Mieng Lim, Vice President, Product Management has served as a security expert for Digital Defense, Inc. since 2001. Mieng takes a consultative approach to security having held prior roles in Operations, Quality Assurance and Sales Engineering. Mieng seamlessly blends technical expertise with real world scenarios to provide an entertaining and educational cyber security perspective.
Mieng serves a mentor and STEM advocate encouraging young women to pursue careers in security and technology and volunteers with BSides San Antonio as a staff member. Mieng holds a Bachelor’s Degree in Computer Science with Minor in Sociology from Trinity University.
What initially got you interested in cybersecurity?
Cybersecurity wasn’t originally even on my radar. But I love tinkering and breaking down and learning how things work, to make them work better. After completing a computer science degree, I found an opportunity with Digital Defense (at the time a network security startup). Over my career at the company, I’ve had numerous opportunities to explore different aspects of cybersecurity, and breaking down the obstacles that make cybersecurity difficult for newcomers into the space by adding features into our platform to make it easier to consume and actually take action to make a difference.
Digital Defense offers vulnerability management and threat assessment. Could you discuss the importance of both?
Vulnerability management is absolutely a fundamental security process for any connected organization. You can’t protect what you don’t know. Regular assessments of your entire environment is vital to providing visibility into the attack surface your network presents. The challenge typically lies in mitigation and remediation. To aid there, the addition of threat assessment and prioritization comes into play. When you know you have weaknesses and also have the insight of what vulnerabilities are actively being leveraged by malicious actors, you can more quickly address those issues that pose the most risk to your organization.
The Frontline.Cloud™ Platform requires no software download and connects automatically to the cloud. How quickly and easily can this platform be deployed?
Digital Defense has designed Frontline.Cloud to be simple to deploy. Users can be configured and scanning in literally minutes. As a cloud native SaaS solution, all the components required to start scanning your externally facing network are in the cloud. To scan internal networks, a virtual scanning appliance (we call it Frontline RNA) can be spun up and activated all within minutes as well in your virtual environment.
What type of vulnerabilities are scanned for?
Vulnerability assessments scan for common weaknesses in IP connected devices including: default and easily guessable passwords; passwordless interfaces; default and easily guessable read/write SNMP Community Strings; weak encryption; open ports and services; service versions; misconfigurations; buffer overflows, authentication bypass; backdoor detection and accounts; patch status; and many more security and configuration issues.
Digital Defense is also involved in security threat research with the Vulnerability Research Team (VRT). How big is this team and how do they stay one step ahead of malicious actors?
The Digital Defense Vulnerability Research team is focused daily on vulnerability and threat feeds coming from numerous sources. Additionally, our dedicated team of seven vulnerability researchers are augmented by our over dozen in-house penetration testers. This provides our research team with real-live hands-on conditions identified during the course of an analyst driven penetration test automated scanners may not pickup. This closed cycle feedback loop enhances that flaws that our vulnerability research team is capable of automating into the scanner and ultimately benefits the users of Frontline.Cloud.
What is the Digital Node Attribution (DNA)?
Digital Node Attribution is the proprietary algorithm developed by Digital Defense leveraged to identify assets for matching to better improve vulnerability data management. DNA is the identification attributes associated with a particular asset. In addition to IP address and DNS or NetBIOS hostname, we capture over 20 additional identifiers during a scan. Frontline.Cloud utilizes DNA to collate asset data from numerous scans into one updated view (we call Active View) that can be sorted and filtered for reporting that is as high level or as granular as desired.
Is there anything else that you would like to share about Digital Defense?
Our goal at Digital Defense is to make high quality, accurate vulnerability scanning and management available to all users, affordably and efficiently. The only way to stay ahead of the threats is to be proactively protected.
Thank you for the great interview, readers who wish to learn more should visit Digital Defense.