BSidesSF 2018 has ended
View analytic
Sunday, April 15 • 3:30pm - 4:00pm
Six degrees of infiltration: Using graph to understand your infrastructure and optimize security decision making

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Current infrastructures depends on multiple technologies and third party infrastructures that increase security complexity and makes it very difficult to have a clear end to end view of the overall state and possible risks. Existing approaches were good investments but a few challenges were observed
Some duplication - Broad set of dedicated services that collect and visualize similar data.
View of the environment relies on broad set of tribal knowledge
Recurrent questions difficult to quickly answer
“What is my exposure”
“Does this vulnerability affect us and in what way?”
What priority should we allocate to this issue?
Moving target problem - Does infrastructure match expectations at all time?
Transitive risks or lateral movements exploration not possible cross dependencies
Overall state of the infrastructure hard to visualize and validate
Difficult to apply internal context to external intelligence feed

The talk will provide insight on a graph solutions explored by Lyft Security Intelligence team to tackle knowledge consolidation and improve decision making. Attendees of this session will be introduced to methodologies and off the shelf tools like Neo4j, we use along with the release our open source graph based security intelligence platform they can use to get started and collaborate.


Sacha Faust

Technical Lead, Security Intelligence, Lyft
Sacha Faust is a Technical Lead under Security Intelligence group at Lyft and previously heading the Microsoft Cloud + Enterprise (C+E) Red Team. When he is not breaking things, he focuses on teaching machines how to do end to end breaches and evangelize the Assume Breach mindset... Read More →

Sunday April 15, 2018 3:30pm - 4:00pm
AMC - Theatre 7