• Goa 2020
  • AMMO
  • Omniscient

Omniscient

Pramod-Rana

Tool Name:

Omniscient

Speaker:

Pramod Rana

Download Link:

https://github.com/varchashva/LetsMapYourNetwork




Abstract:

Omniscient - Lets Map Your Network" aims to provide an easy-to-use & point-in-time interface to security engineer and network administrator to represent their network in graphical form with zero manual error. It also monitors the 'identified' network with user-defined periodicity and provides the analytics on rogue systems/devices present in network.

It is utmost important for any security engineer/network administrator to understand their network first before securing/managing it and it becomes a daunting task to have a ‘true’ understanding of a widespread network, specially with the adaption of Cloud. In a mid to large level organisation’s network having a network architecture diagram doesn’t provide the complete understanding of network and manual verification is a nightmare. Hence in order to secure entire network it is important to have a complete picture of all the systems which are connected to your network, irrespective of their type, function, technology etc.

BOTTOM LINE - YOU CAN'T SECURE WHAT YOU ARE NOT AWARE OF.

Omniscient does it in two phases:

  1. Learning: In this phase, Omniscient 'learns' the network by utilising passive network enumeration, active scans and upload of existing CMDB for on-premises network; and by querying the APIs for cloud networks. Then it builds graph database leveraging the responses of all learning activities. User can perform any of the learning activities at any point of time and Omniscient will incorporate the results in existing database.
  2. Monitoring: This is a continuous and automatic process, where Omniscient monitors the 'identified' network (with user-defined periodicity) for any changes, compare it with existing information and update the graph database accordingly.

Bio:

Pramod Rana works as a senior security engineer with Coupa Software and he is responsible for product security functions in Agile like penetration testing, threat modeling and cloud security assessment.

He loves to understand new security trends and how to practically implement them, a coder by hobby, a runner by passion. He has presented at BlackHat and Defcon before.

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved