Name: Lab: Subdomain Takeover, Part 1 | Identify attack paths
Start: 2023-05-18T17:00:00Z
End: 2023-05-18T17:00:18.000Z
Location: BrightTALK
Rating: 5

We discuss how to understand the full range of risks present against your cloud data, and eliminate the risks that matter the most.

Let's put data security at the center of information security--where it belongs.

Join Normalyze VP of Product Management Gautam Kanaparthi and Cohesity Sr. Director of Product Management Sheetal Venkatesh as they discuss an urgent need to protect a company's vital asset—data.

The session will spotlight the integrated Cohesity-Normalyze solution that gives enterprise security and IT teams unprecedented visibility into their most sensitive data and ensures it is automatically protected against data breaches and ransomware.

Gautam and Sheetal will do a product demonstration of how security and backup teams can:

- Identify which sensitive and at-risk data stores have not been protected or backed up.
- Prioritize risk remediation and data protection prioritized by the potential cost to the business if such risks are exploited.
- Remediate risks with data protection and recovery capabilities

DSPM for Proactive Data Protection & Recovery

With the widespread adoption of cloud computing, more sensitive data has moved into virtual environments far from the safe harbor of legacy on-premises data security controls. This raises two critical questions: Is this data secure, and is it secure throughout its lifecycle across the enterprise data environment? 

Data Security Posture Management (DSPM) addresses these concerns by actively discovering and analyzing sensitive data in motion, expediting risk mitigation as data traverses cloud platforms.

Join Normalyze Head of Product Gautam Kanaparthi as he demonstrates how DSPM principles enable enterprises to get a complete view of their data. Key takeaways from the demo will include: 
 
- Data Flow Visualization: See data-in-transit mapping, understand how sensitive data is accessed, and spot policy violations with interactive graphs.

- Data Lineage Insights: Gain insight into how a particular piece of sensitive data has proliferated across your data environment and ensure it is secure everywhere.

- Data access Governance: Continuously assess and monitor data access, enabling swift resolution of dormant, over-privileged accounts and enforcing least privilege for sensitive data.

- Anomaly Detection: Uncover suspicious activity, including data breaches and account takeovers, through continuous user behavior analysis without predefined rules.

- Data Detection and Response: Go beyond configuration checks and detect risky activities around critical data assets leading to data exfiltration

DSPM for Data in Motion

Through interoperable cloud services, attackers defeat native security tools and move laterally through the cloud infrastructure.

In this webinar, Abhinav highlights the real cloud data risk chains that lead to account takeover and exposure of sensitive data and shows what can be done to prevent these attacks.

Examples of adversarial tactics include but are not limited to

* Abusing the account organization’s setup to onboard an external account and making it a trusted entity to avoid detection and perform data exfiltration. 
*Attacker abuses the cross-account trust relation to move laterally between different accounts leading to a fan-out effect while remaining completely hidden from defense tools like Guardduty. 
* An identity-based attack that chains multiple IAM permissions to build an ROP-like privilege escalation scenario and compromise the entire cloud infrastructure.

Top 3 Cloud Data Security Adversarial Tactics and How to Fight Them

No code, data models, or training -- Sigma Computing offers its customers an easy and reliable way to analyze billions of rows of data and make informed decisions in seconds. Sigma users love it. 

For Rahul Gupta, Sigma's Head of Security & GRC, reliably protecting customers’ sensitive data in multiple clouds is the goal of its security strategy. Join Rahul as he shares Sigma's approach to managing data security posture, datastore discovery, access governance, and risk detection -- and how Normalyze enables this framework. 

Co-hosted by Normalyze Head of Product Gautam Kanaparthi, this webinar will cover:

 - Why the security of data in multi-cloud environments is a top concern for CISOs  
 - Tangible, results-based advice for security professionals on building a scalable data security posture framework
 - Insights into cloud-security trends and steps for protecting cloud-resident sensitive data

Securing Customers’ Big Data: Sigma Makes It Easy with Normalyze

Driven by the expansion of cloud adoption, enterprise data is now housed across multiple public clouds, PaaS and SaaS. However, a significant portion remains on premises. As a result, security teams struggle to get holistic visibility into where their data resides, whether it is at risk or compliant, and how much it would cost the company to lose it.

DSPM (Data Security Posture Management) addresses this challenge for ‘data everywhere’ and provides unprecedented visibility into data stores and attack paths across IaaS, PaaS, SaaS, and on-prem environments.

Join Normalyze Head of Product Gautam Kanaparthi as he demonstrates how DSPM gives enterprises a complete view of their data: 
- What type of sensitive data exists and where
- Which data stores contain the most critical information
- Who can access it 
- What potential attack paths can lead to a breach

Gautam will demonstrate how Normalyze prioritizes these risks according to the monetary impact on the business.

DSPM in Hybrid Cloud Environments

Mark provides an overview of Netlify and discusses: 
- access control and reducing the attack surface by controlling and monitoring access to data
- the importance of data classification and security clearances in granting access to applications and data
- compliance and cost considerations related to their access control and security measures

Data Security Challenges: Netlify

Jade Graziano provides an overview of Ginkgo and their: 
- Approach/framework to securing this sensitive data
- Meticulous evaluation of DSPM tool selection
- Implementation insights & DevOps collaboration
- Results upon partnering with Normalyze

Data Security in Biotech: Discovery, Access Governance, and Compliance

How do I protect data in my hybrid environment with multiple SaaS, PaaS, IaaS, and on-premises data stores? What are my next steps if my data is lost in a breach? 

Data is the target of most cyber attacks, and its protection is top of mind for CISOs and their teams. However, the data-first approach to security is new, and clarity is needed to develop and implement a scalable enterprise-wide data security strategy.

Join John Grady, principal analyst at Enterprise Strategy Group (ESG), as he sits down with CISOs from ChargePoint and PayChex, as well as Normalyze CEO Amer Deeba, to tackle several topics that keep CISOs up at night, including:  

* Top priorities for securing data against breaches in the cloud, on-premises, and in SaaS 
* What it takes to build a data-first security framework
* How to improve the efficiency of security teams

What Keeps CISOs Up at Night? A CISO Chat with ESG Security Analyst John Grady

In today's fast-changing cloud environment, moving beyond traditional closed-box penetration testing methods is essential. Join us for an engaging webinar led by Carlos Vendramini, an expert from Normalyze, as he takes you through the steps to set your organization up for success in your next Cloud Security Assessment. Whether you're outsourcing a Cloud Penetration Test or developing an internal process for Cloud Security Audits, Carlos will provide guidance based on your organization's level of cloud security maturity.

Key takeaways: 
- Emphasize the need to move beyond traditional penetration testing techniques.
- Guidance on how to prepare for a successful Cloud Security Assessment.
- Consider different options based on the organization's cloud security maturity level.
- Importance of scoping the assessment, setting clear objectives, and ensuring proper access provisioning. 
- Best practices for protecting your cloud environment.

Cloud Security Assessments: Steps to Successful Implementation

The accelerated pace of cloud migration in recent years has facilitated innovation across all technology domains. This widespread shift to the cloud has also impacted information security as organizations’ data proliferated across multi- and hybrid-cloud environments. “Where is my sensitive data, who accesses it, is it at risk, and are we compliant?” – these are the questions CISOs, and their security teams struggle to address at scale.

Security teams need a framework that provides visibility into data security across all cloud environments and the ability to monitor and respond to threats in real time. In this webinar, we will discuss why data security needs to be a top focus for organizations and how that focus puts the information back in information security.

Join Amer Deeba, CEO & co-founder of Normalyze, and Jim Reavis, CEO and co-founder of the Cloud Security Alliance, as they tackle the following in this interactive session:
• The evolving threat landscape and the impact of cloud migration on data security
• The challenges of managing and securing data across multi- and hybrid-cloud environments
• Strategies for implementing a comprehensive data security framework that provides visibility and control
• And more

Prioritizing Data Security: an Imperative

No code, no data models, no training -- Sigma Computing offers its customers an easy and reliable way to analyze billions of rows of data and make informed decisions in seconds. Sigma users love it. 

For Rahul Gupta, Sigma's Head of Security & GRC, reliably protecting customers’ sensitive data in multiple clouds is the goal of its security strategy. Join Rahul as he shares Sigma's approach to managing data security posture, datastore discovery, access governance, and risk detection -- and how Normalyze enables this framework. 

Co-hosted by Amer Deeba, CEO of Normalyze, this webinar will cover:

 - Why the security of data in multi-cloud environments is a top concern for CISOs  
 - Tangible, results-based advice for security professionals on building a scalable data security posture framework
 - Insights into cloud-security trends and steps for protecting cloud-resident sensitive data

In the second part of this two-part webinar, Carlos will do a hands-on demonstration of a subdomain takeover attack using open-source tools. This demo will contain two attack vectors: AWS S3 and AWS Elastic Beanstalk. In the end, Carlos will also demonstrate how data security tools can help you protect your cloud environment against Subdomain Takeover attacks.

Subdomain takeover continues to be a major security threat for organizations using the cloud to deliver public services. After setting up their cloud environments, oftentimes, organizations overlook removing the domain name system (DNS), aliases (A record), and canonical names (CNAME record) that are no longer being used. This leads to a dangling domain record that is no longer associated with an active website or an online resource.

Lab: Subdomain Takeover, Part 2 | Discover & remediate

In this RSA roundtable discussion led by top Enterprise Strategy Group analyst Jack Poller, hear from leading CISOs regarding the biggest challenges, best practices, and attack trends impacting the cybersecurity space today—all assessed by ESG’s independent voice. 

Normally, access to Enterprise Strategy Group analyst research and consulting services would be a costly investment, but today you can listen in for free.   

Topics covered include:
• The key concerns for modern CISOs
• How enterprises are shifting their security strategies
• ESG’s top 3 best practices for protecting sensitive cloud data
• And more

CISO top challenges vs. priorities (from ESG’s experts)

When organizations need to know not only what type of malicious activity potentially occurred within their networks and clouds but also gather the remnants of that activity as evidence — they turn to Corelight. Corelight's customers include Fortune 500 companies, major government agencies, and large research universities. Based in San Francisco, this open-core security company was founded by the creators of the widely-used network security technology, Zeek.

Data security is so challenging today that even sophisticated security companies like Corelight require external support to remain diligent and comprehensive in their security strategies. As the company's CISO, Bernard Brantley explains he needed to develop Corelight's data security strategy and vision but also strengthen the company's ability to execute that strategy. Brantley's view on data security is a battle for information superiority and decision advantage over the adversaries that target their systems and information. 

In this webinar, Brantley explains how he approached the challenge at hand and why he ultimately choose Normalyze data-first cloud security platform to help discover sensitive data, classify its risk and attack paths, and remediate cloud risks.

How Corelight Transforms Data Security with Normalyze

Introduction to Normalyze, the Data-First cloud security company helping companies discover, classify and secure data across all public cloud environments in minutes.

Secure Sensitive Cloud Data

Q&A: Normalyze CTO Ravi Ithal joins Richard Steinnon to discuss Data Security Posture Management (DSPM) and how Normalyze is helping customers regain cloud data visibility, control, and trust.

Normalyze Co-Founder Interview: Richard Steinnon & Ravi Ithal

Data Security Action Lab

In the first part of this two-part series, Carlos will go over the current landscape for subdomain takeover by analyzing some bug bounty report statistics and then go over the theory behind how attackers can leverage this flaw to hijack subdomains. Finally, Carlos will discuss several simple actions that can be taken to protect your cloud environment against this vulnerability and give a sneak peek into the hands-on exercises from the upcoming Part 2.

Subdomain takeover continues to be a major security threat for organizations using the cloud to deliver public services. After setting up their cloud environments, oftentimes, organizations overlook removing the domain name system (DNS), aliases (A record), and canonical names (CNAME record) that are no longer being used. This leads to a dangling domain record that is no longer associated with an active website or an online resource.

Lab: Subdomain Takeover, Part 1 | Identify attack paths

Data Security

Data Breach

Attack Vectors

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Lab: Subdomain Takeover, Part 1 | Identify attack paths

Presented by

About this talk

More from this channel