Educause Security Discussion mailing list archives
Re: Shodan value
From: Ashley Penchion <apenchon () XULA EDU>
Date: Fri, 28 Jul 2017 08:13:37 -0500
We use DHS' Cyber Hygiene scans. You get a weekly vulnerability report that shows trends and what has or hasn't been re mediated. we went through DHS directly. "NCATS leverages existing “best in breed” cybersecurity assessment methodologies, commercial best practices and integration of threat intelligence that enable cybersecurity stakeholders with decision making/risk management guidance and recommendations. NCATS provides an objective third-party perspective on the current cybersecurity posture of the stakeholder’s unclassified operational/business networks. NCATS security services are available at no-cost to stakeholders and can range from one day to two weeks depending on the security services required. For more information, email: ncats_info () hq dhs gov(link sends e-mail)" <ncats_info () hq dhs gov> Ashley Penchion *IT Security Officer* Xavier University of Louisiana apenchon () xula edu *Phone*: (504) 520-5410 | On Fri, Jul 28, 2017 at 8:07 AM, Kevin Wilcox <wilcoxkm () appstate edu> wrote:
On 28 July 2017 at 01:53, Cameron Dixon <cameron.dixon () hq dhs gov> wrote:Hello there, new listserv-er here. I'm the ops lead for the DHS NCATSscanning service mentioned previously-- a colleague of mine alerted me to this discussion, so I hope you'll forgive the interjection. Cyber Hygiene, our service that scans internet-facing systems, is (basically) available to all comers, and the https://github.com/dhs-ncats/services link outlines the contours of the service decently-- I'm also happy to answer any questions you might have. <snip> Wait a second, let me get this right. There's an entity offering a service and you represent that entity...so you're basically a vendor...but you don't reference Gartner whitepapers, you don't mention being a leader in the Magic Quadrant or "best in breed/class" and you aren't going on about how your "next gen scanning service" can detect all the things and help identify problems with machine learning/next gen AI/etc. Does anyone know if Cameron and this "DHS" actually exist or is this an elaborate Sys-Admin Day hoax to Rick-roll everyone visiting their github project? Seriously, welcome to the group. I don't know if/when the SPC program committee will hit you up to be in Baltimore, or if any schools who are using the service are interested in presenting about their experiences, but I know *I* would certainly try to go to a presentation by <x schools> and the ops lead for a .gov vulnerability scanning service. kmw
-- *E-Mail Privacy/FERPA: This communication may contain confidential information and is intended solely for the use of the addressee. If you received it in error, please contact the sender at once and delete the message. This communication may also contain information subject to restrictions of the Family Educational Rights and Privacy Act (FERPA). Such information may not be disclosed or used in any fashion outside the scope of the service for which you are receiving the information.*
Current thread:
- Re: Shodan value, (continued)
- Re: Shodan value Reyor, William F. (Jul 20)
- Re: Shodan value Andre DiMino (Jul 20)
- Re: Shodan value Nicholas Garigliano (Jul 21)
- Re: Shodan value Andre DiMino (Jul 24)
- Re: Shodan value Andre DiMino (Jul 20)
- Re: Shodan value Rich Graves (Jul 20)
- Re: Shodan value Reyor, William F. (Jul 20)
- Re: Shodan value Valdis Kletnieks (Jul 20)
- Re: Shodan value Reyor, William F. (Jul 20)
- Re: Shodan value Reyor, William F. (Jul 20)
- Re: Shodan value Kevin Wilcox (Jul 28)
- Re: Shodan value Ashley Penchion (Jul 28)
- Re: Shodan value Dixon, Cameron (Jul 31)
- Re: Shodan value Valdis Kletnieks (Jul 28)