ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "EP32 Can You Ever Know Thyself: Cloud Attack Surface Management"
Episode Synopsis
Guest: Derek Abdine, CTO @ Censys.io Topics: Attack Surface Management (ASM). Why do we need a new toolset and a new category? Isn't this just 1980s asset management or CMDB? How do we find those assets that may have been misplaced by the organizations? How can any technology do this reliably? ASM seems to often rely on network layer 3 and 4. Can't bad guys just hit the app endpoints and all your network is irrelevant then? When you think about the threats organizations face due to unknown assets, is data theft at the top of the stack? What should organizations keep in mind as a priority here? Who at an organization is best set up to receive, triage, investigate, and respond to the alerts about the attack surface? Are there proactive steps organizations can take to prevent shadow IT, or are we stuck responding to each new signal? Isn't preventing new assets the same as preventing business? Resources: "Cloud Misconfiguration Mayhem An Analysis of Service Exposure Across Cloud Providers" "Attack Surface Management Buyer's Guide"
More episodes of the podcast Cloud Security Podcast by Google
EP258 Why Your Security Strategy Needs an Immune System, Not a Fortress with Royal Hansen
12/01/2026
EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance
15/12/2025
EP254 Escaping 1990s Vulnerability Management: From Unauthenticated Scans to AI-Driven Mitigation
01/12/2025
In God we trust