Transcript
multiple pieces together to really help us evolve vulnerability management to a next level here. So exposure management, I think of this as a expansion on vulnerability management. So if you've been, you know, working on this for a while, you may have seen or heard several different terms, things like CASM, cyber asset attack surface management. This is the need to get better asset visibility across our organizations. Over the past five years, the security team has been taking a more vested interest in the asset programs within your organization. The reason for that is asset visibility is essential to understand exactly what all of your exposures are. There's a lot more focus around full visibility, the types of assets you have, the different attack surfaces that you have. So traditional vulnerability management focuses on your infrastructure, servers, workstations, the, you know, maybe some of the devices within our organization. External attack surface management was an additional perspective that looks from an outside in to get more of a perspective of what threat actors can see. The tech stack that we're presenting to the world, all of those types of exposures. Now with the heavy shift over to cloud, we have cloud configuration as another attack surface. So bringing those pieces together helps us to better understand our overall exposure. Things like our development or part of our organizations. So Avanti, of course, we've got over 70 products that we're building and delivering to the market, but many of you have web interfaces, mobile apps, other platforms or products that your own development teams are building and delivering to your users internally or externally, your customers. So bringing those into view as well. That's where we're going to talk about ASPM today, that or application level view of exposures within your organization. And really this is shifting more to a proactive form of cybersecurity. Vulnerability management traditionally is more reactive. This is trying to shift to a more proactive approach to this. So it's commonly governed by a continuous threat and exposure management. What Gartner refers to this market as CTEM. That's the shift to try to bring all these pieces together. But as you're looking at that, really exposure management has kind of four key areas that are a mind shift or an evolution on what we're dealing with. It's bringing asset more directly into this experience. Full asset visibility is very important. Vulnerability management traditionally is focused on the known knowns about our environment. I know about a device. I know what exposures it has. I'm managing it with vulnerability management. Vulnerability management didn't really tackle the known unknowns or the unknown unknowns about our environment. So a known unknown would be, it's a device I know about, it's in my environment somewhere, but I don't have visibility into what exposures are on it. Or unknown unknowns. Do I have some way of going after and trying to identify more of the unknowns? If you look at, Gartner actually did a survey this last year that identified only about 17% of enterprises are able to get up to a 95% asset visibility across their organization. Discovery or that larger chasm use case really is a struggle for a lot of organizations. Exposure management is going to focus on identifying and bringing more of those assets through that journey from unknown unknown to known unknown to known known. And that's where we want to be. We want to get that device to be known and the exposures on it to be known. The attack surface, again, bringing in multiple attack surfaces together. This is where RBVM and bringing ASPM into that experience really helps to ensure that we're bringing multiple streams of vulnerability findings into purview for the business to be able to understand what's going on. And then we can get to understanding our cyber exposures. With that, with good scoring, with identifying when findings came up, when they've been remediated, we can start to understand if we're keeping our risk level within our defined risk appetite. So risk appetite is another term that's becoming a larger focus of the exposure management mind shift. Professional vulnerability management spoke about things in terms of compliance or SLAs. Risk appetite is taking this a step further. It's really trying to define what levels of risk the business is willing to tolerate and what levels of risk falling outside of that is a bad situation. And from there, we're prepared to make decisions more quickly. We used to talk about things in terms of out of band. So if something releases and it's posing a giant risk to the business, we would do an out of band maintenance window to remediate that vulnerability. Zero day response is a different approach to that. It's a more proactive approach. And defining your risk appetite helps you to be able to make that shift over to responding to things in more of a zero day response mode. That means that you've already made the decision. You know when a vulnerability needs to be responded to sooner versus when a vulnerability can wait until our regular maintenance. And when the time comes, you've already got the tools in place, the people identified and the processes so that when you turn that switch on and you go into zero day response mode, you are responding quickly and efficiently and not having to drop everything and have a whole bunch of people disrupting their normal work to get that effort complete. So the Ivanti approach to exposure management, we've got several of these pieces already. Understanding your attack surface, being able to bring in that asset discovery and inventory. The Ivanti Neurons platform has a very strong discovery and asset visibility perspective. Making sure that we can bring that in and prioritize more effectively, our BVM, ASPM, the inclusion of our threat intelligence or vulnerability intel gives us the ability to better prioritize and respond to the risks in our environment. A stronger scoring methodology, a way to understand beyond a 10 point score for an individual vulnerability called CVSS that has many limitations. A risk adjusted scoring methodology and a way to score multiple vulnerabilities against a single asset or group of assets is very important to be able to better prioritize. The last piece, remediation. This is where a lot of times the vulnerability management side would pass off and let IT then take care of the remediation step. Exposure management is trying to bring these things full circle to make sure remediation is part of this process and the IT resources that need to take those actions have a seat at the table as well. This is a group working together cross functionally, cross tool sets, cross data silos to execute this end to end more proactively. Now today's conversation, we're going to get into one specific part of exposure management. There's exposure assessment, the different visibility pieces like the asset side, EASM from an external perspective. There's the aggregation of different vulnerability sources like your vulnerability scanners, whatever scanner you're using, the application scanners, those types of solutions all come into the RBBM platform and get prioritized. And then there's the handoff, of course, over to the exposure remediation side. There's playbooks, workflows, other pieces of the RBBM experience that helps you to make that handoff over to the IT organization where you might be doing patch remediation or a configuration change. You may be handing it off to a team through the ticketing system to make sure that the development team gets it in their backlog or a business line team gets a ticket to inform them of what needs to be done. Or maybe the network security team is informed of network devices that need to be updated. Each of those are different remediation streams that we want to keep track of. Most organizations lose those in email and have a hard time keeping track of that. So just a kind of a high level overview here quick before we jump into the demo. You've got the different external sources that you may have throughout your environment. The today, again, we're going to talk a lot about the vulnerability scanners and application scanners coming together in the RBBM platform. But there's other sources like assets, asset solutions, discovery, pieces like that that come together to give you that full exposure management view of your world. All assets, all findings, giving you that kind of complete holistic view. The risk-based prioritization and the other workflows to help drive remediation. That's the RBBM and ASPM demo we're going to see today, that piece of the puzzle. And then the vulnerability Intel that feeds into that. And then we'll be touching on some of the capabilities like the workflows and playbooks that help you drive that finding out to the proper remediation stream. So on that note, Vijay, if you are ready to go.