Srinivas Mukkamala

Srinivas Mukkamala

CEO and Co-Founder RiskSense


Srinivas Mukkamala is one of the Co-founders and CEO of RiskSense, a cyber security Spinoff of New Mexico Tech. Srinivas has been researching and developing security technologies for over 15 years, working on malware analytics (focuses on medical control systems and nontraditional computing devices), breach exposure management, Web application security and enterprise risk reduction.

Srinivas was one of the lead researchers for CACTUS (Computational Analysis of Cyber Terrorism against the US). Dr. Mukkamala has over 120 peer-reviewed publications in the areas of information assurance, malware analytics, digital forensics, data mining and bioinformatics. He has a patent on Intelligent Agents for Distributed Intrusion Detection System and Method of Practicing.

Dr. Mukkamala received his Bachelor of Engineering (B.E.) in Computer Science and Engineering from University of Madras before obtaining his M.S. and Ph.D. in Computer Science from New Mexico Tech.


Abstract

Risk Based Approach to Attack Surface Susceptibility and Validation

To strengthen your organization’s cyber risk posture, it is essential to not only test for vulnerabilities, but also assess whether vulnerabilities are actually exploitable and what risks they represent. Meanwhile, to increase the organization’s resilience against cyber-attacks, you need to validate your attack surface and its susceptibility to attacks.

While Artificial Intelligence (A.I.) can bolster defenses by analyzing vast volumes of data and assisting cyber security professionals, the converse is true as well; malevolent A.I. can assist hackers in finding their targets faster and launching attacks faster to disrupt business and attack industrial controls.

In this talk, Dr. Mukkamala will discuss how malevolent A.I. could make the carnage even worse. A recent case study from RiskSense will be covered where the combination of Human Expertise and A.I. was able to mimic a human hacker to find vulnerable threat pairs and launch exploits at a tremendous scale.

Srinivas will also provide insights into how one should be using offensive strategy as a part of their defense: an “attacker’s view” of an organization’s attack surface which includes Internet of Things to proactively predict attack susceptibility, validate whether vulnerabilities are exploitable and the current security controls can prevent an attack, and quantify risk based on diagnostic and operational data.