This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
内容由Anton Chuvakin提供。所有播客内容(包括剧集、图形和播客描述)均由 Anton Chuvakin 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
EP32 Can You Ever Know Thyself: Cloud Attack Surface Management
Manage episode 302755645 series 2892548
内容由Anton Chuvakin提供。所有播客内容(包括剧集、图形和播客描述)均由 Anton Chuvakin 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Guest:
- Derek Abdine, CTO @ Censys.io
Topics:
- Attack Surface Management (ASM). Why do we need a new toolset and a new category? Isn’t this just 1980s asset management or CMDB?
- How do we find those assets that may have been misplaced by the organizations? How can any technology do this reliably?
- ASM seems to often rely on network layer 3 and 4. Can’t bad guys just hit the app endpoints and all your network is irrelevant then?
- When you think about the threats organizations face due to unknown assets, is data theft at the top of the stack? What should organizations keep in mind as a priority here?
- Who at an organization is best set up to receive, triage, investigate, and respond to the alerts about the attack surface?
- Are there proactive steps organizations can take to prevent shadow IT, or are we stuck responding to each new signal? Isn’t preventing new assets the same as preventing business?
Resources:
170集单集
Manage episode 302755645 series 2892548
内容由Anton Chuvakin提供。所有播客内容(包括剧集、图形和播客描述)均由 Anton Chuvakin 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Guest:
- Derek Abdine, CTO @ Censys.io
Topics:
- Attack Surface Management (ASM). Why do we need a new toolset and a new category? Isn’t this just 1980s asset management or CMDB?
- How do we find those assets that may have been misplaced by the organizations? How can any technology do this reliably?
- ASM seems to often rely on network layer 3 and 4. Can’t bad guys just hit the app endpoints and all your network is irrelevant then?
- When you think about the threats organizations face due to unknown assets, is data theft at the top of the stack? What should organizations keep in mind as a priority here?
- Who at an organization is best set up to receive, triage, investigate, and respond to the alerts about the attack surface?
- Are there proactive steps organizations can take to prevent shadow IT, or are we stuck responding to each new signal? Isn’t preventing new assets the same as preventing business?
Resources:
170集单集
所有剧集
×欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。