RedSeal, along with Renee Guttmann and Chris Hetner, hosted a CISO dinner in New York City last week, bringing together industry leaders to discuss cybersecurity’s evolving landscape, from advanced AI threats to board-level oversight challenges. This conversation focused on three key areas: board accountability, the demand for standardized metrics, and the need for better cyber hygiene.

Enhancing board accountability

One of the central themes was the growing role of the board in cybersecurity. Many CISOs noted that board members often have only a cursory understanding of cybersecurity’s impact. With only a few minutes annually dedicated to cyber matters, it’s no surprise that accountability suffers. Discussions revealed that only 30% of board members feel adequately equipped to make informed cybersecurity decisions, with 75% unsure about the accuracy of their organization’s security data. In response to this knowledge gap, organizations like the NACD, which has over 24,000 members, are actively working to enhance board oversight on cyber risks. The NACD’s Director’s Handbook on Cyber Risk Oversight provides valuable resources for boards to improve their understanding and engagement in cybersecurity matters. For further insights, you can access their latest Cyber Risk document here.

Yet, the disconnect goes beyond understanding risks; boards often lack clarity on how cyber risks align with business strategy and financial health. Discussions highlighted the need for frameworks to contextualize cyber threats in terms of company assets, capital deployment, and potential financial losses. By 2026, it’s projected that cyber incidents could lead to hundreds of millions in losses, affecting not only cybersecurity but entire business operations—as seen with recent high-profile cases like Clorox and MGM Resorts.

RedSeal bridges this gap, providing comprehensive insights and tools that enable organizations to see 100% of what is on their digital environment, empowering boards and leaders to make informed decisions.

The case for standards, metrics, and regular reporting

The group emphasized the need for clear metrics and standardized reporting to guide both CISO and board actions. NACD’s quarterly cyber risk reporting program outlines the expectations boards have for their organizations. These reports detail:

• An organization’s overall financial exposure to cyber risks and cyberattacks
• A view of the cyber threats most likely to cause financial losses to a business
• Insights on the cyber controls most effective in mitigating financial losses
• Insights on cyber risk transfer/cyber insurance, including “stress testing” existing policies across a range of potential cyber incidents

Without consistency in how cyber risks are measured, many boards remain unaware of the critical issues and resources needed to address them. Regulatory bodies and trade associations could play a pivotal role in creating baseline metrics, particularly in areas like third-party security, cloud configurations, and vulnerability scanning.

RedSeal plays a pivotal role in establishing baseline metrics and developing a “cyber hygiene” checklist. Our digital resilience score offers a benchmark for security posture, helping teams grasp the essentials of cyber resilience and set proactive security strategies to mitigate opportunistic threats. This approach, akin to standards like ISO and NIST, can also help boards understand the basics of cyber resilience. As one attendee noted, “Cyber hygiene today might not prevent a nation-state attack, but it will protect from opportunistic threats, ensuring foundational security.”

Reinforcing cyber hygiene and addressing compliance fatigue

The concept of cyber hygiene emerged as an area of both opportunity and frustration. While some board members see it as a mere checkbox exercise, CISOs stressed its importance for both regulatory compliance and practical risk reduction. Cyber hygiene basics—like identifying assets, scheduling updates, and implementing phishing safeguards—are still overlooked by many organizations. But it’s these essentials, along with clear accountability, that prevent costly breaches.

Chris’s analogy of “The Sandlot”, the 1993 movie, and cyber security teams struck a cord. In this classic movie, boys of all different abilities were accepted on the team, all were needed to field the team. They governed themselves, made rules that were fair and consistent, stood up for what is right, accepted responsibility if something went wrong. In many organizations, only a few key players tackle security issues while others remain on the sidelines. A more uniform approach across all teams will significantly strengthen the organization’s overall security.

The call for a unified approach to cyber hygiene resonates deeply with RedSeal’s mission to foster a security-first culture within organizations and knowing the entirety of a network. Just like in cybersecurity, if everyone isn’t committed to playing their part, vulnerabilities are left open, and breaches occur.

Moving forward: A collaborative approach

The evening concluded with consensus around the need for collaboration. Board members and CISOs alike must work to build an organization-wide commitment to cybersecurity. This collaboration fosters regular, open communication, ensuring cybersecurity is prioritized strategically, not merely as a compliance obligation.

The dinner served as a reminder that cyber resilience requires a shared commitment. With the rapid growth of cyber threats, a united approach to accountability, standardization, and proactive action will help safeguard the future of every organization.

Reach out to RedSeal or schedule a demo today to learn how to bolster your cybersecurity efforts and make the strategic move that promises long-term benefits and peace of mind.

 

In this week’s roundup of cybersecurity news, we dive into significant developments, including investigations into restricted chips found in Huawei products, the confirmation of a zero-day vulnerability in Fortinet’s FortiManager, and CISA’s addition of a critical Microsoft SharePoint flaw to its Known Exploited Vulnerabilities catalog. We also explore active attacks on Cisco’s ASA software and the U.S. Defense Department’s initiative to harness tech talent for military cyber roles. Stay informed as we uncover the latest threats, vulnerabilities, and responses shaping the cybersecurity landscape.

 

Officials investigate how restricted chips ended up in products from Huawei

Taiwan Semiconductor Manufacturing Co. (TSMC) discovered this month that chips it made for a specific client ended up in Huawei Technologies products, potentially violating U.S. sanctions aimed at restricting technology to the Chinese company. TSMC halted shipments to the client in mid-October and notified both U.S. and Taiwanese authorities. It’s unclear if the client was working on behalf of Huawei or where they are based, but the incident raises questions about how Huawei accessed advanced chips despite sanctions.

Huawei, blacklisted since 2020, has relied on Semiconductor Manufacturing International Corp. (SMIC) for chip production. However, recent reports suggest Huawei’s latest AI servers contain processors made by TSMC. TSMC had previously stated it stopped all shipments to Huawei in 2020. U.S. officials are now investigating whether third-party distributors played a role in bypassing export restrictions. This development adds pressure on TSMC and the U.S. Bureau of Industry and Security to address potential loopholes in export controls.(Bloomberg)

Fortinet confirms a recently rumored zero-day

For over a week, rumors of a zero-day vulnerability in Fortinet’s FortiManager have been circulating online. Today, the flaw, dubbed “FortiJump” (CVE-2024-47575), was officially disclosed by Fortinet, confirming it has been actively exploited since June 2024. The vulnerability, a missing authentication issue in the FortiGate to FortiManager Protocol (FGFM) API, allows attackers to execute commands on FortiManager servers and steal data from managed FortiGate devices.

Cybersecurity firm Mandiant revealed that a threat actor, tracked as UNC5820, has been exploiting the flaw in attacks affecting more than 50 servers. Attackers used their own FortiManager and FortiGate devices with valid certificates to register on vulnerable FortiManager servers. Once connected, even in an unauthorized state, these devices could access sensitive data, including configuration details and hashed passwords of managed devices.

Fortinet has released patches and advised customers to restrict IP connections and block unauthorized FortiGate devices. The company’s advisory includes mitigation measures, indicators of compromise, and logs to help detect affected systems. Organizations are urged to apply these patches and update credentials to prevent further breaches. So far, no additional malicious activity has been reported since the initial attacks. (Bleepingcomputer)

 

CISA adds Microsoft SharePoint flaw to its KEV catalog

The flaw in question is the Microsoft SharePoint Deserialization Vulnerability, which has a CVSS v4 score of 7.2 and a CVE number: CVE-2024-38094.This means “an authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server.” Federal agencies must fix this vulnerability by November 12, and of course it is recommended that private organizations review the Catalog and address this vulnerability. (Security Affairs)

 

Cisco warns of ASA and FTD software vulnerability under active attack

Cisco is in the news for a second time this week, this time in regard to a flaw in its Adaptive Security Appliance (ASA) that could lead to a denial-of-service (DoS) condition. This flaw impacts the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD) Software. The company says, “an attacker could exploit this vulnerability by sending a large number of VPN authentication requests to an affected device…resulting in a DoS of the RAVPN service on the affected device.” This is also known as resource exhaustion. Cisco has released updates to address this flaw. (The Hacker News)

 

Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland

On the first day of the first ever Pwn2Own contest held in Ireland, hackers demonstrated 52 zero-day vulnerabilities across a wide range of devices, earning a total of $486,250 in cash prizes. The biggest prize of the day went to a group named Summoning Team who revealed “a chain of nine vulnerabilities to go from QNAP QHora-322 router to TrueNAS Mini X device. This earned them a $100,000 payout and 10 Master of Pwn points. The event concludes today. (BleepingComputer)

 

Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign

Cisco has released patches for multiple vulnerabilities affecting its Adaptive Security Appliance (ASA), Secure Firewall Management Center (FMC), and Firepower Threat Defense (FTD) products, including one that has been actively exploited. The exploited vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), impacts the Remote Access VPN (RAVPN) service on ASA and FTD devices, allowing remote attackers to cause a denial-of-service (DoS) condition through resource exhaustion by sending numerous VPN authentication requests.Cisco linked this issue to a large-scale brute-force attack campaign it first reported in April 2024, which targets various VPN and SSH services, not only Cisco products but also those from other vendors like Checkpoint, Fortinet, and Ubiquiti.

Alongside CVE-2024-20481, Cisco’s October 2024 security advisory bundle addressed 50 other flaws, including three critical vulnerabilities (CVE-2024-20329, CVE-2024-20424, and CVE-2024-20412) that could allow attackers to execute commands with root privileges or log in using static credentials. Additionally, proof-of-concept code has been released for three information disclosure vulnerabilities (CVE-2024-20377, CVE-2024-20387, CVE-2024-20388). Cisco urges organizations to apply the patches immediately to avoid potential exploits. Further details are available in Cisco’s security advisories. (SecurityWeek)

 

Fortinet patches actively exploited zero-day

On October 13th, Fortinet began privately notifying impacted customers about a critical flaw in its FortiManager API. This flaw allowed an attacker with a valid certificate from any owned or compromised Fortinet device to execute arbitrary code and take complete control of attached firewalls. Some customers reported the flaw under active exploitation for weeks before any notice from the company. This notification included mitigations until a patch was formally released. Security researcher Kevin Beaumont posted on social media about the flaw the same day Fortinet sent its initial notification, dubbing it FortiJump. Fortinet released a patch for the vulnerability as well as indicators of compromise. (Ars Technica, Bleeping Computer)

 

DeFi game used to exploit Chrome zero-day

Researchers from Kaspersky detailed a North Korea’s Lazarus Group campaign that used an NFT-based game as a lure to install its tried and true Manuscrypt backdoor. Lazarus promoted the game DeTankZone through spearphishing and ads on X and LinkedIn DMs. The game loads to a login screen, which then points users to the game’s website to complete registration. The site uses a hidden script to trigger a Chrome V8 Javascript confusion vulnerability, used to overwrite sections of Chrome’s compiler to get access to the browser’s entire address space. Lazarus used this for reconnaissance to see if the victim was valuable enough to continue attacking. Chrome patched the flaw in V8 in March. (Bleeping Computer)

 

Samsung zero-day under active exploit

A zero-day vulnerability (CVE-2024-44068) has been discovered in Samsung’s mobile processors and is being used in an exploit chain for arbitrary code execution. NIST said the use-after-free bug is in the m2m scaler driver in Samsung Mobile and Wearable Processors (Exynos 9820, 9825, 980, 990, 850, and W920) and leads to privilege escalation. The vulnerability was rated critical and scored 8.1 out of 10 on the CVSS scale.  Samsung issued a patch along with its October set of security fixes. (Dark Reading)

 

Exploit released for new Windows Server “WinReg” attack

Proof-of-concept exploit code is now public for a vulnerability in Microsoft’s Remote Registry client (CVE-2024-43532) that falls back to old transport protocols if SMB transport is not present. An attacker could use the issue to authenticate to Active Directory Certificate Services (ADCS) where they could then obtain a user certificate for further domain authentication. The flaw affects all Windows server versions 2008 through 2022 as well as Windows 10 and Windows 11. Akamai researcher Stiv Kupchik originally disclosed the issue back in February after which Microsoft dismissed the report as a documentation issue. In mid-June, Kupchik resubmitted the report with a better proof-of-concept (PoC) and explanation leading Microsoft to confirm the issue in early July and issue a fix earlier this month. Akamai provided methods of detecting vulnerable services and recommends orgs use Event Tracing for Windows (ETW) to monitor for related RPC calls. (Bleeping Computer)

 

The DoD wants to offer senior cyber executives part-time roles as military reservists

The U.S. Defense Department is looking to tap into Silicon Valley’s tech talent by offering senior executives part-time roles as military reservists. These tech pros, like chief technology officers, would serve in high-ranking positions and be called in for short-term projects in areas like cybersecurity and data analytics. Brynt Parmeter, the Defense Department’s chief talent management officer, is spearheading the effort, aiming to bring dozens of tech professionals on board by next September, with plans to grow the program significantly over the next few years.

This initiative marks a shift in Silicon Valley’s relationship with the military, as tech companies increasingly see national security opportunities as beneficial. Parmeter hopes to place these tech experts in roles equivalent to major or lieutenant colonel in the Army and Air Force Reserves. The goal is to strengthen the military’s capabilities by leveraging private-sector expertise, without pulling these tech pros away from their keyboards and into combat. (WSJ)

 

Proposed rules ban U.S. companies from selling sensitive data

The Biden administration has formally proposed new regulations that would restrict the sale and transfer of sensitive personal data, such as health, financial, and geolocation data, to six adversarial nations: China, Russia, Iran, North Korea, Cuba, and Venezuela. These rules, which stem from a February executive order, aim to address national security risks posed by foreign actors exploiting bulk data to carry out cyberattacks and espionage. The new regulations set strict thresholds for data transactions and impose compliance requirements based on cybersecurity frameworks, with exemptions for certain telecommunications and clinical trial data. Though with congressional and presidential elections just weeks away there is doubt as to whether there will be any forward movement on the bill this year.  (CyberScoop), (The Record)

 

APT41 group linked to months-long attack 

The Chinese nation-state hacking group APT41 has been linked to a months-long cyberattack on a company in the gambling and gaming industry, where they stole sensitive data including network configurations and passwords. The group used a sophisticated, evolving toolkit to bypass security defenses, maintain persistent access, and escalate privileges. The attackers’ custom tools allowed them to establish covert channels for further malware deployment. While exact initial access vector is unknown, security researchers believe spear-phishing emails may be the point of access. (The Hacker News)

 

Have questions? Reach out to RedSeal today to chat with one of our cybersecurity experts or schedule a demo today.

In an increasingly interconnected and technologically advanced world, the scope and complexity of cyber threats and security challenges have never been greater. From drones probing military bases to critical vulnerabilities in widely used software and hackers exploiting outdated physical access controls, organizations and governments face a wide range of risks that demand immediate attention and action. This week’s articles highlight the latest cybersecurity challenges, emphasizing the urgent need for proactive defenses against these emerging threats.

 

Mystery Drones Swarmed a U.S. Military Base for 17 Days. The Pentagon Is Stumped

In December, a fleet of advanced drones, suspected to be of Chinese origin, swarmed U.S. military installations near Norfolk, Virginia, including the home of Navy SEAL Team 6. These drones, capable of speeds over 100 mph and synchronized via AI, flew for 17 days, causing concern within the Biden administration. Due to legal restrictions preventing the military from shooting them down unless an imminent threat was posed, no decisive action was taken, even though the drones hovered over one of the most sensitive U.S. military bases.

A month later, a Chinese student was arrested after flying a drone near the base. The incident, along with similar drone sightings near nuclear facilities and other sensitive military sites, raised alarms about possible espionage or reconnaissance missions to test U.S. defenses. Critics argue that the administration’s inaction demonstrated weakness and missed an opportunity to send a strong message to China. This series of incidents is seen as part of a broader pattern of probing U.S. responses to potential threats. (WSJ, Fox News )

A critical vulnerability in Veeam Backup & Replication software is being exploited

A critical vulnerability in Veeam Backup & Replication software (CVE-2024-40711) is being exploited by hackers to deploy ransomware, including Fog and Akira variants. The flaw allows unauthenticated remote code execution, enabling attackers to create unauthorized accounts and gain privileged access. Attackers initially gained access through compromised VPN gateways without multifactor authentication. Sophos reported several attacks over the past month, highlighting the need for patching, updating outdated VPNs, and implementing strong security measures. Veeam has released a patch (version 12.2.0.334), and administrators are urged to apply it immediately. (Cyber Security News)

 

Iranian hackers exploit Windows flaw to elevate privileges

An Iranian state-sponsored hacking group named APT34 and also known as OilRig, is targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf Region with an enhanced campaign. As reported by researchers at Trend Micro, the group is deploying a backdoor that uses Microsoft Exchange servers to steal credentials and which exploits a known Windows flaw to elevate their privileges on compromised devices. This flaw is a high-severity privilege escalation vulnerability with a CVE number that Microsoft fixed in June. According to BleepingComputer, “Microsoft has acknowledged a proof-of-concept exploit for this CVE numbered flaw, but has not yet marked it as actively exploited, nor has CISA reported it in its Known Exploited Vulnerability catalog.” (BleepingComputer)

 

Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server

These two tunneling protocols are being officially deprecated by Microsoft for future versions of Windows Server, along with a recommendation that admins move to different protocols that offer increased security. The Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) have been in use for more than 20 years to allow remote access to corporate networks and Windows servers. However, PPTP has “become vulnerable to offline brute force attacks of captured authentication hashes, and L2TP provides no encryption unless coupled with another protocol, like IPsec, and even then, weaknesses can appear. Microsoft now recommends users move to the newer Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEv2) protocols, which provide better performance and security. (BleepingComputer)

 

Organizations Slow to Protect Doors Against Hackers

A recent study reveals that many organizations have been slow to secure vulnerable door access controllers, leaving them open to remote attacks. Researcher Shawn Merdinger, through his project “Box of Rain,” identified exposed systems in sectors such as healthcare, education, and law enforcement. Despite warnings and reports, many controllers remain vulnerable due to default credentials or unprotected web interfaces, potentially allowing hackers to gain unauthorized access. The findings highlight the ongoing risks posed by outdated physical access controls. (SecurityWeek)

Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Remote Code

Splunk has patched multiple high-severity vulnerabilities in its Enterprise and Cloud Platform products that allow remote code execution. These flaws, including CVE-2024-45733 (CVSS 8.8), affect Windows versions below 9.2.3 and 9.1.6. Another issue, CVE-2024-45731, allows file writing to the system root, while CVE-2024-45732 could enable unauthorized access to data. Splunk recommends upgrading to the latest versions and applying mitigations, such as disabling Splunk Web and ensuring proper installation configurations. These vulnerabilities highlight the critical need for timely security updates to protect sensitive systems. (Cyber Security News)

 

Must patch flaw exposes tens of thousands

We are now getting a clearer idea of just how many IPs are vulnerable to the Fortinet vulnerability that CISA placed on its critical patch list last week. According to CyberScoop, around 87,000 IPs are likely susceptible to the vulnerability, which has a 9.8 rating on the CVSS scale. Fortinet released a fix in February, but the issue remains widespread, with the majority of vulnerable IPs located in Asia, North America, and Europe. Federal agencies are required to address the issue by the end of October. (CyberScoop)

 

Firefox zero-day update to include Tor

Shortly after Firefox rolled out version 131.0.2 with a fix for a critical zero-day vulnerability (CVE-2024-9680), the Tor browser was also updated to patch the issue. The bug, which could lead to remote code execution via a use-after-free flaw in the Animation timeline, had been actively exploited in the wild, as confirmed by Mozilla and reported by ESET. Both Firefox and Tor quickly responded to the exploit, delivering fixes within 25 hours of identifying the issue. (Security Week)

 

Nearly 400 U.S. healthcare institutions hit with ransomware over past 12 months

On Tuesday, Microsoft released a report revealing that between July 2023 and June 2024, 389 U.S.-based healthcare institutions were successfully hit with ransomware. The attacks caused network and system outages, delays in critical medical operations and rescheduled appointments. Microsoft customers reported a 2.75x increase in human-operated ransomware encounters. The researchers said that the motives of Russian, North Korean and Iranian cybercriminals appear to have shifted from destruction to financial gain. The report did yield some positive news, showing that the percentage of ransomware attacks that reached the encryption stage has decreased significantly over the past two years. (The Record and The Register)

 

Encryption flaws found in WeChat

Researchers at Citizen Lab investigated the MMTLS encryption protocol used by the massively popular WeChat app. They found that MMTLS was a modified version of TLS 1.3 that introduced cryptographic weaknesses. While the researchers could not craft an attack to exploit these weaknesses, they noted that MMTLS uses deterministic initialization vectors, which opens the door to a brute force attack and goes against NIST recommendations. The protocol also lacks forward secrecy due to its heavy use of session-resuming pre-shared keys. The researchers published full findings and methodologies on GitHub. (Citizen Lab)

 

CISA refines SBOM guidance

The US Cybersecurity and Infrastructure Security Agency published a new edition of its Framing Software Component Transparency document, providing new guidance on creating software bill of materials (SBOMs). This now sets out SBOM attributes into minimum expected, recommended, and aspirational categories. The baseline requirements primarily focus on transparency and interoperability with existing SBOM formats. CISA also pointed out that to make SBOMs useful, the industry needs coordinated and automated methods to share SBOM data. (Infosecurity Magazine)

 

Hackers steal data from Verizon’s push-to-talk (PTT) system

Hackers have stolen data from Verizon’s push-to-talk (PTT) system, which is marketed to government agencies and first responders, and are now selling the data on a Russian cybercrime forum. 404 Media reports the breach did not affect Verizon’s main consumer network, but it targeted a third-party provider supporting the PTT system. The stolen data includes call logs, emails, and phone numbers. Verizon confirmed that a small subset of customer data was exposed but noted that no sensitive information such as Social Security numbers was leaked. The hackers, including Cyberphantom and Judische, are part of a cybercriminal group known as the “Com,” responsible for numerous high-profile breaches. The hackers are selling the stolen data instead of extorting Verizon. (CyberInsider)

 

CISA and its partners warn of Iranian brute force password attempts

A joint cybersecurity advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), FBI, NSA, and other international authorities warns that Iranian cyber actors are increasingly using brute force methods like password spraying and “push bombing” to target global critical infrastructure sectors. These attackers focus on healthcare, government, IT, and energy sectors to steal credentials and gain deeper access to systems. The advisory highlights that Iranian actors have exploited MFA vulnerabilities and sold stolen credentials, urging organizations to enhance security by implementing phishing-resistant MFA and monitoring for suspicious logins and behaviors. (Gov Info Security)

 

F5 publishes quarterly security notification, addressing BIG-IP and BIG-IQ vulnerabilities

News about the fixes for these vulnerabilities came in the company’s October edition of its quarterly security notification. The update for BIG-IP, a collection of hardware platforms and software solutions address a high-severity security defect affecting the appliance’s monitor functionality. The update for BIG-IQ, which centralizes management, licensing, monitoring, and analytics for a dispersed BIG-IP infrastructure, is described as “a stored cross-site scripting (XSS) bug in an undisclosed page of the appliance’s user interface.” F5 makes no mention of either of these vulnerabilities being exploited in the wild. Further details are available in the F5 quarterly security notification, a link to which is available in the show notes to this episode. (F5 Quarterly Security Notification)

 

Vulnerability warning from Kubernetes and VMWare, plus new KEV catalog entries

Finally, just a quick summary of some vulnerabilities of note this week, a Kubernetes Image Builder vulnerability could allow attackers to gain root access if exploited under specific conditions. This applies only to Kubernetes clusters with nodes using VM images from the Image Builder project and its Proxmox provider. VMware has fixed “a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager,” and CISA has added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: a Microsoft Windows Kernel TOCTOU race condition vulnerability, a Mozilla Firefox use-after-free vulnerability, and a SolarWinds Web Help Desk hardcoded credential vulnerability. Links to details on these is available in the show notes. (Security Affairs, Security Affairs and Security Affairs)

 

Have questions? Reach out to RedSeal today to chat with one of our cybersecurity experts or schedule a demo today.

In today’s rapidly escalating threat landscape, delaying action on cyber risk is no longer an option. Cyber threats are growing in both complexity and frequency, making it crucial for organizations to understand and prioritize their mission-critical assets now. Effective scoping in of Continuous Threat Exposure Management (CTEM) is the key to identifying, assessing, and managing risks, ensuring that your organization stays ahead of emerging threats.  

Understanding the scoping process 

Scoping is not about limiting the reach of your CTEM program; instead, it provides a structured approach to organizing and communicating exposure management efforts and outcomes to leadership and stakeholders. By clarifying key questions during this stage, scoping puts exposure management in a meaningful business context.  

 Key questions during this stage include: 

• What do we own?
• What does it do for our business? 
• What are the risks if it is compromised? 

By answering these questions, organizations can create a clearer picture of their attack surface and better prepare for potential threats. 

 RedSeal’s role in smart scoping 

RedSeal plays a pivotal role in supporting effective scoping within CTEM programs. By providing a reliable asset inventory, RedSeal consolidates resources from various environments—including public cloud, private cloud, on-premises, IT, operational technology (OT), and Internet of Things (IoT)—into a single, comprehensive model known as a network digital twin. 

 This powerful visualization tool allows organizations to map their resources into physical, logical, and custom topology groups. As a result, stakeholders can easily identify business-critical systems and assets, enabling them to define scopes that are relevant to their specific business context. The unparalleled ability of RedSeal to uncover and map hybrid infrastructure ensures that no potential vulnerability goes unnoticed. 

 Aligning security and business priorities 

Incorporating effective scoping practices into your CTEM program is essential for bridging the gap between cybersecurity and business strategy. With RedSeal’s capabilities, organizations can align their security priorities with business priorities, ensuring that exposure management efforts are both relevant and impactful. 

 As you navigate the complexities of today’s threat landscape, remember that thoughtful scoping, powered by RedSeal, is key to maintaining a strong security posture. By focusing on what matters most to your business, you can enhance your organization’s resilience and protect against the ever-evolving array of cyber threats. 

Reach out to RedSeal today to schedule a demo and learn about RedSeal’s pivotal role in supporting CTEM programs.