Session Name: 372 Million Data Points and a Few Opinions on Attack Surface Security
There have been profound changes in security as a result of industry shifts toward cloud-native development, resilient architecture, and microservices. Analysis of 400 million cyber assets, findings, and policies at nearly 1300 organizations reveals just how significant the changes in the average asset inventory have been, and the profound impact on security teams. This talk will share original research on the state of asset inventories and attack surface management at contemporary organizations and an analysis of what it means for security teams. In particular, the research will cover the industry average (mean) of 120,561 findings in backlog means for security team burnout and how the ratio of cyber assets to practitioners has reached dire levels. The talk will also cover how current security skills training does not reflect the realities of our cloud-native asset architectures, and why ultra-reliable network architecture demands new approaches to security. Finally, the talk will provide original research and analysis of supply chain risk, as well as insight into the most common blind spots for security practitioners - based on analysis of asset inventories compared to practitioner queries of their environments.
Jasmine "Hex" Henry is Field Security Director at JupiterOne, where she does lots of research on the state of cyber assets. She's spent 10+ years growing and scaling security, compliance, and privacy functions at cloud-native organizations. Jasmine has a MS in Informatics and Analytics and a shocking number of tattoos.