Managing Security in the Age of the Disappearing Network Perimeter
Global commerce was in transition before the pandemic. Now, businesses are accelerating their digital aspirations and work will never be the same. Mobility has raised business productivity, but it’s brought its share of issues, as well. One of the biggest challenges is the need to provide complete, consistent security across devices that you may not own.
• How do I control in one place the security and identification of all devices connecting to my network?
• How can I address the challenge of managing security in a world where cloud computing, mobility and the Internet of things are eroding the network perimeter?
• How can I provide Data Privacy and Data Security and be compliant with GDPR and local regulations?
• How do I give support engineers access to my organization's admin portal, provides Internet security, web security, firewalls, sandboxing, SSL inspection, antivirus, vulnerability management and granular control of user activity in cloud computing, mobile and Internet of things environments?
• How can I provide automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing.
• How can I repurpose the existing WiFi and create key metrics of the deployment and visitors use and integrate data with existing CRM tools?
• How do I dissociate and secure the use of my network among daily guests, consultants, employees and IOT devices?
We will discuss how a cloud-based proxy and firewall can route all traffic through its software to apply corporate and security policies.
RecordedJun 11 202046 mins
Your place is confirmed, we'll send you email reminders
Brandon S. Dunlap; Jeremy Snyder, Rapid 7; Morten Boel Sigurdsson, Omada; Corey Williams, CyberArk
Securing the access to cloud data assets has never been more important. According to the latest Verizon DBIR, 73% of cloud breaches involved an email or web application server, while 77% of these cloud breaches also involved breached credentials. What does this mean for enterprise cloud security, especially in the time of COVID19 and remote working?
Join this keynote panel to learn more about:
- How the landscape has changed in 2020
- Why attackers are focused on identities
- Understanding privileged user behavior and securing identities
- Discover how organizations are doing IAM, and what's needed for a more secure enterprise
- Best practices and recommendations by the experts
Diana Kelley, SecurityCurve | Joseph Carson, Thycotic | Dave Farrow, Barracuda
Instead of the traditional "castle and moat" model of the past, today the security perimeter is being defined around the identity of the person or the device requesting access. What are organizations doing to protect digital identities in the age of breaches? How are the current trends in identity and access management helping address this issue?
Join this interactive roundtable discussion with notable security experts to learn more about:
- The shift to identity-centric security
- The zero trust mindset
- What constitutes strong and effective authentication and authorization
- The role of policy orchestration and enforcement
- Best practices for protecting identities and managing access across the enterprise
- Joseph Carson, Chief Security Scientist and Advisory CISO at Thycotic
- Dave Farrow, VP, Information Security at Barracuda
This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
Jeff Foresman, VP of Security Operations and CISO, Digital Hands; David LeBlanc, Chief Product Officer, SecureCloudDB
The push to remote work in response to the 2020 pandemic pressured many businesses to quickly move to the cloud, often resulting in security decisions being made on the spot. What are the long-term implications for enterprises, the common mistakes made along the way and the ways to overcome them?
Join this panel of experts to learn about the security side of cloud transformation and the best practices for improving cloud security in 2021.
The topics up for discussion during this interactive session will include:
- Security considerations when moving to the cloud
- Rethinking your threat model
- Addressing the complexity of managing hybrid or multi-cloud environments
- Governance and compliance considerations
- Fostering a robust security culture and tighter collaboration between teams
- Best practices and recommendations for moving security operations to the cloud
As more organizations embrace distributed working environments, we see a rapid acceleration of cloud adoption. However, we notice that this adoption is typically done without a strategic migration plan causing more challenges in already complex environment.
Many organizations don’t have a good handle on who should bear a burden of ensuring proper security in the cloud, much less a strong end-to-end vision of what technologies are required to secure their cloud deployments.
In this session you will learn about:
• The current security challenges in the cloud
• How to integrate security throughout the IT life cycle
• How to take a holistic, continuous, and defense-in-depth approach to security
• Technologies that can help you securely adopt cloud
About Milica Lijeskic:
Milica serves a Cloud Security Architect and Compliance Subject Matter Expert at KyberStorm. During her career she has worked across wide range of technologies and industries to implement countermeasures to mission-critical systems hosted in the cloud or on-premises. Her portfolio of work includes the authorship of strategic cybersecurity plans and policies and system architecture designs for federal government agencies and private companies. Her forward looking approach, resourcefulness, and passion for continued education has helped her resolve complex and provide unmatched services to her customers.
Milica holds Bachelor’s degree in Business Leadership from George Mason University, as well as a variety of technical certifications: CISSP, Amazon Web Services (AWS) Solutions Architect, and CompTIA Security +.
Dr. George Edeh, UMGC, Founder, Technology Impact Associates, a Technology Consulting Company
Cloud computing is not going anywhere and the demand for Cloud services quadruple as seen in the demand for Multi-Cloud implementation. Multi-Cloud have many advantages but its complexity creates security challenges that consumers and providers should be concerned about.
This presentation will take you through the tools you need to enable visibility across the entire platforms through a single view point.
Dr. George Edeh, Assistant Professor Cybersecurity Program, UMGC, Founder, Technology Impact Associates, a Technology Consulting Company:email@example.com
James Johnson, Cloud Security Specialist, Proofpoint
In this session we explore the threats associated with cloud security, breach monitoring and prevention.
We also explore how organizations can protect themselves both from a denial of service, information leak, data theft.
With all the limitations of traditional security architectures, we explain how a CASB with Unified Information Protection can achieve cloud & data security detection through to remediation.
Significantly improving enterprise security, bridging the gap between cloud and information security.
After this presentation, attendees will:
- Understand the core principles of people-centric cloud security, and why it’s important to adopt them now.
- How enterprises can achieve a unified, layered defence to cloud and resultant data impact issues.
- Understand how their organization can adapt a people-centric cloud security strategy, integrating with and enhancing their infrastructure.
When it comes to cloud misconfiguration vulnerabilities, compliance frameworks and monitoring tools aren’t always going to help you. If you’re using the cloud, odds are your security model is broken.
The cloud changed the way hackers think and operate: Rather than targeting an organization and then searching for vulnerabilities to exploit, hackers use automation to scan the internet looking for cloud misconfigurations to exploit.
Once an attacker has access to your environment, they use IAM resources like a network to move laterally, find data, and extract it. We’ve graduated from simple misconfiguration mistakes to techniques bad actors are using today to breach data out from under the most advanced cloud security teams—often without detection.
In this talk, Josh Stella Fugue Co-Founder , CEO and CTO, will put you into the hacker mindset so you can think more critically about fixing your broken cloud security.
Specifically, this talk will cover:
- Common cloud misconfigurations that compliance won’t catch
- How attackers take advantage of IAM misconfigurations
- How to find advanced misconfiguration vulnerabilities and fix them
- Strategies for remediation and building security into cloud design
Cloud computing’s security is an area of concern for organizations all over the world in today’s increasingly remote world. As we have send in the recent years security breaches in large organizations point out that some of these security problems present as data breaches while others deal with access control. Whatever the issue, it concerns decision makers greatly when making a choice of software or solution.
Organizations should take note that these security challenges are well documented. At the same time, each presents its own solution to vulnerabilities found in using cloud computing to meet business challenges and customer demands. In short, if you take the right precautions, cloud computing can be both safer and more satisfying for your business needs.
Our presentation is an introduction to some of the security challenges you can mind while relying on cloud computing for your business. We speak on at least four common concerns and their solutions, i.e Data Breaches, Access Control, Data Loss & Denial Of Service.
Bincy Ninan-Moses, Director of Cybersecurity, Integral Consulting Services, Inc.
Over the past year, we have seen a lot of unprecedented changes to our usual way of life with everything and everyone going remote as a result of the COVID-19 pandemic. This has led to various technology disruptions including adoption of multiple cloud environments across the globe. The shift to multiple cloud environments and a fully remote workforce that adds endpoints to access data and networks leads to location-agnostic operations and calls for heightened security that has broken the traditional perimeter-based network security model.
In this session, we will discuss the current proliferation of multiple cloud environments and explore how best to adopt these disruptive multi cloud environments through holistic cloud security solutions and zero trust.
About Bincy Ninan-Moses:
Bincy Ninan-Moses is an enterprise technology solutions and cybersecurity subject matter expert (SME) leading Integral’s cybersecurity and cloud computing practices. She works to build Integral’s technical capabilities through innovative solutions and industry partnerships. She has worked for over 13 years in various roles in technology, cybersecurity, research and analysis, and as a technical solutions architect working at the intersection of business and emerging technology. Bincy has published research on national critical infrastructure security, cyber economic incentives, U.S. national and international innovation ecosystems, science and technology (S&T) policy, and S&T prediction markets. She holds a Bachelor’s degree in Electronics and Communication Engineering from Visvesvaraya Technological University, a Master of Business Administration (MBA) degree from Ohio University, and an Executive certificate in Cybersecurity from Harvard University. Bincy is a Certified Ethical Hacker (CEH) and holds professional certifications in penetration testing, cloud computing, and cybersecurity.
Jeff Foresman, VP of Security Operations & CISO, Digital Hands
We have seen explosive growth in organizations moving applications, services and systems to the Cloud but unfortunately many do not understand how to secure these environments. Numerous IT and Security departments approach security in the cloud as they were securing individual servers in a data center and do not understand how to prevent data breaches or accidental data disclosers. Organizations are also struggling with how to effectively get full visibility into the cloud environment to monitor for malicious activity or configuration errors.
This presentation will focus on how to prevent and detect cloud security incidents including:
- Cloud Security Threats
- Review of Cloud Data Breaches
- How to Prevent Cloud Security Incidents
- How to Detect Cloud Security Incidents
Attendees to this discussion will come away with an understanding of the threats to cloud platforms and how an organization can develop solutions to effectively prevent and detect cloud data breaches. We will also provide best practices and native cloud solution recommendations to harden and monitor their applications, services and systems.
Ted Harrington, Author of Hackable & Executive Partner at ISE | Sushila Nair VP Security Services at NTT DATA
If you don’t fix your security vulnerabilities, attackers will exploit them. It’s simply a matter of who finds them first. If you fail to prove that your software is secure, your sales are at risk, too.
Whether you’re a technology executive, developer, or security professional, you are responsible for securing your application. However, maybe you’re uncertain about what works, what doesn’t, how hackers exploit applications, or how much to spend. Or, maybe you think you do know, but don’t realize what you’re doing wrong.
To defend against attackers, you must think like them. Join Ted Harrington, author of HACKABLE: How to Do Application Security Right and learn:
- how to eradicate security vulnerabilities
- establish a threat model
- build security into the development process
You’ll leave knowing how to build better, more secure products, gain a competitive edge, earn trust, and win sales.
This episode is part of Cyber Authors, a new series with Sushila Nair. We welcome viewer participation and questions during this interactive interview.
This month's episode of The (Security) Balancing Act will look at how the CISO role has evolved in the last few years, what today's expectations are and what it takes to succeed as a CISO.
Some of the topics to be covered during this roundtable discussion with security and tech leaders include:
- How has the CISO role evolved over the last few years and what is expected of CISOs in 2021?
- CISO vs BISO
- How to see ROI on your cybersecurity investment?
- How to get the business to understand risk and care about security?
- How to keep cyber employees happy. The churn is exhausting and costly for companies, and it’s exacerbated by employee burnout and a “grass is greener” approach.
- Patricia Titus, Chief Privacy and Information Security Officer, Markel Corporation
- Jonathan Nguyen-Duy, Vice President, Global Field CISO Team at Fortinet
- Gerald Mancini, Chief Operating Officer of Fidelis Security
This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
With organizations moving infrastructure to the cloud at a record pace, building a perimeter wall around your organization is no longer a viable option for securing your data. Cloud computing completely changes the attack surface available to be exploited and can create potential security vulnerabilities for those unaware of what to look for. Fortunately, the data provided by cloud providers can be your best tool for identifying and mitigating threats. We will take a look at how threat hunting changes in the cloud.
John Grim, Distinguished Architect, Verizon Threat Research Advisory Center
For the 2014-2020 DBIR (Data Breach Investigations Report) timeframe, annually, we see Financial motive underlying breaches between 67% and 86% of the time and Espionage motive as the driver between 10% and 26% of the time. Given their nature (e.g., stealthy tactics, specific targeting), Espionage attacks can be difficult to detect and identify as an actual Espionage-related attack (given scant IoCs and other details). Whereas Financial attacks—if not detected while occurring or soon thereafter—eventually become apparent when money goes missing. At that point, the Financial motive, if not already ascertained, can be determined.
When we look at the VERIS (Vocabulary for Event Recording and Incident Sharing) A4 Threat Model—Actors, Actions, Attributes, Assets—we see similarities with and differences between data breaches involving Financial attacks and Espionage attacks. Join this session and discover:
· how data breaches with Financial and Espionage motives compare
· how data breaches with Financial and Espionage motives differ
· what can be done to counter either Financial and Espionage attacks
Due to the fast pace the organizations are using for their digital transformation, cybersecurity excellence is becoming difficult to achieve.
Most organizations need to consider not only a single network to secure, but also mobile developments, hybrid cloud implementation, among many other environments. This also includes a complex software development lifecycle, like DevSecOps, microservices, containers, etc.
Being on the top of the game is hard, so it is better to have a good strategy to be proactive to prevent new attacks (who wants another WannaCry?)
In this talk we will see:
· The best practices to properly defend itself against current threat trends
· How to predict a broad number of future attacks
· How organizations can be more proactive to prevent the next wave of attacks before they occur
Your vendors present a real operational risk to your business in 2021. The pandemic drove major shifts in not only how your business operates and partners, but also how your suppliers operate and partner. These systemic changes left unchecked can leave your business at significant risk to real cybersecurity threats.
Join Troy Vennon, Director of Cybersecurity and Trustworthiness at Covail, for a quick session on:
1. The 2021 outlook on supply chain risk and threats
2. How MITRE ATT&CK can help prioritize threats and risks
3. Practical, actionable steps to get you on the right path to managing third-party risk with confidence
John Bloomer, Regional Director, Security Engineering, Office of the CTO at Check Point Software
The trouble with the world is not that people know too little; it’s that they know so many things that just aren’t so”. This eye-opening quote by Mark Twain makes one think about the possible misconceptions we might have in our minds.
In our daily life, we use many tools and rapidly adopt innovative technologies to improve our routine. Yet we are being neutral to the risks involved with those tools due to a false belief regarding the attacking vector and potential threats related to those devices.
In this section, we focus and disrupt cyber security misconceptions.
From the digital cameras, that we all use to take photos and our indispensable smartphones, to the newest technologies on the public cloud infrastructures, this session presents our research findings and vulnerabilities on those devices.
The common denominator for those platforms all have weak spots, allowing malicious individuals to take advantages and reach to our data on devices.
Breaking those misconceptions shows that we need to take cyber precautions in order to prevent the potential upcoming attacks.
All vulnerabilities presented on the talk were “responsibly disclosed” and are being discussed publicly after the relevant vendors have applied all patches
Donald Codling, CISO & Chief Privacy Officer & Mark Vanderbeek at REGO Payment Architectures & Johnny Wong at Veracode
The Challenge - With the worldwide migration to Ecommerce platforms accelerating several years ahead of estimates, coupled with an increased attention to personal privacy and data security needs, The demands on all sizes of E Commerce firms to build in security and privacy as a foundation has taken new relevance and urgency. Between the pressures imposed by regulatory measures addressing Cyber Security and Data Privacy measures like CCPA (California Consumer Privacy Act)-GDPR (General Data Protection Regulations) and the increase and evolution of the Cyber Security threat landscape demands a holistic, segmented and layered 'zero trust' approach. (From Theft of Intellectual Property, Theft of Personally Identifiable Information all the way to ransomware-wiperware destroying a companies very existence.)
The approach REGO Payments Architecture has taken with its partners- From the beginning of the technical design and marketing discussions-due primarily to the sensitive nature of the spirit and decision mantra was the platform MUST comply with COPPA and GDPR Privacy and security mandates. We have taken an 'all hazards; approach to the emerging threat landscape and implemented a few key functions-
Some bullet points/key takeaways for the audience e.g in this webinar you will learn.....
1-Need for resilience and redundancy
2-Need to have a holistic view of all the parts
3-Cyber Hygiene has never been more important-patches, updates applied and logged. IAM tools in place, restrict admin access, etc.
4-Maintain across all business units the foundation of security and privacy (Not just meet minimum standards or regulatory threshholds but add extra care whenever possible
Donald Codling, Advisor & Acting CISO & Chief Privacy Officer at REGO Payment Architectures
Mark Vanderbeek, CTO at REGO Payment Architectures
Johnny Wong, Director, Solutions Architecture at Veracode
Lux Rao, Senior Director – Solutions & Consulting at NTT India
Dealing with Cyber Security issues in a post pandemic world
2021 may be the year the world starts to overcome a health pandemic, but the effects on how work is undertaken and the consequent evolution of threats to organizations’ information assets have not yet been fully felt.
The shift to distributed working, accelerated by the pandemic, continues to disrupt organizations’ attempts to mitigate risk. The impact for many organizations has been catastrophic as evidenced by the surge in cyber-attacks in the immediate aftermath of the pandemic.
As security teams grapple with updating organization-wide policies, there are multiple implications thrown up by a distributed workforce including Shadow IT, lack of employee awareness, the insider threat of willful employees collaborating with malicious actors et al – all these coupled with the brazenness of the hackers who may well have found an easy back-door entry into an apparently ‘secure’ Enterprise.
Is there a solution to this issue?
This session will cover the following key areas
-Enforcing the Enterprise Security Posture to a distributed workforce
-The importance of employee accountability & ownership in securing the Enterprise
-Identifying & addressing the scourge of the insider threat - malicious cooperation between outside actors & willful employees.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.