Page 78 - Cyber Defense eMagazine January 2023
P. 78

are more often black boxes – we don’t know which version of what operating system they’re running, or
            which versions of what libraries, and even if we have that information, we can’t force an update; we
            typically have to wait for a patch from the manufacturer. There are no standards or real consistency for
            tracking security flaws across connected devices; the only way we can understand where the problems
            are is to test them ourselves. Then, armed with a better understanding of how IoT devices are impacting
            our  attack  surface,  we can  deploy  targeted  mitigation  strategies to  address the  vulnerabilities we’ve
            discovered.

            This is, of course, good information to have and a good strategy to pursue. But how do we know that our
            defensive tools, the stack of network, cloud, email, and endpoint security tools that we array to keep both
            our traditional and nontraditional IT devices safe, are working? How do we know if an emerging threat is
            able to slip through our firewall, or run undetected on an endpoint, or make it through our email gateway
            to  target  an  unsuspecting  phishing  victim?  The  same  principle  applies;  we  really  need  to  test  our
            defensive stacks, on a continuous basis, to make sure they’re optimized and tuned to catch the latest
            attacks that threat actors are deploying against us. This lets us, finally, go on the offensive and think like
            an attacker – we can test and probe our networks and devices ourselves, discovering vulnerabilities and
            attack paths ourselves, rather than waiting for a bad guy to do it.

            We can get ahead of hackers by discovering and closing gaps in detection and visibility before they can
            be used against us.






            About the Author

            Scott Register is Vice President of Security Solutions at Keysight
            Technologies. Scott has more than 20 years of experience leading
            product  management  and  go-to-market  activities  for  global
            technology companies and is currently vice president of security
            solutions for Keysight where he is tasked with brining new security
            solutions  to  market  across  Keysight’s  broad  solution  portfolio,
            including security for connected devices from cars to webcams to
            implanted  medical  devices.  Register  has  served  in  product
            management and go-to-market roles in a range of companies, from
            startups to BreakingPoint, Ixia, Blue Coat, Check Point Software,
            and Keysight. He holds B.S. and M.S. degrees in computer science
            from Georgia Institute of Technology and also served as a member
            of the research faculty. Scott can be reached on Twitter and at our company website

            https://www.keysight.com/us/en/home.html.










            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       78
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   73   74   75   76   77   78   79   80   81   82   83