The Perimeter Has Been Shattered: Attacking and Defending Mobility and IoT on the Enterprise Network presented at OWASPNewZealandDay 2020

by Georgia Weidman,

Summary : Mobility and the Internet of Things (IoT) have disrupted the corporate enterprise network on the scale that PCs disrupted mainframes in the 1980s. Yet most enterprises continue to approach security as if though there is still a hard perimeter with nothing but corporate-owned end points running against internal applications. Mobility, however, means employee-owned end points connecting over public carrier networks to cloud applications. Traditional perimeter security simply doesn’t address this. From mobile-based phishing to Bluetooth-based attacks, mobile and IoT have fundamentally changed the threat landscape. In this talk we will look at the modern threat landscape, the security controls currently available on the market (such as mobile threat defense and mobile application management), and provide real world examples of how they fall short under simulated attack. Finally, we will look at practical ways to improve enterprise security around mobile and IoT as well as cause the defensive products to evolve to be more robust.

Georgia Weidman: Georgia Weidman is a member of the GRM n00bs, a group providing training and media for information security beginners. She is a survivor of the collegiate cyber defense competition and a security master's program. Now she specializes in whatever security work she can get, collects certifications, makes videos, takes photographs at inopportune times, and sometimes podcasts.