At the outset of the presentation, the audience is challenged to raise their hands and to guess the issue being presented, as the presentation unfolds.
Next, a Use-Case is highlighted so as to stress the importance of historical computer information assets and their vulnerability findings, which were discovered as present on network endpoints during past vulnerability assessments. Here the presentation stresses that it is not enough to consult the most recent vulnerability assessment scan Â<8a>Â<97>Â<96> but in addition, past information related to computer asset information, including the asset's vulnerabilities, is crucial in proactive information security.
An overview of the various vulnerability scanning methods, such as Network Unauthenticated, Network Authenticated (credentialed), Agent-Based and Passive Scanning, is covered, so as to set the stage for introducing the flaw present within most VM systems. Advantages and limitations for these scanning methods are shared. The presentation stresses that though other techniques for deeper dive and more focused risk analysis are sparingly used, the Network Unauthenticated scanning method is the method which is mostly used by organizations so as to "cast a wide net" across their entire enterprise, discovering their assets, and assessing the asset weaknesses.
The presenter then reveals the challenge that Network Unauthenticated scanning method is subject to - that of matching one endpoint discovered within a given point-in-time vulnerability assessment, to its correct counterpart as discovered within a past point-in-time vulnerability assessment.
The presenter then shares results from a recent updated study which reveals that the remotely discoverable characteristics of computer information asset endpoints, such as IP address, NETBIOS Hostname, DNS Hostname, and many more, change within IT networks at surprising rates, even for endpoints such as Servers which are not subject to DHCP. A reference to this study is shared.
The presenter reveals the limitation present within most VM systems and shares several host tracking algorithms used by the most widely deployed VM systems in the market, as well as their limitations and consequences Â<8a>Â<97>Â<96> widespread asset duplication and asset mismatch within the asset views of the most prevalent VM systems on the market.
The presentation closes by sharing a solution for identifying historically inaccurate VM data within an organization's VM asset view, as well as a matching algorithm solution that may be applied as a remedy.
Gordon MacKay, CISSP, serves as CTO for Digital Defense, Inc. He applies mathematical modeling and engineering principles in investigating solutions to many of the challenges within the information security space. His solution to matching network discovered hosts within independent vulnerability assessments across time resulted in achieving patent-pending status for the company's scanning technology. MacKay has presented at numerous security related conferences, including RSA 2013, Bsides Austin 2016, BSides SATX 2016, BSides Dallas 2015, ISC2 Alamo Chapter, ISSA Houston, ISACA San Antonio, many others, and has been featured by top media outlets such as CIO Review, FOX Business, Softpedia, IT World Canada and others. He holds a Bachelor's in Computer Engineering from McGill University. He is a Distinguished Ponemon Institute Fellow.