Security Validation: A Deep Dive with Cymulate’s David Kellerman

https://is1-ssl.mzstatic.com/image/thumb/Podcasts122/v4/ba/d8/2e/bad82e93-4808-378e-51db-7998969753df/mza_14911023975293012637.png/600x600bb.jpg

The Security Ledger Podcasts

The Security Ledger

9 episodes

8 months ago

In this, our 70th episode of The Security Ledger podcast, we speak withXu Zou of the Internet of Things security startup Zingbox about the challenges of securing medical devices and clinical networks from cyber attack. Also: we take a look at the turmoil that has erupted around the OWASP Top 10, a list of common application security foibles. And finally: open source management vendor Black Duck Software announced that it was being acquired for more than half a billion dollars. We sit down with Black Duck CEO Lou Shipley to talk about the software supply chain and to hear what's next for his company.

All content for The Security Ledger Podcasts is the property of The Security Ledger and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Security Validation: A Deep Dive with Cymulate’s David Kellerman

The Security Ledger Podcasts

30 minutes 49 seconds

9 months ago

Security Validation: A Deep Dive with Cymulate’s David Kellerman

In this Spotlight episode of The Security Ledger Podcast, Paul speaks with David Kellerman, the Field CTO at Cymulate, about the growing complexity of the cyber threat landscape -and IT security deployments. David and I delve into the growing demand for security validation technology, like Cymulate’s, that allows organizations to assess the utility and effectiveness of their security investments.

Watch the video

Read the transcript

Download the MP3

Cyber threats and attacks are metastasizing – and proposed solutions along with them. That’s been the dynamic for decades, as new cybersecurity tools and technologies emerge in response to changes in the threat landscape: a steady march from firewalls to AV to intrusion detection…DLP, application firewalls, EDR, and on and on.

But as IT deployments – and the landscape of cybersecurity solutions – have become more crowded and complex, security teams are under pressure to re-think their investments: focusing energy, resources and attention on the tools that actually work – addressing real world problems and lowering risk. The question: how to know which security tools are providing the best protection? Another question: is your organization maximizing the tools you have to address the risks and security exposures that are most relevant to your firm.

Enter the fast growing field of security validation: AI-powered technology that allows organizations to simulate malicious attacks and assess the effectiveness of existing or proposed security solutions as they seek to block or respond to attacks. It’s a market that Cymulate, the Israel-based maker of automated security validation tools, knows well.

In our latest Spotlight Podcast, I am joined by David Kellerman, Field CTO at Cymulate. Together, we delve into the ever-evolving landscape of cybersecurity and the significance of security validation technology as threats and sophisticated attacks mount. Cymulate’s technoogy focuses on threat exposure: allowing firms to continuously test and optimize their security with a focus on the exploitable risks within their environment that are most likely to be abused by malicious actors.

While companies these days often have the necessary tools on hand to secure their assets, the challenge lies in their optimization and implementation, David tells me. Security drift is also a concern — the gradual erosion of protective measures due to inevitable environmental changes, like relaxed or unexpected configurations leading to vulnerabilities. And David stresses the importance of moving beyond default configurations to ensure maximum efficacy against evolving threats.

Understanding Security Validation

In our discussion, David highlights Cymulate’s core mission: empowering security teams to validate and optimize their security controls: simulating attacks and enabling companies to measure the effectiveness of their cybersecurity defenses. This approach allows businesses to identify vulnerabilities a...