Offensive Vendor Reviews presented at ToorCamp 2014

by Carl Sue,

Summary : How do you choose who your company trusts? It is said that the best defense is a good offense, so why are so many organizations not offensive in their defense? Offensive Vendor Reviews looks at how companies deal with risk from outside companies. I look at some examples of where vendor reviews fail, and give some ideas of how to perform a vendor review. An Offensive Vendor Review is the practice of gathering real information on the companies your business uses the services of. Do you know who is on your network using your resources? Do you know how good their security is? Most importantly how do you sell this to management? Learn how to answer these questions and more in Offensive Vendor Reviews. While most content in this talk are related to research and practices developed at my employer they do not necessarily represent the views of said company.