IBM이 여의도 IFC 한국 IBM 오피스에서 18일 기자간담회를 열고 2022년 인수한 ASM 기업 란도리(Randori)의 사이버 보안 플랫폼을 소개했다. 란도리 공동창업자 겸 대표이사 브라이언 해저드는 “사이버 보안 위협이 빠르게 증가하는 가운데, 기존의 보안 체계와 방식은 변해야 한다”며, “공격자 관점에서 취약점을 이해해 보안 사각지대를 탈피하고, 공격 우선 순위를 정해 선제적으로 방어하도록 훈련함으로써 보안 위협에 적극적이고 효율적인 대응이 가능하다”고 주장했다.
▲Brian Hazard, Co-founder and CEO of Randori
Identifying Vulnerabilities from an Attacker’s Perspective… Avoiding Blind Spots
First, select a leader and establish an efficient ASM strategy.
One of the three mobile carriers to cooperate in security from the first half of this year
As digital transformation accelerates and the attack surface expands, IBM presents the Randoli platform to proactively respond to cybersecurity threats.
IBM held a press conference at the IBM Korea office in Yeouido IFC on the 18th and introduced the cybersecurity platform of Randori, an ASM company acquired in 2022.
“With cybersecurity threats rapidly increasing, existing security systems and methods must change,” said Brian Hazard, co-founder and CEO of Randoli. “By understanding vulnerabilities from an attacker’s perspective, avoiding security blind spots, and training to prioritize attacks and proactively defend, we can proactively and efficiently respond to security threats.”
'Attack Surface Management (ASM)' is a recent cybersecurity strategy that is a hot topic. This is an activity that continuously monitors cybersecurity vulnerabilities and potential attacks that constitute an organization's attack surface. This stems from concerns that external assets that companies are unaware of could become attack surfaces and targets for hackers due to changes such as cloudization, remote work, and increased M&A.
Gartner has selected ASM as the #1 security and risk management priority for chief information security officers (CISOs) in 2022. IBM, which announced the AI-based QRadar suite in May to speed up cyber threat detection and response, is continuously expanding its cybersecurity solution lineup.
The attack surface is any internet-based HW, SW, SaaS, and cloud assets where information is stored. It is a point that can be confirmed by hackers, whether inside or outside the company or a third party. According to a survey by Enterprise Strategy Group, 76% of hacking cases in companies were exposed to unclear cybersecurity threats.
■ Randori Platform, Providing ASM Experience IBM's Landori provides an offensive security platform that helps customers clearly understand cyber threats. The goal is to be like an 'ally who is like an enemy', providing the attacker's perspective from the defender's perspective, enabling effective attack surface management strategies.
Enterprises can discover their attack surface through an intuitive dashboard on the platform provided by the portal, and see which vulnerabilities and how threats were discovered. They can also prioritize cybersecurity threats.
Knowing your priorities means you can proactively defend against your biggest vulnerabilities. Based on this, companies can establish possible response measures and verify their own security programs.
IBM's Randori platform is divided into Randori Recon and Randori Attack. Randori Recon provides ASM as a single integrated platform to provide a continuous and active attack surface management experience. Randori Attack supports the verification work on the attack surface, and analyzes the possibility of attack during the verification process and checks whether the applied security system is responding well to the threat.
Companies help maximize security by becoming partners who conduct attack and defense training during operations and a 'red team' that carries out attacks on platforms provided as SaaS.
“The strength of the Randori platform is that it creates a secure environment with confidence,” said CEO Brian. “As the direction of cybersecurity is shifting from visibility to discovery and verification, we have high expectations for the Asia Pacific region and the Korean market.”
Meanwhile, at the event, Landori said, “Landori Recon was introduced in the first half of this year to one of the three domestic mobile carriers.” It is being used for mobile carriers’ cloud migration work, blocking IoT threat expansion, understanding attackers’ positions, and shadow IT (defending against threats that may arise from other teams).
Kim Kang-jung, head of IBM Security Business Unit, said, “It is an end-to-end attack security platform based on hackers’ actual advanced technologies and automated methods,” and “It is expected to be needed in all target areas such as telecommunications, medical care, finance, and the public sector.”
Additionally, the “Landori platform can be used independently or is compatible with third parties. “It provides interoperability and openness because it is important to be able to use it operationally,” he said.