Could that happen to us?
|
Abstract
This presentation will draw on the lessons I learned this year as I embarked on a quest to select and deploy an External Attack Surface Management solution for one of Australia's most well known brands. It's been a bad year for data breaches in Australia. Ever since the the Optus hack was first announced, and with every major breach since, the question on every executive's lips is "can this happen to us?". Many organisations have been finding that's not an easy question to answer. Sprawling and often highly dynamic cloud estates make keeping track of what's exposed to the Internet tricky. Enter External Attack Surface Management (EASM) - the latest and greatest in vendor buzzwords designed to solve this very problem. But can it, actually? Is it really anything more than external vulnerability scanning with a fresh coat of pain on it? EASM is still a relatively new tool in the blue team's arsenal, which means its not a very mature capability. My experience taught me there's no perfect tool out there yet, as it turns out every platform has its quirks and caveats and it's really a case of picking the best one for your requirements. If you're hoping for a tell all expose on specific tools, this isn't it. What I will do it explain the different sorts of capabilities I found, the varying constraints a limitations you can expect to encounter, and the things you need to keep in mind and watch out for when you are evaluating an EASM solution for your own organisation. If you're curious about how EASM works, what problems it can and can't solve, and how to choose the best solution for your needs, then this talk is for you. Speaker Bio: Corch grew up with the movie WarGames and childish dreams of one day being a master hacker. Fast forward 40ish years and he has been working in computer security almost as long as anyone really cared about it. Starting out as a humble firewall administrator, he has only gone further down the rabbit hole since then. In 2015, after many years spent as a sysadmin, engineer, and consultant, Corch established Shogun Cybersecurity in a hopelessly doomed attempt to bring enterprise cybersecurity capability to the SMB market. The hard lessons he learned along the way have given him a unique understanding of why many accepted "best practices" for cybersecurity fail in an SMB context. Corch now works for organisations large and small helping them to solve the cybersecurity problems that keep them up at night. |