Answering the needs... of clients, community, industry... and CERTs
OCSC: We are very happy to have CTM360 as the Open Cyber Security sponsor. Thank you again. Your company has regularly been recognized by research firms and decorated with various international awards. Can you share some insights into the key factors that have contributed to CTM360's success and industry recognition?
Mirza Asrar, CEO of CTM360: Over the last few years we have been recognized by multiple global research firms, for example Frost & Sullivan placed CTM360 as a DRP innovation leader. I believe we have a couple of factors contributing to our success. Firstly we have a comprehensive integrated set of platforms across EASM, TPRM, DRP, DMARC and CTI. Secondly, our claim is that we are leading globally as a takedown system, validated by the width and depth of our takedown platform. Another major factor is our development team’s agility and innovation, continuously enriching the capabilities almost every week. It is important to note that specifically DRP had the challenge of addressing an ever evolving threat landscape with a continuous stream of new use cases. Our mindset is that all new use cases are covered in the customer’s scope hence we need to quickly figure out how to address them, this keeps my team innovative and customers satisfied.
OCSC: Your platform offers External Attack Surface Management, Digital Risk Protection, Cyber Threat Intelligence and Supply Chain Risk Monitoring. How do these comprehensive offerings align with the constantly evolving cybersecurity landscape, and what benefits do they bring to your clients, especially in today's threat environment?
Mirza Asrar: Two decades ago cybersecurity was dealt with “defense in depth”, a layered security approach starting from the SIEM, the perimeter Firewall and various technologies up to the end point and server securities. Back in 2010 I recognized a challenge where the cyber losses were growing exponentially, irrespective of how much an organization was investing in cybersecurity. My view is that the gap was outside the Firewall where we needed a complementing strategy of “Offensive defense” with a layered set of technologies outside the firewall. This prompted me to build this integrated set that I call the DRP stack, which includes all platforms that you have mentioned in your question and more. The base is EASM, which we call “Hackerview”, with a comprehensive inventory of your digital presence across the internet. All data is pre-populated with accuracy and completeness, without installations or configurations required from the customer side. Any identified issues allow us to develop a security ranking, complemented by an accurate technology inventory that forms the basis of smart scanning for high risk vulnerabilities. All automated with no interaction required from the customer side. EASM data feeds the DRP platform (Cyber Blindspot), which covers cases of brand abuse, online scams & data leakage and many more use cases. Our takedowns efficiency and cost is a very attractive proposition for our customers.
OCSC: Mirza, you mention the mission to "be the regulator’s choice" Can you share some examples or success stories where CTM360's solutions have made a significant difference in safeguarding digital assets and mitigating cyber threats for businesses or organizations?
Mirza Asrar: One of the very first lessons I learned as I entered the cybersecurity industry back in 1997 was that most managers are not really interested in investing in cybersecurity. This is where a regulator has to carry the burden of formulating and mandating a minimum cybersecurity framework. The biggest challenge for the regulators is in assessing compliance, the more economical and efficient way they can do this job the better for the overall cybersecurity culture. It is important to note that this approach also brings in a level playing field for their constituents. As all have to invest on a uniform cybersecurity framework, no one can feel an unfair advantage from their competitor, coming from not investing in cybersecurity. It rather gives them an incentive to find economical and efficient approaches to achieve the same goal. We have had good success with some central banks who leverage from our platforms on validating the compliance across their licensees. The same is also being used by enterprises to assess the cybersecurity readiness of their 3rd parties (vendors). For example, FIRST.org is utilizing our TPRM to review the security posture of its supplies / vendors. Furthermore, supervision teams in regulators and CERTs are also using our platforms to look across their constituents, monitoring for cyber risks and threats.
OCSC: Partnership with the OCSC conference demonstrates a commitment to advancing the field of cybersecurity. What are your expectations from this partnership, and how do you plan to leverage it to further enhance CTM360's impact in the industry?
Mirza Asrar: Cybersecurity is an ecosystem, “you are only as secure as your 3rd parties”. Hence the only way forward is collaboration, I am a very strong proponent of this approach. The most important component of this collaboration is via CERTs. In that sense OCSC is “the Platform” to interact with all major CERTs across the world. We have a unique oversight approach in our platforms that serve the very purpose of some of the CERTs functionality. Furthermore, we want to showcase the CERTs our approach to threat management based on a “kill switch”. It is a hardening guideline for the most used TTPs across the most trending malware & ransomwares. You see IoCs change 10 times in a day, whereas the TTPs don’t change over a 10 year period. Currently a number of CERTs are already leveraging our “ThreatCover” platform that we provide to CERT’s at no cost. I would recommend to look at our recent “Threatscape” report to get a better perspective of this approach - https://www.ctm360.com/threatscape-report/. CTM360 is well placed as a front-line DRP vendor to contribute and rapidly accelerate the benefits of our knowledge and services across the OCSC constituency.
OCSC: Thank you Mirza and see you soon in Tenerife for OCSC24!
Mirza Asrar: Thank you, see you there!