Name: It’s Human to make mistakes – and attackers are banking on it
Start: 2021-01-21T13:00:00Z
End: 2021-01-21T13:00:28.000Z
Location: BrightTALK
Rating: 4.5

CyberArk channel offers you regular insights and latest news on Privilege Access Management from the global undisputed leader in privileged access management. 
You'll find here live webinars, on demand webinars and videos!

The imperative to secure today’s distributed array of application identities is more difficult than ever. With the confluence of extensive automation, greater adoption of cloud and SaaS, and new apps added to your ecosystem, the result is exponentially more non-human identities and secrets to protect. 

Luckily, in this webcast, we’ve boiled down 4 essential identity security lessons that will help you secure secrets and non-humans against theft in your multi-cloud environments. 

Enterprise Strategy Group (ESG) Senior Analyst Melinda Marks brings her industry expertise to this Fireside Chat with CyberArk's Sr. Director of Solutions Marketing, Robert Sawyer, and Sr. Product Marketing Manager, DevSecOps, John Walsh, to explore:

• The rise of non-human identities   
• Why secrets and non-human credentials need to be protected 
• Best practices for securing multi-cloud environments
• And strategies for reducing SaaS risk while improving efficiency.

Join this upcoming discussion to see first-hand the lessons and takeaways discussed.

Black Hat Summit: 4 Identity Security Lessons from ESG & CyberArk

A passwordless future is not far off and that is bad news for cybercriminals.

Watch this replay to learn some surprising facts about passwords and why they pose an increasingly urgent risk for your organization. Find out what alternative authentication methods are available and how you can start taking steps toward improving identity security with less reliance on passwords.

5 Reasons to Ditch Passwords and Make Your Employees (and IT) Happier

Most companies are not immune to security attacks, even if their controls and processes are as tight as Fort Knox. Some of the world’s most technologically advanced enterprises, from Microsoft to SolarWinds to Okta, have faced security incidents and were exposed to risk. Many of these successful cyberattacks did not start with hackers fighting their way through firewalls and intrusion prevention systems or executing zero-day exploits. Instead, threat actors compromised user credentials, took over legitimate user identities, and gained access to internal systems and resources.

In this reality, identities are becoming the frontline in the effort to protect enterprises from breaches. This webinar will explain why companies that invest in Identity Security and leverage defense-in-depth strategies are better equipped to protect their data, users, and customers, whether using solutions from one vendor or integrating technologies from different Access and PAM vendors. We will discuss how a security-first mindset and multi-layered security controls can make it more difficult for hackers to succeed. At the same time, we’ll demonstrate that strong Identity Security controls do not need to harm operational efficiency and the user experience.

Join us to learn about use cases leveraging CyberArk solutions that illustrate Identity Security and defense-in-depth strategies, including:

- Monitoring and auditing high-risk web sessions
- Securing access to all types of resources with adaptive MFA
- Protecting endpoints and enforcing the principle of least privilege
- Providing secure third-party privileged access to critical internal resources
- Storing and sharing credentials for password-based business apps and other sensitive data

How to Leverage Defense-in-Depth to Minimize Risk

With the frequency and severity of cyber insurance losses on the rise, carriers are implementing strategies to mitigate their own exposures. As a result, cyber insurers are tightening their underwriting guidelines and clarifying coverage intent in their policy language.

We invited insurance and cyber security experts from the industry leading organizations to shed more light on what’s in store for 2022 and share their recommendations on how to achieve better outcomes.

If you’re purchasing cyber insurance for the first time or headed into a renewal in 2022, join this live webinar to hear everything you need to know and get ready.

Our presenters from CNA Insurance and CyberArk will discuss:

• Changes in cyber insurance underwriting and how they affect organizations just like yours
• Focus areas and prerequisites for a cyber liability policy
• Top 5 risk mitigation controls required to obtain a cyber insurance policy
• Cyber security solutions to help address essential risk controls

Cyber Insurance: Understanding the Requirements and Getting Ready

Lessons Learned From Okta: A Security-first Approach to Mitigating Identity Provider Risk

Join us as we discuss the fallout and the lessons we can all learn from incidents targeting a critical security layer.

Topics we will cover include:

CyberArk’s perspective on the Jan 2022 Okta incident
- The rise of extortionist groups and the new risk they represent
- Steps to mitigate risk if your Identity Provider (IdP) is compromised
- Importance of a security-first and defense-in-depth approach to securing identities

Lessons Learned From Okta

We see figures around projected endpoint security spend climbing year-over-year as organizations aim to protect themselves against today’s evolving threat landscape. In a December ‘21 survey by ESG, 75% of respondents indicated that they planned to increase their spending in endpoint security over the next 12 months. Unfortunately, this increase in spend does not result in a decrease in successful endpoint attacks, so what’s missing?

There is a fundamental gap in today’s endpoint security and foundational endpoint controls are being ignored. If you are not managing endpoint privileges, you are leaving the door open to attackers.

In this panel we will discuss topics such as:

- Latest attack trends and deconstructed attacks as researched by CyberArk Labs
- Why endpoint least privilege is often ignored/deprioritized
- How you can successfully achieve endpoint least privilege, effectively reduce risk and enhance security without sacrificing operational efficiency.

Securing the Open Door on Your Endpoints

Cyber insurance is a general line of coverage for mitigating losses and costs stemming from security incidents, such as data breaches, network damage, and potential business interruptions. As the number of security incidents and associated losses skyrocketed in recent years, fueled by ransomware attacks and identity-driven breaches, insurance companies required their customers to adopt preventive controls to be eligible for coverage.

While every cyber insurance policy has its unique set of required preventative measures, a common requirement for all companies is to use multi-factor authentication (MFA) to protect access to all critical resources. Indeed, it is a proven fact that MFA significantly decreases the number of successful cyberattacks on organizations of all sizes, but how do you choose the right MFA solution for your company beyond checking the box on the insurance renewal form? What resources should be prioritized and protected? How to deploy MFA in hybrid or cloud environments with a distributed workforce?

Join Brandon McCaffrey, CyberArk’s Solutions Strategy Architect, and Stas Neyman, Director of Product Marketing, to learn more about cyber insurance, MFA, and putting them together to build a robust end-to-end security strategy for your company.

- Learn about recent changes in the cyber insurance market
- Determine which resources should be protected with MFA
- See how CyberArk solutions can prevent ransomware attacks and security breaches
- Understand how CyberArk can help you meet insurance requirements

How CyberArk enables Cyber Insurance renewals

Gartner projects that in 2022, Endpoint Protection Platforms will take the #1 spot in information security software spending, reaching $15.9B and will continue increasing gap with the second largest segment throughout 2026 reaching $29.2B.

Will this increase in spend result in a decrease in successful endpoint attacks? Historically, it hasn't been the case. So, what's missing? Foundational controls are being ignored, leaving open an endpoint security gap that means: If you are not managing endpoint privileges, you are leaving the door open to attackers.

Join this expert panel to discuss topics such as:

-How the current geo-political climate is exposing the endpoint privilege gap and what it means for security teams on the front lines
-The limitations of commonly adopted endpoint security software
-How removing local admin rights and enforcing least privilege on every endpoint helps shape the defense-in-depth strategy
-Tips for implementing and enforcing endpoint least privilege from a current CyberArk customer
-The benefits of endpoint privilege management, beyond enhanced security

The Endpoint Security Gap: Are you leaving the door open to attackers?

IT departments fret projects such as local admin rights removal and enforcing least privilege, because even with specialized tools these projects involve long periods of data capture, uncertainties around the best course of action after and massive user backlash as a result.

We want to be focused on risk. But given a truly versatile enterprise-grade tool, where do you begin? How do you build the logic? How do you create and layer policies to achieve the desired outcomes?

In this on demand webinar, Matt Balderstone, Global Solutions Strategy Architect, discusses:

- Common challenges and roadblocks security teams run into when implementing endpoint least privilege
- How to reduce significant risk while keeping your end-users happy, productive, and secure
- Tried and true tactics for flattening the learning curve and simplifying advanced concepts

The CyberArk QuickStart framework, an IFTT of Endpoint Privileged Manager (EPM) which makes managing privilege on the endpoint accessible to the mass endpoint security administrator and significantly lowers the chance of human error

Reduce Risk and Ride the Fast Lane to Least Privilege

Today’s enterprises are powered by hundreds of web applications. Many contain sensitive data like financial records, customer information and intellectual property. But most security and compliance organizations have limited visibility and control over how employees are actually using web apps and handling confidential data.

Once an end-user is authenticated and logs in to an application, their actions are only restricted by their roles within the app. And most web apps and SaaS solutions provide only basic audit trails that give security and compliance professionals limited visibility into end-user activity.

Join us on on-demand to learn about our new offering – CyberArk Identity Secure Web Sessions. With Secure Web Sessions, you can gain visibility into every action your users take within web applications, ensure sessions are not left unattended, and prevent user from downloading or copying of sensitive data.

After viewing this webinar, you will:

- Understand specific use cases addressed by Secure Web Sessions
- Learn important details about this offering’s security, scale, performance, and management aspects
- See product functionality in-action

CyberArk Identity Secure Web Sessions

The techniques, tactics and procedures used by nefarious characters to bypass security controls continue to evolve at a rapid pace. A technique that has proven to be effective in greasing the tracks in gaining the initial foothold is the theft of web session cookies.

Like updating passwords on a regular basis, clearing web browser cookies is a cyber hygiene practice neglected by most. If hijacked, these cookies will enable attackers with the necessary login details to bypass Multi-Factor Authentication (MFA), Single Sign-on (SSO) and gain access to critical business applications such as Jira or Slack. Threat actors can use this technique as a jumping point to deploy malicious code, social engineer and further carry out their attack.

Watch this on demand webinar to learn how cookies and session IDs can be stolen with ease and how CyberArk Endpoint Privilege Manager (EPM) threat protection can prevent this and many other emerging techniques from being used in the wild.

Attendees of this webinar will walk away with:

- Knowledge of various cookie theft tactics
- An example of how gaming company EA was breached when attackers bought stolen cookies on the dark web
- How CyberArk EPM threat prevention policies prevent cookie theft on your endpoints and product demo

How to Prevent Cookie Hijacking, A CyberArk Labs Webinar

It’s a known fact that users create and consistently use weak and easy-to-guess passwords for their personal accounts, despite the risks involved. For example, a quarter of people use passwords like “Password,” “Qwerty,” and “123456”1, and two-thirds reuse the same password across multiple accounts [1].

Unfortunately, these bad habits exist in the workplace as well. The inconvenience and frustration of creating and remembering dozens of passwords with different requirements and logging into multiple business applications every day are exhausting and time-consuming. As a result, employees find ways around security controls and skirt best practices for the sake of productivity.

Business Password Managers can help you address these risks by simplifying how workforce users create, securely store, and share strong credentials with their peers.

In this webinar, we’ll cover how you can:

Curb the impact of end users’ risky behavior and gain more control over workforce credentials
Think long-term when it comes to managing business passwords and make decisions that support greater organizational identity and access initiatives
Improve the user experience, and relieve employees of the burden of remembering, creating and resetting passwords
Satisfy compliance and auditing requirements through password management controls
Find the best password management solution that meets the needs to growing enterprises
Join us on-demand to explore how CyberArk can help you secure business app credentials, provide frictionless user experience, and meet audit and compliance requirements.

Manage Business Passwords Better

Amid the current ransomware surge, it's time for the principle of least privilege to meet endpoint security and be a new foundational security control, says David Higgins of CyberArk. He outlines the cybersecurity use cases and potential business benefits.

In this video interview with Information Security Media Group, Higgins discusses:

- The case for endpoint least privilege;
- How the principle of least privilege addresses ransomware and other threats;
- Other uses cases and benefits from endpoint least privilege as a fundamental security control.

Since joining CyberArk in 2010, Higgins has worked to help the world’s leading - and most complex - organizations secure and protect their privileged access. Today, he advises clients on threats associated with privilege escalation, lateral movement and credential theft and discusses best practices and driving innovation around privileged management processes.

Endpoint Least Privilege: A Foundational Security Control

Dwell time, double extortion, supply chain attacks - ransomware has changed considerably over the course of the year, and CyberArk's Andy Thompson says there is much we can learn from the attacks - both the unsuccessful and successful ones - and how they take root.

In an interview with Information Security Media Group, Thompson discusses:

- How ransomware attacks and attackers have evolved;
- Trends and techniques that should concern you;
- How to rethink ransomware defense strategies.

The Changing Face of Ransomware

Adopting Multi-factor Authentication (MFA) has the potential to prevent 99.9% of all cyberattacks. Whether you need to meet regulatory standards, or just want greater assurance that your users are who they say they are, the right combination of MFA factors can help you achieve these goals and protect your most valuable resources.

In this on-demand webinar you will learn more about:

- Pairing authentication factors and the associated risks and benefits
- Leveraging NIST’s Authentication Assurance Level (AAL) scores
- How to create and execute a strong MFA strategy
- Benefits of deploying Adaptive MFA

Strengthen MFA Security in 2022: Master Authentication Factor Best Practices

Ransomware is widely known to be one of the most pervasive and dangerous cyberthreats. Even though it has been around since 1989 it’s managed to become the fastest growing type of cybercrime during the COVID-19 pandemic. 
 
Research firm Cybersecurity Ventures predicts that the global annual damage costs of ransomware to businesses will top $20 billion in 2021. Dynamic ransomware attacks can quickly spread throughout a company, impairing user productivity and disrupting business. 
 
The first step in the fight against ransomware is to expose it – to explore the different strains, what they have in common and what it is that makes them unique. The team at CyberArk Labs analyzes 100s of new ransomware samples each day and in this webinar, Andy Thompson and Brandon Traffanstedt disclose their findings of evaluating more than 3 million samples to-date. 
 
Here’s what is covered: 

The surge and types of ransomware prevalent during the COVID-19 pandemic 
How ransomware has evolved over the years to become such a formidable threat, including the role of Bitcoin 
The kill-chain and path to encryption of today’s modern, dynamic ransomware 
A review of mitigation strategies and recommendations

Ransomware Exposed: Key Learnings from Examining 3 Million Samples

Prevention is the priority in winning the race against Ransomware. 
Ransomware is one of the most concerning cybersecurity threats today. According to CyberSecurity Ventures, Ransomware attacks a business, consumer, or device every 11 seconds and that frequency is only expected to increase. While there is no silver bullet to prevent and protect against ransomware and other types of malware, a defense-in-depth approach to endpoint security can significantly mitigate the risk of a successful attack.

In this webinar, CyberArk’s solution specialists will dive into the rapidly evolving, very pervasive types of malware and mitigation strategies. Using simulated attack scenarios and product demos, he’ll demonstrate how least privilege and application controls are critical to preventing endpoint attacks and winning the race against ransomware.

Attendees of this webinar will walk away with

A new perspective on holistic endpoint protection and how layered security controls signifincantly mitigate the risk of an attack
Knowledge on how to proactively defend against cyber attack leveraging recent attack examples
An understanding of how CyberArk Endpoing Privilege Manager prevents ransomware and other endpoint attacks

Who should attend?

Security and desktop team
Endpoint manager
Workstation manager
Security operations

Winning the Race against Ransomware

Like shooting Phish in a Barrel:  3 Perspectives on Email Protection

[Panel] Improving Email Security for the Remote Workforce

Best Practices for reducing email compromise (except for eliminating humans)

Early lessons learned mitigating SolarWinds hack-style Insider Risk

Is the biggest threat to your firm’s security already on your network?

The Inside-Outsider: How to deal with vendors that have privileged access

Applying the MITRE ATT&CK Framework to Detect Insider Threats

Managing the Insider Threat: Human-Centred Security

Tackling Insider Threat with Open Source Intelligence (OSINT)

MINDHUNTER #1 - Social Engineering: The Threat Is Coming From Inside The House

You Never Mean to Let Attackers in the Front Door…

It’s Not You, It’s Me. Go From Frenemy to Friend With Security Automation.

Human Error & Cyber Security

Training Techies on Security: It’s Not Rocket Science

Affects of Human Behavior in Cybersecurity

Why did they click that? Human errors factor

Managing the most vulnerable element in our cyber security strategy

Employees: weakest or strongest link in your Cyber Security posture?

Deployment Pipeline - Way to secure your workloads

The Human Factor 2021

Falling victim to a Social Engineering Attack, Accidental Damage caused by excessive permissions and Misconfiguration are all elements of Human Error that Attackers will exploit – and persistently have done so to date. 

In this session we review what approaches could be taken to prevent such mistakes but also, and perhaps more importantly, limit their impact. The last point being – should we assume it is human to make mistakes, and so they will continue to happen – therefore our strategy should initially focus on reducing the impact of such incidents? We therefore will discuss isolating attacks from the initial point of intrusion, controlling user privileges and some methods for reducing and identifying misconfiguration.

It’s Human to make mistakes – and attackers are banking on it

Social Engineering

Privileged Access Management

Cyber Attacks

Human Error

IT Security

Secure Access

Vulnerability Management

Exploit

User Behavior

Access Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

It’s Human to make mistakes – and attackers are banking on it

Presented by

About this talk

More from this channel