Blog TruSTAR Industry Talks: State of the Current Threat Landscape with Endgame, Cyber Threat Alliance and Veracode

TruSTAR Industry Talks: State of the Current Threat Landscape with Endgame, Cyber Threat Alliance and Veracode

At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and Highwire PR. We sat down with some of the industry’s most interesting leaders in cybersecurity to discuss latest cybersecurity challenges their teams are working to solve. This is Part 4 of a 5-Part series highlighting these discussions.

Deliberate cyberattacks are no longer periodic or influenced by industry or geopolitical events. Rather, they have become a constant and should remain in the forefront of executives’ thoughts. Our panel discusses what the industry should be doing.

For this panel, TruSTAR gathered Andrea Limbago, Chief Social Scientist at Endgame, Michael Daniel, President and CEO of Cyber Threat Alliance (CTA), and Chris Wysopal, CTO of Veracode.

The following is an excerpt from this conversation. Full video below

Patrick Coughlin, TruSTAR: How are we doing as an industry? Are we encouraging the wrong behavior? What do we need to improve? 

Andrea Limbago, Endgame
: There is a lot of low hanging fruit we’re not cleaning up. For the general population, securing their devices and systems is either too hard or they don’t know why or which data might be used to target to them. To illustrate, only 10% of Gmail users have two-factor authentication.

Michael Daniel, CTA: There are two commonly held attitudes. One group believes it’s too hard to stay protected, so only the tech guys can take care of these things. The other group is fatalistic and believe there’s nothing they can do at all, so why bother. It’s true that you can never drive your risk down to zero. You can, however, drive your risk lower.

Chris Wysopal, Veracode: One of the challenges is that we don’t have good feedback loops to know if what we’re doing is actually benefiting us. You may need to patch your system every 90 days, but if you patch your system every 30 days, I can’t tell you how much better is it and if the security is 3x better. There’s no good science behind what we’re doing.

Customer Spotlight Webinar: PVH Corp. TruSTAR has a new webinar series, Customer Spotlight, where we invite security leaders and operators from across the TruSTAR community to share ... Read More
COVID-19: Early Lessons for Cybersecurity Operators News broke the other day that there were at least two cases of COVID-19 in Santa Clara County, California as early as February 6, well before the ... Read More
COVID-19 Impact & Community Response The following blog post details the security impact COVID-19 has on enterprise security teams. To learn more about TruSTAR and IBM’s Community effort ... Read More
Why Automated Data Workflows are a Foundational Capability for Enterprise SOCs SOAR technologies and the adoption of orchestration have fundamentally changed the way we think about cybersecurity, and we’re all better for it. ... Read More