Name: Leveraging automation to scan CISA KEV for high risk vulnerabilities
Start: 2023-05-04T15:00:00Z
End: 2023-05-04T15:00:23.000Z
Location: BrightTALK
Rating: 0

CyCognito is solving one of the most fundamental business problems in cybersecurity: the need to understand how attackers view your organization, where they are most likely to break in and how you can eliminate that risk. CyCognito was founded by national intelligence agency veterans whose understanding of how attackers exploit blind spots led them to create a new approach to risk assessment. The Palo Alto-based company is funded by leading Silicon Valley venture capitalists and its mission is to help organizations eliminate their “shadow risk” — critical security risk that is often unknown to them. The volume of these unknown unknowns has widened dramatically as organizations have transformed from IT environments with well-defined perimeters to hyperconnected, fluid IT ecosystems that span on-premises, cloud, partner and subsidiary environments. CyCognito addresses shadow risk with a category-defining, transformative platform that automates offensive cybersecurity operations to provide reconnaissance capabilities superior to those of attackers.

Its next-generation security risk assessment platform enables Fortune 500 and other leading companies around the world to autonomously discover, understand, prioritize and eliminate their organization’s shadow risk based upon a global analysis of their external attack surface and the attack vectors that a real attacker would likely exploit. For more information, please visit cycognito.com.

Unmanaged assets exposed to the internet represent critical hidden risks at tremendous scale for modern enterprises. While most organizations feel they have this situation under control and are confident in their risk reduction practices across their external attack surfaces, the truth is the majority find a significant amount of unmanaged assets when they search for them and struggle to resolve this serious issue. 

Join guest speakerJess Burn, Senior Analyst at Forrester Consulting, as she provides a deep dive analysis of the results of a recent online study commissioned by CyCognito with 304 security and IT operations professionals to evaluate risk management practices related to external assets. 

In this webinar, you will learn about these key findings:

-   How collaboration challenges exacerbate threats related to unmanaged assets, thereby making these threats more difficult to identify, prioritize, and remediate
-   How 81% of respondents to this survey fall short of executing security testing on their full inventory of assets despite considering security testing is important for risk management
-   Why one in four respondents takes weeks or longer to respond to high-severity risks due to siloed use of multiple tools; 40% of respondents use more than 10 risk management tools
-   Why a single source of truth based on automation and continuous business structure mapping, discovery of assets, security testing, and remediation planning is core to reducing risk

A Forrester TLP Study: Teamwork Shines a Light on Hidden External Risk

There is a well-known maxim in the cybersecurity industry that cybersecurity tools are always one step behind threat actors. This statement exists because threat actors often have a better line of sight into an organization’s external attack surface than the Security team who defends that organization. Threat actors have this increased visibility due to their use of multiple open-source tools and a strong commitment to find a path of least resistance that a Security team may not be aware of.

Join Anne Marie Zettlemoyer, Chief Security Officer at CyCognito, and  Marc Rogers, Adjunct Senior Advisor at the Institute of Security and Technology, Member of the Ransomware Taskforce, and Head of Security for DEF CON, as they discuss the mindset of threat actors as they approach target organizations for ransom or even for sport. Anne Marie and Marc will discuss all the visibility advantages attackers have over Security teams and how your team can leverage this offensive mindset to better protect itself.

In this webinar, you will learn:

-  Why the old auditing method of launching quarterly or semi-annual tests on select assets no longer works to protect your organization
-  How threat actors rely on traditional testing methods as a false sense of security for their targets
-  How threat actors develop stealthy techniques to maximize efficiency and reduce time to find exploitable vulnerabilities

How a threat actor really views your organization

The digital transformation from on-premise environments to public cloud environments has made managing all assets exposed to the internet very challenging for IT and Security teams. Previously, IT teams knew of a finite number of assets that were exposed to the internet and had much more control over tracking down changes and protecting them with company security policy. Now, multiple groups in an organization, such as Research and Development or Marketing, can deploy new instances, such as web apps, APIs, and S3 buckets on the cloud without much visibility from IT or Security teams, thereby minimizing control and expanding an organization’s external attack surface.

Join Aviel Tzarfaty, Product Manager at CyCognito, as he explains how your Security team can create a plan to increase visibility into internet-facing cloud environments, run automated and continuous testing across all assets, and be made aware as soon as any security risks arise for any cloud-based assets.

In this webinar, you will learn:

- How the digital transformation has decreased visibility for all assets exposed to the internet and how your Security team can gain better visibility into all these assets
- How your organization can create a unified program to migrate assets from one cloud environment to another while enforcing a standard set of security policies
- How to enable automated testing when migrating from one cloud environment to another and become aware if security downgrades during the migration process
- How to adopt the vantage point of an attacker to make sure all your organization’s cloud-based assets remain secure

Gain visibility and enforce security policies for assets across public clouds

As large enterprises expand their global footprint through mergers and acquisitions and create subsidiary brands and products, their external attack surfaces can change by as much as 9% each month. When enterprises’ attack surfaces are constantly fluctuating, they expose themselves to critical vulnerabilities that open paths of least resistance for attackers to exploit sensitive customer data. Most enterprises also use web apps for vital business e-commerce and business communications. However, they may not be aware that web apps account for 50% of high and critical issues of all assets exposed to the internet per recent analysis of CyCognito’s anonymized and normalized customer data.

Join Emma Zaballos, Product Marketing Manager at CyCognito, and Jonathan Keÿzer, Sales Engineer at CyCognito, as they discuss anonymized customer insights from CyCognito’s External Risk Insights Brief report. This webinar will help your Security team understand how to protect its most critical assets from being easily exploited by attackers as your enterprise expands to include more subsidiary brands and web applications.

In this webinar, you will learn:

-  Why 56% of the critical and high vulnerabilities that created paths of least resistance to customer assets were found on assets managed or 
   owned by subsidiaries
-  Why enterprises are generally unaware of an astounding 10-30% of these subsidiaries before they start monitoring their attack surfaces
-  Why enterprises struggle to remediate critical issues despite knowing an asset’s location and its issues 54% of the time
-  Why web apps account for 50% of high and critical issues and make up over a third of customer requests to validate that a remediation effort 
   was successful

How enterprises become exposed to hidden risks from subsidiaries and web apps

There is a change underway in terms of how Security teams validate potential exploits using threat intelligence. Until very recently, most Security teams have relied on manual processes to validate vulnerabilities which can lead to some distrust with their IT counterparts. This distrust stems from a lack of trustworthiness in the data gathered from Security teams because these manual processes can produce hundreds of potential vulnerabilities, thus making it unclear which risks are the most important to remediate for an organization. 

However, there is a new era of threat intelligence underway that leverages technology and automation to focus attention on as few as fifty high risk vulnerabilities rather than as many as 500 which can build more credibility in terms of which threats should be prioritized for remediation. Join Ansh Patnaik, Chief Product Officer at CyCognito, as he explains how your Security team can build a modern threat intelligence program that can create more trustworthiness in your vulnerability data by focusing on the biggest risks to your organization, which will lead to faster mean-time-to-remediation and better remediation partnerships with IT.

In this webinar, you will learn:
- How your Security team can leverage technology and automation to speed up its response time for critical threats to your organization's assets exposed to the internet
- How you can now more easily find the most critical risks to your organization so that you can reduce strain on the most senior levels of your IT and Engineering teams and save hundreds of manual hours validating potential vulnerabilities
- How you can create more external cooperation in vulnerability management and cyber risk management with teams outside of Security
- How you can more quickly identify and block the path of least resistance for attackers who find new vulnerabilities every 48 hours

Build a modern threat intelligence program based in automation

One of the largest challenges for Security professionals and leaders is to create sustainable operational workflows to remediate critical risks. Security teams are focused on and are incentivized to identify and remediate critical vulnerabilities exposing  IT assets or networks to a potential data breach. However, IT Operations and other key stakeholders have their own priorities and incentives, such as maintaining uptime, which does not always align with a Security team’s objectives to patch critical vulnerabilities but is needed to help remediate them. Thus, it’s critical that the data provided is trustworthy and proves these vulnerabilities are indeed real threats. Establishing credibility is vital to facilitate remediation faster when competing with other priorities.

Join Anne Marie Zettlemoyer, Chief Security Officer at CyCognito, and Mike Johnson, Co-host of the CISO Series podcast, as they sit down for a fireside chat to discuss how you can build better remediation partnerships between your Security team and leaders from other key functions in your organization. These partnerships are critical to ensure you accelerate mean-time-to-remediation (MTTR) and protect your company from attackers.

In this webinar, you will learn:

-  How to establish credibility in your Security function through trustworthy data and proper identification of your organization’s most critical risks rather 
   than overwhelming other teams with endless alerts
-  How to build strong relationships with leaders across your organization who are incentivized by different goals
-  How you can demonstrate that building a strong operational workflow to accelerate remediation time for critical vulnerabilities will also help achieve 
   your colleagues’ goals

Enable your security team to build better remediation partnerships

As enterprises scale, they can easily expect to encounter many supposed security issues creating an unwieldy level of noise. These alerts can affect a Security team’s productivity as its members may spend hours sifting through a mountain of Common Vulnerabilities and Exposures (CVEs) to determine which issues matter most to their business while missing out on identifying the biggest risks.

Join Meir Asiskovich, VP of Product at CyCognito, as he demonstrates how your Security team can build a more streamlined and focused attack surface visibility program that eliminates this noise, prioritizing risks based on their business impact, discoverability, and exploitability intelligence.

In this webinar, you will learn:

-  How to provide clear visibility to your corporate Security team, and each of the divisional security teams, about where to focus attention in 
   order to eliminate the most critical risks
-  How to prioritize risks based on what’s important to your organization and which assets are most attractive and accessible to attackers
-  How to create a more focused scope for your organization's vulnerability scans and set better context for penetration testing to meet its goal 
   to reduce risk for exposed assets in your attack surface  
-  How to spend more of your Security team’s time remediating a few dozen critical risks rather than sorting through thousands of them

Improve attack surface visibility while reducing false positives

As organizations adapt to the structural changes imposed by digital transformation, they find it nearly impossible to identify, classify, and monitor all of their internet-facing assets. This problem becomes magnified as organizations grow in complexity through expansion along with mergers and acquisitions, thereby making their asset portfolios reach into the tens of thousands if not hundreds of thousands. Losing track of these assets provides easy opportunities for attackers to exploit vulnerabilities in an organization’s attack surface that do not comply with their security protocols. 

Deploying an external attack surface management program helps organizations discover and map an organization’s entire external attack surface and identifies the business context of assets. It then tests the attack surface, looking for the path of least resistance which can be found in critical points of exposure that attackers can most easily exploit. Join Rob Gurzeev, CEO and Co-founder of CyCognito, as he explains the top five requirements to launch a successful external attack surface management program.

In this webinar, you'll learn:

- How to discover your organization’s entire external attack surface to gain ultimate visibility into all your company’s assets thereby reducing the 
  surface area for potential threats
- How to attribute assets to their proper owners so you can classify them by business purpose to streamline solutions to vulnerabilities
- How to automate continuous testing for your attack surface to fill in gaps in staff skill sets or resources to decrease time-to-detection (MTTD) and 
  time-to-remediation (MTTR)
- How to create a scoring model by business risk to cut down on alert noise and prioritize the biggest risks so teams know where to focus immediately
- How to integrate into existing vulnerability management workflows and provide actionable remediation planning to achieve your risk management 
  goals

The top five requirements for External Attack Surface Management (EASM)

Attackers Are Exploring the Hidden Recesses of Your Attack Surface: How You Can Get There First

When attackers explore your attack surface, they are both business-like and serendipitous. They are seeking the easy, “off the beaten” path entry points to get where they want to go. If your security team takes a “planned itinerary with designated stops” approach to surveying and protecting your attack surface, your security team and the attacker may never cross paths. But there are ways to anticipate their seemingly random routes. 

Tune into this webinar titled, “Attackers Don’t Play by the Rules but There is a Playbook for Defeating Them” to learn why: 

- Attackers are most likely to be surveying the areas of your attack surface where you don’t think to look 
- Every security team should be blocking the paths of least resistance in their attack surface
- Your attack surface management approach must be both automated and continuous


Presenter: Raphael Reich, VP of Product Marketing at CyCognito 

Presenter Bio: Raphael Reich, Vice President Product Marketing, has held cybersecurity leadership roles for the past 20 years and contributed to IPOs at Imperva, Varonis and Echelon. Prior to joining CyCognito, he was Head of Product Marketing at Contrast Security, where he built the product marketing and product management teams and helped drive ~100% year-over-year revenue growth through compelling content, sales tools and campaigns.

Attackers Don’t Play by the Rules but There is a Playbook for Defeating Them

Enterprise security teams are inundated with numerous alerts regarding potential security threats. These teams face significant challenges in identifying which vulnerabilities should be priorities to remediate to protect their businesses while deprioritizing lower-tier vulnerabilities. Security teams often rely on referencing CVE lists (common vulnerabilities and exposures) and CISA KEV (known exploited vulnerabilities database) to focus on the highest-tier vulnerabilities. However, checking these lists can be cumbersome and time-consuming.

Join Eilon Bachar, Product Manager at CyCognito, as he explains how you can build an automated program that will scan known vulnerabilities lists such as CVE lists and CISA KEV for your team and help you prioritize which vulnerabilities represent the biggest threats to your company’s external attack surface for immediate remediation. 

In this webinar, you’ll learn the following:

-  How to leverage automation to focus your Security team’s attention on vulnerabilities that contain known exploit kits, which require 
   immediate remediation
-  How your Security team can save time and resources by receiving automated updates on which vulnerabilities appear on known CVE lists 
   and CISA KEV rather than looking for these manually
-  How you can create a cybersecurity risk management program built for scale that focuses your team’s attention on only the most critical 
   vulnerabilities that are known to be exploitable

Leveraging automation to scan CISA KEV for high risk vulnerabilities

Cyber Attacks

Incident Response

Vulnerability Scanning

Vulnerability Management

Cyber Security

Hackers

Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Leveraging automation to scan CISA KEV for high risk vulnerabilities

Presented by

About this talk

More from this channel