Hi [[ session.user.profile.firstName ]]

The Impact of Trickbot and How It Affects State Infrastructure

In a recent report by SecurityScorecard titled “State of the States’ Cybersecurity”, it was uncovered that thirteen states are infected with the Russian “TrickBot” malware that was feared to have consequences for the U.S. election. With the election in the rearview now, this is still an important issue as states act as the implementation arm for a host of federal policies. From disaster relief to pandemic response to education and health care, state information systems are critical infrastructure that is vital to our national security. The malware infections and unpatched vulnerabilities that SecurityScorecard found in its report are simply indications of a more fundamental challenge. During this webinar, Alex Heid will discuss the report findings in detail as well as provide insight into how the states’ can vastly improve their cybersecurity posture.

During this webinar, Alex Heid will discuss the report findings in detail as well as provide insight into how the states’ can vastly improve their cybersecurity posture.
Recorded Nov 12 2020 58 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Alexander Heid, Chief Research & Development Officer, SecurityScorecard
Presentation preview: The Impact of Trickbot and How It Affects State Infrastructure
  • Channel
  • Channel profile
  • Reducing the Attack Surface in the Cloud Recorded: Oct 14 2021 57 mins
    Matt Ambroziak, Director of Security Engineering, Virsec
    Each time a person or company deploys a new application, there is an additional surface for attackers to hack into systems. As we have seen in recent cyberattacks, software flaws continue to be at the center of data breaches. The National Vulnerability Database maintains statistics on new products and new vulnerabilities being added into the database monthly – and the numbers are skyrocketing. As the attack surface of applications increases, new technologies, processes, and procedures need to be put in place to better protect cloud environments. In this webinar, Virsec Director of Security Engineering Matt Ambroziak will present new ways for security professionals to reduce the attack surface in the cloud.
  • Quantifying Cyber Risk In The Cloud Recorded: Oct 12 2021 46 mins
    Tia Hopkins, Vice President, Cyber Risk Advisory and Solutions Architecture, eSentire
    Whether it’s cloud, multi-cloud, or hybrid cloud, there is no end to cyber risk. So, organizations must be confident in their ability to protect their cloud environments and prepare for emergency scenarios. In most cases, this preparation comes in the form of hardening your security defenses and becoming cyber resilient by adopting the technologies, processes, and expert-level support. While many business leaders verbally declare the importance of reducing cyber risk, only a few understand that there are varying approaches to managing cyber risk – some far more successful than others. Key takeaways:

    - Evolution of security management - Actively manage your cloud security posture
    - Risk management vs risk reduction - Stop attackers and mitigate risk
    - Challenges with assessing risk - Detect emerging threat tactics

    In this presentation, Tia Hopkins will explore the challenges of maturity-based security programming and outline how leveraging security operations and incident response can help your organization transition to a risk-based approach that enables true quantification of cyber risk in the cloud.
  • Think Fast! - Machine Learning for Improved Security Recorded: Oct 7 2021 45 mins
    John Jacobs, Chief Information Security Officer, Fortinet
    Cloud computing has ushered in an explosion of tools and resources to swiftly adapt applications, business processes, and even create entire industries. With this rapid growth comes an expanded compute surface and an exponentially increased challenge to maintain user, device, and data security. Cybersecurity can no longer adequately scale by adding another analyst, tool, or console.

    Machine Learning can ingest and act upon correlated information from multiple sources, saving time and money, and most importantly: reducing exposure and closing security gaps. Security orchestration, automation, and response (SOAR) is a growing technology that can help scale burdened staff while improving the time-to-resolve, measured results and efficiency of repetitive and known tasks.
  • Top 10 Network Security Mistakes in AWS – And How To Fix Them Recorded: Oct 6 2021 61 mins
    Jigar Shah, Head of Products, Valtix, and Roy Long, Founder & Cloud Architect, skyPurple
    This webinar will look at the top 10 most impactful network security mistakes for organizations deploying apps on AWS today. For many organizations, apps were deployed in AWS quickly – as lines of business moved to realize the business benefit of AWS-deployed apps. Which often meant that apps were deployed with a variety of assumptions about security – which were not always correct. Join Jigar Shah, Head of Products for Valtix, and Roy Long, Founder & Cloud Architect at skyPurple, for a discussion on the Top 10 most impactful network security mistakes, to include errors and myths across:

    • Native Controls
    • Visibility
    • Dynamic vs. Static capabilities

    The team will also cover something equally important – what can organizations do to fix those mistakes? We'll have two perspectives reflecting our speaker's expertise: technology-oriented and real-world use. Suggested remedies will include immediate, tactical fixes, as well as longer-term solutions.

    Please join us for a lively discussion on one of the more relevant topics in security today – one that we are sure you’ll walk away from with actionable information!
  • Managing Entitlements for All Identities – Shared and Federated Recorded: Oct 5 2021 54 mins
    Mike Bykat, Senior Solutions Engineer and Sam Flaster, Product Marketing Manager, CyberArk
    Distributed IT environments require unified security controls. As your organization unlocks the operational advantages of cloud-hosted infrastructure and applications, it’s essential that you take a consistent approach to securing the diverse range of identities that need access to sensitive resources.

    Everyone from CISA to AWS, Azure and GCP stress the importance of least privilege access. But in today’s increasingly complex IT landscape, consistent least privilege is easier said than done.

    Join CyberArk Solutions Engineers Mike Bykat and Hamza Tariq for a discussion on:

    • Defending against identity-related attacks by right-sizing IAM policies
    • Eliminating Identity Security siloes with consistent controls for shared and federated identities
    • The operational promise of emerging technologies like Cloud Infrastructure Entitlements Management (CIEM)
    • Enabling safe, rapid cloud expansion with unified Identity Security
  • Decoding Cloud Security Matrix and Shared Responsibility in the Cloud Recorded: Oct 1 2021 35 mins
    Prasun Srivastava (Senior Solutions Architect – India and SAARC region, Cloud Protection and Licensing, Thales)
    Closing Keynote

    The latest cybersecurity incidents affecting government agencies and organizations as well as large enterprises around the world, who have invested heavily in digital and cloud initiatives, have demonstrated the urgent need for businesses to segregate their security duties from those of cloud service providers, and own their own data security to avoid cyber threats and prevent criminals. The most important security consideration is knowing exactly who is responsible for what in any given cloud project. It’s less important if any particular cloud provider offers a specific security control, as long as you know precisely what they do offer and how it works.

    The CSA provides two tools to help meet these requirements: The Consensus Assessments Initiative Questionnaire (CAIQ). A standard template for cloud providers to document their security and compliance controls. & the CCM, which lists cloud security controls and maps them to multiple security and compliance standards. The CCM can also be used to document security responsibilities.

    In this session we would take a look into the above and talk about some of the controls critical to owning you data on the cloud.
  • Hybrid Cloud Security: Risks & Mitigation Recorded: Oct 1 2021 53 mins
    Satyavathi DIVADARI, Brendan LAWS, Madhav CHABLANI, Raj SHASTRAKAR & Somik SEN
    Panel Discussion : "Hybrid Cloud Security: Risks & Mitigation"
    Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? What are the risks in a hybrid cloud environment compared to on-prem and how does one go about mitigating each of these risks. How does one assess the effectiveness of these mitigation measures? And finally how would these mitigation measures benefit organizations/businesses?

    MODERATOR: Satyavathi DIVADARI (Chairman, CSA Bangalore Chapter)

    ​PANELISTS:
    - Brendan LAWS (Director, Solutions Architecture, Rapid7)
    - Madhav CHABLANI (Chairman, CSA NCR Chapter)
    - Raj SHASTRAKAR (Serverless ​Working Group Member, CSA)
    - Somik SEN (Vice-Chair, CSA Kolkata Chapter)
  • Identifying & Securing Against Crypto Asset Risks Recorded: Oct 1 2021 28 mins
    Ashish MEHTA (Co-chair, CSA Blockchain WG)
    With Special Focus on Impact of Quantum Computing on Crypto Assets

    The speaker will be sharing CSA Blockchain Working Group research papers on "Securing Crypto assets, can Blockchains survive the Quantum Computing Threat" & then extending conclusions of those papers to the Cryptocurrency Security Standard (CCSS) and showing how to effectively map the CCSS with the CSA's CCM 4.0 framework for Enterprise deployments of secure Crypto assets".
  • Introduction to the Cloud Controls Matrix v4.0 Recorded: Oct 1 2021 37 mins
    Lefteris SKOUTARIS (Program Manager, CSA)
    The presentation aims to provide a synopsis about the latest release of the Cloud Control Matrix version 4.0, a greater insight into its development and new components, the current activities of the CCM working group (ongoing works, published and future works) and finally an update on CSA’s STAR program and transition policy from CCMv3.0.1 to CCMv4.0.
  • Smart Vehicle Ecosystem - Security Challenges IoT Cloud & Mobility Recorded: Oct 1 2021 31 mins
    Dr. Lopa Muddra BASUU (APAC Research Advisory Council​ Member, CSA)
    IoT Cloud Convergence Elevated the Smart Vehicle Ecosystem boosted by Mobility. With enhanced experience, security challenges increased manifold. Striking a balance between risks & user experience became the most challenging ball game. Secure Cloud capabilities can be strategically used to address technology risks.
  • Establishing Cloud Audit Expertise Recorded: Oct 1 2021 23 mins
    Ekta MISHRA (APAC Membership Director & Country Manager - India)
    As the cloud becomes increasingly essential to organizational IT strategies, working knowledge of cloud security best practices is crucial. Cloud computing represents a radical departure from legacy IT which means that IT audits must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure. Traditional IT audit education and certification programs are not developed with an understanding of cloud computing and its many nuances. Developed by CSA and ISACA, the Certificate of Cloud Auditing Knowledge (CCAK) credential and training program fills the need for vendor-neutral, technical training and credentials in cloud auditing. Learn how CCAK prepares you to address the unique challenges of auditing the cloud, ensuring the right controls for confidentiality, integrity and accessibility, and mitigating risks and costs of audit management and non-compliance.
  • Cloud Workplaces - Managing The Risks Recorded: Oct 1 2021 28 mins
    Keith PRABHU (Chairman, CSA Mumbai Chapter)
    ​While the Cloud has been gaining in adoption for the last decade, the pandemic challenges of the last 2 years has made the move to the Cloud inevitable. The last 2 years have seen massive adoption of Cloud, Mobile Computing and telecommuting. Organizations went into an overdrive to move workloads to the Cloud and equip the workforce with laptops and remote access. This trend will only continue and a hybrid working environment will develop. However, this hybrid environment has widespread ramifications on information security, privacy and business continuity. This hybrid working environment has increased the attack surface and has forced organizations to be more "elastic" yet secure in meeting security demands. New approaches are required to meet these new challenges in information security, privacy and business continuity. Organizations will have to embrace concepts of Zero Trust and Cloud Security Controls. The increasing focus on privacy would need more emphasis on implementation of privacy by design. Organizations will have to move to the more mature model of "resilience" rather than the current model "business continuity".
  • CSA Guidance on Mobile App Security Testing Recorded: Oct 1 2021 20 mins
    Parveen ARORA (Co-Founder & Director, VVnT Foundation)
    The advent of Mobile Apps, as a default and mandatory requirement, with every service has caused an explosion in usage of smart mobile devices. The use of mobile applications over cloud have surpassed websites as the avenue of choice when it comes to consuming services and hence the rise in mobile application testing services market (valued at USD 13.6 billion by 2026 growing at 20.32% CAGR during the forecast period 2019–2026). CSA aims to continuously improve and increase open-source security standards and thereby enhance mobile applications security. The Mobile Application Security Testing (MAST) whitepaper by CSA provides best practices for the security testing of mobile applications.

    ​This session covers its application approach to MAST landscape to overcome growing application security challenges.
  • Continuous Compliance in Cloud Recorded: Oct 1 2021 34 mins
    Raj SHASTRAKAR (Serverless Working Group Member, CSA)
    The presentation will cover how continuous compliance can be achieved in a multi-cloud environment, in near real-time. It will also cover the strategy on anti-drift pattern, mitigation at scale, and mitigation-as-code approach.
  • Securing IoT Ecosystem leveraging CSA's IoT Framework Recorded: Oct 1 2021 17 mins
    Renu BEDI (IT Security Manager, PwC)
    ​The internet of Things (IoT) brings increased connectivity to all industries and business markets, enabling a wide range of services for customers, stakeholders, and service providers. IoT security risks could result in loss of business or life. Device manufacturers and organizations can leverage CSA's IoT framework to reduce risk to an acceptable level by implementing end-to-end security controls. ​
  • Keynote : ​Cyber Resilience Recorded: Oct 1 2021 44 mins
    Praveen KULKARNI (Country Manager - Security Risk & Governance, Micro Focus)
    The cyber threat landscape is changing and evolving, the notion that enterprises are safe and that one needs to protect against future threats has changed to a position where enterprises could be at threat with adversaries in their midst. One needs to change to an adversarial mindset and adopt a security posture to be able to positively adapt within this context.
  • Keynote : Stepping Up the Security Journey Recorded: Oct 1 2021 16 mins
    Ramesh NARAYANSWAMY (CTO, Aditya Birla Capital)
    In this session we will discuss about the changing nature of digital transformation and how it is altering the thinking in the security landscape. It will cover the ways to integrate security at every step of development life cycle.
  • Welcome Remarks, Welcome Address & Opening Address Recorded: Oct 1 2021 26 mins
    Dr. Hing Yan LEE, Ekta MISHRA & Jim REAVIS
    Welcome Remarks
    ​Dr. Hing-Yan LEE (EVP APAC, CSA)

    Welcome Address
    Ekta MISHRA (Country Manager India, CSA)

    Opening Address
    Jim REAVIS (Co-Founder & CEO, CSA)
  • The Top Mistakes in Cloud Security and How to Avoid Them Recorded: Sep 30 2021 33 mins
    Yaniv Bar-Dayan, CEO and Co-founder, Vulcan Cyber
    Gartner Research recently predicted that “through 2025, more than 99% of cloud breaches will have a root cause of customer misconfigurations or mistakes.” Now that we know where we should focus our efforts to secure the enterprise cloud services we use, we should be able to move quickly to address mistakes and mitigate risk. Right?

    It's never that easy. But if we understand where our cloud security weaknesses exist and if we effectively prioritize risk and mitigate self-induced vulnerabilities, we'll be way ahead of the game.

    Cloud security is almost never the cloud service provider's problem and the sooner we take responsibility for the security of our cloud application infrastructure, the quicker we can mitigate risk.

    Unfortunately, cyber security initiatives too often fall short of objectives to actually secure cloud infrastructure. Lots of scanning and configuration checks, but not a lot of mitigation and remediation. There are so many moving parts in modern cloud application infrastructure, with dozens of stakeholders, and a crush of vulnerabilities and misconfigurations that are growing exponentially.

    Join Yaniv Bar-Dayan, Vulcan Cyber co-founder and CEO, to learn from the top mistakes we've seen time and again in enterprise cloud security. Join us to learn about:

    • The top five mistakes in cloud security.
    • How to avoid these mistakes.
    • The latest native AWS, Azure, and Google Cloud security tools available today to help you enforce cyber hygiene across your multi-cloud surfaces.
  • How to Protect Your Cloud Environment from Supply Chain Attacks Recorded: Sep 29 2021 56 mins
    Ami Luttwak, Chief Technology Officer, and Alon Schindel, Product Architect, Wiz
    Supply chain attacks are on the rise with high-profile breaches such as Mimecast and Kaseya changing the way we approach supply chain risk. Cloud environments are particularly exposed because cloud identities are complex and even innocent looking privileges requested by third-party vendors can lead to unexpected levels of access. Research from Wiz Labs recently found that 82% of companies unknowingly provide third-party vendors highly privileged roles in their cloud environment. In this session, we will explore supply chain risks in the cloud and how to mitigate them to harden your cloud environment against attack.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Impact of Trickbot and How It Affects State Infrastructure
  • Live at: Nov 12 2020 7:00 pm
  • Presented by: Alexander Heid, Chief Research & Development Officer, SecurityScorecard
  • From:
Your email has been sent.
or close