Name: 5 steps to building an effective SOC optimization program
Start: 2021-11-03T17:00:00Z
End: 2021-11-03T17:00:25.000Z
Location: BrightTALK
Rating: 4.5

Cymulate exposure management and security validation drives continuous threat exposure management programs and supports both the technical and business requirements of scoping, discovery, prioritization, validation, and mobilization.

It’s 2024 – why do you still rely on manual pen testing to validate your security posture? It’s labor-intensive, doesn’t reveal real-time vulnerabilities at scale, and typically happens only once or twice a year. This lack of automation combined with infrequent testing windows makes it impossible to have a clear and up-to-date understanding of the high-risk attack paths, vulnerabilities and misconfigurations happening inside your IT environment right now.  

There’s got to be a better way. And there is. But first, it’s time to stop waiting for Red Teams to take the first step when it comes to validating an organization’s security posture. Blue Teams can take matters into their own hands. By using their own managed security controls, they can do things like create rules in their EDR and WAF to block exploitation attempts from a known vulnerability. 

In this session, we’ll talk about the benefits and practical application of automatic, continuous security control testing. And how shifting the power dynamic between Blue and Red Teams can lead to a more optimized approach to security. One that can be automatically built into an existing environment and yield results such as automated testing, continuous validation and coverage at scale.  

Finally, we will show real-world examples of threats vs. actual attack paths, vulnerabilities vs. controls, and practical steps to remediation.

Hey, Blue Teams: Stop Waiting for Pen Tests to Find Gaps. It’s Time to Take Control of Your Offensive Testing.

Security and exposure validation has become a critical component for today’s cybersecurity strategy.

Join Cymulate in this webinar as we discuss The Principle of Security Validation and explore the best practices established by Cymulate to:

- Validate Security Controls
- Validate Threats
- Validate Operational Response

During this session, you will gain practical guidance for the continuous testing and validation of 12 key areas of your cyber defenses. The Cymulate platform captures a decade of red team / blue team experience in a comprehensive suite of attack simulations based on real threat actor scenarios and campaigns that can be used to:

- Validate and optimize your security controls
- Test your resilience against the latest emergent threats
- Meet the latest compliance regulations including PCI and DORA
- Conduct full kill-chain exercises to understand your security operations response

The Principles of Security Validation (IST / SGT)

Security and exposure validation has become a critical component for today’s cybersecurity strategy. 

Join Cymulate in this webinar as we discuss The Principle of Security Validation and explore the best practices established by Cymulate to: 

   - Validate Security Controls 
   - Validate Threats 
   - Validate Operational Response 

During this session, you will gain practical guidance for the continuous testing and validation of 12 key areas of your cyber defenses. The Cymulate platform captures a decade of red team / blue team experience in a comprehensive suite of attack simulations based on real threat actor scenarios and campaigns that can be used to: 

   - Validate and optimize your security controls 
   - Test your resilience against the latest emergent threats 
   - Meet the latest compliance regulations including PCI and DORA 
   - Conduct full kill-chain exercises to understand your security operations response

The Principles of Security Validation

Kubernetes has become the de facto standard for deploying applications in the cloud as organizations run business-critical applications on Kubernetes K8 clusters hosted by leading cloud services providers Microsoft Azure, Amazon AWS, and the Google Cloud Platform (GCP). 

In this research update, the Cymulate Threat Research Group decided to put the native security tools of each provider to the test against the types of attack techniques being used by threat actors to exploit K8 clusters. The native cloud security tools included: 
* Azure Cloud Defender  
* AWS GuardDuty  
* GCP Command Center 

The results of these security validation tests against the above native cloud security tools raise some concerns that your K8 cluster could get KO’d by a threat actor, which we believe is NOT OK. 

To find out more, attend this informative session to learn about: 
* The Cymulate Kubernetes research project 
* Research results and detection rates for native cloud security tools 
* Overview of the research findings 
* Cymulate recommendations to better secure Kubernetes environments

Research Webinar: Native Cloud Defenses vs Kubernetes Attacks

As business pressures increase, CISOs face an alarming disconnect from executive teams. WSJ recently published research highlighting that communication is at the root of the problem: 58% struggle to make the technical understandable to senior leadership, and 82% feel the need to sugarcoat their security reports in front of the board.  

Cybersecurity has moved to the board room requiring CISOs to communicate with executive teams and answer the questions: 1) How secure are we? 2) Are we exposed? and 3) How bad is it? 

Join top cybersecurity leaders as they discuss how security and exposure validation provides the proof and evidence to measure and baseline cyber resilience so CISOs can report on their company’s cyber risk in quantifiable terms and confidently advocate for continued investments and improvements. 

Panelists include: 
* Dan Baylis, CISO, LV= 
* Phillip Heyns, Global Cybersecurity Architecture & Engineering Manager

Register now for an informal discussion that covers:  
* How the role of CISO is changing in an ever-expanding, higher-stakes attack landscape 
* CISO communication struggles  
* Why insights and metrics are vital for reporting on their company’s cyber risk in quantifiable terms 
* The role of security and exposure validation in quantifying practical risk exposure to promote data-driven conversations about security performance and ROI

CISO Roundtable: Automated Security Validation & Metrics of Cyber Resilience

Regardless of the amount of efforts and resources invested, organizations never seem to be closing the gap between the number of existing and emerging vulnerabilities in their environment and the number of remediated ones. But how can you know if you are exposed to exploitable vulnerabilities?

In this Live Demo, we will show how Cymulate delivers Attack-Based Vulnerability Management that is a direct result of production–safe attacks launched proactively in your organization’s environments.

Live Demo : Vulnerability prioritization

Proactively validate your enterprise's SIEM and SOC by launching controlled attacks in a quick, simple, and scalable manner.

Live Demo - SIEM & SOC Validation

Just as application development requires quality assurance and regression testing to deliver usability and function without defects, cybersecurity demands its own quality program to maintain strong defenses. Threats evolve, and your attack surface sees continuous change, so security teams face a constant challenge to identify weaknesses, prevent drift, and strengthen overall resilience. 

Join this webinar to learn how exposure management evolves security operations with continuous security and exposure validation that: 
- Test controls and response capabilities 
- Correlates vulnerabilities, weaknesses, and gaps with active threats and mitigating controls 
- Benchmarks cyber resilience and strengthens your overall security posture.

Security Validation: Your Security Program Needs QA & Regression Testing

Security leaders recognize that the pattern of buying new tech and the frantic state of find-fix vulnerability management is not working. Rather than waiting for the next big cyberattack and hoping they have the right defenses in place, security leaders are now more than ever implementing a proactive approach to cybersecurity by taking action to identify and address security gaps before attackers find and exploit them. 

Cymulate presents its 2024 State of Exposure Management & Security Validation report with key insights gathered from more than 500 customers in the practice of exposure validation correlating vulnerabilities, threats and controls. 

Join this webinar to learn more about the key findings and participate in the discussion of the report and its key findings in the areas: 
- Top threats, vulnerabilities targeted & cyber resilience 
- Most common security weaknesses and gaps from poor configuration 
- Security control effectiveness

Cymulate Research: 2024 State of Exposure Management & Security Validation

Today’s cloud security recognizes that breaches are inevitable. 

You need defenses to identify attacks accurately and contain the threat. That’s the role of cloud detection engineering. Join this webinar to dive into real-world scenarios that improve your cloud security posture through applied concepts of the assumed breach mindset that combines visibility, advanced detection analysis, robust identity and access policies, segmentation, and continuous security assessments to validate controls and responses. 

Register now and explore the concepts of detection engineering that you can apply to your cloud security program.

Cloud Detection Engineering: Adopting an Assumed Breach Mindset - IST

Cloud Detection Engineering: Adopting an Assumed Breach Mindset

December's Threat Research Lab Update explores well-understood attack tactics and methods that are getting new life breathed into them in current attack campaigns.

December Threat Research Lab Update

November's Threat Research Lab Update explores well-understood attack tactics and methods that are getting new life breathed into them in current attack campaigns. 

Each month, Mike DeNapoli, Cybersecurity Architect, and Dan Lisichkin, Threat Intelligence Expert & Infosec Researcher dive into the attacker tools emerging as the most prolific and highest risk in the threat landscape. We'll showcase a few that stand out from our continuous examination of the threat landscape and research performed by our highly experienced and diverse researchers. We'll evaluate how these tools work, the phases of intrusion, the threat actor profile (who did it, motivations, origin, why they chose their targets), and how the attack propagated. Furthermore, we’ll provide clear demonstrations of how we detected and replicated the attack propagation using the advanced capabilities of the Cymulate platform.

November Threat Research Lab Update - Everything Old is New Again

From military exercises to politics to video games, whenever there is any form of formal conflict, teams get stronger when they understand how the other side operates – their strategies, tactics, and core strengths. 

This session will give blue team members information and tips and tricks for breaking out of the confines of defensive thinking to better visualize and simulate threat activity from the threat actor point of view. 

- High-level review of how threat actors tend to operate 
- Visualization of infrastructure and systems as seen by a threat actor 
- Differences between different types of threat actors (lone wolves, small gangs, organized groups, state sponsored activity, etc.) 
- Myths of how threat activity happens commonly held by defenders

Saltt Technologies Webinar: Thinking Like An Attacker

This session will demonstrate the core capabilities of Cymulate Breach and Attack Simulation; including Web Gateway, Email Gateway, Immediate Threat, and Endpoint Security testing assessments.

Demo - Cymulate Breach and Attack Simulation. Part 1

Red teaming is a complex operation that is highly specific to the individual environment(s) in which each exercise is run.  A single wrong move can have significant impact on business operations and revenue generation, or produce misleading or incorrect results or both.  In order to avoid these negative outcomes, many organizations automation have limited the use of automation in red team operations.  However, modern tools and platforms can be used successfully and safely to automate many components of red team operations, such as discovery and probing, without incurring risk.  This allows the red team staffers to accomplish more with the same number of people and still reduce the rate of burnout common to the industry.  This webinar will speak to methods which can be used to safely automate major components of red team exercises without incurring risk, while still seamlessly integrating into the manual operational phase of the exercises themselves.

Red Teaming – Automate What You Can

With hundreds of thousands of potential vulnerabilities to be dealt with at any time, how can organizations define which should be addressed first?  This webinar will provide guidance and ideas on how to gauge not only the priority of patching and upgrading, but also to map out the urgency of performing those remediation actions – and how these may be two extremely different things for each vulnerability discovered.

Urgency vs Priority in Vulnerability Management

As the knowledge and expertise of an organization’s cybersecurity people, process, and technology evolves, keeping these questions in mind can be a major help to keeping that growth on track: 

1 – Where are we at this point in our cybersecurity maturity? 
2 – Where can we move to proactivity without sacrificing reactivity?  
3 – How can we more fully integrate business leadership into the cybersecurity process? 
4 – What challenges and roadblocks are continuing to surface? 
5 – What should be integrated into the next cycle of review and action?

Five Questions to Ask as You Evolve Threat Exposure Management

Preventive security controls are insufficient to protect an organization effectively. They have to work in tandem with detection, threat hunting, and incident response capabilities.
Companies that take a proactive stance to defend their critical assets rely on the people, processes, and technologies that go into their SOC to detect and thwart malicious activity.
This creates the demand for ongoing optimization in the face of a dynamic threat landscape.
Attend this session to learn:
·        How to apply MITRE ATT&CK in the detection development process
·        How to develop and validate detections in an environment that lacks homogeneity 
·        How to leverage automation and build a continuous program of SOC validation

5 steps to building an effective SOC optimization program

MITRE ATT&CK

Threat Analysis

Threat Hunting

Continuous Security Validation

SOC Validation

Breach and Attack Simulation

Incident Response

Vulnerability Intelligence

Cyber Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

5 steps to building an effective SOC optimization program

Presented by

About this talk

Cymulate Exposure & Security Validation