Security Management
W4-2B. Enabling Automated Security Control Validation with Tommyknocker Open Source
Wednesday, June 12, 2024 2:30 PM - 3:30 PM
Room 2BC
Tommyknocker is an open source tool designed to allow for simple but powerful automation of continuous security control validation. Whether you are confirming critical east-west network security controls, validating the continued functionality and visibility of IPS/IDS services, or confirming that configuration changes have not compromised existing controls, Tommyknocker can help! Tommyknocker allows for test cases to be as simple as sending a single network request, or as complex as imitating a full scan and exploit cycle from an attacker. With the ability to also tie expected alerts and indicators to a test, you can confirm not only that the potential attack was stopped, but also that your SOC will know if and when the real thing happens. Tommyknockers were originally seen as impish beings that lived deep in mines, making knocking noises in the walls that would warn miners of safety issues or imminent cave-ins. Let them help warn you of critical oversights in your security control validation as well!
After this session, the learner will: - Understand the importance of automation in control validation - Be able to deploy and configure a basic instance of Tommyknocker Open Source - Have a framework for scaling out automated control validation