Ahead of the Breach

Armis’ Andrew Grealy on Left-of-Boom Threat Actor Intelligence

Listen Later

What if you could predict which vulnerabilities threat actors will weaponize months before CISA adds them to their Known Exploited Vulnerabilities list? Andrew Grealy, Head of Armis Labs, has built exactly that capability, providing organizations with threat intelligence that arrives 3-12 months ahead of traditional indicators. His "left of boom" approach changes how security teams prioritize patches and allocate resources.

But early warning is just the beginning, Andrew tells Casey. From mom and pop honeypots that catch nation-state actors to AI-powered supply chain attacks that slip malicious packages into enterprise applications, Andrew details how attackers are weaponizing the same AI tools that security teams use for defense. He also offers insights on the "triple threat" evolution of ransomware and practical frameworks for securing AI-generated code.

Topics discussed:

  • Building CVE early warning systems that identify threat actor targets 56% faster than CISA's Known Exploited Vulnerabilities list.
  • Implementing "left of boom" intelligence collection through honeypots in mom and pop infrastructure.
  • Moving beyond CVSS scores as risk indicators to prioritize patches based on actual threat actor behavior and CWE patterns.
  • Deploying strategic security controls like WAFs to eliminate 28% of ESX server console attacks, reducing patch urgency and operational disruption.
  • Understanding the "triple threat" ransomware evolution that combines traditional encryption with data exfiltration and AI-powered internal investigation for multiple revenue streams.
  • Combating AI-accelerated supply chain attacks where 54% of coding assistants automatically introduce vulnerabilities into generated code.
  • Preventing typosquatting attacks where threat actors create packages with similar name that AI tools recommend to infiltrate internal applications.
  • Establishing approved package repositories with exact version matching and implementing coding checks throughout the development pipeline as countermeasures.
  • Evaluating LLMs for security applications by testing with known answers first, then gradually increasing complexity to validate capabilities before deployment.

    • Listen to more episodes: 

    Apple 

    Spotify 

    YouTube

    Website

    ...more
    View all episodesView all episodes
    Download on the App Store
    Ahead of the BreachBy Sprocket