Excerpted from SC Magazine interview. View the full interview here.
At Infosecurity Europe 2016, Skybox CEO and Founder Gidi Cohen sat down with SC Magazine to discuss the company’s unique approach of using Indicators of Exposure (IOEs) as early signs of security weaknesses that leave an enterprise most vulnerable to a potential attack.
IOEs are akin to Indicators of Compromise (IOCs), which are forensic artifacts signifying that a cyberattack occurred. “Indicators of Exposure, on the other hand, are basically telling you what can be exposed [and] what can be attacked . . . what are the pieces of the attack vectors that hackers can exploit to their benefit,” said Cohen in the interview.
By using IOEs in addition to IOCs, security teams can be more proactive, heading off attacks before they occur aswell as preventing the spread of ongoing attacks and cutting off exfiltration paths in the attempt of a data breach.
IOEs represent an evolved understanding of the attack surface that goes beyond defining it only in terms of vulnerabilities, without the context of the network, business or critical assets.
IOEs consolidate and generalize a range of risks, including security misconfigurations and risky access rules as well as new and exposed vulnerabilities or vulnerability densities. This helps to focus on organization’s limited security resources on the most critical risks that put the business in danger of an attack or could enable the spread of an attack that is already underway.
Traditionally, the data surrounding different security issues is disparate – a vulnerability on a system looks different than a firewall misconfiguration or an incorrectly implemented network zone. But with the IOE approach, different types of weaknesses are brought into one common language so you can more accurately understand the severity of those risks in a larger context.
“[The] Indicators of Exposure concept unifies a lot of different pieces of security data that looked very different,” said Cohen. “IOEs are generalizing that to one concept. When you take all of that together and overlay it on the attack surface you can provide for the first time visibility for the CISO [as to] what’s the total risk or exposure and organization may face.”
And the criticality of that risk isn’t based on third-party rankings. Like all Skybox technology, IOEs are prioritized based on the context of an organization’s unique business, technical and regulatory environment. Skybox uses advanced attack simulation technology to correlate vast amounts of information, considering all potential attack vectors and the components enabling them. Only through these comprehensive, contextualized simulations can an understanding of real risk – and how to deal with it – emerge.
By layering IOEs on top of an interactive model of the attack surface, organizations have a vital tool to quickly visualize where risk lies within their infrastructure, drill down to see what’s causing that risk and provide intelligence for targeted remediation efforts.
The IOE method is the building block of a first-of-its-kind attack surface visualization solution: Skybox Horizon. See how advanced IT infrastructure modeling, comprehensive vulnerability and threat intelligence and the IOE approach power at-a-glance visibility of the attack surface and fast insight on how to reduce it.
Read the whitepaper to learn intelligence a simple picture can reveal. See the applications and use cases of attack surface visibility.