NetSPI Chief Product Officer Vinay Anand was interviewed by John Gilroy of Federal Tech Podcast. They discuss what proactive security is, the ins and outs of penetration testing as a service (PTaaS), and dive into NetSPI’s latest acquisition of Hubble’s cyber asset attack surface management (CAASM) technology. Listen to the episode below or online here.

+++

The volume of cyber attacks on federal organizations has gotten to the level that traditional methods have lost their efficacy. If you merely react to an intrusion, the malicious actor has gotten what he wants and has left.

Today, we sat down with Vinay Anand, the Chief Product Officer for a company called NetSPI. Back in 2001, they were founded to improve server, network, and application penetration services. Their initial offering of penetration testing has become so successful that it is being used by nine out of the top ten banks in the United States.

Over the decades, they have learned that true security went beyond penetration testing. They had to take a more initiative-taking approach.

For example, the attack surface back in 2001 was minuscule compared to what is happening today. Covid has encouraged remote access, sensors are everywhere, and cheap storage has allowed malicious actors the opportunity to place code in unimaginable places.

A tech leader must be able to identify and protect the unknown. The first step is to protect the external-facing network and the internal network.

“We discover issues . . . we prioritize them . . . we help them remedy it We do this using multiple mechanisms. we have products, we have platforms, we have people We have trained 250 consultants . . these are the people who have developed deep expertise developed deep expertise in areas of the estate ” – Vinay Anand, NetSPI

The internal aspects can be controlled by tools classified as Cyber Asset Attack Surface Management analysis. The external system can be examined by an External Attack Surface Management system as well.

That may be a terrific beginning, but this knowledge must be augmented while simulating an attack. NetSPI can assist an agency in developing an attack plan and narrative. That way, they can understand their risk profile and optimize methods to recover from an attack.

During the interview, Vinay Anand gives a terrific overview of the development of different methodologies behind system protection.