It can be difficult for security teams in large organizations to accurately measure their public infrastructure and services, due to issues such as shadow IT, frequent acquisitions, legacy services, organizational silos, and rapid development. However, it is critical for organizations to have some way of measuring their entire organization for efforts such as deploying large-scale security automation.
This presentation provides techniques for leveraging freely available data to create complete network graphs, track best practices, and identify security issues. Using free and publicly available data, it is possible to create an inventory of everything that is remotely measurable about your infrastructure and applications. This data can provide insight into issues such as identifying forgotten hosts, measuring best practice adoption, and identifying security vulnerabilities. It can also be useful to red teams who want to measure a target without generating traffic against the hosts. Groups on the Internet have already scanned your services, so why not copy their homework?
It can be difficult for security teams in large organizations to accurately measure their public infrastructure and services, due to issues such as shadow IT, frequent acquisitions, legacy services, organizational silos, and rapid development. However, it is critical for organizations to have some way of measuring their entire organization for efforts such as deploying large-scale security automation.
This presentation provides techniques for leveraging freely available data to create complete network graphs, track best practices, and identify security issues. Using free and publicly available data, it is possible to create an inventory of everything that is remotely measurable about your infrastructure and applications. This data can provide insight into issues such as identifying forgotten hosts, measuring best practice adoption, and identifying security vulnerabilities. It can also be useful to red teams who want to measure a target without generating traffic against the hosts. Groups on the Internet have already scanned your services, so why not copy their homework?
Music Box - 5th Floor HACK NYC 2018 events@magegroupe.comTechnical Issues?
If you're experiencing playback problems, try adjusting the quality or refreshing the page.
Questions for Speakers?
Use the Q&A tab to submit questions that may be addressed in follow-up sessions.
| Code of Conduct | Press Releases |
| Get Involved | Report ISSUE / BUG |
| Tickets |
The Critical Infrastructure Association of America, Inc. is a 501(c)6 Not for Profit. The mission of Critical Infrastructure Association of America is to create a membership-based, trade association of like-minded cybersecurity and closely related industry professionals that work in the field of cybersecurity. The goal is to share best practices, establish and maintain high operational standards and to educate and interact with those in the cybersecurity community within public, private and governmental sectors.
