SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThis paper details an experiment constructed to evaluate the effectiveness of blocking Shodan search engine scans in reducing overall attack traffic volumes. Shodan is considered to be part of an attacker's toolset, and there is a persistent perception that blocking Shodan Scans will reduce an organization's attack surface. An attempt was made to determine what effect, if any, such a block would result in by comparing attacker traffic before and after implementing a block on Shodan scans, and by determining the complexity of performing such a block. The analysis here may provide defenders and managers with useful data when deciding on whether or not to devote resources to blocking Shodan or other similar internet-connected device search engines.