Reducing the Attack Surface AND join us tomorrow for "Hacking Cybersecurity Budgets for 2023"
The cyber attack surface just keeps growing to the point that it seems endless. Protecting it all is impossible. Is there anything that can be done to reduce that attack surface and limit your exposure? On this week's Defense in Depth, Steve Zalewski and sponsored guest Jonathan Trull , CISO, Qualys debated these very issues:
Attack surface management vs. vulnerability management vs. exposure management. What the heck is the difference? Are we just rebranding the term vulnerability management OR are we shifting the way we're dealing with our own weaknesses? Abhishek Singh of Araali Networks asks, "Is it more around detecting accidental and new exposure vs monitoring for known unmitigated exposure?" And Pramod Gosavi of JupiterOne agrees, saying that the debate is "more about known knowns than unknowns."
"Isn't everything exposure management," asked Clifford Ziarno of World Fuel Services . It seems like it's a more digestible term for non-security people. Vulnerability management is technical. It's dealing with patching, CVSS scores, and honestly a lot of stuff the business doesn't need to know about. "Exposure management seems like it is moving towards risk management," said Jason Hoffman , global CISO of Saba Software . "Boards want to hear about things in terms of risk."
How about we don't create more issues for us to manage? One solution to reducing attack surface is not creating or holding onto so much sensitive information. Marketing will push to "let's just collect it all" to which legal and security might say, "but that's going to open us up to privacy and security concerns." Question is how much do you need that data for the business and is it worth it for all the risk it's going to create? How costly will it be to create it and destroy it? And speaking of that, how much old useless, yet sensitive data do you have lying around that is only creating risk by it's existence and not providing any business value?
If the perimeter disappeared, what the heck are we dealing with? "For a long time we were talking about the perimeter, and then many people said that the perimeter disappeared but I would argue that it didn't. In fact it transformed to be a collection of hundreds or thousands of smaller perimeters," said Yaron Levi , CISO, 杜比实验室 . That kind of defines what we're dealing with now. Look at the multitude of new categories of cybersecurity vendors? And all the microsegmentation, not just with firewalls, but also with how we need to configure every darn cloud instance.
Listen to the full episode here or over on our blog where you'll also find a full transcript. And if you're not already subscribed to CISO Series Podcast via your favorite podcast app , please do!
And thanks to all our other contributors (witting and unwitting): Bishop Bettini , CISO, LifeOmic and David Hazar of Next Level3 .
HUGE thanks to our podcast sponsor, Qualys
Join us TOMORROW, Friday [11-18-22] for “Hacking Cybersecurity Budgets for 2023”
Tomorrow's discussion for Super Cyber Friday will be "Hacking Cybersecurity Budgets for 2023: An hour of critical thinking about how to invest in the right products to maximize your return."
It all begins at 1 PM ET/10 AM PT on Friday, November 18, 2022 with guests Pankaj Goyal , Senior VP, Safe Security and Ngozi Eze , CISO, 利维·斯特劳斯公司 . We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.
Thanks to our Super Cyber Friday sponsor, Safe Security
领英推荐
Cyber Security Headlines - Week in Review
We're live tomorrow and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news.?Show is hosted by Richard Stroffolino and out guest will be? John Scrimsher , CISO, Kontoor Brands, Inc. .
You can participate live in the conversation by registering on YouTube here .
Subscribe to the podcast or subscribe to the daily newsletter .
Thanks to this week's headlines sponsor, AppOmni
Jump in on these conversations
"Does specialising early on limit your career?"?(More here )
"Freelancing - How to?"?(More here )
"What cybersecurity positions will see the most growth in the next 10 years?"?(More here )
Coming up in the weeks ahead we have:
Save your spot and register for them all now!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at?cisoseries.com .
Interested in sponsorship,?contact me,?David Spark .
Financial Advisor
1 年Such an awesome (and interactive) Newsletter. Great stuff David Spark and the CISO Series team! cc: Daniel Colin