Tweet, Like and Poke Your Network into Disaster: The Dangers of Web 2.0 Apps
Social networks like Facebook and Twitter pose the biggest threat to your network. But, as security professionals, we often pay more attention to interesting, flashy, and complex attack vectors - such as high-end APT attacks targeting nuclear facilities - than we do mundane, everyday attacks. However, in the past, mundane attacks, like emails with nasty attachments, accounted for the majority of actual breaches. So what's the mundane "malicious email attachment" of 2011? Two words-- Facebook links.
Today, it's clear that the web is the most dangerous place on the Internet, and social networks are the front lines of the web battle. While the security community theorizes about the potential damage from a global cyberwar, most businesses still don't do a good job of defending against basic social network and web threats, largely because they lack the necessary security controls.
In this webinar WatchGuard's Director of Security Strategy and CISSP, Corey Nachreiner, will describe why social networks will pose the biggest threat to your network for years to come. You'll learn attributes that make social networks like Facebook especially dangerous; how attackers leverage Web 2.0 applications to infiltrate your networks, and how real-world attackers target social networks today with attacks ranging from cyberbullying to drive-by download delivery. More importantly, Nachreiner will suggest some practical network defenses and controls that will give you back the reins to your network.
RecordedMar 15 201249 mins
Your place is confirmed, we'll send you email reminders
Muhammad Ahmad, CISO at FINCA Microfinance Bank, Mike Lloyd, CTO at RedSeal & JP Bourget, President at BlueCycle
In 2019, the United States had 1,473 data breaches with over 164.68 million sensitive records exposed. In the first half of 2020, there were 540 reported data breaches, according to Statistica. What can we apply from 2020? How can enterprises better protect against a data breach in 2021? Hear from the experts and learn the best practices around faster breach detection and response.
Join experts and thought leaders for a roundtable discussion on the tools and policies that make breach prevention possible and the solutions that can help keep your networks secure and make it easier to detect and deal with intruders.
- Lessons from the biggest breaches in 2020
- How to prepare for the inevitable and have a plan in place for during and after the breach
- Types of attacks enterprises need to prepare for
- Threat modeling and risk management
- Best in class solutions and recommendations for security teams
- Staying sane in the SOC and strategies for dealing with stress and alert fatigue
Cybersecurity is often expensive, time-consuming and can have catastrophic consequences if done wrong. From scams designed to steal money to attacks designed to disrupt business and bring production to a halt, attackers have been upping their game continuously.
In the meantime, the security vendor's marketing departments relentlessly try to sell the latest and greatest "solution" to our problems with catchy ideas and the latest trends and buzzwords. Do we really need AI-enabled, ML-enhanced, multi-disciplinary, automated threat hunting cloud-connected, quantum controlled, blockchain-processing toasters in our organizations? Marketing departments sure think so. Sadly, all of this buzzword bingo has drawn attention away from securing the basics in favor of more technology, which requires more trained cybersecurity professionals to manage and really don't reduce our risk in any meaningful way.
This session will focus on 7 low-cost, but vital fundamental security principles that are being overlooked, resulting in significant breaches and disruption in small, medium and global organizations alike.
We’re all trying to protect constantly changing network environments without enough people, and with too many tools – all while we face attackers who are persistent and automated. Dr. Mike Lloyd, RedSeal CTO, draws on his background in epidemiology and modern cybersecurity, as well as his study of history, to show how others have dealt with such challenges, and extracts practical lessons you can use to decrease complexity and increase digital resilience.
Molly Payne, Recovering Threat Hunter currently in the role of Raytheon’s MSSP SOC Manager at Raytheon
Software and Data systems in most people’s companies are complicated and tend to grow organically. This organic growth can make it difficult to know what/where/how your assets need protecting. Come join me for a cup of coffee while I share the strategies I use through stories from the field on how to help you threat model your environment and take a proactive step to breach protection.
Problem to be Solved: How do I know what to protect?
Solution: Have coffee with your managers and use three simple question to threat model the assets they control.
Delivery: Sharing three stories from my work as a SOC manager, Analyst and Threat Hunter as examples of why to threat model, and how easy it can be.
1. The case of the lost donor list.
a. Third Party Vendor Compromise
2. What does the FBI and Web shells have in common?You.
Ray Espinoza, Chief Information Security Officer at Cobalt.io
Description of the webcast content in enough detail to outline the challenge or the problem to be solved, the solution you propose and importantly some bullet points/key takeaways for the audience e.g in this webinar you will learn... (2k character-max)
Security leaders at high-growth startups and major enterprises alike are asking themselves, “How do I level up my program this year?” Economic uncertainty, a global pandemic, and rising customer expectations make this question even more complex.
Join Ray Espinoza, current head of security at pentesting company Cobalt, as he draws upon years of experience managing infosec programs at eBay, Workday, Amazon, and Cisco as well as working with heads of security at both large and small businesses. Ray will draw upon his time spent “in the trenches” to tackle common CISO pain points around program planning and execution.
Specific topics which he will explore include the following:
How the concept of “security maturity” differs for companies of varying size -- and how to measure progress.
The characteristics and practices that define more mature security teams.
Professional blunders that yield tangible learnings, and strategies for avoiding common pitfalls (including basic breach prevention).
The advent of pentesting 2.0, and how it fits more neatly into agile development lifecycles.
If there is a specific topic which you’d like Ray to address, submit your question for consideration to XYZ.
David Swift, Director of Partner Enablement at Securonix
Phishing and other human-facing social engineering tactics remain the primary vectors of successful attacks. The transition to remote work greatly expanded the attack surface and opened new vectors for campaigns.
Organized cybercrime groups commonly use zero-day attacks to avoid detection. They typically compromise user credentials, so they can move across your organization to get to your most precious data.
How can you detect zero-day events without constant rules updates and rewrites and sifting through mountains of false positives?
How do you achieve infinite scale without an endless number of events to triage?
David Swift will discuss the top ten use cases and three keys to finding security threats in any environment using behavioral analytics. You will learn:
-The critical threat detection techniques to identify zero-day and malicious activity from both outside attackers and internal users.
-Five indicators that combine known threats and machine learning to identify compromises.
-Key log sources needed to solve the compromised user dilemma and how to detect misuse and malware.
-Primary use cases across industries such as Manufacturing, Healthcare, Energy, and Financial Services.
David Swift is a 15-year veteran of SIEMs, UEBA, SOCs and a security evangelist.
Panelists: Allen Ohanian at Dept. of Children & Family Services, Ashton D'Cruz at NatWest Markets, Nir Shafrir at Nyotron
2020 was the worst year on record for breaches. E.g. there were 2,935 publicly reported breaches in the first three quarters of 2020. According to a recent report from Risk Based Security, the number of records exposed in 2020 was up to 36 billion.
What can enterprises learn from this and do to better protect their data? Is breach prevention even possible?
Hear from the experts on what the new normal for organizations looks like, the cybersecurity best practices to adopt and what's in store for the rest of 2021.
The topics up for discussion will include:
- Cybersecurity in the new normal
- How attackers have take advantage of the pandemic
- Critical steps to take on the path to preventing data breaches
- Why data protection and cybersecurity should not be separate functions
- Best practices and solutions for breach detection and response
- Lessons from the field and recommendations for CISOs
Tee Patel, COO, vCISO at Iron Oak Security & Dave Sifleet, Security & Governance Sr Consultant at Hytec Information Security
Handling of security breaches is vital – but what assurance do you have that you will even notice one in a timely manner? And if you do, will you have everything in place to make an informed decision and respond?
In this talk, we’ll:
-Cover off all the basics – who to involve, where to look, and how to tie your activities together.
-Consider how to rapidly progress your knowledge from detecting ‘something’ to building rapid and informed understanding of a breach.
-Analyse the activities required before you hit the ‘response’ stage from the highest level.
Himanshu Dubey, Director of Security Labs & Sangram Desai, Project Manager at Quick Heal Technologies Ltd.
Endpoints are the most targeted entity by Cyber Attackers. As per this survey by Ponemon institute, 68% of the organizations have experienced endpoint attacks, of which 80% were unknown threats / zero days. And the average patch gap to respond to these attacks was 97 days!
Cyber attackers are always identifying newer avenues to infiltrate organization’s networks. In current times, as more and more organizations go through rapid digital transformation, the opportunities available for Cyber Attackers are at an all time high; and they are pulling out all stops to leverage that
Organizations need to have robust protection mechanisms to minimize the possibility of a successful Cyber Attack against their network. At the same time, they must be prepared for a successful breach. In this talk we will discuss the approaches that organizations can adopt to detect and respond to successful breaches in their environment.
- Major Security threats- Zero-day attacks, APTs, Trojans
- Why Breach Detection is needed
- Various tools & techniques that can be adopted for Breach Detection
2020 showed us that there is no silver bullet. Everyone is getting attacked. We will discuss what makes the hackers be one step ahead of all defense systems and how Cyber 2.0 brings a new method of defense being one step a head of the hackers.
With the increasing globalization of business, the international flow of data is creating unique complexities in developing and maintaining effective global compliance solutions in security and privacy. This presentation will explore impactful regulatory frameworks, including the EU's General Data Protection Regulation, and the California Consumer Privacy Act, drawing parallels and identifying differences. Ultimately, the talk will provide attendees with effective solutions to proactively comply with global regulatory requirements in both privacy and security and prevent privacy and security breaches.
Will Ehgoetz | Senior Threat Hunter, IntelliGO Networks
Recently we have seen significant and wide-reaching cybersecurity breaches making headlines. William Ehgoetz, Senior Threat Hunter at ActZero / IntelliGO leads our Threat Hunting team and deals first-hand with the fallout of such events. In this webinar, he will focus on on things you can do proactively to overcome such concerns, both on your own, or with external help - so that you can rest assured, there is no need to panic.
The webinar will cover;
- Why blind panic won’t help & why you need to trust in your cybersecurity program
- How employee education, training, and having an incident response plan in place helps
- Some of the more effective / proactive options (e.g Software Restrictions Policy) and other advice he gives our MDR clients
- How integrating threat hunting into an organization’s existing security capabilities offers proactive protection against adversaries
John Robison, Chief Security Officer at ProMiles, INC.
This presentation presents breach management having two requirements, controlled and uncontrolled. Today, the CSIRP is a mythological beast. Theses two requirements of breach management are the reasons for the myth. The missing first step was found as evidenced by participating in audits and jobs. Why planning for the breach is necessary. Key people, identified by name in contract or law, are to be the principle agents of notification. Identifying responsible parties for both of the two requirements is one problem. Find out the other problems.
The average ransomware spreads as follows: (1) attacker phishes their way onto an employee workstation.; (2) attacker extracts admin credentials from employee’s workstation and (3) attacker uses admin credentials to move laterally.
So why were admin credentials present on an employee’s workstation? JD Sherry of Remediant explores the role of administrator privileges in a breach and how securing 24x7 admin rights can sustainably prevent the spread of a breach beyond the first point of intrusion. 24x7 administrator access on endpoints can be used by attackers to spread ransomware and move from one machine to the next. This is an important concept to understand because
1. A lot of 24x7 administrator access exists and each account creates a point of exposure. For example, Remediant sees that the average employee workstation has 480 admins with 24x7 access to it
2. This access is business justified (needed by systems administrators, IT helpdesks) and spreads over time
3. Easy for attackers to find: These accounts are easy targets for attackers because they are easy to find, provide powerful access and always available
4. Not easy for security teams to fix: Finally, 24x7 access is very hard to find and clean up for security or IT operations teams
It’s no wonder 74% of breached organizations admit to the involvement of a privileged account.
Thad Mann, VP & Cybersecurity Strategist at WaveStrong, Inc.
As security practitioners, we recommend a balanced approach to enable better business outcomes while adequately protecting digital assets from unauthorized use and malicious attacks.
But what is the right balance?
Even though companies spend significant amounts money and expend precious resources to protect their business, the impact of data breaches have only increased. Time and time again we read reports that, regardless of how much time, money and resources are expended, organizations continue to be impacted by nefarious and malicious actors.
Is there a better way?
I contend that taking a data-centric approach to improving your security program will also have the benefit of significantly reducing the impact of future security breaches. In fact, a properly deployed and managed enterprise Data Protection Program can help you prevent breaches.
Is it that simple?
Although vendors have done a good job of simplifying the deployment and management of their tools, deploying these solutions in the context of a complex enterprise is nontrivial. For example, what is the best way to integrate the tools so that there are adequate layers of security to protect the asset without adding unnecessary complexity.
In this webinar you will learn to :
Understand what is a data-centric security approach
Prevent breaches with a data-centric approach
Operationalize your enterprise data protection program
Select and prioritize data-centric security tools
Jeff Foresman, VP of Security Operations & CISO at Digital Hands
Organizations today are losing the battle against sophisticated cyber criminals to prevent, detect and respond to malware, ransomware, and data breaches. Security data holds many answers, but only if an organization can easily and quickly collect, understand, and prioritize the information to respond in a quick and efficient manner. There are also numerous threat intelligence sources but organizations are struggling to understand how to utilize this data in a meaningful way.
This presentation will focus on answering the following questions:
• What is going on? - Can you protect and defend in real time to prevent becoming another global breach or ransomware news headline?
• How Important is it? - Can you quickly and easily get the security intelligence needed to prevent, detect, and respond to incidents before they do damage?
• Where should I focus? - Do you have the right solutions and resources to effectively and rapidly action threat responses across your security infrastructure?
Attendees to this discussion will come away with an understanding of the cyber threats and how an organization can develop solutions to effectively prevent and detect malware outbreaks, ransomware attacks and data breaches. Attendees will also gain an understanding of Threat Intelligence options and how to integrate it into your prevention and detection solutions.
Shinesa Cambric, Identity Governance and Compliance Architect, GleauxbalMinds Security Consulting
When it comes to security, the “softer” skills of governance, designing good architecture, and embedding good change management often get forsaken in favor of tools and quick implementations. However, embracing these items should be at the core of your cloud security strategy. In reviewing the OWASP Top 10 and the MITRE ATT&CK® framework for cloud, many of the attack vectors could be reduced through good governance and change management hygiene. Join this session to take a look at native tools within cloud environments that will help show your “soft side”.
John Kim, NVIDIA; Eric Hibbard, SNIA; Alex McDonald, SNIA; Tom Friend, Illuminosi
So much of what we discuss within SNIA is the latest emerging technologies in storage. While it’s good to know about what technology is coming, it’s also important to understand the technologies that should be sunsetted.
In this webcast, you’ll learn about storage technologies and practices in your data center that are ready for refresh or possibly retirement. Find out why some long-standing technologies and practices should be re-evaluated. We’ll discuss:
•Obsolete hardware, protocols, interfaces and other aspects of storage
•Why certain technologies are no longer in general use
•Technologies on their way out and why
•Drivers for change
•Justifications for obsoleting proven technologies
•Trade-offs risks: new faster/better vs. proven/working tech
Matt Bishop, University of California Davis | Richard Ford, Cyren | Josh Douglas, Mimecast
In this round table, we bring together three vastly different perspectives on the same problem to see where we are, what we can do about it, and what our future looks like. Our round table discussion includes the vendor, customer, and researcher perspective. While each of us experiences the problems we face differently by seeing our vulnerabilities and opportunities from different viewpoints we can find the best possible solution.
We will begin by discussing how we got here and what today’s threat landscape looks like with respect to email-centric threats. We will then explore the raft of mitigation techniques available, where they work… and where they don’t. We will also look at the system writ large, and explore the impact systemic changes, such as the shift of business mail to O365, are likely to have on attackers. Finally, we will discuss how we see things changing in the future: what will the conversation in five years look like?
At every point in this discussion, our focus is on engaging a diverse set of views and pointing out practical steps that defenders can take to provide the most cost-effective and pragmatic solutions to protect their users from a threat that is only going to grow.
In this webinar you will learn:
• How to think about the email vector the same way the attacker does: it’s about the people, not the medium
• What attacks we see today and why they work
• How to build a comprehensive strategy that helps secure the messaging channel
• How to measure and prove to your boss you built a comprehensive strategy that helped secure the messaging channel
• How we think these kinds of attacks will change in a coevolutionary system
Aaron Klein, SecureCloudDB // Tim Sandage, AWS // Mike Hughes, Prism RA // Jeff Collins, Lightstream // Tyler Kennedy, Rewind
There’s something refreshing about starting a new year. What’s not so refreshing is facing new security risks. To fortify your approach and learn a few must-take steps, join us to hear how a panel of experts is approaching cloud security in 2021.
SecureCloudDB Founder Aaron Klein will moderate a candid conversation with expert security leaders Tim Sandage of AWS, Mike Hughes of Prism RA, Jeff Collins of Lightstream, and Tyler Kennedy of Rewind as they discuss:
- Emerging cloud security trends
- The biggest security threats facing organizations
- Strategies to prevent or stop an attack
- Actions that you should take today
- Regulations to watch out for
- Considerations for CISOs using the public cloud
This panel will offer practical advice about emerging threats and recommended counters for anyone who is responsible for navigating security in the cloud. Come with questions as live audience Q&A will wrap up the session.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.
Tweet, Like and Poke Your Network into Disaster: The Dangers of Web 2.0 AppsCorey Nachreiner, CISSP, Director of Security Strategy, WatchGuard Technologies, Inc.[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]49 mins