Skybox Security, a global leader in cybersecurity management, recently participated in the Gartner Security & Risk Management Summit 2018. Starting with the key note speaker and during the technical sessions, it was clear that the common theme throughout the Gartner Security and Risk Management Summit 2018 in Mumbai was the need to understand the risks that are important, dangerous and real to your organization. Rather than looking at the overwhelming and ever-increasing number of threats, your focus should be on identifying those that pose a real risk to your business and knowing the right patching and preventive controls to mitigate them.
“To do this you need to create visibility into your assets and eco-system or what is now called as your attack surface. It’s time to harness the power of analytics, modelling and simulation to improve attack surface visualization”, said Rahul Arora, Regional Director, India & SAARC at Skybox Security. He added, “With better visibility, security teams are better prepared to fend off attacks; with the availability of comprehensive intelligence needed to build a mature security program. A sophisticated attack surface visualization solution gives CISOs and security leaders the ability to see all security exposures at once, zoom in on problem areas and identify what’s causing the problem, all in seconds.”
To holistically visualize and understand the attack surface and provide context to security risks, a solution needs to consider:
- Topology: By comprehensively mapping all systems, devices and network segments as well as the paths between them, the interdependencies of your network affect risk exposures becomes more apparent. Effective solutions need to incorporate servers, endpoints, networks (including clouds), networking devices and security devices (physical and virtual) into a visual model.
- Indicators of Exposure (IOEs): IOEs highlight a system, device or network that is exposed to a potential attack, helping you secure the organization before an attack occurs. IOEs include software vulnerabilities, misconfigurations and missing security controls, overly permissive rules and violations of security policies and compliance rules.