Intelligent CXO Issue 07 | Page 67

BUSINESS INSIGHTS couple of hundred dollars ’ worth of tools can cause damage .
And these breaches aren ’ t just occurring due to persistency of intent by malicious actors but , interestingly , many of these data leakages are a result of a simple human error . More than half the data leakages that happened last year were the result of simple misconfigurations or human negligence . With regulatory frameworks and data privacy laws coming into play , data breaches have also become more costly than ever , with the average breach in the region costing US $ 6 million ( according to IBM ).
Attack surface management
Historically , organisations used to be in a particular line of business and would use IT to support that . With the increase in digitisation and online presence , we ’ re seeing that IT is now at the core of many businesses .
And this has created new opportunities for organisations but also a host of challenges and risks that they need to mitigate .
Having to work with rapid development environments and third parties ( vendors , agencies , partners , etc ) means your technology ecosystems are expanding in size and frequently changing in nature . Being able to continuously keep track of where these assets might be hosted and the vulnerabilities and threats that they are exposed to has become a very complex proposition .
How spiderSilk helps organisations tackle some of these challenges
We are driven by a simple idea . The more we can make attack surface management mainstream , the harder we make it for cybercriminals to find assets to exploit .
We knew first-hand that security teams are stretched thin , so we needed to build a platform that could provide them with aircover and support . We had to help them achieve comprehensive visibility with zero effort or input from their end .
We help uncover the ‘ unknown unknowns ’ – assets that you might not have even been aware of , sitting out there on the open Internet and publicly exposed . But also visibility of where all their assets reside , geographically , as well as by cloud provider , or data centre .
Once that visibility has been achieved and maintained around the clock , we go through the threat assessment part of the platform , which runs a host of standardised and nonstandardised threat assessments against all the assets that belong to that organisation .
We have a team of dedicated security researchers that are constantly researching the latest hacking methodologies that malicious actors are using . We analyse these , reverse engineer them and include them into our Threat Assessment Engine which then allows us to detect some of these threats that are specific to certain technology stacks . This is where the magic happens and how we have so far helped blue chip companies protect the data of over 120 million people from exposure .
But as previously mentioned , this problem is no longer centric to large companies but affects any entity that is digital enabled or Internet facing . With that in mind we focused on making the platform entirely autonomous so even companies with resource constraints can rely on having an external , 24 / 7 partner to rely on for cybersecurity so they can focus on other areas of their business and security .
spiderSilk technology use cases
The most important one is the comprehensive visibility and there are many examples of where we ’ ve alerted global organisations to the existence of certain assets that they weren ’ t even aware existed .
Second is third party risk . Many solutions that manage or report on third party risk depend on user and customer inputs to be able to monitor these assets and relationships . By continuously scanning the entire Internet and only using the name of the organisation for attribution , we ’ re not only able to pick-up all your assets but also ones that are by third parties or contractors and through which you may be exposed .
Third is misconfiguration . Simple misconfigurations , like a server sitting with a standard password or without a password protection , or any form of other misconfiguration , led to more than half of data leaks last year .
The fourth use case is what we call the noncoded threads . These are typically either business logic flaws or integration flaws that might leave data exposed if undetected and these non-coded threats are not covered by existing solutions . www . intelligentcxo . com
67