Name: A SANS 2021 Survey: Rethinking the Sec in DevSecOps: Security as Code
Start: 2021-06-21T16:05:00Z
End: 2021-06-21T17:03:39.000Z
Location: BrightTALK
Rating: 4

CyberRes is now part of OpenText. CyberRes is a Micro Focus line of business. We bring the expertise of one of the world’s largest security portfolios to help our customers navigate the changing threat landscape by building both cyber and business resiliency within their teams and organizations. We are here to help enterprises accelerate trust, reliability, and survivability through times of adversity, crisis, and business volatility.

We are a part of a larger set of digital transformation solutions that fight adverse conditions so businesses can continue to run today, keep the lights on, and transform to grow and take advantage of tomorrow’s opportunities.  Visit CyberRes at: https://www.cybrerres.com

How are cybersecurity priorities changing in 2023? CIOs and CISOs are responding to changing technology and data breach trends, the economic outlook, and escalating regulatory demands for cybersecurity and data privacy. Guest speaker Michael Sampson of Osterman Research uncovers CISO and CIO assessments of their own organizations’ relative cybersecurity strengths and weaknesses, and how and where they’re placing spending priorities. 

Hear the research results and implications for four focus areas: applications, data, cloud platforms, and on-premises infrastructure.
• What types of cybersecurity incidents did respondents experience last year?
• Where do they see the biggest gaps between current and desired security posture?
• What are their top investment priorities?
• What is the impact of the Board of Directors on cybersecurity approaches?

Top Cybersecurity Investment Priorities for CIOs and CISOs in 2023

Data Access Governance is a market segment that focuses on identifying and addressing threats that can come from inappropriate access to sensitive and valuable unstructured data – the file-based data that makes up 80 percent of an organization’s stored data.
NetIQ Data Access Governance is a market leader in the Data Access Governance market segment that meets the requirements of Data Access Governance, as well as delivers an extended set of additional features and benefits.

David Condrey, a recognized thought leader in Data Access Governance, will detail the risks that today make Data Access Governance a necessity for securing sensitive and high-value unstructured data and then share the specifics of five organizations that deployed NetIQ Data Access Governance.

Zero Trust Series: 5 Customer Experiences with Data Access Governance

As today's environments become increasingly complex and hybrid, many organizations face challenges enforcing security policies and access controls. NetIQ AD Bridge allows you to extend AD authentication and authorization to both non-Windows resources and cloud resources such as SaaS, containers, or virtual machines.

Consolidate policy silos with Universal Policy Administrator and address potential policy collisions and gaps.

Zero Trust Series: Universal Policy Admin & AD Bridge to Manage

Enterprises are increasingly embracing zero trust as a necessary strategy for securing the business and proactively managing risk. Identity and privilege access management are critical first steps to zero trust, but many have not gotten further than implementing multi-factor authentication. Privilege management and identity governance are emerging as a bigger focus for organizations, but defenders are still figuring out how to stay ahead of the rapidly changing digital landscape and all its threats.

This webinar explores the results of new research commissioned by NetIQ (part of CyberRes, a Micro Focus line of business) and conducted by Dark Reading. While many organizations have enabled multi-factor authentication, research results make a strong case that they are increasingly exploring a more comprehensive approach that integrates identity management and privileges management across Zero Trust environments.

Zero Trust Series: State of Zero Trust: Latest Insights from NetIQ

Discover how Identity Powered Zero Trust helps eliminate potential threats and data breaches on Tuesday, January 24th. Zero trust is about recognizing who is trying to access and whether or not they should be able to access. During this webinar we will provide best practices for implementing Zero Trust strategies around identity and how NetIQ's holistic approach can help you better understand your overall security posture as well as:

• How to detect a compromised user account?
• How to gain more visibility, oversight, and control over your own environment?
• How to measure your security policies and whether or not they are working as they should?
• How to drastically limit the scope of your exposure to threats?

Zero Trust Series: Boost security with Identity Powered Zero Trust

What if privacy could be a catalyst for growth and help solve broader business problems as well? As you look to change behavior, improve your privacy stance, and mobilize your operations to support global privacy regulations, consider the tools you have on hand and ask yourself, are they doing enough? What if there’s more beyond privacy policies and posture – technology that can help accelerate your organization forward?

Voltage advanced privacy-enabling technologies will give you, your team, and your organization that competitive edge. 

Join us to find out:
• How you can transform your privacy practice with secure analytics, data minimization, data retention, and information lifecycle management
• Into an engine that also drives competitive advantage, corporate sustainability, and cost containment

How Does Privacy Compliance = Innovation + Growth?

Can threat intelligence be your trusted, reliable partner in your SecOps workflows? Now there is a high-quality threat intelligence feed that automatically integrates into your SOAR/EDR engines in auto-block mode. Threat intelligence plays a pivotal role in your security portfolio, enabling you to proactively defend against and pre-empt cyberattacks. Unfortunately, many security professionals are having a hard time implementing, automating, and utilizing the vast array of threat intelligence available to their organizations. 

Listen to this recording as we tackle these challenges and highlight the importance of automating threat intelligence as a critical part of a resilient cybersecurity portfolio.

How I learned to trust my threat intelligence solution

Organizations are discarding the model of “Trust but Verify” and moving toward a zero trust model. That is, “Never Trust, Always Verify, Enforce Least Privileges.”

Effective implementation of zero trust requires a risk assessment of the access to data or the environment. And then, based on the risk level, facilitating authentication, authorization, privilege, and lifecycle management to meet compliance standards across modern, hybrid enterprises.

Zero trust also requires protection of data in use, in transit, and at rest while enabling adaptive access to trusted entities.

Join us to hear from: 

Fernando Mitre Caetano Moisés
Cybersecurity & Privacy Partner, PwC Brazil

Kevin Hansen
Chief Technology Officer, Public Sector at Micro Focus Government Solutions

Satyavathi Divadari
Chairman, CSA Bangalore

CSA Series: Enabling Zero Trust for the Cloud

Explosive growth of digitization and cloud adoption increased the threat landscape across different sources that include cloud, IoT, edge computing and many more.

Advanced threats evolved overtime that includes ransomware, attacks on cloud platforms, and IoT/ OT devices.

Extended threat landscape requires capabilities that includes centralized threat insights, early detection, proactive threat hunting, layered analytics, and automated response to address the concerns of internal threats and external threats such as local, regional, industry and global across sector levels.

CSA Series: Multi-layer Intelligence for Cyber Resilience

Application security continues to evolve from shifting left to shifting everywhere as we move further into a cloud-driven era.  Learn from our panel of experts as they discuss the challenges of cloud-driven application security in 2022 and the critical capabilities to address them.  With their experience and expertise, they will discuss the best strategies to allow software security risks to balance with business imperatives that accelerate the speed of digital innovation covering various topics such as:

• DevSecOps - Security must keep pace with the ‘everything-as-code’ era to transition from point of friction to enablement, without sacrificing quality.
• Cloud Native AppSec - The adoption of containers, microservices, APIs, serverless, infrastructure-as-code and other cloud-first technologies introduces new risks that must be addressed in the SDLC.
• Software Supply Chain - Increasingly a target for threat actors, it’s critical to ensure the software your organization delivers – comprised of open source, commercial and custom code – is properly secured during development.

CSA Series: Critical AppSec Capabilities that accelerate Cloud Transformation

Do you want to know how to take competitive advantage of multi-cloud while managing privacy and security effectively and efficiently? Find out from our panel of experts as they discuss the challenges of multi-cloud adoption, deliberate on solutions that enable privacy and empower zero trust, and describe how to reduce risk exposure with threat intelligence and automation.

With their experience and expertise, they will discuss the best strategies to enable the acceleration of multi-cloud with security solutions:

• How privacy enablement increases cost efficiencies and reduces risk with data minimization, monetization, and protection.
• How zero trust enablement helps in securing access to data and assets across multi-cloud.
• How threat intelligence helps in staying abreast of the latest and greatest threat actors attacking assets on hybrid-cloud.
• How Artificial Intelligence aids in reducing risk exposure, specifically on cloud.
• How to automate security and privacy-enabling technologies and reduce risk.

CSA Series: Privacy Enablement & Artificial Intelligence in the Multi-Cloud Era

This webinar is a preview of the recent release of the Cloud Security Alliance (CSA) research paper, titled "Technology and Cloud Security Maturity," sponsored by CyberRes, a Micro Focus line of business.

Our panel discusses diverse opinions of CISOs, CPOs, Security Strategists, and Solution Integrators around the technology evolution in the areas of cloud security and privacy.

You'll hear from: 
Jim Reavis
CEO, Cloud Security Alliance

Veronica Rose
Director, ISACA Board, Senior IS Auditor, KPMG

Bob Guay
Director, CISO, Emerging Security Technology, J&J

Stan Wisseman
Chief Security Strategist-NA, CyberRes

Satavathi Divadari
Chairman, CSA Bangalore (Moderator)

CSA Series: Evolution of Cloud Security & Privacy Technologies

If you could change your SIEM solution tomorrow, which outcomes would you most like to realize? In this session, you will learn how transitioning from Logger to ArcSight SaaS will enable you to: 
 
• Lower the total cost of ownership of your log management and compliance platform
• Eliminate version lag
• Accelerate investigations and reduce exposure time with up to 5X faster search speeds      
• Reduce analyst fatigue with an interface designed for investigation ease of use
• Benefit from a transition process that is low cost and low risk

How to Lower TCO and Reduce Exposure Time by Transitioning to ArcSight SaaS

APIs are the most rapidly growing attack surface, but they still aren’t widely understood and can be overlooked by developers and application security managers. In this webinar, we will discuss cautions, best practices and approaches to ensuring the security and discovery of your organizations APIs.

Fortify Series: API Security Needs Grow Ever Larger

Modern software applications and products are assembled from dozens if not hundreds of components, many of which nowadays are open-source projects.  Vulnerabilities like Log4J and Spring4Shell that came to light this year reinforce the need for organizations to rapidly mature the security of their software supply chains. The software industry is still early in our collective adoption of mature software supply chain controls. In this webinar, experts and customers will share some of the best practices that organizations can take to mitigate their software supply chain exposure.

Join our esteemed panelists for this discussion: 

• Stan Wisseman
Micro Focus
CTO

• John Keane
CyberRes
Software Angel of Death, Former DoD

• Emil Wåreus
Debricked
Head of Data Science

• Kevin Greene
CyberRes
Chief Technologist, Federal

Fortify Series: Securing the Software Supply Chain

In this webinar we'll share the results of Fortify’s annual AppSec Trends report. We’ll discuss best practices, what we learned in 2021 to help mitigate future AppSec threats, what’s changing, and what we all need to keep a close eye on this year. Most trends are a continuation of what was important just a month or so ago, but AppSec continues to have to evolve in order to keep up with the Dev side of the house.

Fortify series: Top Application Security Trends of 2022

Privacy compliance can truly be a business differentiator for modern companies. Organizations that violate data privacy rights risk significant damage to their reputation and to customer trust. 

Join our panel of experts as they share their top motivators and business drivers for privacy compliance and come away with key steps to take towards this goal, including: 
• Connecting privacy compliance goals to positive outcomes for the business.
• Developing the required data disciplines and organizational structure for successful compliance.
• Customer trust – why it is the top motivator for privacy compliance.

We look forward to having you join us.

Watch the other webinars in this series: 

How can organizations address their privacy compliance obligations?
https://www.brighttalk.com/webcast/7477/542727

Preparing for the Next Wave of Privacy Regulations
https://www.brighttalk.com/webcast/7477/547893

Why Privacy Compliance Delivers a Competitive Edge

Whether you have sensitive data, valuable intellectual property, or both, you can pre-empt elusive insider attacks with a robust early warning system. Join the head of our threat hunting team, Paul Reid, as he shares real-life best practices for finding the threats from within. You’ll learn about: 
 
• Actual cases of insider threats
• Approaches and techniques for uncovering such threats
• Tools that support the approaches and techniques

Real-Life Best Practices for Insider Threat Prevention

As IT workloads transition to the cloud, there's a shift in how organizations develop and deliver systems - and how security must be practiced. This year's SANS survey explores what this shift means for the modern enterprise and its security program. On this webcast, survey authors Jim Bird and Eric Johnson will explore how security professionals must adapt to this new world. Key questions from the survey include:

• What must they understand about software development in order to meet the demand of high- velocity delivery?
• What are the necessary skills for architecting secure software as it is being written - and catching security vulnerabilities before production?
• What is the impact of different cloud architectures and platforms on this effort, including risks, strengths and weaknesses?
• Register today to be among the first to receive the associated whitepaper written by SANS analyst and course author Jim Bird and SANS instructor and course author Eric Johnson.

A SANS 2021 Survey: Rethinking the Sec in DevSecOps: Security as Code

SANS

Software Development

Secure Development

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

A SANS 2021 Survey: Rethinking the Sec in DevSecOps: Security as Code

Presented by

About this talk

More from this channel