Hi [[ session.user.profile.firstName ]]

Cloud Supply Chain - Lessons learned from MS Exchange and SolarWinds Hacks

The CIA triad’s Integrity pillar is back in the spotlight. Thanks to the biggest cyber attack in history, amplified by hybrid cloud security complexity.

Integrity in software supply chains is now a board level conversation. As software underpins any digital transformation, the importance of ensuring that every line of code is free from tampering by hackers or malicious insiders is paramount.

In this talk we'll cover the depth of technologies supporting objectively provable software integrity.
We’ll explore the breadth of deployment models including SaaS, PaaS, IaaS and on-premises software. Finally, we’ll discuss Integrity automation for CloudSecOps, and share best-practices architecture, and operations recommendations to help you mitigate old, and new supply chain risks.
Recorded Mar 17 2021 67 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Valentin Bercovici, Chainkit Founder and Chief Executive Officer
Presentation preview: Cloud Supply Chain - Lessons learned from MS Exchange and SolarWinds Hacks

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How to Take a Threat-Centric Approach to Security with Managed Security Services Apr 13 2021 9:00 pm UTC 45 mins
    Eric Dowsland, VP, Customer Success, Herjavec Group
    Often times, even with the best technology and software, cybersecurity detection and response strategies don’t meet their maximum potential or, worse yet, fail without a team that has the right capacity and expertise behind them.

    Join Herjavec Group’s VP of Customer Success, Eric Dowsland as he discusses best practices and strategies for enterprise detection and response programs including layering your security approach, and properly leveraging the MITRE ATT&CK Framework.

    Discover how leveraging Managed Security Services (MSS) to support your cybersecurity plan is key to identifying, disrupting, containing, and remediating the onslaught of malware and emerging threats that will occur this year.
  • Breach Detection and Response in the era of Supply Chain Attacks Apr 13 2021 12:00 pm UTC 45 mins
    Sunil Sharma Director of Cyber Defense, Help AG
    SolarWinds Cyberattack came as a wake-up call to many. An attack that most cyber-aware /savvy organizations could not detect for many months. It is a reminder of how an interconnected world can impact us all in a short time.
    Join Sunil Sharma, Director of Cyber Defense for Middle East’s leading provider of strategic consultancy and tailored information security solutions and services company, Help AG, the cybersecurity arm of Etisalat, to discuss supply chain attacks, techniques, and tactics used by advisories to execute such attacks and strategies to detect and respond to supply chain attacks.
  • The Endpoint: Redefined Recorded: Apr 12 2021 61 mins
    Jo Peterson, Clarify360 | Stan Lowe | Doug Saunders, Sweeping Corporation | Christopher Camalang, Alert Logic
    Cloud computing, remote work and the increasing use of mobile devices has redefined the network edge. The concept of endpoint security and the strategies used to protect this new perimeter from sophisticated adversaries and advanced persistent threats has evolved as well

    We’ll discuss:

    • The changing organizational view of the redefined endpoint
    • Increased attack vectors
    • Maturing threat detection and response tools
    • The blurring line between End point security and data security
    • The move to Zero Trust Network Access

    Moderated by:
    Jo Peterson, Vice President, Cloud and Security Services, Clarify360

    Stan Lowe, former CISO of Zscaler and former Global CIO of PerkinElmer
    Doug Saunders.CIO, Sweeping Corporation
    Christopher Camaclang, Technical Partner Manager - US MSP, Alert Logic
  • How to Tie Up Loose Ends with Endpoint Security Recorded: Apr 12 2021 53 mins
    Simon Ratcliffe, Ensono; Brian Robison, BlackBerry, Jason Allen, Digital Hands and Darrin Nowakowski, CGI
    As organizations are making plans to extend working from home through next summer, what are some things employees and IT teams can do to better protect their devices and networks? Learn more about how endpoint security can be implemented and improved to protect your organization from breaches.

    Join this interactive keynote panel with security experts and industry leaders to learn more about:
    - COVID-19’s impact on home network security
    - Why attackers are targeting the endpoint
    - Why your connected devices may be at risk and what to do about it
    - How to seamlessly integrate your endpoint security with existing solutions
    - Identifying threats, solutions and breach prevention best practices
  • The Future of Cyber Security: AI for Offence and Defence Recorded: Apr 9 2021 34 mins
    Sudhir Rai, Data Science Architect | Himanshu Dubey, Director, Security Lab | Quick Heal Technologies Ltd.
    Over last three decades, evolution of Cyber Security & Cyber Attacks has gone hand-in- hand. Whenever one side gains an upper hand, the other comes up with novel ways to move forward. Because of this need for constant evolution, both sides have been at the forefront of new technology adoption. And Artificial Intelligence is no exception.

    Cyber Security vendors have been utilizing AI based solutions in their products for a while now. As these solutions mature, the Attackers are gradually finding it harder to bypass the protection. Subsequently, we expect Cyber Attackers to also start utilizing AI for their purposes. Which would require Security vendors to alter their approach.

    In this talk we will discuss:

    - Current AI usage in Cyber Security and path forward.
    - Potential use of AI by Cyber Attackers.
    - How Cyber Security would have to evolve to counter the new threat.
  • Cybersecurity Narratives in the Digital Era Recorded: Apr 9 2021 45 mins
    Dr. Neelesh Kumbhojkar, Symbiosis International (Deemed University) Pune, India | Ajit Paul, Digital i2o
    Enterprises are adopting digital transformation with an ever-increasing speed to drive growth through new business models with the advent of digital technologies. Digital transformation has now become a business imperative rather than technology imperative. The rapid adoption of digital transformation also coincides with growing focus on Cybersecurity.
    Today, due to ubiquitous connectivity, increased device density and digital technologies such as IoT, the threat surface have expanded multifold . The multiplication of devices and the edge-based automation adds to the complexity and need to manage differently. A denial of service, theft or manipulation of data can damage the customer experience and cause significant damage to the brand value, penalty, revenue loss and jeopardize the livelihood and safety of individual stakeholders. Cybersecurity during and post-transformation is key to the success of the digital transformation and also creating compelling customer experience. On the other side, consumers are expecting more and more proactive measures by enterprise for security and any compromise may results into exudes of loyal consumer from the brand.
    The author intends to take vertical centric and digital transfection centric approach while narrating current state of cybersecurity in those key verticals. It also discusses various practices that today are required to digital transformation more secured and ultimately protect customer experience.
    Key Take Aways:
    1. The Complexity and challenges of Cybersecurity in Enterprises of APAC Region
    2. How can trust and resilience-based ecosystem be enabled by enterprise?
    3. Cross industry view of Cybersecurity

    Dr. Neelesh Kumbhojkar, Director Symbiosis International (Deemed University) Pune, India
    Ajit Paul, Business Transformation Advisor, Digital i2o
  • Re-inventing Cyber Security Recorded: Apr 9 2021 49 mins
    Unmesh Deshpande CTO, Kingsway Hospitals
    We need to carry out a deep introspection about the current state of the IT and InfoSec rollout and the associated policies. The sequence of doing so is of the utmost importance. We may have to re-engineer the following.

    1. Network Security
    2. Application Security
    3. Operational Security
    4. Information Security
    5. BCP & DR
    6. End-User Education

    Computing has seen a significant transformation. The IT services are being utilized and consumed by the end-users in a much different way than before. The stress on the IT managers has increased as they are compelled to allow the much-debated issue of securing and rolling out the BYOD policies. The forced reduction of the headcount & reduced wages has had an adverse impact on the employee’s integrity. Remote users have many peeping toms at home looking at the computer screens. The Home Wi-Fi used by the employees is not secure.

    This leads us to analyze the top 10 areas of concern. Parallelly, the outbreak of an undeclared war between the “Cyber Bullies” and the “IT Security Soldiers” is hotter than ever before. We will discuss the strategies that IT Security Soldiers are adopting and the success thereof.

    The current perceived threats have created opportunities for the vendors providing the NAC, ZeroTrust, RPA’s, ATP’s, infusion of ML and AI into the Firewalls and perimeter security devices to a large extent. The OS and RDBMS patch updates have taken a front stage and are a priority task for the IT Managers.

    We need to draft out an SOP for keeping the IT Infrastructure secured. We need to create “8 Commandments” to have a well-secured IT Infrastructure

    There is a human angle to IT Security as well. Only having robust IT InfoSec Policies. The Human Resource department needs to play an important role.

    The goals that an IT InfoSec leadership needs to achieve has to be clear, well defined, and meticulously followed.

    This presentation will be a snapshot of an end to end journey.
  • The Future of Cyber Security: 2020 Trends and 2021 Predictions Recorded: Apr 9 2021 24 mins
    Yihao Lim, Principal Cyber Threat Intelligence Advisor, Mandiant Intelligence
    Mandiant Threat Intelligence assesses with high confidence that the ransomware threat and its associated disruptions and costs will continue to grow in 2021. We assess with high confidence that cyber risks to the pharmaceutical, healthcare, and related industries will remain elevated throughout the coronavirus (COVID-19) pandemic and related vaccine distribution efforts.

    We assess with high confidence that actors specializing in specific stages of the attack lifecycle will continue their activities, making sophisticated tactics more accessible to a wider variety of actors and threat activity more difficult to track. We also noted increased volume, sophistication, and diversity in information operations throughout 2020. We suggest that continued evolution will be at least partially driven by detection efforts.
  • Is Your Cloud Environment Safe Against Cybercrimes? Recorded: Apr 8 2021 46 mins
    Kok Rie Ooi, Managing Director, SpaceBelt Pte. Ltd.
    The proliferation of cloud adoption by businesses has opened out a plethora of
    Cybercrimes conducted by individuals, organizations and even states. The objectives
    and intents are different for threat actors and the identification of their activities will
    shed some lights of how can we prevent and detect such malicious acts in our IT
    infrastructure on cloud.
    In this connected world where people are more interactive online especially on cloud,
    businesses have to look deeper and further on how the secure their IT infrastructure
    against Cybercrimes. The mindset of the IT security team have to shift with more
    proactive thinking on how to counter such malicious activities with right tools,
    personnel, trainings and resources.
    The session will walk through recent cases of cybersecurity attack such as
    ransomware and data breach, explaining how did the threat actors carried out the
    works. Attendees shall gain knowledges of how and what to protect for their
    organizations assets on cloud and build defence against such malicious attacks.
    Key Takeaways
    • Understand the objectives of different kinds of attacks.
    • Tools that malicious actors use.
    • Use cases – Ransomware and Data breach attack.
    • Steps that we can take to prevent and detect such attacks.
  • Navigating The Alphabet Soup Of Detection & Response Recorded: Apr 8 2021 52 mins
    Steve Ledzian, Vice President and CTO, FireEye
    The Detection & Response categories of EDR, NDR, XDR & MDR have exploded with popularity recently. But how do all of these categories fit together, and what is their relation to the prevention categories of security controls? This session will present a unified model for how to think about security controls across both Prevention and Detection & Response. We'll look at how the model aligns to the MITRE ATT&CK Framework and give specific examples. The session is meant for both business and technical decision makers and leaders in the IT and Security spaces.
  • Three Ways to Protect Against Ransomware Recorded: Apr 8 2021 33 mins
    Ashwin Pal | Director Cybersecurity | Unisys Asia Pacific
    Phishing and ransomware has been a major issue for globally over the last 18 months in particular. Late 2019 saw a number of ransomware attacks on and this can continued into 2020 and 2021 with the COVID pandemic nationally and globally.

    The reasons for the success of the attacks vary, but they are particularily debilitating as it strikes at the heart of any organisation affecting its ability to operate.

    With the above in mind, this presentation will focus on discussing three key steps that need to be taken to bolster defences within organisations against phishing and ransomware.

    The presentation will define ransomware and then address three key areas to be covered to bolster defences as follows:

    1. How to cover the basics. This is important as with focus on the rights controls, a large portion of the attack surface can be reduced
    2. Understanding the attacks methods and responding with further controls to address any gaps
    3. Getting strategic with your approach so that you can stay up to date with your controls and ensure cyber resilience.

    The presentation will also provide a timeline of steps to be taken to mitigate ransomware related risks.

    We will conclude the presentation with a discussion on key takeaways as follows:

    • Increasing and maintaining your defences is a constant effort
    • Start with the basics and work your way through to strategy
    • Manage the change well and stay focused on risk mitigation
    • The journey can be broken down into three key phases to help you in the process:
    o Cover the basics
    o Understand how you are likely to be attacked and bolster your defences
    o Get strategic – prioritise and address gaps.
  • Cyber Strategy War - Learning from History and Protecting the Future Recorded: Apr 8 2021 59 mins
    Tony Katsikas, Owner at CyberSecurityU and Mak Consulting Group | Sayasmito Ghosh, Director at TheCyberSecurityCrew
    “To know your Enemy, you must become your Enemy.” ― Sun Tzu

    Today’s hackers have evolved, in fact they have evolved and and are evolving much quicker than most organisations’ ability to defend themselves.

    Hackers today collaborate amongst amongst themselves to build capability and scale so that they continue to stay ahead of the curve. In many respects they are borrowing from existing business models.

    Like many businesses they have planned campaigns and their goal is to maximise their Return on Investment (ROI) within the shortest amount of time and the least amount of effort
    This webinar explores different trends attackers use to get advantage over organisations, what makes an organisation fall to trivial attacks and what we can do to prevent, detect and respond.
  • The Modern Enterprise is more Digital, Complex & Regulated, so how do we cope? Recorded: Apr 7 2021 38 mins
    Robinson Roe, Managing Director APJ, OneTrust
    As we know COVID put everyone’s digital transformation plans on hyper speed. The speed and extent of this change has meant that execution was, just do it and we will catch up later.

    Add to the mix that regulation around the globe is increasing in Corporate Governance, Security, Privacy, Ethics, Data Governance and 3rd Party Risk management. Business as usual won’t get us there, doubling the number of spread sheets flying around the company is not the answer.

    In this session OneTrust will present the Trust Blueprint which provides a new approach in Securing the Modern Enterprise.
  • CISO Strategy: Monitor the Breathe Recorded: Apr 6 2021 43 mins
    Dr. Onkar Nath, Information Security Strategist
    2020 was the year of pandemic and testing immunity of human race. It has also exposed our bookish risk assessment and risk treatment processes. 2021 is the year of redefining strategies for existence. Earlier, organizations were facing direct cyber-attacks, but in recent past, attacks are being simulated from various and multiple sources, such as third-party vendors, service providers etc. Compromise of data and breach of privacy have reached to the alarming levels. CISO’s are facing vivid challenges. CISO’s need to come out of the compliance strategy and move towards business benefits, so that organizations may get safe and secure information system infrastructure. On one hand CISO needs to provide assurance to the senior management on the other hand they should demand for innovation in information security products and services.
    Takeaway from the webinar:
    • Information security facets teasing CISO’s in 2021.
    • How to understand immunity and resilience of the IS infrastructure?
    • Techniques to have Insight of traffic from within and outside the enterprise network.
    • How to understand the real state of risk profile of the organization?
    • Factors needs to be taken into account while defining and designing the KRIs.
  • Top Security Predictions for 2021 Recorded: Apr 6 2021 49 mins
    Safi Obeidullah & Fermin Serna, Citrix | Ayman El Hajjar, University of Westminster | Dick Wilkinson New Mexico Supreme Court
    The New Workspace Episode 7

    2020 was an intense year for security professionals. The shift to remote working uncovered unforeseen vulnerabilities and called for more stringent security solutions. Distributed workers meant distributed data, and security professionals had to find a balance between enabling wide-scale access to private data, and protecting their organisations from new threats.

    However, as we move into 2021, it doesn’t look like it’s going to get any easier for the security world. According to a recent Citrix survey. 93% of US and European business leaders believe cybercrime and big data breaches will present a significant risk to organisations over the next 15 years. But what are these risks, and how can you best prepare your organisation to tackle them?

    In this episode, we’ll take a look at what we have learned from security in 2020, and how we are using these lessons to inform security strategies over the next few years.
    Join us as we discuss:
    - The top security predictions for 2021
    - Security lessons from 2020, and how 2020 changed security forever
    - The future of security, and what to expect going forward

    Safi Obeidullah, Field CTO at Citrix
    Fermin Serna, Chief Security Officer at Citrix
    Ayman El Hajjar, Course leader Cyber Security and Forensics at University of Westminster
  • How To Measure DevSecOps Recorded: Apr 6 2021 19 mins
    Richard Seiersen, CISO / CoFounder, Soluble
    DevSecOps is security that’s executed by developers and governed by security in a cloud native context. Governance means it’s security's job to make it work well. So, how do you know it’s working? Metrics! But which ones, and where to start? This talk will introduce modern security metrics for governing DevSecOps.

    The following metrics will be covered so you can start incorporating them into your own programs:

    ○ Code Coverage
    ○ Backlog Burndown:
    ○ Arrival Rates
    ○ Survival Rates
    ○ Escapes Rates
  • How the best CISOs build cyber strategies to get the budgets they need Recorded: Apr 6 2021 39 mins
    Ian Yip, Chief Executive Officer, Avertro
    One of the most difficult things to do for any cybersecurity leader is to build a defensible strategy and business case for investment that can be properly measured and tracked using relevant metrics and data. Today’s security leaders need a broader set of skills and influencing approaches to advance a winning cyber strategy.

    Based on a combination of real-world experience, case studies, and research conducted with a targeted set of C-level executives, this session will show the audience how to frame the problems and outcomes they want to achieve, what metrics they should be tracking, and how to ground a cybersecurity investment plan in a business justification.

    The session will walk through example business cases for cybersecurity investment, including explanations of the component parts, and how each is related. Attendees will come out of this session with tried-and-tested skills for leading change, for influencing people who know they need a stronger security strategy, but do not always understand why and how to solve the problems specific to the organisation.

    Key Takeaways
    • Understand the components and metrics that make up an effective cybersecurity strategy and business case for investment.
    • Learn how to articulate cybersecurity outcomes in the language of the C-suite and board.
    • Understand how to tell a cyber story that leads real strategic change.
  • Your people are not as secure as you think Recorded: Apr 6 2021 31 mins
    Hilary Walton, CISO, Kordia Group
    Independent research commissioned by Aura Information Security reveals staff are not as secure as their managers may think. While 62 percent of New Zealand businesses say they carry out security training exercises with their staff, only 37 percent of Kiwis say they have received training on good cyber security practices. Hilary Walton, a security culture expert, digital influencer and CISO of Kordia Group provides her perspective on:

    • How to get started,
    • Do’s and don’t, and
    • How to build into your security strategy an employee education programme that resonates.
  • Synergy of Cyber Security Plan with Enterprise Strategic Plan Recorded: Apr 5 2021 33 mins
    Mario Demarillas, Chief Information Security Officer (CISO) and Head of IT Consulting & Software Engineering, Exceture Inc.
    Organizations are transforming its businesses from brick and mortar model into digital platforms. This transformation initiative provides efficient processing of transactions, competitive advantage and access to global customers.

    On the other hand, digitally transformed organizations are exposed to cyber threat actors and their attacks are becoming more pervasive and impactful even to the survivability of these organizations.

    Therefore, it is necessary for CISOs to assist the Board and Senior Management in facing these cyber security challenges while meeting fulfilling its Strategic Plan.
  • Design a Mentoring Program That Delivers! Recorded: Mar 23 2021 59 mins
    Sushila Nair, Joy Harrison, Kwasi Mitchell, and Hollee Mangrum-Willis
    Mentoring programs can increase knowledge and build skills for future goals and milestones, allowing your workforce to grow their skills organically and create cultures of collaboration and success.

    Join Part 1 of our series to learn how to design a mentoring program for women and minorities in security that actually delivers for everyone involved.
    - Learn from experts on how to design a mentoring program that delivers
    - Understand how to make mentoring meaningful for your organization
    - Learn what strategic planning steps are critical to make the plan a success

    - Virginia "Ginger" Spitzer, Executive Director | ISACA, One In Tech Foundation
    - Joy Harrison, Director, Leadership Development Center for Excellence | NTT DATA Services
    - Sushila Nair, VP Security Services, Chief Digital Officer | NTT DATA Services
    - Kwasi Mitchell, Chief Purpose Officer | Deloitte
    This is Part 1 of our new series on mentorship produced by BrightTALK. Sign up for Part 2 via the link in the attachments.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Cloud Supply Chain - Lessons learned from MS Exchange and SolarWinds Hacks
  • Live at: Mar 17 2021 5:00 pm
  • Presented by: Valentin Bercovici, Chainkit Founder and Chief Executive Officer
  • From:
Your email has been sent.
or close