Security Briefings Part 1: Cloud Apps and Protecting Against Malware

‘Threat intelligence’ has become a general term that may refer to many different types of data sets used to meet very different security needs. Threat prevention and detection solutions (i.e. NGFW, SWG, EDR) are only as good as the threat intelligence driving their analytics. Threat investigation and incident response activities are limited and slow without timely access to sufficient event, network, and threat intelligence. This requires defenders to better understand their intelligence needs, how to identify and map appropriate threat feeds to each need, and the tools available to drive maximum value from threat intelligence. Join Infoblox and (ISC)2 as we review the state of the threat intelligence industry, using public and private research from the last year on the quality and applicability of public, private, and proprietary feeds. We’ll also examine areas such as:

- Automating multi-feed normalization into a ‘super-feed’ for a more effective defensive security stack

- Speeding investigation and response through event, metadata, and threat intelligence correlation

- Leveraging threat intelligence of threat actor objectives, methods, and tactics to drive quick incident resolution

An overall explosion in cryptographic dependencies has given way to an urgent need for enterprises to define their crypto strategies and gain visibility into the many new cryptographic instances that are hidden across their IT environment. As enterprises adopt new IT practices such as DevOps, Internet of Things (IoT), cloud and multi-cloud environments, their cryptographic footprint expands exponentially increasing the risk for business disruption and security threats. This presents an urgent need for enterprises to define new strategies for both crypto and PKI environments in order to balance that risk.

A Cryptographic Center of Excellences (CryptoCOE) prepares security, compliance and risk teams for crypto agility and methods for mitigating crypto related threats. Join this session as we discuss important insights on how to protect your digital business with strong digital trust protocols that support the expanding use cases for cryptographical instance.

The pandemic and its shock to world economies have profoundly altered work environments and cybersecurity priorities. COVID-19 has prompted a massive work-from-home (WFH) movement, increased BYOD policy adoptions, and unfortunately a spike in cyberthreats, ransomware, and data breaches. To help enterprises understand the enormous impact to their IT security teams, (ISC)2 co-sponsored a study that surveyed 600 security professionals from seven countries and 19 industries. Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he reviews key insights from this study, including:
- Challenges of supporting an expanded remote workforce
- Mid-year changes to IT security budgets and personnel
- Change in preferences for cloud-based security solutions
- Security technologies best suited to address pandemic-fueled challenges
- The positive impact of IT security professional certifications

Join (ISC)² Chief Operating Officer, Wesley Simpson for a lively and informative panel discussion on the many new features and offerings provided at the 2020 virtual Security Congress!

Security Congress veterans and session panelists, Brandon Dunlap, James McQuiggan, & Sharon Smith will share how to leverage many of the unique features of the virtual Security Congress, guide you through the various educational, networking and engaging social activities driving the 2020 (ISC)² Security Congress experience.

Whether it's your first Security Congress or 10th, there's something here for everyone. Key topics discussed:
- What makes Security Congress is the marquee security conference of the year:
- Content quality, notable speakers, & keynotes
- Network with thousands of professionals from around the globe & career coaching opportunities
- Ability to obtain up to 45 CPE

Link to event page in the attachments.

(ISC)² is an international, nonprofit membership association for information security leaders like you. We’re committed to helping our members learn, grow and thrive. More than 150,000 certified members strong, we empower professionals who touch every aspect of information security.

(ISC)² Security Congress brings together industry colleagues, offers educational and thought- leadership sessions, and fosters collaboration with other forward-thinking companies. The goal of our annual global cybersecurity conference is to advance security leaders by arming them with the knowledge, tools and expertise to protect their organizations.

Organizations around the world struggle protecting their environments and determining where vulnerabilities exist. Open-source projects, such as Red Canary’s Atomic Red Team, can help by providing methods for evaluating defensive security controls and identifying areas of vulnerability. Additionally, a framework like MITRE ATT&CK can give the organization a full security view, ensuring a comprehensive strategy is in place. Such resources provide useful information for security teams, but the manual processes still needed to execute tests and map them to active detections from existing SIEM, EDR or other tools is too time consuming for many security operations centers (SOCs) to conduct effectively. Join Swimlane and (ISC)2 on November 5, 2020 at 1:00 p.m. Eastern as we examine how to do automate testing with a security orchestration, automation and response (SOAR) solution.

In this session you will:

· Learn how to automate the testing of your security controls

· See how SOAR can help you visualize areas of concern with the MITRE ATT&CK dashboard

· Get an overview of a helpful open-source tool recently developed by the Swimlane Deep Dive Research Team

Join thousands of cybersecurity professionals at all levels for three days of industry discussion, continuing education and networking, November 16 – 18. Get your passes at: https://securitycongress.brighttalk.live/passes/

As workforces look to remain remote for the long term, the cloud has become ubiquitous. Yet human security professionals relying only on conventional security tools continue to struggle to secure the complexity of today’s hybrid and multi-cloud topologies - in fact, only 22% of organizations feel they have adequate visibility into their cloud applications and infrastructure. Join Darktrace and (ISC)2 on October 22, 2020 at 1:00 p.m. Eastern for a an examination of businesses as they increasingly turn to AI as a uniquely dynamic solution to detect and defend from novel threats that emerge on cloud and SaaS environments – which the global workforce continues to rely on in today’s remote working landscape. The webcast will also explore:

· Exploration of the latest cloud and SaaS real-world threat trends
· How Darktrace’s groundbreaking AI Immune System technology keeps pace with the dynamic workforce

· Case studies and unique threat finds from industry leading customers

Data context is a core principle of SASE and requires visibility of data-at-rest and data-in-motion making Cloud DLP a requirement for thousands of cloud apps freely adopted by business units and users. Here are five areas to consider for your blueprint for data protection.

•Users and data are increasingly in the cloud and working remote.
•Data protection focuses on boundary crossings for apps, instances, and activity.
•Unintentional and unapproved data movement is a leading use case for SASE.
•DLP is compute intensive and SaaS architecture provides cloud performance and scale.
•One solution applies DLP to data-at-rest and in-motion with SASE.

Today, many legacy VPN solutions are overwhelmed. The solution is SASE: enabling employees to work from anywhere with a cloud-based combination of Zero Trust Network Access (scalable and fast remote access) and NG SWG (inline cloud and web security). Here are five areas to consider when transforming security to enable working from anywhere:

•Fixing the poor user experience caused by overloaded VPNs.
•Preventing lateral movement of malicious actors over VPNs.
•Using ZTNA to avoid exposing private servers to the Internet.
•Reducing the complexity of remote access to hybrid cloud.
•Combining NG SWG with ZTNA to deliver SASE for remote workers.

Digital transformation is driving the need to review cloud and web use in our organizations. Secure web gateways (SWGs) are now the core of SASE architecture to provide content and context for granular policy controls for apps and web. Here are five areas to consider for your SASE blueprint. Over half of SWG sessions are now cloud apps and services.

•Web filtering needs to advance to decoding cloud app traffic inline.
•The allow/block model no longer works for cloud, you need to manage risk.
•Appliance limitations are being replaced with cloud native platforms.
•Performance matters to avoid security trade-offs.

Ransomware continues to be an ongoing threat to organizations of all sizes that must defend against. Successful attacks have caused a large increase in overall ransomware incidents. Join Infoblox and (ISC)2 for the latest research on the emergence of Qakbot InfoStealer, the Return of Emotet, Vidar InfoStealer, and much more. We’ll also examine how Ransomware as a service continues to grow, the tactics threat actors are using to be successful and what can you do differently to better defend against them. Key takeaways will include:

· New and recently emerged malware variants and trends

· How these differ from other variants we have seen in the past

· What defensive tactics work, and what has failed in the past

· What the state of ransomware looks like

A recent study revealed how security orchestration, automation and response (SOAR) can deliver impressive gains in your security operations center's (SOC) efficiency, productivity, and consistency within a relatively short time-frame—11 months or less on average. But, how do you get there, and what SOAR use cases can lead to these remarkable gains? Join Swimlane and (ISC)2 on October 8, 2020 at 1:00 p.m. Eastern for a pragmatic approach to automation and orchestration as we dig into the use cases where organizations are seeing significant impacts in their SOCs. We’ll also examine:

•Typical challenges that SOAR platforms address.


•Five SOAR use cases that can be used immediately to alleviate analyst burnout and provide more effective use of existing tools.


•How to further increase the ROI of a SOAR platform with robust reporting and metrics.

The XDR technology ecosystem promises a new level of cyber security visibility, improved detection and active protection against modern threats. The full telemetric value of XDR platforms, however, may not be realized without rethinking security analytics. Join the Google Cloud Security team for this webcast to learn more about the dimensions of modern security analytics that will enable you to fully unleash your XDR investment.

Successful ransomware attacks are at an all-time high. And so is the number of organizations paying ransoms to recover their data. But why? And what can smart IT security teams do to mitigate the risks of falling victim? Join Steve Piper, Founder & CEO of CyberEdge (and proud CISSP), as he reviews key findings from CyberEdge’s 2020 Cyberthreat Defense Report. In this webinar, we’ll:

- Examine disturbing ransomware trends, by country and by industry
- Postulate why more organizations are paying ransoms
- Underscore the importance of investing in your company’s “human firewall”
- Review technologies to help give security teams the upper hand

Skillful threat detection and investigation starts with a diverse hub of security telemetry to draw from. The Chronicle platform allows security teams to cost effectively store and analyze petabytes of security data in one place and perform investigations in seconds. Now, Chronicle brings Google-scale threat analysis to your SOC with the debut of its detection engine, Chronicle Detect, fully equipped with ATT&CK reference rules, an integrated detection-based rules language, and intelligence from Chronicle’s elite threat research team. In this webcast, we’ll examine what’s new in Chronicle and see the detection engine in action with a live demo.

Part three will examine how a Zero Trust security strategy built on AI-based security technologies could better prepare you to face the modern threat landscape. We will walk through some current, pervasive threats to gain a better understanding of why and how the unique features of AI-driven technologies are better suited to prevent, detect, and respond to them.