Name: The Application Attack Threat Landscape - After Log4J
Start: 2022-05-17T17:00:00Z
End: 2022-05-17T17:00:52.000Z
Location: BrightTALK
Rating: 4.7

Akamai is the cybersecurity and cloud computing company that powers and protects business online. Our market-leading security solutions, superior threat intelligence, and global operations team provide defense in depth to safeguard enterprise data and applications everywhere. Akamai’s full-stack cloud computing solutions deliver performance and affordability on the world’s most distributed platform. Global enterprises trust Akamai to provide the industry-leading reliability, scale, and expertise they need to grow their business with confidence. Learn more at akamai.com and akamai.com/blog, or follow Akamai Technologies on X and LinkedIn.

LLMs are becoming high-value attack surfaces — vulnerable to prompt injection, data exfiltration, AI-specific DoS, and output manipulation. Traditional security stacks have to evolve to see, understand, or stop these threats.

In this episode, we’ll take you under the hood of Akamai’s Firewall for AI — a purpose-built solution designed to protect generative AI and LLM applications from real-time exploitation. We’ll walk through the system’s architecture, policy models, and detection capabilities — and showcase a live demo of how it stops AI-layer threats otherwise missed.

You’ll learn:
- How Firewall for AI enforces security policies against prompt injection, jailbreaks, and abuse
- How configurable context-aware detections protect AI APIs and chat interfaces
- How organizations can monitor, control, and secure LLMs without disrupting performance or innovation

Whether you're deploying third-party models, fine-tuned internal copilots, or exposing AI via APIs — this session shows how to make AI defenses operational, scalable, and resilient by design.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

Firewall for AI: The Next Gen-AI Protection is Here

Cyber insurance premiums continue to rise, and insurers are increasingly refusing coverage to organizations with weak security postures. In this session, we will explore how Microsegmentation directly influences security readiness, premium costs, and coverage eligibility.

Join this engaging session to delve into:
- Methods of security evaluation by cyber insurers
- The impact of security readiness on insurance premiums and coverage eligibility
- Case study insights on the successful maintenance of insurance terms post a cyber-attack
- Strategies that turned network vulnerabilities into opportunities

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

Lower Premiums, Stronger Security: Microsegmentation for Cyber Insurance

As AI continues to accelerate software development, new risks are emerging faster than most security teams can respond. Developers are building faster with AI-generated code, giving rise to “Shadow AI”: unsanctioned tools, agents, and automations that operate beyond the reach of visibility and governance. Every one of these AI workflows depends on APIs, and every hidden API represents potential exposure.

In this next session of Akamai’s “APIs in the Age of AI” series, experts from Akamai and Snyk unpack how to bring security back into focus. You’ll learn how AI is changing the way applications are built, why visibility into API schemas is the foundation of control, and how organizations can close the gap between AI-driven development and traditional AppSec.

What you’ll learn:

•How “Shadow AI” emerges across enterprises—and why APIs are at the center of it
•The risks of AI-generated code and agent-to-agent communication
•How visibility and schema discovery can eliminate blind spots in your API landscape
•Practical steps to integrate continuous API testing and runtime protection
•How Akamai and Snyk’s joint approach helps secure both the APIs and the AI systems they power
 
Join us to explore how to go from Shadow AI to Secure APIs—and how to safely accelerate innovation in an AI-powered world.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

APIs in the Age of AI: From Shadow AI to Secure APIs

In this final If APIs Could Talk session of 2025, we’ll review the most impactful updates to Akamai API Security that improved visibility, control, and usability across the platform. We’ll revisit how APIs from Code expanded discovery into source repositories, the Compliance Dashboard simplified framework alignment, and Automatic Testing for APIs enhanced validation of authentication issues directly from the inventory. We’ll also discuss how GenAI and LLM endpoint tagging helps teams monitor emerging AI-related APIs, and highlight key UI improvements that make investigation and data analysis more efficient. This session is designed for practitioners who want a clear understanding of what has changed, why it matters, and how to maximize the benefits of these capabilities in their day-to-day operations.

Ep. 22 - 2025 Recap: Features That Delivered Real-World Impact

Watch this video to learn how AI factories combine data, compute, and automation to continuously build, deploy, and evolve AI systems capable of delivering real-time intelligence at scale.

AI Factories

Cybercriminals are firmly on the naughty list this holiday season. From phishing emails to scams that exploit festive goodwill, social engineering remains one of the most effective tools in an attacker’s playbook.

In this on-demand episode of The SIG Download, Tricia Howard and Steve Winterfeld explore social engineering for both good and evil, counting down the “12 Threats of Christmas” and unpacking how these tactics are being used in real-world attacks.

In this session, you’ll learn:
- How social engineering drives modern attacks—and how it can also be used ethically
- Examples of real-world holiday-season scams and exploits
- Practical steps to help protect your organisation into the new year

Watch this festive and thought-provoking episode on demand.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in the 'Question' or 'Rate this' section.

SIG Download: Episode 25 – The 12 Threats of Christmas – Social Engineering for Good and Evil

Generative AI spending is projected to surge nearly 75% in 2025, as enterprises race to stay competitive while pursuing low-risk adoption strategies. This on-demand session explores key findings from The State of Enterprise AI study, revealing how organizations are approaching AI to drive value securely and at scale.

The research shows that leading enterprises are prioritizing proven use cases to quickly build AI fluency, deliver measurable ROI, and minimize security and operational risks. This strategic approach enables safe experimentation and lays the groundwork for future innovation.

Key Takeaways:
- How to balance AI innovation with built-in risk mitigation.
- Which AI use cases are delivering fast, measurable value today.
- Why infrastructure is critical for secure, scalable AI adoption.

Watch now to gain strategic insights and actionable guidance for your organization’s AI journey.

Forrester Insights: The State of Enterprise AI Adoption and Risk Management

Smarter, faster-moving cyberthreats, tighter regulations, and rising insurer demands have put network segmentation strategy back in the spotlight, but many enterprises are struggling to keep pace. Enterprise segmentation adoption is high, at a basic level. However, maturity, in the form of microsegmentation, remains low. Why the disconnect?

Independent research commissioned by Akamai reveals a clear gap between segmentation intent and execution, a gap leaving many enterprises exposed. Many enterprises still rely on legacy north–south segmentation approaches, making them vulnerable to growing cyberattacks, including those using generative and agentic artificial intelligence (AI).

Join us as we deep dive the data, and learn how early adopters, particularly large organizations with mature security operations, are already realizing multiple advantages:
- Lower insurance premiums
- Faster claims processing
- Stronger audit readiness
- Better ransomware outcomes

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

Segmentation Impact Study 2025: Why Microsegmentation Matters Now

AI is redefining both innovation and attack surface. The rise of Agentic AI systems and autonomous AI bots has unleashed a new wave of threats — from intelligent scraping and adaptive fraud to Offensive AI models like FraudGPTand GhostGPT that automate reconnaissance and exploit generation.

This session explores the complex duality of AI as both attacker and target, examining the OWASP Top 10 for LLM Applications and highlighting a commerce-sector case study. Join Ryan Gao who uncovers how threat actors are exploiting vulnerabilities such as prompt injection, data poisoning, and model denial-of-service — and how organizations can enhance visibility, safeguard AI-driven traffic, and implement stronger controls to protect their AI environments.

Key Takeaways:
- Uncover AI’s dual risk — attacker and target.
- Understand the mechanics of Offensive and Agentic AI threats.
- See how AI-based bots operate in a real commerce case study.
- Explore the OWASP Top 10 for LLM vulnerabilities.
- Gain practical strategies to strengthen AI resilience.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

The Dual Nature of AI: Understanding AI as Both Target and Threat

DDoS attacks remain a persistent threat to network responsiveness and profitability. But they not only represent risk, they’re also an untapped opportunity.

Join Akamai and Corero Network Security for a 30-minute, informative conversation exploring DDoS challenges, and how they can become growth opportunities. 

You’ll discover:
-Four hidden challenges driving DDoS-related costs in service provider networks
-Why sub-second mitigation, in-network visibility, and distributed protection are essential
-How to create tiered DDoS protection offerings that your customers will pay for

This discussion will give you a framework to turn those DDoS disruption pain points into business advantages.

Turning Today's DDoS Challenges into Opportunities

Join Tricia Howard and Ryan Barnett for Episode 24 of The SIG Download. Ryan shares findings from his recent Black Hat research on how attackers exploit Unicode and encoding quirks to conceal malicious activity. They also break down the most significant attacks observed over the past 30 days and offer practical guidance on how to defend against them.

In this on-demand session, you’ll learn:
- How seemingly normal text can be weaponized
- The impact of Unicode confusables, casing, and truncation
- Recent real-world attacks and actionable mitigation strategies

Watch now to get the insights you need to strengthen your defenses.

Earn CPE Credits
Akamai is an approved ISC2 CPE Submitter Partner. Watch the webinar and provide your ISC2 Member ID in the Question or Rate This section to receive credit.

SIG Download: Episode 24 - Lost in Translation: When Benign Text Turns Malicious

Our latest research reveals how AI-driven bots are reshaping the digital landscape — from content scraping that undermines publishers to commerce surges exceeding 25 billion bot requests in just two months.

Watch this on-demand webinar to explore which regions and industries are seeing the sharpest rise in AI bot traffic, and learn how understanding bot identity and intent can help you distinguish between helpful and harmful automation.

In this session, you’ll learn:
• Why bot identity and intent are critical
• Where AI training bots introduce new challenges
• How OWASP guidance can strengthen fraud defenses while preserving good bot traffic

Speakers:
Moderator: Tricia Howard, Security Intelligence Group, Akamai
Presenters:
• David Sénécal, Director of Engineering – Fraud and Abuse, Akamai
• Tom Emmons, Principal Product Architect, Akamai

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching this webinar and providing your ISC2 Member ID number in the “Question” or “Rate this” section.

Watch the webinar on demand now and gain insights to help protect your business from the next wave of AI-driven threats.

SOTI Fraud and Abuse Report 2025: Navigating the AI bot surge

Cyberattacks are growing more sophisticated, leaving no industry untouched. As organizations expand digital operations and interconnect systems, the attack surface widens — particularly in high-target sectors like retail. One of the most dangerous tactics used by attackers is lateral movement, allowing them to silently escalate access and compromise critical assets.

When you're under attack, every second counts — and Akamai can help, whether you're a customer or not. From the moment a threat is detected, Akamai provides immediate support to contain and neutralize attacks in progress.

Organizations around the world rely on Akamai Guardicore to stop lateral movement through real-time microsegmentation, minimizing breach impact and securing high-value systems. And with Akamai Hunt’s proactive threat-hunting services, backed by behavioral analysis, anomaly detection, and IOC identification, even stealthy threats can be uncovered and addressed before they cause serious harm.

No matter your size, industry, or existing setup — if you're under attack, Akamai is ready to help.

Join us to learn how to:
- Contain ransomware with microsegmentation that stops lateral movement.
- Detect early-stage attacks using behavioral analysis and IOCs.
- Uncover stealthy threats through proactive threat hunting with Akamai Hunt.
- Implement Zero Trust controls across hybrid and cloud environments.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

Isolating Ransomware Attacks to Block Lateral Movement and Protect Critical Assets

Join host Tricia Howard (appearing as a zombie bot!) and legendary security expert Graham Cluley for a Halloween-themed dive into real-world cybersecurity scares. From insider schemes to AI-driven mischief, discover how human error, greed, and deception continue to haunt even the most secure systems.

In this episode, you’ll learn:
- How insider threats can manipulate systems for financial gain, including ransom diversions and fraud.
- The rise of AI-driven attacks and blackmail scenarios targeting organisations.
- How crypto-focused malware and hoax incidents highlight the evolving threat landscape.

Catch up on-demand.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in the 'Question' or 'Rate this' section.

SIG Download: Episode 23 - Night of the Living Threats – A Halloween Cybersecurity Special

Join Akamai's Director of Field Security Technology, Michael Villar, for a live webinar where we break down the microsegmentation playbook—what it is, how it fits into a Zero Trust architecture, and how to deploy it for maximum visibility and control. Whether you're defending your enterprise against lateral movement or isolating critical workloads, microsegmentation is your MVP for reducing risk.

In this session, you'll learn:
- How to tackle lateral movement and insider threats
- Key components of a successful microsegmentation strategy
- Real-world use cases and deployment tips

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE Credits by watching our Webinar and providing us with your ISC2 Member ID number either in 'Question' or 'Rate this' section.

Endpoints to End Zone: Build Your Microsegmentation Defense

In this "If APIs Could Talk" episode, we’ll explore the Akamai API Security integration with ServiceNow and how it helps organizations bring visibility and control to API security. APIs are often invisible to traditional asset management and security tools, leaving gaps in governance and response. With this integration, you can automatically push API data into the ServiceNow CMDB, link vulnerabilities to the AVR module, and give IT and security teams shared visibility and workflows for remediation. The session will include a walkthrough of how the integration works, examples of how API findings are surfaced in ServiceNow, and practical tips for streamlining response and closing security gaps more efficiently.

Akamai is an approved ISC2 CPE Submitter Partner. Earn CPE credits by watching our webinar and providing your ISC2 Member ID in the 'Questions' or 'Rate This' section.

Ep. 20 From Discovery to Remediation:  Managing API Security with Akamai and ServiceNow

Security buyers face endless claims about protection efficacy — but how do you separate marketing from measurable reality?

In this session, SecureIQLab and Akamai break down the results of the industry’s only recurring, standards-based comparative WAAP test. Join Cameron Camp, Analyst Security Researcher and Akamai’s Brent Maynard, to learn how independent testing is conducted, why resiliency and false-positive avoidance matter as much as detection rates, and where most vendors still fall short.

We’ll share Akamai’s top-performing results, key market learnings, and the practical questions every security leader should ask when evaluating a WAF or WAAP. Walk away with actionable insights to validate your current defenses and strengthen your buying decisions.

Want to learn more? Compare WAAP vendor efficacy data in this 2025 report: https://www.akamai.com/lp/report/2025-waf-comparison-report

Additional Resources:

-On-Demand Webinar: Extend WAF Protections: https://www.brighttalk.com/webcast/13169/646081
-Webinar: Adaptive Security Engine: Next-Gen WAAP: https://www.brighttalk.com/webcast/13169/651706

Independent Testing, Real Results:  How Secure Is Your WAAP?

Tune into this session to learn about the importance of identifying and protecting various types of assets within organizations and how using a multi-layered approach of implementing security solutions can reduce the risk of a potential cyber attacks and threats. Attendees will discover how threat actors locate sensitive information about their targets that can lead to compromising a company and stealing data. Furthermore, viewers will gain hands-on experience in getting started with using popular tools within the cybersecurity industry to identify security vulnerabilities on their systems and network while learning how to secure them. Lastly, viewers will explore the need for developing an incident response plan and creating a team that's well-prepared to catch any security event and handle any incidents.

Key Takeaways:
- Understand the need for data protection and defense-in-depth.
- Discover how organizations leak sensitive data without knowing.
- Get started with identifying potential security vulnerabilities.
- Explore the need for incident response planning and procedures
- Build an incident response team.

Protecting organization data against cyber attacks, threats and data breaches

When the headline says “Cloud Breach Due to Misconfigured Server,” we’re only getting a small part of the story. Critical information on what really went down rarely becomes public knowledge. 

But in order to keep cloud data secure, it’s essential to understand how attackers are exploiting the cloud API control plane, and expand the blast radius well beyond the initial misconfigured resource in order to inflict real damage. 

In this session, Josh Stella, Chief Architect at Snyk, will walk through the ways control plane compromise attacks happen, and why you need to go beyond traditional cloud security posture management in order to spot the deeper design flaws in your environment that make these attacks possible.

Attendees will gain an understanding of:
-What the cloud control plane is and why attackers need access to it
-How to identify control plane compromise risks in your environment
-Why cloud security hinges with secure design, and where to start

How Hackers Compromise the Cloud Control Plane

Preventative measures are top-of-mind when it comes to protecting your organization from ransomware attacks, but the reality is that even the best efforts can sometimes be thwarted. Often, organizations learn that despite their best efforts, they have been hit by a ransomware attack. How can you plan for this possibility and what do you do if it happens?  

Join Nic Hernandez, Systems Engineer at Clumio, as he discusses important topics in ransomware protection:

● Why choose a cloud-native data protection solution for mission-critical data in AWS
● Best practices for ransomware recovery
● The importance of RTO in business continuity
● How to optimize your backup plan to reduce cost 
● Importance of cross account/region recovery in the event of a disaster

Get Backup & Running: Ransomware Protection & Recovery in AWS

Businesses are now spending $170.4 billion on information security annually, according to research from Gartner. Despite this huge investment, IBM's annual security report found that the average cost due to a data breach rose from $3.86 million in 2020 to $4.24 million in 2021, the highest in 17 years. Headlines call out the latest victims, including some of the world's biggest corporations. But how can businesses protect themselves when employees are scattered, data is exploding, and devices are proliferating?

In this expert panel, cybersecurity experts will discuss best practices for proactively protecting your organization from the most common threats, and what to do when a breach does occur. 

Join us to explore:

-- Preventing breaches from external and internal threats
-- Tools and techniques for detection and response
-- How the speed of response to a breach can minimize its effects
-- Adapting breach protection to hybrid work models
-- How modern architectures such as IoT and edge affect a breach prevention strategy


Panelists include:
Jeroen Hekelaar,  Manager, Solutions Engineering EMEA, SonicWall
Carl Leonard, Cybersecurity Strategist, Proofpoint

Sources:
https://www.proofpoint.com/uk/resources/threat-reports/state-of-phish
https://www.proofpoint.com/uk/resources/e-books/legacy-dlp-crumbles-in-the-cloud
https://www.proofpoint.com/uk/resources/threat-reports/state-of-phish
https://www.proofpoint.com/us/resources/analyst-reports/gartner-market-guide-insider-risk-management
https://www.sonicwall.com/2022-cyber-threat-report/
https://www.proofpoint.com/uk/resources/white-papers/voice-of-the-ciso-report

Don't Become the Next Cautionary Tale: Top Breach Prevention Strategies

This talk will detail how to plan your application ecosystem landscape to withstand multi-layered attack.

Key Takeaways:
• Understand which tools are better aligned with your stack.
• Apply best practice to develop active simulation exercise.
• Review of disaster recovery as monthly initiatives.
• Align your business continuity to critical assets.

Planning Your Application Ecosystem Landscape to Withstand Multi-Layered Attack

Hackers will never stop their attack attempts, and organizations must be aware they could be breached any second! So tune into this presentation to discover:
• How to best prepare against those attacks? 
• What tools to leverage?
• How can your security team detect even the latest, more sophisticated foes and, most importantly, how can you respond to their attacks?

Join Dr. Erdal, corporate CISO and president of the Global CISO Forum, to learn how you can master your breach detection learning from real-life examples.

The Art of Breach Detection

Today's security operations centers (SOCs) are inundated with an endless stream of alerts, vulnerabilities, and threat intelligence. But the reality is that no matter how large or well-resourced a security operations team, there will always be more work to do. So the next-gen SOC must be calibrated to work smarter, not harder. 

In this webinar you will learn:
•  What are the main inefficiencies in SOC operations.
•  How to use technology to address the inefficiencies.
•  How to use people and processes to address the inefficiencies.

The Next-Gen SOC: Optimizing to Make the Most of Limited Resources

Having a vulnerability disclosure policy (VDP) helps improve network defenses and enhance mission assurance, helping you

launch faster
with less risk
while safeguarding sensitive data

Get the expert playbook on VDPs from the DoD, Keurig Dr Pepper, and HackerOne. In less than an hour, you’ll learn how to create a VDP that expands your vulnerability awareness, builds compliance into your processes, and moves you to a higher level of security.

Understanding Your Attack Surface Through Vulnerability Disclosure

To create secure applications at the speed of DevOps, teams embrace the shift left mantra. But inserting security into app development can appear as a speed bump and even as an obstacle to continuous deployment. If 2021 proved anything it is that securing your applications still has to be priority. But it doesn’t have to be drag. By adopting a DevSecOps mindset and embedding security into the product lifecycle, teams can be fast and secure. 

Please join guest speaker Janet Worthington, Forrester Senior Analyst, and Daniel Shugrue, Digital.ai Sr. Product Marketing Manager, to hear the latest on where organizations are in the shift left transformation, the state of application security, and where teams can dig in to further their DevSecOps efforts.

Create secure applications at the speed of DevOps

As the pandemic continues to affect both business and personal lives, expectations of a ‘return’ to pre-pandemic conditions have faded from most plans. Underlying trends that have always driven information security, such as new technologies, greater compliance mandates and more severe security incidents, continue to be significant change agents. The 2022 Thales Data Threat Report, based on data from a survey of almost 2,800 respondents from 17 countries across the globe conducted by 451 Research, part of S&P Global Market Intelligence, reviews and analyzes these trends and changes.

Many organizations continue to be unprepared for the security challenges of diverse threats, ransomware, accelerating cloud transformation and hybrid work. In fact, according to the report’s survey 21% of all respondents said they had experienced a ransomware attack. Furthermore, 22% of respondents worldwide said they have paid or would pay a ransom for their data.

This webinar will review the changing landscape of data security risks and threats. Specifically, you can expect to learn about:
• Leading sources of data threats
• Ransomware preparedness and how it has changed breach economics
• Breaches and their impacts weigh on security planning
• Data sprawl’s impact on data security
• Cloud usage trends and security practices in the cloud
• Threats of remote and hybrid workforces
• Future threats such as quantum computing

Key Findings from 2022 Data Threat Report - Global Edition

Data breaches increased a staggering 68% in 2021, according to Identity Theft Resource Center's annual report, affecting individuals, municipalities and nation states, businesses large and small, and public utilities and resources. Attacks involving ransomware more than doubled, and the most popular business targets were in manufacturing and utilities. Understanding these trends and anticipating how and why attackers might single out your business operations or employees is critical to mitigation.

This panel of security experts will explore the current state of cybersecurity and how to use threat intelligence and threat hunting to identify risk and avert disaster.

Join us to learn about:

-- The new breed of cyber criminals and why they attack
-- The types of breaches your business should fear most
-- The best sources of threat intelligence 
-- How threat hunting and threat modelling can help your business proactively deter attackers
-- How to increase security awareness throughout the organization

Panelists include:
Michael Pepin, CISSP, Sr. Security Architect, Clumio
Carl Leonard, Cybersecurity Strategist, Proofpoint

Sources:
Proofpoint 2022 Voice Of The CISO report
https://www.proofpoint.com/uk/resources/white-papers/voice-of-the-ciso-report
 
Proofpoint The Human Factor 2021
https://www.proofpoint.com/uk/resources/threat-reports/human-factor
 
Verizon Data Breach Investigations Report 2021
https://www.verizon.com/business/resources/reports/dbir/2021/masters-guide/

How to Keep up with the Cyber Threat Landscape

The bad news? Data breaches now play a role in ransomware and extortion attacks, espionage, cyber fraud, business-email compromise, and more. The good news? As security vendors and internal security teams up their game, threat actions are converging, and threat actors now have only so many initial attack vectors to break in and do bad things.

You must simplify your prevention strategy to develop an effective means to stop data breaches, regardless of the flavor of attack. But how?

Join Nick Cavalancia to explore how you can elevate your data breach prevention strategy by viewing it through the lens of threat actor actions. Topics will include:
• Start with the bad guy and work backwards to strategy.
• Focus on initial attack vectors.
• Translate threat actions into practical prevention strategy.
• Lessons from MITRE’s ATT&CK Framework and industry trends.

Use bad-guy trends, tactics and techniques against them for effective strategy

Certain types of unclassified information are extremely sensitive, sought after by strategic competitors and adversaries, and often have legal safeguarding requirements. Controlled Unclassified Information (CUI) is government-created or -owned information that requires safeguards or dissemination controls consistent with laws, regulations and government policies. 

Like Personal Data (PD) and Personally Identified Information (PII), CUI is highly-valued information, requiring better understanding by cybersecurity and compliance professionals. 

In this presentation, we dive into the essential aspects of CUI, such as
• CUI concepts and NIST standards.
• The CUI registry, categories and markings.
• What cybersecurity and compliance professionals must know to protect CUI.

Decoding CUI: A Highly Valued Data Type at Risk

Breaches happen by clever and well-armed cybercriminals who use many tactics, techniques, and procedures to infiltrate IT infrastructure, implant malware, and execute attacks. There is a lot at stake, so you need to know as much as possible with little or no delay to minimize adverse consequences.

Network monitoring that pipelines packets from the core network to cybersecurity analysts and analytics is the foundation of detecting and responding. Stealth is an often-used weapon, so monitoring with the highest possible fidelity is necessary to detect increasingly subtle Indicators of Attack and Indicators of Compromise.

This webinar will provide a stepwise plan for achieving faster breach detection and maximizing resilience to cyber risks by showing you how to: 
 
• Instrument any network, physical, virtual, hybrid-cloud, for high-fidelity monitoring to losslessly acquire and reliably deliver network packet data to SOC and SecOps security analysts and the analytics and tools they use
• Capture, store, and organize network packet data for use as security evidence 
• Forensically analyze security evidence to facilitate a rapid and effective response

Faster Breach Detection

We must learn from our mistakes. Exploits work, breach happens, and threat actors succeed because after decades of cyber security effort we are still missing the mark and doing what we know needs to be done to protect digital business. Join Yaniv Bar-Dayan, Vulcan Cyber co-founder and CEO, and Ali Naqvi, Vulcan Cyber senior director of solutions architects, to learn how to avoid the top five mistakes that lead to enterprise security breaches. Join us to:
Learn how your teams can avoid these mistakes and proactively protect against the latest cyber threats.
Learn how to shift to a risk-based approach to vulnerability assessment, prioritization and mitigation.
See a demo of the Vulcan Cyber risk management platform used to help protect your business against Log4Shell risk.
 
Don’t let common mistakes, and known breach vectors like Log4Shell, catch your teams unprepared and vulnerable to the growing number of exploits and threat actors facing our business today.

Avoid The Top Five Breach-Inducing Mistakes and Mitigate Log4Shell Risk

Cybercriminals have an arsenal of tactics at their disposal - phishing, malware, social engineering, email fraud, identity theft (EAC), and ransomware. Successful attacks only need one tactic to work, but companies have to protect against all of them. The number one attack vector is still email and the number one target is still people. 
In 2021, attacks became more sophisticated and volume increased by ~20%. Email-based attacks were more successful with 83% of companies falling victim to successful phishing attacks (up from 57% the year before).

In this session, Mike Bailey will:
• Explore recent trends in the threat landscape
• Discuss best practices of a people-centric security strategy including technology, processes, and people
• Show how a layered, integrated approach can yield success

Fighting Cybercrime in 2022: All for one and one for all

Data breaches are more prolific than ever, with 2021 seeing 5250 confirmed instances involving large companies such as Facebook, LinkedIn, and Ubiquiti. Such breaches are not only a privacy concern, but are also very costly to the involved organization, incurring a loss of $4.24 million on average. The good news, however, is that in breaches where strong Zero Trust principles were employed this cost decreased by $1.76 million.

In this talk we show how Application-Layer Encryption (ALE) can be applied at the database level to provide strong protections against breaches. While traditional at rest database encryption helps protect your data in case of a direct breach, database ALE can ensure cryptographically that even authorized applications have minimal access. This means, that even if your data producing application contains a vulnerability, compromising this application won't give the attacker access to your data. Through the use of modern cryptographic techniques, database ALE can even be implemented without fully sacrificing useful capabilities of the database, such as search.

About our presenter: 
Philip has a background in mathematical engineering but has always had a strong interest in computer science, a combination which eventually resulted in a PhD in symmetric cryptography. Today he has the technical responsibility for the development of CYBERCRYPT's Encryptonize product.

Preventing Database Breaches with Application-Layer Encryption

When attackers see a way in, they take it.

If you want to stay ahead of attackers, it's time to make the shift from a focus on threat intelligence to risk intelligence.

Today’s security leaders are squeezed between increased risks and attacks, expanding attack surfaces, and decreasing resources, which has them streamlining defense strategies and investments towards what matters most and what exposures are critical. 

Join us for a lively discussion on the current security leadership shift of focus from threat intelligence to risk intelligence. Security leaders will share their journey to the sweet spot: that balance between visibility, priority and value that helps focus their security practices towards confident protection (vs whack-a-mole). Areas covered will include: 
-> Balancing protections inside and outside the network
-> Various ways of prioritizing risk and what doesn’t work
-> Mapping potential paths into and out of your network
-> Merging attack surface management, vulnerability and threat information to identify real risk

Redefining Cyber Intelligence: The Shift from Threat to Risk

Cyber threats continue to increase and are impacting almost all aspects of modern life.  Ransomware, malicious domains, espionage and digital disruption are the most common attacks of recent times.  Understanding how these vulnerabilities and their exploits are changing, provides helpful insights into combatting new threats. Cyber threats change over time, as do the countermeasures that best protect against them like:

• Ransomware
• DDoS (distributed denial-of-service)
• State-sponsored cyber actors
• Social engineering and phishing threats -- increase in sophistication
• Data exportation, breaches and insider threat

Key takeaways:
• Leverage best practices and frameworks such as NIST & ISO 27001 to manage the threat landscape.
• Prompt innovation can help protect against cyber threats.
• Build cyber threats awareness and training culture to test it regularly.
• Consider the source and validity of information when making decisions.

Trends in Cyber Threats and Top Countermeasures

Alignment is the key to a future-proof cloud strategy that can adapt to shifting business needs in any organisation. InfoSec leaders and CIOs  play an important role in guiding all parties toward alignment on the project phases, expectations and outcome. 

In this session we’ll walk through:
- a brief history of zero trust and the 3 main stages
- the unique approach offered by the Zero Trust Exchange, and why a comprehensive zero trust architecture matters


The presenter: 
Lee Dolsen is the Chief Architect for Zscaler’s Asia Pacific business, based out of Singapore.  He has over 20 years’ experience in the IT industry focusing on various aspects of Internet Security and Content Delivery. Lee has been living and working inAsia for the past 14 years. He joined Zscaler in 2012.

What are the 3 main stages of Zero Trust and why does it matters to you?

With any cyber-threat prevention strategy, organizations must know the assets connected to their networks, whether these assets are vulnerable to exploitation, and which vulnerable assets should be prioritized for remediation actions. These activities are known collectively as security hygiene and posture management. Unfortunately, organizations often manage these fundamental security best practices haphazardly, opening them up to cyber threats or the ever expanding attack surface. 

In this keynote presentation, ESG Senior Principal Analyst and Fellow, Jon Oltsik, will share new research and discuss the challenges around security hygiene and posture management to explore what companies can do to both address these challenges and establish best practices.

Threat Prevention Anchored by Strong Security Hygiene and Posture Management

Cyber Threats and Breach Protection

Modern web applications have become complex, heavily reliant on APIs for virtually every online interaction. This complexity brings with it the potential for new entry points for hackers and unfortunately more overhead for the business to manage and track.

Akamai’s Director of Security Technology and Strategy, Sean Flynn, takes us behind the scenes of how attackers look for new vulnerabilities and used obfuscation to prolong Log4J zero-day attacks.

In this webinar, you will also learn about:
- A new reflection/amplification distributed denial-of-service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1
- Why do attackers focus more on APIs than traditional applications
- What companies can do to stay ahead of future threats

The Application Attack Threat Landscape - After Log4J

log4j

Threat Detection

Application Security

Security Breach

api security

Security Awareness

DDoS

IT Security

Cyber Security

Cloud Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Application Attack Threat Landscape - After Log4J

Presented by

About this talk

Akamai