We are excited to be selected in RSAC 365 Innovation Showcase to discuss our Continuous Virtual Red Teaming solution. RSA Conference is a premier series of global events for the cyber security community known for offering expert insights in the industry. RSAC 365 Innovation Showcase highlights path breaking innovation in cybersecurity space.
The panelists, Maria Lewis Kussmaul (Co-Founder AGC), Greg Dracon (Partner, 406 venture), Eric Davis (Partner, AGC Partners) and Sam Curry (Cyber Security Officer, Cyber Reason) engaged with Bikash Barai, (Co-Founder, FireCompass) in a top level discussion on how our Continuous Virtual Red Teaming can help organizations.
Here are some short interesting snippets from the discussion:
Attack surface management is especially important in the current work from home environment. Since most businesses are moving to the cloud and with cybersecurity space getting more diverse, the attack surface is increasing. This is why there is a need for automation in red teaming. With the threats scaling up offensive attack simulation mixed with vulnerability scanning is a must.
Maria Kussmaul, Co-Founder, AGC Partners
The mindset is shifting from just defending to finding out which way the attacker may go to and which target one need to defend more staunchly.
Greg Dracon, Partner, 406 Ventures
Red Teaming is best done when it is done regularly and over time it’s aimed towards improving a security program.
FireCompass CART looks like an enterprise and mature company product and service. This actually “democratizes” CART and ASM.
Sam Curry, Cyber Security Officer, Cyber Reason
Attack Surface monitoring and automated red teaming are proving to be two categories that are laying the foundation for cyber hygiene. It gives the organization the knowledge of “what to protect?” and “Whom to protect it from?”
Eric Davis, Partner, AGC Partners
Q&A with Bikash:
Eric Davis: We historically have seen pen testing as more of an episodic, compliance-driven use case. As you’ve evolved FireCompass’s solution beyond pen testing to incorporate continuous automated red teaming, have you seen the use case similarly evolve to be more security-centric, or is compliance still driving the purchasing decision? Related to that, what budget dollar are you targeting within potential customers?
Bikash: Earlier people were driven by compliance procedures to make security decisions, but that is changing today because of how informed security folks are! People are conscious about their security posture and are noticing that their peers are getting compromised, which is leading them to make conscious buying decisions. So, one can say that security today is more of a conscious issue rather than a compliance issue.
When it comes to the budget, with automation, we can help our customers to save significantly. We have been able to save 80% of their cost when they moved from their traditional model. An organization that has never done anything in security till now, has finally started to pull out some budget.
Sam Curry: This looks like an enterprise and mature company product and service. Correct me if I am wrong there and this actually “democratizes” CART and ASM. For your customers, do you have the means to help them improve based on your output, or do you depend on a mature security program to consume the output and improve?
Bikash: What we have noticed is that whether it is a small company or a large enterprise – the problem is the same. Not many people want to improve upon a product; everyone needs something that they can consume right away, and as easily as possible. Nobody wants to see findings; they want to see actionable items.
Greg Dracon: It sounds as though you’ve built an end-to-end solution covering from basics (shadow IT) to threat actor attack risks, which is a lot.