The network you think you have isn't the one you actually have

At SANS Winter Cyber Solutions Fest 2026, runZero CEO HD Moore warned that the traditional air gap and segmentation controls are frequently ineffective: attackers are exploiting firewall zero-days, forgotten cellular links, multi-homed devices, insecure management interfaces (KVM/IPMI), and unnoticed IPv6 addresses to bypass controls and reach OT assets. The post highlights real-world findings (e.g., Mandiant data on perimeter device compromises), explains how passive monitoring and scanners miss these exposure paths, and recommends active discovery (including IPv6 and interface enumeration) to reveal and fix unseen bridges and management endpoints.