Date: February 24, 2022
Time: 7.30 p.m IST
Topic: How Can Continuous Automated Red Teaming Provide Scalability and Better Insights?
Abstract:
With the emergence of such concerns as new attack vectors, advanced technologies, and rapid digitization, the cyberthreat landscape is rapidly evolving. Organizations need to identify their attack surfaces to mitigate cyber risks and strengthen their cybersecurity posture. Most organizations rely on red teams to assess a company’s security and conduct tests based on real-world scenarios to identify attack surfaces. Ethical hackers perform realistic, goal-based, simulated cyberattacks to find security gaps in organizational assets. However, red teaming assessments can be tedious and time-consuming, as they involve multiple tools and manual effort. Because red teams can usually test only a small segment of organizational assets, their work can be costly. Organizations need automated red team testing to stay ahead of cyberthreats and nip security issues in the bud.
Continuous automated red teaming (CART) facilitates the automation of red teaming operations to achieve greater visibility on attack surfaces with continuous penetration testing. CART is equipped to automatically discover the attack surface, launch multi-stage attacks, and enable continuous penetration testing. It is a simulation-based concept that augments penetration testing using evolutionary algorithms, parallel computing, and modeling and simulation techniques.
This webinar focuses on how adopting the continuous automated red teaming framework is beneficial for organizations to mitigate cyberattacks.
Key takeaways:
- Advantages of adopting CART
- Continuous automated red teaming framework
- Components of a CART solution
- Cyber kill chain and Mitre ATT&CK compliance
Speaker:
Subin Thayyile Kandy, Senior Product Security Engineer, Salesforce
Bio: Subin Thayyile Kandy is a seasoned security professional with more than 17 years of experience in application security and offensive security. His educational achievements include certifications such as C|EH and GIAC (GSSP .NET, GWAPT, GPEN, GMOB, GXPN). Subin is a Senior Product Security Engineer at Salesforce and has worked for Barclays, Verizon, and Capital One as a penetration tester and application security engineer.
*Examples, analysis, views and opinion shared by the speakers are personal and not endorsed by EC-Council or their respective employer(s)
