Page 78 - Cyber Defense eMagazine January 2023
P. 78
are more often black boxes – we don’t know which version of what operating system they’re running, or
which versions of what libraries, and even if we have that information, we can’t force an update; we
typically have to wait for a patch from the manufacturer. There are no standards or real consistency for
tracking security flaws across connected devices; the only way we can understand where the problems
are is to test them ourselves. Then, armed with a better understanding of how IoT devices are impacting
our attack surface, we can deploy targeted mitigation strategies to address the vulnerabilities we’ve
discovered.
This is, of course, good information to have and a good strategy to pursue. But how do we know that our
defensive tools, the stack of network, cloud, email, and endpoint security tools that we array to keep both
our traditional and nontraditional IT devices safe, are working? How do we know if an emerging threat is
able to slip through our firewall, or run undetected on an endpoint, or make it through our email gateway
to target an unsuspecting phishing victim? The same principle applies; we really need to test our
defensive stacks, on a continuous basis, to make sure they’re optimized and tuned to catch the latest
attacks that threat actors are deploying against us. This lets us, finally, go on the offensive and think like
an attacker – we can test and probe our networks and devices ourselves, discovering vulnerabilities and
attack paths ourselves, rather than waiting for a bad guy to do it.
We can get ahead of hackers by discovering and closing gaps in detection and visibility before they can
be used against us.
About the Author
Scott Register is Vice President of Security Solutions at Keysight
Technologies. Scott has more than 20 years of experience leading
product management and go-to-market activities for global
technology companies and is currently vice president of security
solutions for Keysight where he is tasked with brining new security
solutions to market across Keysight’s broad solution portfolio,
including security for connected devices from cars to webcams to
implanted medical devices. Register has served in product
management and go-to-market roles in a range of companies, from
startups to BreakingPoint, Ixia, Blue Coat, Check Point Software,
and Keysight. He holds B.S. and M.S. degrees in computer science
from Georgia Institute of Technology and also served as a member
of the research faculty. Scott can be reached on Twitter and at our company website
https://www.keysight.com/us/en/home.html.
Cyber Defense eMagazine – January 2023 Edition 78
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.