Hi [[ session.user.profile.firstName ]]

Routing and DNS Security in the Cloud

The domain name system (DNS) translates domain names into IP addresses and provides the foundational starting point for how humans interact with machines and services on the Internet and throughout the cloud. However, if that translation goes awry or is tampered with in the
cloud, attack windows are exposed. Securing DNS (with extensions like
DNSSEC) and managing the routes that cloud traffic takes can increase
cloud security and help close the attack windows.

Getting to the Right Place
- Routing and DNS in the Cloud
What’s in a Name? DNS
- The problem of trust: When DNS goes bad
- Increasing DNS trust
What the Path Matters: Routing
- Shortest path may not be safest
- Increasing routing security
Recorded Mar 16 2011 43 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Diana Kelley; SecurityCurve, Co-Founder and Partner
Presentation preview: Routing and DNS Security in the Cloud

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Adopting Cloud? Learn how to manage your Cyber Risks Jun 17 2021 7:00 am UTC 45 mins
    Srinath Vangari, Project Manager | Himanshu Dubey, Director, Engineering, Security Labs
    Cloud adoption has witnessed exponential growth over the past few years. It provides many advantages for both individuals and organizations. However, at the same time, many new cyber security risks have arisen due to this rapid growth of cloud adoption. A conventional risk management framework does not fit well with cloud applications, as those frameworks were designed for applications running in traditional on prem environments.

    In this presentation we will discuss:

    • New cyber risks that organizations are exposed to when they adopt cloud.
    • Impact of Cloud breaches.
    • Techniques used by attackers to breach cloud deployment.
    • A framework for Cloud Risk Management.
  • Zero Trust for the New Normal Jun 16 2021 4:00 pm UTC 60 mins
    Diana Kelley, SecurityCurve| Mari Galloway, Women's Society of Cyberjutsu | Jonathan Nguyen Duy, Fortinet | Bob Rudis, Rapid7
    Working remotely has become the new normal. This, and many other changes organizations adopted last year in response to the pandemic are likely to stay for the long term. According to Gallup, about two-thirds of U.S. remote workers want to continue to work remotely. So, how can organizations continue to support their growing distributed workforce at a time where reports of security threats have increased by 400% compared to pre-pandemic levels? 

    Here is where the zero-trust approach to security comes into play. 

    Join this month's episode of The (Security) Balancing Act with Diana Kelley and guests as they discuss the emergence of zero trust (“Trust Nothing, Verify Everything”) and what it helps achieve for enterprises in the age of cloud and remote work.

    Viewers will learn about:
    - The evolution of the security perimeter and the shift to zero trust
    - Why zero trust is an approach and not a product
    - Zero Trust Network Access (ZTA) vs. corporate VPN
    - Real-world stories and practical hands-on guidance from people who have deployed a ZTA

    - Mari Galloway, CEO, Women's Society of Cyberjutsu
    - Jonathan Nguyen Duy, Vice President, Global Field CISO Team, Fortinet
    - Bob Rudis, Chief Data Scientist, Rapid7

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • Do Startups need to be Compliant, and How? Jun 16 2021 3:00 pm UTC 45 mins
    Naba Siddiqui, Technical Co-Founder, POKET
    Companies of all sizes, big or small, have a shared experience - customers demand that organizations keep their data safe. Failure to do so and non-compliance especially with strict regulations like GDPR causes a loss of customer trust, reputitional harm and is oftentimes a requirement when signing new contracts.

    While compliance and regulations don't make for fun dinner time conversations, these areas are specially tough to deal with when you are a small startup.

    This talk will examine how to align security policies and procedures to be "compliant" when your whole company is the size of the famous "Two Pizza" teams.
  • A Whole New World: Compliance in the Cloud is No Magic Carpet Ride Jun 16 2021 10:00 am UTC 47 mins
    Steve Horvath, VP of Strategy and Cloud, Telos Corporation
    Tackling IT security compliance can be a headache -- but when you add the cloud into the mix, there is an entirely new set of challenges at hand. Cloud compliance is an issue that many organizations are concerned with, so much so that almost nine in ten (86 percent) believe that compliance will be an issue for them when moving systems, applications and infrastructures to the cloud, according to recently released research from Telos Corporation. Additionally, a staggering 94 percent of respondents report that they face challenges with IT security compliance and/or privacy regulations in the cloud. With the sheer amount of companies making the transition to remote work, cloud versus on-premises or legacy infrastructure is rapidly becoming the norm. So how can organizations embrace cloud and overcome compliance concerns?

    This session will explore:

    - The costs of compliance and noncompliance in the cloud
    - The very real implications of audit fatigue and how the cloud exacerbates compliance concerns
    - Potential solutions to ease compliance challenges, especially in the cloud
  • Endpoint Security in the Remote and Hybrid Workplace Jun 15 2021 3:00 pm UTC 60 mins
    Michelle Drolet, Towerwall | Robert B. Razavi, Bombardier | John Bambenek, Netenrich | Chase Cunningham, Zero Trust Edge
    Endpoint security remains a major challenge for organizations, and in November 2020, Cybersecurity Ventures predicted that global cybercrime costs will reach $10.5 trillion USD a year by 2025. That’s more than triple the amount that it was in 2015. With remote working still very much the norm, and hybrid workforces emerging, it is becoming increasingly difficult to keep track of multiple endpoints and the risk they carry.

    With the threatscape continuing to evolve and cyber attacks becoming even more sophisticated, experts are here to share how security leaders can take the complication out of endpoint security.

    Join us to learn:
    - Common endpoint threats from the first half of 2021
    - Emerging endpoint threats and what to prepare for going forward
    - Leading endpoint protection strategies and how they can be integrated into your existing security solutions
    - And more

    Moderated by: Michelle Drolet, CEO Towerwall
    Robert B. Razavi, Sr. Security Advisor, CISO Office, Bombardier
    John Bambenek, President, Bambenek Consulting and Security Advisor, Netenrich
    Chase Cunningham, Chief Strategy Officer, Zero Trust Edge
  • What to Expect: Future Trends in Identity and Access Management Jun 15 2021 12:00 pm UTC 60 mins
    Pankul Chitrav and Leena Bongale, TD Bank Group
    Considering how much—and frequently—security shifts in the customer landscape, we believe Identity Management is at the epicenter of digital transformation and the next generation of enterprise IT. The changes in identity systems and services over the next five years are expected to be as disruptive as the new business models, applications and ecosystems they are supporting.

    In our presentation we will look ahead to the future of identity & access management, talk about specific projections as to where we believe Identity Management will be going over the next five years and describe a model for identity abstraction that provides an extensible services oriented architecture. We include newer disruptive models such as DevOps/microservices in identity systems, cloud-based IAM, self-sovereign identity leveraging blockchain, IoT support, evolving privacy regulations, and new governance and provisioning models.
  • How to WOW Submission Reviewers with a Stellar Proposal Recorded: Jun 9 2021 61 mins
    Diana Kelley, Alyssa Miller, Chloe Messdaghi, Tennisha Martin
    So you want to showcase your skills and speak at a technical conference? Great. Your voice matters. Conference organizers highly value new voices, and they are always on the lookout for ways to bring more talent to the stage. The good news is that there are opportunities abound and by submitting to conferences, you're honing in on your expertise, experience and knowledge, creating the most stellar of proposals. Join us for an honest discussion of cybersecurity industry influencers who weren't always used to being accepted when they initially submitted for speaking opportunities. They will share their stories of how they transformed every "no" into a "YES"!
  • A Day in the life of SOC: Woman’s Perspective Recorded: Jun 3 2021 70 mins
    Amina Aggarwal (Workday)
    A security operations center (SOC) is a dedicated site where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended by a team of information security professionals.

    This session will give you insight of a SOC from a woman's perspective. You will be taken through some of the challenges faced by many of us today while working in a male dominated field. By the end of this webinar, you will have learned about the day-to-day activities in a SOC, how to manage your work-life balance, and how to acquire the skills that will help you grow in this field.
  • Breach Detection and Response in the era of Supply Chain Attacks Recorded: May 13 2021 60 mins
    Sunil Sharma Director of Cyber Defense, Help AG
    SolarWinds Cyberattack came as a wake-up call to many. An attack that most cyber-aware /savvy organizations could not detect for many months. It is a reminder of how an interconnected world can impact us all in a short time.
    Join Sunil Sharma, Director of Cyber Defense for Middle East’s leading provider of strategic consultancy and tailored information security solutions and services company, Help AG, the cybersecurity arm of Etisalat, to discuss supply chain attacks, techniques, and tactics used by advisories to execute such attacks and strategies to detect and respond to supply chain attacks.
  • Cyber Authors Ep.4: Stopping Losses from Accidental and Malicious Actions Recorded: May 12 2021 52 mins
    Ira Winkler President at Secure Mentem | Sushila Nair VP Security Services at NTT DATA
    As users cost organizations billions of dollars due to simple errors or malicious actions, organizations believe that they have to improve their awareness efforts to make more secure users. The reality is that it takes a multilayered approach that acknowledges that users will inevitably make mistakes or have malicious intent, and the failure is in not planning for that.

    Using lessons from tested and proven disciplines like military kill-chain analysis, counterterrorism analysis, industrial safety programs, and more, join Sushila Nair with author Ira Winkler on how to determine the appropriate countermeasures to implement and prevent cybersecurity breaches and other user-initiated losses. Join now and learn how to:

    -Minimize business losses associated with user failings
    -Proactively plan to prevent and mitigate data breaches
    -Optimize your security spending
    -Cost justify your security and loss reduction efforts
    -Improve your organization’s culture

    Business technology and security professionals will benefit from the information provided by these two well-known and influential cybersecurity speakers and experts.

    This episode is part of Cyber Authors, a new series with Sushila Nair. We welcome viewer participation and questions during this interactive interview.
  • Threat Modeling with the VERIS A4 Threat Model Recorded: May 12 2021 45 mins
    John Grim, Head (Distinguished Architect) | Research, Development, Innovation Verizon Threat Research Advisory Center
    VERIS, the Vocabulary for Event Recording and Incident Sharing, is a set of metrics designed to provide a common language for describing cybersecurity incidents (and data breaches) in a structured and repeatable manner. VERIS provides cyber defenders and intelligence practitioners with the ability to collect and share useful incident-related information - anonymously and responsibly – with others.

    VERIS underpins the annual Data Breach Investigations Report. VERIS and its A4 Threat Model – Actors, Actions, Assets, Attributes – help codify incident-related information for threat modeling, intelligence analysis, breach mitigation, and detection / response improvement.

    Key takeaways for this session include:
    • Understanding cybersecurity incidents through the VERIS lens
    • Recognizing the VERIS A4 Threat Model: Actors, Actions, Assets, Attributes
    • Getting started in Threat Modeling with VERIS
  • Ransomware in the Remote Work Era Recorded: May 12 2021 61 mins
    Diana Kelley, SecurityCurve | Nicole Hoffman, GroupSense | Courtney Radke, Fortinet | Patrick Lee, Rapid7
    Phishing and ransomware attacks continue to rise, according to Proofpoint’s State of the Phish report for 2020. Organizations in the U.S. are at risk, the increase in remote work due to the pandemic has fueled a spike in attacks, and phishing attempts are up by 14 percent compared to the previous year.

    Email continues to be the number 1 delivery vehicle, but other social engineering schemes that rely on social media, voicemail (“vishing"), SMS phishing (“smishing”), and malicious USB drops are also of concern for organizations. Ransom demands are also on the rise, but according to the report, paying the ransom is not guaranteed to work as many companies that paid the ransom failed to receive a decryption key.

    Join this month's episode of The (Security) Balancing Act as Diana Kelley and guests discuss why ransomware is surging again, which sectors are most at risk, the threat to enterprises and how it is being used for more than just ransom (ex: distractionware, destructionware, etc).
    - The rise in ransomware under the cloak of the pandemic
    - Why email continues to be the channel of choice
    - The difference between fully automated and human-operated campaigns
    - How to decide whether or not to pay or not to pay the ransom
    - Why your backups may not be immune to ransomware
    - Addressing the threat with best practices

    - Nicole Hoffman, Intelligence Analyst, GroupSense
    - Courtney Radke, CISO for National Retail, Fortinet
    - Patrick Lee, Senior Incident Response Consultant, Rapid7

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
  • Breach detection – Lessons learnt from mountaineers Recorded: May 12 2021 35 mins
    Renaud Bidou, Technical Director, Southern Europe, Trend Micro
    Breach detection efficiency is all about consistent monitoring, organization and communication, experience (and expertise), training and proper tooling.

    So is mountain rescue.

    If you fall in a crevasse, get caught in an avalanche or come off a ridge, your survival depends only on time.

    And in a mountaineer's career you know this will happen, as you should know, working in IT Security, that you will be breached.

    So let’s be prepared, and learn from 200 years of mountain exploration how to quickly and efficiently get out of a worst case scenarios.
  • Lessons Learned: Zero Trust for Segmentation in IOT Based Smart Buildings Recorded: May 11 2021 48 mins
    Patrick Lloyd, Solutions Architect, Cisco Security Services
    Smart buildings are the hottest topic of 2021. But the thought of system integrations to make this a reality is enough to give most network security teams heartburn. The planning, design, and implementation of IOT based “smart” buildings can be eased in its complexity, to realize ROI quicker, while ensuring that devices on the network are prevented from endangering the network or each other.

    Through exploring lessons learned from successful projects, this session demonstrates how to start in your approach to a practical implementation of Securing a Smart Building, applying an interpretation of Zero Trust. It will cover methods used when security is of the utmost importance, and universal segmentation of threats is a requirement.
  • Pull your SOC up with continuous validation and optimization Recorded: May 11 2021 45 mins
    Mike DeNapoli, Lead Solution Architect at Cymulate
    Protecting your organization requires vigilance and skills combined with effective controls and detections, just having a SOC is not enough.

    SOCs vary in size, scope and staffing across various industries, outsourced and in-house, they exist to monitor, detect, and respond to evolving threats.

    Guarding against failures in the security architecture is not just about selecting the right tools and suppliers, it requires constant validation of your people processes and technology.

    Attend this session to learn:
    · Why SOC validation is crucial in confronting threat evolutions.
    · The elements of a continuous SOC validation and improvement program.
    · How continuous and automated red teaming and BAS make SOC validation achievable with existing resources.
  • Preventing the Big One: Staying Ahead of the Breach Recorded: May 11 2021 54 mins
    Michelle Drolet, Towerwall| Andy Thompson, CyberArk| Nico Fischbach, Forcepoint| Satya Gupta, Virsec| Micheal Meyer, MRSBPO
    Over 37 billion records were exposed in breach events in 2020 - by far the most records exposed in a single year, according to a recent report by Risk Based Security. How has remote working impacted your organization's security posture? What lessons can security professionals learn from the recent wave of breaches and what steps can enterprises take to strengthen security in 2021?

    This keynote panel of security experts and industry leaders will explore the best practices for breach prevention, as well as share real-life lessons from the frontlines on what works and doesn't work.

    Viewers will learn more about:
    - The reality of data breaches
    - Why data breach severity is rising
    - Ransomware attacks on the rise (doubling from 2019 to 2020) and the threat to businesses
    - Technologies that help with breach prevention, detection and response
    - Why security awareness matters and best practices for educating employees to be cyber secure

    Moderated by:
    Michelle Drolet, CEO, Towerwall
    Nico Fischbach, Global CTO, Forcepoint
    Micheal Meyer, Chief Risk and Innovation Officer, MRSBPO
    Andy Thompson, Research Evangelist, CyberArk
    Satya Gupta, CTO & Founder, Virsec
  • VID: Lessons Learned: Zero Trust for Segmentation in IOT Based Smart Buildings Recorded: May 11 2021 48 mins
    Patrick Lloyd, Solutions Architect, Cisco Security Services
    Smart buildings are the hottest topic of 2021. But the thought of system integrations to make this a reality is enough to give most network security teams heartburn. The planning, design, and implementation of IOT based “smart” buildings can be eased in its complexity, to realize ROI quicker, while ensuring that devices on the network are prevented from endangering the network or each other.

    Through exploring lessons learned from successful projects, this session demonstrates how to start in your approach to a practical implementation of Securing a Smart Building, applying an interpretation of Zero Trust. It will cover methods used when security is of the utmost importance, and universal segmentation of threats is a requirement.
  • What's next? OWASP top 10 2021 Recorded: May 11 2021 54 mins
    Gábor Pék, CTO and Co-Founder, Avatao
    This talk introduces the main security pitfalls that every developer needs to know about before writing and shipping code.

    A recent non-official proposal of OWASP top 10 helps us better understand what weaknesses our contemporary systems face and how we can manage our daily job to avoid them. The new candidate, SSRF (Server-side Request Forgery), will also be highlighted in more detail.

    What you will learn:

    - What are the biggest mistakes we make while writing and shipping code?
    - Why is OWASP top 10 relevant for our daily jobs?
    - How can we avoid the most critical vulnerabilities?
  • Safeguarding your Data: Need & How To Recorded: May 11 2021 38 mins
    Shriram Munde, Team Lead | Himanshu Dubey, Director, Security Labs, Quick Heal Technologies Ltd.
    We are living in Data Age. Most organizations these days, in one form or other, rely on data to drive decisions & run their business. Thus, any data loss would mean considerable business impact to such organizations. Additionally, organizations’ collect certain data from users of their products, which is used for variety of purposes. If this data is lost / stolen, it may pose serious risks for the affected individuals and likely, tarnish the organization’s reputation.

    In recent past, we have seen many data breaches across the globe, which have affected organizations of all shapes & sizes. So, it is imperative that organizations take steps to safeguard themselves against data breaches.

    In this presentation, we will discuss:

    - Recent data breaches & their impact
    - Attack approaches used by Cyber Attackers
    - Prevention steps to safeguard data
  • WiCyS Veterans' Apprenticeship Program Recorded: Apr 20 2021 60 mins
    Smoothstack Team
    WiCyS brings together women and supporters from around the world to develop cybersecurity skills with the aim of advancing women in, building equity in and developing minority talent in the field. One of WiCyS’s focuses is bridging the cybersecurity skills gap for female veterans, which is what helped launch the Veterans’ Program. Military career experience aligns well with a job in cybersecurity.

    The WiCyS Veterans’ Apprenticeship Program includes paid training and apprenticeship, secure long-term employment, and a litany of possible resources including access to technology and mentoring. This innovative apprenticeship model is DOL-certified and a top-notch gateway to get the support needed to enter into thriving cybersecurity careers. Join this webinar to learn more about the WiCyS Veterans' Apprenticeship Program and see if it's the right fit for YOU! And, as always... we thank you for your service.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Routing and DNS Security in the Cloud
  • Live at: Mar 16 2011 6:00 pm
  • Presented by: Diana Kelley; SecurityCurve, Co-Founder and Partner
  • From:
Your email has been sent.
or close