Name: Accelerate NIS2 Compliance with Automated Exposure Validation
Uploaded: 2025-07-22T14:18:35.669Z
Duration: 49 min 21 s
Description: Accelerate NIS2 Compliance with Automated Exposure Validation

Transcript for "Accelerate NIS2 Compliance with Automated Exposure Validation": Hello, everyone. First of all, thanks for attending the webinar. I know you guys are very busy, so we really appreciate the, that you are taking time to to make it and, you know, spend this slot with us. During the next, fifty, sixty minutes or so, we we are pivoting around the main topic, which is, how we, from Cymulate can help you to to accelerate, your compliance, your journey, with the NIS2 two directive. Alright? The agenda, let me share with you, is very simple. So first, we'll provide the a general overview of the directive, how it differs from the original NIS2 from 02/2016, what is new, general requirements, etcetera. Here, I need to thanks, my partner in crime, Amanda, for her great job, going through the whole documentation to prepare this webinar. Then after that, we'll jump onto the specific areas where we think that Cymulate can help to to accelerate this this journey, this compliance. And finally, I hope we have time, to show the platform with a quick demo on the main topics that we that we cover. My name is Pedro Rubio. I've spent over 15 years in the telecommunications and cybersecurity industries. Mainly, working across consulting, technical sales, and so on and so forth. These days, I am at Cymulate where I focus on mainly connecting the technical side with the, real business impact. So, yeah, looking forward to sharing some ideas and content with you guys on how from Cymulate, and with our exposure management platform, can help you to meet this, the regulation, specifically talking about NIS2 two. So, Amanda. Oh, thank you, Pedro. And thanks everyone, for being here. We appreciate your time. My name is Amanda Keggley. I've been also about fifteen years in cybersecurity. I'm a for former federal, kind of when when breach and attack and cybersecurity, was starting to kick off. I was kind of at the forefront. But I've also held, a key contributor, to to you, The US cybersecurity policy like NIS2 and and other frameworks. So happy to be here, go through the NIS2 directive, in our platform. And I'll go ahead and dig in here. So, you know, I know you're here. Right? You probably know the NIS2 two directive, but we're gonna open up with, the original directive was 2016, and it was intended to build capabilities, across the EU. And, there while there was quite a bit of significant progress, there was also some gaps where adversaries continue, to advance at a rate, and also we continue to, innovate at a rate that is hard to keep up. So, this new directive in 2022, implemented, mandated stricter cybersecurity and risk management requirements. But it also standardized who and what sectors and services, it needed, to to apply to ensure, continuity and, you know, services and, you know, cybersecurity protection, across the entire, EU. Let me go to the next slide. So, this slide right here, we've documented, there's two types of entities that this directive applies to. There's essential entities, and you can see the different sectors listed there, and the important entities. And this expanded from the original 2016 directive. It also, again, implemented stricter risk management requirements, additional penalties. So there is, monetary, penalties as well as, administrative or, you know, orders. And there's also audits that will happen. So, a member states will need to make sure that their entities, are prepared and ready to pass these audits. And for and lastly, it also holds, c C-level executives, liable. So it's really important to make sure that you have your level of cybersecurity, and you comply with this. So here's some themes, and then this two directive is, you know, if you're not as familiar with it, I'm sure a lot of you probably are, but the first section is a preamble and it's a lot of background information which is very useful, which really relates directly to these articles. So this right here, you can see the themes of the NIS2 two cybersecurity requirements. We've identified those out for you. And don't worry, we'll be we'll be sending these slides afterwards so you don't have to, worry about that. So really, essentially, all entities have to comply with article 21. Article 21 lists out all the cybersecurity risk management measures, like what specific policies that you need. And then article 23 defines what an incident is and, the whole goal is to prevent you from having an incident. Right? So we're gonna focus on article 21 and how Cymulate platform, will help you make sure you have a you're ready for your your cybersecurity audits. You have really good policies and you're validating those. So article 21, again, these are listed out and we've listed it for you. I won't go through one by one, but again, it's how do you make sure that, what are your policies for for assessing your risks and your threats? How do you handle your incidents and make sure that you're prepared for incidents? How do you validate that you have security throughout all your life cycle? You know, so systems life cycle from acquisition all the way to maintenance. How do you make sure that, your basic cyber hygiene practices, your MFA, or your device security baselines? How do you make sure that those are actually working? And this is where Cymulate exposure management validation platform comes in. So now, if you're not as familiar with the platform, it uses region attack, technology. It's been around for a bit and it's kinda morphed in from, you know, security control validation to exposure, exposure management, exposure validation. And really, the intent is to make sure that you it's all about the threats. Right? So you you're configuring your security controls to make sure that you are ready, for your threats, and you're preventing your and you're detecting. Adversaries will continue to mature. Security controls will continue to be fine tuned, and this is where proactive cybersecurity really comes into place. They really continuously validate that you're you're achieving the desired outcomes in terms of preventing and detecting emerging threats, and then that your security controls are, delivering desired outcomes that you're you were looking for. So these are the different areas that we're gonna go through. We're gonna bounce back and forth between myself and, and my colleague, Pedro. And at the very end, we'll kinda go through a demo and other platform and touch on these different areas and how that we can help you, achieve this. And it's all related to this two compliance and cybersecurity strengthening. So I'll start with the first one, proactive cyber protection. I'll take a few minutes to explain the layout of this slide. So what we did is, again, a lot of the information is in the preamble, a lot of great contextual information. So what we did is we went through and identified preamble which pair paragraphs relate, to this area and also mapped it specifically to article 21, which is the requirements that you'll be audited and evaluated on. So you can see throughout the themes of of the directive, it's all about being proactive for your prevention and your detection and your and your mitigation and not reactive. And and you'll see the different, how you can be proactive for Article 21, how are you assessing your risks, how are you making sure that you're written your risk management policies are are achieving. And this is where our sign language exposure validation, really platform, it comes in. It it it's all about proactive. That's really what it's about. It's it's taking something manual, red teaming, is not enough, it's not continuous, it has a lot of resources, so we're automating that. Right? We're allowing you to run these new new attack tests in your environment to make sure that you have the prevention and detection in place and to make sure that you're mitigating them. And then if you aren't mitigating them, we will deliver automated remediation guidance, for both prevention and detection. And we'll talk a little bit more more of that later on in this webinar. This also helps you improve your incident handling, which is directly, in article 21. And again, it gives you that drift. Right? Things change. I'll give an example. With cloud environments, it's so easy, you know, to make a policy change globally to disable MFA or enable MFA. And how do you make sure that you're validating that those policies are working and make sure that your cybersecurity posture is increasing over time and you're improving your prevention and detections? So that's all of this one. I'm gonna turn it over, to Pedro to go on to the to the next category. Okay. Yeah. So let's talk about, endpoint. Right? The endpoint as a endpoint device security validation, one of my favorite topics. So here's the thing. I think, these devices, these endpoints are really one of the biggest, targets out there. So all the companies, you know, they have laptops, they have desktops, they have service, and, often, they are the weakest link if they are not properly secured. Right? Also, they might keep, sensitive information that needs to be, of course, properly secure. So this is like this is all about keeping, you know, this endpoint resilient, especially when it comes to to ransomware. Right? Ransomware is a big topic in these two, and the directive is is super clear on this. So we need to know where our flaws, our vulnerabilities are, fix them quickly, and make sure that our systems, stay clean over time. Right? So for this, we've got preamble fifty, fifty four, 89 backing this up and then, you know, the specifics, of course, in the famous article 21. But what matters is really how this, plays out in in real life. Right? So the questions are, are we regularly checking those, risk on the endpoints? Are our hygiene practices like, the zero trust, patching, segmentation, whatever, actually doing the job. Alright? So when we say that we are protected from ransomware, are we really sure how how can we validate it? How can we prove it? Right? And this is exactly what we are trying to do here is to answer that question with those, real world assessment that Amanda was mentioning. Also, as a personal note, in my previous life, I've worked for, for a couple of EDR vendors in the past as a sales engineer too. And the regular question that I received almost, every single day from from customers and prospects was, well, you know, I've seen this particular thread or or campaign that is targeting my industry, that is targeting, you know, or or my my environment. So can you confirm whether if we are protected against this threat or not? Well, you know, with this speech, at this time, you might know that running these scenarios, these offensive evaluation in your own environment with our platform, you can answer that question on your own. Right? You you don't need to depend on what your vendor says. Alright. Amanda, I think you can call it next one. Okay. Okay. Sorry? No. It's okay. No. Thanks, Pedro. Yeah. So the next one alright. This is the buzz word. Right? Everyone here, it's the latest and greatest AI, and of course automation, you know, and, you know, are you incorporating it? So here, here at Cymulate, we are leveraging AI. it does help you, you know, work faster, smarter. And really when it comes to cybersecurity, that's what we need. Right? We need to work we need to be more proactive. We need to be ahead of the game instead of behind the game. Right? Exposure management is all about patching and the cycle and keep going around and around. So what can we do to be better? Right? So the directive is encouraging you using that innovative technology in AI to improve your detection and prevention. So how how at Cymulate do we do we do that? Well, Pedro, we'll we'll be showing you some certain things, but, I really think it's cool that we, it's very like, it's a differentiator and that a lot of breach and attack platforms to do that require a lot of technical expertise for configuration and understanding threats and how they're designed, very sophisticated and very technical in detail. And I remember 10 years ago, I remember the first time I looked at it, you know, I was overwhelmed. Well, here, we have a way we have a look, we have an attack planner that you can put in plain text. Hey. I wanna validate my endpoint policies for all my Windows devices, and it'll quickly generate an assessment for you. That'll just be those scope. It'll just be those tests that are for Windows and for and to validate your endpoint, protections and detections. Another thing we do also here is we accelerate detection engineering and all your SIM roles. It's a lot of work. So any tests that you have, any missed threats and detection, we'll generate those for you to easily put those in your environment. So it really saves you time, resources, improves your threat resilience. And then lastly, you know, a little bit in terms of automation and AI more user friendly is we allow for a very easily customizing the threats in your environment. Really eliminate that noise, make sure that you're only running threats that are relevant to your environment. Again, so we accelerate your compliance by using our AI and our platform capabilities. You'll be able to really improve your cybersecurity posture, which will give you that data that you need to support, audits and really ultimately to prevent any incidents. One last thing before I move on is we also have, a very, amazing capability to validate your lateral movement. Right? Ensuring you have lateral movement, capabilities in place to prevent to change the difference of a single initial, you know, compromise, someone getting in to a full blown incident that causes severe services damages and then can lead to, monetary fines and and penalties. So with that, I will turn the net and if you have any questions, please put them in chat and we we will answer them as it relates and then if at the end, if there's other questions, then we will we will address those. Alright. Pedro, over to you. Alright. Thank you. Yeah. So I think this, topic about AI is, very related. It's linked to the next section, right, to the next AI, which is improving threat detection and prevention. We use AI to do the heavy lifting on this topic. So, it's, 2025. Nowadays, we all say that we have plenty of detection tools in place. Right? But, needs to ask specifically if they are really working. Right? So are you using, for example, updated thread intel? Are you tracking the that detection performance over time and reporting that you're able also to report that, that evidence. So, I think at the end of the day, we we are talking about getting better, right, at at catching those those threats before they become a real problem, right, and making sure that we actually stop them be before they show up. Alright? So, here at Cymulate.com, we are we are using this, real time thread intel that I'm referring to. And that means, you know, daily updates, automated detection rules, and, again, AI doing a lot of the heavy lifting. Alright? So, basically, all of these help us to react faster and smarter. Alright? So we are not just crossing our fingers and and hoping for the best. Okay. So, I think there is a heavy push, from these two on on this particular topic. Okay? So the directive, wants us to be aware, you know, share these Intel key power teams, fully trained. And you can see those in the in the preambles 51, of course, article 21. So, yeah, it's not optional. It's a mandatory thing to do. Right? And I think what is cool and useful that, with with our platform, we can actually run this control and totally save attack simulation, right, based on this latest intel to see if, the differences are working as they should. Okay? So, yeah, Amanda, since you can cover the next one. Okay. Alright. Thank you. Yeah. So a lot of these things, you know, you may see they're kind of overlapped. Right? So increased cybersecurity awareness. It's all about increasing the awareness for cybersecurity. And that goes, we'll say and this calls out specifically your hygiene, your awareness, and your cyber hygiene to make sure that you have awareness on all your risks for devices. I'll say devices are called out. I would say that it's important to have awareness of risk, not just for your devices, but all the other, you know, all the other different areas, especially when it comes to cloud, your different policies. You know, it's time like we can validate that. And then, of course, even if your network infrastructure, implementing lateral movement, we can run-in a sense and all that to see where your posture is. Specifically, small and medium sized companies need to help them, you know, which is fair. Like, it's harder for them to keep up. So how can they how can they increase their awareness, of cybersecurity and and and train their staff? So that's our platform really we cater we really address all that. So we help all sizes of organizations, and can help them with our NIS2 two compliance. So again, really it's, you know, awareness into the threats is a big piece of that, and, you know, Pedro talked about that. We keep up with the latest intelligence and release tests daily, like, even uncover vulnerabilities and and how you can mitigate them and test them. I think that's huge. Right? You need to make sure that you're validating the right threats, the emerging threats. And again, it gives you a lot of insight. We have a lot of different reports and dashboards that really give you insight into your cybersecurity protection, detection over time. And again, we from exposure management validation, we also help prioritize, like, what's the most area that you need you should focus on based on your risk? And and that's, different risk. there's business risk. Right? Everyone has different acceptable level. So we help you prioritize that and, you know, focus on those those high risk areas and so you can mitigate those, threats first. I will turn over the next area, Pedro. Yep. Okay. Yeah. So this one is is about really, managing risk. Right? Basically, knowing where, you are exposed and staying ahead of of those potential threats. Right? And and and the thing again needs to makes this also a a huge priority. Right? It it calls for for a proactive security culture where we are constantly, you know, identifying, assessing, and, of course, at the end, reducing the risk, and not just reacting when something bad happens. So it's so ups throughout the whole directive. But as an example, we are listing here, the preambles, article seven, article 21 to reinforce this idea of risk management. So, really, when it comes to to cybersecurity, I think we know that we cannot protect everything all the time. Right? So there is a matter of prioritization. It's just not realistic to to tackle all at the same time. And this is why, again, this topic on prioritization matters. Right? We need to know what is most at risk, what is most important, and what needs our attention first. Right? Again, it's it's same idea. It's building a culture where this risk assessment are not just something that we do once a year, and they need to be continuous. They need to be ongoing. Right? So, needs to specifically highlight that we should be identifying, evaluating, and updating constantly our approach. Right? So we are not left vulnerable when, when things, get worse. And, yeah, and, again, good news is that we can help with the right tools, with the right technology to do that, with regular assessment and extended visibility on on what matters so we can actually see what is critical and why, where to to put our resources. Alright. So that's it, Amanda. Okay. So this is our last category. I know you guys are eager as the platform, which I'm eager for you guys to see this in action. Phishing, right, phishing and training awareness is is a theme and specifically called out in the directive. And it's, you know, very important. Phishing has been around, adversaries and attacks. Phishing, they're getting more sophisticated, and it's getting harder to tell what's real, what's not real. AI has accelerated that phishing attacks. Right? So obviously, they're using AI against against us for that. So how do you how do you make sure that your your staff, understands phishing and you can prevent that? Well, Cymulate, we have we automate that for you. Right? We we allow you to we streamline that process. You can evaluate holistically. You can do, you know, phishing attacks and find out, you know, where your vulnerabilities, where your gaps are, and you can mitigate those. And the idea would be to track that over time. Right? Really, your idea would be to improve, the you know, minimize that risk for phishing to to happen to gain that initial access. So, you know, Silent really helps you with that. We'll kinda go into our platform to validate that. And again, this all of this data, all of this evidence right here, you can easily it's very easy to configure in your environment, very user intuitive, friendly platform that you can use and you can have the data and evidence. So when you have any upcoming audits, you can have you you can use this and say, hey. This is what we've done to be proactive and here's what we've done and and and have that data data driven and evidence. So the last slide we have before we go on the demo is just a little bit what what would you expect to see if you, you know, using, you know, Cymulate exposure management validation platform in your environment. Instead of taking two to three or even longer days, I you know, longer time to mitigate threats, you're looking at one to two hours, especially with that AI, and automation that we have in our platform. And then really you're in you're you're reducing your vulnerabilities and you're gonna significantly increase your, your cybersecurity, your prevention, your detections over time. And that's really that goal. Right? That proactive cybersecurity, continuous, monitor for drift, prevent the incident, and if you have an incident, really limit it. Right? Make sure they don't move laterally, make sure they don't escalate privileges, and, of course, make sure they don't exploit your data. So with that, I'm gonna turn it over to Pedro to go into a a a live demo of the platform. Alright. Thank you very much, Amanda. Yeah. Before the demo, actually, I wanna say that I I think that was a great overview of of these two. It's a it's comprehensive. one thing that I would also like to highlight is that unlike some vendors who focus mainly on article 21 or article 23, how we comply with those, right, we which are, of course, they are important. Right? Those articles are quite important in these two, but I think we've taken a a much broader and deeper look at the entire these two directive. Alright? That is the truth. So here, our approach goes beyond just, you know, security measure or incident reporting obligation. In that way, I think we are not just meeting a few requirements, but improving, you know, the overall security posture. Also, as an example, I want to talk briefly about something that I feel really strongly about on this topic, and I that is why, complying with these two is not just about, you know, ticking boxes. So, again, as a personal example, I've got two kids, Mario and Leo, six and four. And every night, they they go, they go to the bathroom. No? I told them, go brush your teeth. They go to the bathroom, run the top, and maybe they put the, the toothbrush in their mouth, and then probably tell me, yeah. I'm done, daddy. I'm done. Now, technically, yeah, they follow in a way the instruction. Right? But we all know that it's not really brushing your teeth. And I think needs to really works in the same way. Just saying that you have policies, risk assessment, or or incident response plans, I think is is not just enough. Alright? What matter is how effective those things are and if they are actually working in practice. Alright? And I think that is exactly again where our exposure management platform comes in. Alright? So, now it's time to do that. Let's reset the screen if I can do that. The screen hopefully, you can see it by now. Okay. Yep. We can see it. Perfect. So, the first area that we were talking about, that we can contribute, was proactive server protection, if I remember correctly. And I think that is exactly what we are offering when we connect into the platform and see this Cymulate dashboard. Alright? That is what we are really offering an overall idea about your risk, about your resilience, and about your readiness against particular threats. So, we are trying to mimic we are mimicking, the cyber keychain from, left to the right, from the initial stages to, the final ones. For example, the action on objectives. Right? And, also, we are mapping the different security controls in each one of the stages. For example, we have our email security solution, our network stack, cloud detection and response. Of course, one of the main use cases is cloud validation, EDR, antivirus, DLP, you name them. And we are mapping also we are giving you an idea on the risk that is associated to each one of those security controls. Okay? So the higher the score, the higher the risk. One important, thing to notice is that these numbers are not meaningless. So we are giving the the numbers with a context. Alright? So for example, let's say that you are concerned about a particular APT group or cyber criminal group such as scattered spider, you know, very active in The UK retail business targeting months ago, Harrods, Mark and Spencer, co ops, now aviation industry in the Asia Pacific region. So with a single click, I can have an idea about my resilience against that particular cyber criminal group. Also, if I am, for example, concerned about a particular tactic, I can do so by using, for example, credential access. Alright? So in a way, I am transforming my environment and targeting these either APT or tactics from MITRE with the context. This is not the only dashboard that is tied to proactive cyber protection. I would also highlight some other predefined dashboard that we have, built for you, such as the MITRE, attack HITMA. Okay? So for example, let's focus on detection only. Let's say that, we have a SOC, that we have a SOC infrastructure, and we need to focus on detection detection engineering or the key areas where we can help, based on these two. Right? Essentially, what we are mapping what we are doing, sorry, is mapping all the activity, all the outputs, all the findings that are result of the different assessment, in the different tactics and techniques in the MITRE ATT and CK framework. So you don't need to fill that up manually. We are mapping that activity automatically for you. Alright? So if we click, for example, here in cloud infrastructure discovery, it will take us to the corresponding finding that have been contributing to this calculation, to this metric. Alright. Hey, Pedro. We have a question, asking if all these dashboards are already available in the platform. Sure. They are predefined. They are fully available as of today. Yeah. Yeah. I wanna comment yeah. Can even help with dashboards as well if you wanna cut Yeah. So, of course, like yeah. No. It's okay. Yeah. So the dashboard are fully available. The the thing is, this is our, let's say, new exposure management platform. We have migrated our We are in the process of migrating our architecture from, let's say, breach and attack simulation to this, exposure management, technology. So maybe if some people here that connected to the webinar, they are familiar with, our bus approach. Maybe the dashboard and the overall idea have changed a little bit, but this is the direction that we are heading to. Okay? Yep. Perfect. Now let's move to another area that we discussed, and that is, for example, endpoint device security validation. Right? So, and that also is linked to the, to the question about where are these numbers coming from. Right? Where how are you calculating this risk? So for that, if we go to validate, expose your validation, and I click here on attack simulation, we, we see that we have an 80,617 scenarios available to be used against my security controls. Alright? So this is a collection of deterministic indicator of compromise, CVE traffic replay on vulnerabilities, TTPs fully aligned with the MITRE ATT&CK and CK framework. Some of them, you know, are atomic. Some of them contain a single action. Some of them are changed with multiple action that I will show you in a second. So, if, for example, we want to tackle the use case of validating my endpoint devices, we can do that easily by using the filter on the left hand side. Let's say that, again, we want to know if I am ready, I am resilient against a particular threat, and specifically talking about endpoint. So for that, I can click on EDR. I can click on antivirus, which are the two security controls that applies to endpoint. One for more focus on, you know, signatures, etcetera, and the other more focus on behavior. And let's imagine that, for example, the destination country, let's say, is Spain, where I live, which is also very impacted by these two. Alright. Scenarios are now 3,139, and why not? Let's say that I'm concerned also about other important topic on this too, which is ransomware. So now with a couple of clicks, I have 881 scenario that are related to ransomware where some APTs or cyber criminal groups are targeting this country, Spain, where, you know, and also are very tied to these controls. So if I want to, for example, you know, use any of these scenarios to test my security control, it's just a matter of click on the scenario, create the assessment, select environment. Okay? Select the test point where I want to test this scenario and select the integration if you want to do so. Integrations are very interesting. This again has to do with something that we already discussed, and it's about detection engineering. Is the question or is the answer better said to the question that a lot that a lot of, you know, CISOs and, security managers are doing us almost every single day. How can I prove, that my SIEM, my EDR are telling me the truth? How can I trust them in terms of alerts being generated or events being generated? Okay? So, essentially, after each one of the assessment, after this evaluation, through the integration, for example, I'm going ahead and I'm going to ask this Cymulate Splunk, for example, if this system saw or generated the alerts that should have been generated as part of the assessment. Have you created any alert? Have you created any event? Alright. Just to be sure that my detection rate, is as it is. Okay? So it's just, field configuration, schedule it. Automation is also a a huge topic on this too. We can make this recurrent. We can make this, you know, happening, particular days throughout the week, throughout the month, particular times, overnight, whatever. Okay? Cool. We touch practice of the protection. We touch, endpoint device security validation. And now coming back really to proactive server protection, maybe, we can sow, about mitigation and remediation. Right? We are not just validating things. What we try to do also is if something is broken, we offer, a remediation. We offer a solution for that something that is broken. Okay? So for each one of the assessment, we will have the finding. We will have the results. Right? So if I navigate, for example, this particular assessment, focus on some APTs, I can go ahead, go to findings, and, essentially, what I want to know is really are these actions, prevented, not prevented, detected, or not detected. Right? So in this case, all these actions, all these scenarios are not prevented. So my security controls either we're not aware of this behavior, these signatures, whatever. So at the end of the day, I could be impacted in the future if something similar to these scenarios happen in my in my environment. Right? So if I go to no a nonprevented action, I will always have the possibility to reduce that risk, to decrease that risk. Okay? So what we are doing is we are offering, a tailor remediation action, specifically on the, specific, environment or action that we trigger. Alright? So in this case, it was, an exfiltration over VNS, which I can see here. Remember what I told you about atomic, scenarios or chain scenarios. In this particular case, we have a chain one. So there are different actions one, after the other that complete a full assessment. And coming back to the remediation, of course, my security control, left this exfiltration over DNS happening in my environment. What can I do to remediate that? Okay? So I can go ahead, view a generic rule for in this case, for the EDR, and I can convert that to, to the language to the specific language of my security control. Let's say that I have SentinelOne EDR. Copy, paste, and then from now on, I am protected from this particular behavior. Alright? Of course, the next step would be click here, replay the assessment, and where my status is now not prevented, I should see a preventive status in my next assessment. Okay? Alright. There is, something that I want to say also is that we can go maybe one step further. We can go beyond this, kind of remediation. That is and that is by, again, automation. Right? For example, let's go back to assessment. And depending on the assessment, we can do this. We can go to this, assessment. And imagine that I am working with, indicator of compromise with IOCs. And some of them were not recognized, were not prevented by my security control, by my endpoint protection. So, again, I can do the same movement. Right? Go to more info, check the recommendation or the mitigation option that, we are giving you through the platform. But what is interesting is now I have this new option called auto mitigation, auto remediation. Right? So, essentially, we can remediate the signature directly from from the platform. So you don't need to go open up a ticket, you know, pass it on to the relevant team, implement it into your security control, and spend days doing so. So, basically, you are reducing the mean time to to remediate from hours or even days to seconds. Alright? Something that is quite interesting. Okay. We have some minutes left. So maybe I want to tackle now the topic on AI, artificial intelligence, which is also, very relevant when we talk about these two. And for example, let me give you a use case. I, the partner, you know, offering some services, to my customer install base, and I don't have time. I don't have the resources, and I don't have, the muscle to investigate what scenarios are relevant to the industry or my customers. I don't have the, you know, the knowledge to implement that. So this is exactly where where we say that AI is doing the heavy lifting. That is what we mean. So what we have is our template creator that you can use with natural language with, with this prompt that, for example, let's say that, build me a template. Right? That helps me to, test my resilience against ransomware and comply with NIS2. two. So, essentially about That's my favorite project. It's very cool. Very cool. So, essentially, what it's doing is is parsing, all the, scenario that I saw you a minute ago, the 80K k scenarios. And we are gathering all those scenarios that are relevant to the queries that I threw. So, all the scenarios that are relevant to ransomware, to, needs to compliance, etc. Also, we have the alternative to interact with this AI chat chatbot with kind of, answer and question methodology. So instead of using natural language, I can use that, query and answer approach. And in a few seconds, we will have the template with the collection scenarios ready to be, ready to be tested for us. Okay? Yeah. So fifteen minutes to go. Final one. I promise that but this is very cool. And I want to talk now about risk, about prioritization. Right? So where should I focus? And this is a very huge topic. Not not really, not only in this too, but also in, many customers, many, you know, companies that we talk to lately. So the real question here is I have a bunch of vulnerabilities. Right? I have a bunch of CVEs in my environment. How can how can I prioritize them? How can I focus on what is important? Right? We touched that during the presentation. For that, we are trying to implement something that help you. It's not just about NIS2 two. It's also about, for example, CTEM, Continuous Threat Exposure Man's Management. Right? CTEM is not just a bad word. It's it's not something that you can really solve or implement with a single tool, with a single piece of technology. Right? It's it's a framework. It's a project. It's an approach. It's a methodology, a way of working. But, of course, you need the technology to implement that that CITEM approach. And there are some phases out of that CITEM program where we can really help. Okay? Of course, validate is one of them. You saw it. Right? We you saw how we can, help validate in those security controls, but also a huge, help from our side would be how to prioritize. Okay? Another, really critical, system phase. And for that, let me show you here in prioritize. And by using, this contextual vulnerability management, let's think about the particular use case. Okay? So, I have a kind of an integration with a vulnerability management system. Alright? And I'm ingesting in my, exposure management platform this number of results. I have 9,408 results that I need to solve. So this is not really helpful. Right? Where should I start? What can I do with almost 10,000, vulnerabilities looking in my environment? So the question is, okay, let's try to prioritize. Let's try to focus. First, I'm gonna implement a filter on, for example, theoretical score according to the CVSS score, and I find I try to find the critical ones. I have 187 results. Alright. Definitely, this is getting better. But, again, this is a huge number. I cannot manage that number. Let's put some you know, let's mix some real dimension into, the equation. Instead of implementing this filter, what I'm gonna do is remove it and put the real severity, the real score that we have calculated according to many things that I will describe in a second. Okay? So if I apply this filter, boom, the 180 whatever have become six results. Now I can start working on those. Now this is real prioritization. Based on what? Based on things like this. One of them is business context. Not all the assets in my in my environment are the same. Right? So a dusty server, located in the DMZ probably is not so important as my domain controller or my active directory. Right? Also, threat intelligence. We are ingesting heavy, information, you know, on threat intel to know if there is some actor exploiting this vulnerability or if they are targeting my industry across the world, things like that. Also, pretty critical information. Alright. I could have this, huge and important CVE or vulnerability in one of my asset, but what about if my security controls are detecting it and preventing it? Right? So the risk, of course, have decreased. And, yeah, of course, the, theoretical, original score on that. Yeah. So, I think ten minutes left. Right? I can stop sharing. And, really, thank you. Thank you everyone, to attend the webinar. I hope it's been useful, interesting. I encourage you to reach out to us if in case you wanna talk about next to exposure management, you want to see a real demo, tailored to your needs, to your use cases, we are always available for that. So thank you. Yeah. No. Thank you, Pedro. I think that that demo was amazing. Like I said, I love the AI. I love the automation. The prioritization based on your term. You know, the I think CTEM 10 is you know, continuous threat exposure management. It's it's pretty it's not new. It's kind so some of the industry still says security control validation, but really it's moved into that threat resilience because we can't keep up with the threat. Right? So that's really what it's all about. Just wanna thank you again. Like I said we have documents in there available for you to download. We will also be, following up. Making sure that you have these school fund requirements. And, again, thank you for your time. And please, again, reach out to us for anything, and we would love to hear from you. You guys have a a wonderful day. Thank you very much. Cheers. Bye.