TechSpective Podcast Episode 104
Organizations invest signficant money and resources in cybersecurity in a constant, 24/7 battle to protect applications and data from cyber adversaries. It’s a bit of a cat-and-mouse game that has gone on for decades. Threat actors devise innovative exploits and attack techniques, and new security tools and strategies are introduced to defend against them, so threat actors come up with unique new attacks. Rinse and repeat. But, what if we had applications that could defend themselves–adversary aware applications?
Ammar Alim, Manager of DevSecOps Solutions at Adobe, is my guest on this episode of the TechSpective Podcast to talk about how they are creating adversary aware applications at Adobe. Ammar shares that he does some soccer coaching as well, and tells his players that either they are chasing the game, or the game is chasing them. “This is very applicable here in cybersecurity, where if you’re waiting for an attacker–for a zero day–and then try to respond to that zero day you are reactive. There is a vulnerability, and then we’re going to have all hands on deck, and we’re going to do some patching.”
The approach Ammar and Adobe are taking to change the game in their favor is to develop applications that are capable of recognizing threats and malicious activity and take action to defend themselves.
Check out the full episode for our discussion of application security and the virtues of adversary aware applications. We also chat about the challenges of the traditional approach to vulnerability and patch management, and why focusing on patching all vulnerabilities is Quixotic, at best.
Please ask questions and share your thoughts on the topic in the comments below. Also, please subscribe to the TechSpective Podcast through your favorite podcast platform and share the podcast with your peers and friends.
If you enjoy the podcast, I would also be grateful if you could take 2 minutes to rate and review the podcast on iTunes or wherever you listen.
- SBOMs: The Hidden Ingredient in Secure Software Recipes - November 17, 2023
- Beyond the Buzzword: Data’s Crucial Role in Generative AI Security - November 16, 2023
- Democratizing Biometric Identity - November 13, 2023