At A3Sec we have always tried to be very close to those responsible for security in companies, who are the ones who are really at the forefront of the battle every day, seeking to fully understand their needs.
That’s the reason why we have promoted a series of events called "Coffee with CISOs" where we asked CISOs about their challenges, needs and concerns. The result has always been not only very interesting but also very useful for developing new innovative services aligned to the needs of the current market.
This year we took an additional step and ventured to test a new version, this time we were able to bring together several security managers (both technical and business) in a single event, in a more open format with the aim of talking about one of the points that we identified as not fully covered in the area of cybersecurity, and which could lead to a lack of full understanding of the company's security posture.
At the end of April we organized the event in one of the rooms of the renowned Ramsés Restaurant in Madrid.
In those days the weather in the capital was between cloudy and rainy, but luckily at 7:30 p.m. it had stopped raining and the temperature was pleasant. The site and the environment were conducive to relaxing and chatting about cybersecurity while enjoying good company, drinks and food.
The topic that we proposed to start the conversation was the difficulty that exists in the complete management of vulnerabilities, emphasizing "complete", since this management is not only producing a report with the grouping by criticality among the thousands of vulnerabilities that, even, most of the time they are repeated month after month even without a good understanding of the objective, which in reality does not represent the risk that the company faces, nor is it understood at the level of the management committee.
What would you think of having a service that analyzes the company's situation using all sources of information, whatever the origin, and exposes the company's security risk based on existing threats, both due to the exposure of its assets and existing threats to companies in the sector, country, etc.?
With such a solution, it would be possible to have full visibility, from detail to a single risk indicator that can be presented to the steering committee. In addition, this service could be in charge of managing the resolution of vulnerabilities until the end...Interesting?
After this declaration of intent, which was very well accepted, came the obvious doubts and questions, all the sources? Also the pentesting reports, etc? Would you manage the closure of the vulnerabilities? Would we talk about threats and not vulnerabilities?
Indeed, the answer to all these questions is yes, and an important point is to put the main focus on threats, since various vulnerabilities classified as medium or low can result in a direct threat to companies in the sector, while their resolution would be at the bottom of the list for not being declared as critical.
After a while of debate and explanations, the solution presented was very well accepted, and it was when we revealed that this development comes from listening to them in recent years and that A3Sec makes this service available to companies, calling it Kaos Data Threat Service. With this product we seek to respond to all those needs and challenges that have been transmitted to us in recent months, hoping with it to facilitate the day-to-day of their difficult work in the world of digital asset protection.
After this conversation, we talked about more needs that inevitably continue to arise as cybercriminals evolve, but also new solutions that are emerging on the market just as sophisticated and trying to stop new attacks.
The day ended with a pleasant conversation in a relaxed atmosphere where we even had time to talk about current issues such as the global situation, the war, Pegasus, etc.
When leaving the restaurant it was a splendid night and the square was boiling, what a desire to stay a little longer, but we had to gather strength to continue in the battle the next day, so this pleasant evening ended.