The Impact of Cloud on the Future of Web Application Security

Ransomware, ransomware, ransomware. Why are our current endpoint defenses so inefficient? We will take three leading endpoint security (antivirus) products and demonstrate live how ransomware developers use trivial techniques to bypass all of them. Often a single line of code is all that’s needed to render antivirus ineffective and all data lost.

NOTE: This webinar is applicable to technical audience only. We will be digging right in the source code and compiling ransomware on the fly.

Presenter:
Nir Gaist, founder & CTO of Nyotron, is a recognized security expert and ethical hacker. Nir has worked with and pentested some of the largest Israeli organizations, such as banks, police and the parliament. He also wrote the cybersecurity curriculum for the Israel Ministry of Education.

One of the most important aspects of security is how to protect the data that is just “sitting there.” How easy is it to get to? Who can get to it? If someone does get access to the data, can they read it? What are the potential risks of the wrong people reading the data? These are just a few of the questions that we try to answer when we go through the process of securing data.

Contrary to popular belief, however, securing “data at rest” is not simply encrypting the data. While it is true that data encryption plays a major role in securing “data at rest,” there are several other factors that come into play and are equally as important – if not more so.

For this webcast, we’re going to talk about those other factors (Encryption is deserving of its own, specific webcast). We will present the end-to-end process to securing “data at rest,” and discuss all the factors and trade-offs that must be considered, and some of the general risks that need to be mitigated, discussing:

• How requirements for “data at rest” differ from “data in flight”
• Legal and regulatory reasons to protect (or delete) data at rest
• Where and how data could be attacked
• Understanding the costs of ransomware
• How to protect cryptographic keys from malicious actors
• Using key managers to properly manage cryptographic keys
• Strengths and weaknesses of relying on government security recommendations
• The importance of validating data backups... how stable is your media?

The world has changed, and so has your threat landscape. Join us for a discussion on how cyber attacks have pivoted their tactics and targets. From the latest on phishing kits to video threats, our experts will explore how changes in motives and targets is disrupting and increasing our threat landscape. Learn how to reframe your understanding of your threat profile and better defend and respond to these attacks.

Our featured experts for this webinar include Richard Stiennon, chief research analyst at IT-Harvest and Kurtis Minder, CEO of GroupSense, GroupSense is a digital risk management company that delivers customer-specific intelligence.
Here’s What Will Be Discussed:

1) Threat actors are adapting their tactics and targets
2) Changes in motives and targets are disrupting and expanding the threat landscape
3) Understanding your threat profile to create a better cyber defense strategy.

In the fight against COVID-19, countries are taking urgent actions to address the crisis. Some are turning to tech to find solutions for containing the spread of the virus. Digital contact tracing, in particular, is gaining a lot of traction. For example, Apple and Google recently announced a rare collaboration to jointly facilitate contact tracing within their mobile platforms for public health monitoring applications.
So, what does this mean for privacy? 
While some efforts are being made to preserve user privacy, like not tracking user location or collecting other identifying information, digital contact tracing can still reveal more user information than necessary.

Join this panel of security and privacy experts lead by Chenxi Wang to learn more about the different implications associated with digital contact tracing, how it is being used around the world, and the long-term effects of COVID-rushed decisions.

Speakers:
- Chenxi Wang, Founder & General Partner of Rain Capital
- Vishwanath Raman, Lead, Privacy Technologies, Oasis Labs
- Michelle Dennedy, CEO Drumwave
- Tom Pendergast, Chief Learning Officer, MediaPRO

Security practitioners around the world are struggling to cope with the challenges posed by remote workers during the COVID-19 pandemic. With all users working from home simultaneously, there is a tremendous load and increased security risks across private networks and the cloud. In light of more workers accessing data from the cloud, many organizations are taking a "zero trust" approach, including the use of solutions such as Privileged Access Management (PAM).

If your organization is just getting started with a Privileged Access Management (PAM) program, or you are focused on implementing advanced PAM strategies to align with a COVID-19 environment, this CPE accredited webinar will address what you need to know for data security. Our panel of experts will outline the key challenges and offer some clear recommendations that emphasize the critical role of people, processes and technology in effectively mitigating PAM risk, including:

- Tracking and Securing Every Privileged Account
- Governing and Controlling Access
- Recording and Auditing Privileged Activity
- Operationalizing Privileged Tasks
- Creating a Zero Trust environment

Crippling ransomware attacks are on the rise and U.S. cities are falling victim at alarming rates. The public sector is especially vulnerable because state and local governments tend to have outdated computer systems and maintain sensitive data which is highly desirable to attackers.

Join this episode of the Election Hacking series to learn more about the ransomware threat to state and local governments and what this means for the 2020 U.S. presidential election.
- The year of ransomware
- How cities and states are coping with the scourge of ransomware
- The ransomware dilemma: Pay the ransom or fight the infection
- How AI is enabling - and helping fight - ransomware attacks
- Ransomware as a threat to democracy

Moderator: David Morris, Executive Director at Digital Risk Management Institute

Panelists:
- Lee Imrey, Cybersecurity Advisor, Splunk
- Brett Foy, Global Vice President, Engineering, Datrium
- Lance James, CEO of Unit 221B

This episode is part of the Election Hacking Original series examining the threats to democratic elections, the technologies used to power and hijack elections, and what's needed to educate and empower voters before Election Day.

Encryption has been used through the ages to protect stored secrets, authenticate messages, communicate secretly in broad daylight, and even to check that messages were properly transmitted and received without tamper. Now, it’s often our first go-to tool for making sure that data simply isn’t readable to prying eyes, ears or AI bots.

But how does encryption actually work, what makes it tick, and how is it managed? How do we ensure compatibility? How do we protect the keys; i.e., “Who will guard the guards themselves?”

It’s a big topic that we’re breaking down into three parts: Encryption 101, Key Management 101, and Applied Cryptography.

Join us on May 20th for the first encryption webcast: Storage Networking Security: Encryption 101 where security experts will cover:

•A brief history of Encryption
•Cryptography basics
•Definition of terms – Entropy, Cipher, Symmetric & Asymmetric Keys, Certificates and Digital signatures, etc.
•Introduction to Key Management

After you watch the webcast, check out the Encryption 101 Q&A blog at https://bit.ly/2ZGMisl

Smaller businesses have a common problem when it comes to cybersecurity - limited expertise, resources and budget.

The board is asking for, clients are demanding to know whether the company is secure, IT team can't articulate the cybersecurity program, because there isn't one.

Cybersecurity is sometimes an afterthought for a start-up, or delegated to one engineer. There's a tendency to think of cybersecurity as a set of tactical, technical implementations to cover obvious threats rather than a business problem.

We'll discuss the role of the CISO in terms of providing the leadership and strategy for a cohesive, risk based program. Ideally, the role is not a technician.

With an ever-evolving threat landscape and a growing business, where does a business start to build and maintain an affordable program? We'll discuss a baseline program, technologies required, focusing on fewest technologies for maximum benefit.

This episode is part of The (Security) Balancing Act series with Diana Kelley. Viewers are encouraged to ask questions during the live Q&A.

As the world continues the work-from-home initiative in order to combat the COVID-19 threat to humanity, organizations must also consider that threat actors (hackers, Advanced Persistent Threats, etc.) may take this opportunity to exploit existing vulnerabilities normally mitigated in an office environment behind a firewall, as an example, but not necessarily mitigated in a Telework environment. This presentation will discuss the following topics

- Discuss the recent rise Threat Actor exploits of Telework applications, and provide a means of ‘visibility’ by organizations to detect, analyze and remediate threats attempting to exploit vulnerabilities.

- Visibility into emerging threat capabilities to introduce ransomware and malware into a remote computer/mobile device. Example: COVIDLOCK ransomware on Android smart phones and how to detect and remediate.

- How VPN is only a step in the right direction towards accessing and transmitting secure, sensitive data. How additional applications and best practices can assist organizations to maintain Confidentiality, Integrity and Availability (CIA) in the near-immediate term.

- The advantage of educating employees on the dangers associated with working remote, and whether use of personal devices versus company-provided devices are viable options.

- How Software as a Service (SaaS), Infrastructure as a Service (IaaS) providers can assist your organization in maintaining effective CIA in a Work From Home environment. The presenter will also discuss limitations and the often overlooked Shared Responsibility.

Every company in the world is being forced to digitize their customer and supplier interactions while enabling flexible work from home patterns. Just like trying to change a tire on a car going 60MPH, businesses are forced to adapt quickly because of today’s state of business. Hackers are licking their chops as more digitization happens quickly CIOs and IT Teams are more vulnerable than ever.

Join us as our security experts discuss the following cyber-attack trends and recommended strategies for better security in 2020:

1. The Digital Data Attack Surface
2. Cloud / Endpoint Visibility Challenges
3. De-Risk Data in the Cloud
4. Incorporate CyberSecurity into Risk Management
5. Six Practical Steps to beat Hackers

In this session you are going to hear about application security and open source software. A review of how open source software grows and how vulnerabilities are created. Vulnerabilities in open source software increase the risks of exploitation, it is critical then to understand the dynamics of how open source software is built and to have a plan in place to reduce risk. A security plan around visibility, early stage in the development lifecycle and policy governance.

Open source sparks innovation, it provides bug fixes and security fixes, the solution is not to stop using open source software. All new technologies from AI and Machine Learning to Virtual Reality, self-driving cars and robotics are built in the open, so there’s no turn back. The best approach is to keep up with the progress in open source, to shift-left and automate application security.


This session will provide:
-Insight into how open source software works and grows
-How to address security for open source components
-How to keep up with constant changes and new vulnerabilities

Firewalls and IPSs don’t replace but rather complement each other’s roles in securing the parameter, yet some are insisting that analytics, analysis, and Machine Learning are meant to replace each other when it comes to situational awareness. This Session will help explore how these concepts complement each other to help achieve better situational awareness.

Welcome to the world of IoT (Internet of Things) as more and more devices get connected online. With weak or almost no security these devices can easily become a victim, be turned into a BOT which can then be controlled and used to participate in a DDoS (Distributed Denial of Service) attack or turn systems into bricks along with the data.

This session walks you through the reality check on the risks and threats that IoT devices introduce to the business and what you can do to reduce the risks. A best practice approach to an IoT Risk Assessment.

- What are the biggest risks from IoT devices?
- What are the biggest threats from IoT devices?
- Best Practices in reducing the risks
- Future of IoT Security

A few months ago, security vendors were offering up cyber threat predictions for 2020 and product roadmaps indicating how solutions were evolving to address the shifting threat landscape. Market research firms were sharing revenue projections and providing guidance to end-user organizations intended to help them solidify their security strategy and budgets for the year. And then along came the coronavirus.

The rapid on-set of a global pandemic has changed both the threat landscape and what organizations should be spending their security budgets on, almost overnight. An all-remote workforce opens the door to new opportunities for malicious activity by bad actors; stealing passwords and data is easier, and critical business applications are at greater risk as employees attempt to access both on-prem and cloud-based apps from home.

In this webinar, Identity and Access Management (IAM) experts from Sennovate and Idaptive will address the role IAM and adaptive multi-factor authentication (MFA), in particular, can play in both enabling and securing the remote workforce. Adaptive MFA, based on the oh-so-important principles of Zero Trust—“never trust, always verify”—holds the keys to dramatically reducing risk and improving compliance, no matter where an organization’s employees are in the world. Best of all, adaptive MFA improves user productivity and happiness, while reducing IT and helpdesk overhead.

Attendees will gain an understanding of: the new or increased threats caused by the surge in remote workers; the critical role that IAM and adaptive MFA can play in filling any security gaps that may still exist across a far-flung labor force; and the benefits of adaptive MFA, including improved user productivity and job satisfaction, and reduced IT and helpdesk burden.


Speakers:
Vishnu Varma, Sr. Director, Product Management, Idaptive
Senthil Palaniappan, Founder & CEO, Sennovate Inc.

With constantly changing physical and technological environments, companies and individuals are encountering the most difficult time in history to develop and maintain Resilience. As we to continue to build smart cities and smart nations, connecting our cloud-based networks to Internet-of-things (IOT) devices and other operational technologies, our lives are being impacted more and more and we have rapidly increasing risk, by virtually expanding our threat surface.

With 83% of enterprise workloads being hosted in cloud-based environments, today's leaders are being exposed to extreme challenges in understanding and addressing the intangible risks that could cripple an organizations entire supply chain in real-time.

In order to combat this growing threat, Greg Tomchick and his team at Cyber Defense Labs empower organizations to adopt a proactive approach to minimizing the connected risks across the enterprise, while meeting or exceeding regulatory requirements.

Be sure not to miss this important conversion on what you can do to protect your corner of cyberspace, build operational resilience in the cloud and how we can work together to address this important issue as we voyage through 2020.