1. InfoconDB
  2. ToorCon
  3. ToorCon San Diego 18 (2016)
  4. The Attack and Defense of a Changing Enterprise Security Boundary

The Attack and Defense of a Changing Enterprise Security Boundary

Presented at ToorCon San Diego 18 (2016), Oct. 15, 2016, 2 p.m. (50 minutes).

The Attack and Defense of a Changing Enterprise Security Boundary . In the 2013-14 timeframe, Google decided to talk publicly about a change it was making to its corporate infrastructure and application environment. This concept was dubbed “Beyond Corp”. This philosophy introduced the concept of a boundary-less enterprise IT model. The approach, used by Google and a growing list of other companies, manages to radically change the attack surface of the enterprise network, which has forced attack methodologies to evolve. This talk will discuss: • the BeyondCorp model, drivers and methods • the benefits of this approach • weaknesses of the approach • attack techniques that do still work • the ‘Corporate Café’ IT mode

Presenters:

  • Noah Beddome
    Noah Beddome penetration tester, former Marine and current Practice Director of the Infrastructure Security practice at NCC Group North America.