Shining a light into the security blackhole of IoT and OT

Presented at BSidesLV 2023, Aug. 9, 2023, 11:30 a.m. (Unknown duration).

The Internet of Things (IoT) and the rise of Operational Technology (OT) networks have brought about a significant increase in the number of connected devices in modern networks, creating new challenges for blue teams in terms of inventorying assets, identifying and mitigating vulnerabilities, and verifying security controls coverage. This presentation will explore the unique challenges that IoT and OT pose for network scanning and provide solutions for effectively addressing these challenges while ensuring the safety and availability of these systems. The presentation will cover topics such as identifying IoT and OT devices on a network, understanding the context of vulnerabilities associated with these devices, and implementing appropriate security controls to mitigate these risks while ensuring the safety and availability of these systems. Attendees will also learn about best practices and tools for IoT and OT network scanning, such as using automated asset inventory, performing regular vulnerability assessments, and testing the changes in a controlled environment before implementing them. This presentation aims to equip blue teams with the knowledge and skills they need to effectively protect their organizations' networks in the IoT and OT era while ensuring these systems' safety and availability.

Presenters:

  • (void *)Huxley Barbee
    Huxley Barbee (aka void *) s the organizer for BSidesNYC and security evangelist at runZero. Huxley previously worked at Datadog, where he formulated their Cloud Security Platform. Earlier at Cisco, he led a team that automated SecOps and IR playbooks. He holds both the CISSP and CISM certifications.

Links:

Similar Presentations: