Name: How IoT Expands Hackers Attack Surface
Start: 2018-06-13T12:00:00Z
End: 2018-06-13T12:50:38.000Z
Location: BrightTALK
Rating: 4.4

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

The need for structured IR readiness process that addresses both on-premises and cloud environments is clearer than ever before. In this session, an incident responder and cloud security architect will share their personal experiences in defending against nation-state attacks. 

Through real-life case studies, they will cover best practices for Incident Response methodology and tools that stand the test of nation-state attacks. They will then present how this battle-tested but traditional approach to IR is challenged with the introduction of cloud computing. Finally, they are introducing a a battle-proven framework to enhance your IR capabilities in the cloud.

About the speakers:
Karl Ots is a cloud and cybersecurity expert, as well as international speaker and trainer, with a broad range of deep Azure expertise. He believes that secure cloud technologies are the key to successful digital transformation. He applies his passion as Head of Cloud Security at EPAM Systems. Karl has been working with Microsoft Azure since 2011 in a variety of forums ranging from large projects to speaking at largest tech conferences, such as Microsoft Ignite. Karl is a Microsoft Certified Trainer (MCT) and a Certified Information Systems Security Professional (CISSP). He is the author of Azure Security Handbook.

Aviv Srour has more than a decade of Cyber Security experience. He specializes in defensive security, Incident Response (IR) and organizational information security. Currently he holds the position of Head of Cyber Innovation at EPAM.

Aviv has handled hundreds of security incidents, starting back at his days at Israeli Air Force where he led the CIRT team. His hands-on experience with complex security incidents helps him develop an unique view on what is needed from IR readiness processes and how to significantly reduce detection and remediation time.

Is your IR ready for cloud? Lessons from the front lines of nation-state attacks

In the last 10 years, Azure has become one of the most popular cloud platforms for businesses and organizations of all sizes. As the platform has evolved, so has the threat landscape. To understand the present cloud security landscape and predict the future, let's take a trip down the memory lane!

In this session, cloud security expert Karl Ots will discuss how Azure's security controls have evolved over time. Throughout the session, he will share best practices for securing your Azure infrastructure, applications, and data, so that you can build an architecture that stands the test of time.

Top 10 Azure security tips from 10 years of securing Azure applications

Compute express link (CXL) technology is rushing onto the scene with a goal of changing the very nature of computer architecture. Not only does this interface support memory disaggregation, persistent memory, and nonuniform memory architectures (NUMA), but it also is being used to standardize the interface between chiplets, which should improve processor cost/performance while creating more diversity in processor types.

Members of the storage and computing communities must understand CXL if they want to keep up with tomorrow’s most productive computing configurations.

This presentation will begin with a brief CXL tutorial, to explain what it is and why it is needed, and then moves to use cases and the various configurations that the new protocol supports.  Attendees will learn:
- Why CXL came into being, and what memory models it supports.
- The problem of “stranded” memory, and how CXL addresses it.
- How CXL benefits the adoption of storage class memory.
- CXL’s use in the UCIe chiplet interface.
- What storage admins must prepare for as CXL rolls out.

About the speaker:
Jim Handy of Objective Analysis has over 35 years in the electronics industry including 20 years as a leading semiconductor and SSD industry analyst. Early in his career he held marketing and design positions at leading semiconductor suppliers including Intel, National Semiconductor, and Infineon. A frequent presenter at trade shows, Mr. Handy is highly respected for his technical depth, accurate forecasts, widespread industry presence and volume of publication. He has written hundreds of market reports, articles for trade journals, and white papers, and is frequently interviewed and quoted in the electronics trade press and other media.  He posts blogs at www.TheMemoryGuy.com, and www.TheSSDguy.com.

CXL is coming: Are you ready?

The 24x7 threat of a data breach is making more CISOs hyper-focused on securing cloud-resident sensitive data, as this data is a prime target for malicious actors. Its presence poses a huge risk, especially for model-driven organizations with hybrid and multi-cloud environments.  

Join Jack Poller (Senior Analyst at ESG), Bernard Brantley (CISO of Corelight), Rahul Gupta (Head of Security & GRC at Sigma), and Amer Deeba (CEO of Normalyze) in an interactive panel as these security leaders share insights on: 

• Why the security of cloud-resident data is a key concern for CISOs
• How enterprises are shifting security strategy with more emphasis on protecting cloud-resident sensitive data 
• Selecting an effective framework for cloud data security
• Top three best practices to help security teams more effective at protecting sensitive cloud data

CISOs Take on Cloud Data Security: Best Practices, Challenges, & Attack Trends

What we are hearing from CISOs, Nick Lantuh, Co-founder & CEO of Interpres Security explains, is that cybersecurity has become too costly, complicated, siloed, and requires significant manual engineering to succeed using current methods. These issues dovetail with the competing objectives to secure your organization from large-scale attacks, while simultaneously optimizing costs in today’s budget constrained environment.

A threat-centric cybersecurity approach holds the key to resolving many of these issues, in which defense surface management is key. Tune in as Lantuh and an ESG analyst deconstruct this topic in the following Fireside Chat.

Additional agenda topics include:
•     Why defense surface management is needed in today’s security environments
•     Defense Surface Management concept and origins
•     Steps organizations can take to validate their security strategies
•     How continuous monitoring improves the security posture

A Threat Centric Approach to Cybersecurity

PCI Data Security Standard is a global standard for protecting account data. The latest version PCI-DSS v4.0 was finalized last year. This new standard impacts on every organization and company in the world that accepts debit or credit card payment. 

In this presentation, industry thought leader Ralph Villanueva will leverage his knowledge and expertise in the PCI-DSS standards to discuss its impact on the enterprise endpoints, and provide recommendations on how to use this framework to optimize endpoint security.

Optimize the implementation of PCI-DSS v4.0 on endpoint security

Endpoint security is critical to protecting your organization from cyber threats, but traditional antivirus solutions are no longer enough. Cyber criminals are using sophisticated techniques that can evade detection by antivirus software. This session will explore endpoint security strategies beyond antivirus that can help your organization combat sophisticated threats.

We will cover a range of strategies, including:
- Behavioral analysis: Identifying and blocking malicious behavior on endpoints.
- Application control: Restricting access to certain applications on endpoints to prevent attacks.
- Network segmentation: Isolating endpoints from the rest of the network to limit the spread of attacks.
- Threat intelligence: Leveraging external threat intelligence to identify and block known threats.

Attendees will learn the importance of endpoint detection and response (EDR) solutions, which can provide real-time visibility into endpoint activity and help detect and respond to threats quickly.

By attending this session, viewers will gain a better understanding of the limitations of traditional antivirus solutions and learn about alternative strategies to protect your endpoints from sophisticated threats. You will also learn about the benefits of EDR solutions and how they can improve your organization's overall security posture.

Beyond antivirus: Endpoint security strategies to combat sophisticated threats

Tune into this session, presented by Boleaum Inc.'s Vincent Amanyi, to learn how to implement a best practice identity access management (IAM) framework that is aligned with your zero trust policies.

Attendees will learn how to:
- Identify what matters in your enterprise environment. 
- Develop a strategy with a realistic budget. 
- Partner vendor's with the right solutions to your environment.

Implement best practice IAM and zero trust

Security teams are at now loss for telemetry from their devices -- the struggle is to make sense of it all. Many breaches occur not because detection didn’t work, but because the noise was so loud that the breach got missed until it is too late. 

This talk, presented by cybersecurity expert John Bambenek will cover how to engineer the right data sources from end points to not only build detection models, but to enhance and prioritize events to identify chains of behaviors that will lead to breaches if unaddressed.

Creating threat analytics on the endpoint

What does your cybersecurity posture look like in 2023? Tune into this webinar from Towerwall Founder and CEO Michelle Drolet as she discusses the latest cyberthreat trends and provides the necessary insights to defend against evolving attacks.

Based on the research and real-world experiences, we will discuss:

• The lasting cyber impact of the war in Ukraine.
• The maturity of the “as-a-service” industry  and how it has put advanced threat tactics into the hands of nearly any criminal.
• How ransomware operators have evolved  their activities and mechanisms, both to evade detection and to incorporate novel techniques.
• A deep dive into the abuse of legitimate security tools by criminals to execute attacks.
• An analysis of the threats facing Linux, Mac, and mobile systems.

Discover the latest cyber threat trends

What is XDR? What is extended detection and response? What does that even mean?

The evolution of of endpoint protection (EPP) to managed detection and response (MDR) to eXtended detection and response (XDR) is natural and expected.

Just as it was great to protect your desktops and servers -- the endpoints of your network -- with antivirus software, it naturally evolved into requiring 24x7 endpoint monitoring all 365 days of the year. 

Now that more and more companies are monitoring the network and firewall on a continuous basis, incorporating those threat intelligence feeds into your MDR solution to give you XDR is natural as well.

But what all do you get with this evolutionary step? Tune into this session from expert John Bruggeman who will explore  the major vendors in the XDR space, what they do and don't provide, and how you can make the right choice for your environment.

Protect your endpoints with evolutionary XDR

Space systems provide many critical functions to the military, federal agencies, and infrastructure networks. Space Policy Directive-5 Cybersecurity Principles for Space Systems describes the cyber threat to space systems and the need for these systems to be secure and resilient against cyber-attacks. Cyber defenses for space systems must be implemented in size, weight, and power (SWAP)-constrained, real-time operating environments that cannot tolerate increased latency and other common detrimental side-effects of cyber defenses. 

In this webinar, WiCyS strategic partner Sandia National Laboratories will discuss these challenges. They have been researching moving target defenses (MTD) to protect space systems against cyber-attacks. MTDs create dynamic, uncertain environments on space systems and can be used to defeat cyber threats against these systems. Furthermore, MTDs do not require the detection of an adversary to mitigate the effects of an attack.

Can’t make it during the scheduled webinar? Go ahead and register to receive a recording as soon as we wrap up!

Moving Target Defense for Space Systems

Cyber attacks are rising against critical infrastructure systems and have serious implications for our national security. In addition, many interconnected systems are becoming increasingly cyber-physical due to modernization efforts. For example, the electric grid has rapidly evolved with smart grid technologies, wide-area monitoring capabilities, and advanced automation. Therefore, it is crucial to understand the impact of multi-hazard events such as cyber-attacks and extreme weather on these cyber-physical systems.

In this webinar, WiCyS strategic partner Sandia National Laboratories will discuss approaches for incorporating cyber-physical analysis in electric grid response and defense mechanisms for increased situational awareness, improved response, and resilience. This will include ongoing research and development overviews for cyber-physical anomaly detection, cyber-physical data fusion, cyber-physical mitigation deployment, and characterizing cyber-physical system interdependencies.

Can’t make it during the scheduled webinar? Go ahead and register to receive a recording as soon as we wrap up!

Improving Electric Grid Cybersecurity with Cyber-Physical Analysis

The recent rash of ransomware attacks and evolving cyber security threats make cyber security insurance a necessity, both to protect the company and to reassure clients and investors of the safety of their data. 

In this presentation, Ralph Villanueva will leverage more than a decade’s IT security and compliance experience, and his intimate knowledge of cyber security insurance as a licensed agent and broker for property and casualty insurance, including cyber security insurance, to discuss how IT leadership can make their company more cyber security insurable.

Tune into this webinar to learn:
•         Relevant information that cybersecurity insurance underwriters need.
•         Key areas that can affect the company’s cyber insurability.
•         Actions that the IT leadership can do to make the company cyber insurable.

About the speaker:
Ralph has been keeping his employers compliant with IT and cybersecurity requirements across numerous and diverse regulations such as the Nevada Gaming Control Board, Payment Card Industry, COSO-Integrated Framework, COBIT and ISO 27001 since 2007, and data privacy since 2017. His more than two decades of internal and IT audit and compliance work in the US and the Asia Pacific region provide him with insights not only in enforcing IT and cybersecurity requirements in light of changing regulatory and technical environments, but also in anticipating and dealing with future. Ralph has also earned numerous certifications such as the ISO 27001LA and ISO 27701LA, CISA and CISM, PCI-ISA and PCIP, CIA and CRMA, CFE, CPA and ITIL. Since 2010, Ralph has regularly spoken at over 40 conferences.

Tips to make your company cyber insurable

Historically, risk management has consisted of the controls over risk, acceptance of risk, and transfer of risk. Cyber resilience overlays those concepts with cyber-related security, business continuity and cyber insurance. This presentation from Risk Masters International's Executive Principal Steven Ross will examine how insurance fits into a cyber resilience program and what the challenges are in obtaining coverage that meets an organization’s needs.

Tune into this webinar to learn:
• How market forces, especially ransomware and cryptocurrency, have affected both resilience and insurance.
• The technology challenges in acquiring cyber insurance.
• How small and medium sized businesses are affected in their ability to be cyber resilient.
• Inclusion of artificial intelligence in insurance decisions.

About the speaker:
Steve holds certification as a Master Business Continuity Professional (MBCP) as well as a Certified Information Systems Security Professional (CISSP) and a Certified Information Systems Auditor (CISA). He is a specialist in business continuity management, IT disaster recovery planning, and information security and has implemented programs for numerous banks, government agencies, and industrial corporations. Before founding Risk Masters, Steve was with Deloitte & Touche as the leader of their Business Continuity Management practice. In recent years, his focus has been on the resilience of large business and technology environments. He is editor of the multi-volume series, e-Commerce Security, and author of several of the books in the series.

Cyber insurance as a part of a cyber resilience program

Tune into this webinar session, presented by Boleaum Inc. founder Vincent Amanyi, to learn the three fundamental factors to consider when building a classic ransomware protection strategy for your organizational landscape.

Key Takeaways:
- How to prepare a recover plan.
- How to limit the scope of damage from a ransomware attack.
- How to harden your environment, making it harder for ransomware attacks to get in.

Three-phase ransomware protection strategy

Ransomware is an omnipresent threat to every business. A comprehensive defense and recovery plan is an essential requirement for managing and mitigating this risk. Such a plan must take a 360-degree view of the enterprise’s risk as well as identify and address the many uncertainties faced by victims of ransomware.

This presentation from Risk Masters International's Allan Cytryn will provide this 360-degree view. Participants will come away understanding the ransomware risk vectors, the options for addressing them, and the limits of their effectiveness. Recovery is a key component of risk mitigation. Relevant options and alternatives will be discussed. 

In addition, attendees will learn the the operational lifecycle of a ransomware attack – from anticipatory risk mitigation, to attack, then to recovery, and finally resumption of normal operations. Recovery planning is only effective if conducted in this broader context.

About the speaker:
Allan has more than 30 years of experience in senior IT Leadership roles in the finance and financial services sector. His responsibilities have included Regional CIO and Managing Director for Applications at Deloitte, CIO for Simpson Thacher & Bartlett, Vice President of Corporate Finance at Goldman Sachs, Group Vice President for Funds Transfer and Foreign Exchange Systems at Bankers Trust.

Allan is also on the Executive Board of the Boston Global Forum, a think-tank founded by Governor Michael Dukakis. In this role he has advised governments on Cyber Security and AI policies and has contributed to the 2016 G7 Cyber Security Declaration at the G7 meeting in Isa Shima, Japan. This was the first ever joint statement on cyber security from the G7 world leaders.

Recovery from a ransomware attack: How to prepare and plan to minimize risk

Ransomware attacks are top of mind for CISOs and CIOs as they can cripple an entire enterprise. Making matters worse, some ransomware operators are stealing data and trying to extort organizations publicly to get paid. 

Tune into this talk to learn some of the newest ransomware trends including how threat actors are attacking cloud resources. and the sophisticated threat prevention techniques organizations can adopt to stop ransomware before their organization falls prey.

How I learned to halt ransomware and stop worrying

Protect & Improve Your Business: Top 5 Best Practices for Connected Devices

Embrace the Suck: How to Protect IoT Devices You Can't Change

Considering IoT, Think Security

Top Five Myths About Securing IoT

The Internet of Insufficiently Safe Things

Building Trust and Security into the IoT

How to Get Yourself Cyber-Ready in an Era of Unknown Threats

Auditing IoT

IoT Architecture, Vulnerabilities and Exploits

Mitigating the Risk of IoT with Application Security Testing

Securing IoT: Trust No Thing

IoT Threats and Vulnerabilities

The Role of AI in IoT Security

Solving Mobile Security: Peer-tested Strategies That Work

Going Fast with Cybersecurity – DevSecOps Can Help

Inside the MIND of a Hacker – How a Lightbulb Almost Stopped Christmas

Eliminate the IoT Security Blind Spot

Piecing Together IoT Risk from Flexible & Fractured Design Components

IoT Security – Debunking the “We Aren’t THAT Connected” Myth

What's Needed to Secure the IoT & IIoT

Effective IoT Threat Modeling and Data Privacy

Securing the IoT: Keeping planes in the air and the lights on at home

Security-Enabling Industrial IoT – What Are the Challenges?

How to Better Secure the Internet of Vulnerable Things

IoT - Forget the Hype and Focus on What It Means for Your Organisation

Your IoT Security Strategy: Critical Factors For Secure Implementations

Securing the IoT

How do hackers infiltrate organizations through IoT connected devices? What can be done to prevent the next attack via an IoT device?  Why can a weakened link in the IoT chain lead to compromised digital assets? The Internet of Things (IoT) is bringing convenience to consumers and process optimization to businesses, but it comes at a cost. Exploding onto the IT scene and the consumer world, it has created endless opportunities for a super-connected environment. But IoT could also signal the next security crisis. IoT formed a rising tide of shadow IT and a new frontier to data security vulnerabilities, in an ever-expanding attack surface. 

By joining this webinar with XM Cyber’s Security Expert, Amit Waisel, you will learn about the perils of an expanding attack surface and what can be done to prevent an APT attack via an IoT connected device.  We will dive into hard core questions including:
- How an ever-expanding IoT attack surface is creating multiple opportunities for the perfect attack vector to digital assets
- Why an innocent aquarium thermometer, defibrillator or printer is a possible gateway to disaster
- Steps you can take to avoid a potential crisis

About the Speaker
Amit Waisel is a Senior cybersecurity Engineer at XM Cyber. He is a seasoned data security expert with vast experience in cyber offensive projects. Prior to XM Cyber, Amit filled multiple data security positions in the Israel intelligence Corps. He graduated from the Open University with a BSc. in Computer Science and is currently completing a MSc. degree in Computer Science at Tel Aviv University.

How IoT Expands Hackers Attack Surface

Internet of Things

Hackers

Cyber Attacks

Security

Threat Intelligence

Connected Device

Vulnerabilities

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How IoT Expands Hackers Attack Surface

Presented by

About this talk

More from this channel