Hi [[ session.user.profile.firstName ]]

UpGuard

  • Date
  • Rating
  • Views
  • Unprotected Files on a Public Cloud Server: Live Panel on the NSA Data Leak
    Unprotected Files on a Public Cloud Server: Live Panel on the NSA Data Leak Chris Vickery, George Crump, David Linthicum, Charles Goldberg, Mark Carlson Recorded: Dec 8 2017 59 mins
    Public, private and hybrid cloud are nothing new, but protecting sensitive data stored on these servers is still of the utmost concern. The NSA is no exception.

    It recently became publicized that the contents of a highly sensitive hard drive belonging to the NSA (National Security Agency) were compromised. The virtual disk containing the sensitive data came from an Army Intelligence project and was left on a public AWS (Amazon Web Services) storage server, not password-protected.

    This is one of at least 5 other leaks of NSA-related data in recent years. Not to mention the significant number of breaches and hacks we’ve experienced lately, including Yahoo!, Equifax, WannaCry, Petya, and more.

    The culprit in this case? Unprotected storage buckets. They have played a part in multiple other recent exposures, and concern is on the rise. When it comes to storing data on public cloud servers like AWS, Azure, Google Cloud, Rackspace and more, what are the key responsibilities of Storage Architects and Engineers, CIOs and CTOs to avoid these types data leaks?

    Tune in with Chris Vickery, Director of Cyber Risk Research at UpGuard and the one who discovered the leak, along with George Crump, Chief Steward, Storage Switzerland, David Linthicum, Cloud Computing Visionary, Author & Speaker, Charles Goldberg, Sr. Director of Product Marketing, Thales e-Security, and Mark Carlson, Co-Chair, SNIA Technical Council & Cloud Storage Initiative, for a live panel discussion on this ever-important topics.
  • Cyber Security Is Dead
    Cyber Security Is Dead Chris Vickery, Director of CyberRisk Research at UpGuard Recorded: Nov 15 2017 44 mins
    The data is in: cybersecurity is dead. Even as global cybersecurity spending is expected to balloon to over $100 billion by 2020, the frequency and severity of cyberattacks continue to grow, with seemingly no end in sight.

    While exploits and hacking tools become even more widely available and simple to deploy, there has been little commensurate progress in beating back attackers, who continue to find success striking at persistent, common weak points. How is this possible?

    The answer is one that must chagrin any CISO spending exorbitant amounts of money on cybersecurity programs: The entire conception upon which cybersecurity rests -- of constructing a castle, against which any marauding attackers stand little chance of breaching -- is barely of use.

    Join UpGuard’s Director of Cyber Risk Research Chris Vickery in conversation to learn:

    - Why silver bullet security solutions that are stacked around the perimeter don’t protect against breaches
    - How data exposures occur, and how they can be prevented
    - Why vendor risk should be an integral part of the cyber risk assessment
    - What steps to take to become cyber resilient
    - How UpGuard can help
  • The Silent Killer: How Third-Party Vendor Risk Threatens Everyone
    The Silent Killer: How Third-Party Vendor Risk Threatens Everyone Mike Baukes, CEO, UpGuard Recorded: Oct 11 2017 44 mins
    Enterprises are becoming increasingly cognizant of the massive business risk posed by incidents of cyber attacks resulting in data breaches. Less well-known, and perhaps more potent a threat, is the danger posed by third-party vendors entrusted with sensitive data in the course of a business partnership. While an enterprise can have the best and most resilient internal IT practices, there are no such guarantees their external partners will take the same care. The consequences can be enormous.

    The UpGuard Cyber Risk Team has made it its mission to find data exposures where they exist, aiding in securing them against malicious use and raising public awareness about the issues driving cyber risk today. In this talk, UpGuard CEO Mike Baukes will discuss how third-party vendor risk has proven a potent and pervasive threat in the digital landscape of 2017, as illustrated by a newly discovered third-party vendor data exposure case involving the leaking of sensitive data from major transnational corporations.

    Learn how you can mitigate such third-party vendor risk and begin to evaluate and enforce your business partners’ cyber resilience against such threats.
  • Cut Cord: How Viacom's Master Controls Were Left Exposed
    Cut Cord: How Viacom's Master Controls Were Left Exposed Dan O'Sullivan, UpGuard Analyst Recorded: Sep 28 2017 27 mins
    Learn about Viacom's critical data exposure.

    Exposed in the leak are a vast array of internal access credentials and critical data that could be used to cause immense harm to the multinational corporation’s business operations.

    Dan O’Sullivan, the analyst who first broke the story, will go through the details of the discovery and the significant impact of this data exposure.

    For the original article: https://www.upguard.com/breaches/cloud-leak-viacom
  • How to Hire DevOps
    How to Hire DevOps Cliff Moon, CTO, UpGuard Recorded: Sep 14 2017 37 mins
    The rise of DevOps teams is upon us. The most recent State of DevOps survey found that 16% of respondents were part of a DevOps department with 55% of respondents self-identifying as DevOps engineers or systems engineers. Interesting. And if you simply Google ‘DevOps jobs’ you get over 4.5 million hits. So like it or not, this DevOps thing is going mainstream.

    If your organization is among those who embraced DevOps, you are probably looking for people with wide-ranging interests who will help you to get rid of silos.

    Hear from Cliff Moon, UpGuard's CTO, as he shares his experience on sourcing and hiring the right people.
  • Breaking Down Silos - DevOps Meets ITIL
    Breaking Down Silos - DevOps Meets ITIL Greg Pollock, VP of Product at UpGuard Recorded: Aug 17 2017 42 mins
    Big things are happening in software. Agile Software Development and DevOps are delivering innovations at a rate never seen before. Prompting many to ask 'Is this the end of ITIL?'.

    There is a perception that DevOps and ITIL cannot play well together. That an you must choose one over the other or risk catastrophic failure. This is simply not true.

    Many do not realize that DevOps relieson core concepts and processes of ITIL to be successful. Ignoring this relationship means missing out on service improvements that may be introduced and developed by integrating key areas of the ITIL framework and the collective body of knowlege that is DevOps.

    In this webinar we will take a close look at the simple things organizations can do to get most out of a balanced blend of traditional and modern IT practices.
  • Blackout: How Engineering Firm Exposed Critical Infrastructure Data
    Blackout: How Engineering Firm Exposed Critical Infrastructure Data Dan O'Sullivan, UpGuard Analyst Recorded: Aug 15 2017 31 mins
    Learn about a data exposure discovered from within the systems of Texas-based electrical engineering firm Power Quality Engineering (PQE), revealing the sensitive data of clients like Dell, the City of Austin, Oracle, and Texas Instruments, among others.

    Left accessible to the wider internet via a port used for rsync server synchronization but configured to allow public access, the breach allowed any interested browser to download sensitive electrical infrastructure data compiled in reports by PQE inspectors examining customer facilities.

    Dan O’Sullivan, the analyst who first broke the story, will go through the details of the discovery and the significant impact of this data exposure.

    For the original article: https://www.upguard.com/breaches/data-leak-pqe
  • Are Your Third Party Vendors Creating Uninvited Cyber Risk?
    Are Your Third Party Vendors Creating Uninvited Cyber Risk? Greg Pollock, VP of Product at UpGuard Recorded: Aug 10 2017 36 mins
    Many of the largest and most well known breaches are cases of third party information exposure.

    One of the largest leaks of all time was discovered when an RNC vendor, Data Root Analytics, exposed 198 million voter records, including personal details, voter information, and predictively modeled attributes such as race and religion.

    Outsourced information work is crucial for organizations to scale and remain competitive, but it should be done with careful forethought to the risks the company faces should that information be compromised.

    In this webinar you will learn:

    - Why cybersecurity is dead
    - How to mitigate cyber risk in a cost effective way
    - How vendor risk becomes your risk
    - Steps to become cyber resilient
    - How to measure success on your path towards cyber resilience
  • Cloud Leak: How a Verizon Partner Exposed Millions of Customer Accounts
    Cloud Leak: How a Verizon Partner Exposed Millions of Customer Accounts Dan O'Sullivan, UpGuard Analyst Recorded: Jul 18 2017 32 mins
    A misconfigured cloud-based file repository exposed names, addresses, account details, and account personal identification numbers (PINs) of as many as 14 million US customers of telecommunications carrier Verizon. UpGuard’s Cyber Risk team discovered this critical data repository was not exposed by the enterprise holding primary responsibility for the information, but by a third-party vendor to the enterprise.

    Beyond the sensitive details of customer names, addresses, and phone numbers—all of use to scammers and direct marketers—the prospect of such information being used in combination with internal Verizon account PINs to take over customer accounts is hardly implausible. Dan O’Sullivan, the analyst who first broke the story, will go through the details of the discovery and the significant impact of this cloud leak.


    For the original article: https://www.upguard.com/breaches/verizon-cloud-leak
  • Untangling ITSM
    Untangling ITSM Phillip Palmer, Chief Evangelist at UpGuard Recorded: Jun 29 2017 38 mins
    The Alphabet Soup of International Standards, Best Practice Frameworks, Governance Models and the like can be daunting and confusing at first. Which one is ‘Right’? Which one is the ‘Best’? Which one of these should a business use to improve?

    The good news is that it doesn’t have to be that difficult.

    Phillip Palmer has been educating and advising organisations in best practices for over 15 years. A self-described ‘Service Management Evangelist and Process and Quality Purist’, Phillip has garnered praise and awards for his infectious enthusiasm and practical application of best practice guidance.

Embed in website or blog