Name: Why your penetration tests in 2018 were a let down and best practices for 2019
Start: 2018-12-05T10:00:00Z
End: 2018-12-05T10:00:52.000Z
Location: BrightTALK
Rating: 4

Synack is a security company revolutionizing how enterprises view cybersecurity: through a hacker’s eyes. Synack’s private, managed hacker-powered security solution arms clients with hundreds of the world's most skilled, highly vetted ethical hackers who provide a truly adversarial perspective to clients’ IT environments.

How Continuous Security Testing Better Supports Rapid Software Development and Increasingly Agile Systems

Penetration testing is the traditional method used for uncovering exploitable vulnerabilities but falls progressively short in protecting the business due to its inability to emulate adversarial hacker behavior and today’s sophisticated cyber-attacks. Furthermore, periodic pen tests typically need to be scheduled at least several months in advance and thereby do not align with the short term urgency and nature of the continuous deployment required by DevOps SDLC. Hence, applications and updates go live without being thoroughly tested, resulting in the risk that at any moment in time serious vulnerabilities may be introduced into live systems and are not detected in a timely manner.

Join speakers Mohamed Abotaleb and Ron Peeters and learn about:

     - The security issues and challenges of a rapid software development and deployment environment with agile systems

     - A new continuous security testing model that better supports DevOps SDLC and Cloud environment 

     - How this testing model combines automation technology with continuous or on-demand manual security testing 

     - A recent case study from Telefonica that demonstrates the benefits and capabilities of such continuous testing security model

How Continuous Security Testing Better Supports Rapid Software Development

Join Synack on a journey as we provide an overview of different crowdsourced security testing models such as Crowdsourced Penetration Testing, Bug Bounty, and Vulnerability Disclosure Policies. We will cover insights discussed in our recently published white paper, Crowdsourced Security White Paper: Adoption and Market Trends in the U.S. Government, and highlight the key differentiators in crowdsourced security models including vetting, technology, practical applications, and pricing. Come away with an understanding of what model(s) are right for your agency!

Understanding Crowdsourced Security Models for Government

The Synack Red Team (SRT) gives the most talented security researchers across the globe a platform to do what they love and get paid for it. A private network of highly-curated and vetted security researchers, the SRT is challenged every day to deliver exploitation discovery and management for some of the biggest brands in the world. On the Synack platform, researchers have access to the industry’s first ever hacker toolkit built at enterprise scale, to make them more efficient and effective at uncovering critical vulnerabilities that matter.

These ethical hackers are increasingly being recognised as an important way for businesses to unearth security weaknesses before they can be exploited by online criminals. 

In this Webinar, Synack Red Team member, Callum Carney joins Synack’s Justin Shaw Gray for an open conversation on what a day in the life of an ethical hacker is all about. He’ll discuss:

     - How he started his ethical hacker journey
     - Why he chose Synack 
     - How it’s changed in the 2 years he’s been working with us
     - What information is critical to successful testing
     - Why you should be using ethical hackers
     - Processes used when a new target comes online. 
     - And much much more


Callum started his ethical hacking journey by supporting organisations such as Google, Spotify and Local UK Businesses to secure their systems. In January 2017, after noticing all of the great comments regarding the Synack platform (fast payouts, fast response times, etc), he applied for the Synack Red Team and was accepted. During his time with Synack he has worked to secure a multitude of systems including government and Fortune 500 enterprise systems. In addition to his work with Synack Callum is studying for an Undergraduate Masters Degree in Computer Science and working as a Software Tester/Developer for the UKs largest supplier of Functional Skills and GCSE assessments.

Day in the Life of an Ethical Hacker: A Discussion w/ Callum Carney, SRT Member

Partnerships are strategic differentiators that are critical for both startups and enterprise organizations. Navigating a partnership can be a complicated process , trying to integrate and combine two different cultures, processes, and cadence. Security is a critical piece of a successful partnership and should be part of your product development roadmap. 

In this panel discussion, leaders from large established financial service organizations and fintech startups discuss:
-How to utilize strategic frameworks during your product development process
-Why partnerships can be beneficial for both startups and enterprise companies and what outcomes you can expect from a strategic partnership
-What the best practices are to ensure a partnership is set up for success
-How you can ensure the security of your products through a partnership
-What role compliance plays in partnerships

Presenters:
Meg Bear, SVP, Product & Engineering, Juvo (Moderator)
Susan French, Head of Product, BBVA Open Platform
Aisling MacRunnels, CMO & Founding Member, Synack
Liz O’Donnell, Co Founder & COO, Wisetack

How to Partner to Build More Secure Products: Partnering on Product Development

Great Security Teams have certain best practices in common.  And practices to avoid.  Some of these are technical best practices; some are organizational.  Each one helps the journey from reactive to proactive security as organizations and security needs scale. 

Join Synack's Nick Harrahill as he shares his experience working with hundreds of security teams on what the best security teams do...and do not.

Scaling Success: 9 Things Great Security Teams Do (and 5 They Don't)

Security Testing focuses on closing vulnerabilities that are found via scanning, penetration testing, responsible disclosure or other means. But what's the full life of that vulnerability? Vulnerabilities are born, live, get found (if you're lucky), and at some point, end.  

In this session, we'll dig deeper into the lifecycle of a security vulnerability, to get better insights into how to avoid them, how to find them, and how to get rid of each one once and for all.

Ramping Remediation: Journey of a Crowdsourced Vulnerability

Augmented Intelligence: How Technology Augments Hackers to Hunt for Vulnerabilities Efficiently

AI and ML will never replace humans in security... but using it in the right way can augment the way humans hunt for vulnerabilites. Crowdsourced security testing is now being taken to another level with augmented intelligence. 

Learn from Synack's Directors of Engineering on how they are building technology to make security testing much more efficient and how their optimized approach of algorithmic scanning and human testing allows security teams to gain a more robust security posture. 

Sasha Krassiev, Sr. Director, Engineering, Synack
Phil Whitby, Director, Engineering, Synack
Kaitna Shankar, Product Marketing Manager, Synack

How Technology Augments Hackers to Hunt for Vulnerabilities Efficiently

Whether you are a security, IT, or audit executive, compliance can be difficult to scale with growing assets, IPs, and attack surfaces. Increaasingly, compliance and security testing are being integrated into the Software Development Life Cycle (SDLC) to help avoid last minute panic during deployment. 

Synack conducted a survey of 311 organizations to better understand how they make their compliance and security testing programs more efficient and effective. 

Some of the question we answer include:
- Who should oversee compliance and security testing?
- Which compliance and best practice standards are top of mind?
- Which methods should be employed to perform security testing for compliance purposes?
- How many hours are performed on average per a test?

We hope you come away with a stronger vision for integrating your security testing, compliance and SDLC.

Best Practices for Compliance and Security Testing at Scale

Managing the ever-expanding threat landscape, especially given how busy security teams already are, is becoming increasingly difficult. Security teams need integrated technology and tools to help them work smarter, not harder, when it comes to security.
Nathan Jones, Director, Operations-Customer Success has deployed hundreds of security tests for customers across all industries. Nathan has analyzed and broken down best practices he has seen the most secure companies utilize to get the most value from their security testing.
During this webinar you will learn:
-Best practices for starting a crowdsourced security test
-What to expect from a crowdsourced security test in your day to day
-Integrating crowdsourced security data into your workflow

Keeping Pace with Process: Best Practices for Managing Security at Scale

In today's rapidly evolving threat landscape and hyper-connected infrastructure, security testing must keep up. To scale a security test, you need a crowd, but to maintain control over your enterprise-wide testing, you need technology and processes.

 In this webinar we will discuss:

- How to manage and prioritize risk within your portfolio, how to prioritize across your apps and scale your security testing while mitigating risk
- What technical controls you should look for in every security test
- How to leverage your security testing to minimize security risk

Scaling Down Risk: Managing Your Security Portfolio

With more than 3,000 security vendors operating today, choosing the right vendor for your organization can be time-consuming, and differentiating amongst the thousands of vendors can feel impossible. 

During this webinar, we will break down how to select security testing vendors and find efficiencies among them, including: 
- The different types of security testing, their capabilities, and their pros and cons 
- The questions to ask in your RFPs
- How to measure performance

Built to Scale: How to Select Security Vendors That Will Scale With You

To scale security, you need a crowd. But to scale a crowd, you need technology. Sit down with Synack's CMO Aisling MacRunnels and Domino's Information Security Manager Ron Ulko as they discuss how security testing is being taken to another level using a crowdsourcd, AI-enabled approach. 

In this session, we'll hear how enterprise is modernizing their security practices and optimizing the use of humans and augmented intelligence to achieve more efficient, smart security testing at scale.

How to Scale Security: Augmenting Security the Smart Way

NIST 800-53 security controls are a best practice enterprises and government agencies use to secure their assets. This webinar is intended for security executives and auditors, who are considering proven methods for meeting compliance objectives for frameworks like FISMA, 27001, GDPR, and HIPAA. This webinar describes specific compliance frameworks relevant for NIST 800-53, the process of using Crowdsourced Penetration Testing and NIST 800-53 security controls to achieve your compliance goals, and how Synack’s solution for NIST 800-53 compares to traditional penetration testing and bug bounty.

Use a Crowdsourced Penetration Test to Achieve Real Security and NIST 800-53

Fines for GDPR breaches are here and the impact is huge. But these are just fines and not the actual cost of the breach.  Personal data, company reputation, financial loss, all are at risk. Yet the problem is not being fully addressed. According to the 2019 Digital Business Report by UK software and services firm Advanced, “Despite the European Union’s General Data Protection Regulation (GDPR), only one third (34%) of respondents said regulatory change was triggering the purchase of new technology in their organization”. Less than 1/4 of UK firms priorities security when investing in new technology, despite the threat of cyber attacks and data protection regulations, surveys reveal. The big question now is… Will it happen to your company? 

In this webinar we will discuss

     - How likely your organization is to be affected by PII data leakage.
     - Synack’s innovative solution combining the best of artificial intelligence and crowdsourced human intelligence
     - How Synack can help protect you.

GDPR: How to Avoid Being the Next Headline

Part II: A Day in the Life of an Ethical Hacker: A Discussion and Demo with Callum Carney, Synack Red Team Member

Join us for part II of this compelling webcast series. This time around Callum will share his screen and walk you through the SRT portal and process he follows when responding to vulns. He'll answer more questions and will show you what it's like to be a member of the Synack Red Team.

You'll hear about:
     - SRT tools including the XSS Hunter

     - What constitutes a vulnerability and the decisions that SRT members must make when faced with deciding what vulnerabilities are worth reporting
     
     - How detailed an SRT member's report typically has to be in order to be accepted during the 24hr reporting timeframe

We hope you can join!

Part II: A Day in the Life of an Ethical Hacker, with Callum Carney, SRT Member

We asked CISOs from the Global 2000, government agencies, and high-growth companies about their 2019 priorities. Across the board, they answered: effective, efficient security that is grounded in trust. 

In this new webinar Cyber Security News’ Ravi Das dives deep into the 2019 Trust Report findings with Synack’s Director of Product Marketing, Anne-Marie (Punky) Witt. In this webinar, Ravi and Punky discuss the key findings from the report, including:
- The 2019 list of most secure and trusted industries
- Average security performance over time (and the impact on trust scores)
- The ROI of a continuous, integrated approach to security
- Trends in severity of vulnerability findings and remediation
- The 5 things that successful organizations are doing to build security and trust

Five ways the G2000 is Building Security and Trust

You know that standard penetration tests delivered by the BIG 5  misses the mark when it comes to protecting  the new needs of the cyber-secure, agile, data-driven organisation. You probably run them once or thrice a year to tick a compliance box or because your superiors have told you to do so. Why settle for the old way of doing a penetration test  performed by a couple of junior testers only to wait weeks for the reports and be disappointed with the results? Join the Synack EMEA team for an upcoming webinar where  we will share how crowdsourced security testing is modernizing the pen test for agile, data-driven organisations who need, more than ever, to be secure. We will cover:

What's wrong with traditional penetration tests
Why smarter, innovative organizations adopt a continuous, crowdsourced approach to security testing
How the use of AI, bug bounty and smart technology transforms testing results
When you can started your own crowdsourced security testing

Why your penetration tests in 2018 were a let down and best practices for 2019

Penetration Testing

synack

rapid7

hackerone

bugcrowd

pentesting

Security Testing

whitehat security

bug bounty

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Why your penetration tests in 2018 were a let down and best practices for 2019

Presented by

About this talk

More from this channel