It’s hard to express the scale of today’s cyber threat landscape, let alone its global impact. We can tell you that there were nearly four million DDoS attacks around the world in the last six months, and that attack frequency grew by 39 percent. Or that the NETSCOUT ASERT team saw 20,000 unique samples per month from just one family of IoT malware. Or even that it can take only five days from the discovery of a new attack vector to the availability of tools for the script-kiddie designed to exploit that vulnerability.
These numbers, while startling, don’t fully convey the impact of that steady drumbeat of new threats. Cybercrime has entered the mainstream of our culture to an unprecedented extent, and it is here to stay.
Join this video interview live from Las Vegas during Black Hat to learn more about:
- The big trends in DDoS
- New attack vectors found in the past six months and what this means for device and software security
- What enterprises can do to protect themselves
RecordedAug 6 201925 mins
Your place is confirmed, we'll send you email reminders
5G IoT is the latest in the IoT World. This next generation of mobile technology, with features such as Enhanced Mobile Broadband, Ultra-Reliable Low Latency Communication, and Massive IoT, is set to radically re-shape today’s mobile networks. This webinar aims at depicting the high-level composition of the end-to-end 5G network architecture termed as 5GS (5G System) and Security in this space.
Leena Bongale | Manager | Data Management & Governance, Personal Banking Data & Analytics | TD Bank Group
Thriving through a cloud ransomware attack is no accident. The only way to avoid becoming a ransomware victim is to plan for an attack and take steps to recover before the attack happens. New Cyberattacks Require New Protection Strategies. So in this presentation I will talk about how to build a plan that can be used in the unfortunate event a company finds itself the target of ransomware. Your key takeaways from this session will be:
• Identifying a ransomware attack and assessing the blast radius
• Activating the Rapid Recovery Plan
• Examining the importance of backup immutability
• Recovering Data with precision
Leena Bongale is a recognized industry expert with over 18 years of experience in Information Technology and specializes in Information Security and Management. She is currently Manager of Data Analytics & Governance at TD Bank. Leena is an accomplished consultant, speaker, trainer, writer, and columnist, and has achieved industry certifications including CRISC and SAP BI. Leena regularly speaks, writes and blogs for some of the most recognized tech companies today on topics including cybersecurity, cloud adoption, business continuity, and compliance.
On Thursday 16th September at 13:00 BST, Benoit Heynderickx Principal Analyst at the ISF will be hosting a live webinar exploring cloud control visibility and how to monitor your cloud controls in a multi-cloud environment.
In this session we will be looking at:
- The main challenges faced by security professionals when it comes to monitoring the controls deployed over the multitude of cloud services recently acquired
- The various solutions at-hands for cloud controls monitoring and reporting across the whole multi-cloud environment
- Future trends leveraging the use of AI techniques for cloud controls monitoring.
Benoit is a principal analyst at the ISF. He is the project lead for the ISF’s Supply Chain suite of products and the research lead for cloud security. Benoit has over 20 years’ experience in information security risk and assurance and has worked across various industries and large organisations. Benoit also has a keen interest in the emerging quantitative techniques in information risk analysis.
Rick Bosworth, MBA Director of Product Marketing, SentinelOne
Enterprise cloud infrastructure use continues its torrid growth as organizations embrace cloud compute and storage to supplement their IT strategy. Unfortunately, so too have ransomware attacks. Ransomware itself has undergone its own digital transformation of sorts, with ransomware as a service, aka RaaS, making even the most sophisticated attack campaigns as simple as a button click. Join Rick as we delve into recent ransomware trends and what each of us can do to secure our organization’s hybrid cloud footprint to minimize the probability, breadth, and impact of future attacks.
Cybersecurity incidents and failures impact critical public infrastructure, national defense, corporate economic interests, and personal privacy. As the magnitude and frequency of cyber events continues to escalate, vendors and agencies are desperately seeking solutions to solve this issue once and for all. In the 1980’s the software development industry was facing similar challenges. That crisis prompted Frederick Brooks to write his iconic paper “No Silver Bullet – Essence and Accident in Software Engineering.” The solutions and technologies detailed in that paper are eerily similar to the “breakthrough” solutions currently proposed for cyber. This presentation examines the “Silver Bullets” of cybersecurity, lessons we can learn from that parallel history, and the essence of challenges that confront modern security practitioners.
Teresa Merklin is a Fellow at Lockheed Martin where she specializes in Cyber Risk Assessment and Engineering for Cyber Resiliency. She is currently attached to the Aeronautics Cyber Range which performs cyber assessment and penetration testing across the complete portfolio of Lockheed Martin aircraft and related systems. She has 30+ years of career experience starting out in embedded software development which slowly morphed into cybersecurity over time. Teresa holds a BSEE from Oklahoma State University, a Masters of Software Engineering from Texas Christian University, and an MBA from the University of Dallas. She holds the CISSP and CSSLP certifications.
Ateef Mulla | Johannes Wiklund | Jeremy Synder | Chani Simms | Raphael Peyret
It’s hard to defend against today’s threatscape while securing users, devices, apps, and data and providing quality customer experience. As organisations need to quickly adapt to an evolving threatscape, new compliance regulations, and customer demands, how can they keep security at the forefront of their cloud adoption plans?
Wherever they are in their cloud adoption journey, it remains necessary for organisations to be critical of cloud security blindspots and secure cloud assets. Join this summit to learn more about what your organisation can be doing to better their cloud security strategies.
Join us to learn:
- The latest threats targeting the cloud in 2021 and how to stay on top of the evolving threatscape
- How to protect your enterprise against ransomware
- How to better secure your cloud applications
- Why visibility across your cloud environments is key for early threat detection and mitigation
Jeremy Synder, Senior Director of Corporate Development, Rapid7
Jo Peterson | Kayode Olafunmiloye | Stan Lowe | Joseph South
Gartner forecasts that global public cloud spend is forecast to grow 18.4% in 2021 to a total of $304.9 billion --up from $257.5 billion in 2020.
Organizations are prioritizing cloud security in 2021. Work life changes that were introduced in 2020 are here to stay. More and more workloads are moving to the cloud and organizations are shoring up remote work practices in accordance with evolving government guidelines.
In today’s session, we’ll review the top 10 Cloud Security Challenges of 2021.
Jo Peterson, VP, Cloud & Security Services, Clarify360
Kayode Olafunmiloye, Senior Manager, Cloud Security Strategy and Architecture, AMD
Stan Lowe, former CISO, Zscaler
Joseph South, Sr Cloud Security Engineer, Guaranteed Rate
Shayak Tarafdar, Team Lead | Himanshu Dubey, Sr. Director, Engineering, SEQRITE
Public cloud infrastructure has emerged as the backbone for innovation-driven growth. By embracing the cloud, enterprises can modernise their IT infrastructure and conjure solutions to serve customers digitally in new and innovative ways. Digital transformation & cloud adoption has further accelerated in recent times, as COVID-19 pandemic forced businesses to setup remote working at an unprecedented scale. Public Cloud services enabled fast & smooth migration to “working from home” by enabling connectivity from anywhere and supporting essential services such as video conferencing & real time communication.
This rapid increase in cloud adoption has introduced numerous new security threats and challenges. Also, this has opened up new attack avenues for Cyber Attackers, and subsequently cyber-attacks against cloud installations are only going to increase in time to come.
In this presentation we will discuss:
• Cloud security risks & challenges
o Multi vector attacks against cloud installations
o Cloud jacking due to misconfigurations and using shared software
o Among others
• Impact of these threats
• Preventive measures
On Tuesday 7th September at 17:00 HKT, Dan Norman, Senior Solutions Analyst at the ISF will be hosting a live webinar to explore the emerging cyber risks that the APAC region may face.
In this session we will be addressing:
- The key political, economic, social, technological, legal and environmental factors impacting APAC
- Future cyber and physical threats that will likely emerge over the next 2-3 years
- Strategies to mitigate emerging risks.
Dan Norman is a Senior Solutions Analyst at the ISF, helping ISF Members to manage current and emerging information/cyber risks. Dan’s historical focus has been on threat intelligence and technology forecasting, with emphasis on running cyber security exercises to prepare organisations for future threats. Dan is also the lead author of the human-centred security research series, which leverages psychological theory to understand manipulative attack techniques and identifies how weaknesses in the human mind can lead to security incidents.
Somnath Ojha, Group Director (CTO's Office), Tejas Networks
In this talk we will discuss the growing cybersecurity threat to utility firms ( power, oil and gas, railways etc) and compare and contrast the strengths/weaknesses of popular packet-optical transport technologies such as IP, Carrier Ethernet, MPLS-TP and OTN technologies from a network security standpoint.
5G brings the power to connect billions of new devices and enable their use in new ways. With that comes significant risk. What types of threats does 5G introduce and what should we consider as we start incorporating 5G into our products?
Katie Grzywacz is a Lockheed Martin Associate Fellow and is the chief cyber architect for the LM Space Centers of Excellence. She has 16+ years of experience that includes security engineering and offensive security testing. She is currently researching cyber threat scenarios that apply to a multitude of 5G use cases.
Ondrej Krehel, PhD, CISSP, CEH, CEI , EnCE Digital Forensics Lead, CEO and Founder, LIFARS
Advanced threat protection services and solutions are must in today’s business environment to protect data as well and the integrity of a business. Threat actors now have the resources to wage war like never before. Advanced Threat Prevention (ATP is made of several components and functions:
• Continuous monitoring and real-time visibility - Threats are often detected too late. After the damage is done. Monitoring and quick action is a must or you will pay the price in resource utilization and reputation damage.
• Context - Monitored threats must contain context for security teams to effectively prioritize threats and organize response.
• Data awareness – Having an understanding of data, its sensitivity, value.
Christopher Van Der Made, Security Developer Advocate, Cisco
It is very important nowadays to stay up to date with all of the cyber threats that are posing all over the world. It is widely known that there are not enough resources to be found to fill up every Security Operation Center (i.e. SOC). Therefore, many organizations struggle with coping with the massive amount of new type of attacks and generated alerts from their tooling. During this session, you will learn how to hunt (and automate your hunt) for active cyber threats in your environment and contain them using integrated connections to network, endpoint, and cloud products. This session is targeted at SOC management, cyber security engineers, threat hunters, and analysts. It will touch on threat detection, investigation and response. All the code will be made available after the session.
Bruno Huttner, Director of Quantum Strategic Initiatives, ID Quantique
As emphasized by the recent controversy about quantum supremacy, the quantum computer is already a reality. Although the timing of the arrival of a quantum computer capable of factoring large integers and therefore of breaking most existing public key cryptosystems is still under debate, the risk to our cybersecurity infrastructure is now real and steadily increasing. In order to prepare our cybersecurity framework to the quantum era, and build a Quantum-Safe infrastructure, action must be taken today.
Fortunately, some solutions exist today and are constantly improving. There come in two very different flavours. One is to find new mathematical problems, which should be immune to the quantum computer threat. This is the domain of Post-Quantum Cryptography. The second is to use the peculiar properties of quantum itself to fight against the quantum computer threat. Current solutions are known as Quantum Random Number Generators, which improve the quality of keys, and Quantum Key Distribution, which enable secure distribution of these keys. Quantum Networks and the future Quantum Internet will soon make these solutions usable in a broad context.
In this presentation, we will outline both solutions and focus on the quantum ones.
Christopher Peters, Application Security Engineer, Premiere Global Services
Security teams can become overwhelmed with vulnerability reports. A myriad of tools exist that provide all kinds of reporting on suspected vulnerabilities in software. False positives (and negatives) are usually present in the data. For the security team, this can create a situation where more time is spent managing the data and reports than fixing things or helping other teams focus their patching efforts.
In order to triage and focus effort on the greatest risk to the business, a different approach may be
needed than the traditional compliance-based ones or systems based on CVSS scores.
In this webinar we’ll start out by defining what exactly the term vulnerability means, how to measure that, and then explore a more risk-based approach.
Jo Peterson | Dustin Lehr | Derek Fisher | Les Correia | Nick Moy
The notion that software runs the world and the world runs on software became even more of a reality during the pandemic. In addition to enabling work from home efforts, organizations hit the Fast Forward button on digital transformation efforts in the last 12-18 months. Gartner points out that the global expenditure on enterprise software will grow by approximately 10.8% and be $516.9 billion in 2021
Software applications can be the weakest link when it comes to the security of the enterprise stack
In this session, we’ll explore:
• Current state of application security
• Best practice guidance
• Importance of a mature application security program
Jo Peterson, Vice President, Cloud and Security Services, Clarify360
Dustin Lehr, Director, Application Security, Fivetran
Derek Fisher, VP Application Security, Envestnet|Yodlee
Les Correia, Global Head of Application Security, The Estee Lauder Companies
Nick Moy, CISSP, GCSA | VP Application Security, Fairway Independent Mortgage Corp.
You're building an application and need to prove it's secure, and to do that you need to find vulnerabilities and fix them. However, there's so much confusion about what that even means, let alone how to do it right, that it can be an uncertain and overwhelming endeavor. Author Ted Harrington takes you to the front lines of ethical hacking and security research, blending real-world exploit stories with actionable insights in order to help you understand how to break -- and fix -- applications. You'll walk away with practical guidance about how to:
- Abuse functionality
- Chain vulnerabilities
- Choose a testing approach & methodology
- And much more
In this "work from anywhere" world, ensuring users can quickly and securely connect to any cloud application they need is critical. To do this, organizations need to transition their network and security strategy to provide secure connectivity for remote workforce. Building your roadmap for the move to SASE cloud offers many benefits. It provides organizations with a path to reducing network and security cost and complexity, while increasing security and connectivity to give your users a better experience, regardless of location.
During this session, Paul Martini, CEO/CTO of iboss, will discuss:
• The true enterprise impact of "work from anywhere"
• How to reduce of eliminate the need for on-prem proxy appliances and VPNs
• The new mindset of security at the edge
• 5 steps to consider when migrating to a SASE cloud platform
The last 12 months have been incredibly turbulent in the cybersecurity world. The move to a hybrid work model has seen many organisations turn their security on its head, with the adoption of security solutions like SASE and Zero Trust. Ransomware has also spiked: according to a new Group-IB report, in 2020 ransomware surged by 150%. As the security landscape evolves and new threats seem to be at every corner, it’s essential to re-evaluate your security posture to ensure that your organisation is as safe as possible.
But what are the key trends thought leaders expect to face this year, and how can we navigate these security threats? Are security teams fully prepared to tackle new risks and breaches?
Join our panel of expert thought leaders as we discuss:
- The key cybersecurity trends of 2021, from SASE, ZTNA and beyond
- Breach prevention, and how to find the right solution for your organisation
- What the ‘new normal’ means for your security teams
- Identity-first security, and why it’s so valuable today
- And more
Michelle Drolet, CEO, Towerwall
Bharath Vasudevan, VP, Alert Logic
David LeBlanc, SecureCloudDB
Anne Blanchard, Senior Director, Nasuni
Kalani Enos | Michelle Drolet| Christopher Kruegel | Ido Safruti | Chris Arsenault
Cyber attacks on companies, governments and individuals grew significantly in 2020. What can enterprises do to better protect their data? Is breach prevention even possible?
Hear from the experts on what the new normal for organizations looks like, the cybersecurity best practices to adopt and what's in store for the rest of 2021.
The topics up for discussion will include:
- Cybersecurity in the new normal
- How attackers have take advantage of the pandemic
- Critical steps to take on the path to preventing data breaches
- Why data protection and cybersecurity should not be separate functions
- Best practices and solutions for breach detection and response
- Lessons from the field and recommendations for CISOs
Michelle Drolet, CEO, Towerwall
Christopher Kruegel, VP Security Services - Network and Security Business Unit (NSBU) at VMware
Ido Safruti, CTO & Co-Founder, PerimeterX
Chris Arsenault, Principal Solutions Architect, BlackBerry
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.