SlideShare a Scribd company logo

Cybersecurity Strategies for Effective Attack Surface Reduction

Download as PPTX, PDF
SecPod
SecPod

Get a better understanding about your attack surface and gain insight into security strategies for attack surface reduction. Understand the importance of asset visibility. The role of Automation in Vulnerability Management and how it can transform your security posture drastically. And how SecPod can be pivotal in achieving a secure IT.

Technology
1 of 21
Dave Gruber, Principal Industry Analyst Chandrashekhar, CEO, SecPod Cybersecurity Strategies for Effective Attack Surface Reduction
© 2022 TechTarget, Inc. All Rights Reserved. 2 Speaker Introductions Chandra SecPod Founder, CEO Dave Gruber ESG Principal Analyst
© 2022 TechTarget, Inc. All Rights Reserved. 3 Today’s Agenda • Understanding Your Attack Surface • Security Strategies for Attack Surface Reduction • Asset Visibility • The Role of Automation in Vulnerability Management • SecPod Solution Introduction • Q&A
© 2022 TechTarget, Inc. All Rights Reserved. 4 10 Common Attack Vectors
© 2022 TechTarget, Inc. All Rights Reserved. Understanding Your Attack Surface Your attack surface = the sum of all exposed IT assets across all attack vectors. oThe entire area of IT infrastructure that is susceptible or exposed to potential compromise. oProtecting an organization requires careful review of every attack vector, and a detailed understanding of all assets associate with every attack vector, and what vulnerabilities exist in them.
© 2022 TechTarget, Inc. All Rights Reserved. 6 Question text: In general, how would you characterize growth in your organization’s attack surface over the past two years? (Percent of respondents, N=398) Attack Surfaces are Growing! …especially among organizations with more IT assets 22% 45% 23% 5% 4% The attack surface at my organization has increased substantially over the past 2 years The attack surface at my organization has increased slightly over the past 2 years The attack surface is about the same size today as it was 2 years ago The attack surface at my organization has decreased slightly over the past 2 years The attack surface at my organization has decreased substantially over the past 2 years 12% 20% 26% The attack surface at my organization has increased substantially over the past 2 years 1,000 or fewer IT assets (N=43) 1,001 to 10,000 IT assets (N=142) More than 10,000 IT assets (N=210) 67% ESG Research: 2021 Security Hygiene and Posture Management
© 2022 TechTarget, Inc. All Rights Reserved. 7 Reasons Why the Attack Surface is Increasing Data reflects business and IT infrastructure changes Question text: You indicated that your organization’s attack surface has increased over the past two years. What are the primary reasons for this increase? (Percent of respondents, N=269, three responses accepted) © 2021 TechTarget, Inc. All Rights Reserved. 15% 17% 23% 25% 25% 26% 28% 30% 32% 32% 32% My organization has grown through… My organization has increased the… My organization has increased the… My organization has increased its… My organization has increased the… My organization made changes to its… My organization has increased its… My organization has increased its… My organization has increased its… My organization has increased user… My organization has increased its IT…
© 2022 TechTarget, Inc. All Rights Reserved. 8 Detection & Response Security Strategies: Changing the Shape of the Threat Funnel Attack Surface Reduction Active Security Controls Detection & Response IR Recovery Prevention
© 2022 TechTarget, Inc. All Rights Reserved. 9 Types of Vulnerabilities.. oHere are some common vulnerabilities found in IT infrastructure: Vuln software, vuln configs (includes open ports, etc.), assets void of required security monitoring and prevention software (includes rouge/unknown assets), misconfigured security software, unauthorized or unwanted software operating on an asset, Misconfigured network assets APIs that lack strict access controls Over-privileged accounts Application functions that provide unauthorized access to the wrong people. (over-privileged access) Sensitive data with open network access
© 2022 TechTarget, Inc. All Rights Reserved. 10 The Vulnerability Management Process Identify Assess Risk Prioritize Patch Report
© 2022 TechTarget, Inc. All Rights Reserved. 11 Question text: If you were to give your organization a grade for its vulnerability management program, what would it be? (Percent of respondents, N=398) Grading Vulnerability Management 65% admit that there is work to be done – and the work is cumbersome and significant 35% 46% 15% 3% 1% (complete understanding of our asset inventory & can identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation in all cases) B (good understanding of most of our asset inventory & can identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation in most cases, but there is room for improvement in some areas) C (some understanding of most of our asset inventory & can identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation in some cases, but there is room for improvement in many areas) D (limited understanding of most of our asset inventory & cannot identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation & needs improvement in many areas) F (very limited understanding of most of our asset inventory & cannot identify, analyze, & prioritize internal/external vulnerabilities & remediat them in an acceptable timeframe for risk mitigation & needs improvement in all areas)
© 2022 TechTarget, Inc. All Rights Reserved. 12 Biggest Vulnerability Management Challenges © 2021 TechTarget, Inc. All Rights Reserved.
© 2022 TechTarget, Inc. All Rights Reserved. 13 Vulnerable Software and Misconfigurations Most Common Points of Entry for Successful Ransomware Attacks Question text: What was the initial point of compromise for the successful ransomware attack on your organization? (Percent of respondents, N=368, three responses accepted) © 2022 TechTarget, Inc. All Rights Reserved. 15% 17% 24% 26% 27% 31% 31% 33% 36% Reinjected from an old data… A business partner network Web search or web browsing Software supply chain Email Misconfiguration of… Application user permissions… Systems software vulnerability Application software… ESG Research: 2022 The Long Road Ahead to Ransomware Preparedness
© 2022 TechTarget, Inc. All Rights Reserved. 14 Vulnerability Management Challenges Question text: Which of the following are the biggest challenges associated with vulnerability management at your organization? (Percent of respondents, N=398, multiple responses accepted) © 2021 TechTarget, Inc. All Rights Reserved. 4% 17% 18% 21% 21% 24% 24% 25% 25% 26% 26% 28% 28% 29% 29% 30% None of the above Conducting/scheduling vulnerability scans Lack of understanding of business risk due to… Inability to understand asset exploitability,… Patching vulnerabilities in a timely manner Tracking vulnerability and patch management over… Coordinating vulnerability scans across multiple… Tracking the cost and efficiency of the vulnerability… Prioritizing which vulnerabilities could be exploited… Tracking software vulnerabilities for which no patch… Identifying all assets that need to be scanned Analyzing the results of vulnerability scans Coordinating vulnerability management processes… Coordinating vulnerability management processes… Automating the process of vulnerability discovery,… Keeping up with the volume of open vulnerabilities The data backs up assumptions about the overwhelming nature of vulnerability management.
Are We Uncovering the entire risks in the IT security landscape? Is vulnerability assessment integrated with vulnerability remediation? Are vulnerabilities continuously & automatically managed from a single console? IT SECURITY TEAMS ARE LEFT TO PONDER Very Low Certainty Poor Control No Continuity
MODERN IT SECURITY TEAMS NEED A SINGLE SOLUTION THAT EXPOSES EVOLVING ATTACK SURFACE AND TAKES OWNERSHIP OF REMEDIATION • Continuous visibility into computing environment • Risk identification beyond software vulnerabilities • Continuous mitigation of risks to reduce attack-surface • Automating preventive routines
ADVANCED VULNERABILITY MANAGEMENT FRAMEWORK Gain Visibility into IT Infrastructure REPORT VISIBILITY IDENTIFY ASSESS REMEDIATE PRIORITIZE Vulnerabilities Misconfigurations Missing Patches Other Security Risk Exposures Assess security risk from single console and insightful reports Prioritise vulnerabilities and missing patches based on severity Patch Vulnerabilities Fix Misconfigurations Apply Security Controls • Manage Vulnerabilities & Security Risks Beyond CVEs • Mitigate Vulnerabilities On-time with Integrated Remediation Controls • Execute everything from a truly integrated, centralized console • Automate end-to-end tasks and establish a continuous routine Perform strategic analysis with insightful and customizable reports Centralised Management Console APIs APIs
Certainty Control Continuity TRADITIONAL VULNERABILITY MANAGEMENT ADVANCED VULNERABILITY MANAGEMENT
019 SANERNOW CYBERHYGIENE PLATFORM SanerNow CM Compliance Management SanerNow AE Asset Exposure SanerNow EQR Endpoint Query Response SanerNow VM Vulnerability Management SanerNow EM Endpoint Management SanerNow PM Patch Management WORKSTATIONS SERVERS VIRTUAL DEVICES ALL MAJOR OSs NETWORK DEVICES SanerNow CyberHygiene Platform Single-Console Single-Agent On-Cloud On-Premise PREVENTION | AUTOMATION | CONTINUOUS Advanced Vulnerability Management
SanerNow Tools Single screen to query, analyze, detect, respond, automate and prevent attacks
For inquiries, contact us at: Email: info@secpod.com WWW.SECPOD.COM PREVENT CYBER ATTACKS. CONTINUOUS. AUTOMATED. TRY SANERNOW FREE

Recommended

Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
SecPod
 
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
SecPod
 
2022-security-plan-template.pptx
2022-security-plan-template.pptx2022-security-plan-template.pptx
2022-security-plan-template.pptx
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 
The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & BeyondThe Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
SophiaPalmira
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
Peter Wood
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
accenture
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service provider
paulharry03
 

Recommended

Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
SecPod
 
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations ExposedClosing Often Missed Vulnerabilities that Leave Organizations Exposed
Closing Often Missed Vulnerabilities that Leave Organizations Exposed
SecPod
 
2022-security-plan-template.pptx
2022-security-plan-template.pptx2022-security-plan-template.pptx
2022-security-plan-template.pptx
Eng. Ala' Zayadeen- MBA,CEH,ISO Lead Implementer, MCP
 
The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & BeyondThe Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
The Next Normal: CTEK's New Services to Support Adapting in 2020 & Beyond
SophiaPalmira
 
The 2018 Threatscape
The 2018 ThreatscapeThe 2018 Threatscape
The 2018 Threatscape
Peter Wood
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
accenture
 
Comodo SOC service provider
Comodo SOC service providerComodo SOC service provider
Comodo SOC service provider
paulharry03
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Down
accenture
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Great
accenture
 
ICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness Measurement
Aleksey Lukatskiy
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
Accenture Insurance
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit Program
Michael Davis
 
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Cenzic
 
Government and Education Webinar: How the New Normal Could Improve your IT Op...
Government and Education Webinar: How the New Normal Could Improve your IT Op...Government and Education Webinar: How the New Normal Could Improve your IT Op...
Government and Education Webinar: How the New Normal Could Improve your IT Op...
SolarWinds
 
Cse it seminar ppt1, An Approach To IT Project Management
Cse it seminar ppt1, An Approach To IT Project ManagementCse it seminar ppt1, An Approach To IT Project Management
Cse it seminar ppt1, An Approach To IT Project Management
Girija Sankar Dash
 
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptxRethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Inflectra
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
lior mazor
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
Ivanti
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification Solutions
Arun Prabhakar
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
Stacy Willis
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
lior mazor
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare ☁
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability Management
Resolver Inc.
 
One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gates
Eoin Keary
 
Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
Annual Vulnerability Report Insights - 2022
Annual Vulnerability Report Insights - 2022Annual Vulnerability Report Insights - 2022
Annual Vulnerability Report Insights - 2022
SecPod
 

More Related Content

Similar to Cybersecurity Strategies for Effective Attack Surface Reduction

Government and Education Webinar: How the New Normal Could Improve your IT Op...
Government and Education Webinar: How the New Normal Could Improve your IT Op...Government and Education Webinar: How the New Normal Could Improve your IT Op...
Government and Education Webinar: How the New Normal Could Improve your IT Op...
SolarWinds
 
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptxRethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Inflectra
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
PECB
 

Similar to Cybersecurity Strategies for Effective Attack Surface Reduction (20)

Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Down
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Great
 
ICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness MeasurementICS Cyber Security Effectiveness Measurement
ICS Cyber Security Effectiveness Measurement
 
2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance2018 State of Cyber Resilience Insurance
2018 State of Cyber Resilience Insurance
 
Applicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit ProgramApplicaiton Security - Building The Audit Program
Applicaiton Security - Building The Audit Program
 
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
Top 10 Ways To Win Budget For Application Security - Cenzic.2013.05.22
 
Government and Education Webinar: How the New Normal Could Improve your IT Op...
Government and Education Webinar: How the New Normal Could Improve your IT Op...Government and Education Webinar: How the New Normal Could Improve your IT Op...
Government and Education Webinar: How the New Normal Could Improve your IT Op...
 
Cse it seminar ppt1, An Approach To IT Project Management
Cse it seminar ppt1, An Approach To IT Project ManagementCse it seminar ppt1, An Approach To IT Project Management
Cse it seminar ppt1, An Approach To IT Project Management
 
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptxRethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
Rethinking Risk-Based Project Management in the Emerging IT initiatives.pptx
 
Application security meetup 27012021
Application security meetup 27012021Application security meetup 27012021
Application security meetup 27012021
 
How to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability ManagementHow to Perform Continuous Vulnerability Management
How to Perform Continuous Vulnerability Management
 
Designing NextGen Threat Identification Solutions
Designing NextGen Threat Identification SolutionsDesigning NextGen Threat Identification Solutions
Designing NextGen Threat Identification Solutions
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Best Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability ManagementBest Practices and ROI for Risk-based Vulnerability Management
Best Practices and ROI for Risk-based Vulnerability Management
 
One login enemy at the gates
One login enemy at the gatesOne login enemy at the gates
One login enemy at the gates
 

More from SecPod

Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
SecPod
 
Align Your ITSM and SecOps Strategy for Unstoppable IT
Align Your ITSM and SecOps Strategy for Unstoppable ITAlign Your ITSM and SecOps Strategy for Unstoppable IT
Align Your ITSM and SecOps Strategy for Unstoppable IT
SecPod
 
Uncover Vulnerabilities Beyond Software Vulnerabilities
Uncover Vulnerabilities Beyond Software VulnerabilitiesUncover Vulnerabilities Beyond Software Vulnerabilities
Uncover Vulnerabilities Beyond Software Vulnerabilities
SecPod
 
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptxProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
SecPod
 
How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?
SecPod
 
Security automation architecture principles for effective vulnerability manag...
Security automation architecture principles for effective vulnerability manag...Security automation architecture principles for effective vulnerability manag...
Security automation architecture principles for effective vulnerability manag...
SecPod
 
How to Implement Organization Wide Cyber Hygiene?
How to Implement Organization Wide Cyber Hygiene?How to Implement Organization Wide Cyber Hygiene?
How to Implement Organization Wide Cyber Hygiene?
SecPod
 
How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?
SecPod
 

More from SecPod (17)

Cybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface ReductionCybersecurity Strategies for Effective Attack Surface Reduction
Cybersecurity Strategies for Effective Attack Surface Reduction
 
Annual Vulnerability Report Insights - 2022
Annual Vulnerability Report Insights - 2022Annual Vulnerability Report Insights - 2022
Annual Vulnerability Report Insights - 2022
 
Align Your ITSM and SecOps Strategy for Unstoppable IT
Align Your ITSM and SecOps Strategy for Unstoppable ITAlign Your ITSM and SecOps Strategy for Unstoppable IT
Align Your ITSM and SecOps Strategy for Unstoppable IT
 
Uncover Vulnerabilities Beyond Software Vulnerabilities
Uncover Vulnerabilities Beyond Software VulnerabilitiesUncover Vulnerabilities Beyond Software Vulnerabilities
Uncover Vulnerabilities Beyond Software Vulnerabilities
 
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptxProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
 
How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?How can SMEs combat cyberattacks through automated vulnerability management?
How can SMEs combat cyberattacks through automated vulnerability management?
 
Security automation architecture principles for effective vulnerability manag...
Security automation architecture principles for effective vulnerability manag...Security automation architecture principles for effective vulnerability manag...
Security automation architecture principles for effective vulnerability manag...
 
Uncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software VulnerabilitiesUncovering Vulnerabilities Beyond Software Vulnerabilities
Uncovering Vulnerabilities Beyond Software Vulnerabilities
 
How to Implement Organization Wide Cyber Hygiene?
How to Implement Organization Wide Cyber Hygiene?How to Implement Organization Wide Cyber Hygiene?
How to Implement Organization Wide Cyber Hygiene?
 
How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?How to Achieve NIST Compliance using SanerNow?
How to Achieve NIST Compliance using SanerNow?
 
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
How Mid Size Enterprises Can Automate Vulnerability Management and Prevent Cy...
 
How to effectively monitor and manage IT assets in real-time using SanerNow
How to effectively monitor and manage IT assets in real-time using SanerNowHow to effectively monitor and manage IT assets in real-time using SanerNow
How to effectively monitor and manage IT assets in real-time using SanerNow
 
How to securely manage endpoints using SanerNow
How to securely manage endpoints using SanerNowHow to securely manage endpoints using SanerNow
How to securely manage endpoints using SanerNow
 
How to implement security compliance with SanerNow
How to implement security compliance with SanerNowHow to implement security compliance with SanerNow
How to implement security compliance with SanerNow
 
How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?
How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?
How to detect, assess, prioritize, and remediate vulnerabilities using SanerNow?
 
The Art of Managing and Securing Endpoints with SanerNow Patch Management
The Art of Managing and Securing Endpoints with SanerNow Patch ManagementThe Art of Managing and Securing Endpoints with SanerNow Patch Management
The Art of Managing and Securing Endpoints with SanerNow Patch Management
 
The Art of Managing and Securing Endpoints
The Art of Managing and Securing EndpointsThe Art of Managing and Securing Endpoints
The Art of Managing and Securing Endpoints
 

Recently uploaded

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

Cybersecurity Strategies for Effective Attack Surface Reduction

  • 1. Dave Gruber, Principal Industry Analyst Chandrashekhar, CEO, SecPod Cybersecurity Strategies for Effective Attack Surface Reduction
  • 2. © 2022 TechTarget, Inc. All Rights Reserved. 2 Speaker Introductions Chandra SecPod Founder, CEO Dave Gruber ESG Principal Analyst
  • 3. © 2022 TechTarget, Inc. All Rights Reserved. 3 Today’s Agenda • Understanding Your Attack Surface • Security Strategies for Attack Surface Reduction • Asset Visibility • The Role of Automation in Vulnerability Management • SecPod Solution Introduction • Q&A
  • 4. © 2022 TechTarget, Inc. All Rights Reserved. 4 10 Common Attack Vectors
  • 5. © 2022 TechTarget, Inc. All Rights Reserved. Understanding Your Attack Surface Your attack surface = the sum of all exposed IT assets across all attack vectors. oThe entire area of IT infrastructure that is susceptible or exposed to potential compromise. oProtecting an organization requires careful review of every attack vector, and a detailed understanding of all assets associate with every attack vector, and what vulnerabilities exist in them.
  • 6. © 2022 TechTarget, Inc. All Rights Reserved. 6 Question text: In general, how would you characterize growth in your organization’s attack surface over the past two years? (Percent of respondents, N=398) Attack Surfaces are Growing! …especially among organizations with more IT assets 22% 45% 23% 5% 4% The attack surface at my organization has increased substantially over the past 2 years The attack surface at my organization has increased slightly over the past 2 years The attack surface is about the same size today as it was 2 years ago The attack surface at my organization has decreased slightly over the past 2 years The attack surface at my organization has decreased substantially over the past 2 years 12% 20% 26% The attack surface at my organization has increased substantially over the past 2 years 1,000 or fewer IT assets (N=43) 1,001 to 10,000 IT assets (N=142) More than 10,000 IT assets (N=210) 67% ESG Research: 2021 Security Hygiene and Posture Management
  • 7. © 2022 TechTarget, Inc. All Rights Reserved. 7 Reasons Why the Attack Surface is Increasing Data reflects business and IT infrastructure changes Question text: You indicated that your organization’s attack surface has increased over the past two years. What are the primary reasons for this increase? (Percent of respondents, N=269, three responses accepted) © 2021 TechTarget, Inc. All Rights Reserved. 15% 17% 23% 25% 25% 26% 28% 30% 32% 32% 32% My organization has grown through… My organization has increased the… My organization has increased the… My organization has increased its… My organization has increased the… My organization made changes to its… My organization has increased its… My organization has increased its… My organization has increased its… My organization has increased user… My organization has increased its IT…
  • 8. © 2022 TechTarget, Inc. All Rights Reserved. 8 Detection & Response Security Strategies: Changing the Shape of the Threat Funnel Attack Surface Reduction Active Security Controls Detection & Response IR Recovery Prevention
  • 9. © 2022 TechTarget, Inc. All Rights Reserved. 9 Types of Vulnerabilities.. oHere are some common vulnerabilities found in IT infrastructure: Vuln software, vuln configs (includes open ports, etc.), assets void of required security monitoring and prevention software (includes rouge/unknown assets), misconfigured security software, unauthorized or unwanted software operating on an asset, Misconfigured network assets APIs that lack strict access controls Over-privileged accounts Application functions that provide unauthorized access to the wrong people. (over-privileged access) Sensitive data with open network access
  • 10. © 2022 TechTarget, Inc. All Rights Reserved. 10 The Vulnerability Management Process Identify Assess Risk Prioritize Patch Report
  • 11. © 2022 TechTarget, Inc. All Rights Reserved. 11 Question text: If you were to give your organization a grade for its vulnerability management program, what would it be? (Percent of respondents, N=398) Grading Vulnerability Management 65% admit that there is work to be done – and the work is cumbersome and significant 35% 46% 15% 3% 1% (complete understanding of our asset inventory & can identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation in all cases) B (good understanding of most of our asset inventory & can identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation in most cases, but there is room for improvement in some areas) C (some understanding of most of our asset inventory & can identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation in some cases, but there is room for improvement in many areas) D (limited understanding of most of our asset inventory & cannot identify, analyze, & prioritize internal/external vulnerabilities & remediate them in an acceptable timeframe for risk mitigation & needs improvement in many areas) F (very limited understanding of most of our asset inventory & cannot identify, analyze, & prioritize internal/external vulnerabilities & remediat them in an acceptable timeframe for risk mitigation & needs improvement in all areas)
  • 12. © 2022 TechTarget, Inc. All Rights Reserved. 12 Biggest Vulnerability Management Challenges © 2021 TechTarget, Inc. All Rights Reserved.
  • 13. © 2022 TechTarget, Inc. All Rights Reserved. 13 Vulnerable Software and Misconfigurations Most Common Points of Entry for Successful Ransomware Attacks Question text: What was the initial point of compromise for the successful ransomware attack on your organization? (Percent of respondents, N=368, three responses accepted) © 2022 TechTarget, Inc. All Rights Reserved. 15% 17% 24% 26% 27% 31% 31% 33% 36% Reinjected from an old data… A business partner network Web search or web browsing Software supply chain Email Misconfiguration of… Application user permissions… Systems software vulnerability Application software… ESG Research: 2022 The Long Road Ahead to Ransomware Preparedness
  • 14. © 2022 TechTarget, Inc. All Rights Reserved. 14 Vulnerability Management Challenges Question text: Which of the following are the biggest challenges associated with vulnerability management at your organization? (Percent of respondents, N=398, multiple responses accepted) © 2021 TechTarget, Inc. All Rights Reserved. 4% 17% 18% 21% 21% 24% 24% 25% 25% 26% 26% 28% 28% 29% 29% 30% None of the above Conducting/scheduling vulnerability scans Lack of understanding of business risk due to… Inability to understand asset exploitability,… Patching vulnerabilities in a timely manner Tracking vulnerability and patch management over… Coordinating vulnerability scans across multiple… Tracking the cost and efficiency of the vulnerability… Prioritizing which vulnerabilities could be exploited… Tracking software vulnerabilities for which no patch… Identifying all assets that need to be scanned Analyzing the results of vulnerability scans Coordinating vulnerability management processes… Coordinating vulnerability management processes… Automating the process of vulnerability discovery,… Keeping up with the volume of open vulnerabilities The data backs up assumptions about the overwhelming nature of vulnerability management.
  • 15. Are We Uncovering the entire risks in the IT security landscape? Is vulnerability assessment integrated with vulnerability remediation? Are vulnerabilities continuously & automatically managed from a single console? IT SECURITY TEAMS ARE LEFT TO PONDER Very Low Certainty Poor Control No Continuity
  • 16. MODERN IT SECURITY TEAMS NEED A SINGLE SOLUTION THAT EXPOSES EVOLVING ATTACK SURFACE AND TAKES OWNERSHIP OF REMEDIATION • Continuous visibility into computing environment • Risk identification beyond software vulnerabilities • Continuous mitigation of risks to reduce attack-surface • Automating preventive routines
  • 17. ADVANCED VULNERABILITY MANAGEMENT FRAMEWORK Gain Visibility into IT Infrastructure REPORT VISIBILITY IDENTIFY ASSESS REMEDIATE PRIORITIZE Vulnerabilities Misconfigurations Missing Patches Other Security Risk Exposures Assess security risk from single console and insightful reports Prioritise vulnerabilities and missing patches based on severity Patch Vulnerabilities Fix Misconfigurations Apply Security Controls • Manage Vulnerabilities & Security Risks Beyond CVEs • Mitigate Vulnerabilities On-time with Integrated Remediation Controls • Execute everything from a truly integrated, centralized console • Automate end-to-end tasks and establish a continuous routine Perform strategic analysis with insightful and customizable reports Centralised Management Console APIs APIs
  • 19. 019 SANERNOW CYBERHYGIENE PLATFORM SanerNow CM Compliance Management SanerNow AE Asset Exposure SanerNow EQR Endpoint Query Response SanerNow VM Vulnerability Management SanerNow EM Endpoint Management SanerNow PM Patch Management WORKSTATIONS SERVERS VIRTUAL DEVICES ALL MAJOR OSs NETWORK DEVICES SanerNow CyberHygiene Platform Single-Console Single-Agent On-Cloud On-Premise PREVENTION | AUTOMATION | CONTINUOUS Advanced Vulnerability Management
  • 20. SanerNow Tools Single screen to query, analyze, detect, respond, automate and prevent attacks
  • 21. For inquiries, contact us at: Email: info@secpod.com WWW.SECPOD.COM PREVENT CYBER ATTACKS. CONTINUOUS. AUTOMATED. TRY SANERNOW FREE

Editor's Notes

  1. Secureworks is a leader in cybersecurity providing best-in-class cybersecurity solutions and threat intelligence that reduces risk, optimizes IT and security investments, and fills security team talent gaps. Secureworks Taegis™, a cybersecurity analytics cloud platform built on 20+ years of real-world threat intelligence and research, improves your ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.
  2. The term attack surface is often confused with the term attack vector, but they are not the same thing. The surface is what is being attacked; the vector is the means by which an intruder gains access. Your attack surface is the totality of all vulnerabilities in connected hardware and software. The combination of all attack vectors and all vulnerable assets within them is known as an organization’s attack surface. Attack vectors Specific paths that attackers use to gain unauthorized access to your environment. A simple analogy would be leaving a door or window to a building unlocked or open. While not always exploited, these openings provide an opportunity for unauthorized entry and therefore creates risk for malicious or unwanted activities that may take place. Common cyber-attack vectors include firewalls, DDoS attacks, malware, passwords, misconfigured APIs, and phishing – however organizations often have 100 or more attack vectors, adding lots of opportunity for risk. Protecting an organization requires careful review of every attack vector, and a detailed understanding of all assets associate with every attack vector, and what vulnerabilities exist in them. The combination of all attack vectors and all vulnerable assets within them is known as an organization’s attack surface. Your attack surface therefore reflects the entire area of IT infrastructure that is susceptible or exposed to potential compromise.
  3. Vulnerability management. Prioritization, and Remediation. Attack surface reduction begins with an attack surface analysis. Vulnerability assessment tools are a core component of operationalizing attack surface analysis, automating the process of capturing a comprehensive list of know assets and any associated vulnerabilities associated with them. This list is constantly changing, so this process must be continuous to reflect an accurate view of potential risk. Attack simulation (pen testing, red teaming, etc.) – Expose externally-facing weaknesses. Attack Surface Management tools – automated assessment tools that identify and classify externally facing access to systems, data, and networks. Find assets and check for vulnerabilities. Continuously monitor and discover the external assets attackers can see and evaluate them against commercial, open source and proprietary threat intelligence feeds to generate security ratings for an organization's overall security posture. Risk assessment. Assessing potential risk associated with vulnerable assets requires an understanding of who or what systems are utilizing each asset, and what data is stored or processed on each asset. Risk prioritization. Once vulnerabilities and risk are assessed, both can be prioritized, focusing on highest-risk assets that need to be secured first. All of these processes must be operationalized – meaning that they must happen continuously, and automatically. Link to typical vuln definition…
  4. - Software Vulnerabilities with CVE - Misconfigurations with CVE - Asset Exposures - Missing Security Patches - Security Control Deviations or Risk Exposures
  5. - Software Vulnerabilities with CVE - Misconfigurations with CVE - Asset Exposures - Missing Security Patches - Security Control Deviations or Risk Exposures
  6. What’s the talk track for this graphic?