Predictive Intelligence: Vulnerability Weaponization and Exploitation

Presented by

Dr. Srinivas Mukkamala, Co-Founder and CEO of RiskSense

About this talk

The key to effectively reducing the attack surface is remediating exactly the right vulnerability or weakness that will be used by the adversary. While the idea is simple enough, executing on it has proven to be one of the largest challenges facing enterprises. The impact of this lack of visibility into the attacker journey is that vulnerability remediation strategies are likely unaligned, and therefore ineffective. There’s no data that supports the hypothesis to align early weaponization to breaches, which makes it hard to know when it is the ideal time to fix the vulnerability or weakness. Vulnerability prioritization and weaponization prediction must be fueled with data and domain expertise. Fixing thousands of vulnerabilities is not enough. We need to make sure we are fixing the right vulnerabilities, at the right time. In this talk we will cover: • Quantitative and Qualitative: details on RiskSense threat dataset and data sources that allows us to uniquely separate “signal” from “noise”. • Unprecedented visibility into attack validation data: from over 10+ years, this enables us to reconstruct the complete attacker journey and understand time-based patterns. • Insights into Vulnerability life cycle: weaponization and breach latency. This will allow us to determine no engagement vs. engagement from a remediation standpoint. • Attributes and variables: used for Machine Learning to predict Weaponization and Breach Susceptibility This presentation will be given by Dr. Srinivas Mukkamala, Co-Founder and CEO of RiskSense. RiskSense’s team was the first to predict WannaCry and has since released Koadic Post Exploitation Command & Control.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (29)
Subscribers (3169)
RiskSense®, Inc. provides full-spectrum vulnerability management and prioritization to measure and control cybersecurity risk. The cloud-based RiskSense platform uses a foundation of risk-based scoring, analytics, and technology-accelerated pen testing to identify critical security weaknesses with corresponding remediation action plans, dramatically improving security and IT team efficiency and effectiveness. The company delivers a fully-informed picture of group, department, and organizational cybersecurity risk with our credit-like RiskSense Security Score (RS3). The RiskSense platform continuously correlates customer infrastructure with comprehensive internal and external vulnerability data, threat intelligence, human pen test findings, and business asset criticality to measure risk, provide early warning of weaponization, predict attacks, and prioritize remediation activities to achieve security risk goals. For more information, visit www.risksense.com or follow us on Twitter at @RiskSense.