Name: Log4Shell: Your Questions Answered
Start: 2021-12-20T18:00:00Z
End: 2021-12-20T18:00:45.000Z
Location: BrightTALK
Rating: 5

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd. 

Join Michael Skelton (Codingo), VP of Security Operations, and Nick McKenzie, CISO, as they break down Bugcrowd’s annual report, Inside the Platform (previously known as the Priority One Report). In this webinar, you’ll learn:
What millions of vulnerabilities tell us about the year to come.
The value of an open scope program.
How different hacker roles contribute to crowdsourced security.
How much different industries can expect to pay for a vulnerability.

Whether you’re a seasoned crowdsourced security veteran or just looking to dip your toes into the world of crowdsourced security, this webinar is a great tool to give you insight into best practices from the most successful programs on the Bugcrowd Platform.

Inside the Platform: Vulnerability Trends for 2024

AI is revolutionizing how work is done in every industry, and it has the potential to solve unsolvable problems beyond improving productivity. But it also poses unique challenges for security and business leaders, as reflected in President Biden’s Executive Order 14110 establishing U.S. federal standards for AI safety, security, and trustworthiness, along with the formation of a U.S. Artificial Intelligence Safety Institute.

In this conversation featuring Bugcrowd Founder and Chief Strategy Officer, Casey Ellis, and Conductor AI Founder, Zach Long, you’ll learn:
- How the AI attack surface differs from the current state and main considerations for security teams
- Emerging compliance requirements for adopters of AI
- Why crowdsourcing is the right solution at the right time for these urgent challenges

AI Safety and Compliance: Securing the New AI Attack Surface

Join Michael Skelton (Codingo), VP of Security Operations, and Nick McKenzie, CISO, as they break down Bugcrowd’s annual report, Inside the Platform (previously known as the Priority One Report). In this webinar, you’ll learn:
-What millions of vulnerabilities tell us about the year to come.
-The value of an open scope program.
-How different hacker roles contribute to crowdsourced security.
-How much different industries can expect to pay for a vulnerability.

Whether you’re a seasoned crowdsourced security veteran or just looking to dip your toes into the world of crowdsourced security, this webinar is a great tool to give you insight into best practices from the most successful programs on the Bugcrowd Platform.

Step inside the minds of 1000 hackers and see your organization from a new perspective, with the latest analysis on security researchers and their transformative use of generative AI.

Take a walk in their shoes and learn:
-Who hackers are, the skills they have, and their biggest motivators.
-How hackers are leveraging generative AI
-Where hackers are focused and which industries leverage their expertise

Inside the Mind of a Hacker

Join Rob Gurzeev, Founder and CEO, of CyCognito, and Casey Ellis, Founder and Chief Strategy Officer, of Bugcrowd, as they discuss how the utilization of automation and external attack surface management (EASM) coupled with crowdsourced testing (including pen testing and bug bounty) work together to empower organizations to effectively address these challenges.

In this roundtable webinar, you’ll discover how:

-Automation plays a pivotal role in enhancing security testing efficiency and accuracy.
-Crowdsourced security testing and EASM together allow you to proactively identify vulnerabilities, thus reducing time to remediation and bolstering your overall security posture.
-EASM informs and optimizes testing, ensuring that critical assets are thoroughly tested for improved accuracy, reducing, or eliminating false positives.

Strengthen Your Security Posture

Economic realities dictate that DevSecOps must find more cost-efficient ways to develop, secure, and manage technology. Yet demands from boardrooms to deliver the next generation of industry-transformative digital products continue to grow. Juggling these priorities is top of mind for CTOs, CISOs, and engineering leaders, which is why companies like Clari and Motorola Mobility are increasingly turning to crowdsourced testing as a disruptive staffing model to scale up security and quality testing operations. 

Watch this roundtable discussion to learn how crowdsourced testing programs can:
-Serve as an extension of internal expertise and capacity. 
-Provide on-demand access to a global network of skilled quality and security experts to address a broad set of product validation use cases.
-Help product and security leaders unlock more efficient ways to deliver high-quality, highly secure end-user experiences.

Crowdsourced Confidential: Comprehensive Security & Quality Testing

Inside the Mind of a Hacker 2023

81% of executives say the cost and constant effort required to stay ahead of hackers is ‘unsustainable.’ Many organizations are turning to crowdsourced security to tap into specialized skill sets of ethical hackers to beat bad actors at their own game.

Rapyd, a fintech company, is doing just that. Watch this webcast to learn their take on the 4 essentials to picking the right partner:
-A multi-solution SaaS platform with real-time visibility
-The right crowd of hackers for their industry and program
-Integration with existing workflows and systems
-Dedication to customer experience

4 Essentials to Look for in a Crowdsourced Security Platform

Government agencies and their contractors are held to the highest standards where cybersecurity is concerned. To meet those expectations, the US Cybersecurity and Infrastructure Agency (CISA), made vulnerability disclosure programs (VDPs) a requirement for all federal civilian agencies and launched the CISA VDP platform to help these agencies, federal contractors, and critical infrastructure providers strengthen their security posture by engaging the global ethical hacker community to voluntarily find and report vulnerabilities.

Join us for this panel discussion to learn how in the first 18 months CISA :

✓Onboarded more than 40 agencies onto the VDP platform, built in partnership with Bugcrowd
✓Identified >1,300 unique valid disclosures
✓Remediated >1,000 vulnerabilities, an 85% remediation rate
✓Expanded the program to include a private bug bounty program to encourage additional reporting

Combating Cyber Threats with VDP: A Federal Success Story

Organizations are moving workloads to the cloud to improve efficiency and competitive advantage. Yet, as new cloud apps and services emerge, unprotected attack surfaces expand.

The real dilemma: it’s getting harder to find the right cloud security expertise to ensure users and data are protected across multi-cloud environments.

This new webinar helps you take this daunting challenge head on. It details key insights on a modern security platform approach that harnesses crowdsourced security expertise to help you protect your cloud before attacks happen.

Attend and learn how to:

1. Leverage smart crowdsourcing and solve your cloud security skills gap
2. Meet aggressive cloud code deadlines without creating vulnerabilities
3. Manage fewer security vendors while increasing cloud risk reduction
4. Utilize a platform-driven crowd security solution to prevent cloud attacks

Scaling Cloud Security Using a Multi-solution Crowdsourced Security Platform

Social engineering is now one of the most common attack vectors in cybersecurity, with everyone from individuals to multinational corporations being targets. Without proper awareness and practices, even the most seemingly minor divulsion of information can lead to a catastrophic exploit by a skilled attacker.

In our latest Crowd Café webinar episode, Casey Ellis, Bugcrowd’s Chairman, Founder and CTO, was joined by Rachel Tobac, Co-founder and CEO of SocialProof Security, and an expert practitioner in social engineering hacks and how to prevent them.

During the webinar, Casey and Rachel discussed:

- How digital transformation has raised the stakes for social engineering risk
- What organizations can and should do to protect their customers and employees
- Rachel’s real life hacking stories from the field

There was also an open “Ask Me Anything” (AMA) session at the conclusion of the webinar.

Crowd Café: Social Engineering AMA with Rachel Tobac

Dramatic cultural shifts are taking place within the government. With the growing development of connected systems and a shortage of skills and time to protect them, this webinar explores how the government is connecting with security researchers all around the world to help secure those critical systems.

In this joint Carahsoft and Bugcrowd webinar, you’ll hear Justin Beachler, Bugcrowd’s Director, Trust and Security, discuss:

✓ How the changing landscape of remote work is affecting how we approach security
✓ The benefits of specializations beyond the walls of government
✓ How we level the playing field in terms of attackers and defenders
✓ How to secure your critical systems

Bugcrowd, How the Government is Partnering with an Ethical Army

Crowdsourced security has its roots in the bug bounty movement, which emerged years ago. Since then, it's become much more versatile, enhancing numerous security workflows (pen testing, ASM, etc.), and for many adopters, joining the mainstream development lifecycle.

In this webinar, you'll learn:

- About integrating crowdsourcing with your existing dev and security processes
- Modern use cases for crowdsourced security that go beyond bug bounty
- The difference between generalist crowds and curated crowds
- How it contributes to continuous, shift-left security

DBT Crowdsourced Security and DevOps: A Few Things You Probably Didn't Know

Use cases for crowdsourcing have multiplied since the bug bounty was invented years ago, enhancing everything from pen testing to asset risk analysis. But with these additional opportunities, as well as a huge expansion in the complexity of attack surfaces, it’s now critical to have access to the right trusted experts, for the right problems, at the right times.

In this episode in our “Meet the Experts” series, Bugcrowd’s Director of Product Management, Farzad Eskafi, will explain:

- The differences between generalist and precisely curated crowds
- How Bugcrowd thinks about crowd matching and activation, and how they’re implemented in the platform
- Why precisely curated crowds lead to better findings and results

Meet the Experts: Activating the Right Crowd at the Right Time

SANS and Bugcrowd recently partnered up for a webinar which explored the versatility of crowdsourced security and the bug bounty movement.

During the webinar SANS Certified Instructor and Author, Jorge Orchilles, and Bugcrowd’s Manager of Solutions Architecture, Kevin Hemmingsen, discussed:

- Modern use cases for crowdsourced security that go beyond bug bounty
- The difference between generalist crowds and curated crowds
- How crowdsourced security contributes to continuous, shift-left security
- How to think about integrating crowdsourcing with your existing dev and security processes

Crowdsourced Security and DevOps: A Few Things You Probably Didn't Know

In this Infosecurity webinar sponsored by Bugcrowd, an expert panel, including Bugcrowd’s Chairman, Founder and CTO Casey Ellis, discuss the need for security teams to prioritize the most important areas of their organizations. Security teams should also seek outside help, leveraging the skills of crowdsourced white hat hackers, to identify the new vulnerabilities across their networks.

The expert panel also discusses:

-The evolving threat landscape and expected trends for 2022
-The importance of adopting a risk-based approach
-The growth of crowdsourced security and how it works

Evolving your security strategy to challenges of 2022

Lessons have been learned from the Log4Shell vulnerability. But what is next? Another vulnerability discovery, rushing to understand it and trying to remediate it. With digital transformation showing no signs of slowing in 2022, organizations need to evolve their security practices along with the current landscape. Static vulnerability scanning, traditional penetration testing are not effective. Platform-powered crowdsourcing, where the crowd and the platform are foundational, is the approach organizations need to take when it comes to security maturity.

Hear from Bugcrowd’s Justin Beachler, Dir. of Trust & Security at Bugcrowd, as he is on the front lines helping organizations evolve their security strategy by adopting a platform-powered crowdsourcing approach to navigate through the uncharted waters of crowdsourced security.

Navigating the Uncharted Waters of Crowdsourced Security

Everyone agrees that the historic Log4J vulnerability, and the associated Log4Shell exploit, is the worst Java risk we’ve seen in years–maybe ever. But why? And what will remediation look like for the countless platforms and products that touch it in some way? Furthermore, how should the ecosystem prepare for the next one before it happens? 


Join us for an impromptu AMA session with Bugcrowd Founder and CTO Casey Ellis to hear answers to those questions, insights about how hunters on the Bugcrowd Security Knowledge Platform are working 24/7 to find and understand this vuln for customers, and to ask Casey your own questions, as well.

Log4Shell: Your Questions Answered

Vulnerabilities

SecOps

Crowdsourcing

Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Log4Shell: Your Questions Answered

Presented by

About this talk

More from this channel