Hacker Headspace

Hacker Headspace: On the Cloud and Cyber Expo and the Importance of Events

I’ve said it before, but getting out into the community is an important part of what we do at ACDS. Earlier this year, for example, I attended The Paris Cyber Show, which proved valuable in understanding what our friends across the Channel are up to in the cybersphere. Attending events is a good way to understand the pain points of our peers, forge relationships with new contacts, catch up with old friends, and see how those around us in the industry are working to bolster cyber resilience. It also helps us build products that reflect the real needs and wants of industry folk.

Earlier this month, the ACDS team attended Tech Show London’s Cloud and Cyber Expo (12th/13th March), for the second year in a row. The show itself was abuzz with attendees and great conversations. We noticed that many of the attendees of the show were actual product users. It was really good to hear from those who use tools like ours day-to-day and hear what they’re looking for. What might that be? Actionable insights, solid reporting, and up to scratch functionality. One thing’s for certain: securing the rapidly expanding attack surface continues to be a priority for security teams.

Observatory Expanded: What’s New?

Our trip to the show also allowed us to showcase our Observatory platform’s expanded capabilities. Its new capabilities include the ability to monitor for leaked AWS access and secret keys, as well as a new detection feature for software supply chain vulnerabilities, including known compromised products with backdoors like Polyfill. You can read all about Observatory’s expanded capabilities on our blog.

This isn’t necessarily the space for shouting about our product, but it’s something we’re really proud of. As mentioned earlier, these shows are a really good place to gather valuable insight into what people are looking for from products. We want our products to reflect what’s missing and make life easier for (very busy) security teams. That’s why our team gets out into the world and meets with real users regularly, aiming to make our products more accessible, insightful and user friendly. ROI is notoriously hard to prove in cyber, so why make it harder? Which brings us onto something a lot of people spoke to us about at the show: standardised scoring systems.

Scoring Systems: Making Things Easier For Teams

From the get go, we’ve known that it’s not necessary to reinvent the wheel when it comes to scoring systems. Many good ones already exist, already championed by industry titans like CISA, so why not use them? I’ve written about this in the past in detail, but it’s why we’re a member of schemes like Secure By Design and proud pioneers of the EPSS scoring system. Yes, we could’ve made our own scoring system, but wouldn’t that be more noise? If there’s one thing security teams need less of it’s noise.

We try to provide users with a holistic view of the vulnerabilities facing their organisations by assigning both the criticality (CVSS) and exploitation risk (EPSS). We also flag when vulnerabilities are on the Known Exploited Vulnerability (KEV) list. This combination of scoring provides relevant insights and, ultimately, helps users to prioritise which vulnerabilities are most critical to address for their business. For time strapped teams, this can be crucial, providing users with ‘right time, right place’ insights. In addition we also flag those vulnerabilities that CISA have recorded with a Known Exploitation in the wild - a KEV, further aiding teams when they are prioritising actions to take.

What’s more, standardised reporting is important for presenting to boards. Standards that are recognised are, ultimately, easier to get people to understand and get proper by-in for remediation.

Demystifying the Unknown: Shadow IT

Another issue that cropped up in conversation time and time again was the risk of shadow IT. Many sectors, especially ones that have long relied on legacy tech, like manufacturing, are digitalising at a rapid rate. Assets on these organisation’s networks are exponentially expanding, which can be hard to secure quickly and properly. These sprawling attack surfaces can often hide insecure devices (‘shadow IT’) that can be easily exploited by cybercriminals. Monitoring and spotting these devices is hard, but necessary!

By having these conversations with practitioners, we can really get to the heart of a security team’s problems. This, in turn, helps us to develop products that reflect the needs of the professionals that use them. However, we also get ‘The Board’, so we make sure our products contain enough useful insight to convey to board members with ease. This balance is a hard one to strike though!

Where next?

Our next stop? Birmingham! We’ll be exhibiting at the National Cyber Security Show at the NEC on the 8th - 10th April. Come and say hi to us on stand 5/M48.