LookingGlass Cyber Solutions Chief Product Officer Cody Pierce recently spoke with CyberScoop about the practices that help security teams gain visibility into their assets to better understand and reduce exposure to attacks and, in turn, narrow security gaps.
Cody Pierce, Chief Product Officer of LookingGlass was interviewed by Wyatt Kash, SVP, Content Strategy, Scoop News Group. (This interview has been edited for length and clarity).
KASH: CAN YOU SHARE SOME CYBER HYGIENE PRACTICES THAT HELP SECURITY TEAMS GAIN COMPLETE VISIBILITY INTO THEIR I.T. ENIVRONMENT TO HELP ADDRESS BLIND SPOTS IN THE ENTERPRISE I.T. ARCHITECTURE?
Pierce: When we talk about visibility, we’re talking about a fundamental pillar of your cybersecurity program. If you are building or you’ve established a cyber security program, it really starts with having complete visibility of your users and your assets. Without that visibility, it’s really hard to build a successful program. If you don’t know what you have, you don’t know what you need to secure.
KASH: HOW WOULD YOU CHARACTERIZE WHERE ORGANIZATIONS ARE AT WITH THE TOOLS THAT THEY NEED TO ASSESS THREAT LANDSCAPES TO FULLY UNDERSTAND CURRENT AND FUTURE EXPOSURES?
Pierce: I think that organizations are just starting to understand that when we talk about attack surface management for an organization, it’s not just the assets you may have, it also includes your assets both internally in the cloud, and externally connected to the internet, so that’s step 1. Step 2 is taking the threat component to your risk calculation which includes the industry that you’re in, the current threat landscape, and that then becomes information that you can overlay onto your specific digital footprint or attack surface.
KASH: FOR OUR LISTENERS IN GOVERNMENT AGENCY, WHAT WOULD YOU SAY IS IMPORTANT FOR I.T. LEADERS TO BE THINKING ABOUT WHEN IT COMES TO CYBERSECURITY RISK MANAGEMENT?
Pierce: I think a lot of what we’ve talked about today applies to government agencies, except at a much bigger scale, so it’s even more critical to be able to take that information, apply it to a potential third party, and help them become more secure with the implementation of these processes. For example, LookingGlass was helping a government agency within the transportation sector, and what they needed to know very quickly was whether they were being exploited by a nation-state actor for a specific vulnerability. That sector was able to use LookingGlass to do that within minutes and come out with the right guidance and the right action across a whole sector, and that’s a lot of what the government agencies focus on, sector by sector risk assessment.
Be sure to watch the entire interview to hear more from Cody and his insights on reducing attack surface risks. To learn more about mapping your assets from endpoints and servers, to APIs and software, to better visualize the attack surface across your organization, contact us here.