Presentation Title Seccubus: Vuln Scanning Doesn’t Have to be a Time Drain
As part of his job as Security Officer at Schuberg Philis, Frank Breedijk performs regular security scans. The repetitive nature of scanning the same customer infrastructure over and over again made him decide to look for a more automated approach. After building his first scanning scheduler he realized that it actually does not make sense to look at all findings every time they are reported. It would be much better to only investigate the deltas between the scans. The philosophy behind Seccubus was born. In his presentation Frank will demonstrate Seccubus by performing scans of a live demo environment and explain the inner workings of Seccubus and the philosophy behind it.
Seccubus automates regular vulnerability scans and provides delta reporting. It effectively reduces the analysis time for subsequent scans of the same infrastructure by only reporting delta findings. Seccubus runs vulnerability scans at regular intervals and compares the findings of the last scan with the findings of the previous scan. The delta of this scan is presented in a web GUI where findings can be easily marked as either real findings or non-issues. Non-issues get ignored until they change. This causes a dramatic reduction of the analysis time.
About Frank Breedijk
Frank Breedijk CISSP B ICT is employed as a Security Officer at Schuberg Philis. He is responsible for the security of Schuberg Philis Mission Critical outsourcing services. Frank has been active in IT Security for over 10 years. Before joining Schuberg Philis he worked as a Security Consultant for INS/BT and Security Officer for InterXion. He managed the European Security Operations Center (SOC) for Unisys’ managed security services. During this period Gartner labeled Unisys leader in the magic quadrant for Managed Security Services in Europe.
Besides his day job Frank Breedijk is an active on Twitter (@seccubus) and writes blog entries for CupFighter.net. He has also written various magazine articles.