Name: RWJBarnabas on Automation and Compliance in the Age of Connected Healthcare
Start: 2017-05-03T15:00:00Z
End: 2017-05-03T15:48:12.000Z
Location: BrightTALK
Rating: 5

Forescout Technologies is the leader in device visibility and control. Our unified security platform enables enterprises and government agencies to gain complete situational awareness of their extended enterprise environments and orchestrate actions to reduce cyber and operational risk.

Learn more about our products, hear about new cybersecurity trends and see how Forescout helps you address these.

Threat Intelligence and Hunting Nation-State Actors and Threats: A Closer Look at Russian Cyber Activity 

The Russian invasion of and war in Ukraine has been marked by persistent attacks from Russia and Russian-sympathizer hacking groups on Ukraine and supporting entities.  

In this webinar, we’ll give:  

A breakdown of the current state and past timeline of Russian cybersecurity attacks
The step-by-step process cybercriminals use to exploit access and attack corporate networks 
A look into the recent evolution of ransomware as the leading cybersecurity threat of 2021 
The benefits of Forescout Frontline and how our security analysts assess an organization’s baseline risk exposure to cyberattacks.
 
Speaker: Shawn Taylor, Forescout Vice President, Threat Defense

Threat Intelligence and Hunting Nation-State Actors and Threats

Forescout's Vedere Labs announced on June 21 the disclosure of "OT:ICEFALL": 56 vulnerabilities related to insecure-by-design functions affecting devices from 10 major operational technology (OT) manufacturers.
 
Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts.
 
The products affected by OT:ICEFALL are known to be prevalent in industries that are the backbone of critical infrastructures such as oil and gas, power generation and distribution, manufacturing, water treatment and distribution, and building automation. Many of these products are sold as 'secure by design' or have been certified with OT security standards.
 
Tune in to understand:
• Why the lack of basic security controls, which has been exploited in the past by real-world malware, is the biggest issue facing OT security
• The impact of OT:ICEFALL on OT certification, risk management, supply chains, and offensive capabilities
• Strategies and actions that asset owners should take to mitigate risk
 
Speakers:
Daniel dos Santos, Head of Security Research, Vedere Labs

OT:ICEFALL – How to Tackle a Decade of Insecure-by-Design Practices in OT

Forescout's Vedere Labs announced on June 21 the disclosure of "OT:ICEFALL": 56 vulnerabilities related to insecure-by-design functions affecting devices from 10 major operational technology (OT) manufacturers.

Exploiting these vulnerabilities, attackers with network access to a target device could remotely execute code, change the logic, files or firmware of OT devices, bypass authentication, compromise credentials, cause denials of service or have a variety of operational impacts.

The products affected by OT:ICEFALL are known to be prevalent in industries that are the backbone of critical infrastructure such as oil and gas, power generation and distribution, manufacturing, water treatment and distribution, and building automation. Many of these products are sold as “secure by design” or have been certified with OT security standards.

Tune in to understand:
• Why the lack of basic security controls, which has been exploited in the past by real-world malware, is the biggest issue facing OT security
• The impact of OT:ICEFALL on OT certification, risk management, supply chains and offensive capabilities
• Strategies and actions that asset owners should take to mitigate risk

Ransomware is now the biggest cybersecurity threat. More than 80% of cyber incidents have financial motivation. Forescout’s Vedere Labs released a comprehensive report that includes a detailed playbook describing how organizations can protect themselves against a new type of ransomware that exploits IoT devices, such as video cameras, to deploy ransomware.   
 
The next-generation ransomware described in the R4IoT report uses exposed vulnerable devices, such as an IP video camera or network-attached storage (NAS) device, as the initial access point to the network. It then holds OT devices hostage, thus adding another layer of extortion to an attack campaign. This new attack vector that Vedere Labs predicts will be the next step in ransomware evolution, which will impact all IoT (including IoMT), IT, and OT devices, causing physical disruption of business operations.
 
Tune in to learn about:
• How a combined IoT/OT ransomware might work
• How this next-generation ransomware would disrupt and impact your organization 
• Detailed mitigation steps by TTP and how Forescout can help
• Vulnerable IoT and OT assets being actively exploited and how to prioritize their protection
 
Speakers:
Daniel Dos Santos, Head of Security Research, Vedere Labs
Shawn Taylor, VP, Threat Defense

R4IoT: When Ransomware Meets Internet of Things

Security teams across the globe are facing many challenges, not the least of which is trying to deal with an explosion in the number of digital assets while facing a shortage of qualified cybersecurity personnel. You don’t need more security products; you need a force multiplier – a platform that makes your team more effective and focused on what matters.

For more than 20 years, Forescout has been building the only platform that delivers visibility and automation across all types of assets – IT, IoT, IoMT, OT, and Cloud – which collectively represent the digital terrain of your organization. This complete cybersecurity solution provides a strong foundation for Zero Trust security and enables teams to stop chasing false alerts. 

Introducing the new Forescout Continuum Platform, a powerhouse of cybersecurity automation.

In this 45-minute session you’ll learn how: 
- Continuum’s automated discovery delivers a single, comprehensive source of truth for all connected assets across your entire digital terrain. 
- To leverage Forescout’s Device Cloud - the most comprehensive source of device intelligence available - to power the accurate classification and automated assessment of each connected asset’s status and risk posture.
- Shrinking your attack surface to minimize the impact of potential breaches scales to protect your entire digital terrain using the power of automated governance and orchestration with your existing cybersecurity investments.
- To identify genuine threats within your constantly changing asset inventory and leverage Continuum’s multifactor risk scores to provide insightful information, focus, and assistance on what to prioritize.

Mapping Your Digital Terrain: Introducing the Forescout Continuum Platform

The US Federal Gov’t recently issued a warning to the private sector to harden their cyber security infrastructure and defenses based on new intelligence around potential Russia cybersecurity attacks. This Roundtable Discussion will give attendees three things they can immediately do to protect their organization.

Roundtable: Harden Your Networks and Infrastructure Against Cyber Activity

The coordinated vulnerability disclosure (CVD) process is industry best practice for researchers and impacted vendors to investigate and resolve cybersecurity vulnerabilities before sharing the fix publicly. It’s the key to reducing response time. Project Memoria followed CVD to uncover almost 100 supply chain vulnerabilities in 14 TCP/IP stacks that impacted over 400 vendors and 3 billion devices. With widespread supply chain vulnerabilities in particular, a company may feel the impact as both a product vendor and licensed user. Join this webinar for an inside look at what goes right when researchers and vendors like Forescout and Siemens collaborate wholeheartedly to mitigate challenging supply chain vulnerabilities. Key Takeaways: 
• How CVD reduces risk exposure in supply chain vulnerabilities 
• Tips for establishing a CVD program 
• Practical ways to apply cybersecurity research as an impacted vendor and customer
Speakers:
Daniel dos Santos, Forescout
Stevie Beck, Siemens
Christina Hoefer, Forescout

Vulnerability Research In Action: How Collaboration Reduces Risk

Forescout’s Vedere Labs and CyberMDX today announced the disclosure of “Access:7”: seven supply chain vulnerabilities found in PTC’s Axeda remote code and management platform outlined in CISA ICS Advisory ICSA-22-067-01.

Three of the vulnerabilities have been rated critical, and successful exploitation could result in full system access, remote code execution, read/change configuration, file system read access, log information access and a denial-of-service condition.

More than 150 device models across more than 100 device manufacturers are potentially affected by these vulnerabilities with the healthcare sector seeing the highest potential impact, followed by financial services and manufacturing. Devices using the impacted Axeda agent include surgical, ventilation and radiotherapy equipment along with several medical imaging and laboratory devices.

Tune in to understand:
• What makes supply chain components so vulnerable and how to increase your awareness
• How Access:7 impacts the healthcare industry as well as financial services and manufacturing organization
• Immediate actions device manufacturers and network administrators should take to mitigate your risk

Speakers: 
Daniel Dos Santos, Head of Security Research, Vedere Labs
Elad Luz, Head of Research, CyberMDX, a Forescout Company

Access:7 Supply Chain Vulnerabilities: What to Know and How to Mitigate the Risk

At this virtual roundtable panelists discussed tactical steps organizations can take to protect their critical infrastructure and industrial control system (ICS) networks. How to be prepared, enhance your organizations security posture, and create heightened vigilance.

Rising Russian Tensions: Impacts and Considerations for ICS and OT Asset Owners

Exploring a Zero Trust Architecture in the Healthcare Industry – How to get started and pitfalls to avoid
 
Digital transformation in the Healthcare industry is causing an explosion of hyper-connected IT, IoT and IoMT devices and, with it, a greatly expanded cyber-attack surface. With constant transformation and the explosion of interconnected devices, how do you even begin to plan for a zero trust architecture beyond the managed users and workstations? 
 
In this session you will learn: 
• How NIST defines Zero Trust and their 7 steps to get there.
• Some of the common pitfalls to avoid.
• Why Zero Trust doesn’t stop at managed users and workstations – IoMT devices must be included in the architecture planning up-front.

Getting Started with Zero Trust in Healthcare

The Apache Log4j vulnerability took the world by surprise when it was disclosed in December, gaining notoriety for its severity (a CVSS score of 10 out of 10) and sprawl. Granted, the alarm went off during the holidays, but why did so many organizations stumble in their response? When the next major vulnerability emerges, will you be ready?

While many fingers are pointing at weaknesses in open source code as the cause of Log4j, the larger problem is lack of visibility into what’s on the network – not just what devices are running which products but what software components, including code libraries, are hidden within each product. It's no surprise that the call for a standard software bill of materials, or SBOM, is gaining momentum.

Gather around our virtual campfire to explore the ramifications of Log4j with experts, so you’ll be ready when the next one hits. We’ll discuss:

• Lessons learned from Log4J
• The need for complete hardware and software asset management, with continuous assessment
• How to know if you’ve been compromised, speed incident response and trust resolutions

Speakers: 
Ellen Sundra, Forescout Chief Customer Officer
Shawn Taylor, Forescout VP, Threat Detection

Are You Prepared for the Next Log4J?

OT assets and networks should no longer be viewed in isolation by security practitioners. As recent malware and ransomware attacks have proven, IT and OT devices are both vulnerable, and attacks on IT systems can drastically impact OT systems.
 
Shutting down OT networks has serious consequences from both financial and societal perspectives. To secure OT networks, organizations need to stop treating them as separate siloes. It’s the best way to gain visibility beyond OT environments and tighten security across the entire enterprise. 

Join this 30-minute session to learn about key elements for an effective cybersecurity program and how to make IT-OT convergence successful. Three experts on IT-OT network security will share their insights into the most important threats and trends during a general panel discussion.

Key takeaways from the webinar:
– Highlights of the pivotal security events of 2021
– Trends in IT/OT convergence and compliance regulations
– Predictions for 2022 

Q&A to follow panel discussion.

Speakers: 
Jason Holcomb, Accenture Security Innovation Principal Director - OT Security
Christina Hoefer, Forescout VP Global Industrial Enterprise
Brian Proctor, Forescout OT Principal Strategist

IT-OT Convergence in 2021 and Implications for OT Cybersecurity in 2022

Ways to Unstick Stuck Segmentation Projects

Attempts to steal valuable data have risen dramatically in recent years and will only continue to increase. In response, network segmentation has become a valuable tool to protect data and limit the blast radius of any incidents that do occur. It is also a key component that underscores zero trust programs and organizations’ ability to maintain compliance with the vast number of regulations being introduced by governments and industry bodies. 
Yet, segmentation projects experience a high failure rate, and many never progress beyond the planning stages. 
Join this 30 min session to learn how you can unstick a stuck segmentation project, along with best practices to avoid disruptions to production environments. 
Key-Takeaways:
- Why segmentation is more important now than ever before
- How you can set up your segmentation project for success
- Best practices for network segmentation

Overcoming Network Segmentation Hesitancy

Forescout Research Labs, in collaboration with JFrog, recently released the fourth study from Project Memoria - the industry’s most comprehensive study of TCP/IP vulnerabilities. INFRA:HALT covers 14 vulnerabilities affecting the popular closed source TCP/IP stack NicheStack. These vulnerabilities can cause Denial of Service or Remote Code Execution, allowing attackers to take targeted OT and ICS devices offline or take control of them.

Join this roundtable discussion to learn about:

• Recently discovered vulnerabilities and how they impact the NicheStack TCP/IP stack
• Organizations and devices with the highest potential to be affected 
• How to assess and mitigate risk and protect enterprise networks

Speakers:
Daniel Dos Santos, Forescout Research Labs
Shachar Menashe, JFrog Senior Director Security Research

INFRA:HALT – Risk Mitigation Strategies for TCP/IP Vulnerabilities in OT

The recent Verkada security camera breach impacted 150,000 IP cameras. This massive breach dominated headlines and spurred conversations among enterprise security teams and Board members who want answers to one critical question: Are our IoT devices secure? 

What can we learn from this breach in light of increasingly frequent attacks on IoT devices? Please join us as members of Forescout Research Labs, our system engineers and a featured Forescout customer discuss: 
• The recent attack landscape 
• Newly discovered IoT device vulnerabilities 
• Trends and best practices to mitigate these IoT risks

Using Research and Best Practices to Secure IoT Devices

Watch this engaging discussion with a panel of critical infrastructure security experts from Duke Energy, EG.D (an E.ON Group Co.), Enbridge and Southern Company who are each monitoring over 100 sites. Topics include:
 • Priorities an OT SOC should consider and why
 • Lessons learned coordinating IT and OT security operations at scale
 • Overcoming staff and/or network constraints to accelerate OT security deployments without negatively affecting performance
 • Methods to overcome alert noise, rapidly respond to threats appropriately and improve business operations
 • Streamlining program maturity with standards such as NIST and NERC CIP

Expert Panelists:
 •  Tony Souza, Dir. Cybersecurity Architecture & Engineering, Duke Energy
 • Jaroslav Prochazka, Cyber Security Architect,  EG.D (an E.ON Group Co.)
 • Doug Leece, OT Security Operations Lead, Enbridge
 • Steve Sanders, Power Delivery Cybersecurity Manager, Southern Company

Hosted by:
 • Jamie Bass, Accenture Managing Director
 • Brian Proctor, Forescout OT Strategist

Real-World Experiences Deploying & Operationalizing OT Security

High-profile cyberattacks continue to shut down critical infrastructure across a wide range of sectors. As a result, leaders depending on those systems are asking “Are we prepared? How do we avoid being a target of ransomware? When we’re attacked, can we contain damage without massive system shutdowns? Can segmentation prevent IT risks from affecting our OT systems?” 

A proactive Zero Trust approach can help you confidently answer these questions. This includes actively defending your IT and Operational Technology (OT) networks as a converged set of systems. After all, it is through IP-connected IT systems that an increasing number of sophisticated cyber threats are crippling the OT systems running  critical infrastructure. 

In this 45-minute session you’ll learn: 
-	Attributes of the recent attacks on critical infrastructure
-	Zero trust concepts and best practices for securing your converged IT/OT networks
-	How to proactively identify, segment, and enforce compliance on every connected device

Speakers:
Tamer Baker, Forescout CTO-Regional
Jonathan Jesse, Forescout Sr. Systems Engineer
Brian Proctor, Forescout Sr. OT Strategist

Proactive Cyber Security for Converged IT/OT Networks

Join Forescout and guest speaker, Forrester’s Steve Turner in a discussion on the unseen risks of returning to office, adapting to the new normal and security strategies you can implement today to mitigate risk. During this interactive live event, you’ll learn more around:
• Why device posture decay is a huge concern and how to combat this as your security tools were forced to operate at home under reduced IT oversight when COVID-19 hit.
• The need for a complete foundational solution as organizations prepare to bring these polluted devices back to the office and how to gain 100% visibility of all returning and new IP-connected devices.
• How you can maintain constant vigilance by continuously monitoring all devices for new threats and re-assess their hygiene after extended absences.
• The importance of a Zero Trust strategy to helping you secure your hybrid workforce.

Speakers:

Steve Turner, Analyst, Security & Risk – Forrester
Tamer Baker, CTO - Forescout Technologies, Inc.
Sandeep Kumar, Sr. Director Product Marketing Forescout Technologies, Inc.

Forrester and Forescout: Zero Trust Strategies for Returning to the Office

As New Jersey’s largest integrated healthcare delivery system and one of the country’s fastest-growing health organizations, RWJBarnabas Health has dealt with formidable cybersecurity and data privacy challenges, such as:

•Discovering and securing agentless clinical devices while maintaining availability
•Supporting compliance with regulatory mandates such as HIPAA and HITECH 
•Merging highly mixed environments due to merger and acquisition activity
•Securing guest-, vendor-owned and IoT devices through network segmentation

During this webinar, RWJBarnabas Health’s Hussein Syed, Chief Information Security Officer, and Dominic Hart, Manager Information Security Architecture and Security, will discuss why agentless visibility and control are essential for securing healthcare environments.

RWJBarnabas on Automation and Compliance in the Age of Connected Healthcare

Healthcare

Network

Security

Hackers

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

RWJBarnabas on Automation and Compliance in the Age of Connected Healthcare

Presented by

About this talk

More from this channel