, Srinivasan
t22.jpg?profile=RESIZE_930x

 

Read more…

Kids Cyber Safety Awareness Program By Kiran Belsekar

Kid’s Cyber-safety Task Force is a part of CISO Platform community initiative to help build a safer world for the younger generation. This Session is aimed at bringing awareness regarding cyber safety among kids. CISOPlatform community member Kiran Belsekar conducted “Cyber Security Awareness Session” for Vibgyor School on 19 November, 2022 on behalf of CISO Platform. Around 50+ students were part of this session. Apart from this Teachers, School authority and parents were also part of this session.

 

 

About Speaker

Kiran Belsekar, Senior Vice President, CISO & IT Governance at Aegon Life. A leader who brings insight from both technical and business perspectives in Information Technology, Cybersecurity, Fintech & Insuretech. Has more than 20 years of experience in IT (technical) and IT Management & business knowledge in various industries. Kiran is recognised for his work in Technology & Cybersecurity by prestigious institutions such as DSCI, CSO Forum, ISACA, IT NEXT, 9dot9, IDC, IDG & Core Media etc.

 

 

Key Pointers 

  • Mobile phone security
  • Do’s and don’ts in social media
  • Effective Password Policy
  • Privacy Setting
  • Tips of personal data protection
  • Awareness on various cybercrimes
  • Cyber safety pledge

 

 

 (Kids Session) Video Recording

 

 

Session Highlights

1. Kids should do the following thing when they start exploring the Cyber world:

  • Respect and protect yourself
  • Respect and protect others
  • Respect and protect copyright
  • Respect and protect equipment

 

2. Understand Cyber World - While using facebook, Instagram, Youtube and others Kids should understand whom to talk or who is strangers or friends

 

3. Safety in Physical world - Kids should know the space distance in terms of Public, Social, Personal and Intimate space

  • Public space - Stangers
  • Social space - Friends & Relatives
  • Personal space - Parents
  • Intimate space - God

 

4. Safety Circles, where to reach for help:

  • Parents
  • Teachers

 

5. Cyber world: Fake Identities / Stangers

  • Never give away - your name, phone number, address, passowrd, school name, Parents name
  • Cyber creeps can become you (Identity theft) Find you 

 

6. Cyber world Top risks:

  • Predators
  • FIle share abuse
  • Cyber bullies
  • Invasion of privacy
  • Disturbing content

 

Read more…

10830614452?profile=RESIZE_710x

We had a community round table with CISOs of top firms to create a tangible community playbook that could be used by the community in the future. We are extremely thankful to the contributors for this playbook.

 

 

CISO Contributors

  • Dr. Anton Chuvakin, Security Solutions Strategy, Google Cloud
  • Bikash Barai, Co-Founder FireCompass, Advisor CISO Platform
  • Vijay Kumar Verma, SVP and Head Cyber Security Engineering, Jio Platforms Ltd
  • Manoj Kumar Shrivastava, CISO, Future Generali India Insurance Ltd
  • Mihirr P Thaker, CISO, Allcargo Logistics Ltd
  • Prasenjit Das, CISO, TCS
  • Suprakash Guha, General Manager, Lumina Datamatics
  • Anwaya Bilas Sengupta, CISO, ERLDC
  • Gowdhaman Jothilingam, Sr Manager IT/CISO, LatentView Analytics
  • Palanikumar Arumugam, Head Technology, Shiksha Financial Services India Pvt Ltd
  • Raghavendra Bhat, Head of Security Validation India, SAP Labs
  • Rajeev Mittal, CIO, Endurance Technologies Ltd
  • Ashok Kannan, President - IT, Sintex Industries Limited

 

 

Key Pointers

  • Challenges - Licensing, use cases, log volume optimization - how to outsource? How to select a provider? - refining SOC Practices (operations)
  • Mitigation Strategies

 

 

Discussion Highlights

 

1.Major challenges : 

  • Convince the top management for SOC
  • Log volume management
  • Management commitment
  • Partner outsourcing
  • Skill gap & awarness training - people
  • Choosing right tool - native with multiple dashboard OR aggregate logs and create correlation use cases and playbooks
  • Organizations have assets on various platforms (Jio, AWS, Google etc.)
  • Effective building of correlation use cases
  • Building SOAR capability on ground
  • Maturity of the SOC (measure active response)

 

2. How to have effective detection and response mechanism built and the right kind of soc or the program where soc is a part of it.

  • Many company still are not able to implement soc and that is the major challenges what we are facing
  • Lack of convincing the top management on the budget, how we can take it forward and what is the return of investment
  • Due to huge logs and without the dedicated team or the central team it is difficult to manage and that's why we get stuck
  • Management commitment challenges and the other auxiliary challenges
  • SOC are ruined by lack of commitment from executives than by volumes of logs

 

3. Outsourcing to manage security services whether it's a global firm, we should explicitly drag it to the light

  • SOC to be looked at with 2 aspects : need to have tools, people and a processes built around it & one side build protection controls
  • SOC is one of the prime area where we measure the active response
  • Lack for the vulnerability targeted to the porter

 

4. Threat landscape

  • Log management optimization sources has caused number of soc to crash and not go well
  • Detection and Observation comes first and then sources needed

 

5. Always drill the management crisis, pick up various scenarios and do analysis. How much time it takes for the organization to respond and recover or does the organization have the capability to respond and recover. SOC is the strategy to put things in place

 

6. We need to have tools, people and process around a successful SOC. Protective controls involve Firewall, EDR etc. An effective SOC allows you to validate if your protective measures are working well.  

 

Read more…