XM Cyber announced enhancements to the company's continuous exposure management capabilities.
With attacks regularly going undetected, improving security posture is an
ever-growing priority. However, oftentimes security and IT teams are not
aligned on which of the thousands of CVEs, misconfigurations and at-risk
identities are a priority for remediation,
and what should be done about the growing number of legacy system remediation
efforts that can't be justified. The latest updates to the XM Cyber platform
extends the company's ability to address the latest hybrid cloud active
directory attacks and ease security teams' ability to prioritize and remediate
threats.
Gartner lists Threat Exposure Management as one of
the Top Cybersecurity Trends in 2023 and predicts that, "by 2026, organizations
prioritizing their security investments via a continuous threat exposure
management (CTEM) program will suffer two-thirds fewer breaches." Further,
Gartner states, "The attack surface of a modern enterprise is complex and
fragmented, a symptom of evolving IT working practices (i.e., the use of SaaS).
This creates diagnosis fatigue due to ever-growing and conflicting remediation
priority lists. Enterprise CISOs sense the need to evolve their assessment
practices to better understand their combined exposure to threats and address
gaps in their posture."
"As the attack surface continues to expand, it can be challenging for us to
prioritize our remediation efforts, decipher benign alerts and determine which
exposures actually pertain to the most
imminent risks to our organization's critical assets," said Director of Security,
US Insurance company. "XM Cyber helps us combat this challenge by accurately
analyzing our environmental risk and effectively pinpointing high priority
exposures which require immediate attention. Their step-by-step remediation
guidance has also streamlined our exposure resolution timelines and drastically
improved overall security posture."
Increasingly, attackers are leveraging identity and
credential exposures to move laterally between organizations' on-premises
and cloud environments. For example, attackers have compromised Azure AD
Connect, which is commonly used to synchronize AD and Azure AD environments,
through a technique that includes stealing PRT tokens in order to expand their
attacks blast radius across hybrid environments. XM Cyber's platform
update incorporates this and other new attack techniques, expanding its attack
graph mapping technology to significantly reduce the overall effort required to
improve the organization's security posture against cyber attacks and
subsequently eliminate these high-risk attack paths.
Additionally, the latest release of the XM Cyber platform
adds further automation to ease the remediation of excessive shadow-admin
permissions. The list of admin permissions that create the highest risk
to the organization, as discovered by XM Cyber's attack graphs, is now
correlated against the historic usage of these accounts, enabling customers
with the subset list of these permissions to disrupt future attackers without
disrupting the business.
"Attackers continue to leverage identity exposures to execute malicious
acts as they enable lateral movement and most often boast the best end reward
- access to critical assets," said Boaz Gorodissky, CTO & Co-Founder
at XM Cyber. "As illustrated by our latest platform
enhancements, our objective is to provide organizations with the ability to bring IT
and security teams together to remediate, or find alternatives ways to resolve,
the few exposures that pose the highest risk to the business. By focusing
efforts on remediating what matters most, it can lead to significant
improvements in efficiencies amongst security teams and also greatly reduce an
organization's overall attack surface with a few simple fixes."