Understanding what you own is step one in securing your assets. A simple concept that still escapes the grasp of most, and it’s getting harder in a cloud-enabled world. Despite this struggle there’s a plethora of APIs and publicly available data to give you a jumpstart on identifying high-risk assets. This session will share techniques and tools to gather data and identify unknown risks.
Learning Objectives:
1: Learn about sources and methods to identify public, unknown assets.
2: Gain access to OSS tooling allowing defenders to operationalize asset inventory process.
3: Learn to apply risk methods using public data attributes to understand quantitative risk.
Speakers: Ed Bellis, Jonathan Cran
Ed Bellis is a security industry veteran and expert and was once named Information Security Executive of the year. He founded Kenna Security to deliver a data-driven risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats. Bellis is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. He is an Advisor to Dharma and former Advisor to SecurityScoreboard.com and Society of Payment Security Professionals. Bellis is a contributing author to the book, Beautiful Security and a frequent speaker at industry conferences and events.
Jonathan Cran is the Head of Research for Kenna Security and the Creator of Intrigue, an open-source asset discovery tool. He has over 15 years of experience in information security, and has helped invent and deliver security assessment products from Rapid7, Pwnie Express and Bugcrowd.
Detailed Presentation:
Comments