At the outset of the presentation, the audience is challenged to raise their hands and to guess the issue being presented, as the presentation unfolds.
Next, a Use-Case is highlighted so as to stress the importance of historical computer information assets and their vulnerability findings, which were discovered as present on network endpoints during past vulnerability assessments. Here the presentation stresses that it is not enough to consult the most recent vulnerability assessment scan Â<8a>Â<97>Â<96> but in addition, past information related to computer asset information, including the asset's vulnerabilities, is crucial in proactive information security.
An overview of the various vulnerability scanning methods, such as Network Unauthenticated, Network Authenticated (credentialed), Agent-Based and Passive Scanning, is covered, so as to set the stage for introducing the flaw present within most VM systems. Advantages and limitations for these scanning methods are shared. The presentation stresses that though other techniques for deeper dive and more focused risk analysis are sparingly used, the Network Unauthenticated scanning method is the method which is mostly used by organizations so as to "cast a wide net" across their entire enterprise, discovering their assets, and assessing the asset weaknesses.
The presenter then reveals the challenge that Network Unauthenticated scanning method is subject to - that of matching one endpoint discovered within a given point-in-time vulnerability assessment, to its correct counterpart as discovered within a past point-in-time vulnerability assessment.
The presenter then shares results from a recent updated study which reveals that the remotely discoverable characteristics of computer information asset endpoints, such as IP address, NETBIOS Hostname, DNS Hostname, and many more, change within IT networks at surprising rates, even for endpoints such as Servers which are not subject to DHCP. A reference to this study is shared.
The presenter reveals the limitation present within most VM systems and shares several host tracking algorithms used by the most widely deployed VM systems in the market, as well as their limitations and consequences Â<8a>Â<97>Â<96> widespread asset duplication and asset mismatch within the asset views of the most prevalent VM systems on the market.
The presentation closes by sharing a solution for identifying historically inaccurate VM data within an organization's VM asset view, as well as a matching algorithm solution that may be applied as a remedy.