In cyber warfare, like in chess, the game outcome is non determined past a single exploit (or move), but rather by a patient silent-predator strategy.
The same tin can be said of hackers sniffing a corporation’s many interfaces until they take an “in”.
When a hacker further exploits the corporation without detection – till information technology’south “checkmate” and Doomsday arrives. Suddenly the company makes headlines with its data leaks and everyone gets decorated with impairment command and corporate reputation PR, millions in disinterestedness and funds are lost, and sadly, a few executives lose their jobs too.
I learned how to remember similar a hacker from my uncle, Vladimir Liberzon.
Vladimir was a Russian and Israeli chess grandmaster. At his prime, he was a chess force to be reckoned with, practicing disciplined moves and strategies that made their way into chess textbooks. His skill fabricated him ane of the well-nigh consequent performers of his time in Russia, Europe and Israel.
What I absorbed in my youth from “Uncle Vladimir”, equally we chosen him, I took not only to the chessboard hobby but also to life and my greatest passion — Cyber Warfare. It is astonishing to come across the parallel lines we can describe between these two listen-battlefields. I saw that by anticipating the opponent’south moves, multiple steps ahead, I could be on both the defense and criminal offence to protect my pieces and wipe out all of his, to win the game.
With this insight I founded Pcysys. My objective was to give every CSO his own “grandmaster” of cyber in the form of intelligent penetration testing software. The power to perform machine-based pen testing, that continuously thinks and acts as hackers exercise, is the best manner to make sure that corporations have their cyber defense force line every bit tight and strong as it tin can be. Defense lines must arrange to threats at the same pace every bit hacking techniques advance.
The fact is that today more than 95% of cyber technology expense is invested in defense technology, which does not have the ability to evolve and align that defence with a hacker’southward perspective in heed, ane that takes into account multi-step attack “vectors” or “kill bondage” rather than merely drastic vulnerabilities.
Whether we like it or non, it’s a two sided game that nosotros’re managing twenty-four hours in and day out thinking a few steps ahead. Software and AI are the fundamental to giving corporations the upper mitt.
For those who want the full story of this grandmaster, read more than about him here: Wiki
And if you tin meet how your corporation could use a grandmaster to protect against cyber warfare, delight drop me a note to firstname.lastname@example.org.
Arik Liberzon, led an elite cyber warfare group at the Israeli Defence force Force’s reckoner service directorate. His group was responsible for penetration testing strategic asset networks and national mission-disquisitional systems. Following a decade of mastering the penetration testing profession, Liberzon practical his mastership of ethical hacking in software and together with serial Information technology entrepreneur Arik Feingold, founded Pcysys in 2015.
Liberzon holds a B.Sc in Aerospace Engineering from the Technion Institute of Technology, a Masters Degree in Finance from Ben-Gurion Academy and an MBA from Tel Aviv University.
CVE-2022-22948: Sensitive Data Disclosure in VMware vCenter
New zippo-day vulnerability joins a chain of recently discovered vulnerabilities capable of operating an end-to-end assail on ESXi. Organizations should evaluate risk and utilize vCenter client patches immediately. Executive Summary Pentera Labs’ Senior Security Researcher, Yuval Lazar, discovered an Information Disclosure vulnerability impacting more than 500,000 appliances running default vCenter Server deployments. This finding is…
4 steps to knowing your exploitable assail surface
Originally published on Dark Reading. According to a Cisco CISO Criterion survey, 17% of organizations had 100,000 or more than daily security alerts in 2020, and its trajectory has merely increased. Source: Cisco 2020 CISO Benchmark Survey 2021 only followed this trend with a tape year of newly-discovered CVEs – 20,137 to exist exact, topping the…
The Security Miss in Misconfigurations: Taking a 2d look at firewall misconfigurations
Network misconfigurations accept on many types and forms, and come about for many different reasons. Many of them stem from blind adherence to poorly-informed common practices or even only from simply not being aware that operating organization configuration defaults inherently contain security misconfigurations. Allow’s review two common misconfigurations to serve every bit our examples: Why closed…