Cómo una estrategia de gestión PAM ayuda mitigar el riesgo ante ransomware
El Ransomware evoluciona y aquellos como Maze no solo están cifrando datos para irrumpir el negocio, sino que también conducen a la fuga de información confidencial. Aprenda cómo los riesgos asociados al Ransomware pueden mitigarse mediante la implementación de una estrategia integral de gestión de cuentas privilegiadas (PAM). La solución CyberArk permite mitigar el riesgo relacionado con Ransomware mediante un enfoque de privilegios mínimos y protección contra el robo de credenciales para evitar el ataque a las máquinas donde aterriza, combinado con una rotación de credenciales y aislamiento de sesiones privilegiadas para que los atacantes no puedan moverse lateralmente por el entorno y evitar su propagación.
RecordedJun 10 202045 mins
Your place is confirmed, we'll send you email reminders
Today, Single Sign-On (SSO) is a de facto standard for managing employee access to applications and systems. SSO eliminates the need for individual passwords for each application or system account and replaces them with a single set of credentials. The obvious and immediate benefits of Single Sign-On include drastically improved end-user experience, simplified access to corporate resources, and more robust identity security controls.
However, there are many additional, long-term benefits organizations can realize by implementing SSO solutions that are frequently overlooked during initial discussions. For example, with properly configured self-service tools, companies can significantly reduce their IT costs by reducing the number of password-related help-desk tickets and calls. In addition, SSO can eliminate the risk accounts that remain active when employees change roles or leave companies.
In this webinar, we’ll discuss the short-term and long-term benefits of modern SSO solutions and highlight the functionality needed to realize these benefits.
David Higgins, EMEA Technical Director at CyberArk
In the past six months, organizations had to swiftly change or accelerate priorities to align with business continuity requirements driven by remote work and other digital transformation programs. As we approach a new year, we have greater visibility about the blind spots that were created along the way. There has been an explosion of identities in use, and we know that any user type (human or not) can have elevated privileges at any time. And, increasingly it’s business users that have elevated access that must be secured with minimal friction.
Join us to learn:
1) What is driving explosion of IDs how to leverage automation, AI and ML to ensure security keeps pace
2) How to build a unified security architecture
3) How to remove silos and share threat intel across tools
Asaf Hecht, Security Research Team Leader, CyberArk
Cloud environments exist everywhere. This in turn means that attackers are super motivated in finding ways to penetrate organizations’ cloud infrastructure. In this session, we will present findings from the CyberArk Labs team, demonstrate five attack techniques, and highlight fundamental considerations such as:
1. How attackers can steal cloud credentials from endpoints, code and cloud VMs
2. How intruders can compromise cloud users with only a few permissions, but still succeed to escalate their permissions and become full admins
3. How to target SSO and IAM solutions that many organizations use for integrating their on-prem network to the cloud
Corey Williams, Head of Identity Marketing at CyberArk
Remote work is quickly becoming the permanent “new normal”, and attackers have stepped their efforts to take advantage of the situation. They know a dramatic shift in work has resulted in an innumerable number of holes even in carefully crafted security programs.
Join us for a discussion on key recommendations for securing remote work in the face of this new — and at least partially permanent — normal. We will discuss how to secure:
• remote workforce access to on-prem and cloud apps
• users access to their PC and Mac endpoints
• local admin accounts to thwart malware and ransomware attacks
• remote access to on-premises systems and resources by 3rd party vendors
PwC: Planning for Privileged Access Risk in the "New Norm"
The global response to covid-19 resulted in a number of dramatic and swift changes, including millions of workers shifting from on premise locations to untested remote work environments. Rushing to virtually connect remote workers, third party contractors, and other entities raised unprecedented cybersecurity risk and challenged organizations as never before. As security practitioners around the world cope with the challenges brought on by COVID-19, Digital Transformation is becoming a key factor to embracing the new norm. We’re seeing organizations migrate to cloud platforms while extending their on-prem infrastructure and applications to allow for rapid scaling to support remote access.
PwC, through our partnership with CyberArk, is helping organizations follow a secure digital transformation strategy, including defining mechanisms to catalog the risk associated with privileged access, while they work to rapidly upscale their infrastructure and migrate to the cloud. Combining our strategic methodology with state-of-the-art toolsets leveraging artificial intelligence and machine learning, enables organizations to better identify and forecast privileged access risk, leading to a holistic and proactive approach for their PAM Program.
Join us to understand the fast-changing landscape of privileged access during these transformative times and how to strategically tackle the challenges associated with it!
Secure Access for Remote Users and Protect Critical Systems
Remote access has been on the rise – consider all of the recent events and trends that have led to a rise in the remote workforce. In addition to the proliferation of remote vendors, remote employees may require access to corporate servers, customer data, email, databases and other cloud-based applications from their laptops or mobile devices without directly connecting to the internal company network.
Business continuity must also account for situations that may require organizations to provide remote workers with controlled access to critical systems. Having manual and/or patchwork processes in place can dramatically increase risk as well as cause operational headaches for end-users and security practitioners alike. With a Privileged Access Management (PAM) program in place, organizations can properly mitigate risks.
Aaron Pritz, CEO and Co-Founder of Reveal Risk and David Higgins, EMEA Technical Director CyberArk
New to Privileged Access Management (PAM)? If so, you may want to hit the “skip” button on all the catchphrases, lingo, acronyms, and buzzwords that can make learning cyber security (and specifically PAM) more complicated than it needs to be. Sometimes concepts are best learned in simple terms and basic language.
Attend this webinar to jumpstart your understanding of privileged access management, how to run it “as a service”, and many other concepts to help you accelerate your cyber security efforts for your company:
Defining “Privilege Access Management (PAM)” and “PAM as a Service”
Understanding the risks of privileged access
How privileged access can be secured via people, process, and technology
How to secure privileged access for:
Cloud and dynamic applications
How to get started with PAM as a Service
Six action items you should investigate right now (things you can immediately take away from the webinar)
Enabling Your Business: A Customer’s Journey Through Privileged Access Management
Customer Case Study
Experience the journey through a Privileged Access Management (PAM) program, as it enables business capabilities, drives efficiencies and reduces risk. Attend this session if you are an IAM leader or an executive interested in understanding how PAM can positively impact your organization, complement your enterprise risk framework, and align to your overall cybersecurity strategy. Gain insights into PAM experiences through the eyes of a consumer.
Brandon S. Dunlap; Jeremy Snyder, Rapid 7; Morten Boel Sigurdsson, Omada; Corey Williams, CyberArk
Securing the access to cloud data assets has never been more important. According to the latest Verizon DBIR, 73% of cloud breaches involved an email or web application server, while 77% of these cloud breaches also involved breached credentials. What does this mean for enterprise cloud security, especially in the time of COVID19 and remote working?
Join this keynote panel to learn more about:
- How the landscape has changed in 2020
- Why attackers are focused on identities
- Understanding privileged user behavior and securing identities
- Discover how organizations are doing IAM, and what's needed for a more secure enterprise
- Best practices and recommendations by the experts
Corey Williams, Head of Identity Security Marketing, CyberArk
The cloud ushers in a lot of change. Gone are the days of traditional network security boundaries. Identity is the new perimeter in the cloud, but how do we secure it?
Like peanut butter & jelly, tomato & basil, and salt & pepper, PAM and IDaaS are two great solutions that work great together to secure cloud infrastructure. Join us as we discuss:
o New dynamics of cloud environments and what this means for security
o Key stakeholders needed in cloud security to ensure a collaborative cross functional approach
o Securing the entire cloud with consistent controls for:
o Cloud Management Consoles and CLIs
o Cloud IaaS
o Cloud Native Apps (PaaS and FaaS)
o SaaS Apps
Adam Bosnian, EVP Global Business Development, CyberArk
Skyrocketing cloud adoption, fast-tracked digital transformation initiatives, geographically dispersed and mobile workforces have created a perfect storm for cyberattacks.
Their target has remained the same, privileged credentials with access and permissions to an organization’s most critical systems and data. In this new reality, traditional network security boundaries have all but disappeared and digital defenses have shifted from network security to identity security. Now, any identity can become privileged under certain conditions, underscoring the need to secure privileged access everywhere it exists.
Join us as we discuss:
o The impact of 68% of CIOs doubling down on cloud services in COVID-19’s wake
o Growth of cloud user, application and machine identities that require powerful privileges
o Challenges your organization faces in managing cloud access and identities
o Let’s talk access, privileges and permissions: what you can do versus how it is enforced
o Five critical questions to ask yourself today to help meet cloud identity challenges tomorrow
Threat detection and response capabilities regularly used for on-premises environments via the CyberArk Core Privileged Access Security Solution are now also available for use in cloud and hybrid architectures to identify high-risk, privileged access related activities and to mitigate risks associated with advanced attacks.
In this webinar we’ll provide a demo and focus on:
- The importance of incorporating privileged threat analytics, detection and response into both hybrid and cloud environments
- New cloud-specific privileged threat analytic capabilities
- CyberArk’s integration with Amazon Web Services new Security Hub solution
Corey O’Connor, senior product marketing manager for CyberArk
Scott Ward, principal solutions architect for Amazon Web Services
Hila Oved, product manager for CyberArk
Matt Tarr, principle solutions engineer for CyberArk
Same old story. Motivated to cause disruption or by a potential financial gain, attackers follow a tried and true attack path typically starting at the endpoint with phishing. Industry research shows 80% of successful security attacks involve compromised privileged access. In the case of Twitter’s high-profile breach, an insider threat adds another familiar element to the story.
With a dramatic increase of remote workers comes an expanded attack surface. Worker today are distracted while juggling work and family responsibilities, and there is increased stress related to a global pandemic and an uncertain economic future. There is not a better time to review the priorities of your security program to ensure policies and practices reflect new realities.
Questions every security leader asking right now: how are we identifying what our most critical systems, tools, data and infrastructure are and who has access? Who is considered a privileged user (this includes business users) and what steps are we taking to manage, monitor and protect that access?
Join us to learn about security trends and best practices including:
• Reasons identity is the new perimeter
• Isolating access to the administrative system and requiring dual control for highly sensitive operations
• Continuous monitoring and user behavior analysis on applications through a monitored proxy
• Implementing least privilege controls to minimize access to sensitive functionality
The twitter attack highlights the dangers of unsecured privileged access to critical resources and how quickly any credential or identity can become privileged under certain conditions.
Aaron Fletcher, Senior Security Consultant for CyberArk
Incidents put stress and pressure on the organisation to rapidly respond, reactively and tactically. So the question is, what do you do when this happens? And what could you do to help mitigate the frequency of incidents?
In this Webinar we will look at a scenario where an organisation comes under attack from a malicious external actor, we will analyse the vector of the attack and we will identify where mitigations can be put in place to reactively respond and where you could proactively defend the organisation.
- Identifying the type of attack and what did it do?
- What is the recovery mechanism in place?
- Measuring the decisions to return to Business as Usual operations
- Threat Analytics and Discovery for known attacks and Vulnerabilities
Rachel Veal, Ad Hoc | Ido Safruti, PerimeterX | Josh Kirkwood, CyberArk | Max Heinemeyer, Darktrace
Sacrificing data security for faster innovation is one of the main causes of tension between cybersecurity and IT professionals on the one side and DevOps teams on the other. So, how should organizations bridge this divide and what do they need to implement?
Join this exclusive keynote panel to learn more about:
- Why securing DevOps pays off in the long run
- Shifting left: What is it, how it works and why your organization needs it
- How to make security an integral part of the DevOps process
- DevOps security checklist
- Recommendations for tools and workflows that enable better security
Rachel Veal, IT & Security Program Manager, Ad Hoc (moderator)
Ido Safruti, Chief Technology Officer, PerimeterX
Josh Kirkwood, Solution Engineering Manager, CyberArk
Max Heinemeyer, Director of Threat Hunting, Darktrace
Andres Guisado, Principal Solutions Engineer, CyberArk
Security has recently become indispensable in DevOps world and continues the road to maturity. Cloud, containers, agile, pipelines, you name it. DevSecOps is not a hype anymore and it is becoming an increasingly important priority for everyone. Where to start? What are the best practices?
In this session, you will learn:
- Where is DevSecOps coming from?
- Why, What and How DevSecOps?
- Baselines and best practices for a DevSecOps approach
- Why it's important to make sure to protect the last line of defense of your organisation
Protecting the heart of an organization starts exactly there - locking down the systems that are most critical. However, the endpoint remains the initial point of intrusion whereby attackers can compromise devices and establish a beachhead with relative ease.
In this session, we detail how to remove local admin rights and prevent credential theft from developer and IT admin workstations, which are a common target for attackers.
CyberArk channel offers you regular insights and latest news on Privilege Access Management from the global undisputed leader in privileged access management.
You'll find here live webinars, on demand webinars and videos!
Cómo una estrategia de gestión PAM ayuda mitigar el riesgo ante ransomwareAnastasia Sotelsek, Principal Sales Engineer and Jean-Paul Garcia-Moran, Security Advisor[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]45 mins