The Edge of Tomorrow: Today's Devices, Tomorrow's Incidents

Edge devices sit on the Internet-facing border of every organisation, silently bridging trust zones while running full Linux distributions that rarely see a reboot, let alone a patch. Because they are “just network kit,” they are exempted from EDR, and excluded from MDM, making them the perfect beachhead for an attacker who wants to pivot into a company’s network without triggering a single alert.

This talk will examine various aspects of edge-device compromises. We will share real-world findings and experiences from responding to an edge-device compromise, highlighting the challenges, lessons learned, and best practices for forensic analysis and incident response. We will also explore detection opportunities and recommendations for improving monitoring and response capabilities.

Attendees will leave with actionable incident-response tactics and detection-engineering clues for spotting and stopping similar intrusions.