BSidesSF

In the past, network device awareness (SANS Critical Security Control #1) was achieved through asset monitoring, vuln scanning, Network Access Control (NAC), device authentication, and network/wireless intrusion detection.

Unfortunately, the Internet of Everything has spawned a little-understood and ever-expanding threat vector - the massive proliferation of broad-spectrum wireless, mobile/micro, transient computing devices:

Corporate-sponsored BYOD
Mobile phones/tablets, Wireless APs, MiFis, microcells
4G/LTE, Bluetooth, & RFID/NFC-enabled consumer devices
Micro, ultra-portable, & wearable computing devices
Wireless thermostats, burglar alarms, IP cameras, UAVs/drones, heating/cooling systems, power distribution, & industrial automation
A rapidly-expanding market of low-cost, plug-and-play cyber espionage devices, the "Internet of Evil Things".

This attack surface has expanded beyond the visibility of today’s monitoring and intrusion detection systems. Yesterday’s defenses are no longer adequate. Come learn all the ways criminals are getting access while bypassing all alarms and monitored networks. New attacks and possible defenses will be shown live.