Artwork

Content provided by ITSPmagazine, Sean Martin, and Marco Ciappelli. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by ITSPmagazine, Sean Martin, and Marco Ciappelli or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.
Player FM - Aplicație Podcast
Treceți offline cu aplicația Player FM !

Innovations in Autonomous Penetration Testing and Continuous Security Posture Management | 7 Minutes on ITSPmagazine | A Short Brand Innovation Story From Black Hat USA 2024 | A Horizon3 Brand Story with Snehal Antani

7:12
 
Distribuie
 

Manage episode 433988569 series 2972571
Content provided by ITSPmagazine, Sean Martin, and Marco Ciappelli. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by ITSPmagazine, Sean Martin, and Marco Ciappelli or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.

In 7 Minutes on ITSPmagazine Short Brand Story recorded on location during Black Hat USA 2024, Sean Martin had a fascinating conversation with Snehal Antani, CEO and Co-Founder of Horizon3.ai. The discussion revolved around the innovative strides Horizon3.ai is making in autonomous penetration testing and continuous security posture management.

Snehal Antani shared his journey from being a CIO to founding Horizon3.ai, highlighting the critical gaps in traditional security measures that led to the inception of the company. The main focus at Horizon3.ai is to continuously verify security postures through autonomous penetration testing, essentially enabling organizations to "hack themselves" regularly to stay ahead of potential threats. Antani explained the firm's concept of “go hack yourself,” which emphasizes continuous penetration testing. This approach ensures that security vulnerabilities are identified and addressed proactively rather than reacting after an incident occurs.

A significant portion of the discussion centered around the differentiation between application and infrastructure penetration testing. While application pen testing remains a uniquely human task due to the need for identifying logic flaws in custom code, infrastructure pen testing can be effectively managed by algorithms at scale. This division allows Horizon3.ai to implement a human-machine teaming workflow, optimizing the strengths of both.

Antani likened its functionality to installing ring cameras while conducting a pen test, creating an early warning network through the deployment of honey tokens. These tokens are fake credentials and sensitive command tokens designed to attract attackers, triggering alerts when accessed. This early warning system helps organizations build a high signal, low noise alert mechanism, enhancing their ability to detect and respond to threats swiftly.

Antani emphasized that Horizon3.ai is not just a pen testing company but a data company. The data collected from each penetration test provides valuable telemetry that improves algorithm accuracy and offers insights into an organization’s security posture over time. This data-centric approach allows Horizon3.ai to help clients understand and articulate their security posture’s evolution.

A compelling example highlighted in the episode involved a CISO from a large chip manufacturing company who utilized Horizon3.ai’s rapid response capabilities to address a potential vulnerability swiftly. The CISO was able to identify, test, fix, and verify the resolution of a critical exploit within two hours, showcasing the platform's efficiency and effectiveness.

The conversation concluded with a nod to the practical benefits such innovations bring, encapsulating the idea that effective use of Horizon3.ai’s tools not only promotes better security outcomes but also enables security teams to perform their roles more efficiently, potentially even getting them home earlier.

Learn more about Horizon3.ai: https://itspm.ag/horizon3ai-bh23

Note: This story contains promotional content. Learn more.

Guest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]

On LinkedIn | https://www.linkedin.com/in/snehalantani/

On Twitter | https://twitter.com/snehalantani

Resources

Learn more and catch more stories from Horizon3.ai: https://www.itspmagazine.com/directory/horizon3ai

View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

  continue reading

619 episoade

Artwork
iconDistribuie
 
Manage episode 433988569 series 2972571
Content provided by ITSPmagazine, Sean Martin, and Marco Ciappelli. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by ITSPmagazine, Sean Martin, and Marco Ciappelli or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ro.player.fm/legal.

In 7 Minutes on ITSPmagazine Short Brand Story recorded on location during Black Hat USA 2024, Sean Martin had a fascinating conversation with Snehal Antani, CEO and Co-Founder of Horizon3.ai. The discussion revolved around the innovative strides Horizon3.ai is making in autonomous penetration testing and continuous security posture management.

Snehal Antani shared his journey from being a CIO to founding Horizon3.ai, highlighting the critical gaps in traditional security measures that led to the inception of the company. The main focus at Horizon3.ai is to continuously verify security postures through autonomous penetration testing, essentially enabling organizations to "hack themselves" regularly to stay ahead of potential threats. Antani explained the firm's concept of “go hack yourself,” which emphasizes continuous penetration testing. This approach ensures that security vulnerabilities are identified and addressed proactively rather than reacting after an incident occurs.

A significant portion of the discussion centered around the differentiation between application and infrastructure penetration testing. While application pen testing remains a uniquely human task due to the need for identifying logic flaws in custom code, infrastructure pen testing can be effectively managed by algorithms at scale. This division allows Horizon3.ai to implement a human-machine teaming workflow, optimizing the strengths of both.

Antani likened its functionality to installing ring cameras while conducting a pen test, creating an early warning network through the deployment of honey tokens. These tokens are fake credentials and sensitive command tokens designed to attract attackers, triggering alerts when accessed. This early warning system helps organizations build a high signal, low noise alert mechanism, enhancing their ability to detect and respond to threats swiftly.

Antani emphasized that Horizon3.ai is not just a pen testing company but a data company. The data collected from each penetration test provides valuable telemetry that improves algorithm accuracy and offers insights into an organization’s security posture over time. This data-centric approach allows Horizon3.ai to help clients understand and articulate their security posture’s evolution.

A compelling example highlighted in the episode involved a CISO from a large chip manufacturing company who utilized Horizon3.ai’s rapid response capabilities to address a potential vulnerability swiftly. The CISO was able to identify, test, fix, and verify the resolution of a critical exploit within two hours, showcasing the platform's efficiency and effectiveness.

The conversation concluded with a nod to the practical benefits such innovations bring, encapsulating the idea that effective use of Horizon3.ai’s tools not only promotes better security outcomes but also enables security teams to perform their roles more efficiently, potentially even getting them home earlier.

Learn more about Horizon3.ai: https://itspm.ag/horizon3ai-bh23

Note: This story contains promotional content. Learn more.

Guest: Snehal Antani, Co-Founder & CEO at Horizon3.ai [@Horizon3ai]

On LinkedIn | https://www.linkedin.com/in/snehalantani/

On Twitter | https://twitter.com/snehalantani

Resources

Learn more and catch more stories from Horizon3.ai: https://www.itspmagazine.com/directory/horizon3ai

View all of our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugal

Learn more about 7 Minutes on ITSPmagazine Short Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs

Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/

Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

  continue reading

619 episoade

Toate episoadele

×
 
Loading …

Bun venit la Player FM!

Player FM scanează web-ul pentru podcast-uri de înaltă calitate pentru a vă putea bucura acum. Este cea mai bună aplicație pentru podcast și funcționează pe Android, iPhone și pe web. Înscrieți-vă pentru a sincroniza abonamentele pe toate dispozitivele.

 

Ghid rapid de referință