Chris Ray, Security Architect discusses with Bikash Barai co-founder of CISO Platform & Firecompass, on how ASM is a useful tool but not perfect for discovering an organization's full attack surface and how users should not assume it is complete.
Here is the verbatim discussion. So that 5% is still as an organization, you have to account that, you know, you have to consider that ASM is still just a tool built by humans and it's going to have its own shortcomings, you know, based on human fallacies. So don't assume that it's complete. Assume that you still have more work to do. The other side, even though ASM, I will say I get excited about ASM because of how good it is at discovering things. So that's the asterisk there is. It's almost perfect, but it's not quite the other side. The other thing I emphasize, and I touched on this a little bit earlier, is the internal attack surface. ASM is really good at the external attack surface right now. And there appears to be a direction where some vendors or some ASM solutions are building similar capabilities, not the exact same because they're achieved differently, but similar capabilities for your internal attack surface. And whether that's on premises or if that's in a cloud, it's going to vary.
Chris Ray, a seasoned professional in the cybersecurity field, brings a wealth of experience from small teams to large financial institutions, as well as industries such as healthcare, financials, and tech. He has acquired an extensive amount of experience advising and consulting with security vendors, helping them find product-market fit as well as deliver cyber security services.
Bikash Barai is the Co-Founder CISO Platform & a Co-Founder of FireCompass, an AI assistant for IT security decision makers. Earlier he founded iViZ an IDG Ventures backed company which was later acquired by Cigital. Barai has done double B.Tech and master’s from Indian Institute of Technology (IIT), in computer science (Hons) as well as Architecture. He is passionate about AI, cognitive hacking and attack simulation. He is credited for several innovations in the domain of IT Security and has multiple patents in USPTO under his name. Barai has received recognition from UC Berkeley, Intel, Nasscom, Red Herring, TiE, Fortune 40-under-40 in India, etc. He actively pursues painting and magic and has spoken at various forums like the University of California, Berkeley, Nasscom, DSCI, CISO Platform, NUS Singapore, TiE, TEDx IIM, TEDx IIT, RSA Conference USA, etc.
.png)
Comments