Name: Live analysis: 2021 Hacker-Powered Security Report
Start: 2022-03-17T20:00:00Z
End: 2022-03-17T20:00:58.000Z
Location: BrightTALK
Rating: 5

HackerOne pinpoints the most critical security flaws across an organization’s attack surface with continual adversarial testing to outmatch cybercriminals. HackerOne’s Attack Resistance Platform blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to reduce threat exposure and empower organizations to transform their businesses with confidence. Customers include Citrix, Coinbase, Costa Coffee, General Motors, GitHub, Goldman Sachs, Hyatt, Microsoft, PayPal, Singapore’s Ministry of Defense, Slack, the U.S. Department of Defense, and Yahoo. In 2023, HackerOne was named a Best Workplace for Innovators by Fast Company.

The 8th Annual Hacker-Powered Security Report just launched. How can you interpret it to make the case for your own human-powered security program, attract more security researchers to your programs, or incentivize more impactful vulnerability reports? 

This webinar, featuring HackerOne customers and a leading member of our security researcher community, will answer that question.

From Data to Results: Building Resilience with Insights from the Hacker-Powered Security Report

In an era of increasing regulatory scrutiny, financial services organizations face mounting pressure to meet stringent cybersecurity compliance mandates. This session explores how HackerOne’s Vulnerability Disclosure Program (VDP) empowers financial institutions to meet these mandates while strengthening their security posture. We will discuss the essential role of VDPs in uncovering hidden vulnerabilities, fostering trust with regulators, and demonstrating proactive risk management. Attendees will gain insights into leveraging the HackerOne platform to streamline compliance processes, enhance transparency, and safeguard sensitive data, all while navigating the unique challenges of the finance sector.

The Compliance Advantage: Strengthening Financial Cybersecurity with HackerOne's VDP

As the cybersecurity landscape continues to change, understanding the perspectives of security researchers is essential for effective risk management.

In this 30-minute webinar session, we’ll dive into the top five takeaways from the 8th Annual Hacker-Powered Security Report. With practical examples and actionable recommendations, you’ll learn how to:

Ensure that AI deployments are secure and trustworthy 
Enhance your approach to vulnerability management 
Implement demonstrably valuable security measures
Watch this fast-paced exploration of the vital role of human expertise in the AI era.

5 Things to Learn from the 8th Annual Hacker-Powered Security Report

New threats emerge faster than any security team can fight them, which is why implementing an always-on vulnerability disclosure program (VDP) is not just a wise decision—it's becoming a standard practice mandated by government regulations and global compliance frameworks. Having a VDP openly demonstrates your organization's commitment to security, showcasing transparency, accountability, and a proactive approach to safeguarding your systems.

Why Implement a Vulnerability Disclosure Program (And How to Do It)

For retail, a security breach costs $2.96M on average—and traditional security measures can’t keep up with evolving threats. To protect your customer data and your reputation, proactive, always-on testing powered by ethical hackers is the way forward. watch this Q&A with Swiss sportswear brand On and HackerOne to learn the real-world benefits and practicalities of a human-powered security testing program for retail and e-commerce.

Retail Under Attack: HackerOne Customer Insights on Outsmarting Cybercriminals

Relying solely on internal teams and automated tools can leave crucial vulnerabilities overlooked. Traditional methods struggle to keep up with limited resources, evolving threats, and complex systems.

Enter HackerOne Bounty: Leveraging the expertise of the world's largest ethical hacker community, we offer proactive, continuous testing of your digital assets. Our custom-tailored bug bounty programs connect you with top-tier security researchers—and offer financial rewards to incentivize these creative minds to uncover novel and elusive vulnerabilities in your systems.

Everyone from seasoned security professionals to curious enthusiasts will find value in this session.

Continuous Security with HackerOne Bug Bounty: Cyber Defense Done Right

In this panel session from the 2024 Cybersecurity Summit, you'll hear from experts from HackerOne, Google Cloud, Ping Identity, Automox, and HID about how to manage your attack surface, plan for the continuing influx of AI tools and technology, and protect your organization against ransomware, DDoS attacks, and more.

2024 and the Biggest Threats to your Business

Talent shortages, launch delays due to skillset and staffing gaps, and challenges in retaining seasoned pentesters. These all create serious barriers to running successful and consistently effective pentest programs. 

Inefficiencies in everything from coordinating schedules to monitoring coverage, tracking remediation, and maintaining a cadence of communications for high-risk issues can undermine productivity and reduce security effectiveness. 

Watch this on-demand demo (the first 10 mins) followed by a Q&A to see how the security industry’s leading Pentest as a Service (PTaaS) platform, combined with talented and thoroughly vetted pentesters, can create a responsive program filled with meaningful findings that deliver on its ROI promise.

Beyond Traditional Testing: Elevating Cybersecurity with HackerOne Pentests

Exploited vulnerabilities are the most common root cause of the most significant ransomware attacks in the financial services sector. At the same time, nearly half of security professionals say that testing too late in the development cycle remains a major source of frustration. So why are we still failing to catch vulnerabilities earlier? The structure and priorities of development and security teams remain at odds for most organizations. In fact, few “shift left” initiatives have successfully gone to plan. 

Developer productivity is still often measured on speed of deployment, at the expense of security. Failing to catch vulnerabilities before code is released overburdens small security teams, stalls code production, and increases the risk of costly data breaches that erode brand trust.

In this on-demand recording from the December 2023 Finance & Risk Cyber Security Summit, HackerOne's CTO, Alex Rice, will demonstrate how we can reframe our thinking, team structures, and culture to recognize that security is a process, not a destination. Security teams must adopt an advisory role for development that embraces how developers work and supports developer-first initiatives to drive secure outcomes.

Shift Left Is Dead: A Post-Mortem.

Gain invaluable insights on quality-driven pentesting from our virtual "Ask Me Anything" (AMA) session, tailored for security leaders skeptical about the impact and results of community-driven pentesting. You'll have direct access to the representatives from the elite top 10% of pentesters from HackerOne's 2 million-strong ethical hacking community, selected for their proven skills in rigorous testing environments. Address your doubts in this hour-long interactive panel, dissecting everything from web app vulnerabilities to compliance intricacies, all through the lens of methodical, results-oriented pentesting.

Who Should Join

This session is essential for security decision-makers who are weighing the benefits of community-driven pentesting against traditional models. If you're seeking to understand how collaborative security efforts can align with and enhance your business's security posture, this AMA will provide the clarity and reassurance needed to make informed decisions about your security strategy.

Check out this on demand webinar to see how structured, community-driven pentesting can yield quality outcomes and provide ongoing security assurance!

Truth Behind the Hack: Elite Pentesters Tell All in a Live Q&A

With the 2024 election right around the corner, security and integrity are on the minds of U.S. constituents. 

In this on-demand webinar, cybersecurity and election integrity subject-matter experts from The Elections Group and HackerOne discuss the success of a 2023 hacker challenge conducted by the Election Security Research Forum and leading voting technology providers—and give some tips on how state and local government leaders can leverage the findings to improve their security stance. The webinar also discusses the intersection of IT infrastructure and cybersecurity and how CVD can help election officials improve internal processes while building trust with constituents.

Ready for 2024: How CVD/VDP Can Boost Election Integrity and Public Perception

Hackers gather in London, U.K. to partner with the Salesforce security team as they work to keep their digital landscape and users safe. Hosted by HackerOne in June, 2023.

H1-4420: Salesforce's Live Hacking Event in London

Learn how the global talent of the ethical hacker community can help you with your preemptive security, delivered via Pentest as a Service (PTaaS), to streamline validation and fix vulnerabilities fast. See how PTaaS can help you:
- Reduce risk in real-time.
- Find more critical and high vulnerabilities.
- Accelerate pentest results to find and fix security issues faster. 
- Go above and beyond compliance. Satisfy requirements for SOC 2 Type II, PCI DSS, ISO 27001, HITRUST, FISMA, SOX, and GDPR.

The Power of Pentesting as a Service (PTaaS)

Recent Enterprise Strategy Group (ESG) survey data from Jon Oltsik, Distinguished Analyst and Fellow, indicates that for 87% of respondents, ensuring secure and available applications is a top priority. 

Though the importance of app security is paramount, ESG also noted the following persistent roadblocks:
• Maintaining security consistency across data center and public clouds where cloud-native apps are deployed
• Use of multiple cybersecurity controls that increase costs
• And lack of visibility into public cloud infrastructure where apps are hosted.

Jon Oltsik showcases 9 advantages of continuous penetration testing to enhance your company’s app security, as well as 5 ways to improve pentesting itself, in this custom ESG webinar. 

Join the discussion to view Oltsik’s vendor-neutral analysis of the state of app security, glean ESG’s latest survey data, and overcome your own app security challenges.

ESG Analysts on the Value of Continuous Penetration Testing

A well-designed and purposefully run bug bounty program can have a tremendous impact on your organization's attack resistance. A few fundamental steps will help you hit the ground running, so you can successfully launch and maintain a high-performing bounty program.

In this webinar, HackerOne’s field experts will walk you through what you need to know, drawing on their firsthand experience planning bug bounty programs for organizations ranging from federal governments to SMBs and global enterprises. You’ll learn how they set up customers for success and how mature programs operate to derive maximum value.

Key takeaways:
- Pre-launch steps for an effective public or private bug bounty program
- Day-to-day operational practices to ensure consistent results and maximum ROI
- Real-world examples of how bug bounty programs drive hacker engagement and track results 
- How HackerOne Bounty can help reduce recurring vulnerabilities by up to 98% and enable organizations to release secure products faster

Frontline Tips for Managing a High-Performing Bug Bounty Program

2023 is panning out to be another challenging year for security leaders. Between the looming recession, ongoing tech layoffs, and climbing security incidents, uncertainty looms large.

Get tips for recession-proofing your security strategy from seasoned CISOs who’ve been through this before. HackerOne’s CEO will lead this roundtable discussion with CISOs from Cisco Security Business Group, Xerox, and Sumo Logic to learn about:
—Lessons learned from past recessions and what security leaders can do to prepare
—Tips for consolidating and investing strategically for the best security outcomes
—How to adjust your security strategy if you face resource constraints

Recession-Proof Your Security Program

Grammarly Shares How It Pinpoints the Most Critical Flaws in Its Attack Surface with Help from Ethical Hackers.
As a company selling writing assistant software to enterprises, Grammarly understands that product security is not a one-and-done initiative. Join this executive fireside chat to hear directly from Grammarly’s CISO about the value they get from adversarial testing via the HackerOne platform and its legion of ethical hackers.

Alex Rice, CTO and Co-founder at HackerOne and Suha Can, CISO at Grammarly will discuss how bug bounty and penetration tests fit into Grammarly’s preemptive security programs and how Suha measures the value of these solutions.

Register for the webinar to discover:

-How to effectively leverage bug bounty and pentesting in your application security strategy.
-The value of working with a crowdsourced security platform.
-How to prove the value of preemptive security initiatives to your non-security stakeholders.

The Impact of Preemptive Security

How do you extend your current identity provider to connect to multi-cloud environments? How do you use your current user store to single sign-on (SSO) into private servers?

We all know that SAML lets you single sign-on to SaaS apps. But how do you extend those same enterprise identities to securely connect and SSO into sensitive resources such as production servers, remote desktops (RDP), terminals (SSH), databases (SQL) and homegrown web apps?

Join this session to learn:
• Why identity based access policies are key to securing access for any user
• How Zero Trust Network Access (ZTNA) architectures tighten enterprise security
• Privileged access management (PAM) for DevOps access to multi-cloud 
• Perks of ZTNA for BYOD and third parties
• Operational and auditing efficiencies offered by ZTNA for private access

Stay one step ahead with the latest innovations in secure multi-cloud access!

Not Just SAML: How to Extend your Identities to Multi-Cloud & Private Resources

It's no longer news that we need to support and secure increasingly distributed organizations. As companies look for long-term solutions for their hybrid and fully remote workforces, one thing is clear - identity is the new perimeter for businesses today. An identity-first approach to security reduces today's cybersecurity risks and provides the foundation for a zero trust security strategy. A modern Identity solution can also help you tie the complexities of protecting people and assets together in a seamless way. 

Join this session to learn:

• How to enable and secure a hybrid workforce 
• How identity can lay the foundation for any zero trust security initiative
• What zero trust projects your peers are thinking about now and into the next 12-18 months

Securing the Hybrid Workforce: How to Establish Trust in a Zero Trust World

Securing the Hybrid Workforce - Establishing Trust in a Zero Trust World

Cloud Security Operations teams have a multitude of responsibilities, including vulnerability management, threat management, security and infrastructure configuration and management, as well as incident response. Clearly, they need modern tools to help them manage and make sense of the volume of data and work across their complex environments. However, the fractured and disconnect enterprise security ecosystem makes this difficult or impossible in most environments.

Zero Trust security brings with it the possibility of applying a holistic and unified policy model across these heterogeneous environments. Zero Trust has become mainstream, even being mandated by the recent US Presidential executive statement ordering such an approach for US government agencies. So, how does Zero Trust apply to cloud SecOps environments?

In this fireside chat, two industry experts share their thoughts and insights on this topic. Attendees will learn:

• What is Zero Trust, and how does it apply to Cloud SecOps?
• Why automation is critical to a successful Zero Trust program, and even more important for Cloud SecOps
• Why Zero Trust policies are so important in cloud environments
• Ways in which workload metadata and user attributes are used in Zero Trust policies
• How organizations can implement “security as code” with a Zero Trust approach

Zero Trust Security Automation: Supercharging Your Dilithium Crystals

Threats have changed over the years and so have the targets. It’s not just your perimeter that is at risk, it’s your customers, your supply chain, your employees and your business reputation that could be easily tarnished with just one breach. In this session, we’ll cover how and why you should consider an integrated approach to IT security, with an ecosystem of vendors that work together for the greater good. One solution will not solve all the threats, a layered approach is better but deep integration with the sharing of threat data at speed is a modern necessity.

In the session we will cover:

• How to look at an integrated approach to IT security. 
• Why a layered approach is good but integrated is better.
• Integrations and Mimecast 1+1=3

Why an integrated approach to security is no longer a choice

Cloud adoption has witnessed exponential growth over the past few years. It provides many advantages for both individuals and organizations. 

However, at the same time, many new cyber security risks have arisen due to this rapid growth of cloud adoption. These new security risks can be mitigated by adhering to cloud adoption good practices. One of those steps is monitoring the cloud entities once the workloads have been deployed. Unfortunately, this is perhaps the most overlooked aspect of cloud security, thus enabling Threat Actors to launch Cyber Attacks against deployed workloads.  

In this presentation we will discuss:

• Importance of monitoring your cloud entities
• How cloud monitoring helps with threat detection
• Steps to keep cloud entities safe

Detect Cloud Threats via Monitoring

John Christly, VP and CISO at Core Business Solutions joins BrightTalk to discuss some best practices as it relates to protecting your systems and data in the cloud. As more and more companies seek to migrate to the cloud and as data breaches and issues such as ransomware continue to create havoc for companies, the need to protect these systems becomes a major issue that needs careful consideration. 

This session will explore solutions to this challenge and offer some best practices that should be deployed to give you, your company, and your customers better piece of mind.

Best Practices for Cloud Monitoring and Breach Prevention

Data breaches, misconfiguration and inadequate change control, a lack of cloud security architecture and strategy, and insufficient identity and access management were among the biggest security challenges in 2021 for all industries operating in the cloud.

These issues are not unique to any particular industry, but fortunately, they have common solutions.  In this panel discussion, we’ll discuss the importance of cloud controls, as well as: 

- What the C Suite needs to know about Cloud Security
- Why Cloud Security is not an IT problem, it’s a business problem
- The importance of building a cloud security architecture and strategy
- Why managing sufficient identity, credential, access, and key policies

Moderated by: 
Michelle Drolet, CEO, Towerwall

Participants include: 
Antonio Sanchez, Technical Lead, Product Marketing, Alert Logic
Justin Crowley, Principal Sales Enablement Manager, Forcepoint
Dor Dali, Director of Information Security, Vulcan Cyber

Cloud Security in 2022: Challenges and Solutions

Secure access to cloud is broken. By now, you must already know that the traditional VPNs are the weakest links when it comes to secure access into your mission critical infrastructure. This is due to two fundamental flaws. 

VPN aka virtual private network, as it suggests, provides a virtual network extension over a secure link. That means, if the endpoint that is connecting over the VPN, is compromised, an attacker can gain secure access your infrastructure.

Once insider your network, the intruder now has the license to roam within the subnet/VLAN and, unless you have an error free setup, perhaps the intruder has the license to roam across the enterprise.
 
Time and again, we have witnessed VPNs being exploited by the adversaries and, if you want to stay protected, please ensure that you get off the traditional VPN train first.

The modern-day alternative to VPNs is called Zero Trust Network Access (ZTNA). However, the ZTNA solutions lack end to end segmentation. That means, if the attacker somehow gains access to one of your hosts over ZTNA, the attacker will then be able to roam laterally withing your organization. This is the predominant way for Ransomware to spread and compromise most of your assets.

What you need is a combination of modern Secure Access technology coupled with an agentless micro-segmentation solution and a potent incident response tool.
 
This will be the focus of our session. In this session, you’d learn how to
• Provision agentless segmentation at scale across your organization for all your assets – TV, Toaster, Laptops, VMs, Servers, and even containers
• Gain end-to-end visibility and control for all traffic
• Secure high value assets distributed across your organization
• Deploy a Ransomware Kill Switch™ that prevents ransomware spread

The correct way to “Cloud-Access”

As organizations move to the cloud to reach new heights of productivity and to better serve customers, their security infrastructure is under pressure to reduce risk. Companies face the challenge of securing an ever-changing attack surface across multiple cloud-native applications components including APIs, containers, VMs, serverless functions and open source software. As development teams grow and achieve faster release cycles, companies must scale security with the volume of releases while teams are vastly outnumbered. 

Learn more about key trends and best practices to face the current challenges and manage cloud-security risk in this keynote session.

Scaling Security to Manage Cloud-Native Risk

Complete Cloud Security

According to Statista, a global market and consumer data provider, between 2021 and 2023, the percentage of organizations adopting a multi-cloud strategy will grow for midsize companies from 76% to 84%, and for large enterprises from 90% to 94%.

Cloud providers offer many security monitoring and threat detection options, but what if you subscribe to more than one? Adopting security monitoring tools from each provider can increase complexity and bring significant overhead to security operations teams. 

For years, security information and Event Management (SIEM) solutions have been collecting and consolidating data from multiple sources for centralized threat detection. Still, multi-cloud brings a new scenario with different data sources, higher volumes, and unknown threats. How does SIEM have to evolve to adapt to this new reality?

Join Augusto Barros, VP of Solutions and Cybersecurity evangelist, and Brian Robertson, Senior Product Marketing Manager at Securonix, to learn about:

· Why is it hard to perform security monitoring in a multi-cloud scenario?
· What are the limitations of traditional SIEMs to support multi-cloud needs?
· What do you need to look for in a new approach and architecture that enables the SIEM to be the right solution to detect threats in a multi-cloud world?
 
Speakers:
Augusto Barros was most recently the Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. He has over 20 years of experience in the IT security industry as an analyst and a security architect and officer for large enterprises.

Brian Robertson has over 20 years of experience helping organizations solve critical application delivery, network, cloud, and security challenges working with industry leaders who not only are looking at the challenges of today but are looking at the horizon for the challenges of tomorrow.

SIEM: Threat Detection and Response for your Multi-cloud World

Security remains a leading barrier to cloud adoption. It stands to reason that all major cloud providers are scrambling to offer native vulnerability scanning and security services, often for free, to help their customers gain confidence in their cloud risk posture.

But the vulnerabilities are piling up, attack surfaces are expanding, and cloud security teams are struggling to maintain SLAs. A passive approach isn't going to protect businesses in the cloud, and traditional approaches to cyber security don’t work for cloud security.

Attend this session to learn how to pave the path to cloud with cyber security built for cloud, not for traditional information technology. And learn how to get the most out of an untapped and growing portfolio of native cloud security tools, like the new Amazon Inspector, to help your teams proactively measure, prioritize and mitigate cloud risk.

Cyber Security Needs a New Path to Cloud Risk Mitigation

Forcepoint ONE is the answer to the problem you don’t know you have – a converged cloud security platform that brings together CASB, SWG and ZTNA services. So what is the problem? In a word, complexity – Complexity caused by access to hundreds, sometimes thousands of clouds apps. Complexity caused by your people being everywhere and using multiple devices. Complexity caused by disparate security products, creating gaps and overburdening IT.

In this webinar, VP of SSE platforms Shane Moore, is joined by Consulting Solutions Engineer Nick d’Amato, to take a problem first approach; breaking down the key security challenges your business faces and exploring the key areas of risk created by your people as they simply go about getting their work done.

By demoing key risky activities, they will show how to:

- Prevent sensitive cloud data misuse when accessed by unmanaged devices.
- Safeguard company data on trusted devices.
- Provide Zero Trust access to company apps for the home user.
- Plus share a high-level overview of the Forcepoint ONE platform.

Join us and see how you can beat complexity and simplify your security.

Core cloud data risk scenarios – and how to stop them

As organizations migrate workloads to the cloud, infrastructure becomes more hybrid in nature and the attack surface increases, making end-to-end visibility a necessary tool in reducing the risk and improving the response time to cybersecurity breaches.

As a validated Networking, Migration, and Public Sector Partner, NETSCOUT Systems, Inc. collaborated with AWS to provide first-of-its-kind end-thru-end visibility across the hybrid cloud to efficiently mitigate security risks while decreasing the operational overhead.

Join us to learn how NETSCOUT Omnis Cyber Intelligence (OCI) with a global threat intelligence feed and AWS Security Hub operate in concert to enable IT teams to reduce the Mean Time to Restore (MTTR) of security breaches, by utilizing:

• Advanced Early Warning
• Continuous Attack Surface Monitoring
• Contact Tracing
• Back in Time Investigation

De-Risking Cyberthreats Throughout the AWS Migration Journey

Considering how much—and frequently—security shifts in the customer landscape, we believe Identity Management is at the epicenter of digital transformation and the next generation of enterprise IT. The changes in identity systems and services over the next five years are expected to be as disruptive as the new business models, applications and ecosystems they are supporting.

In our presentation we will look ahead to the future of identity & access management, talk about specific projections as to where we believe Identity Management will be going over the next five years and describe a model for identity abstraction that provides an extensible services oriented architecture. We include newer disruptive models such as DevOps/microservices in identity systems, cloud-based IAM, self-sovereign identity leveraging blockchain, IoT support, evolving privacy regulations, and new governance and provisioning models.

What to Expect: Future Trends in Identity and Access Management

Attack surfaces are growing due to cloud migrations and widespread outsourcing. But security teams don’t know where they’re vulnerable—and can’t keep up with emerging threats in their supply chain. Watch this recording of HackerOne’s CISO, Chris Evans, to learn how ethical hackers help security teams gain control, even in the most highly regulated industries.

Chris provides expert context for the findings in the latest Hacker-Powered Security Report: Industry Insights. Watch the session to:

Understand how you can use the report to reduce your application exploitability 
Find out how and why the OWASP Top 10 vulnerabilities are changing—and what that means for your security priorities 
Learn which strategies work best for your industry, based on data from HackerOne’s global customers
Get your questions about application security, vulnerabilities, and bug bounty trends answered by an industry veteran

Live analysis: 2021 Hacker-Powered Security Report

Cyber Security

Cyber Attacks

Security

Cloud

Cloud Migration

Threats

Security Threats

Application Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Live analysis: 2021 Hacker-Powered Security Report

Presented by

About this talk

HackerOne