The cybersecurity industry is littered with acronyms. SIEM. EDR. APT. CISO. CISA. The list goes on and on.
So it wasn’t surprising that there were a lot of acronyms in RSAC 2023’s sessions and keynotes, as well as in the dozens of news items and studies released during the conference. The hottest acronym, by far, was AI, as everyone (literally everyone, including keynote speaker Eric Idle) had something to say about ChatGPT and the skyrocketing popularity of generative AI.
But there were a few other, less familiar, acronyms discussed at RSAC this year: HEAT and EASM. Neither are new terms, Andrew Barratt, vice president at Coalfire, pointed out in an interview.
“External attack surface management and detection, or previously just attack surface management (ASM), is a concept that has been around for a while. The aim is really to gain a better understanding of those initial points of attack that lead to the ‘initial access,’” Barratt said. “The HEAT definition is essentially a repackaging of our old friend, the Advanced Persistent Threat or APT.”
As web browsers become one of the most-used enterprise applications, they’ve become one of the most popular attack vectors for threat actors. It’s not surprising, then, that browser-based HEAT attacks have become a launching point for ransomware, advanced phishing and zero-day malware.
What is HEAT?
HEAT stands for Highly Evasive Adaptive Threats, which attack through web browsers and use a variety of techniques to avoid detection by the layers of technology in current security stacks.
“HEAT attacks work by understanding how organizations are likely to detect threats entering (technology such as URL reputation, sandbo ..
Support the originator by clicking the read the rest link below.
