Name: Underestimated Risk: Common Cloud and DevOps Misconfigurations
Start: 2023-11-30T16:18:00Z
End: 2023-11-30T16:18:53.000Z
Location: BrightTALK
Rating: 0

Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity - seamlessly securing human and machine identities accessing workloads from hybrid to multi-cloud, and flexibly automates the identity lifecycle all with continuous threat detection and prevention – protecting organization’s identities and most critical assets by enabling Zero Trust and enforcing least privilege.  

As AI technology becomes increasingly integrated into various products and services, it introduces new opportunities and challenges for cybersecurity. CyberArk's Andy Thompson, Offensive Security Research Evangelist, provides valuable insights on the evolution of AI technology and its impact on the cybersecurity threat landscape; how machine identities, including AI services, are becoming new targets for cybercriminals; emerging attack techniques like jailbreaking and indirect prompt injection targeting AI models; real-world demonstrations of AI-based attacks and their potential consequences; strategies to secure machine identities and protect AI-driven automation.

Ex Machina: The Attack Surface of AI-Driven Technology

While “Identity is the new and last standing security perimeter” isn’t unfamiliar, not all organizations have fully embraced it in practice. Today many still rely solely on MFA to secure their workforce identities and fail to properly manage and secure privilege at endpoints. This creates a much wider attack surface for threat actors to work with, and a false sense of security for organizations looking to reduce risk at and beyond the Identity perimeter. So how can organizations take their risk mitigation practices to the next level?  

In this session, CyberArk experts deep dive into advanced strategies and capabilities, including implementing phishing-resistant end-to-end passwordless authentication and Endpoint Identity Security, to reduce the attack surface and thwart potential threats at and beyond the Identity perimeter.

Advanced Strategies for Reducing Risk at and Beyond the Identity Perimeter

Identity and Access Management (IAM) solutions are no longer just ways to provide easy workforce access to applications, but critical tools in security and zero trust network access, creating the first line of defense against malicious actors and insider threats. 

In this panel discussion, experts from CyberRisk Alliance and CyberArk share their insights into trends in this evolution, as well as the best practices to leverage IAM solutions as a strategic security asset to protect organizations from cyberattacks, data breaches, and other threats. They discuss the challenges and opportunities of IAM in the era of cloud, mobile, and social technologies, as well as the emerging trends and innovations in the field.

Beyond IAM Achieving True Identity Security

"As organizations work to secure human identities, the identity attack surface has expanded significantly. While an ability to timely detect and respond to identity-based threats is crucial, proactive reduction of the identity attack surface is essential to prevent the majority of cyber incidents, especially targeted attacks and APTs.  

In this session, CyberArk experts cover five actionable strategies to reduce your identity attack surface. From safeguarding endpoints to protecting sensitive data, you’ll learn how to close your workforce access security gaps from modern attack vectors to help reduce the risk of identity-based attacks. "

5 Ways to Reduce Risk by Minimizing Your Identity Attack Surface

Join us to learn how CyberArk modernizes PAM programs for hybrid and multi-cloud environments. We'll cover right-sized privilege controls with Just-in-time (JIT) access and zero standing privileges (ZSP), enhancing your program to protect against emerging threats.

Modernize Your PAM Program for a Multi-Cloud World

Just as classic muscle cars were once the pinnacle of high performance, legacy IAM represented cutting-edge solutions in its time. However, as innovation transforms both muscle cars and modern IAM, we'll contrast their evolution, showcasing the agility and power of modern IAM solutions in today's digital landscape.
Picture your organization facing the challenges of outdated legacy identity systems, struggling with app migration complexities. Now, envision a streamlined solution—a No-Code Identity Orchestration Platform (IOP) leading your transition to a secure and efficient Identity Access Management (IAM) environment.
We'll guide you through strategies and dive deep into tools and technologies to help you achieve this transformation. 
• Understand the risks and complexities associated with legacy identity providers and on-premises app migration.
• Explore how Identity Orchestration simplifies app migration without requiring code changes, ensuring a smooth transition to modern IAM solutions.
• Discover the Security First approach of IAM solutions combined with Identity Orchestration, enhancing control and resilience.
• Learn phased migration techniques, coexistence with legacy systems, and flexible rollback options to mitigate risks during the transition.
Join us to unlock the benefits of improved organizational efficiency, reduced IT overhead, heightened security, and a seamless user experience as you embrace modern IAM solutions.

Transforming Identity: No-Code Solutions for ditching legacy and embracing Modern IAM

Cybersecurity professionals are tasked with the responsibility of mitigating cyber risk and implementing strategic initiatives, such as Zero Trust. Establishing foundational identity and privilege controls on the endpoint are key to a successful Zero Trust strategy and are vital to prevent privilege abuse (including tampering). Join our webinar to learn why Zero Trust on endpoints should start with Endpoint Identity Security. Discover how enforcing role-specific least privilege can form a strong foundation for the adoption of Zero Trust, Identity-First Security, and other strategic cyber security initiatives.

The Principle of Least Privilege: Accelerate your Zero Trust and Compliance Strategic Initiatives

Maintaining a strong identity security program for employees and remote users is paramount when analyzing threats to an organization's critical assets. Join us to learn more about extending privileged access management to remote workforce, third parties, and external vendors centered around Zero Trust principles. We'll focus on use cases for a modern approach to securing remote access, audit and compliance considerations, and best practices when exploring efficient ways to secure external access for privileged and business users.

Secure Your Vendors' Access from Attacks on Third-party Vulnerabilities

Given the rapidly evolving threat landscape, the importance of a centralized identity security program is vital for both human and machine identities. While other vaults and open-source tools have their merits, these on-premises tools often require costly skills and resources to host and maintain. Organizations may feel stuck supporting the open-source version and dealing with a siloed security experience due to upgrade challenges.

The good news is that you are not alone and there is a migration path to a centralized SaaS secrets management solution that fully integrates with the CyberArk Identity Security Platform. This webinar will demonstrate the steps others have taken to achieve this transition and highlight key security benefits and operational efficiencies that come with it.

Join this webinar to learn:

-The best practices and common pitfalls of moving from an on-premises to a cloud-based solution for managing your secrets and machine identities.

-The benefits of centralizing your secrets management with CyberArk SaaS: Discover how you can reduce the complexity and cost of hosting and maintaining your own secrets management tool, while enhancing your security posture and compliance with CyberArk's SaaS offering.

-How CyberArk SaaS integrates with your DevOps tools and workflows: See how you can leverage CyberArk's APIs and plugins to securely access and rotate your secrets across different environments and platforms while enabling collaboration and automation among your developers and DevOps teams.

How Security Teams are Solving Vault Sprawl with a Modern SAAS Solution

In this eye-opening presentation, we raise the alert of Qilin, a sophisticated Ransomware as a Service operator specifically targeting the U.S. healthcare sector. Discover how threat actors evade EDR detection, exploit MFA vulnerabilities, and execute devastating attacks on medical institutions. Through a detailed walkthrough of real-world scenarios, learn about the offensive tactics employed by threat actors and gain crucial insights into defending against these attacks. Our experts offer an in-depth analysis of the attack methodology as well as valuable industry perspective, including potential solutions including CyberArk Endpoint Privilege Manager. This session is essential for IT professionals in healthcare seeking to bolster their cybersecurity defenses against evolving ransomware threats.

Critical Condition: How Qilin Ransomware Endangers Healthcare

If you are experiencing an organizational tug-of-war in planning your identity security program, you are not alone. Based upon decades of experience, the CyberArk Blueprint for Identity Security was designed to help organizations prioritize initiatives for maximum risk reduction. In this session, CyberArk’s Security Advisory Group breaks down tools, techniques and methods for balancing organizational priorities and drivers with meaningful risk reduction. Learn how to use the CyberArk Blueprint, our identity security best practices program framework, to balance the needs and requirements of your organization as you protect against malicious actors. Whether your organization’s priorities are driven by operational efficiency, an internal incident, a zero trust initiative or something else, the insights will help you to validate your approach against the lessons learned via 8,500+ deployments globally.

Balancing Risk and Organizational Priorities with the CyberArk Blueprint

Watch this informative session to learn how privilege has shifted in the modern workplace, how today’s threat actors take advantage of this shift and what organizations can do to safeguard their high-risk workforce to better implement a Zero Trust strategy.

Every User Can Be a Privileged User: Securing Access for High-Risk Workforce Users

As the digital landscape continues to evolve, identity management remains a critical component of cybersecurity strategy. Watch this informative webinar where leading experts provide essential guidance on navigating identity challenges and opportunities. You'll learn the latest trends in identity and access management (IAM), emerging threats, and best practices for securing digital identities in an increasingly complex environment. Viewers will gain valuable insights into innovative technologies, regulatory developments, and practical strategies for enhancing identity resilience.

Key Identity Guidance with SC Media and CyberArk

In this riveting presentation, Offensive Security Research Evangelist, Andy Thompson delves into the dangerous and ever-evolving tactics of the notorious threat actor group, Scattered Spider. From innovative persistence methods to the shocking use of physical threats, this talk provides crucial insights into the group's latest strategies.

Threat Actor Update - Scattered Spider

Join this session as we delve into the challenges with using traditional IAM solutions, what to look for in modern IAM solutions, and how to utilize intelligent privilege controls and transition from an outdated IAM framework to one that is tailored for your organization’s business and security needs in today’s threat landscape.

IAM Evolution: Enhancing Security in a Hybrid World of Evolving Threats

What is the state of machine identity security in 2024, and what are the most important things to know about securing them for the future?

Find out in this fireside chat, where Uzi Alion, VP, DevSecOps Solutions at CyberArk and Melinda Marks, Practice Director, Cybersecurity at Enterprise Strategy Group discuss the biggest risk factors of machine identities in modern enterprises as well as best practices that organizations can leverage to keep their hybrid secrets secure. 

Key topics include:
• Defense-in-depth (i.e. self-remediation)
• Lack of visibility and central control of secrets
• Ease of stealing secrets in the cloud
• And more

Grab your spot now to gain expert tips for securing your machine identities in 2024 and beyond!

Live From Black Hat 2024: Securing Machine Identities In 2024 & Beyond

As more than 70% of reported security breaches are attributed to identity-based threats, questions arise about the relevance of the perimeter concept in safeguarding workforce identities and endpoints. Today, organizations must embrace a security-first mindset that transcends the traditional perimeter, adopting comprehensive identity and access controls that span the identity lifecycle from login and beyond. Watch this session to explore how to adopt the identity perimeter approach, the inherent risks in using traditional controls and the importance of a holistic IAM strategy in safeguarding workforce identities and endpoints that extend beyond the perimeter.

Going Beyond the Perimeter: Strategies to Secure Your Workforce and Endpoints

You may be familiar with current Cyber Insurance requirements, but do you have a forward-thinking security strategy, one that goes beyond “checking a box” and helps you to carefully plan for future renewals?  In this session, we’ll highlight the critical elements of a proactive security program, and we’ll provide examples of how to effectively showcase your organization to successfully obtain a policy or renewal. 

There isn’t a perfect security program. Storytelling is an important part of the process. Be ready to share a narrative about the plan you have in place now and how you will advance your program to address any gaps for risk reduction.  

In this session, Nick Graf, Vice President, Cyber Risk Control CNA Insurance and James Creamer, Senior Manager, Security Strategic Advisory CyberArk provide guidance on how to: 

Practically implement security controls 
Effectively communicate your strategy 
Plan for the next renewal. 

Nick Graf, Vice President,Cyber Risk Control for CNA Insurance and James Creamer, Senior Manager, Security Strategic Advisory for CyberArk

Developing a Next-Level Cyber Insurance Strategy

The Power of “Zero” in a Digital World

Five Privilege Controls Essential for Identity Security

Tales from the Trenches: A Fireside Chat with CyberArk's Incident Response

Identity Security Trailblazers - Healthfirst

A Security-First Approach for Cloud Productivity and Velocity

Maximize Risk Reduction with an Identity Security Approach

Fireside chat: Trends Driving an Identity Security Approach

How Dark Web Credentials Lead to a Software Supply Chain Attack

Identity Security Blueprint to the Rescue

Top Considerations for Identity Security Platforms

Maximize Risk Reduction with Identity Security

The goal of the Attack & Defend series is to inform organizations about current threats in an engaging way, while arming participants with best practices to reduce risk. For a reality-based experience with timely defense insights, we tap current CyberArk Labs research on threats seen and experienced in the wild, as well as insights gained from actual breaches our incident responders have addressed. We simulate a head-to-head battle.
In this session, we demo some of the most common misconfigurations in Cloud and DevOps environments that attackers can exploit and show you how to effectively mitigate risk. Zero-days grab headlines, but an attacker is more likely to use one of the exploits we demonstrate.

Underestimated Risk: Common Cloud and DevOps Misconfigurations

DevOps

Identity Management

Cloud Security

Cyber Threats

Privileged Access Management

Zero Day Threats

Risk Mitigation

Attack Vectors

Cloud

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Underestimated Risk: Common Cloud and DevOps Misconfigurations

Presented by

About this talk

More from this channel