Blog TruSTAR Industry Talks: State of the Current Threat Landscape with Endgame, Cyber Threat Alliance and Veracode

TruSTAR Industry Talks: State of the Current Threat Landscape with Endgame, Cyber Threat Alliance and Veracode

At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and Highwire PR. We sat down with some of the industry’s most interesting leaders in cybersecurity to discuss latest cybersecurity challenges their teams are working to solve. This is Part 4 of a 5-Part series highlighting these discussions.

Deliberate cyberattacks are no longer periodic or influenced by industry or geopolitical events. Rather, they have become a constant and should remain in the forefront of executives’ thoughts. Our panel discusses what the industry should be doing.

For this panel, TruSTAR gathered Andrea Limbago, Chief Social Scientist at Endgame, Michael Daniel, President and CEO of Cyber Threat Alliance (CTA), and Chris Wysopal, CTO of Veracode.

The following is an excerpt from this conversation. Full video below

Patrick Coughlin, TruSTAR: How are we doing as an industry? Are we encouraging the wrong behavior? What do we need to improve? 

Andrea Limbago, Endgame
: There is a lot of low hanging fruit we’re not cleaning up. For the general population, securing their devices and systems is either too hard or they don’t know why or which data might be used to target to them. To illustrate, only 10% of Gmail users have two-factor authentication.

Michael Daniel, CTA: There are two commonly held attitudes. One group believes it’s too hard to stay protected, so only the tech guys can take care of these things. The other group is fatalistic and believe there’s nothing they can do at all, so why bother. It’s true that you can never drive your risk down to zero. You can, however, drive your risk lower.

Chris Wysopal, Veracode: One of the challenges is that we don’t have good feedback loops to know if what we’re doing is actually benefiting us. You may need to patch your system every 90 days, but if you patch your system every 30 days, I can’t tell you how much better is it and if the security is 3x better. There’s no good science behind what we’re doing.

Black Hat 2019 Recap: Strategies for Understanding Your Attacker   Read More
CSA Security Update Podcast: TruSTAR CEO Paul Kurtz on the Value of Information Sharing on Threat Intelligence   TruSTAR’s CEO and co-founder Paul Kurtz recently appeared on Cloud Security Alliance’s podcast, CSA Security Update, and sat down with podcast host ... Read More
TruSTAR Sits Down With the Shape Security's Director of Engineering to Discuss Fraud & Account Takeover Trends The TruSTAR team recently had the opportunity to sit down with Jarrod Overson, the Director of Engineering at Shape Security. Jarrod, an expert in ... Read More
Intelligence Management and Gartner's SOAR: Thinking About Workflow First Gartner's Security Orchestration Automation and Response (SOAR) market category was announced in November 2017, and since then we've seen numerous ... Read More