DeepSec 2018 Talk: Global Deep Scans – Measuring Vulnerability Levels across Organizations, Industries, and Countries – Luca Melette & Fabian Bräunlein
Metrics are plentiful, but they are hard to come by when it comes to meaningful numbers. This is why we were amazed by the submission of Luca Melette and Fabian Bräunlein. Why? This is why:
“We introduce global deep scans that provide insights into the security hygiene of all organizations exposed to the Internet. Our presentation discusses vulnerability levels across different groups of organizations and points out differences in the underlying maintenance processes. We find that different industries have a lot to learn from each other and provide the necessary measurements to start these dialogues.”
We asked Luca and Fabian a few more questions about their talk.
Please tell us the top 5 facts about your talk.
5. You’ll see results from a global vulnerability scan across thousands of companies in dozens of industries and you’ll be invited to be part of our journey of analyzing the data.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
We have been curious for a long time about which companies, industries, and regions are better or worse when it comes to security. Who can learn from whom on which topics? Since no public information of this kind is available, we started scanning the Internet ourselves and created a weighted vulnerability score to compare and contrast vulnerability levels.
Why do you think this is an important topic?
Vulnerability information today is mostly available in pockets: Many companies know about their vulnerability level, but they do not know how they rank among others. Researchers often know about the prevalence of a few vulnerabilities, but do not have an overview of issues outside their special field. Our presentation provides this additional visibility and creates awareness about vulnerability levels on the Internet. Researchers and corporates will be stimulated to look at internet exposure in different ways and find weak spots that need attention. Our goal is to show who can learn from whom.
Is there something you want everybody to know – some good advice for our readers maybe?
It is important for both users and companies to periodically check which of their assets are exposed on the internet and evaluate what risks are associated with them. Our research shows that some industries are more exposed to hacking than others, possibly indicating the next targets for hackers, but also great potential to learn from one another.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise/ the topic of your talk in particular?
Our observations will stimulate internet actors to learn from one another by comparing themselves to the rest of the world.
Fabian Bräunlein has always been curious about taking systems apart. He works as a Security Researcher and Consultant at Berlin-based hacker collective SRLabs. His previous research includes hacking payment systems (32c3), travel systems (HEUREKA) and IP cameras (DeepSec 2017).
Luca Melette is a security researcher with focus on all sorts of telecommunication networks. In the past years, together with Karsten Nohl, he discovered and disclosed several security vulnerabilities in mobile networks, from low-cost radio attacks to more sophisticated interconnect abuse.
Luca’s one of the maintainers of the website gsmmap.org and the related mobile app SnoopSnitch.