I played rugby while growing up. It’s a great game of offense and defense, just like football. When the opponent has the ball, you must defend and tackle. I love a good tackle (like probably every sports fan!). However, my favorite part of playing rugby was getting the ball and going on the offensive. It was all about strategy and creating plays to beat the opponent.
The world of cybersecurity is like a game of rugby. Cybersecurity leaders approach the “field of play” in a similar fashion, except our adversaries always seem to have the ball and be on the attack. Enterprises have to defend.
I’ve spent most of my almost 20 years’ career in cybersecurity, working with many leading solutions like Symantec, McAfee, RSA Security, TippingPoint IPS, Invicti Security (Netsparker and Acunetix), and more. Although these are best-of-breed security solutions, the majority are for defending against attackers in motion. At this point in my career, I want to help companies get the ball, plan, and execute offensive plays so that they can win. And in this process, restore the “home field advantage” they have over the adversary. That’s why I joined Balbix.
The Trouble with Being on Defense
In today’s ever-evolving threat environment, offensive security is absolutely critical for helping organizations. They need to sniff out cracks in their defenses before the bad guys do. Yet, it’s hard to plan and execute offensive plays when you are constantly defending.
Companies are spending millions of dollars on security solutions, recruiting talented and often well-paid domain experts to play defense but still struggle to get ahead. This is due to the expanding threat landscape and the proliferation and sophistication of attack methods at a level we’ve never seen before. The enterprise attack surface is massive and growing rapidly, not to mention incredibly complex. New vulnerabilities and security issues emerge at a very rapid rate.
Traditional Approaches to Go on Offense
While not technically an offensive security strategy, vulnerability management, and risk frameworks are usually foundational elements of a good offense. Even though traditionally most organizations have implemented these techniques, the technologies and processes they are using do not help their teams to move faster or prioritize their efforts and resources.
Most companies also rely on incident histories and blanket controls to manage their risk. These approaches provide many snapshots of their cyber risk posture but need to be correlated to provide true actionable insights and context into risk. They also lack the automation to enable teams to act at speed.
Instead, to ensure cybersecurity leaders deploy their offensive resources effectively, they first have to understand how vulnerable they are and where their biggest risks are. Armed with this knowledge, they are better able to determine where to allocate those resources to maximize their effectiveness in reducing risk.
Cybersecurity Posture Automation: The Offensive Play
Automating the containment of risk is the offensive play to win. I joined Balbix because it is an AI-powered cybersecurity platform purpose-built for cybersecurity posture automation.
Balbix gathers information about an enterprise’s complex attack surface, performs continuous analysis of their cybersecurity posture and attack surface, and provides prioritized mitigating actions to drive faster containment of risk. Once you see the Balbix “brain” you will be as impressed as I am with what the incredibly talented Balbix team has built.
I look forward to talking to cybersecurity and business leaders about Balbix, helping them take the ball, plan their offensive plays, reduce their risk, and win.