Name: Lab: Subdomain Takeover, Part 1 | Identify attack paths
Start: 2023-05-18T17:00:00Z
End: 2023-05-18T17:00:18.000Z
Location: BrightTALK
Rating: 5

We discuss how to understand the full range of risks present against your cloud data, and eliminate the risks that matter the most.

Let's put data security at the center of information security--where it belongs.

90% of the world's data generated in the last two years is dispersed in multiple isolated environments. As data propagates, security and IT teams lose visibility into and control over where their data resides, how sensitive it is, and whether it is at risk.

How can security and IT teams fix these gaps and regain visibility and control of this sprawling data? How can CISOs assure leadership and shareholders that the organization’s financial well-being and reputation are not at risk?

Todd Thiemann, Senior Analyst at Enterprise Strategy Group, moderates a panel with accomplished CISO and Cybersecurity industry veteran Renee Guttmann, Paychex CISO Bradley Schaufenbuel and ChargePoint CISO Teza Mukkavilli who will share best practices and recommendations for security and IT leaders on building their data security strategies and shared security models.  

Attendees from this session will take away tactics for formulating an actionable security strategy in the context of the shared security model, complying with the new SEC rule (for public companies), and identifying (and remediating) current gaps in their company’s data security strategy.   

Participants include:
Renee Guttmann, Accomplished CISO & Cybersecurity Industry Veteran, CXO Forum
Bradley Schaufenbuel, CISO, Paychex
Teza Mukkavilli, CISO, ChargePoint
Todd Thiemann, Senior Analyst, IAM & Data Security, Enterprise Strategy Group

From Chaos to Clarity: CISOs Share Five Must-Dos to Protect Data

DSPM solutions offer unparalleled visibility into cloud environments, enabling the identification and categorization of sensitive data across platforms. These systems use cutting-edge scanning and detection technologies to identify vulnerabilities, misconfigurations, and non-compliant practices that jeopardize data security. Furthermore, DSPM automates the evaluation and enhancement of data security measures. Continuous monitoring and instant alerts enable preemptive action against emerging threats. Adopting AL and ML enhances these solutions, allowing businesses to rapidly identify potential security breaches before they occur.. Implementing DSPM cultivates a security-first mindset within organizations, underscoring the importance of prioritizing data protection. DSPM not only delivers critical insights but also supports the application of stringent security policies, equipping businesses to defend their cloud data from advanced cyber threats effectively.

Benefits of DSPM:
- Peace of Mind: Detect and categorize sensitive data across all cloud and on-premises data environments for full visibility.
- Breach Prevention: Identify data attack paths; map vulnerabilities, dormant or risky access, and unauthorized activity; and track identities across cloud and SaaS applications to prioritize protections.
- Breach Containment: Monitor anomalous activity and take immediate action against emerging threats in response to prioritized real-time alerts.
- Privacy and Compliance: Automate compliance evaluation to control user access and maintain audit readiness.
- Protect What Matters Most: Address threats, rather than the endless cycle of infrastructure security, to protect your most valuable asset: data.

Modern Solutions for Modern Problems: Securing Your Cloud Data with DSPM

The new SEC Final Rule (effective Dec 18, 2023) requires public companies to disclose security posture annually and cyber incidents within four days after determining an incident was material. Why this new rule? What does it mean for public companies? Join Accomplished CISO and cybersecurity industry veteran Mike Convertino and Normalyze CTO & Co-founder Ravi Ithal on this fireside chat to get insights. 

They will delve into: 
- Future of corporate cybersecurity governance, including board composition, board interest in security postures, non-disclosure to shareholders, and role of cybersec vendors in guiding CISOs. 
- The alignment of interests between boards and the SEC, D&O insurance, and the readiness of companies to prepare legally sufficient security posture statements
- Insights on adaptation timeline, liability insurance for security firms, and security posture statements during IPO disclosures.
- Predictions and trends based on their knowledge and experience.

DSPM for SEC Cybersecurity Disclosure Rules

SaaS applications like Google Workspace and Microsoft 365 have become ingrained in the day-to-day operations of many businesses. Yet, the security risks of these applications have not been fully understood or addressed. Integration of Data Security Posture Management (DSPM) with these applications increases visibility into potential risks and helps secure the data in SaaS apps more proactively. 

Join Normalyze Director of Product Management Vamsi Koduru as he dissects the complexities of securing SaaS applications and illustrates how Normalyze seamlessly fits into the SaaS ecosystem, providing robust solutions to common security risks and gaps.

Key takeaways: 
- Agile SaaS Strategies: Discover short-term and long-term strategies that DSPM and Normalyze offer to enhance the agility of your SaaS applications. 
- Significance of DSPM in Compliance: Understand DSPM's significance in systematizing and securing PII, a cornerstone for regulatory compliance and robust security frameworks.
- Real-World Implementation Insights: Delve into case studies showcasing how customers use DSPM to reduce risk and strengthen data protection.
- Navigating Access Management: Explore why SaaS security controls must also encompass the end-users with access to sensitive data.
- Normalyze's Role: See how the Normalyze product roadmap is evolving with the rapid growth of SaaS platforms.

Register >>

DSPM For SaaS

Join Normalyze VP of Product Management Gautam Kanaparthi and Cohesity Sr. Director of Product Management Sheetal Venkatesh as they discuss an urgent need to protect a company's vital asset—data.

The session will spotlight the integrated Cohesity-Normalyze solution that gives enterprise security and IT teams unprecedented visibility into their most sensitive data and ensures it is automatically protected against data breaches and ransomware.

Gautam and Sheetal will do a product demonstration of how security and backup teams can:

- Identify which sensitive and at-risk data stores have not been protected or backed up.
- Prioritize risk remediation and data protection prioritized by the potential cost to the business if such risks are exploited.
- Remediate risks with data protection and recovery capabilities

DSPM for Proactive Data Protection & Recovery

With the widespread adoption of cloud computing, more sensitive data has moved into virtual environments far from the safe harbor of legacy on-premises data security controls. This raises two critical questions: Is this data secure, and is it secure throughout its lifecycle across the enterprise data environment? 

Data Security Posture Management (DSPM) addresses these concerns by actively discovering and analyzing sensitive data in motion, expediting risk mitigation as data traverses cloud platforms.

Join Normalyze Head of Product Gautam Kanaparthi as he demonstrates how DSPM principles enable enterprises to get a complete view of their data. Key takeaways from the demo will include: 
 
- Data Flow Visualization: See data-in-transit mapping, understand how sensitive data is accessed, and spot policy violations with interactive graphs.

- Data Lineage Insights: Gain insight into how a particular piece of sensitive data has proliferated across your data environment and ensure it is secure everywhere.

- Data access Governance: Continuously assess and monitor data access, enabling swift resolution of dormant, over-privileged accounts and enforcing least privilege for sensitive data.

- Anomaly Detection: Uncover suspicious activity, including data breaches and account takeovers, through continuous user behavior analysis without predefined rules.

- Data Detection and Response: Go beyond configuration checks and detect risky activities around critical data assets leading to data exfiltration

DSPM for Data in Motion

Through interoperable cloud services, attackers defeat native security tools and move laterally through the cloud infrastructure.

In this webinar, Abhinav highlights the real cloud data risk chains that lead to account takeover and exposure of sensitive data and shows what can be done to prevent these attacks.

Examples of adversarial tactics include but are not limited to

* Abusing the account organization’s setup to onboard an external account and making it a trusted entity to avoid detection and perform data exfiltration. 
*Attacker abuses the cross-account trust relation to move laterally between different accounts leading to a fan-out effect while remaining completely hidden from defense tools like Guardduty. 
* An identity-based attack that chains multiple IAM permissions to build an ROP-like privilege escalation scenario and compromise the entire cloud infrastructure.

Top 3 Cloud Data Security Adversarial Tactics and How to Fight Them

No code, data models, or training -- Sigma Computing offers its customers an easy and reliable way to analyze billions of rows of data and make informed decisions in seconds. Sigma users love it. 

For Rahul Gupta, Sigma's Head of Security & GRC, reliably protecting customers’ sensitive data in multiple clouds is the goal of its security strategy. Join Rahul as he shares Sigma's approach to managing data security posture, datastore discovery, access governance, and risk detection -- and how Normalyze enables this framework. 

Co-hosted by Normalyze Head of Product Gautam Kanaparthi, this webinar will cover:

 - Why the security of data in multi-cloud environments is a top concern for CISOs  
 - Tangible, results-based advice for security professionals on building a scalable data security posture framework
 - Insights into cloud-security trends and steps for protecting cloud-resident sensitive data

Securing Customers’ Big Data: Sigma Makes It Easy with Normalyze

Driven by the expansion of cloud adoption, enterprise data is now housed across multiple public clouds, PaaS and SaaS. However, a significant portion remains on premises. As a result, security teams struggle to get holistic visibility into where their data resides, whether it is at risk or compliant, and how much it would cost the company to lose it.

DSPM (Data Security Posture Management) addresses this challenge for ‘data everywhere’ and provides unprecedented visibility into data stores and attack paths across IaaS, PaaS, SaaS, and on-prem environments.

Join Normalyze Head of Product Gautam Kanaparthi as he demonstrates how DSPM gives enterprises a complete view of their data: 
- What type of sensitive data exists and where
- Which data stores contain the most critical information
- Who can access it 
- What potential attack paths can lead to a breach

Gautam will demonstrate how Normalyze prioritizes these risks according to the monetary impact on the business.

DSPM in Hybrid Cloud Environments

Mark provides an overview of Netlify and discusses: 
- access control and reducing the attack surface by controlling and monitoring access to data
- the importance of data classification and security clearances in granting access to applications and data
- compliance and cost considerations related to their access control and security measures

Data Security Challenges: Netlify

Jade Graziano provides an overview of Ginkgo and their: 
- Approach/framework to securing this sensitive data
- Meticulous evaluation of DSPM tool selection
- Implementation insights & DevOps collaboration
- Results upon partnering with Normalyze

Data Security in Biotech: Discovery, Access Governance, and Compliance

How do I protect data in my hybrid environment with multiple SaaS, PaaS, IaaS, and on-premises data stores? What are my next steps if my data is lost in a breach? 

Data is the target of most cyber attacks, and its protection is top of mind for CISOs and their teams. However, the data-first approach to security is new, and clarity is needed to develop and implement a scalable enterprise-wide data security strategy.

Join John Grady, principal analyst at Enterprise Strategy Group (ESG), as he sits down with CISOs from ChargePoint and PayChex, as well as Normalyze CEO Amer Deeba, to tackle several topics that keep CISOs up at night, including:  

* Top priorities for securing data against breaches in the cloud, on-premises, and in SaaS 
* What it takes to build a data-first security framework
* How to improve the efficiency of security teams

What Keeps CISOs Up at Night? A CISO Chat with ESG Security Analyst John Grady

In today's fast-changing cloud environment, moving beyond traditional closed-box penetration testing methods is essential. Join us for an engaging webinar led by Carlos Vendramini, an expert from Normalyze, as he takes you through the steps to set your organization up for success in your next Cloud Security Assessment. Whether you're outsourcing a Cloud Penetration Test or developing an internal process for Cloud Security Audits, Carlos will provide guidance based on your organization's level of cloud security maturity.

Key takeaways: 
- Emphasize the need to move beyond traditional penetration testing techniques.
- Guidance on how to prepare for a successful Cloud Security Assessment.
- Consider different options based on the organization's cloud security maturity level.
- Importance of scoping the assessment, setting clear objectives, and ensuring proper access provisioning. 
- Best practices for protecting your cloud environment.

Cloud Security Assessments: Steps to Successful Implementation

The accelerated pace of cloud migration in recent years has facilitated innovation across all technology domains. This widespread shift to the cloud has also impacted information security as organizations’ data proliferated across multi- and hybrid-cloud environments. “Where is my sensitive data, who accesses it, is it at risk, and are we compliant?” – these are the questions CISOs, and their security teams struggle to address at scale.

Security teams need a framework that provides visibility into data security across all cloud environments and the ability to monitor and respond to threats in real time. In this webinar, we will discuss why data security needs to be a top focus for organizations and how that focus puts the information back in information security.

Join Amer Deeba, CEO & co-founder of Normalyze, and Jim Reavis, CEO and co-founder of the Cloud Security Alliance, as they tackle the following in this interactive session:
• The evolving threat landscape and the impact of cloud migration on data security
• The challenges of managing and securing data across multi- and hybrid-cloud environments
• Strategies for implementing a comprehensive data security framework that provides visibility and control
• And more

Prioritizing Data Security: an Imperative

No code, no data models, no training -- Sigma Computing offers its customers an easy and reliable way to analyze billions of rows of data and make informed decisions in seconds. Sigma users love it. 

For Rahul Gupta, Sigma's Head of Security & GRC, reliably protecting customers’ sensitive data in multiple clouds is the goal of its security strategy. Join Rahul as he shares Sigma's approach to managing data security posture, datastore discovery, access governance, and risk detection -- and how Normalyze enables this framework. 

Co-hosted by Amer Deeba, CEO of Normalyze, this webinar will cover:

 - Why the security of data in multi-cloud environments is a top concern for CISOs  
 - Tangible, results-based advice for security professionals on building a scalable data security posture framework
 - Insights into cloud-security trends and steps for protecting cloud-resident sensitive data

In the second part of this two-part webinar, Carlos will do a hands-on demonstration of a subdomain takeover attack using open-source tools. This demo will contain two attack vectors: AWS S3 and AWS Elastic Beanstalk. In the end, Carlos will also demonstrate how data security tools can help you protect your cloud environment against Subdomain Takeover attacks.

Subdomain takeover continues to be a major security threat for organizations using the cloud to deliver public services. After setting up their cloud environments, oftentimes, organizations overlook removing the domain name system (DNS), aliases (A record), and canonical names (CNAME record) that are no longer being used. This leads to a dangling domain record that is no longer associated with an active website or an online resource.

Lab: Subdomain Takeover, Part 2 | Discover & remediate

In this RSA roundtable discussion led by top Enterprise Strategy Group analyst Jack Poller, hear from leading CISOs regarding the biggest challenges, best practices, and attack trends impacting the cybersecurity space today—all assessed by ESG’s independent voice. 

Normally, access to Enterprise Strategy Group analyst research and consulting services would be a costly investment, but today you can listen in for free.   

Topics covered include:
• The key concerns for modern CISOs
• How enterprises are shifting their security strategies
• ESG’s top 3 best practices for protecting sensitive cloud data
• And more

CISO top challenges vs. priorities (from ESG’s experts)

Data Security Action Lab

In the first part of this two-part series, Carlos will go over the current landscape for subdomain takeover by analyzing some bug bounty report statistics and then go over the theory behind how attackers can leverage this flaw to hijack subdomains. Finally, Carlos will discuss several simple actions that can be taken to protect your cloud environment against this vulnerability and give a sneak peek into the hands-on exercises from the upcoming Part 2.

Subdomain takeover continues to be a major security threat for organizations using the cloud to deliver public services. After setting up their cloud environments, oftentimes, organizations overlook removing the domain name system (DNS), aliases (A record), and canonical names (CNAME record) that are no longer being used. This leads to a dangling domain record that is no longer associated with an active website or an online resource.

Lab: Subdomain Takeover, Part 1 | Identify attack paths

Data Security

Data Breach

Attack Vectors

Data Analysis

Data Analytics

Security

Cyber Attacks

Attack Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Lab: Subdomain Takeover, Part 1 | Identify attack paths

Presented by

About this talk

More from this channel