Re: Shodan value

[Ashley Penchion <apenchon () XULA EDU>]

We use DHS' Cyber Hygiene scans. You get a weekly vulnerability report that
shows trends and what has or hasn't been re mediated. we went through DHS
directly.

"NCATS leverages existing “best in breed” cybersecurity assessment
methodologies, commercial best practices and integration of threat
intelligence that enable cybersecurity stakeholders with decision
making/risk management guidance and recommendations. NCATS provides an
objective third-party perspective on the current cybersecurity posture of
the stakeholder’s unclassified operational/business networks. NCATS
security services are available at no-cost to stakeholders and can range
from one day to two weeks depending on the security services required. For
more information, email: ncats_info () hq dhs gov(link sends e-mail)"

<ncats_info () hq dhs gov>


Ashley Penchion
*IT Security Officer*
Xavier University of Louisiana
apenchon () xula edu
*Phone*: (504) 520-5410 |

On Fri, Jul 28, 2017 at 8:07 AM, Kevin Wilcox <wilcoxkm () appstate edu> wrote:

> On 28 July 2017 at 01:53, Cameron Dixon <cameron.dixon () hq dhs gov> wrote:
>
> > Hello there, new listserv-er here. I'm the ops lead for the DHS NCATS
> scanning service mentioned previously-- a colleague of mine alerted me to
> this discussion, so I hope you'll forgive the interjection. Cyber Hygiene,
> our service that scans internet-facing systems, is (basically) available to
> all comers, and the https://github.com/dhs-ncats/services link outlines
> the contours of the service decently-- I'm also happy to answer any
> questions you might have.
>
> <snip>
>
> Wait a second, let me get this right.
>
> There's an entity offering a service and you represent that
> entity...so you're basically a vendor...but you don't reference
> Gartner whitepapers, you don't mention being a leader in the Magic
> Quadrant or "best in breed/class" and you aren't going on about how
> your "next gen scanning service" can detect all the things and help
> identify problems with machine learning/next gen AI/etc.
>
> Does anyone know if Cameron and this "DHS" actually exist or is this
> an elaborate Sys-Admin Day hoax to Rick-roll everyone visiting their
> github project?
>
> Seriously, welcome to the group. I don't know if/when the SPC program
> committee will hit you up to be in Baltimore, or if any schools who
> are using the service are interested in presenting about their
> experiences, but I know *I* would certainly try to go to a
> presentation by <x schools> and the ops lead for a .gov vulnerability
> scanning service.
>
> kmw

-- 
*E-Mail Privacy/FERPA: This communication may contain confidential 
information and is intended solely for the use of the addressee. If you 
received it in error, please contact the sender at once and delete the 
message. This communication may also contain information subject to 
restrictions of the Family Educational Rights and Privacy Act (FERPA). Such 
information may not be disclosed or used in any fashion outside the scope 
of the service for which you are receiving the information.*