What 'Indicators of Exposure' RevealKnowing Top Exposure Risks Means Better Triage, Skybox's Gidi Cohen Says
"Indicators of Compromise" are digital forensic elements that can be used to help assess if an organization has been hacked. One indicator, for example, is when endpoints have been communicating with known malware command-and-control servers.
By contrast, "Indicators of Exposure" refers to potential exploitable attack vectors that attackers could use to hack into an enterprise - for example by targeting software vulnerabilities or misconfigured devices - and the ease with which they could be exploited.
Gidi Cohen, CEO of cybersecurity software vendor Skybox Security, says the impetus for assessing Indicators of Exposure - a concept that his company has developed - is to help organizations know which flaws to fix first and which software to patch most quickly.
"The key is how to know what's really important - what's exploitable, what can [do] potentially really bad damage to the organization," he says. "And I believe that the only way to understand that is actually to map and associate those with Indicators of Exposure in the context of the total attack surface of the organization, which is basically the collection of all the possible attack vectors into the corporate network infrastructure, in the cloud or on premises."
In this interview with Information Security Media Group, Cohen also describes:
- Using analytics to map an organization's biggest service and data-related risks;
- Creating containment plans based on various types of exposure;
- Knowing which flaws or risks to remediate first.
Before becoming CEO of Skybox Security, Cohen was chief strategy officer at the company, which he helped found. He also previously served as CEO of Vigil Technologies, project manager for Orbotech and an officer in the Israeli Defense Force.