Chris Ray, Security Architect discusses with Bikash Barai, co-founder of CISO Platform & FireCompass, on how attack surface management solutions can actively interact with assets to validate vulnerabilities with a high degree of confidence, unlike legacy vulnerability management tools.
Here is the verbatim discussion. The legacy vulnerability management tools shows you what's broken, it's noisy produces a lot of findings that are low confidence. ASM even though it discovers even more assets more broadly more comprehensively through two methods of interaction with those remote assets either passive which is similar not the same but similar as the Legacy vulnerability management or active assessments meaning assets been identified okay now let's kick off some programmatic thing that's going to go out and interact with the asset and observe its behaviors. Does it respond with a SSL an SSH login, does it give me back a banner if I know that this asset and the app version that's running on it is vulnerable to a remote code execution. Maybe it's possible through active assessments to run a benign version of that attack and you can then measure the results that's a very specific example but some ASM Solutions can go out and do that so now what you end up with is instead of Legacy vulnerability management with 20% confidence that this is the vulnerability on the other end of the wire you have ASM which is like 100% confident this is the vulnerability on the other end of the Wire.
Chris Ray, a seasoned professional in the cybersecurity field, brings a wealth of experience from small teams to large financial institutions, as well as industries such as healthcare, financials, and tech. He has acquired an extensive amount of experience advising and consulting with security vendors, helping them find product-market fit as well as deliver cyber security services.
Bikash Barai is the Co-Founder CISO Platform & a Co-Founder of FireCompass, an AI assistant for IT security decision makers. Earlier he founded iViZ an IDG Ventures backed company which was later acquired by Cigital. Barai has done double B.Tech and master’s from Indian Institute of Technology (IIT), in computer science (Hons) as well as Architecture. He is passionate about AI, cognitive hacking and attack simulation. He is credited for several innovations in the domain of IT Security and has multiple patents in USPTO under his name. Barai has received recognition from UC Berkeley, Intel, Nasscom, Red Herring, TiE, Fortune 40-under-40 in India, etc. He actively pursues painting and magic and has spoken at various forums like the University of California, Berkeley, Nasscom, DSCI, CISO Platform, NUS Singapore, TiE, TEDx IIM, TEDx IIT, RSA Conference USA, etc.
https://twitter.com/bikashbarai1
https://www.linkedin.com/in/bikashbarai/
.png)
Comments