Video: Unmasking Cyber Threats: Your Blueprint for Proactive Exposure Management | Duration: 3612s | Summary: Unmasking Cyber Threats: Your Blueprint for Proactive Exposure Management | Chapters: Introduction to CEM (44.085s), Context and Prioritization (614.63995s), CEM Adoption Phases (771.51495s), Assessing Cyber Exposure (949.25s), Gaining Asset Visibility (1097.4s), Risk-Based Asset Management (1236.26s), Early Warning Systems (1597.07s), Integrating CEM Solutions (1780.88s), Continuous Improvement Strategy (1936.115s), Closing Remarks (2270.635s)

Transcript for "Unmasking Cyber Threats: Your Blueprint for Proactive Exposure Management": Welcome, everybody. Thank you so much for joining today. I'm joined, by my colleague, Maxine. Maxine, good to see you again. Love to talk about this this concept of, cyber exposure management. Right? It's everything that we do. And what we thought together was to really put together an idea, to give you, the audience, a blueprint as to how you start putting cyber exposure management or CEM into actual practice. You know, we talk about it so much. We talk about all of the threats, the the the different things that can happen, how the world changes on almost a daily basis. And we figured we'd unmask some of these cyber threats and really start to talk about, you know, if you're looking to put together a strategy to combat some of these things, how you're exactly gonna do it. Isn't that right, Maxime? Yeah. Thanks for having me. I'm looking forward because I I really like this real life approach and how you put this in practice. Yeah. And we've talked about this so much, so we figured this was just a natural progression to really spend a little bit of time with our audience on how do you put these things into practice. So without further ado, Maxima and I are gonna take you through some of those steps. And one of the things that I really like about these steps is that it's not linear. Right? You can make certain choices as to things you wanna do, things you feel that your, company or organization is is right to taken care of, or perhaps even some, different types of challenges that you may experience in the environment. So the nice thing about it, as I've mentioned, is this isn't linear. You can pick and choose what you wanna do, and bringing it all together really gives you a good blueprint for cyber exposure management and how to combat some of that. So with that, Maxine, you put together some really good pain points here, and this just really accentuates what we're hearing from the field so frequently. So if you could just take us through, some of the findings that you've, uncovered as part of our Armas Labs research and some of the other, pundits in the industry. What are they what are they saying? Yeah. Sure. So before we put cyber exposure management to practice, we kind of need to understand which are some of the key points that we are trying to resolve here. And, surprisingly, even in 2025, research continues to show, and that's what you see in the first bullet point, is that almost 40% of all assets that are connected to your network remain unmonitored. And we we know historical reasons for that. We know current struggles for that. These might be, exotic assets that don't take agents. So for some, historical reason, you cannot just monitor them just like you do with your IT assets. This might also, have something to do with the complexity of modern networks because, because of a a wrong network segmentations, you you don't have visibility over assets. But regardless of the reason, if your starting point is still 40% of assets that are unmonitored, well, suffice to say that the rest of your program will will not be successful. Right? So it's kind of foundational, foundational key point, if you will, when it comes to cyber exposure management. Secondly, is that, on average, we see that security teams lose four working days trying to figure out which vulnerabilities to prioritize. Now, I'm not even mentioning the the time that you lose or the money that you lose trying to do so, but can you also imagine the human impact, like, people, trying to work their way to a backlog? This isn't a motivating role. Right? This is what we call, prioritization and alert fatigue. People get really discouraged by the fact that they feel like they're working through an ever growing number of vulnerabilities and security findings. So the times where we try to figure out which one to prioritize first using things like spreadsheets is long behind us. There's there's something different that we need, and, obviously, as you'll see later, cyber exposure management is part of the answer. And the third point, and, as you know, Michael, I live in Europe. So when it comes to compliance programs, currently, everybody's talking about NIST two, but there's many more to it. But we see that sees those in general are just struggling to adhere to these compliance requirements to mature their compliance programs in general. And through my European lens, when we see something like NIST two, this is a directive that has been out there for quite some time now, but still, all the local countries are struggling to translate that into national legislation, and all the local organizations are, of course, also struggling to adhere to something that hasn't been properly defined. So whether you're an IT service company with many subcontractors or whether you're in health care with a lot of outdated infrastructure or budget constraints, maybe, adhering to compliance is one of the major key points that, we are trying to resolve with a proper cyber exposure management approach. And I would say last but not least, those two hundred and seven seventy seven days are the average dwell time between breach and detection. This is the complete opposite of a proper cyber exposure management program because if there's almost three hundred days between reach and detection, you're anything but proactive. I mean, this you couldn't be more reactive than that. So, again, you'll see as we move forward to some of these, building blocks and puzzle pieces of cyber exposure management, how we take you from being reactive to being proactive. Yeah. And I think that's really the key, Maxime. Right? It's, a combination. It it's kind of like, the perfect storm. Right? It's not being able to see everything appropriately. You have a deluge of alerts and findings. How do you deal with them? And and then, of course, you got compliance wrapped around it. The last thing you wanna do is be fined for something. And just, you know, the famous measurements of, you know, either NTTD or MTTR, you know, how long does it take to detect, how long does it take to respond. These are all key pain points that are really putting organizations at risk. And if we can really get our hands around some of this stuff, then this makes a huge difference. Now I I think before we go any further, one of the things we should define is this sector, is this idea of CEM. Right? There are so many different definitions, there are so many different approaches, and really, what we're trying to do is lay the groundwork for a more systematic approach in order to essentially fully deal with the problem, right? So it's not just an IT problem, it's not just, the Internet of Things type of problem, it's it's a global problem. It's a challenge that we really have to face. So before we we get to some of the solutions, some of the strategies you can use to implement CEM appropriately, it's really important to talk about the five core elements that make up CEM. And it's not rocket science, right? This is what we're all trying to achieve here. But just really to put it out there, the first thing is the ability to know what you have there. And, Maxime, you and I have seen in countless cases where, you know, customer or prospect says, you know, I have a 100,000, different assets and devices out there, and by the time we start to do discovery, it can be three or four fold that, right? And that just happens so frequently. So the old story of, you know, it's impossible to kind of protect what you don't know about, this is really important. This is something that we really have to get our arms around. Of course, everything is based on context. Right? What do these different assets do? And I love to use the example that we've actually seen in some instances where, you know, in a health care setting, there's a very different type of, context of, something that is kind of life saving or touching the patient, versus something that maybe isn't as critical. So really, looking at the different risks, looking at the different assets, looking at what your criticality is of that asset in relation to every The third area that we talk about is around being proactive. Right? And Maxime, as you mentioned on the last, on the last slide, you know, the idea of compliance and different frameworks, right, that should be a bare minimum. That's kind of like the basement, the foundation, the ground floor of what you should be doing. But really being proactive, and instead of waiting for an attack to happen, really get in front of it, being able to address different types of vulnerabilities or different potential security threats before they actually are acted upon. In the case of a vulnerability, it can become an exploit. Right? Being able to be proactive, whether it's part of compliance, part of a security, type of element that you need to take care of, being proactive is really important. Kinda closing that barn door before the horse escapes is really what we're talking about. The fourth area is really about orchestration, and we have to be very obtuse to not think that every person, every organization we talk to has an IT stack, has a security stack. Why not use them in concert with one another? Really being able to coordinate security efforts among these different devices. Right? They always say, kind of like teamwork makes the dream work. So the ability to enlist things like what you have in your environment today, such as a SIM, a SOAR, firewalls, anything that you have there, really orchestrating. And it can even be down to your ticketing system. Right? When you find a, finding, being able to, automatically, raise a ticket, assign a ticket, give kind of advice as to what to do, how to solve these problems. These are all important things. And, of course, the fifth area, and and perhaps the most important area, is that we never it's never enough. Right? We really don't say, okay. We've taken care of security. Now we could take a break. Right? That's something that we don't wanna do. So the ability to have an up to date picture, we know security changes very quickly. It's a dynamic environment. Arguably, even the organization is dynamic. Right? The business models may change, different initiatives may change. So the ability to have kind of these five areas around visibility, context, being proactive, being able to orchestrate your entire tech stack or security stack, and then monitoring on a regular basis to see what has changed over time. These are all key components of the cyber exposure management program that we're going to put in front of you today. Yeah. And if I may add one or two things, Michael, that I I find really important when when discussing this with with customers. All five are are important. Don't get me wrong. But I think especially around the context, it's worth noting that, what what is business context or business impact for you might be different, to to another organization. You mentioned that the example of, medical devices where potentially human lives are at risk, but that is also true for an IT company where the same vulnerability has a completely different impact when it's on an employee laptop versus on the payment server that handles all of your ecommerce. Now prioritizing the risks based on the business impact is something that is very unique to your organization. So I wanted to highlight the fact that whatever solution you you would go, with, it's important that you are able to tweak it to your needs because in many cases, many vendors would be offering context or prioritization, which is kind of their algorithm, and it's a black box. You don't have visibility on how it works. You cannot tweak it. You cannot add your own business context to it. So prioritization, even though it's being used by so many vendors and you see this all over the industry, there's many flavors, of of of doing this. And so make sure you you select the solution where you can actually tweak it to your to your business. That is something very important I wanted to add. Yeah. That's really key. I mean, one of the things, you and I always joke about is that security shouldn't be t shirt sizes, right, where you have a small, medium, large, and extra large. There's so many gradations between every business is a little bit different. And how many businesses do we see, Maxine? How many organizations do we see that are, you know, are running proprietary things? Right? So there are no two businesses that are created equal. It's almost like every business, is somewhat of its own snowflake. Right? And they have they have different designs. And as you mentioned, the ability to kinda tweak and and have that ability to configure and customize it is just such an important piece of this. Good. At the end of the day, it's about We were sorry. I didn't wanna interrupt you. But we hear API driven everywhere. We have algorithm everywhere, and that's all fine. It's also the power of many solutions out there, but you need to be able to make it your own. That's what I was trying to say. Yep. Absolutely. Absolutely. So I think, Maxine, it's a good part, it's a good point in time in in this webinar to really introduce our different adoption phases of CEM. Right? And as we we we we numbered six of them. These are six critical areas that we feel are really important to talk about, today. They're they're not the only ones, but we kind of wanted to have it as a as an easy bite size, type of, ability to run through CEM. And, again, none of this is rocket science, but the ability to translate it, as you mentioned, to your own business, to your own organizational goals are really important. So we're gonna talk about these six different adoption areas, we're gonna start talking about, you know, what is your cyber exposure strategy? Of course, being able to define what that looks like is super important, and then, of course, as we mentioned, the ability to see something is kind of key and foundational in terms of being able to defend against it. So step number two is really around achieving holistic visibility. We know that there are gonna be lots of findings once you start, looking into these things. There's gonna be different types of vulnerabilities, potential threats, potential things that you didn't think may happen. It could even be one device talking to another, but maybe shouldn't. Right? So it's really around, prioritizing and then remediating, the risk in accordance with the things that matter most to your business. We'll talk a little bit about what advanced threat detection is, what do we mean by advanced threat detection, how do you leverage it, how do you use it, and then, of course, as I mentioned before, security is really a team sport. So we'll talk about how you can make CEM. You can use everything that's in your environment today, every purchase that you've made, every investment that you've made in technology, and really begin to integrate and, orchestrate that existing tech stack into your CEM solution. And then finally, again, if you're not continuously improving, you're kind of moving backwards in some respects, inertia is never a good thing. So the ability to really continue the continual improvement, the continuous, update of your security is super important. So we'll talk about these six phases, and some of the things that you should watch out for, some of the things that you can implement quickly, and really begin to make a difference in your organization. So, Maxey, let's start with with number one. We talk about, you know, cyber exposure strategy, and this seems kind of like a very basic thing, right, is really start to assess your environment. Can you talk a little bit about, you know, what we mean when we say, you know, to assess that environment? You know, what are some of the objectives? What are some of the things that we should do, in this area when we start to build that strategy? When we start to say, hey. You know, this this is direction. This is the goal that I really wanna get to. What do we have to do here? Yes. So this is really interesting, but because the first time we mentioned assets, many organizations thinks only consider physical assets, like physical devices that are connected to to their network. So you have to rethink this concept and think about anything that has value to your organization, everything you put in place already, all of your existing security measures, but all of the assets, physical, virtual, we call this from the ground to the cloud, all of the associated vulnerabilities. And these are not just CVEs like the the traditional vulnerabilities that you that you might know. These can be misconfigurations. This can be unencrypted credentials traveling on your network. And so the baseline assessment is trying to ingest all of your existing tools. We add to that, typically, when when we see deployments, we add to that telemetry data from the network. And so all of these, data points together combined will, have to be rationalized, deduplicated, kind of giving you the baseline. Okay. This is what I have today. These are the existing security measures that I have. And when you see this this combined baseline, obviously, you can start building your strategy. But this is like a foundational start point, if you will, of any, cyber exposure management strategy is that you have to understand your baseline. And you would think that this is something that has been put in place in in most organizations, but this is, for many organizations an moments. Like, okay. I'm using different point tools. I have a a variety of assets, but I've always underestimated it. Now through, solutions and platforms that offer cyber exposure management, you get to see everything consolidated, debaupicated, rationalized in in a single point of, single pane of class. And that is a moment where you can start rethinking your strategy because, believe me, typically, you will find some pleasant and less pleasant surprises there. Yeah. Absolutely. And I think that, you you have to start off with, you know, what does good look like? What does normal look like? Right? In order to find those those outliers, the abnormalities that can happen, whether, it's a misbehaving type of asset, or or whether it's something that shouldn't have access to something that's really key. And that's not to say that any one person has that full view. Right? There's no there's no guru in the organization that says, okay, everything is normal, everything is abnormal. I think that the the key point here also to making this work is the last bullet that we have here, which is really engaging the stakeholders. So if you're in a manufacturing organization, you and you're part of the IT organization, you're going to involve people like, the folks that are running the OT system or that are configuring things like PLCs. You're going to want to, in a healthcare organization, involve your clinical engineers that are actually dealing with the devices that are touching patients. Right? So it's really a team sport, as we mentioned, being able to get the buy in from everybody that we are going to, really roll out this program, and have the experts weigh in is really key to getting started. So let's move over to to point number two, and this is really about, gaining visibility. Right? It's really understanding what you have in your environment. And, Maxime, you and I have joked on a few different instances that, today, hackers are using AI to perform hacking techniques. Right? They're leveraging all of the good technology to do everything bad. And in so many instances, when we engage with customers or prospects more often than not, is, you know, they have a spreadsheet with their asset inventory on it. Right? This is a very static type of thing. Arguably, it's dated, it's out of date from the moment that it's committed to paper, it's not dynamic. So, point two is really about using the tools, being able to implement the right tools that has real time or near real time discovery of all of your assets across the environment. And you notice, Maxine, maybe you can, explain a little bit more detail. We specifically talk about assets, and we don't say devices. What what's the difference? What do we have to look for when we talk about achieving holistic visibility as step number two? Yeah. So assets can be anything that has value to the organization, whereas devices are typically more physical devices that would be connecting to your network. Right? We say physical or cloud because it can be something like cloud deployment. It can be code. It can be, applications. It can be identities. So assets is a much better term to the determine the level of visibility that you need or the real time time discovery that you need, to have a, real time and detailed inventory of your assets. That's why we use this term. And like you mentioned, there's there's there's so many organizations out there who struggle to keep an an accurate inventory or detailed inventory to all the the context that they need. And even if you establish it at some point, depending on the the sector that you're in, depending on the vertical that you're in, there might be mergers and acquisitions coming up. There might be other, mergers and moves within our organizations that you hadn't anticipated. And this is what we often hear is that, organizations need tools, new platforms that are flexible enough to support them in that next phase as well because it's not because at some at some point, you were successful at establishing your own detail inventory that tomorrow there might not be any acquisition happening within the group that you work for. And then you'll need a swift, approach so that you don't, lag behind for twelve months where you would have, let's say, the your organization using a modern, up up, up and running inventory, and the acquired entity is still running on spreadsheet. So keep that in mind when when looking at platforms so that you need the flexibility to quickly, ingest, if you will, new entities within the program. Yeah. And it's really about, you know, not just knowing what the assets are, knowing what they do, how they work, what do they touch, what are some of the pathways that they may take, what are they connected to. It's really about breaking down the silos. Right? More often than not, it's not that an organization doesn't have a good security program, but it's there are so many silos in there, it creates blind spots. It creates these gray areas that we perhaps don't understand as well as we should. So it's really about getting that full view, that team sport that we were talking about is is really key. Now number three is something that I I think is really important. Right? We talk so often about different bad things that happen, and we see so many times that organizations have a backlog of literally hundreds of thousands, if not millions, of different things they need to deal with. And, you know, a car manufacturer can't just shut down a production line, because there is a problem. And at the same time, they may not even if they could, right, they may not have the staff available to deal with hundreds of millions of different findings. So I think it's really being able to where do you make the most difference? And that's all about prioritizing and remediating risk. It's being able to say, okay. You know, that is an asset that touch that touches a patient or is part of the emergency room, versus this other asset, which is part of, a refrigeration unit maybe in the dietary area. Right? There's so many different ways to prioritize and remediate risk. Maybe you can, Maxine, take us through a little bit about how a risk based framework works, how you once you get that risk number, you can start to automate things and be able to actually knock down these problems based on the threat model, based on the, potential outcomes if that specific device or asset gets defeated. Yes. Exactly that. So risk based for us, means that it's based on the actual exploitability and impact of that, vulnerability or threat. So instead of using something that is static or something that is theoretic, this is based on the real impact it might have, and it factors in your business context. So to be very clear, when I say something static, I mean things like CVSS scoring, which has its value. We sort that information as well, at our customer deployments, but it's static. Right? It doesn't factor in the reality of of exploits. Same goes with EPSS. It has its value, but it's theoretical. It's not based on the real, world out there and and the exploits happening in the wild. So having a risk based framework, means factoring in the real exploitability and factoring in your business context. This also kind of allows you to factor in things like what is the remediation impact because one single patch might be able to resolve maybe 80 security findings in your environment. So instead of just piling up, a list of potential remediation actions and patches that you need to assign, you can turn that around and and think about a remediation driven approach where you actually anticipate the impact of a remediation action. All of this to say that this is where we see organizations going from millions of security findings. Like, it's literally in the millions if you have a bit of a a scale of an organization to, thousands or potentially a few thousands, groups, remediation actions that where they can actually execute because there's no way you can build a plan based of millions of actions. You need something in the thousands, and you need a team to be able to handle that. This this is where the importance of those risk based frameworks are going to play. Yeah. And we can't speak enough about this. I mean, if we think about all of the security just the security stuff in our tech stack. Right? You can have a firewall, a a similar sort product, or a a variety of other different security products that are all firing off the same alert. Right? So if you can kinda group these things and prioritize them, you have so much more of an impact on being able to figure out what matters most to the organization and and essentially prioritize it, mitigate it in an appropriate fashion. So this is one thing where I think step number four gets a little bit more into into, new things. Right? New things that are happening, new technologies that we can leverage, and, no less than, when we talk about things like machine learning or artificial intelligence. As I mentioned before, hackers are using this to actually launch attacks. Why wouldn't we use it as part of the good guys to be able to stop things? So, you know, one of the things that are I know, Maxime, near and dear to your heart is the idea of early warning, being able to find different potential threats before they are out in the wild, while they're still in the formulation stage. This is something that Armas is a big believer in, in dealing with things like early warning, alerting you to things before they actually happen. Right? The worst thing that can happen is, you know, in your own home. If you were to buy a security system, the last type of security system you'd probably want to buy is one that essentially alerts you when the, robbers have already gotten into your house and they're carrying out your couch. Right? The the the real thing that we want in terms of a, a theft deterrent system is to actually know when people start poking around. Right? Before that attack, whether it's on your house or whether it's in your virtual house, before that actually happens. So, talking about advanced threat detection sounds like science fiction, but it's something that we are already using today. So, Maxine, what are we doing in terms of some of the early warning? What are some of the best practices that we talk about? I think I'll give you just an example. I heard from a customer recently because it speaks more than a thousand words. They mentioned the vulnerability in a a large virtualization, type of hyperscaler product. I won't I won't mention their name, but it's very very famous as you can imagine. And the fact that this customer got an early warning, like, literally a week before the threat was, published or publicly, announced, it it changes everything. You can say, like, a a week, if you were able to prepare your environment to apply patches to maybe, put different mechanisms in place to avoid the breach, a week before the threat intel or the CVE is announced. Can you imagine what a difference it makes? And this is what what what organizations get as a benefit from early warning technologies. For me, this is, just fighting with equal weapons. Because like you mentioned, attackers are using AI and machine learning to attack us. We need to adopt an approach where we use, similar techniques to kind of anticipate threats that are still in the formulation stage. So this is literally you getting a warning, an early warning before any CVE is published or announced so that you have the time to harden your environment and or to apply mitigation or or patching actions before the damages. That completely changes the game. So, again, when, organizations test testified, about this, this is the true value, I think, of an urgent warning attack approach. Absolutely. And it's really redefining security today. So once we have all of this information, right, whether it's an early warning or something that is just not behaving appropriately, obviously, a big part of it is being able to work in conjunction with what you have already. Right? In many instances, so many instances, we see customers that have a beautiful tech stack, that have a beautiful security stack, and and and the ability to implement CEM, the ability to look at asset management, exposure management, is really a a piece of the puzzle. They say, you know, I have so many different piece parts. How does it all come together? So I think step number five as far as CEM is is really crucial, which is, as I mentioned before, this is a team sport. Right? It's being able to integrate with everything you have. So when we talk so step number five is really important, where we start to bring everything together. We eliminate these different silos. We start to connect the different security devices that you have, the different security practices that you have, and essentially build an orchestrated CEM solution. So, Maxine, I know that you've seen this happen time and time again, whether it's in terms of being able to check the visibility across everything or even automate workflows. What does that look like in some of the environments that you've seen? Yeah. So this removes a lot of friction. The fact that CEM can be implemented with your existing tech stack, with your existing workflows is kind of music to the ears of of organizations. Imagine having put a lot of work into an existing vulnerability remediation workflow with Jira ticketing, the teams that are behind it to to kind of receive those tickets. The c e m the CEM solution should not try and replicate that or should not try to replace that. The CEM solution should make sure that you can continue to use your existing workflows. However, the CEM solution will make sure that, the deluge of tickets gets gets, to a manageable amount. So instead of sending thousands of tickets per day, it will be maybe a thousand per week, just to give you an an idea of the of the efficiency gain there. So less tickets, existing workflows. And instead of trying to find out who is the owner of an asset, you'll use the CEM platform to, kind of, try and predict who is the most, likely owner of an asset using AI technology. So, again, workflows that have been put in place can be kept, but CEM reinforces, the workflows, diminishes the the amount of alerts and tickets. So it's kind of optimizing everything you already put in place. Yeah. Yeah. Absolutely. You get the triage. You get the recommended course of action, and it's delivered to the right organization, to the right person in the organization. So, you know, you're not spending time trying to find who the owner is of this and and, god, what should I do about it? Right? The so that's a really important aspect. Now, the last area as we come kinda to the end of this, webcast is really about continuous improvement. As I mentioned before, being static saying, okay, we're good enough. Let's, you know, look at this again in twelve months from now, is not a good strategy. The ability to look at things on a regular basis because it is a dynamic environment is is super important. So one of the basic most basic things we wanna do is to establish, you know, what are our key performance indicators? What does success look like? And and and and use that as a goal. Right? You should have a goal and a stretch goal as to where you wanna get to. Now, obviously, Maxine, one one of the things we wanna do is we wanna ensure that we are continuously reviewing what we have. We know organizations change, we know models change, we know the threat landscape changes. So how do we really kind of implement that regular review process and really bring the entire organization along for the journey, when we start to look at continuous improvement. Yeah. I think a critical part here is that, as you mentioned in the beginning of this, webinar, is that you have to have buy in from various teams, and then there you should get rid of silos within your organization. So part of having a regular review is the ability to translate all of the technicalities, all of the policies, all the vulnerability chasing that you put in place into something that speaks to the business, whether as a CISO, we need to report to the board or our vulnerability manager with your CISO. You need to facilitate regular reviews in a language that people understand. And this is also another value, I believe, of putting in place the process like cyber exposure management because typically these solutions have these platforms will provide you with dashboards, visualizations, trend over time, reports that speak to a known technical to a non, compliance audience, if you will, so that you can regularly review and keep track of what you have put in place. Excellent. So those are six really good points. We talked a lot of about about these different points. But at the end of the day, how do you measure? And it's really being able to define what your key business outcomes are are about. So we have a couple up on the screen right now. We talk about, obviously, reducing risk, really ensuring the fact that you have good visibility, that you're able to, prioritize what needs to be take care be taken care of and remediated on a regular basis. We wanna ensure that there's good operational efficiency. We realize that in even the most, well funded, well staffed organizations, it's impossible to do everything. So let's automate the tedious, really get around things like operational, hiccups or bottlenecks, being able to, ensure that there's efficiency, apply automation where it's appropriate, and, of course, being able to elicit a human, interaction, human response when a human is needed. So it's really about getting that efficiency. At the same time, we wanna make sure that we're able to, demonstrate compliance. Right? And how many organizations are we able to say, listen, if if you can proactively demonstrate compliance, you may, eliminate an audit or a full audit. So being able to really show that compliance both to the board as well as to, different compliance, bodies is really important. And, of course, at the end of the day, as you mentioned, Maxime, it's all about being able to, demonstrate resilience. At the end of the day, security isn't there just for security's sake. It's an enabler of the business. Right? We no longer wanna be, the business of of no. We wanna be the business of, yes, being able to ensure things that are able to happen rather than, you know, perhaps putting undue, stress, undue restrictions on organizations, really allowing them to gain, kind of, like, the full, ability to execute on their mission. These are all really important things. So we do wanna put up some of these these key business outcomes. These are probably across most organizations. But as we mentioned so many times, Maxine, I believe, make that make them yours. Make sure that they fit your organization. That's really key. So in order to end the, the webinar, right, it's it's all about, you know, where do you get started? We have a really good, buyer's guide that goes through this in a lot more detail. It has checklists. It has steps on how to do all of this. But perhaps, I think, Maxine, the the the the best thing we can tell organizations is exactly what's listed on this slide in in in big, like, 20 font. Right? It's begin somewhere. It's be proactive somewhere. Yeah. I wanted to say it's happening now. Cyber exposure management is not some, far in the future strategy that you start should start thinking about. Centimeters is happening now. You can join literally like it says, here's thousands of organizations who already leveraged this, and it's very modular. You can start by ingesting all the data points and security practices you've already put in place and use that as your foundational building block to to develop the other phases as we saw during this webinar. So this is not a big monolith program. It's very modular, and it's happening today. Absolutely. So, Maxime, I think we're out of time, but really appreciate you, joining me. It's always great when we get together to talk about these things. I think we always learn new things from each other, and, hopefully, the the audience, has learned some new things also. And, of course, if there's other stuff that we should cover, right, if there are things that maybe we didn't cover on these things that you'd like to see in the future in terms of topics, whatever else, certainly reach out to us. We wanna try and address them. But whatever you do, download that buyer's guide. It goes into more detail. You can use it as part of your organization. And I think beyond, everything else, actually, really good to see you. Good to see our audience today. Really appreciate you joining us and looking forward to seeing you on a future webcast. Thanks, Michael. Bye bye.