It can be difficult for security teams in large organizations to accurately measure their public infrastructure and services, due to issues such as shadow IT, frequent acquisitions, legacy services, organizational silos, and rapid development. However, it is critical for organizations to have some way of measuring their entire organization for efforts such as deploying large-scale security automation.
Peleus Uhley shares techniques for leveraging freely available data to create complete network graphs, track best practices, and identify security issues. Using free and publicly available data, it is possible to create an inventory of everything that is remotely measurable about your infrastructure and applications. This data can provide insight into issues such as identifying forgotten hosts, measuring best practice adoption, and identifying security vulnerabilities. It can also be useful to red teams who want to measure a target without generating traffic against the hosts. Groups on the internet have already scanned your services, so why not copy their homework?
Peleus Uhley is the lead security strategist at Adobe, where he assists the company with proactive and reactive security. Peleus has been a part of the security industry for more than 15 years. Previously, he was a senior developer at Anonymizer and a security consultant for @stake and Symantec.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org