Exposure Management

Guardians of the Cyber Realm: NST Cyber Frontline Innovators

Welcome to the debut interview of our new blog series, "Guardians of the Cyber Realm: NST Cyber Frontline Innovators." This series takes you deep into the engine room of NST Cyber, where the ingenious minds driving our cybersecurity initiatives are hard at work. Through direct conversations with developers, managers, and all team members at NST Cyber, we're here to dissect their methodologies, dissect the challenges they confront, and dissect the groundbreaking solutions they engineer to navigate the rapidly evolving cybersecurity domain.

VS

Kicking off this series is Vidhyasagar Krishnamurthy, a senior subject matter expert on our Research and Development team at NST Cyber. Vidhyasagar has been instrumental in crafting and refining the NST Assure platform, the keystone arsenal of our Continuous Threat Exposure Management (CTEM) services. In this write-up, we sit down with Vidhyasagar to navigate his professional journey, delve into the profound implications of CTEM solutions, and gain an intricate understanding of the advanced innovations propelling NST Cyber to the forefront of cybersecurity advancement.

Join us as we embark on this enlightening voyage with Vidhyasagar Krishnamurthy, uncovering the ingenious innovations fortifying the digital realm in our interconnected world.

What inspired you to become part of the NST Assure technical team, and how do you view the importance of CTEM solutions in today's cyber landscape?

One of the most important aspects of securing an enterprise is to keep a tab on the Internal and External Threat Surfaces. We've been providing CTEM as a service at different levels as part of our consultancy, and some of our critical discoveries client-side have indeed put the importance of CTEM into perspective. When we decided to automate this exercise, it opened a whole bunch of possibilities to delve into new technology and developmental efforts. A fully autonomous CTEM is vital in keeping a close tab on what is exposed at any given time, which also helps an enterprise in plugging any issues before attackers get a whiff of it and go about exploiting.

What do you find most fulfilling about being a part of the team that develops and refines NST Assure?

The most fulfilling part of being a member of the team that develops and refines Assure is the team itself.

In my experience with three different companies, I have not encountered a more motivated group of developers and researchers. They are hungry for challenges and don't rest until they find a solution. Our challenges are complex, reflecting the nature of the product we develop. It's akin to performing open-heart surgery, with multiple potential pitfalls during and after development. But as the saying goes, the bigger the problem, the sweeter the victory. Whenever the team resolves a complex issue, it only motivates us to aim higher and excel further. The team's only limitation is time.

In your opinion, what unique qualities or skills does an effective CTEM technical team member possess?

For a developer working in CTEM, it's not enough to just know the technology used for development. They should also understand security, risk interpretation, and management strategies in order to effectively develop workflows within the solution.

For an operator, it's not just about identifying vulnerabilities but analyzing them. The operator should not only comprehend what specific vulnerabilities mean or how to test for them. Instead, they should understand what a vulnerability can do to an organization, how it can be chained with other identified vulnerabilities, how one can exploit this vulnerability to perform further compromises, and what it means for the business.

Can you share any memorable success stories or breakthroughs the team achieved while working on NST Assure?

The day we landed all major Indian banks, overtaking mammoths in this industry, gave us a massive boost and instilled a renewed zeal in what we're developing.

In your opinion, what are the key benefits of offering continuous threat exposure management to businesses and the industry as a whole?

The key benefit of CTEM as an offering to enterprises and businesses is that it helps them keep a close watch on their threat profile. Sometimes, misconfigurations and a lack of following best practices can lead to vulnerabilities being exposed. In a rapid development environment, there's a high chance of vulnerabilities creeping in, either through a misconfigured server, ghost asset, or even a code-induced vulnerability. By scanning for exposed assets and performing periodic scans against these assets and services, we can identify any critical vulnerabilities or threats before an attacker can find and exploit them, thereby preventing damage to the business.

How do you ensure that NST Assure remains user-centric, and its functionalities are effectively aligned with real-world cybersecurity challenges?

We have developed a plan for several new features to be incorporated and served as part of our Assure offering. These services result from our experience with enterprises on numerous engagements. We constantly strive to find new ways to identify vulnerabilities in an automated manner, detect zero-day vulnerabilities, ensure the inclusion of the latest signatures in our vulnerability scanners, improve the contextualization of identified vulnerabilities, offer predictive analysis, and provide dynamic reporting of Threat Surface Data. This ensures that customers are always the first to be made aware of a vulnerability.

We place a greater emphasis on the reporting and data representation of the identified vulnerabilities in a manner that's digestible for clients, enabling them to manage the identified risks effectively.

What role does real-time data and threat intelligence play in NST Assure, and how does the team incorporate this into the solution?

Real-time threat intelligence data forms the core input of NST Assure.

Every contextualization and modeling is based on this data. The raw scan data is decluttered, categorized, deduplicated, and structured.

This curated data is then contextualized into various data representation formats and prioritized assets and threat information, complete with exposure scores and statistics. This continuous data is vital for Assure to showcase to enterprises their ever-shifting landscape and alert them before an adversary discovers it.

How does NST Cyber stay updated with the latest advancements and industry standards to ensure NST Assure remains at the forefront of CTEM solutions?

NST Cyber is constantly on the lookout for cutting-edge methods to identify vulnerabilities and threat information. We consult whitepapers on theoretical concepts and attempt practical implementations of the same to ensure we provide our customers with absolute coverage of their overall threat surface.

Our research team is always searching for ways to identify vulnerabilities across various technologies and methodologies. The workflow is then translated into an algorithm and converted into an automated module that our scanners can use, allowing Assure to retrieve that information.

Can you describe the support system NST Cyber has in place for clients during their journey with NST Assure?

We have two sets of teams working directly with customers: 1. Operations Team and 2. Support Team.

Operations Team: The Operations team directly interacts with customers and validates identified assets and threat profiles before presenting them. The Ops team also performs manual assessments to validate critical observations and checks if there are any other vulnerabilities.

Support Team: The support team assists customers with access issues and addresses any bugs or priority features requested by them.

How do you assess the effectiveness of NST Assure, and what measures are taken to continually enhance the solution?

We measure the effectiveness of NST Assure using the following parameters:

  1. Mean turnaround time of discovering and validating threat surface continuously.
  2. Customers' ability to comprehend the data and generate reports for the management/board.
  3. Overall ease experienced by customers in handling top priority issues which needs immediate attention.

We constantly take feature requests and feedback from customers in order to fill our feature gap, providing a well-rounded solution.

Can you share any future plans or developments that NST Cyber has in mind to further elevate NST Assure's capabilities?

We are in the process of enhancing our distributed scanning engines, a distributed job orchestrator for multi-cloud job orchestration, a service to generate YAML rules for Critical and High observations for detecting reported vulnerabilities in the future, a multi-cloud infrastructure crawler and scanner, and a service for generating defense instrumentation and continuous monitoring rules for alerting on specific zero-day vulnerabilities.

With the growing focus on data privacy and regulatory compliance, how does NST Assure ensure it remains compliant while effectively managing threats?

Our service is designed in a manner, taking into consideration the data privacy and regulatory compliance of enterprise customers' requirements. We have clusters in major geo-locations and store their data at a location of their choice.

Besides, our application itself conforms to the several compliance standards.

NST Cyber pioneers proactive, AI-driven Cyber Threat Exposure Management (CTEM). Our flagship NST Assure CTEM delivers rapid threat assessment, continuous vulnerability prioritization and automated responses while maintaining compliance. In a dynamic cyber landscape, we're dedicated to safeguarding digital assets and the operational integrity of our customers.

Related posts

BLOG
Exposure Management

Email Security Controls: Levels of Security & Preventable Attack Scenarios

Over the last few weeks, we have received numerous support requests from our enterprise customers and had interactions with teams regarding early notification alerts sent from our side about their application servers' susceptibility to the HTTP 2 Rapid Reset DDoS attack. It was interesting to listen to the Blue team's stance and views on the shared responsibility aspect of DDoS mitigation. There is a widespread misbelief that any single-layer protection, whether at the ISP level or gateway, offers adequate defense against all types of DDoS attacks. Most large enterprises have multi-disciplinary, defense-in-depth practices in place to prevent such attacks. Nonetheless, it was notable that we were able to demonstrate the actual impact to customers with meaningful proof of concepts (POCs) despite the presence of many such security solutions. While the most favored and recommended method of remediation is the actual patching of the application server, there may be issues related to application compatibility or other factors that could delay this action. Therefore, it is crucial to verify the presence and effectiveness of security controls at various levels to establish a virtual patching defense for the affected application servers. A multi-layered DDoS defense strategy integrates measures from ISPs, WAFs/WAAPs, CDNs, ALBs, SLBs, and Application Servers to provide comprehensive protection

See NST Assure in action! Contact us for a Demo

email us : info@nstcyber.ai
Proactively predict, validate & mitigate risks