The Healthcare CISO Journey through COVID-19

The scenario where services from multiple public cloud providers - such as AWS, Azure, and GCP - are used by an organization is a reality that increases the security challenges associated with cloud environments.

Organizations using the cloud are not always finding Cloud service providers (CSPs) provided security mechanisms to be adequate, especially for multi-cloud deployments. They need to take proactive steps to manage their cloud usage and successfully applying new cloud-centric monitoring tools. What is the SIEM role, or even if it is an appropriate solution, are common questions raised when looking for ways to address these challenges.

A Cloud SIEM provides essential capabilities to act as a foundational component of a cloud security monitoring strategy capable of covering multi-cloud scenarios.

Join Augusto Barros, VP of Solutions at Securonix, to learn about:

• How can organizations achieve a cost-effective solution under these circumstances?
• What are the SIEM capabilities required to provide adequate security monitoring for cloud environments?
• How can cloud SIEM multiply the value of CASB and CSPM implementations?

Augusto Barros was the Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. He has over 20 years of experience in the IT security industry as an analyst and a security architect and officer for large enterprises.

The recent SolarWinds attack was an unpleasant reminder of our interconnected enterprises. Businesses across every economic sector can encounter vulnerabilities not only from within their own environment but also from critical supply chain partners and other third-party dependencies. Prioritizing risk based on the business impact can help ensure business strategies and operations remain on track and protected.

Join Cyber Defense Labs President and COO, Jason Cook, Mike Spotts, Cyber Defense Labs Vice President and CTO, and Jon Garside, Director Partner Marketing at Securonix and learn how to:

· Assess your environment to determine what matters most and where to start
· Establish a roadmap with clear priorities to effectively manage vulnerability and create a more resilient business environment
· Identify your most valuable business operations to ensure proper security controls and processes are in place to prevent future loss or harm
· Invest to ensure you maintain high security and risk management standards despite limited resources

Jason Cook is a seasoned cybersecurity executive with a track record of helping organizations not only protect their current business but create resilience to manage and deter any future threats. As a trusted partner in cybersecurity business practices, he serves on several companies' advisory boards and is a frequent expert speaker on technology and security issues.

Michael Spotts has an extensive operational background in designing, implementing, and running global cyber operations and services for Fortune 100 companies. As the CTO of Cyber Defense Labs, he now oversees their Security Operations Center, monitoring client's network around the clock.

Phishing and other human-facing social engineering tactics remain the primary vectors of successful attacks. The transition to remote work greatly expanded the attack surface and opened new vectors for campaigns.

Organized cybercrime groups commonly use zero-day attacks to avoid detection. They typically compromise user credentials, so they can move across your organization to get to your most precious data.

How can you detect zero-day events without constant rules updates and rewrites and sifting through mountains of false positives?

How do you achieve infinite scale without an endless number of events to triage?

David Swift will discuss the top ten use cases and three keys to finding security threats in any environment using behavioral analytics. You will learn:

-The critical threat detection techniques to identify zero-day and malicious activity from both outside attackers and internal users.
-Five indicators that combine known threats and machine learning to identify compromises.
-Key log sources needed to solve the compromised user dilemma and how to detect misuse and malware.
-Primary use cases across industries such as Manufacturing, Healthcare, Energy, and Financial Services.

David Swift is a 15-year veteran of SIEMs, UEBA, SOCs and a security evangelist.

The MITRE ATT&CK framework has become an excellent way for security professionals to understand and describe threats. However, most of the time, it is used to describe the actions of external threats.

But what about the insider threats? According to Forrester, 25% of breaches resulted from internal incidents, and almost half of them were malicious. In the past few years, insider threats have evolved in several aspects from how sensitive data leaves the organization to ways in which privilege access gets misused, creating risks for organizations to mitigate. The proliferation of cloud applications and the current remote work setup make tracking and protecting sensitive data extremely challenging.

Can we use the MITRE ATT&CK framework to help us describe, understand, and finally detect and protect against insider threats? If the framework often describes and supports threat detection of external threats, does it also help deal with insider threats? What organizations should expect from this exercise, and what do they need to do differently to achieve the desired results?

Join Augusto Barros, VP of Solutions at Securonix, to learn about:

• How insider threats have evolved and the new challenges they present?
• How the MITRE ATT&CK framework supports threat detection practices?
• How the MITRE ATT&CK framework can also help to address the issues related to insider threats?

Augusto Barros was the Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. He has over 20 years of experience in the IT security industry as an analyst and a security architect and officer for large enterprises.

The pandemic has broadened the threat landscape, but businesses and security teams have to do more with less. How are businesses keeping ahead of the changing threat landscape, retaining key personnel, and facing an uncertain economy?

This year has delivered ten years of digital transformation in 6 months. But as businesses changed, adversaries have evolved to take advantage of it. Hybrid and Remote have become the new normal, but at a cost to operations teams - fatigue and mission loss for many cybersecurity professionals.

In this webinar, Jeff Foresman, CISO for Digital Hands and Augusto Barros, VP of Solutions at Securonix, discuss the changing landscape, the human costs, technology, and people's investments necessary for a positive outcome over the 18 months.

Join them to understand better:
• Your skills gaps going into 2021
• The value of shared goals with a security partner
• Defining security strategy on outcomes, not technology

Augusto Barros was the Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. He has over 20 years of experience in the IT security industry as an analyst and a security architect and officer for large enterprises.

Jeff Foresman has over 25 years of experience in Technology and Cybersecurity focused on building successful security programs, streamlined security operations, and resilient security architectures. He is a thought leader in regulatory compliance topics such as PCI DSS, HIPAA, NIST and GDPR.

By 2023, more than 50% of all workloads will leverage public cloud, hybrid, or edge, up from approximately 20% in 2020 (Gartner).

Detecting threats in the cloud presents several challenges: dealing with new technologies, facing new threat scenarios, exacerbated by the COVID-19 accelerated cloud adoption.

Gartner indicates that organizations have been expanding their adoption of cloud security-oriented tools, such as Cloud Security Posture Management (CSPM) and Cloud Access Security Broker (CASB), as they try to keep cloud-related threats under control. However, not all organizations have an interest in adopting all these added technologies, and even when they do, the challenge of integrating them into their security monitoring infrastructure remains.

Join Augusto Barros, VP of Solutions at Securonix, to learn about:
● What are the differences between traditional threats and cloud threats?
● How to align your security monitoring architecture to the new cloud monitoring requirements?
● How to optimize cloud security monitoring with a cloud-first SIEM approach?

Augusto Barros was the Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. He has over 20 years of experience in the IT security industry as an analyst and a security architect and officer for large enterprises.

Enterprises are increasingly adopting a cloud-first approach to increase IT agility, nearly unlimited scalability, and lower costs. Amazon Web Services, with the richest suite of public cloud IaaS and PaaS-layer capabilities, continues to lead with more than 30% of the public cloud market share. As digital transformation progresses, so does the attack surface that exposes the ongoing proliferation of security risks.

AWS operates on the Shared Responsibility Model, which means that the infrastructure's security is AWS's responsibility. It also implies that your organization needs to perform its part in the security equation and rethink security monitoring to protect critical assets and data in the cloud infrastructure. Although the fundamental principles of defense in depth still apply, the way you execute them in the cloud is different than traditional data center security.

In this session, join Vidit Arora, Director of Global Technology Enablement at Securonix, as he discusses the critical tenets of monitoring your AWS infrastructure:

- How and what data should organizations collect and monitor?
- What are the top 10 threats and use cases to monitor?
- How does Securonix implement monitoring for AWS?

A new wave of security solutions called XDR – Extended Detection and Response - have taken the security market by storm. Is this what your organization need to detect and respond to today's and tomorrow's threats?

According to Gartner, XDR describes a unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components. XDR highlights the value of pre-integrated solutions, promising a less complex way to detect and respond to threats. XDR value does not come from capabilities not available before but from better integration of components that already existed as standalone solutions.

Organizations are eager to understand if XDR is the right solution for them and how does it fit into their current ecosystem of tools including SIEM and UEBA.

Join Augusto Barros, VP of Solutions at Securonix to learn about:
• What is an XDR?
• How does it align with your detection and response needs?
• XDR and SIEM in the CISO toolkit: how to obtain the best value?
• Role of managed services.

Augusto Barros was most recently the Research VP in the Gartner for Technical Professionals (GTP) Security and Risk Management group. He has over 15 years of experience in the IT security industry both as an analyst and as a security architect and officer for large enterprises.

According to Verizon’s 2020 Data Breach Investigation Report (DBIR), over 80% of hacking-related breaches involved the use of lost or stolen credentials - and approximately 35% of all breaches were initiated due to weak or compromised credentials.

Last year, we kicked off The (Security) Balancing Act series with a panel of identity experts to help us understand the landscape. Join us for this 1 year check-in to learn what has changed for organizations in the last 12 months and the security implications of shifting to a more remote workforce.

- 2020 vs 2019: Key changes & challenges for cybersecurity
- How work from home has opened the door to attackers
- Regulatory updates that may impact identity management programs
- Why attackers are focused on credentials and authentication systems
- What businesses can do to keep track of all endpoints, manage identities and privileged access, protect their data and maintain compliance

Panelists:
- Aidan Walden, Director, Public Cloud Architecture & Engineering at Fortinet
- Shareth Ben, Executive Director, Insider Threat & Cyber Threat Analytics at Securonix
- Doug Simmons, Principal Consulting Analyst, Managing Director, Consulting at TechVision Research

This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.

Cyberattacks are on the rise, and financial institutions using SWIFT and other payment mechanisms are increasingly becoming targets of sophisticated attackers.

Effectively detecting and identifying these advanced cyberattack activities in a complex SWIFT environment requires a big data analytics platform that can collect, enrich, analyze, and correlate/connect billions of disparate data points in real-time, as well as incorporate historical information to identify behavioral anomalies. This approach allows fraud and security analyst teams to concentrate on the most critical events.

Thomas Harrington, Securonix Board of Advisors, CISO Citi (ret.), Associate Deputy Director FBI (ret.), will moderate an interactive session with Securonix Threat Experts, Oleg Kolesnikov, VP of Threat Research, and Aditya Sundararam, Senior Director of Cyber Threat Analytics.

Join our panelists to learn about:
- The latest attack techniques used in financial services/SWIFT organizations' cyberattacks, such as Lazarus/BeagleBoyz/FASTCash v1/2, TA505, Carbanak, and others.
- Current trends observed in the wild to help better prepare for the "next generation" of financial services/SWIFT cyberattacks.
- Examples of some of the most effective detection behaviors your blue teams can look for to increase the chances of detecting some of the latest variants of these cyberattacks.
- How the Securonix behavior analytics approach can assist with detection and meeting compliance requirements.

Cyber threats continue to get more advanced. To proactively combat these threats, Security teams cannot simply rely on pre-baked detections. They need the ability to discover threats early and detect those hidden already in their environment, without waiting for an incident to happen.

The challenge, with legacy and on-premise solutions, is the architecture is not designed to support proactive and historical searches without major performance issues. Another challenge with legacy SIEM is the huge cost associated with searchable data retention.

Securonix's new search capabilities leverage the power of Amazon Web Services' (AWS) cloud-native and big data architecture to enable dynamic and long-term searches at a fraction of the cost, without any performance impact.

Join Nitin Agale, Senior Vice President, Products & Marketing, Securonix, and Patrick McDowell, Global Technical Lead, AWS to learn about how your organization can benefit from:

• Live Search to proactively detect threats on streaming data with virtually zero-latency.
• Long-Term Search to search across historical data at one-third of the cost.
• The security industry’s first Community-Powered Threat Hunting capability with ready-to-deploy collaborative workbooks utilizing threat intelligence from Securonix, and global communities such as MITRE, Sigma, and others.
• Out-of-the-box bi-directional integrations for Amazon Simple Storage Service (S3), Amazon CloudWatch, and Amazon GuardDuty.

With our perimeters expanding beyond the confines of the typical workspace, it has become increasingly evident and critical to monitor the threats posed using insider credentials. Regardless of whether the threats are accidental or intentional, they both ultimately lead to data theft or some form of service disruptions.

Major gaps in controls, logging, and monitoring cause organizations to be unaware of the different threats that already exist within their environments. Insider credentials with access to critical infrastructure and data, need to be closely monitored.

The best approach to detect these scenarios is to tie anomalies to an identity using a kill chain approach to model potential threat vectors and detect proactively.

Join Kayzad Vanskuiwalla, Principal Threat Hunter - Cyber Threat Analytics, Securonix and
Dharaninath Doppalapudi, Senior Vice President - Cyber Security, Accolite to learn how to:

• Identify gaps in logging and monitoring in order to be equipped to detect key threat vectors
• Identify and continuously monitor key assets, potential insider threat entities, and privileged accounts
• Detect the unknown threats via focused micro-threat models/kill chains, and shift your focus to anomalies and threats, instead of signatures
• Maintain GDPR compliance while monitoring as it pertains to the European Union and European Economic Area

In the past few years, Insider Threat has evolved in several aspects from how sensitive data leaves the organization to ways in which privilege access gets misused, creating risks for organizations to mitigate. The proliferation of cloud applications had made tracking and protecting sensitive data extremely challenging. Add to this the current remote work setup in the midst of COVID-19, and one can imagine how hard it is to track, monitor, and protect your crown jewels.

Insider threats can originate from malicious insiders or insiders that are simply negligent and do not follow best practices. Insider threats can also originate from compromised accounts that are controlled by an outsider. Given all the scenarios, monitoring solutions are forced to curate use cases in conjunction with purpose-built detection techniques in order to derive specific outcomes to be effective in detecting infractions.

This shift in behavior is becoming more evident as organizations ramp up visibility into how its employees and contractors use their assets and resources over time. Join Shareth Ben (Executive Director, Insider Threat &Cyber Threat Analytics, Securonix) and featured speaker Joseph Blankenship (Vice President, Research Director, Security & Risk, Forrester) to gain some insights into:

• How Insider Threat has evolved over time and the new challenges it presents.
• What are some of the most common Insider Threat behaviors observed in the field?
• Which detection techniques are effective in detecting nefarious behaviors within the organization?
• Walkthrough of the key trends and observations from the Securonix 2020 Insider Threat Report.

Organizations are experiencing a changing cyber threat landscape. Phishing and malware attacks are on a rise and more effective than ever before because of the fear factor and lack of in-person communication. Having a large workforce working remotely presents more risk of opening-up exploits and sensitive data leakage.
The lack of security controls, new unknown attacks, and insufficient training are creating a very different set of applications and data vulnerabilities.

As enterprises plan to adapt to these new challenges, implementing strong security monitoring and detection controls is imperative.

Join Securonix’s Aditya Sundararam, Director of Cyber Threat Analytics and Booz Allen’s Michael Sechrist, Head of Solutions, Advanced Threat Services to understand how to defend your enterprise from ransomware, phishing, VPN attacks, data compromise, and emerging challenges like executive protection.

From PPE phishing scams to ransomware, to hacking attempts of DNS routers, to hospital supply chain risks, malicious actors are looking to take advantage of the crisis caused by the Covid-19 outbreak.

Healthcare organizations worldwide have been through pandemic planning before, but never to this extent. The pandemic plans for Ebola and SARS were useful but not holistic.

Securonix is inviting Security leaders in healthcare to a panel discussion on the information security challenges amidst the current health crisis. Robert Martin, CISO, Alberta Health Services, Matthew Modica, CISO, BJC HealthCare and Nathan Moon, Director, Detection & Response, Intermountain Healthcare will discuss the current situation, challenges, and steps they took to mitigate risk while maintaining business continuity and patient care.

Thomas Harrington: Securonix Board of Advisor, Associate Deputy Director FBI (Retired), CISO Citi (Retired) will moderate the session as the panel discusses:

• Challenges healthcare organizations are facing including business continuity, remote workforce, data security and privacy, security training.
• Steps security leaders are taking to mitigate the risks and strengthen security policies and controls.
• Best practices to handle the new patient care norm: remote work environment, virtual care platforms, access to systems from non-traditional locations such as tents, and community vans.
• Balancing risk acceptance with business needs
• Role of technology, threat intelligence, and behavioral-based monitoring

We are facing a new normal in our corporate lives, with work from home becoming a necessity rather than a privilege. This change comes with its own set of cybersecurity challenges that security teams must deal with.

Working remotely could mean the use of unsecured devices, sharing or compromising of credentials, and accessing critical applications over unsecured external networks. This host of inconsistent behavioral attributes raise the possibility of opening-up exploits, compromising system integrity, which could result in sensitive data leakage.

To assist our customers and community with these challenges, Securonix is collaborating with partners like LTI to develop solutions to monitor and mitigate cyber threats effectively and ultimately create a secure work environment.

Join Sujay Doshi, Senior Product Manager for Cyber Threat Content at Securonix, and Prasenjit Saha, Executive Vice President, Global Head - Cyber Security at LTI to discuss:
• Cyber threat challenges that result from remote work setup.
• Critical security controls that organizations should consider for mitigating cyber risk to their environment.
• Securonix packaged solution for remote workforce monitoring.
• Hands-on demo of the Securonix solution with use cases from the trenches.
• LTI advisory service offerings to assist customers.

Digital transformation - we hear about it all the time, but what does it really mean for security? As organizations transition users, applications, workloads, and data from on-premises into the cloud to improve agility and competitiveness - how does that change their security landscape and threat model? And how can organizations address the challenge of protecting both legacy on-premises systems, while at the same time, also having to secure dynamic multi-cloud-based environment?

Join today's episode to learn about the reality many organizations are facing when it comes to juggling on-prem and multi-cloud security, what the key differences are and how to address them for your organization. The panel will also discuss the following topics:
- What are the differences between Cloud Security vs On-Premises Security and why do they matter for organizations in 2020?
- Can we normalize our security posture across the legacy and hybrid/multi-cloud environments?
- Is it possible to improve security as part of a digital transformation program?
- What kind of cyber hygiene do we need to practice? What should be added and what can be taken off security teams' plates?
- Where does DevOps (or DevSecOps) fit into all of this?
- Are cloud security failures the customer's fault?
- What is SASE and how will it impact your organization?

This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.

Recent world events have increased the vulnerability landscape and tested the security resiliency of enterprises. Not since the Icelandic volcano eruption in 2010 have we seen global events drive such profound changes to work behavior and employee mobility.

As enterprises enforce remote working – at short notice – they face a critical question: How will their security teams identify bad actors and threats in a time of massive user behavior change? This remote collaboration shift is exacerbated by the existing trend towards using cloud applications in the enterprise, and the security risks, monitoring, compliance, and response challenges that it brings.

In this webinar, Jason ‘JE’ English, Principal Analyst at Intellyx and Jon Garside, former CISO discuss the value of:

• Securing distributed, hybrid IT application work without inhibiting access and collaboration
• Best practices and a security posture for the new norm: remote workforces & hybrid cloud
• SaaS Security, that decreases cost, while scaling to newly diverse environments
• Semi-autonomous, cloud-based security, independent of infrastructure
• New threat chains and security playbooks, in the absence of analysts

Today we are in the midst of a global health crisis, which is affecting every aspect of our lives. In these tough times, many organizations have resorted to working from home to keep their employees safe.

However, this shift in the work setup is posing several challenges to the security teams. Critical data and applications are accessed from untrusted remote locations. Remote authentication and VPN devices suddenly are seeing a massive spike in traffic and targeted attacks. More phishing and malware campaigns are targeting employees. Amidst this increased attack surface, organizations are also concerned about the productivity of their employees, compliance, and licensing mandates.

To help our customers and community with these challenges, Securonix has created a task force of Data Scientists, Threat Researchers, and Detection Engineers. The task force is collaborating with Securonix customers and partners to develop content from the trenches that organizations can deploy to secure their work environment better.

Join Nanda Santhana, to learn about:

- Key challenges in the remote workforce setup.
- Threat and behavior indicators from the trenches.
- Use cases you can implement in your Security monitoring solution.
- Recommended incident response actions.