Name: Preparing for PCI DSS v4.0 Client-Side Protection Requirements
Start: 2023-04-27T17:00:00Z
End: 2023-04-27T17:00:50.000Z
Location: BrightTALK
Rating: 5

F5 is the only company that can secure, deliver, and optimize any app, any API, anywhere.

F5 specializes in application delivery networking(ADN), application availability & performance, multi-cloud management, application security, network security, access & authorization and online fraud prevention.

Visit F5 at: https://www.f5.com/company

Join F5 Labs threat researcher Sander Vinberg for the latest vulnerability intelligence from F5 Labs. This talk will begin at the tactical level by exploring CVE targeting trends, including a recent focus on IoT devices. Sander will also cover the Exploit Prediction Scoring System, an open-source ML system for forecasting vulnerability exploitation.

We will unpack how the system works, how F5 contributes to it, and how best to use it to provide insight into your own vulnerabilities and risks. The talk will conclude with an examination of the long-term future of vulnerability management, referencing selected findings from a recent report on the evolving CVE landscape.

Through this talk, attendees will learn:

-  Which vulnerabilities attackers are prioritizing in 2022 and early 2023
-  Features, strengths, and weaknesses of the Exploit Prediction Scoring System
-  How changes to vulnerability publication may impact the future of the CVE system

Vulnerability Intelligence: Near Past and Distant Future

Event driven security offers an innovative approach to addressing today’s sophisticated threat landscape. Real-time event monitoring and automation can identify and respond to potential threats proactively – before they can cause damage.
During this session, we will explore the key concepts of event driven security, its benefits, including improved efficiency and response time, and how to overcome challenges. We will also show a security-focused demo using F5 and Event-Driven Ansible.

PT1:  Event-Driven Automation and Security with F5 and Red Hat Ansible

In this Roundtable, F5 and Microsoft will discuss the following:
-  How to better secure your Azure AKS clusters with NGINX Plus Ingress Controller and NGINX App Protect WAF & DoS.
-  Leverage NGINX Plus Ingress Controller Open ID Connect (OIDC) / JSON Web Tokens (JWT) for authentication in AKS.
-  Improve resiliency and scalability in AKS and support self-service (RBAC) with NGINX Plus Ingress Controller.

As the industry continues to “shift left” when it comes to security, having security running at more levels of your infrastructure is increasingly important. In this discussion, the Microsoft and F5 NGINX teams will talk about how you can improve your security posture by leveraging NGINX Plus Ingress Controller and App Protect in your AKS environment.

Security is essential in your infrastructure and your home – and we’d like to help with both.

Microsoft & F5 : Securing Kubernetes in Azure with AKS & F5 NGINX

F5's SaaS services delivery platform, F5 Distributed Cloud, has expanded. We'll answer common customer questions like: How does this SaaS platform work with other F5 products and services? What best practices help securely deliver my applications? And we'll look at how pairing F5 Distributed Cloud Services with your existing security services can help you become an application security hero in your organization.

In this session, we will: 
-  Explore application security features with F5 Distributed Cloud to accelerate security delivery and embrace operational consistency.
-  Cover key security practices that should be in every application delivery scenario.
-  How can operations be maintained, the true test of sustained security.

Becoming an Application Security Hero with F5 Distributed Cloud Services

As organizations increasingly adopt hybrid architectures and microservices, the number of APIs utilized within their ecosystems continues to grow at an exponential rate. This phenomenon, known as API sprawl, poses significant challenges in terms of security, governance, and efficiency. But of them all, API security might require the most urgent response. 

For organizations trying to secure their APIs, multi-cloud complexity and difficulty enforcing consistent security top the list of challenges according to F5’s State of Application Strategy Report (2023). To address API sprawl, organizations need to adopt a more holistic app and API security strategy for their organization including components that deliver runtime protection, posture management, and help integrate security and code testing earlier in the software development lifecycle. 
 
Join the conversation to hear Joshua Haslett, Ian Dinno, and David Remington's answers to hard-hitting questions about API sprawl, management and security.

Untangling APIs: Addressing Sprawl and Securing Your Digital Ecosystem

Whether an application is hosted in one or more locations, is migrating, or has advanced delivery and security needs, it's crucial to provide effective and consistent security. Fortunately, application owners can use the F5 Distributed Cloud Platform and portfolio of services to engage multi-cloud networking for on-premises and cloud-based application deployments to provide consistent security operations.

In this session, we will: 
 -  Explore F5 Distributed Cloud’s Multi-Cloud Networking functionality for secure delivery of applications wherever they are hosted. 
-  Show consistent deployment and operations of application security across Public Cloud and/or Private Cloud/Data Center.
-  Reviewing layered security deployment architectures with the F5 portfolio solutions like BIG-IP and NGINX designs.

Protect Apps Anywhere with F5 Distributed Cloud Services

Join F5 experts to learn how to gain the observability, security, and agility you need to compete in a complex hybrid and multi-cloud digital world.

Apps and APIs span every generation of architecture—from monoliths to microservices and from client-server to mobile—across data centers, clouds, and at the edge. Organizations strive to achieve digital resiliency, yet 9 out of 10 companies that operate in multi-cloud environments are struggling to maintain a consistent security posture.

In this webinar, you'll learn:

-  The challenges of securing the enterprise architecture for digital business.
-  How the right solutions protect all apps and APIs—legacy and modern— from core to cloud to edge.
-  Best practices for deploying comprehensive protection and consistent security that unleashes innovation and digital velocity.

Application Security for a Hybrid and Multi-Cloud Digital World

As application development continues to advance, API frameworks must evolve to meet the increased security burden placed upon them. API security includes the rules, protections, and controls used to secure them as well as the essential observability and visibility provided through discovery. Together, API security and discovery accelerate development and delivery of services. 

In this session, we will:
-  Explore F5 Distributed Cloud's API Discovery functionality and ability to drive learning and visibility of discovered, inventories, and shadow APls.
-  Apply API security protections delivered at the edge and securely deliver endpoints while understanding their delivery.
-  Layer complimenting security strategies like Malicious User Detection and Mitigation, Bot Strategies, and other Service policy services to protect APls.

Discover, Monitor & Mitigate API Threats with F5 Distributed Cloud Services

Recent breaches have exposed everything from your credit score to your age, gender, and even how often you work out. Worst of all, in a recent breach, unprotected APIs (Application Programming Interfaces) have exposed the personally identifiable information and login credentials of 37 million people. Given the sensitive nature of the data that can be exposed by unprotected APIs, the need for effective security cannot be stressed enough. 

Join our webinar to learn from F5 security experts why it is imperative for organizations to address security threats to consumers and business — and the steps you can take to get started. You will hear real stories about security challenges, followed by a demo showing what shadow APIs are and look like and how to interact with them, and more.  

In this webinar, you will learn about:

-  The best ways to incorporate security controls. 
-  API discovery and API protection rules.
-  Swagger file generation through discovery and import.
-  Rate limiting based on the API inventory that gets created.

API Discovery, Inventory, and Security Webinar

APIs have become one of cybercriminals’ favorite vectors for account takeover attacks. Credential stuffing, business logic abuse, and DDoS attacks are just some of the malicious automated bot attacks deployed to take over accounts and perpetrate identity theft and fraud. 

Readily available scripts and tools make orchestrating API attacks easier than ever, and legacy bot defense techniques struggle to detect these potentially devastating incursions. Thus, it’s no surprise that, according to recent Google Cloud research, 50% of organizations experienced an API security incident in the past 12 months.
 
With such a dire threat via APIs negatively impacting user data and the bottom line, F5 and Google Cloud are hosting a panel discussion to answer your pressing questions about API security and tactics. 

Join the conversation to hear F5’s Vice President, Security, Angel Grant’s answers to hard-hitting questions about account takeover attacks and API security. 

Join the webinar to see Angel on the API security hot seat and learn: 

-  What’s the current threat landscape targeting APIs 
-  How exploits in API business logic can lead to fraud 
-  Defense tactics against API injections 
-  How to mitigate potential brand and reputational damage 
-  Why legacy bot detection techniques have become ineffective 
-  How to best decern between good and bad traffic – both human and bot 

Learn more, register today

Thwart the Account Takeover Menace – Join the API Security Conversation

Attackers will repackage mobile apps, inject malware, hooking frameworks, and perform overlay attacks to cause security breaches, data leaks, and gain privileged access. Once a mobile app is controlled or hijacked, attackers can attack your server-side applications using automated attacks. They will also steal sensitive data that resides in your mobile apps, such as customer credentials, API keys, and intellectual property. You are on the hook for rigorous compliance standards for privacy (ex: GDPR, CCPA), payments (ex: EMVCo SBMP, PCI, & PSD2), and health records (HIPAA). 

Part of picking the right infrastructure is knowing you can extend secure experiences to mobile applications. With intellectual property and sensitive information flowing through these mobile apps, it’s important to understand the risk and what you can do to make this a safe channel for your business. 

You’ll also learn more about F5’s new mobile app security solution which can help you reduce security risk and meet compliance. Join the conversation and see how mobile application security can be a bigger part of your secure application vision.

Stop Bad Actors From Attacking Your Mobile Apps

While security and operations teams care deeply about their ability to deliver the best experience possible for their customers while enhancing operational efficiencies, there is plenty left for the board and the executive staff to consider when it comes to bots and automated attacks.

Join Joshua Haslett, Strategic Technology Partner Manager at Google Cloud, and Jim Downey, Cybersecurity Evangelist at F5, for an in-depth conversation to help crack the code on “bot economics” so you can learn how to:

• Calculate financial revenue and reputation costs
• Identify and control operational expenses
• Develop a cost/benefit analysis for bot mitigation
• Prepare for that much-needed business conversation with key stakeholders

F5 Distributed Cloud Bot Defense for Google Cloud enables frictionless security that complements performance, automation, and insight to deliver and scale the application experience. Join the conversation to determine the economic impact of bots on your business so you can demonstrate to the board that the top and bottom lines are safe from bot-generated compromise.

Bots to Board Room: The Often-Missed Economic Impact of Bots

Organizations are increasingly deploying workloads across multiple diverse environments and application architectures. This creates a critical need to protect organizations’ essential applications no matter what their deployment or architecture – and with flexibility and speed.

Join our webinar to learn how the F5 Web Application Firewall (WAF) portfolio, paired with DevSecOps principles, enables organizations to deploy and maintain industry-leading security without sacrificing the time to value their applications. Our 15-minute demo will show you how you can accomplish this with multiple WAF options that allow you to deploy a hybrid architecture.

In this webinar, you’ll learn how:

-  Edge architecture can coexist with shift left practices
-  A strong security model can provide flexibility
-  F5-supported APIs and tooling paired with DevSecOps practices make it all possible

Shift Left and Edge Security with DevSecOps and F5

Dealing with multiple applications in a micro-service architecture means you’re probably contending with a fragmented environment that’s nearly impossible to manage, secure, and operate efficiently.  
In this follow-up to webinar Multi-Cloud Networking Traffic Flow Challenges, we’ll show you what multiple traffic flows look like for a common enterprise and how to solve its traffic flow issues. We’ll also demonstrate the benefits of – and how to configure – proxy architectures for a multi-cloud environment.

Part 3 of 3: Implement a Multi-Cloud Strategy to Manage Traffic Flow

As you move your cloud strategy to a multi-cloud environment, you may be losing visibility into how your various containers, microservices, and technologies are performing. And possibly leaving your systems open to errors, breaches, and attacks. 

In this follow-up to webinar Adopting Container-as-a-Service for Hybrid Cloud Security, this demonstration will walk you through getting visibility into Kubernetes components, tapping into automatic discovery of Kubernetes workloads, and securing multi-cloud environments at scale.

Part 2 of 3: Solving Hybrid Cloud Security with Container-as-a-Service

More companies are pushing their applications further toward the customer for performance gains, but those gains come with a price – like latency, offload compute, high availability, and more. For any organization, moving applications to the edge is a journey. You can shape that journey by tapping into solutions that offer more reliability, less latency, real-time data analytics, and better performance.

Join us to learn the benefits – and challenges – of moving applications to the edge. We’ll also offer some real-life use cases of applications being hosted at the edge – including examples of remote securing and updating of ATMs and retail kiosks – and show you how F5 can help at each step in that journey.

In this webinar, you'll learn:
-  Solid strategies for moving apps to the edge
-  How to get a unified security policy across your network
-  How to seamlessly connect your applications

Deploying, Delivering, Operating and Securing Applications at the Edge

In this follow-up to webinar Securing the Modern Application Framework, our demonstration will show how F5 Distributed Cloud helps secure modern application deployment and walk you through critical security configurations from client to application.

Join the FS Distributed Cloud team in this three-part demo series that takes a deeper dive into topics from earlier webinars (linked below). These 30-minute demonstration-led sessions show you how to launch solutions to today's biggest multi-cloud networking challenges. You'll walk away with a clearer understanding of what it looks like to adopt solutions that solve your traffic flow issues, offer agile and flexible security, and enable more efficient operations.

Register today

Part 1 of 3: Deploy API-First Security Across Your Applications

The landscape across application delivery and security is rapidly shifting. These changes challenges organizations when trying to protect their applications and APIs, IP, and business from malicious attacks across an ever-expanding threat landscape. The solution? Finding a platform that bridges traditional and cloud architectures that also delivers agility, performance, and protection across all applications.

Join us as we explore the benefits of combining F5 BIG-IP Security solutions with F5 rSeries appliances to help you mitigate attacks, increase your security posture, and optimize app performance. We’ll dive into key security and access use cases, plus how to empower your applications to scale and perform at peak requirements on next-gen platforms, while protecting your sensitive data, applications, and APIs from malicious attacks.

In this webinar, you’ll learn:

-  Key app security use cases: API protection, WAF, SSL VPN and secure VDI access API
-  Enhancing security and performance with secure, stateful access policies
-  Offloading DNS security services to the edge
-  Migrating security to a modern, automatable, API first ADC platform
-  Protecting your Data with rSeries
-  Future-Proofing your Infrastructure with rSeries

Unlock the Power of F5 rSeries for App Protection

The Payment Card Industry (PCI) Security Standards Council released a revised version of its Data Security Standard, PCI DSS 4.0, which delineates the minimum-security requirements that merchants must meet when they store, process, and transmit cardholder data.

PCI DSS v3.2.1 will be retired on 31 March 2024 after which PCI DSS v4.0 will be the only active version. Many of new requirements in PCI DSS are best practices until 31 March 2025, after which they are required and must be fully considered as part of any PCI DSS v4.0 assessment.

Join members from the PCI Security Standards Council and F5 as they outline the new PCI DSS 4.0 e-commerce requirements, how to prepare, and steps you can take now to meet the new client-side requirements (6.4.3 and 11.6.1) to ensure the integrity of e-commerce web pages that handle payments.
Attend this webinar to learn:
-  How digital skimming and Magecart attacks are conducted and why they are successful
-  What new PCI DSS 4.0 client-side requirements (6.4.3 and 11.6.1) were added to address these challenges
-  Best practices and resources available for meeting those requirements
-  Timelines you should be aware of and the steps you can take now

Preparing for PCI DSS v4.0  Client-Side Protection Requirements

PCI DSS

PCI Standards

PCI Compliance

PCI Security

Data Security

Web Application Security

client side attacks

Cyber Attacks

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

The storage community on BrightTALK is made up of thousands of storage and IT professionals. Find relevant webinars and videos on storage architecture, cloud storage, storage virtualization and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Storage

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Preparing for PCI DSS v4.0 Client-Side Protection Requirements

Presented by

About this talk

More from this channel