20 min listen
EP32 Can You Ever Know Thyself: Cloud Attack Surface Management
EP32 Can You Ever Know Thyself: Cloud Attack Surface Management
ratings:
Length:
24 minutes
Released:
Sep 20, 2021
Format:
Podcast episode
Description
Guest: Derek Abdine, CTO @ Censys.io Topics: Attack Surface Management (ASM). Why do we need a new toolset and a new category? Isn’t this just 1980s asset management or CMDB? How do we find those assets that may have been misplaced by the organizations? How can any technology do this reliably? ASM seems to often rely on network layer 3 and 4. Can’t bad guys just hit the app endpoints and all your network is irrelevant then? When you think about the threats organizations face due to unknown assets, is data theft at the top of the stack? What should organizations keep in mind as a priority here? Who at an organization is best set up to receive, triage, investigate, and respond to the alerts about the attack surface? Are there proactive steps organizations can take to prevent shadow IT, or are we stuck responding to each new signal? Isn’t preventing new assets the same as preventing business? Resources: “Cloud Misconfiguration Mayhem An Analysis of Service Exposure Across Cloud Providers“ “Attack Surface Management Buyer’s Guide”
Released:
Sep 20, 2021
Format:
Podcast episode
Titles in the series (100)
Making Compliance Cloud-native: Guest: Zeal Somani, Security Solutions Manager @ Google Cloud, former PCI QSA Topics: What are the usable recipes for thinking about compliance in the cloud? What regulations are more challenging for public cloud users? How do you see the... by Cloud Security Podcast by Google