Organisational Behavior for Cyber Risk Governance Using Security Ratings

As businesses are developing rapidly, many cloud consumers find that a single public/private cloud or traditional on-premises data center is no longer able to meet service requirements. Organizations are increasingly choosing hybrid cloud environments and services to meet their needs. However, hybrid clouds pose different risks and thus bring on a different set of challenges to security.

This presentation will provide an overview of Hybrid Cloud, demonstrate its risks, threats and vulnerabilities, and give examples of Hybrid Cloud use cases.

Brief overview of the history of the FedRAMP program including successfactors and lessons learned. Concentration on the improvements to the FedRAMP program that are designed to address to dominant criticism of the program - costs too much, takes too much time. Covers risk based evaluation profiles, agency liaison program and FedSTAR.

Thailand Security Landscape

Third-Party Risk Management has become a critical component of protecting and securing your organization. However, many companies still need to find a way to operate at scale in order to be efficient, gain insights, and improve cybersecurity resilience.

In this webinar, we will walk through the necessary people, process, and technology to help you mitigate the cyber risks introduced by your vendors, partners, suppliers, or any third party.
We will discuss:
● How to employ a risk-based assessment process
● Best practices when communicating with third parties
● How to utilize meaningful insights from tools
● And much more!

Operationalizing industry buzzwords isn’t always possible. Sometimes these buzzwords are aspirational but the technology behind isn’t understood. In the case of Zero Trust, working with the right vendor means quickly deploying applications securely to enhance productivity and reduce your organizations attack surface. Join us to learn more about Zero Trust Access solutions and the key business and technical considerations when trying to find what’s best for your organization.

“1e32jnd9312”, “32189321-DEF3123-9898312”, “ADEFi382819312.” Do these strings seem familiar? They could be hashes, randomly generated passwords, API keys, or other useful information. They can be found in logs, command lines, configuration files, and source code. Whether you are analyzing logs or hunting for accidentally exposed credentials, they are not exactly easy to find because building a search pattern for something so random is a particularly hard task. To help solve this problem, we developed Stringlifier - an open-source application that allows you to detect these types of strings in any plain text. It leverages machine learning to distinguish between normal and random character sequences and can also be adapted for more fine-grained classifications.

Join Andrei Cotaie, Sr. Security Engineer, Tiberiu Boros, Data Scientist & Machine Learning Engineer, and Kumar Vikramjeet, Security Engineer, as they introduce you to Stringlifier and how it can help you automate some common cloud security tasks. You will see examples of how to use it and also get information on how you can download and use it in your own environment.

COVID-19 is driving the demand for cloud based remote access tools. However, while the majority of IT and Security leaders are now focused on remote access, an equally challenging issue looms: the resurgence of cloud transformation projects. Attackers are taking advantage of the current situation and security professionals must adapt and arm themselves. Join Ashley Ward, CTO - Prisma Cloud at Palo Alto Networks from the trenches to learn about 3 SOC focused initiatives you can work on today to strengthen cloud security during the COVID-19 crisis and beyond.
- Optimize your SOC for cloud-based developer environments
- Use your SOC to make data-driven risk management decisions
- Tailor how your SOC delivers security services to specific business needs

Security Automation Simplified with Open Security Controls Assessment Language
Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of smart systems leveraging such cloud solutions, has been a challenging task to date. Additionally, the proliferation of containers and service mesh technologies employed in cloud ecosystems for enhanced portability and security, compels organizations to leverage risk management strategies that are tightly coupled with the dynamic nature of their systems. NIST’s Open Security Controls Assessment Language (OSCAL) is a standard of standards that provides a normalized expression of security requirements across standards, and a machine-readable representation of security information from controls to system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions. Imagine a future where security documentation builds itself, and security management tools from different vendors integrate seamlessly. Security practitioners will spend less time on security documentation, assessments, and adjudication, yet the results of those activities will be more accurate and more easily monitored. OSCAL enables this and more.

Achieving good third-party risk outcomes requires that your vendors operate secure cloud environments. Many security teams have assumed that if a third-party is using Amazon Web Services that they are operating securely, when in fact, the sheer breadth of an AWS deployment leaves plenty of room for error.  

During our webinar, experts from Stratum Security and RiskRecon will take you through the expanse of a proper AWS deployment, diving into real-world examples of what can go right - and wrong - when securing AWS operations. We will discuss the core security criteria that every practitioner should be familiar with to properly assess the operations of any third-party AWS environment and will provide you will the knowledge you need to begin securing your cloud environments today. 

Join this session to learn about:
- Real-world use cases where AWS environments were exploited due to missteps in configuration
- Core security criteria necessary for assessing the security of an AWS environment
- A new playbook and questionnaire that will provide you with a step-by-step guide to secure AWS operations

With the rise in identity-based attacks due to the very distributed and remote workforce of 2020, how can your organization identify whether or not it’s the actual user who is attempting the authentication, or an attacker?

Security analytics can provide crucial data to help identify potential issues that require investigation. In a large or distributed environment, however, these logs of novel IPs and devices, unusual logins, and access attempts by high-risk users can quickly become too much of a good thing. Swimming through this ocean of data is like looking for treasure on the Great Pacific garbage patch. But what if you had a historical profile of user and device behavior that would allow you to surface unusual activities and create a baseline for action?

This idea isn’t new -- adaptive authentication and user behavioral analytics have become more popular, because understanding the story behind an anomaly can help inform and prioritize your response. Identifying anomalous logins that could indicate account takeover attempts before they’re breached based on unusual activity around the user, cohort, and the organization’s behavioral norms allows you to respond, adjust your policies, and protect users in real-time.

Join Duo’s Ted Kietzman on August 13 at 1:00 p.m. ET for a dive into how collecting security analytics data is an important first step that will shape your ability to effectively handle potential attacks.