HomeInterviewsExclusive Interview With David Monnier, Chief Evangelist Of Team Cymru

Exclusive Interview With David Monnier, Chief Evangelist Of Team Cymru

If you purchase via links on our reader-supported site, we may receive affiliate commissions.

In this interview, we spoke with David Monnier, Chief Evangelist at Team Cymru, a risk management solution launched in 2005 with a network that extends to 143 CSIRT teams in 86 countries and over 1,000 network operators and ISP community that helps keep the internet safe.

Team Cymru has released the findings from their State of Attack Surface Management report and they wanted to share the findings with SecureBlitz.

Focusing on legacy ASM platforms, the report found:

  • 21.1% felt they overpaid for their current ASM solution. Of the 48.5% that plan to stop working with their ASM vendor in the next 12 months, 21% cite the cost of operation and maintenance as the reason.
  • 21.5% indicate the training needed for analysts to use the platform is their primary challenge with their current ASM platform.
  • Of those involved in deploying their current ASM solution, 23.2% said it took 6 to 9 months to get them up and running. For 18.5%, it took over a year.

So, we spoke with David Monnier, the Chief Evangelist at Team Cymru.

Here Are David Monnier’s Responses To Our Questions:

1. Why is it important that businesses invest in ASM solutions as part of their cyber security strategy? 

David Monnier: 

In order to understand why investing in an ASM is important, we simply need to look at the state of the world today. 60% of knowledge workers are now working remotely, which has increased the attack surface. It’s predicted that by 2025, 45% of organizations will have experienced an attack on their software supply chain.

Additionally, 60% of organizations will use cybersecurity risk to assess target acquisitions and mergers. What these all have in common is they demonstrate the challenge of identifying and managing a dynamic external attack surface. Yet many organizations don’t have the right tools in place to keep themselves informed of these fluid changes..

Businesses wanting to ensure they’re keeping their assets protected should turn to ASM solutions today, and with a sense of urgency as well — because external risks can bring significant financial impact beyond the initial cost of breach.

2. Many businesses find ASM solutions to be expensive. Is this justified or not?

David Monnier:

In our survey, nearly 50% stated they were sunsetting ASM. When asked why, direct cost was the reason for over 38% of respondants. If we look objectively as to why, it really does come down to first generation ASM failing to realize value as priced through lack of features, functions, and integration. ASM 1.0 told you about a problem, whereas ASM 2.0 can help you quantify and manage risks more effectively — it’s a very different experience.

Additionally, when you consider that the average cost of a data breach is $3.86 million, an ASM is certainly a worthwhile investment. But we should really be looking at the value an ASM brings to an organization.

Having the ability to inventory and classify assets, perform risk and reputation scoring, shed light on shadow IT, and to proactively manage your attack surface in various other ways demonstrates that the value and benefits far outweigh the costs.

3. What are the chief difficulties with implementing and using ASM solutions? What can businesses or providers do to reduce them?

David Monnier: 

From our experience, the initial onboarding of a new ASM solution may seem non-trivial, but as the provider, we work to lay some foundation down before the customer takes over. We focus our efforts on accuracy and providing a more complete picture of external assets than previous first generation ASM tools.

The next large step is vulnerabilities management. The implementation may seem straightforward, but the logistics and legal complexities of scanning third parties is rather complicated.

Any CISO planning to invest in ASM 2.0 needs to have some clear guidelines for third party entities to enable a smooth experience for everyone. No one wants that call asking why their web servers appear to be getting scanned by hackers, or that your latest vulnerability scan just took out some of their customer facing infrastructure because the endpoints couldn’t handle it.

Providers can build a very accurate and detailed asset inventory, but the teams operating ASM need to have a well-defined workflow for assets they don’t own, regardless of the risks they present.

4. More focus is on the external vulnerabilities. Are there any noteworthy internal vulnerabilities affecting ASM? 

David Monnier: 

Attackers typically gain access to external devices and then move through an enterprise.  Any internal vulnerability is the next step from an attack that originated externally.

Identifying and addressing the external-facing issue can significantly reduce the opportunity for an internal-facing vulnerability to be leveraged in an attack. While internal issues will always be an issue, ASM 2.0 can greatly reduce their risk.  

5. Aside from investing in ASM solutions, what else can businesses do to reduce attack surfaces? 

David Monnier: 

Overall, investing in ASM 2.0 can drive many outcomes that help further reduce the attackable surface. In our survey, the largest segment of respondents said that identifying rogue or unclassified assets is the most valuable capability an ASM has provided their organization.

Reducing the attack surface comes from proactively monitoring for vulnerabilities, and then acting on those discoveries to close off risks and reduce the overall scale of the attack surface. For example, seek out legacy infrastructure that is still internet-facing but no longer needed.

It can get spun down to save more dollars and reduce risk. Also, with increased threats in the supply chain, managing third party risk should continue to be a strategic priority for organizations. Monitoring for unauthorized or unapproved relationships between owned assets and a supplier is critical. 

In addition to investing in ASM, organizations can benefit from concepts like Airgaps and DataDiodes, which are no longer exclusive to Operational Technology. As they become more commoditized they start to appeal to IT as a method of physically isolating or controlling the attackable surface at a gateway level.

6. Businesses complain about ASM solutions not having the features they need. What ASM solutions would you recommend, and why? 

David Monnier: 

ASM 2.0 can bring the following benefits and features to organizations looking to manage their attack surface:

  1. Continuous and autonomous asset discovery. Legacy ASM struggled to give a complete asset inventory. Team Cymru has a distinct method of asset discovery based on analysis of 200 billion internet connections daily.
  2. Continuous and autonomous vulnerabilities management. As an extension of asset discovery, new and existing assets must be scanned regularly and not just on-demand.
  3. Awareness of Shadow IT applications and the infrastructures the organization depends on. ASM 2.0 provides much more context on potential unapproved cloudapps, and can highlight where possible risks are without too much dependance on specific providers.
  4. Integrated threat intelligence. By combining assets and vulnerabilities management with threat intelligence, ASM 2.0 reveals even more context to help teams prioritize threats and risks more effectively.
  5. Integrations with other tools. This is where first generation ASM really let customers down, as the largest segment of respondents in our survey said that a lack of integration with their automation platforms is the biggest reason why they felt their ASM had failed them.

7.  Tell us more about Team Cymru and what you offer?

David Monnier:

Team Cymru’s mission is to save and improve human lives. To achieve this we work with security teams around the world, enabling them to track and disrupt the most advanced bad actors and malevolent infrastructures.

We deliver comprehensive visibility into global cyber threats and are the key source of threat intelligence for many cyber security and threat intelligence vendors today. Enterprise security teams around the world rely on our Pure Signal™ platform to close their detection gaps, accelerate their incident response, and detect threats and vulnerabilities not only across their entire enterprise, but across third-party ecosystems as well.

Finally, our Community Services division provides no-cost threat detection, alerting, DDoS mitigation, and threat intelligence to more than 140 CSIRT teams across 86+ countries.

 

Thank you Team Cymru.


INTERESTING INTERVIEWS

Chandra Palan
Chandra Palan
Chandra Palan is an Indian based in Australia with her husband and kids. When not writing bestselling novels, Chandra likes to sing.
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.