Hi [[ session.user.profile.firstName ]]

What is a Cryptographic Center of Excellence and Why is it Important?

An overall explosion in cryptographic dependencies has given way to an urgent need for enterprises to define their crypto strategies and gain visibility into the many new cryptographic instances that are hidden across their IT environment. As enterprises adopt new IT practices such as DevOps, Internet of Things (IoT), cloud and multi-cloud environments, their cryptographic footprint expands exponentially increasing the risk for business disruption and security threats. This presents an urgent need for enterprises to define new strategies for both crypto and PKI environments in order to balance that risk.

A Cryptographic Center of Excellences (CryptoCOE) prepares security, compliance and risk teams for crypto agility and methods for mitigating crypto related threats. Join this session as we discuss important insights on how to protect your digital business with strong digital trust protocols that support the expanding use cases for cryptographical instance.
Recorded Nov 23 2020 53 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jay Schiavo, Entrust; Neal Fuerst, Entrust; Brandon Dunlap, Moderator
Presentation preview: What is a Cryptographic Center of Excellence and Why is it Important?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • What's This Thing? Solving Asset Management for Security Ops Feb 18 2021 6:00 pm UTC 60 mins
    Daniel Trauner, Director of Security, Axonius; Brandon Dunlap, Moderator
    SecOps teams struggle to quickly gather useful, accurate and up-to-date asset date to inform investigations. It’s important to correlate datea from multiple sources to understand the intersection of connected devices, cloud instances, user and security controls. Ultimately SecOps teams care most about alerts and investigations, but some of the most basic asset data challenges make getting context a massive pain. Join Axonius and (ISC)2 on February 18, 2021 at 1:00PM Eastern as we look at asset management and its impact for security operations.
  • Darktrace #3: The Industrial Immune System: Securing IT/OT Converged Ecosystems Feb 9 2021 6:00 pm UTC 60 mins
    David Masson, Director of Enterprise Security, Darktrace; Brandon Dunlap, Moderator
    The increasing convergence of information technology (IT) and operational technology (OT) in ICS environments creates significant challenges from a security perspective. Attacks originating in the inbox can now more easily disrupt processes on the factory floor. Further, many organizations are unaware of the extent of IT/OT convergence in their own ecosystems. Join Darktrace and (ISC)2 on February 9, 2021 at 1:00pm Eastern as we look at how Darktrace’s Industrial Immune System helps organizations tackle these challenges by providing a unified view of IT and OT networks. The self-learning AI detects threats throughout the ecosystem and the AI analyst also automates the investigation process in both IT and OT-specific contexts in order to augment human teams. The session will also include a discussion on how the system defended against a Serpent ransomware infection in real time.
  • From the Front Lines – Incident Response at Scale Feb 4 2021 6:00 pm UTC 78 mins
    James Perry, Senior Director and Head of Incident Response, CrowdStrike Services
    In this session from our recent Security Congress event, you hear stories of CrowdStrike incident response engagements and how they have changed the model for how companies respond to a breach. Learn the methods CrowdStrike uses to disrupt and ultimately remove bad actors from networks.
  • Darktrace #2: Threats in Focus: Nation-State Cyber Attacks Recorded: Jan 26 2021 61 mins
    Marcus Fowler, Director of Strategic Threat, Darktrace; Brandon Dunlap, Moderator
    Among rapidly evolving global challenges, the escalation of nation-state attacks is making cyber-attacks exponentially more dangerous and harder to identify. Mounted at speed and scale and backed by thorough resources, nation-state cyber-attacks often do damage under great stealth, steal sensitive data, and have even resulted in manipulation and distortion of information. In the face of sophisticated nation-state attacks, organizations are turning to Cyber AI, which detects the subtle signs of targeted, unknown attacks at an early stage, without relying on prior knowledge. Join Darktrace and (ISC)2 on January 26, 2021 at 1:00PM Eastern as we examine:

    · Paradigm shifts in the tide of nation-state cyber threat landscape

    · How Cyber AI singularly detects never before seen threats

    · Real-world examples of nation-state campaigns stopped with Cyber AI
  • Entrust #2: Rethinking Enterprise Security with a Zero Trust Approach Recorded: Jan 26 2021 59 mins
    Rajan Barara, Director, Product Management, Entrust Identity; Sharon Smith, Moderator
    Organizations around the world have transitioned to working from home in past months, and this transition has challenged advanced security models and user behaviors in a COVID-19 world. A significant number of users discovered that poor technology and/or infrastructure was the biggest barrier to effective remote working.

    As we speed towards the new normal of hybrid workplaces, organizations are reviewing their business continuity plans and restoring productivity to pre-covid times. Cybercriminals are getting smarter; work from home has expanded the enterprise perimeter; and the digital ecosystem is growing rapidly including new cloud applications. A significant part of IT Security effort is to ensure appropriate infrastructure and tools for their employees as well as top of the line cyber hygiene controls. Therefore, companies need a cyber security strategy that is consistent and crosses their on-premises perimeter. “Never trust, always verify”, is the bedrock of Zero Trust. With a Zero Trust model, every request to access information/data must be authenticated, authorized, and encrypted before permission is granted. It is not a product but an enterprise cybersecurity plan to protect its resources. In this session the participants will learn about:

    o Enterprise challenges in Zero Trust implementation

    o How Zero Trust responds to different risk factors

    o Ways to secure enterprise Hybrid environment

    o How Entrust's high assurance IAM solution helps in achieving Zero Trust
  • Entrust #1: Quickly and Securely Verify Individual Identities Online Recorded: Jan 25 2021 50 mins
    Jenn Markey, Product Marketing Director, Entrust Identity; Sharon Smith (Moderator)
    2020 has accelerated digital transformation efforts across the board. Projects with multi-year timelines are being executed in a matter of months and, in some cases, weeks. Increasingly, people are being interviewed, hired, and onboarded without ever having an in-person meeting. Customers are transacting online in record numbers out of necessity, convenience, and even safety. This new normal introduces the challenge of securely verifying individual identities, especially when an in-person identity check is not feasible. Modern identity proofing keeps your workers and customers safe and protects your organization. In the first part of this series, join us to learn best practices to:

    o Securely verify personal identities

    o Limit user friction in the verification process

    o Protect workforce and consumer identities

    o Mitigate risk of identity fraud
  • Threat Hunting: A Proactive Approach to Breach Defense Recorded: Jan 21 2021 61 mins
    Adam G. Tomeo, Product Marketing Mgr, Cisco; Eric Howard, Technical Marketing Engineer Mgr Cisco; Brandon Dunlap, Moderator
    Did you know that 1 in 4 companies are at risk for a major breach in the next 24 months? And with nearly half of alerts going uninvestigated at organizations around the globe, it’s no wonder this risk is so high. Reducing your organization’s mean time to detection can minimize the impact of a breach, but without a focused detection capability giving you visibility, breaches can go undetected for months, by which time extensive damage has already been done. Join Cisco and (ISC)2 on January 21, 2021 at 1:00PM Eastern for a discussion to learn about the value of adding threat hunting to your breach defense. We will examine the differences between starting an internal threat hunting team versus acquiring services from a third party and how you can leverage a hybrid model to take a more proactive approach to breach prevention.
  • August 2020 Summit #3: Technical Blue Print for Data Protection Recorded: Jan 13 2021 44 mins
    Ankus Chadda, Brandon Dunlap, Moderator
    This session will lay out the technical blue print to achieve data protection success. Discover why Forcepoint is a 9x Gartner MQ Leader for DLP. Forcepoint Dynamic Data Protection can allow your organization to prioritize high-risk activity and automate policies to protect data in near real-time, providing the highest security & workforce productivity. During this final session to the Path to Smart Data Protection learn how Forcepoint can help your organization:

    • Profile high-risk activity based on data incidents, data models and endpoint collector events
    • Dynamically allocate individual risk scores based on a person’s behavior and the value of the data they access
    • Apply automated controls to any interactions with sensitive data based on individual risk level.
  • August 2020 Summit #2: Explorations in Data Protection Recorded: Jan 13 2021 55 mins
    Jason Kemmerer, Sales Engineer, Forcepoint; Brandon Dunlap, Moderator
    During this session hear from a Forcepoint customer on why they chose Forcepoint as their Data Protection partner. Learn how a healthcare organization leveraged Forcepoint’s solution to span across multiple businesses, ingest and fingerprint data, support regulatory requirements, customize policies, implement across multiple domains, provide OCR and use a single pane of glass for policy configuration and enforcement.
  • August 2020 Summit #1: Data Protection Essentials Recorded: Jan 13 2021 45 mins
    Josh Jordan, Solution Specialist, Forcepoint; Brandon Dunlap, Moderator
    What data does your organization process? What policies exist? Who are your internal stakeholders? What is your organizations risk tolerance? What compliance regulations apply to your organization? This session will walk dig into how to operationalize a successful data protection program from the basics to demonstrating effectiveness.
  • May 2020 Summit #3: SASE for Data - Data Protection with Cloud DLP Recorded: Jan 13 2021 51 mins
    Greg Mayfield, Sr. Director, Product Marketing, Netskope; Brandon Dunlap, Moderator
    Data context is a core principle of SASE architecture and it requires visibility to data-at-rest and data-in-motion for data loss protection (DLP) policies and rules. Intersect these objectives with the overwhelming use of cloud apps freely adopted by business units and users, and you need cloud DLP. Legacy SWG solutions using ICAP for file-based DLP analysis are blind to cloud apps and the majority of data movement and use. While traditional cloud access security broker (CASB) deployments use API protection into several dozen managed cloud apps, it is the inline deployment that provides granular control for thousands of cloud apps in use, plus web traffic. Here are five areas to consider when updating your blueprint for data loss protection.

    1. First, your users are in the cloud and are now working remote. Plus, the majority of your data now resides in the cloud with wide SaaS adoption, so your DLP needs to be in the cloud. SASE involves a single pass design for data and threat protection, meaning your cloud SWG requires strong DLP for cloud and web traffic.

    2. Allow/block faces the same challenges for DLP, it needs to mature to ‘allow’ with granular policy controls for data protection. The cloud brings boundary crossings between company and personal instances, managed and unmanaged cloud apps, activity and context, plus app risk factors to recommend safer alternatives.

    3. While inline cloud SWG provides the foundation for cloud DLP, the benefit of SASE architecture is using the same DLP policies and rules for data-at-rest in managed apps with CASB, public cloud environments with cloud security posture management (CSPM), plus securing private access with ZTNA.
  • May 2020 Summit #2: SASE for Users - Secure Remote Users for Any Device Recorded: Jan 13 2021 50 mins
    Ross Asquith, Product Marketing Manager, Netskope; Brandon Dunlap, Moderator
    In the current environment, many legacy VPN and remote access solutions are being overwhelmed, and organizations are reacting with ‘band aid’ fixes. The goal is to enable business critical users with cloud-based private access as quickly as possible with the least amount of friction. Strategically, this will mean combining a cloud-based Next Gen Secure Web Gateway (providing cloud and web inline security) and a zero trust network access (ZTNA) solution (providing scalable and fast remote access) as part of your SASE architecture. Here are five areas to consider when updating your blueprint for remote access security:

    1. Most legacy VPNs were deployed to handle around a third an organization’s workforce, but they are being pushed to handle two-thirds or more in the current crisis. The poor performance and user experience of overloaded VPNs can be easily replaced with cloud-enabled private access - for critical business use cases.

    2. Shift your remote access strategy from VPNs providing network access, with the opportunity for lateral movement by malicious insiders and compromised accounts, to secure, cloud-enabled, zero trust application access.

    3. ZTNA maintains the traditional remote access features of device posture checking and strong authentication, but improves the security of data centers and public cloud environments by not exposing any IPs, ports or services to the public internet.

    4. The deployment of legacy VPNs to multiple data centers and multi-cloud environments can be complex for IT and users. Cloud-enabled ZTNA seamlessly and transparently provides access to hybrid IT environments with high performance, global scale, and much less complexity.
  • May 2020 Summit #1: SASE at-the-Core - Content and Context with Next Gen SWGs Recorded: Jan 13 2021 56 mins
    Tom Clare, Product Marketing Manager, Netskope; Brandon Dunlap, Moderator
    Transformations are disruptive by nature driving the need to review the challenges for cloud and web use in our organizations. Secure web gateways (SWGs) are also part of the disruptive transformation cycle we are all experiencing and becoming the core of SASE architecture to provide vital content and context for granular policy controls. Here are five areas to consider when updating your blueprint for securing web and cloud use.

    1. The web is no longer just web, over half of secure web gateway (SWG) sessions are now cloud apps where the average organization uses 2,415 cloud apps and 89% of users are active in the cloud. Adding more fuel, over 98% of cloud apps are unmanaged by IT and freely adopted by business units and users.

    2. Web content and filtering needs to advance to decoding cloud app traffic inline, or SWGs will remain blind to cloud content and context for real-time threat and data protection where 44% of threats were cloud-enabled in 2019.

    3. The general allow/block model no longer works for cloud. Allow now requires granular controls such as understanding cloud app instances and activity to detect cloud phishing or cloud-enabled threats using trusted domains and valid certificates to evade legacy defenses.

    4. Appliance limitations are being replaced with cloud native platforms with on-demand performance and global scale. These microservice designed platforms are enabling an integrated SASE architecture with an understanding of data context and expanding capabilities to end appliance sprawl.

    5. SWG control points for main and remote offices now must include a growing base of remote workers. For cloud SWG optimization, they require a hyperscale carrier grade access network providing the fastest round trip time possible. This eliminates the performance versus security trade-off and the uncertainties of the internet.
  • April 2020 Summit #3: Insider Threats & Compliance Recorded: Jan 13 2021 59 mins
    Bob Swanson, Compliance Consultant, Swimlane; Brandon Dunlap, Moderator
    Once your security operations center (SOC) team has identified and remediated the insider threat, the job is only partially done. It is then essential for your SOC to respond to the alert, which includes reporting and auditing necessary for compliance. In this final presentation, we will take a deep dive into how you can use a security orchestration, automation and response (SOAR) solution to respond to and then report on insider threats at machine speed.
  • April 2020 Summit #2: How to Remediate Insider Threat Alerts Automatically Recorded: Jan 13 2021 54 mins
    Jay Spann, Technical Product Marketing Manager, Swimlane; Josh Rickard, Security Research Engineer, Swimlane; B. Dunlap, Mod
    Whether your security operations center (SOC) uses a security information and event management (SIEM) solution, data loss prevention (DLP) tool, or some other product to detect anomalous activity, responding to the insider threat alert swiftly enough to limit your
    organization’s exposure is the real battle. In this presentation, we’ll examine a typical use case for automated insider threat response, demonstrating a significant reduction in risk for the organization.
  • Darktrace #1: Ransomware in Focus: How AI Stays One Step Ahead of Attackers Recorded: Jan 12 2021 61 mins
    Justin Fier, Director of Cyber Intelligence & Analytics, Darktrace; Brandon Dunlap, Moderator
    As the world continues to endure ongoing global disruption, cyber-attackers have been constantly updating their tactics in light of emerging trends. According to MIT Technology Review, 121 million ransomware attacks were recorded in the first half of 2020, each one attempting to encrypt private data and extort payment for its release. The automated elements of these attacks, featuring malware that moves faster than security teams can respond, is one of the most damaging hallmarks of these ransomware campaigns. Join Darktrace and (ISC)2 on January 12, 20201 at 1:00pm Eastern as Justin Fier, Director of Cyber Intelligence & Analytics at Darktrace, unpacks the nuances of some of today’s most costly and advanced ransomware and shares how self-learning AI uniquely empowers organizations across industries to fight back.
  • April 2020 Summit #1: Why Insider Threats Should be on your Radar Now Recorded: Jan 12 2021 62 mins
    Dave Sanders, Director of Insider Threat Operations, Haystax; Kirk Cerny,Fishtech Group; B. Dunalp, Moderator
    A Fishtech Group subsidiary, Haystax, in cooperation with Cybersecurity Insiders recently released the “2019 Insider Threat Report” claiming “70% of the organizations surveyed think
    insider attacks have become more frequent in the past 12 months.” Ostensibly, the threat of insider attacks is growing, and it’s critical that we understand where we are and where we’re going in terms of insider threats. In this presentation, we’ll examine the current insider threat landscape and how top companies are using different security tools and strategies to weed through the complexity and mitigate risk to their organizations.
  • January 2020 Summit #3: Carding Attacks and Its Impact on Websites Recorded: Jan 12 2021 54 mins
    Brit Sadia, Cyber Security Researcher, PerimeterX; Hadas Weinrib, Product Marketing, PerimeterX; B. Dunlap, Moderator
    Two new carding bots are threatening websites and putting customer PII data at risk. The increase of credit card usage has led to an unexpected growth of carding bot attacks. The result is significant revenue loss for e-commerce sites. Not only is revenue at stake, but these threats jeopardize a

    company’s reputation, customer trust and online user experience. Carding attackers target websites and platforms, exploring new methods and tools to automatically validate stolen credit cards. In this session, you’ll learn about the new carding bots that threaten e-commerce sites and put customer PII data at risk. We will also show how to better protect your websites, mobile applications and APIs from these new bots.
  • January 2020 Summit #2: New Trends in Magecart Attacks Recorded: Jan 12 2021 62 mins
    Mickey Alton, Research Team Leader at PerimeterX; Ameet Naik, Director of Product Marketing; B. Dunlap, Moderator
    In late 2019, British Airways was fined $229M for loss of customer data from their website that was caused by a Magecart attack. Digital skimming and Magecart attacks continue to be a major threat to online businesses, exposing payment card data and customer PII. The research team at PerimeterX has uncovered a new trend where multiple independent Magecart groups are skimming data from websites concurrently. In this part. We’ll examine two major incidents uncovered by the PerimeterX research team, where attackers infiltrated digital services through Magento-based applications.
  • January 2020 Summit #1 - Top 5 Threats to Online Businesses Recorded: Jan 12 2021 57 mins
    Ido Safruti, CTO and Founder, PerimeterX; Deepak Patel, VP Product Marketing, PerimeterX; Brandon Dunlap, Moderator
    Cyberattacks continue to threaten online digital experiences. Automated bots and compromised third-party code outsmart existing defenses and compromise the integrity of your websites and mobile apps. This impacts an organization’s ability to be effective in conducting and securing online business. In this webcast, we’ll examine the top five security threats to online business, how to stay ahead of these attacks and proactively address client-side vulnerabilities and the practical strategies needed to protect customers, online revenue and company reputation.
(ISC)² Security Briefings - In-depth examination of infosec topics.
(ISC)² Security Briefings brings attendees both stand alone webcasts and multi-part series on cutting edge infosecurity topics that gets deeper into the subject matter and technologies presented by subject matter experts.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: What is a Cryptographic Center of Excellence and Why is it Important?
  • Live at: Nov 23 2020 10:00 pm
  • Presented by: Jay Schiavo, Entrust; Neal Fuerst, Entrust; Brandon Dunlap, Moderator
  • From:
Your email has been sent.
or close