Hi [[ session.user.profile.firstName ]]

Bitglass Briefings Part 2: CASBs and Office 365: The Security Menace

Office 365 and other SaaS apps offer a number of advantages over premises-based apps, from easy access and deployment to lower costs. A key advantage of SaaS apps is IT's ability to shift the burden for app and infrastructure security to the cloud vendor while data security remains the responsibility of the enterprise. Migrating to Office 365 introduces several new avenues for data leakage: one-click sharing, desktop sync clients, unmanaged device access, and many more. Bitglass and (ISC)2 presents Episode 2 of our CASB Wars webinar trilogy on November 17, 2016 at 1:00PM Eastern where we explore the security gaps in Office 365 and how a Cloud Access Security Broker (CASB) can help mitigate the threat of data leakage across all SaaS apps. Using real-world use cases, see where native Office 365 security falls short and how a CASB can protect data end-to-end, from cloud to device.
Recorded Nov 17 2016 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Salim Hafid, Product Marketing Manager, Bitglass
Presentation preview: Bitglass Briefings Part 2: CASBs and Office 365: The Security Menace

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Protecting the Enterprise: 5 Components needed for Cybersecurity Training Apr 13 2021 5:00 pm UTC 60 mins
    Brandon Dunlap, Moderator
    It’s difficult to prescribe a one-size-fits-all approach to training your cybersecurity team. While cybersecurity training needs to be structured and adhere to industry standards, it also must be purposeful and tailored to your organization’s needs. No one organization has precisely the same security needs as another. However, many of the fundamentals of a training and education program apply across different organizations and sectors. Join (ISC)2 for a panel discussion on Tuesday, April 13, 2021 at 1:00PM Eastern as industry leaders share tips they’ve learned and strategies they’re working towards to conquer a secure and compliant cybersecurity training program. Areas for discussion will include:

    · Who needs training

    · Who is responsible for training

    · Determining the curriculum

    · Training and certification

    · Ensuring training effectiveness

    Be prepared for an hour well-spent and discover how to create a cybersecurity training plan that maps to your organization’s specific needs.
  • The Security Outcomes Study: A Blueprint to Enable Growth and Mitigate Risk Apr 6 2021 5:00 pm UTC 60 mins
    Cindy Valladares, Head of Security Thought Leadership, Cisco; Steve Caimi, Cyber Specialist, Cisco; B. Dunlap, Moderator
    Cybersecurity is about priorities, but the challenge is knowing what works and what doesn’t. What if you could learn from thousands of peers, around the globe, about how they’re succeeding? You can. Cisco recently commissioned the Security Outcomes Study, outlining which security best practices lead to the most impactful results. Join Cisco and (ISC)2 on April 6, 2021 at 1:00PM Eastern for a discussion that will cover:

    · The business outcomes that cyber professionals are working to achieve

    · The specific security practices that contribute the most

    · How to use their advice to improve your cyber program today
  • SolarWinds Fallout Has Execs Asking: How Secure is Our Supply Chain? Mar 30 2021 5:00 pm UTC 60 mins
    Brandon Dunlap, Moderator
    The ramifications of the SolarWinds incident continue to evolve as more details emerge about the impact it had on a wide range of organizations. A recent survey of more than 300 cybersecurity practitioners by (ISC)2reveals just how concerning the incident was and what these professionals recommend to shield organizations from similar supply chain threats. Join this panel discussion on March 30, 2021 at 1:00pm Eastern to hear anecdotes and best practices related to third-party technologies in the security stack, and how peers in cybersecurity leadership positions are future-proofing their defenses while planning for worst case scenario.
  • Inside (ISC)²: Updates on Exams and Certifications Mar 23 2021 5:00 pm UTC 60 mins
    Clar Rosso, (ISC)² CEO; Dr. Casey Marks, Chief Product Office and VP, (ISC)²
    Clar Rosso, CEO of (ISC)2 shares the latest insights on what’s happening at our association. Join us for this quarterly update where we cover the latest developments at (ISC)2, ranging from certification to member benefits, continuing education and events, to major milestones and achievements.

    Joining Clar this quarter is Dr. Casey Marks, chief product officer and VP of (ISC)2, to discuss the latest in Exams and certifications.
  • Global Impressions: Endpoint Security Strategies for the Long-Term Mar 18 2021 5:00 pm UTC 60 mins
    Bob Hansmann, Sr. Product Marketing Manager – Security, Infoblox; Brandon Dunlap, Moderator
    After a painful but relatively successful response to workplace changes driven by the pandemic, how well are those security measures working and what is next for the evolution of the SOC and endpoint security in specific? For most organizations, the future involves a larger remote workforce, of both full and part-time workers, including those in traditional HQ office roles. But many of the measures taken in response to pandemic conditions are proving less-than-ideal as long-term solutions. Join Infoblox and (ISC)2 on March 18, 2021 at 1:00PM Eastern for a session that will draw on recent analyst reports and surveys conducted globally, with some North American specific call-outs, to help attendees to better understand…· Which security alternatives are leaders considering as long-term solutions, and why?

    · What techniques are helping to improve visibility for users and devices regardless of their location?

    · Why are security leaders evolving methods for obtaining and using cyber threat intelligence?

    · How can embracing automation improve response times and overall operational efficiencies?
  • Gigamon #2: Securing the Hybrid Cloud: Optimizing SIEM Mar 9 2021 6:00 pm UTC 60 mins
    Muhammad Durrani, Technical Marketing Engineer, Gigamon; Brandon Dunlap, Moderator
    SIEM systems are pivotal to IT organization’s security operations. Many companies are adopting a hybrid cloud model, and cloud-based SIEMs are becoming common as a result. Regardless of on-prem or cloud deployments, the challenges around SIEM remain the same, from data overload, lack of contextual information, to high costs. Security best practices in deploying SIEMs also remain unchanged, which include establishment of use cases, data ingestion types and development of parsers for various tool vendors. On March 9, 2021 at 1:00pm Eastern, Gigamon and (ISC)2 will present a webinar that will cover solutions to these challenges such as Gigamon’s Application Metadata Intelligence as well as various smart filtering techniques.
  • Gigamon #1: Securing the Hybrid Cloud: Visibility Best Practices Recorded: Feb 25 2021 62 mins
    Jim Mandelbaum, Senior Security Engineer, Gigamon; Brandon Dunlap, Moderator
    With the move to cloud and the multitude of approaches, your ability to effectively monitor and secure workloads gets even more difficult. IT complexity, the rate of change, lack of skills, and organizational silos have made confidently managing security and performance nearly impossible. Visibility is critical. Join Gigamon and (ISC)2 on February 25, 2021 at 1:00pm Eastern for a discussion of the security considerations for on-prem private, public and hybrid clouds. You’ll learn best practices and see how a little planning and design can go a long way. Achieve a secure and viable hybrid cloud implementation and get a high return on your investment. Join our session to learn how.
  • What's This Thing? Solving Asset Management for Security Ops Recorded: Feb 18 2021 59 mins
    Daniel Trauner, Director of Security, Axonius; Brandon Dunlap, Moderator
    SecOps teams struggle to quickly gather useful, accurate and up-to-date asset date to inform investigations. It’s important to correlate datea from multiple sources to understand the intersection of connected devices, cloud instances, user and security controls. Ultimately SecOps teams care most about alerts and investigations, but some of the most basic asset data challenges make getting context a massive pain. Join Axonius and (ISC)2 on February 18, 2021 at 1:00PM Eastern as we look at asset management and its impact for security operations.
  • Engaging Your Line of Business for Cybersecurity Initiatives Recorded: Feb 10 2021 60 mins
    Scott Bridgen, Head of OneTrust GRC; Sharon Smith, CISSP, Moderator
    Security cannot be done in a silo. The extent and nature of data shared across lines of business functions, both internally and externally, fuels instances of system and organizational vulnerabilities. GRC must transcend the traditional lines of defense, specifically risk managers and audit professionals. In this webinar, we’ll discuss roles and responsibilities of effective risk management practices. What can businesses do to better align key stakeholders? How can businesses incorporate Security by Design process and practices and where can technology support with structured data sets and automation? We’ll look at:

    · Aligning organizational goals, and department objectives to translate risk into business impacts.   
    · Automating GRC touchpoints into your line of business functions  
    · Integrating Audit to document and support continuous improvement initiatives
  • Darktrace #3: The Industrial Immune System: Securing IT/OT Converged Ecosystems Recorded: Feb 9 2021 59 mins
    David Masson, Director of Enterprise Security, Darktrace; Brandon Dunlap, Moderator
    The increasing convergence of information technology (IT) and operational technology (OT) in ICS environments creates significant challenges from a security perspective. Attacks originating in the inbox can now more easily disrupt processes on the factory floor. Further, many organizations are unaware of the extent of IT/OT convergence in their own ecosystems. Join Darktrace and (ISC)2 on February 9, 2021 at 1:00pm Eastern as we look at how Darktrace’s Industrial Immune System helps organizations tackle these challenges by providing a unified view of IT and OT networks. The self-learning AI detects threats throughout the ecosystem and the AI analyst also automates the investigation process in both IT and OT-specific contexts in order to augment human teams. The session will also include a discussion on how the system defended against a Serpent ransomware infection in real time.
  • From the Front Lines – Incident Response at Scale Recorded: Feb 4 2021 78 mins
    James Perry, Senior Director and Head of Incident Response, CrowdStrike Services
    In this session from our recent Security Congress event, you hear stories of CrowdStrike incident response engagements and how they have changed the model for how companies respond to a breach. Learn the methods CrowdStrike uses to disrupt and ultimately remove bad actors from networks.
  • Entrust #3: What Type of Passwordless Solution is Right for You? Recorded: Jan 28 2021 60 mins
    Madhur Bhargava, Product Marketing Manager, Entrust Identity; Sharon Smith, Moderator
    Passwords are easily the most irritable thing for securing your digital identity. Be it workforce or consumers, everybody gets bogged down with the task of remembering passwords for multiple websites and applications. They are also the weakest form of security, often hacked by cybercriminals. With the advent of biometrics and their widespread reach (thanks to smartphones), passwordless access became a reality with mobile push authentication. As biometrics are unique to every individual, it is a pretty secure way to access applications and authorize transactions. Passwordless techniques were further modified with the introduction of physical keys (USB devices). But the foremost approach to passwordless access is credential based authentication which works on the principal of securing both your device and identity. Join us for a session where we will talk about all things passwordless. We’ll examine:

    · How security paradigms changed with COVID-19 ?
    · Why is the world moving towards passwordless ?
    · Different types of Passwordless solutions offered by Entrust Identity
    · How to secure your workforce with Entrust Identity's high assurance passwordless solution
  • Darktrace #2: Threats in Focus: Nation-State Cyber Attacks Recorded: Jan 26 2021 61 mins
    Marcus Fowler, Director of Strategic Threat, Darktrace; Brandon Dunlap, Moderator
    Among rapidly evolving global challenges, the escalation of nation-state attacks is making cyber-attacks exponentially more dangerous and harder to identify. Mounted at speed and scale and backed by thorough resources, nation-state cyber-attacks often do damage under great stealth, steal sensitive data, and have even resulted in manipulation and distortion of information. In the face of sophisticated nation-state attacks, organizations are turning to Cyber AI, which detects the subtle signs of targeted, unknown attacks at an early stage, without relying on prior knowledge. Join Darktrace and (ISC)2 on January 26, 2021 at 1:00PM Eastern as we examine:

    · Paradigm shifts in the tide of nation-state cyber threat landscape

    · How Cyber AI singularly detects never before seen threats

    · Real-world examples of nation-state campaigns stopped with Cyber AI
  • Entrust #2: Rethinking Enterprise Security with a Zero Trust Approach Recorded: Jan 26 2021 59 mins
    Rajan Barara, Director, Product Management, Entrust Identity; Sharon Smith, Moderator
    Organizations around the world have transitioned to working from home in past months, and this transition has challenged advanced security models and user behaviors in a COVID-19 world. A significant number of users discovered that poor technology and/or infrastructure was the biggest barrier to effective remote working.

    As we speed towards the new normal of hybrid workplaces, organizations are reviewing their business continuity plans and restoring productivity to pre-covid times. Cybercriminals are getting smarter; work from home has expanded the enterprise perimeter; and the digital ecosystem is growing rapidly including new cloud applications. A significant part of IT Security effort is to ensure appropriate infrastructure and tools for their employees as well as top of the line cyber hygiene controls. Therefore, companies need a cyber security strategy that is consistent and crosses their on-premises perimeter. “Never trust, always verify”, is the bedrock of Zero Trust. With a Zero Trust model, every request to access information/data must be authenticated, authorized, and encrypted before permission is granted. It is not a product but an enterprise cybersecurity plan to protect its resources. In this session the participants will learn about:

    o Enterprise challenges in Zero Trust implementation

    o How Zero Trust responds to different risk factors

    o Ways to secure enterprise Hybrid environment

    o How Entrust's high assurance IAM solution helps in achieving Zero Trust
  • Entrust #1: Quickly and Securely Verify Individual Identities Online Recorded: Jan 25 2021 50 mins
    Jenn Markey, Product Marketing Director, Entrust Identity; Sharon Smith (Moderator)
    2020 has accelerated digital transformation efforts across the board. Projects with multi-year timelines are being executed in a matter of months and, in some cases, weeks. Increasingly, people are being interviewed, hired, and onboarded without ever having an in-person meeting. Customers are transacting online in record numbers out of necessity, convenience, and even safety. This new normal introduces the challenge of securely verifying individual identities, especially when an in-person identity check is not feasible. Modern identity proofing keeps your workers and customers safe and protects your organization. In the first part of this series, join us to learn best practices to:

    o Securely verify personal identities

    o Limit user friction in the verification process

    o Protect workforce and consumer identities

    o Mitigate risk of identity fraud
  • Threat Hunting: A Proactive Approach to Breach Defense Recorded: Jan 21 2021 61 mins
    Adam G. Tomeo, Product Marketing Mgr, Cisco; Eric Howard, Technical Marketing Engineer Mgr Cisco; Brandon Dunlap, Moderator
    Did you know that 1 in 4 companies are at risk for a major breach in the next 24 months? And with nearly half of alerts going uninvestigated at organizations around the globe, it’s no wonder this risk is so high. Reducing your organization’s mean time to detection can minimize the impact of a breach, but without a focused detection capability giving you visibility, breaches can go undetected for months, by which time extensive damage has already been done. Join Cisco and (ISC)2 on January 21, 2021 at 1:00PM Eastern for a discussion to learn about the value of adding threat hunting to your breach defense. We will examine the differences between starting an internal threat hunting team versus acquiring services from a third party and how you can leverage a hybrid model to take a more proactive approach to breach prevention.
  • August 2020 Summit #3: Technical Blue Print for Data Protection Recorded: Jan 13 2021 44 mins
    Ankus Chadda, Brandon Dunlap, Moderator
    This session will lay out the technical blue print to achieve data protection success. Discover why Forcepoint is a 9x Gartner MQ Leader for DLP. Forcepoint Dynamic Data Protection can allow your organization to prioritize high-risk activity and automate policies to protect data in near real-time, providing the highest security & workforce productivity. During this final session to the Path to Smart Data Protection learn how Forcepoint can help your organization:

    • Profile high-risk activity based on data incidents, data models and endpoint collector events
    • Dynamically allocate individual risk scores based on a person’s behavior and the value of the data they access
    • Apply automated controls to any interactions with sensitive data based on individual risk level.
  • August 2020 Summit #2: Explorations in Data Protection Recorded: Jan 13 2021 55 mins
    Jason Kemmerer, Sales Engineer, Forcepoint; Brandon Dunlap, Moderator
    During this session hear from a Forcepoint customer on why they chose Forcepoint as their Data Protection partner. Learn how a healthcare organization leveraged Forcepoint’s solution to span across multiple businesses, ingest and fingerprint data, support regulatory requirements, customize policies, implement across multiple domains, provide OCR and use a single pane of glass for policy configuration and enforcement.
  • August 2020 Summit #1: Data Protection Essentials Recorded: Jan 13 2021 45 mins
    Josh Jordan, Solution Specialist, Forcepoint; Brandon Dunlap, Moderator
    What data does your organization process? What policies exist? Who are your internal stakeholders? What is your organizations risk tolerance? What compliance regulations apply to your organization? This session will walk dig into how to operationalize a successful data protection program from the basics to demonstrating effectiveness.
  • May 2020 Summit #3: SASE for Data - Data Protection with Cloud DLP Recorded: Jan 13 2021 51 mins
    Greg Mayfield, Sr. Director, Product Marketing, Netskope; Brandon Dunlap, Moderator
    Data context is a core principle of SASE architecture and it requires visibility to data-at-rest and data-in-motion for data loss protection (DLP) policies and rules. Intersect these objectives with the overwhelming use of cloud apps freely adopted by business units and users, and you need cloud DLP. Legacy SWG solutions using ICAP for file-based DLP analysis are blind to cloud apps and the majority of data movement and use. While traditional cloud access security broker (CASB) deployments use API protection into several dozen managed cloud apps, it is the inline deployment that provides granular control for thousands of cloud apps in use, plus web traffic. Here are five areas to consider when updating your blueprint for data loss protection.

    1. First, your users are in the cloud and are now working remote. Plus, the majority of your data now resides in the cloud with wide SaaS adoption, so your DLP needs to be in the cloud. SASE involves a single pass design for data and threat protection, meaning your cloud SWG requires strong DLP for cloud and web traffic.

    2. Allow/block faces the same challenges for DLP, it needs to mature to ‘allow’ with granular policy controls for data protection. The cloud brings boundary crossings between company and personal instances, managed and unmanaged cloud apps, activity and context, plus app risk factors to recommend safer alternatives.

    3. While inline cloud SWG provides the foundation for cloud DLP, the benefit of SASE architecture is using the same DLP policies and rules for data-at-rest in managed apps with CASB, public cloud environments with cloud security posture management (CSPM), plus securing private access with ZTNA.
(ISC)² Security Briefings - In-depth examination of infosec topics.
(ISC)² Security Briefings brings attendees both stand alone webcasts and multi-part series on cutting edge infosecurity topics that gets deeper into the subject matter and technologies presented by subject matter experts.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Bitglass Briefings Part 2: CASBs and Office 365: The Security Menace
  • Live at: Nov 17 2016 6:00 pm
  • Presented by: Salim Hafid, Product Marketing Manager, Bitglass
  • From:
Your email has been sent.
or close