A conference titled “The Emerging Need for Cyber Asset Attack Surface Management (CAASM)” was organised by Dataquest and Scrut Automation, a SaaS-based GRC tool that helps companies enhance their information security posture. Security experts spoke at the conference about asset management, surface security, and how cybersecurity affects our daily lives. They explained how cooperation can make our society more resilient to cyberattacks.
Cyber threats continue to be a top worry for management and boards, as well as investors and other stakeholders in the organisation. The risk curve is still rising, and there are more breaches, ransomware, malware, and other threats.
Sunil Rajguru, Editor at Dataquest, delivered the opening remarks and gave an overview of the development of connectivity and networks as well as cybersecurity over time. The world has changed dramatically in a short period of time as a result of things like widespread Internet access. The Internet has transformed the whole world in just a few decades. However, as more people become connected, cyber risks and attacks also increase exponentially.
Following that, the inaugural keynote address was given by Aayush Ghosh Choudhury, Co-Founder and CEO of Scrut Automation, who explained how CAASM solutions address the issue of asset visibility. CAASM gives IT and security teams the ability to feel confident that everything in their environment is managed and secured since it provides a consolidated picture of all assets.
Aayush addressed issues such as: What should be the real solution for asset inventories? How to preserve hygiene in the system. How to go agentless, and how to guarantee value quickly.
Bringing in the DevOps mindset
Next, came the industry keynote by Arumugam Palani, Principal, Boston Consulting Group (BCG), titled “Understanding the Importance of CAASM”.
He highlighted Covid as a key driver of accelerating digital transformation throughout traditional and non-traditional organisations, emphasizing that success depends on adopting a practitioner mindset that considers how things can function, potential obstacles, and the DevOps mindset. A fundamental and cross-cutting horizontal pipe that ensures every asset, code, and inbound and outbound communication pass through various systems and formulae is essential from the perspective of cybersecurity.
Know your assets first!
Aayush, Satish Kumar Dwibhashi, SVP & CISO of InMobi, Jason Joseph, CISO of Signdesk, joined in the panel discussion titled “CAASM, Visibility of Assets, and Securing your Crown Jewels” moderated by Rajguru.
Rajguru highlighted the difficult problems brought on by shifting dynamics and how CISOs reduce risk exposure. What obstacles do they face in safeguarding their assets?
According to Satish, finding an asset might be difficult for huge businesses, so first identify your asset. Locating the assets becomes more difficult when there are multiple clouds that are complex.
Jason concurred that asset management is essential given the changing security scenario, the complexity of each block brought on by shifting data governance, and geographic concerns. He added: Set up a perimeter, then defend it. Asset management is known as both traditional and non-traditional.
Aayush added that asset management was challenging, since separate artifacts were disconnected when his team worked with the mid market. To remain competitive, we must evangelize.
CISOs shifting away
Satish responded that many organisations have effective change management and solid CMDB in place when Rajguru questioned him about why CISOs are making the switch. Satish stated their ambition is to develop a powerful CMDB. So fundamentally, establish a solid connection between CMDB and the assets. He outlined it: A better journey effect comes from a newer method of asset discovery that uses CAASM and additional tools. Place the entire map. Companies that are cloud-and digital-native have benefited by mapping their assets.
Jason then added: In the digital age, businesses have mapped out their assets. The key question is which number can be relied upon. These figures are all accurate. There are several data silos. Consider everything in its entirety. And consider the attack area. Next, consider trust over it. Instead of waiting for the industry to follow or catch up, we should begin evangelizing.
Aayush says that after observing numerous businesses, he can attest to the difficulty of the CISO job in terms of asset counting and asset maintenance. We believe that if visibility is effective, real-time visibility is an effective tool for mid-market companies. Assets are tangible objects that are fluid to the touch. That will simplify the CISO’s job.
Importance of mapping
According to Satish, businesses will continue to see new attacks. He added: Analyze your blind spots. Monitoring security dashboards and consoles becomes difficult at that point. Visibility should be present. A prompt answer is crucial. Numerous organisations are taking additional initiative. Fraudsters always look for an opportunity to profit. Most of the time, we react rather than take action. The dual times are being decreased.
According to Jason: When you have an asset map, the next question to ask is, what is the exposure? Sometimes someone will neglect to remove the test asset and will simply forget about it. He felt that we need to adequately handle these difficulties. We are no longer within our boundaries. There is a hybrid, and the attack surface is growing. When an endpoint is inadequately mapped, small and medium-sized networks cannot address it. Laterally moving causes everything to fall apart. Companies that are concerned with security and CISOs will be aware of the assets and alarms but may not know what to do. The future of CAASM lies in prioritizing the asset and mitigating vulnerability.
Aayush’s concluding remarks emphasized the need of improving with each attempt and energizing the community. It will generate consciousness.
Evaluate and implement
Next was the fireside chat between Nitin Kotwal, Head of Security, MoEngage and Pratyush Kukreja, Business Head—APAC, Scrut Automation titled: Simplifying your Compliance Journey with CAASM.
Nitin started by saying: First analyze a tool before using it. He then went on to point out the right questions to ask. How is viability incorporated? How well can it combine IT and cloud solutions to collect all the assets and always verify? Does it offer customization?
Nitin stated that in order for a tool to deliver a centralized view, CAASM can be effective as it is the NextGen tool and automates the procedures. CISOs can examine compliance by taking a step back and examining the security architecture. The event was concluded with Q&A sessions with the audience.
Scrut has completed the first launch of its CAASM capability in the US markets successful, ensuring complete visibility and security coverage for all assets.