It’s Not Only Log4Shell: Handling Third-Party Security Risk

Logo
Presented by

Demi Ben-Ari, Co-Founder and CTO at Panorays & Lavi Lazarovitz, Head of Security Research at Cyberark Labs

About this talk

2021 was a peak year for supply chain breaches—as well as vulnerabilities and backdoors in open-source code, software packages and containers. SolarWinds, Kaseya, Codecov, malicious NPM packages, and of course, Log4J are only a partial list of supply chain attacks and open source vulnerabilities that we saw. What can we learn from past breaches and exploitation of third-party code vulnerabilities to prepare better for the attack vectors, exploitation and breaches we’ll surely see in 2022? Join us as we discuss: - The details of the attack vectors, vulnerabilities, and exploits used in the latest breaches and vulnerabilities, including SolarWinds, CodeCov and Log4Shell - Third-party security risk and preparing for the next third-party vulnerability or breach - Actions to take when something like this happens, and how to minimize the blast radius Demi and Lavi will share their experience and expertise, both about how threat actors actually implemented the attack vectors, as well as effective mitigation strategies to reduce third-party risk and contain a breach once it happens. Because as we’ve seen, there’s no question that it will.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (20)
Subscribers (1905)
Panorays is dedicated to eliminating third-party cyber risk so that companies worldwide can quickly and securely do business together. We automate, accelerate and scale the third-party security evaluation and management process so you can quickly and easily manage, mitigate and remediate risk, reduce breaches, ensure vendor compliance and improve your security across the board. Join us as we explore the risk inherent to your digital supply chain and discuss the transformation needed for modern day third-party security risk management—from automating security questionnaires, assessing third parties’ external attack surfaces, considering the criticality of the business relationship and more.