runZero Hour, Episode 1: Hunting Outliers to Strengthen Security Defense

Overview

Episode one of runZero Hour webcast highlighted outlier hunting as a tactic for improving security defense. Looking for the oddball exceptions on your network can be used alongside vulnerability scanning to surface risks quickly. For anyone looking to prevent the compromise, hunting outliers is worthwhile.

Hunting for outliers takes two forms. The focus is on identifying devices different from the others, especially if there is only one or a few on the network. Such devices often lack standard security controls, leaving them susceptible to threats and overlooked in governance and business continuity plans. The second is identifying attributes of devices that should be unique but aren’t. TLS certificates and SSH keys should be unique on every device, whether bare-metal or virtual. Such duplication potentially indicates inappropriate cloning of services or other lack of governance. Whatever the case might be, it’s worth a security review.

Both of these approaches help security teams to surface unknown risks and prioritize known risks on the network. An intriguing revelation from our analysis of outliers is the strong correlation between outlier rank and vulnerability scanner risk rank. Devices with high outlier ranks are likely to have higher risk, so finding outliers is a fast and effective way to identify and address the most critical vulnerabilities.

This was just one topic on the runZero Hour webcast. Watch for additional insights on funky protocols, oddball devices, and the year-end roundup for Rapid Response.

Meet Our Speakers

HD Moore

Founder & CEO

Huxley Barbee

Contributor

Rob King

Director of Security Research

Tom Sellers

Principal Research Engineer

Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Resources

Webcasts
Dangerous Dark Matter: Confronting the Creepy Unknowns in Your Network
We explore the hidden threats and “network dark matter” lurking within your environment, viewed through the lens of zero-day vulnerabilities.
Webcasts
runZero Hour, Episode 11: A CISA insider's perspective on managing the KEV catalog
Tod Beardsley, CISA cybersecurity expert offers an insider’s look into CISA’s mission and management of the Known Exploited Vulnerabilities (KEV)...
Webcasts
runZero Hour, Episode 10: RDP security, ATG & PC-WORX OT protocols
We dug into the details of three different protocols, and explored how our exceptionally creative customers help drive innovation in our platform.
Webcasts
runZero Hour: Episode 9 (SSHamble Edition)
Didn't make it to DEF CON 32? We got you! This episode of runZero Hour explores all things SSH, including our new open-source tool: SSHamble.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved