Name: Protecting Against Software Supply Chain Attacks
Start: 2024-04-23T15:00:00Z
End: 2024-04-23T15:00:38.000Z
Location: BrightTALK
Rating: 5

Today’s enterprises depend on the cloud, data and software in order to make decisive decisions. That’s why the most respected brands and largest organizations in the world rely on Thales to help them protect and secure access to their most sensitive information and software wherever it is created, shared or stored – from the cloud and data centers to devices and across networks. Our solutions enable organizations to move to the cloud securely, achieve compliance with confidence, and create more value from their software in devices and services used by millions of consumers every day.

We are the worldwide leader in data protection, providing everything an organization needs to protect and manage its data, identities and intellectual property – through encryption, advanced key management, tokenization, and authentication and access management. Whether it’s the securing the cloud, digital payments, blockchain or the Internet of Things, security professionals around the globe rely on Thales to confidently accelerate their organization’s digital transformation. Thales Cloud Protection & Licensing is part of Thales Group.

Did you know that 80% of consumers want brands to offer MFA (Multi-Factor Authentication) as a means for them to establish trust in the brand?* 

While this used to add friction in the past, there are new ways to deliver MFA and passwordless authentication experiences through passkeys. In this episode, we’ll explore Passkeys and SCA (Strong Customer Authentication) implementation best-practices and real-world examples. 

*Thales Digital Trust Index 2024 Research

Ensure Secure & Frictionless User Experiences with Passkeys

According to our 2024 Digital Trust Index survey, 87% of consumers expect certain levels of privacy rights from the companies they interact with online. The biggest expectation is the right to be informed that their personal data is being collected (55%), closely followed by the right to have their personal data erased (53%). 

Customers only want to provide information when needed. In this episode, we'll examine how consent & preference management, together with progressive profiling, can be used as a tool for customer empowerment, helping you climb the Digital Trust ladder.

Key takeaways:
- Learn how to seamlessly embed customer consent & preference management and progressive profiling into your CIAM strategy
- Effortlessly maintain and store a track record of customer consent 
- Increase customer intimacy and trust by keeping their preferences at the heart of their experience
- Easily integrate the data privacy conversation into the user journey
- Comply with data privacy regulations (GDPR, CCPA, etc.) with continuous adherence to customer consent and preferences

Data Privacy: Build Trust with Consent & Preference Management

Join us as we venture into the labyrinth of Zero Trust – a term that is so ambiguous that it consistently leads to confusion and slow adoption, often by the companies who could benefit from its application the most.
Is Zero Trust a solution? An architectural framework? An approach? Or perhaps a blend of all three? In this comprehensive webinar, Mithun Singh will explore its implications, examine its ROI potential, and propose applications in the IAM space.

What you’ll learn:
- A whole new perspective on Zero Standing Privilege instead of Least Privilege Principle
- How to navigate the acronym jungle – Zero Trust vs ITDR, vs RBA, vs. FGA, ZSP etc.
- Why even our printers undergo daily identity crises, constantly proving they're not undercover agents plotting a paper jam rebellion
- What Zero Trust means to different user group personas in IAM
- Why dynamic, just-in-time access, with continuous authentication and authorization, can lead to a more secure and efficient future.

Navigating the Zero Trust Maze

Ransomware is becoming a sobering word for any organization. In 2023, a significant portion of ransomware attacks prioritized data exposure over encryption, putting pressure on organizations to respond quickly to avoid public leaks. The recent ransomware attacks like LockBit and Rhysida breach corporate and government networks, spreading laterally and exfiltrate critical data before encrypting files. It then threatens to publicly release the stolen data if the ransom is not paid.

So how can you effectively prevent and defend against zero-day ransomware attacks?

Join this webinar to learn more about ransomware attacks, how to use the power of encryption to prevent them, and what you should consider to protect your organization from such attacks.

Fighting Ransomware - Using the Power of Encryption

In today's rapidly evolving digital landscape, the migration to cloud infrastructure has become pivotal for organizations seeking enhanced resilience and security. However, this shift brings forth new challenges, particularly in safeguarding sensitive data amidst ever-evolving threats like ransomware and generative-AI attacks, alongside stringent compliance regulations such as NIS2 and PCI 4.0.

Enter data-centric security, offering CISOs transformative opportunities to fortify data protection, compliance adherence, and operational efficiency, thereby nurturing deeper trust with customers. Yet, ensuring robust defense mechanisms remains imperative, given the diverse pathways to data, each with its own unique security demands and vulnerabilities.

In our upcoming webinar, "Thales + Imperva: Trusted End-to-end Data Security" Todd Moore, VP of Data Protection at Thales, and Terry Ray, SVP of Data Security and Imperva Fellow for Imperva, a Thales company, will delve into the strategies that empower organizations to unlock maximum value from their data assets amid the complexities of multicloud environments.

Join us as we explore:
• Adopting a data-first approach to simplify data protection and compliance
• Leveraging the combined strength of Thales and Imperva's state-of-the-art data security platforms
• Applying data security across clouds: private, AWS, Azure, GCP, and ensure parity with your on-premises policies
• Harnessing the latest data security innovations for managing sensitive data, detecting threats, and mitigating risks

Thales + Imperva: Trusted End-to-end Data Security

The 2024 Thales Global Data Threat Report offers insights into global trends in threats to data and the underlying controls, regulations, risks and emerging technologies that need to be addressed. The report reflects insights from nearly 3,000 respondents at the individual contributor, managerial and executive levels from 18 countries across 37 industries and explores their experiences, challenges, strategies and outcomes.  In this webinar you will learn about top sources of threats, leading threat types, challenges of compliance and sovereignty, and top security challenges in DevOps (just to name a few)  as well as security challenges and threats with AI, 5G, IoT, OT, and Quantum Computing. Attendees will receive a free copy of the 2024 Data Threat Report and webinar presentation.

Key Findings from the 2024 Thales Data Threat Report

Did you know that 80% of customers expect a completely digital onboarding experience?* In addition, a majority will only share their personal information if certain caveats are met -- some may even drop off during the process.  

In this episode, we will dive into ways to balance best-in-class identity verification and identity affirmation practices coupled with a seamless and compliant user onboarding journey while minimizing customer drop-off. 

Learn how to build customer loyalty from the very first interaction they have with your brand. 

Key takeaways: 
- Digital onboarding: The foundation of your digital customer lifecycle management 
- How to balance regulations & user experience around identity verification  
- Common identity verification risks in the age of generative AI  
- The future of identities and the rationale around dematerialization  

*Thales Digital Trust Index 2024 Research

Build Seamless & Secure Digital Onboarding in the Age of GenAI

With the upcoming NIST algorithm finalizations expected within months, organizations need to get their cryptographic hygiene in order. The first to be impacted by new compliance regulations are PKI, TLS, Code Signing, and IoT.  Learn how to build a plan for inventory discovery, assessment, stakeholder buy-in, budgeting, and project timelines. Join both Chris Hickman, CSO (Keyfactor) and Blair Canavan, Director Alliances (Thales) during this pragmatic readiness webinar.
 
Topics include:
 •  How 2024 NIST finalizations impact organizations
 •  Ensuring stakeholder support and budgets
 •  Cryptographic discovery heat-mapping and remediation
 •  Building a project roadmap with priorities, timeframes, and budgets

Keyfactor is an approved (ISC)2 CPE Submitter partner. Earn .5 CPE credit by viewing this webinar.

NIST is Coming for your Algorithms!  Ready or Not, Here They Come

Are you doing enough to gain (and retain) your customers' trust?  

Data security and smooth digital experiences have become non-negotiable for consumers today. You can’t have one without the other, and customers are prepared to abandon brands if either is lacking.  

We interviewed over 12,400 consumers worldwide to gain an understanding of their preferences when interacting online, and ultimately determine how to help organizations make better decisions about their digital presence.  

Join Haider Iqbal, Director of Product Marketing at Thales, and John Tolbert, Director of Cybersecurity Research and Lead Analyst at KuppingerCole Analysts to discuss the results from our survey, where Digital Trust stands as it is today, and how to strike the right balance between security and seamless interactions. 

 
Key takeaways: 

- An overview of the state of Digital Trust in 2024 and key findings 
- What your customers expect from your brand when it comes to digital interactions 
- A perspective from industries and companies that found the right balance between security, privacy and user experience 
- Best practices and recommendations to climb the Digital Trust ladder


Speakers: 

- Haider Iqbal, Director of Product Marketing IAM at Thales 
- John Tolbert, Director of Cybersecurity Research and Lead Analyst at KuppingerCole Analysts  

Moderator: Ammar Faheem, Product Marketing Manager CIAM at Thales

The State of Digital Trust in 2024: A Deep Dive into Trends & Best Practices

Per questo webinar Thales ha voluto invitare due partner d'eccezione, Oracle ed Accenture, per parlare di Oracle Cloud Infrastructure (OCI) e di cloud-adoption sicura con particolare attenzione al controllo delle proprie chiavi crittografiche. Grazie alla partnership, siamo in grado di supportare i nostri clienti nel:
* Conservare la propria sovranità digitale nell'Oracle Cloud.
* Dimostrare una conformità alle normative locali sulla privacy e sulla sicurezza dei dati come GDPR, PCI-DSS, ecc.
* Una gestione indipendente delle chiavi di crittografia al di fuori del cloud
Un utilizzo di CipherTrust Manager per connettersi agli HSM esistenti
Una gestione delle chiavi di crittografia centralizzata, scalabile e basata su standard

Thales, Oracle e Accenture insieme per offrire una migliore sicurezza dei dati.

Encryption and key management are critical defenses against data breaches and cyber threats in the evolving digital landscape. A comprehensive study by ESG Research, commissioned by Thales, sheds light on emerging trends, operational challenges, and strategic advancements in this vital field. Join experts from ESG and Thales for a discussion on insights from the survey.

Operationalizing Encryption and Key Management Insights from ESG Research Study

Embark on an insightful journey through the dense compliance jungle, where our expert industry panel—in the field of risk assessment and data protection—will provide actionable takeaways to empower you to thrive in the challenging regulatory terrain.
 
Join seasoned navigators from Keyfactor, Thales and CRYPTAS as they discuss common IT security challenges and share strategies to enable you to carve a secure path to NIS2, DORA, GDPR, ISO, and TISAX compliance. Get practical advice on how cryptography can fundamentally enhance preventive measures for authenticity and confidentiality.
 
Key takeaways:
- Uncover Regulatory Species: Decode the unique characteristics of NIS2, DORA, GDPR, ISO, and TISAX.
- Survival Tactics: Learn practical strategies to master your next security audit with confidence.
- Shielding Strategies: Acquire actionable techniques to fortify your organisation against compliance challenges.
- Risk Safari: Understand how compliance is your compass in the wild, mitigating the potential business risk of failed audits.
- Interactive Exploration: Engage in a live Q&A, where your queries become the talking points for the experts.

So, if you’re a security leader looking to equip yourself with the tools of knowledge to navigate the compliance jungle with ease, look no further. 

Register now!

Keyfactor is an approved (ISC)2 CPE Submitter partner. Earn (1) CPE credit by viewing this webinar.

Speakers:  Stefan Bumerl, CEO and Founder, CRYPTAS Internet Security GmbH; Admir Abdurahmanovic, SVP Strategy,Keyfactor; Romain Deslorieux, Strategic Partners Director, Global System Integrators, Thales

Navigating the Compliance Jungle: Interactive Panel with Cybersecurity Experts

With the massive increase in cloud services and workloads, the use of secrets rapidly grows and leads to secrets sprawl, however, “62% of organizations do not know how many keys or certificates they have throughout their company.” ^ 
The increase in data breach incidents from leaked credentials is also alarming and it has become one of the top concerns of the CISO. Recently, Football Australia suffered a data breach after leaving keys to a database containing personal details openly accessible, as they left a number of AWS keys exposed, which included several secret keys. 
To mitigate the risks and fortify the security of sensitive information, organizations can now take full control and have better visibility of all the secrets with CipherTrust Secrets Management Solution, it helps organizations:- 
- Simplify and centralize secrets management in a single platform 
- Discover all secrets in your environment and integrate multiple-point solutions into one platform
- Improve the working experience among various teams including DevOps
Join our webinar to explore how organizations can manage secrets effectively with a single data security platform, our experts discuss:-
- The risks and consequences of secrets sprawl 
- How a secrets management platform offers better visibility and control
- Case study

Reduce DevOps and Cloud Security Risk with Secrets Management

In early 2024, NIST will finalize their new encryption algorithms. How can organizations in regulated industries cut through the PQC hype and diligently assess the business impact of these new cryptographic standards? Join IBM, Quantinuum and Thales to see why 2024 is the year to build a plan for Quantum-safe operations and build out a PQC Center of Excellence.

PQC in 2024:  Are you Preparing or Ignoring the Risks Ahead?

Despite their shortcomings, passwords have been a necessary evil; an unavoidable reality. No wonder online services have struggled to get rid of passwords for nearly three decades. Not anymore! Passkeys have emerged as a modern form of authentication, offering a superior user experience and higher security. With over 7 billion accounts already protected by passkeys, the question for service providers isn’t “if” they should be adopting passkeys, rather “when” and “how”. 
 
Join us in this webinar with Thales and the FIDO Alliance to: 
- Learn why this standards-based approach is gaining such rapid traction 
- Understand how ready your end users are for adopting passkeys 
- Get actionable guidance to roll out passkeys for both low and high assurance authentication 
- Understand why you should introduce passkeys for your digital services right away 
- Discover how Thales can assist you in a smooth transition to passkeys-based authentication

Speakers:        
- Pedro Martinez, Business Owner for Digital Banking Authentication, Thales 
- Andrew Shikiar, Executive Director & CMO, FIDO Alliance 
 
Moderator:  
- Megan Shamas, Sr. Director of Marketing, FIDO Alliance

Next-Gen Authentication: Implementing Passkeys for your Digital Services

Data Privacy regulators are drafting policies that require organizations to delete personal data. What happens though if you cannot delete this data due to technical or business reasons? Join Thales and BigID as we unpack how organizations comply with these privacy regulations, including "the right to be forgotten", when deletion is not possible.

What If You Can't Delete Data? The Paradox of Retention vs. Privacy Compliance

Learn the latest trends in Secrets Management and how to ensure your secrets, certificates, and credentials stay protected from cyberattacks. The proliferation of secrets, as well as recent high-profile breaches – like those experienced by LastPass, Uber, and SolarWinds due to compromised credentials – have raised awareness around the risk of secret leaks. As a result, it is becoming a more important focus for security teams, who are increasingly recognizing that a fragmented approach to secrets management does not scale with today's modern computing environments, and that the most effective solution is a scalable and unified platform that can automate processes for creating, storing, rotating, and revoking secrets.

Understanding and Managing Secrets Sprawl

Software supply chain attacks tend to be very lucrative for criminals and devastating to businesses. A single breach can impact thousands of victims in a rapid domino effect. What can organizations due to protect against these security risks? Join us as we discuss methods to protect software releases, safeguard private encryption keys, proactively detect vulnerabilities, and ensure software transparency.

Protecting Against Software Supply Chain Attacks

root of trust

container signing

code signing

SBOM

Supply Chain

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Protecting Against Software Supply Chain Attacks

Presented by

About this talk

More from this channel