Back To Schedule
Saturday, March 28 • 1:00pm - 1:25pm
Expose Yourself Without Insecurity: Cloud Breach Patterns

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Cloud providers continue to increase in usage for the next generation of internet services. Dynamic and ephemeral exposures are being created on an unprecedented level and your old generation of internet scanners can’t find them. Let us show you how they can be found and what it means for the future of unwanted internet exposures. 

Right now, at the click of a button, can you answer the question “What in my cloud environments is internet-facing?”. For most security teams the answer to this question would be a sigh and then “No.” We know that complexity is the enemy of security. We also know a comprehensive asset inventory is step one to any capable security program. How can we monitor for unnecessary exposures without knowing what’s on the internet? 

In this presentation we will look at the most pragmatic ways to continuously analyze your cloud environments and operationalize that information to identify vulnerabilities. 

Through examination of exposure patterns and analysis of passive DNS data, we explore real-world examples of global cloud breaches waiting to happen. There are thousands of vulnerable systems for the commonly used services (e.g. ElasticSearch) and more from the up and coming services you may not even know your organization is using yet. 

Main Takeaways: 
* Most security orgs are maintaining their inventory the old way (i.e. IP ranges) which doesn’t cut it in a dynamic cloud world 
* IPv4 scanners can’t find virtual host services that are ephemeral or require specific paths in the request to function properly 
* Global exposures are only going to increase unless we look at the solution differently and understand the patterns for these breaches waiting to happen



Brandon Gaudet

Senior Security Analyst, Bishop Fox
Brandon Gaudet is a Senior Security Analyst at Bishop Fox, a cybersecurity consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. Brandon’s areas of expertise are continuous penetration testing, application penetration testing... Read More →
avatar for Oscar Salazar

Oscar Salazar

Principal Security Associate, Bishop Fox
Oscar Salazar is a Principal at Bishop Fox, a security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he focuses on continuous security assessment, red teaming, application penetration testing, source code... Read More →

Saturday March 28, 2020 1:00pm - 1:25pm EDT
'Protect' track 3333 Busbee Dr NW, Kennesaw, GA 30144, USA