Weaponizing your inventories with potential Hacker Breach Points and Vulnerability Risks
We may like to believe we have mastered the dark art of asset management/inventory management or nearly perfected it. But getting breached via “that” one asset or application or an open-source library or a server with a weak password, or a subcontractor that your supplier used that you were not aware of, has become the new normal.
In this presentation I share my thoughts on what I sees is missing in your asset inventory and how we could be often blindsided by the data we collect in an attempt to map the security posture of our enterprise. In addition, where the collected data may not be adequate to make a data-driven decision for cybersecurity teams (red & blue teams) the next time when a ZERO DAY or report from a security researcher with a serious Vulnerability is submitted.
Last but not least, he will discuss a framework for what your Asset inventory could look like and how you could make better data-driven decisions to triage, prioritize and remediate, next time a new CVE is published.