All Our Devices Aren’t Belong 2 Us – Scott Scheferman – RSA21 #3
Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of "Verify, then trust". Yet, here we are building an entire stack of Zero Trust enabled technologies, upon a broken implicit-trust foundation. Nowhere is this risk more apparent, than at the device and firmware level. Indeed this is why both nation-state and criminal actors have converged upon a strategy that combines supply chain attack dynamics, with readily exploitable devices. This allows them to impart maximum impact against victim organizations, and even those victim’s downstream partners and customers. In order to address this evolving threat, organizations must take back security control of their devices, and stop trusting the fox that has quite frankly, become the hen house.
https://eclypsium.com/firmware-threat-report/
https://eclypsium.com/2020/07/21/device-integrity-and-the-zero-trust-framework/ https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/
This segment is sponsored by Eclypsium.
Visit https://securityweekly.com/eclypsium to learn more about them!
Guest
Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.