ISSA Thought Leadership Series: Is Your Organization Ready for Automation?
Today’s security and IT teams are struggling to keep up. The digital landscape is constantly changing and between disparate, unintegrated systems and repetitive, manual processes, security teams are having a difficult time getting ahead. There are too many alerts, not enough time to investigate them all, and staff are on the verge of burnout.
Security orchestration and automation (SOAR) tools introduce ways for security teams to streamline and improve their everyday processes. But, is your organization ready for automation?
Join a panel of experts for an engaging discussion where you’ll learn:
Key considerations that should be in place before implementing automation
When is the right time to add automation (and when it isn’t)
Which common security tasks are ideal to automate
How to prepare your organization for SOAR
Mikhael Felker, Director of Information Security & Risk Management, Farmers Insurance
Scott King, Senior Director, Advisory Services, Rapid7
Michael Wylie, Director of Cybersecurity Services, Richey May Technology Solutions
Jason Winder, Managing Director, Aerstone Labs
RecordedJan 9 201958 mins
Your place is confirmed, we'll send you email reminders
Vivek Ganti, Product Marketing Manager at Cloudflare
DDoS attacks have dominated the charts in terms of frequency, sophistication, and geo-distribution over the last year. Ransom DDoS attacks are also surging, crippling organizations' network infrastructure and taking them offline while demanding ransom in bitcoin. Unlike ransomware attacks, these ransom DDoS attacks do not even require the hacker to access an organization’s internal systems before they can be carried out.
There are no signs of DDoS attacks going away anytime soon. How do organizations ensure that their Internet assets are protected against threats of any size or kind?
In this webinar, you’ll learn about:
* Key Q2 2021 DDoS attack trends
* Ransom DDoS threats — and what you can do if you are affected
* Steps organizations can take to make the impact of DDoS attacks a thing of the past
Carl Mosby III and Shehzad Shahbuddin with Shape Security
In financial services, keeping gross fraud loss in check is critical to the brand and the bottom line. Unfortunately, financial services institutions are lucrative targets for organized crime rings and the tools that enable cybercriminals are becoming more sophisticated and less expensive. You need the latest intelligence if you want to protect your organization.
Join this session to learn:
• New threats from organized crime rings related to the credential marketplace landscape.
• Insights and evidence around how criminal organizations are increasingly reverting to manual (i.e., human-driven) fraud methods, and how to stop them.
• The latest machine learning algorithms trained by attack profile, risk surface, and historical fraud records that specifically protect banks, credit unions, and other financial institutions.
From “Hype” to “Critical” Why Breach and Attack Has Become a Foundational Security Tool
Join us as we discuss why Breach and Attack Simulation (BAS) has quickly ascended into the limelight in 2021. With both Gartner and IDC’s recent publications pointing to BAS as a critical tool to enable a successful security strategy, we’ll discuss how this technology is helping security teams drive business impact and reduce overall risk by validating security controls, identifying and prioritizing threats by risk to the business, and operationalizing threat intelligence efforts.
Enterprises were already well on their way to digital and network transformation when the pandemic hit in 2020. COVID accelerated the cloud journey and transformation, demonstrating where legacy approaches fell short. Making sense of SASE, its components, and the network delivering these services has companies scrambling as they attempt to enable a modern workforce that's in the office, at home, and around the world. Join Netskope as we discuss the building blocks of SASE and how you can safely enable your organization's transformation and ensure the effectiveness and productivity of your modern workforce.
Doug McKillip, Solutions Architect, A10 Networks and Babur Nawaz Khan, Product Marketing, A10 Networks
2020 was an eventful year for cybersecurity, with an unprecedented rise in cyberattacks. Many organizations were caught off guard as the pandemic accelerated and dictated the need for remote work and education. However, the accelerated move to everything cloud has left many wondering about the future, whether their on-premises investments have been rendered obsolete or if the “new normal” would only rely on cloud-only solutions.
The pandemic has also highlighted the need for fool-proof Zero Trust implementations to enhance the security of networks against modern cyberattacks, whether they are initiated from the outside or within. However, with most internet traffic encrypted, it is becoming increasingly difficult to effectively implement a Zero Trust approach.
In this webinar, we will discuss:
* What the “new normal” of cybersecurity might look like in a post-pandemic world
* What role will Zero Trust play in the future of cybersecurity
* Why effective decryption is essential for a fool-proof Zero Trust implementation
Candy Alexander, ISSA International President and Jon Oltsik, Senior Principal Analyst and ESG Fellow
ISSA/ESG’s annual research study “The Life and Times of the Cyber Security Professional “is full of valuable information, but only if you know how to use it. We will review pain-points identified by cybersecurity professionals and offer suggestions to use the data to educate the business, build a value proposition and justification for budgeting, training, and professional development time.
Noah Simon, Director of Product Marketing at Axonius and Jake Munroe, Product Marketing Manager at Axonius
Cybersecurity Asset Management Trends 2021: The pandemic’s impact on cybersecurity and priorities for the future
Last year’s overnight shift to remote work drove rapid changes in security and IT priorities — resulting in more challenges than ever before.
Now, as teams prepare for a post-pandemic “new normal”, IT and security teams are facing fresh obstacles.
Axonius partnered with Enterprise Strategy Group (ESG) for a global survey of IT and cybersecurity professionals to explore how the pandemic impacted IT complexity, and what security initiatives teams are prioritizing post-pandemic.
Register now for Cybersecurity Asset Management Trends 2021: The pandemic’s impact on cybersecurity and priorities for the future on June 16 at 1:00 p.m. E.T. Noah Simon and Jake Munroe of Axonius will dive into the survey’s findings to share key insights and takeaways from security leaders and practitioners worldwide, including:
72% of respondents report increased complexity over the past two years.
55% cite increased remote workers as the top cause of complexity (compared to only 22% last year)
87% say the pandemic has accelerated cloud infrastructure adoption
82% plan to increase investment in asset inventory
Privacy finally earned its legitimate place in the world of the technology despite years of being dismissed as the domain of the paranoid or the guilty. But strong privacy often requires what some consider its nefarious sibling, anonymity. Is collecting so much identifying data about users really critical to security? This presentation will approach how strong privacy enhancing technologies should also be appreciating the necessity of anonymity, or at least pseudonymity, in their design.
MFA is critical to reducing risk in the enterprise. But not all MFA factors are equally effective. Join us as we discuss how attackers are taking advantage of weaknesses in the most popular MFA factor. We will review a strong authentication factor based on the FIDO2 standards, which presents its own challenges in balancing security against cost and productivity. Finally, we will introduce a modern authentication factor and service tailored to your business model and needs that delivers a secure, cost effective and low friction solution.
What you will learn:
• Why the most popular MFA factor should worry a security professional
• The advantages of a strong authentication factor based on FIDO2
• The Risk Management challenge: security vs cost & productivity
• How to solve the Risk Management challenge with a modern authentication factor
Midsize and large organizations are moving rapidly to multi cloud, with 75% adopting a multi and/or hybrid cloud strategy by this year [Gartner].
With a whopping 75% of cloud security expected to result from inadequate management of identities, access, and privileges by 2023 [Gartner], how do you protect your multi cloud infrastructure -- and organization -- from inappropriate access and privileges risk? The challenge is compounded by different approaches to managing permissions and privileges from one public cloud to the next.
Join Ermetic’s Or Priel, VP Product Management, for insight into how AWS and Azure handle identities, permissions and resources and how to manage identities and privileges risk in both environments. We will cover:
- Azure’s RBAC vs AWS’s IAM roles and policies
- Strategies for enforcing least privilege
- Governing access and protecting sensitive resources
- Using automation and analytics to mitigate risks across clouds
Secure multi-party computation is a cryptographic technology for running a computation on the confidential inputs of two or more parties so that nobody learns the inputs of others. To simplify, it is a kind of a distributed computer that can process data without seeing it. This has applications in protecting sensitive data such as cryptographic keys, personal data or business secrets. The benefit of the technology is greatest when multiple organisation wish to collaborate, but find themselves unable to share the data.
MPC Alliance (https://www.mpcalliance.org) is an industry union of companies building key management solutions, virtual HSMs, privacy-preserving statistics, ML and AI systems for finance, healthcare and public sector. In the talk, we'll talk of the technology, its applications in security and privacy, with example use cases.
The Cybersecurity Maturity Model Certification (CMMC) is a new DoD requirement for implementing cybersecurity risk management across the many supply chain companies that make up the defense industrial base (DIB). Eligibility for future DoD contract awards will require the CMMC certification. Supply chain company chief legal officers, compliance officers, and senior leadership are responsible for understanding and enforcing the new DoD security regulatory requirements and compliance standards within their respective organizations and ensuring these current and future business risks are mitigated to improve cybersecurity in the DoD supply chain.
Small, medium, and even some large defense contractors, suppliers, universities, and research labs, which make up most of the DIB supply chain, are among the nation’s most vulnerable and face the highest risk of data exfiltration. Many organizations have not made the required information protection investments, do not have the necessary cybersecurity skills or maturity, and do not perceive themselves as likely targets. The old honor system relying on self-accreditation for supply chain risk management simply wasn’t working. In this interactive session and demonstration, you can meet the industry experts and ask questions to help you get started preparing for CMMC certifications.
* Special Offer:
For each person who registers AND attends the webinar, they will receive a FREE itSM Solutions NCSP Awareness Training Voucher worth $99
Security can be somewhat of a mystery at a lot of organizations. Most companies choose to be tight-lipped about the security measures they have implemented. Rightfully so, there is an underlying fear that publicizing your security efforts could make you more vulnerable to security attacks and damage your reputation with your customers. However, there is another way. Transparency can be your ally in security.
In this webinar, we will be talking about how transparency practices can lead to improved security. With transparency being one of our core values at GitLab, we will talk about the processes we have implemented to maintain our security stance while operating with the highest possible public transparency and how you can apply them to your enterprise to achieve increased security and transparency.
Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience.
In this podcast, Dr. Cole will provide a playbook for approaching organizational security from this perspective. You’ll learn how a proper foundation for security is key, followed by proactive threat hunting and active defense. You’ll also get a prioritized checklist of actions that you can take right away to reduce the risk of an attack and mitigate one in progress..
The constant barrage of security threats is not going to let up, and if you wait to respond, it will already be too late.
Martha V. Daniel. Founder, President and CEO Information Management Resources
Managing Cyber threats requires complete visibility to effectively make intelligent decisions about cyber threats. Cybersecurity compliance requirements are forcing Corporate Risk Managers to become more engaged with determining corporate cyber posture. With the most recent rollout of the mandatory Cybersecurity Maturity Model Certification (CMMC) for all Department of Defense (DOD) suppliers, it won’t be long before the commercial marketplace adopts a similar requirement. Increasing cyberattacks, lack of cybersecurity professionals, and mandatory cyber certifications are coming soon. These new regulatory requirements will force adoption of the NIST, ISO and GDPR frameworks. With more MSSPs and SOCs surfacing around the nations, CISOs will be re-evaluating inhouse vs outsourcing of cyber security services. Join in the discussion to learn more about these new compliance regulations and trends.
Larry Ponemon, Ponemon Institute and Itir Clarke, Proofpoint
With the increased use of SaaS applications, cloud account takeover and Shadow IT present an increasing security risk to organizations. As the network perimeter is replaced by a user-defined security perimeter, it becomes critical to evaluate access controls, threat detection and data security in the cloud. So how can you better protect your company?
Join us for this special webinar with experts from Proofpoint and Ponemon Institute. They will discuss the findings of the newly conducted research among IT and security professionals to determine the risk and cost of cloud account takeovers and Shadow IT.
In this session, we’ll cover:
• The state of cloud usage in organizations
• Security risks and practices to secure the cloud
• Cloud compromises and the end user risk
• The cost of compromised cloud accounts
Sameer Kamani. Senior DevOps Solutions Architect, Public Sector
Federal agencies are improving their cybersecurity posture to some degree, particularly as they develop better basic cyber hygiene and modernize their legacy systems. At the same time, hackers are getting better at finding new ways to attack and access federal IT. Yet certain pain points remain, particularly around managing compliance and achieving Authority to Operate (ATO) while implementing the Risk Management Framework (RMF) principles.
This session will discuss current challenges faced in dealing with emerging threats, securing a more remote workforce and sharing strategies for staying ahead of adversaries.
• Building efficiencies in your existing Risk Management Framework
• Automating the implementation of security control to achieve a continuous Authority to Operate process
• Hearing how your peers are implementing new ways to expedite compliance and audit lifecycles
Taking Responsibility for Someone Else's Code: Studying the Privacy Behaviors of Mobile Apps at Scale
Modern software development has embraced the concept of "code reuse," which is the practice of relying on third-party code to avoid "reinventing the wheel" (and rightly so). While this practice saves developers time and effort, it also creates liabilities: the resulting app may behave in ways that the app developer does not anticipate. This can cause very serious issues for privacy compliance: while an app developer did not write all of the code in their app, they are nonetheless responsible for it. In this talk, I will present research that my group has conducted to automatically examine the privacy behaviors of mobile apps vis-à-vis their compliance with privacy regulations. Using analysis tools that we developed and commercialized (as AppCensus, Inc.), we have performed dynamic analysis on hundreds of thousands of the most popular Android apps to examine what data they access, with whom they share it, and how these practices comport with various privacy regulations, app privacy policies, and platform policies. We find that while potential violations abound, many of the issues appear to be due to the (mis)use of third-party SDKs. I will provide an account of the most common types of violations that we observe and how app developers can better identify these issues prior to releasing their apps.
If the past year has taught us anything, it's that what we put on paper doesn't always pan out. Cybersecurity professionals know that a security strategy can quickly turn into projects with many twists, turns, roadblocks and surprises. We’ve invited two seasoned CISOs to get their take on how to navigate the challenges of making things happen in the day-to-day of this fast-paced industry, and how to build in flexibility for the unknown surprises along the way. Expect answers to questions like:
- Can you plan an effective security strategy for the unknown?
- What parts of planning do you have to get right to reduce issues during execution?
- What tips have served you well in your career to stay on top of disruptions?
- How do you keep your team motivated when blockers just keep coming?