A Dissection of Recent High Profile特権アカウント乗っ取り事件の事例とその真相

Cybercriminals must master evasion if they are to be successful. Many threats, such as APT’s, are designed to remain hidden for months or years as they slowly monitor their victim, compromising select information in a way that is also intended to go unnoticed. Others, like ransomware, may only need to hide their malicious intentions long enough to infect and begin encryption processes. And even when these attacks trip some defensive sensor, it can take analysts days to investigate and launch an effective incident response, often too late to prevent significant damage.
Join us as we assess evasion methodologies and the value of DNS, with some unique Asia-Pacific callouts, to counter them across the kill chain including:
- Why does DNS visibility expose threat activity other solutions miss?
- How can DNS visibility be used to make other solutions more effective?
- What role does DNS play in investigation and response?

Presenter: Bob Hansmann, Senior Product Marketing Manager, Infoblox
Moderator: Hoo Chuan-Wei, CISSP, Technical Advisor, Asia-Pacific, (ISC)²

The modern software developer faces an enormous amount of challenges. From continuously creating innovative apps to ensuring high quality and meeting tight deadlines, developers need to cope with many responsibilities. As a result, security remains one of the last priorities on many developers’ minds during the software development lifecycle, despite software security continuing to be a major contributing factor behind devastating cyber breaches such as Starburst.

In this webinar, you will learn:
• Why Do We Need Developers with a Security Mindset?
• What personnel certifications for software security will do for individuals and the organisations they work for;
• How a security certification qualification will help software professionals develop more secure software;
• The merits and benefits of the (ISC)² CSSLP software security certification as well as the steps involved to attain accreditation.

Presenters:
• Pishu Mahtani, CSSLP, (ISC)² Authorised Instructor
• Tony Vizza, CISSP, CCSP, Director of Cybersecurity Advocacy, APAC, (ISC)²

働き方の変化が強制的に進んだことで、在宅勤務のリスク、社会と行動の変化に潜む新しい脅威を生み出しています。先日弊社が公開しました、日本を含むアジア・オセアニア地区で集計したレポートを元にIT管理者が感じているSaaSへの懸念事項、その中でもデータ保護にフォーカスして紹介します。データを保護する理由、問題点や課題を考えます。データ保護における機密性、完全性、可用性を実現するための最新事例もご紹介します。

Presenter: 加藤 路陽, セールスエンジニア, バラクーダネットワークスジャパン株式会社
Moderator: 小熊 慶一郎, CISSP, Director of Business Development, Japan, (ISC)²

Cybersecurity is a booming industry that suffers from a lack of skilled personnel. Organizations from technology and manufacturing to retailers, airlines, and shipping, to financial services and healthcare, government and federal sectors are all seeking skilled and experienced security staff. In fact, it is predicted that there will be 3.5 million unfilled cybersecurity jobs globally by 2021.
IT and Risk Management professionals have many of the underlying knowledge, skills and experience needed to enter the field of cybersecurity. So, do you have what it takes to be a cybersecurity professional?

In this webinar, you will learn:
• Why cybersecurity is a great choice for a exciting and fulfilling career;
• How you can use your current knowledge, skills and experience and hone it towards a cybersecurity career;
• Attaining broad security knowledge with the (ISC)² SSCP certification;
• How a security certification will help you become a better cyber professional;
• Which areas of knowledge the SSCP security certification covers

Presenters:
• Chuan-Wei Hoo, CISSP, Group Chief Information Security Officer, Group Information Security Office, ST Engineering IHQ Pte. Ltd; Technical Advisor, Asia Pacific, (ISC)²
• Jeremy Daly​, SSCP, Cybersecurity Product Manager, DDLS
• Tony Vizza, CISSP, CCSP, Director of Cybersecurity Advocacy, APAC, (ISC)²

The ATT&CK® Evaluations are an unbiased assessment of detection and protection capabilities from all key cybersecurity vendors. Conducted annually by Mitre Att&ck, the evaluations emulate known adversary behavior and attack techniques, in this year’s case – the Carbanak+FIN7 attacks.
In this same spirit, SentinelOne will host a special webinar on June 9 to dissect the 2020 MITRE Engenuity ATT&CK “Carbanak+FIN7” Enterprise Evaluation, which put 29 global endpoint security solutions, and elucidate why this evaluation is becoming a key reference for CISOs when choosing cybersecurity vendors.
Join Kelvin Wee, Director of Security Engineering at SentinelOne - APJ, to understand:
• What Mitre Att&ck is and why it matters to every enterprise CISO in APJ
• How the evaluation is done and key results from the 29 endpoint security vendors evaluated
• Why some EPP & EDR solutions produced the lowest results
• Technology Validation: How SentinelOne was the only vendor to achieve complete visibility with zero missed detections across both Windows and Linux environments

Presenter: Kelvin Wee, Director of Security Engineering - Asia Pacific and Japan, SentinelOne
Moderator: Tony Vizza, CISSP, CCSP, Director of Cybersecurity Advocacy, APAC, (ISC)²

According to Gartner, worldwide security spending on cloud security increased by over 30% in 2019-20, while overall IT spending dedicated to cloud will increase significantly in 2021. Coupled with the rapid adoption of cloud due to the COVID-19 pandemic, the need for cloud security professionals has become acute and opportunities abound for those in cybersecurity who want to maximise their personal development with cloud security skills.

In this webinar, you will learn:
• What security in the cloud looks like;
• What the ‘shared responsibility model’ for cloud security entails;
• What personnel certifications for cloud security will do for individuals and the organisations they work for;
• Why a vendor-agnostic accreditation is critical for organisations which increasingly are using a multi-cloud strategy;
• The merits of the (ISC)² CCSP cloud security certification for a cloud security professional as well as the steps involved to attain accreditation.

経営陣が情報セキュリティやリスクマネジメントの取り組みを推進してはいるものの、期待するほど情報セキュリティが向上していない声をよく耳にします。その理由の１つとして経営陣は情報セキュリティの課題を解決するために必要となる現場を把握する仕組みづくりにうまくいっていないことが挙げられます。

経営陣が情報セキュリティの活動を宣言したとしても現場の実務者が経営陣が期待する活動を行わない限り情報セキュリティは向上していきません。しかし、現場の実務を支える実務者の育成は耳ざわりがよい知識と技術を身に着ければよいというわけではなく、「組織」という観点を理解し、情報セキュリティ専門家や経営陣とコミュニケーションを図れる人材でなければなりません。そのため、IT全体にわたる知識とスキルがあり、ネットワークやシステムの開発・運用などに従事する人に必要な知識に加え、確実なセキュリティ対策を実装・維持できる技術的な観点だけではなく「組織」という観点から情報セキュリティを理解している必要があります。

SSCPの7ドメインは、情報セキュリティの運用から基本的な情報セキュリティの実務に必要な知識を取り扱い、情報セキュリティを専業としていない実務経験年数が少ない方にとっても、より実践に近い内容をグローバルの標準に則って理解することが期待できます。今回のオンラインセミナーでは、「現場の情報セキュリティ担当者に必要な情報セキュリティの知識と考え方」として、IT全般のエンジニアやサポート技術者、アナリスト担当者が知っておくべき情報セキュリティの知識をわかりやすくお教えします。

SSCPを受験させてみたいけど、どのような内容になっているのかわからないというユーザー企業の管理職の皆さんにも理解しやすい内容で提供させていただきます。

システム開発や情報システム担当者の皆さんにも効果的な内容となっています。※講師の講義は前回の録画を使用します。

Now more than ever before, remote access is critical to organizations. With the explosion of remote working, coupled with the necessity to keep up with Digital Transformation, employees and vendors require access hundreds of times per day, from various off-site locations. This creates an expanded and often uncheck attack surface, presenting a large risk that hackers are lining up to exploit.
This session will take a deeper dive into a variety of considerations when it comes to securing your remote access, including:
• Remote working and the rising risk of remote access breaches
• The top five most challenging remote access problems
• Using Privileged Remote Access for an effective solution
If you have any number of remote access connections in your organization, either through employees or vendors, this session is an essential – as it will help you to better understand the dangers (and the solutions) when it comes to your remote access landscape.


Presenter: Ajay Kumar, Director for Security Engineering - APJ, BeyondTrust
Moderator: Tony Vizza, CISSP, CCSP, Director of Cybersecurity Advocacy, APAC, (ISC)²

The (ISC)² CISSP is one of the world’s most valued information technology and information security certifications today. With a proven track record over 25 years in the making, the CISSP truly demonstrates that you are at the top of your cybersecurity game in terms of knowledge, skills and experience.

In this webinar, you will learn:
• The lessons learned from recent incidents
• Why it has never been more important to become a Certified Cybersecurity Professional
• Recent changes regarding CISSP exam domains
• The merits and benefits of CISSP certification for you as well as the steps involved to attain accreditation.

Presenters:
• SC Leung, CISSP, CCSP, By-Laws Committee Chair, (ISC)² Board of Directors; Centre Manager, HKCERT
• Zhou Zhihao, CISSP, CCSP, Manager, Infosecurity, SPTel Pte Ltd
• Tony Vizza, CISSP, CCSP, Director of Cyber Security Advocacy, APAC, (ISC)²

昨今、Exchange Serverに複数の脆弱性が発見されておリます。またこの脆弱性を狙い、複数の企業が攻撃されました。本セッションでは、その脆弱性を利用してExchange Serverへ攻撃として、危険なWebshel攻撃をデモいたします。また防御対策として、マイクロソフト社が出してるパッチ適用に加えて検討すべき課題を防御対策ZTNAの観点で詳しく解説いたします。

Presenter: アジェイ・ミスラ, セキュリティストラテジー ディレクター, Akamai Technologies
Moderator: 小熊 慶一郎, CISSP, Director of Business Development, Japan, (ISC)²