Hey everyone, sorry it’s late. Our guest this week is so awesome that he caused a buffer overload on the website. Ok no not really.
We do refer to this weeks guest as the most interesting man in #misec. He joins us this week to talk about Tough Mudder, training, the #misec Capture The Flag (CTF) team that he heads up. Oh yeah, and about his talk at this year’s BSides Detroit. He’ll be teaching us about Vulnerability scanning.
He IS Derrek Thomas.
Abstract: The vulnerability scan has become a staple in the modern security program. A single scan can provide a point-in-time snapshot of known vulnerabilities and configuration issues associated with the infrastructure. I find many organizations perform vulnerability scans but the problem is that the scans are performed merely to satisfy compliance. An annual scan may check the box in a report but there will also be 11.5 months of little to no visibility into the state of the infrastructure. Have those patches really been applied? Is change control being followed? Vulnerability management needs to move beyond the periodic vulnerability scan towards continuous vulnerability discovery. This process is much more than just technical scanning and requires the security professional to constantly test and improve detection and alerting. Poor incident response, inadequate security monitoring, and unknown assets can leave a network just as vulnerable as an unpatched server. Are IDS alerts generated when they should be or has an antivirus alert received adequate response? I will be discussing my experience with a vulnerability management program from the painful beginning. In addition to the use of vulnerability scanning tools I will address how to solve these problems through red team testing, security information and event monitoring, and configuration baselines. A vulnerability management program should be designed around making incremental improvements in current security processes.
This episode is cross-posted at Rats and Rogues.