BSidesSF 2018 has ended
Back To Schedule
Sunday, April 15 • 3:30pm - 4:00pm
Six degrees of infiltration: Using graph to understand your infrastructure and optimize security decision making

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Current infrastructures depends on multiple technologies and third party infrastructures that increase security complexity and makes it very difficult to have a clear end to end view of the overall state and possible risks. Existing approaches were good investments but a few challenges were observed
Some duplication - Broad set of dedicated services that collect and visualize similar data.
View of the environment relies on broad set of tribal knowledge
Recurrent questions difficult to quickly answer
“What is my exposure”
“Does this vulnerability affect us and in what way?”
What priority should we allocate to this issue?
Moving target problem - Does infrastructure match expectations at all time?
Transitive risks or lateral movements exploration not possible cross dependencies
Overall state of the infrastructure hard to visualize and validate
Difficult to apply internal context to external intelligence feed

The talk will provide insight on a graph solutions explored by Lyft Security Intelligence team to tackle knowledge consolidation and improve decision making. Attendees of this session will be introduced to methodologies and off the shelf tools like Neo4j, we use along with the release our open source graph based security intelligence platform they can use to get started and collaborate.


Sacha Faust

Manager, Product Security, Lyft
Sacha Faust is the engineering manager for Lyft's Security Intelligence team and previously led the Microsoft Cloud + Enterprise (C+E) Red Team. His mission is to empower organizations to make informed and automated security decisions through democratizing and automating security... Read More →

Sunday April 15, 2018 3:30pm - 4:00pm PDT
AMC - Theatre 7