runZero Hour - Episode 1

(updated )   //   Webcast

Overview #

Episode one of runZero Hour webcast highlighted outlier hunting as a tactic for improving security defense. Looking for the oddball exceptions on your network can be used alongside vulnerability scanning to surface risks quickly. For anyone looking to prevent the compromise, hunting outliers is worthwhile.

Hunting for outliers takes two forms. The focus is on identifying devices different from the others, especially if there is only one or a few on the network. Such devices often lack standard security controls, leaving them susceptible to threats and overlooked in governance and business continuity plans. The second is identifying attributes of devices that should be unique but aren’t. TLS certification and SSH keys should be unique on every device, whether bare-metal or virtual. Such duplication potentially indicates inappropriate cloning of services or other lack of governance. Whatever the case might be, it’s worth a security review.

Both of these approaches help security teams to surface unknown risks and prioritize known risks on the network. An intriguing revelation from our analysis of outliers is the strong correlation between outlier rank and vulnerability scanner risk rank. Devices with high outlier ranks are likely to have higher risk, so finding outliers is a fast and effective way to identify and address the most critical vulnerabilities.

This was just one topic on the runZero Hour webcast. Watch for additional insights on funky protocols, oddball devices, and the year-end roundup for Rapid Response.