This document outlines an agenda for a presentation on closing often missed vulnerabilities. The presentation will discuss understanding IT and security posture, the state of vulnerability management and security hygiene, challenges faced by security and IT teams in keeping up due to expanding attack surfaces. It will also discuss security strategies and the threat funnel approach of protect, detect, respond and recover. Finally, it will discuss a new innovation from SecPod called SANERNOW that aims to enable continuous posture anomaly management through automated identification and remediation of outliers.

1. Closing Often Missed
Vulnerabilities that Leave
Organizations Exposed

2. © 2023 TechTarget, Inc. All Rights Reserved. 2
Speaker Introductions
Chandrashekhar B
SecPod Founder, CEO
Dave Gruber
ESG Principal Analyst
Preeti Subramanian
SecPod Chief Product Architect

3. © 2023 TechTarget, Inc. All Rights Reserved. 3
Today’s Agenda
• Understanding IT and Security Posture
• State of the Industry
• Keeping up with a Growing Attack Surface
• Security Strategies and the Threat Funnel
• New Innovation from SecPod
• Q&A

4. © 2023 TechTarget, Inc. All Rights Reserved.
What is IT Security Posture?
The security status of an
enterprise’s networks,
information, and systems
based on information
security resources (e.g.,
people, hardware, software,
policies) and capabilities in
place to manage the defense
defense of the enterprise
and to react as the situation
changes.
• Networks
• Information
• Systems
• InfoSec resources
(people, hardware,
software, policies)
• Defense
management
capabilities

5. © 2023 TechTarget, Inc. All Rights Reserved.
5
Security Hygiene and Posture
Management Remains One of
the Least Mature Areas of
Cybersecurity
Organizations Believe Their
Vulnerability Management
Programs Are Mature, but
there Is Still Work to Be Done
External Attack Surface
Management is Helping
Expose Risk, but Lacks
Automated Remediation
Progress is Underway Adding
Risk into the Security
Equation,, but Point-in-time,
Static Assessment Struggles
to Tell the Real Story
Asset Management is a
Priority, but Depends Upon
Tools, Processes, and Cross
Department Cooperation for
Most
Many Siloed Posture
Management Activities are
Underway, with Opportunity
for Convergence
State of Security Hygiene and Posture Management

6. © 2023 TechTarget, Inc. All Rights Reserved.
6
Question text: Approximately how often does your organization conduct each of the following activities across all targeted/applicable
assets? (Percent of respondents, N=398)
Frequency of Security Hygiene and Posture Management Tasks
21%
22%
24%
25%
25%
27%
31%
38%
41%
34%
32%
35%
32%
38%
37%
32%
36%
30%
23%
26%
25%
23%
20%
22%
23%
15%
17%
14%
12%
12%
14%
11%
10%
10%
7%
9%
6%
7%
2%
5%
3%
2%
2%
2%
2%
1%
1%
1%
1%
1%
2%
1%
1%
1%
1%
1%
1%
1%
1%
Compliance and governance reviews
Asset inventory review
Reviewing risk exceptions, CVEs and other risk items that have been
“accepted” and not fixed
Asset/configuration management review
Reviewing controls effectiveness including performance of
deployed security tools and processes
Access control review
Data discovery and classification
Vulnerability scans
Application security scans
0% 20% 40% 60% 80% 100%
Daily Once per week Once per month Once per quarter Once per year Less often than once per year Don’t know
Most activity is event-based

7. © 2023 TechTarget, Inc. All Rights Reserved.
7
Security and IT Teams
are Struggling to
Keep Up
© 2023 TechTarget, Inc. All Rights Reserved.

8. 8
More Than Half Think Security Operations
is More Difficult Today vs. Two Years Ago
5 Top Reasons Why
1. Growing attack surface
2. Threat landscape
3. More cloud and SaaS usage
4. A growing number of security tools
5. Firefighting leaves no time to
improve the program
The Expanding Attack Surface
Creates More Challenges
1. More Vulnerabilities to Manage
2. Current Tools are Failing to
Support Expanding Attack
Surface
3. Modern Applications
Development and Deployment
has Increased Velocity, Requiring
New Skills
2022 ESG Research: SOC Modernization and the Role
of XDR

9. 9
47%
42%
7% 3% 1%
We have a mature vulnerability management program in place, remediating vulnerabilities within 30 days of
identification
We have a formal vulnerability management program, but we have gaps in parts of our core infrastructure
We have a formal vulnerability management program, but we are generally slow to remediate issues
Our vulnerability management program is implemented in regular maintenance windows only, unles
critical
Don’t know
Question text: How would you describe your organization when it comes to
identifying and patching software and configuration vulnerabilities? (Percent of
respondents, N=620)
Half Report Suboptimal Vulnerability Management Programs
52%
Top Ransomware 4 Entry Points
2022 ESG Research: The Long Road Ahead to Ransomware
Preparedness

10. © 2023 TechTarget, Inc. All Rights Reserved.
10
Biggest Vulnerability Management Challenges

11. © 2023 TechTarget, Inc. All Rights Reserved.
Monitoring Your Attack Surface
Your attack surface = the sum of all exposed IT assets across all attack vectors.
oThe entire area of IT infrastructure that is susceptible or exposed to potential compromise.
oProtecting an organization requires careful review of every attack vector, and a detailed
understanding of all assets associated with every attack vector, and what vulnerabilities exist within
them.

12. Attack Surface Management
(Asset discovery, Vuln Assessment, Vuln Remediation..)
Active Security Controls
(Network, Endpoint, Cloud, Email, Identity, Backups..)
Detection & Response
(EDR, NDR, XDR, ITDR..)
Incident Response
Recovery
Security Strategies & The Threat Funnel
PROTECT
DETECT
RESPOND
RECOVER
IDENTIFY

13. Attack Surface Reduction
(Asset discovery, Vuln Assessment, Vuln Remediation..)
Active Security Controls
(Network, Endpoint, Cloud, Email, Identity, Backups..)
Detection & Response
(EDR, NDR, XDR, ITDR..)
Incident Response
Recovery
Security Strategies & The Threat Funnel
PROTECT
DETECT
RESPOND
RECOVER
IDENTIFY
Major Shift to Behavioral
Threat Detection Monitoring

14. Attack Surface Reduction
(Asset discovery, Vuln Assessment, Vuln Remediation..)
Active Security Controls
(Network, Endpoint, Cloud, Email, Identity, Backups..)
Detection & Response
(EDR, NDR, XDR, ITDR..)
Incident Response
Recovery
Security Strategies & The Threat Funnel
PROTECT
DETECT
RESPOND
RECOVER
IDENTIFY
Continues to Lag, Primarily
Using Static, Event-based
Approaches

15. 15
Modernization is
Needed to Bring
the Top of the
Threat Funnel
into Alignment
© 2023 TechTarget, Inc. All Rights Reserved.

16. SECPOD’S INNOVATION TO
REDEFINE
CYBERATTACK
PREVENTION

17. POSTURE
ANOMALY
MANAGEMENT IN
ADVANCED
VULNERABILITY
MANAGEMENT
FRAMEWORK

18. Software
Hardware
WHAT
IT SECURITY TEAMS
HAVE TODAY VS
WHAT THEY CAN
HAVE

19. ONE ON ONE LABORIOUS
ASSESSMENT
VS.
HOLISTIC ASSESSMENT
IDENTIFYING OUTLIERS

20. SECPOD’S
INVENTION
TO MANAGE
POSTURE
ANOMALIES
WORKSTATIONS SERVERS
VIRTUAL
DEVICES
ALL MAJOR
OSs
NETWORK
DEVICES
Enterprise IT
Infrastructure
Continuous Data Feed
Posture Anomaly
Reporting Interface
Remediation
Fixes
Posture Anomaly
Controls & Trends
POSTURE ANOMALY ANALYSIS ENGINE
Outliers Detection Rule Based Data Trend Based
Security Control
Deviations
Big Data
Store
User Inputs For
Configuration and
Whitelisting
Feedback

21. Posture Anomaly Computation Framework

22. SECPOD’S INVENTION TO MANAGE
POSTURE ANOMALIES
SANERNOW
CONTINUOUS
POSTURE ANOMALY
MANAGEMENT
(CPAM) TOOL

23. BENEFITS OF CPAM TOOL
Gain Rapid Security
Mileage
Improve Operational
Efficiency
Eliminate Hidden
Uncertainties
Take Control over
Anomaly Loopholes

24. For inquiries, contact us at: Email: info@secpod.com
WWW.SECPOD.COM
PREVENT CYBER ATTACKS.
CONTINUOUS. AUTOMATED.
TRY SANERNOW FREE