Governance & Risk Management
,
Video
,
Vulnerability Assessment & Penetration Testing (VA/PT)
Yevgeny Dibrov on Why Figuring Out Which Vulnerabilities to Prioritize Is So Vexing
Determining which asset vulnerabilities should be prioritized for remediation is one of the biggest challenges for virtually every CISO and CSO, says Armis CEO Yevgeny Dibrov.
See Also: OnDemand I IoT infrastructure and Retail Operations Fireside Chat I AMPOL
Dibrov says CVE and CVSS scores aren’t an effective way to prioritize which vulnerabilities to fix first since the security risks for a manufacturing company are very different from those for a technology or financial services firm. Armis seeks to address this by providing a risk score that determines the business impact of exploiting a vulnerability based on the firm’s knowledge of every asset in an environment (see: Krebs to Vendors at Black Hat: No More ‘Band-Aid’ Approach).
“We are the only ones that can provide asset vulnerability management for every type of asset and every type of environment in a scalable cloud solution that addresses the biggest gaps for all organizations,” Dibrov says. “Clients want one solution to solve all these problems and not niche solutions for specific environments.”
Information Security Media Group spoke with Dibrov before Armis revealed it had laid off 3.5% of its employees, or 25 of its 670 workers globally, according to Calcalist. Dibrov and co-founder and CTO Nadir Izrael told Calcalist the company wanted to approach 2023 in the most conservative way possible and act according to the most pessimistic assumptions in the market.
“This is a difficult day for us,” Dibrov and Izrael told Calcalist. “When there is such a powerful anomaly in the market and a change in the way companies are measured, even a strong company like Armis is affected by this. What we are seeing in the market are signs of recessions, so even though we are growing like crazy, we need to be a lot more responsible.”
In this video interview with ISMG, Dibrov also discusses:
- How Armis has spent the $300 million it received in November 2021;
- How asset management needs differ for critical infrastructure firms;
- Which parts of Armis’ portfolio are growing the fastest and why.
Dibrov co-founded Armis in December 2015. He previously spent three years at cloud access security broker Adallom prior to its acquisition by Microsoft, during which time he led global business development. Prior to that, Dibrov spent 15 months as a firmware engineer at Mellanox Technologies and two years as a software engineer in the Israeli Intelligence Corps.