Boaz Gorodissky, CTO, XM Cyber chats about enterprises’ attack paths, the impact of continuous exposure management, and resilient cybersecurity strategy in this catchup.
———————
Hi Boaz, share a brief overview of your journey from a software engineer to becoming the CTO and Co-Founder of XM Cyber.
Thank you for having me. I started my career as a younger engineer in the Prime Minister’s office and served in various technical roles there for over 30 years. Over time, I progressed from engineer to team lead to head of a large technology operations division and eventually led over 2,000 people across all areas of technology. This gave me broad experience across several disciplines.
While I enjoyed these leadership roles, I left, and co-founded XM Cyber after identifying a critical problem that we did not have the resources to adequately address internally. Most cybersecurity solutions fail to help organizations move beyond siloes to create scalable and sustainable exposure management programs. We realized this problem was universal and impacting enterprises across industries. With this insight, we founded XM Cyber to provide a solution.
As CTO, I oversee all technology and product development at XM Cyber. My responsibilities start with identifying customer needs and working with product management to define detailed requirements and a technology roadmap aligned to our vision. This includes anticipating what capabilities will be critical for organizations to have in place to strengthen their security posture, while also delivering features that solve immediate pain points based on customer feedback and industry trends.
I work closely with our R&D team to spearhead development, taking concepts from ideation to operational products that customers can leverage. Throughout this process, I ensure we are building innovative solutions that push the boundaries of cybersecurity.
Also Read: A Comprehensive Guide to DDoS Protection Strategies for Modern Enterprises
How does your platform help enterprises identify attack paths across AWS, Azure, GCP, and on-prem environments?
Attackers are constantly discovering new techniques to bypass security controls and exploit vulnerabilities, misconfigurations and identities to move laterally towards critical assets. Traditional vulnerability assessment tools are designed to handle CVEs but fall critically short in providing coverage beyond that, thus missing potentially high-impact exposures that cause the greatest risk. XM Cyber identifies all exposures i.e., misconfigurations, identity/credential exposures, as well as CVEs that can be exploited across hybrid environments. XM Cyber maps all these exposures onto a single attack graph so that security and IT teams can understand how their critical assets are at risk and see what needs to be done to reduce the risk. XM Cyber enables organizations to continuously visualize on-prem and cloud network exposures and see how they chain together to form attack paths that allow attackers to move laterally towards critical assets. It then provides remediation guidance and options for alternate remediations if the primary means of remediation isn’t available. By leveraging this complete visibility and the mindset of an attacker, organizations can focus on remediating the exposures that put them at greatest risk.
This means that instead of focusing on issues which don’t enable lateral progress towards critical assets, XM Cyber helps organizations focus on choke points, or exposures where multiple attack paths converge on paths to critical assets.
Why are identity exposures often overlooked, and how can organizations address this risk?
Identity-based attacks comprise some of the most effective, most destructive cyberattacks today. The issue touches the core of identity, credentials, and access management – who you are, how you prove it, and what you can do with it. Once a valid user’s credentials are compromised and a threat actor is masquerading as that user, the damage is done. A major part of the problem here is that if the attacker is careful, it can be nearly impossible to differentiate between the user’s typical behavior and that of the imposter. This is a major issue. In fact, at XM Cyber, we found that 80% of attacks path to critical assets have some exposure related to identity-based issues.
Some ways for organizations to prevent this are:
- Lockdown your organizational password strategy
- Implement automatic identity management
- Prevent privilege escalation
Also Read: Protecting APIs at the Edge
What’s the impact of continuous exposure management on cloud security?
Cloud environments are complex and dynamic, and a prime target for attackers. Cloud security teams have to identify all potential exposures of cloud entities, and analyze their exploitability and impact, to identify those that are most critical, and ensure they are fixed. Just like on-prem, simply finding problems is not sufficient. That’s why Continuous Exposure Management is essential.
Issues like limited visibility of exploitable and high-impact attack paths, inefficient remediation that can’t keep up with new exposures, and a siloed approach to on-prem and cloud increases risk. Continuous Exposure management provides holistic visibility and analysis of attack paths that span across on-prem and multi-cloud environments to fix the most critical exposures and stop attacks before they happen.
What are the top security gaps you see in hybrid cloud environments today?
There is a lack of understanding of the interrelations, or the effects that the cloud has on the on-prem and how the on-prem affects the cloud. Without understanding this, you cannot secure your cloud and you cannot understand what is happening on your own prem.
Before we close, what advice do you have for CIOs aiming to build a resilient cybersecurity strategy?
First and foremost, they need to recognize that cyber security is the greatest risk to the business. Therefore, they must understand the importance of prioritization, as it’s not feasible to address every issue simultaneously. They need the right tools, technological systems, and processes to effectively prioritize their efforts. Additionally, they need to identify their critical business assets, because without this understanding, securing them becomes impossible.
Also, as I say all the time, they need to think like an attacker. This is not done by investing everything on defending perimeter, detection system, and things like that, but by putting investment into understanding exposures and raising the bars, in order to make the life of the attacker much more difficult.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
Boaz Gorodissky is a 30-year veteran of the Israeli Intelligence Community. Gorodissky currently serves as Chief Technology Officer at XM Cyber where he oversees all technology and product development. As CTO, his responsibilities start with identifying customer needs and working with product management to define detailed requirements and a technology roadmap aligned to the XM Cyber vision. This includes anticipating what capabilities will be critical for organizations to have in place to strengthen their security posture, while also delivering features that solve immediate pain points based on customer feedback and industry trends.
Gorodissky began his career as a software engineer and then founded the first offensive cyber department. He holds a B.Sc. in mathematics and computer science and an M.Sc. in computer science from the University of Tel-Aviv.
XM Cyber is a leading hybrid cloud security company that’s changing the way organizations approach cyber risk. XM Cyber transforms exposure management by demonstrating how attackers leverage and combine misconfigurations, vulnerabilities, identity exposures, and more, across AWS, Azure, GCP and on-prem environments to compromise critical assets. With XM Cyber, you can see all the ways attackers might go, and all the best ways to stop them, pinpointing where to remediate exposures with a fraction of the effort. Founded by top executives from the Israeli cyber intelligence community, XM Cyber has offices in North America, Europe, and Israel.
