Name: Vulnerability Alert - Responding to Log4Shell in Apache Log4j
Start: 2022-01-17T16:29:00Z
End: 2022-01-17T16:29:59.000Z
Location: BrightTALK
Rating: 4.5

Tenable®, Inc. is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

For insights into why tagging remains crucial for effective cloud resource management, and guidance for mitigating issues caused by inconsistent tagging, don’t miss this on-demand Tenable webinar exploring:

>> Lessons learned from breaches caused by poor tagging and cloud resource hygiene
>> Implementing strategic workflows to test automation scripts and exception handling
>> How and why you should be using policy-as-code to enforce proper tagging and policy definition
>> How Tenable Cloud Security helps optimize your tagging efforts

Tag, You’re It! Best Practices for Optimizing Your Cloud Tagging Strategy

According to VMWare’s The State of Kubernetes 2023 report, 52% of you struggle to meet Kubernetes security and compliance requirements. This is no surprise. From risky default configurations to vulnerable container images, when it comes to Kubernetes, there’s no shortage of security challenges to address.

To get your K8s security on track, don’t miss our March CloudCover session, covering key questions such as:

>> How to get visibility into Kubernetes clusters?
>> What are the top things Kubernetes security newbies need to know?
>> How can you control access to Kubernetes APIs and running clusters and ensure the security of privileged containers

Kubernetes Confessions: Put An End to Those Risky K8s Security Sins

For guidance on ways you can more effectively secure your interconnected OT-IT-IoT environment, join our panel of experts: Joseph Price, OT Cybersecurity Program Lead, Deloitte, Mark Weatherford, Chief Cybersecurity Strategist, Coalfire, Marty Edwards, Deputy CTO for OT/IoT, Tenable, and Nathan Wenzler, Chief Security Strategist, Tenable for this webinar exploring:

>> Why CISOs need to understand the risk created by exponential growth in connected OT and IoT devices

>> Closing visibility gaps to more effectively manage risk and make informed decisions

Minimize the Risk Posed by Your Interconnected IT/OT/IoT Environments

As your organization ramps up hybrid and multi-cloud deployments, your security team may be challenged to keep pace. How do you reduce complexity, minimize exposures, enforce least privilege, and prioritize security gaps at scale without overextending your resources?

For answers, don’t miss this on-demand webinar exploring how Tenable Cloud Security extends Tenable’s trusted vulnerability management capabilities to the cloud, supercharging your security program with contextual prioritization and guided remediation, giving your team the tools needed to become cloud security experts in less than 48 hours.

How to Make Your Security Team Experts In Cloud Security In Less Than 48 Hours

Check out this on-demand webinar to learn how you can operationalize identity security to achieve accurate real-time risk prioritization and Continuous Threat Exposure Management (CTEM).

On their own, flaws and weaknesses in your Active Directory and Entra ID (formerly Azure AD) environments expose your organization to potentially grave consequences. At the same time, these gaps in identity hygiene impact your organization’s overall level of cyber risk.

Watch this on-demand webinar and learn how you can effectively operationalize identity-first security, gaining valuable context for assessing and prioritizing risk across your entire attack surface.

Topics covered will include:

>> How identity insights add contextual intelligence for improving your risk-assessment strategies

>> Best practices for creating a mature identity security program that enables real-time risk prioritization and Continuous Threat Exposure Management (CTEM)

>> How Tenable helps develop your zero-trust security program to optimal levels

Identity Risk Prioritization and Continuous Threat Exposure Management (CTEM)

Whether for economic gain or achieving some malicious outcome, threat actors are doing their best to target and disrupt your most critical business functions. To mount an effective defense, you must bridge the gap between traditional IT cybersecurity practices and the specialized needs of OT environments.

>> Learn how Tenable empowers you to secure your entire attack surface by watching this on-demand webinar exploring key capabilities of Tenable One for OT/IoT, including:

>> Why a converged solution is needed, how it works, and enables proactive security across your entire converged attack surface
How Tenable One for OT/IoT breaks down silos and functions to make your operations more secure, effective, and safe

Reduce Risk Across Your Entire IT, OT, and IoT Attack Surface Now

Using research and analyses from multiple sources, this session will discuss how to formulate a strategy to reduce visibility gaps and communicate business risk tied to your exposure. Watch now to learn about:
• Least Privilege Access Control (Everywhere)
• Attack Surface Management
• Cyber Exposure Score

Cloud Security and Exposure Management: Priorities, Barriers and Risks

Learn how you can effectively discover, quantify, and assess risk in your OT/ICS attack surface.
You cannot successfully defend and protect your organization without having a complete, detailed, and timely inventory of your entire OT/ICS attack surface. This includes the device and system configuration data required for assessing vulnerabilities, safety issues, and potential attacks.

To learn how you can master your OT/ICS asset inventory, join Dick Bussiere, Principal OT Security Engineer with Tenable, for this webinar covering the following topics:

>> Overcoming common asset discovery challenges and fallacies
>> The differences between passive and active discovery, how they work, the benefits of each technique, and when to use them
>> Going beyond asset discovery, to capture the data needed for effective risk analysis and security/operational decision-making

Capture the Complete OT/ICS Asset Inventory You Need to Protect Your Operations

Real-world identity insights for security, cloud, and IAM practitioners.

Your organization’s identity and access management efforts have far-reaching implications on overall security posture. Understanding the similarities and differences between identities and entitlements across your cloud and on-prem attack surface is central to a preventive security program.

During this CloudCover session, Tenable experts discuss the nuances of identity risk management across multi-cloud and on-prem environments. By participating you will gain insights into practices DevOps, IAM, and security teams can use to protect your environment and block bad actors from lateral movement.

Securing Identities Across Your Entire Attack Surface

Cloud infrastructure is an attacker’s playground. So how do you reduce your attack surface?

Join us to find out how you can leverage an identity-first CNAPP approach for full asset discovery, deep risk analysis, runtime threat detection & compliance reporting. In this on-demand webinar, Lior Zatlavi will explain how to use powerful visualization, prioritization & remediation tools to close the cloud expertise gap. By watching you  will learn how to:

>> Leverage an identity-first CNAPP approach for full asset discovery, deep risk analysis, runtime threat detection & compliance reporting
>> Automate cloud infrastructure security to reduce your cloud attack surface
>> Empower stakeholders to drive accurate risk prioritization and remediation across complex multi-cloud environments

Leveraging CNAPP to Close the Cloud Security Expertise Gap

Join experts from Tenable and HCLSoftware for this on-demand webinar exploring ways to streamline patching and optimize your remediation efforts.
As your attack surface expands and vulnerabilities proliferate, having an efficient patching process, with little to no friction between infosec and IT teams, is crucial for maintaining an effective cybersecurity posture. So, what’s needed to make this happen for your organization?

For guidance and practical advice, check out this on-demand webinar with experts from Tenable and HCLSoftware covering the following topics:

>> What makes a “critical” vulnerability “critical” and how does this get in the way of effective patching?/li>

>> Closing the communication gap between security and IT teams to enhance security, compliance, and patching efficiency

>> How key capabilities of the combined Tenable-HCL BigFix solution streamline patching and optimize remediation efforts

When it Comes to Vulnerabilities, “Critical” Doesn’t Always Mean “Critical...”

Learn How to Unlock the Power of Integrations with the Tenable OT Security API

This on-demand session provides an introduction to the Tenable OT Security API, sharing use cases and step-by-step instructions for leveraging the API. Topics covered include:

>> An overview of pyTenable, the Python library used for interacting with the Tenable OT Security API
>> Step-by-step guidance on enabling the Tenable OT Security API
>> An overview of GraphQL and the GraphiQL playground
>> Top Tenable OT Security API use cases

In the Lab with Tenable OT Security, January 2024 - API Primer

Join former Gartner analyst Tom Croll for insights on leveraging CNAPPs to enhance security, agility, and competitive advantage in the cloud era.

Cloud Native Application Security Platforms (CNAPPs) are revolutionizing the way modern organizations practice cybersecurity. Led by co-creator of CNAPP, cloud security architect, CTO, and former Gartner analyst Tom Croll, this on-demand webinar provides a deep dive into the strategic application of CNAPPs, sharing practical advice and guidance, including:

>> Demystifying the fundamentals of CNAPPs, their architecture, and how they differ from traditional security models
>> Exploring the tangible security and business benefits of CNAPPs, including risk reduction, improved compliance, and enhanced agility in responding to security threats
>> Practical guidance on integrating CNAPPs into existing security frameworks, emphasizing minimal disruption and maximizing efficiency
>> Plus, Tom will share his thoughts on cloud security trends for 2024

Harness the Power of Cloud Native Application Security Platforms (CNAPPs)

Check out this on-demand webinar for insights into the mechanisms and paradigms Azure provides for managing permissions. The session also shares best practices and lessons learned from large Tenable customers regarding the effective use of Tenable Cloud Security to address Azure entitlement challenges.

Key things you will learn:

>> How Azure entitlements work
>> How to manage Azure identities and security posture at scale
>> How to gain visibility into entitlements granted in Azure subscriptions
>> Why applying change control to permissions is essential
>> How to remediate over-privileged identities using activity log tracking

Best Practices for Managing Azure Identities and Security Posture at Scale

For organizations reliant on operational technologies, one of the important threat detection frameworks is MITRE ATT&CK® for ICS. Based on real actions exhibited by threat actors, MITRE ATT&CK for ICS is a variant of the enterprise and mobile ATT&CK matrices, and is regularly updated to reflect the latest adversary behaviors.

Join Dick Bussiere for this on-demand webinar to learn the techniques attackers use to compromise OT infrastructures. By understanding the techniques, you can proactively bolster your security posture with Tenable.ot. Through discussion and demonstration, the session will explore:

> Using MITRE to think like an attacker and become more proactive
> Ways to incorporate MITRE ATT&CK for ICS into your overall OT security workflows
> How Tenable.ot maps to the ATT&CK techniques and tactics

The MITRE ATT&CK for ICS Framework... And What to do About it

Join Tenable and guest presenter, Brian Wrozek, Principal Analyst, Forrester to explore opportunities and challenges facing your OT/ICS security team in 2024. Topics covered:

>> New attack tactics and defense techniques

>> What to expect from an evolving regulatory landscape and the market for cyber insurance

>> Business drivers leading to OT/IoT/IIoT device adoption and OT vs. IT return on investment and budget allocation

2024 OT Security Trends – From the Boardroom to the Industrial Floor

Check out this on-demand webinar for insights into the development of the National Security Telecommunications Advisory Committee (NSTAC) draft report, and a discussion about its recommendations for improving the security of your converged IT/OT systems.

Led by experts who contributed to the NSTAC report, this webinar shares key findings, recommendations and guidance for measures you can take to improve the resilience of your organization's IT/OT networks and systems. Though focused on Federal Civilian Agencies, the report and its findings are relevant for all public and private sector organizations reliant on OT.

The Time for Prioritizing Your IT/OT Cybersecurity is Now

Join experts from Tenable for guidance on achieving the optimal level of Zero Trust maturity for your identity security practice.
>> What are the Zero Trust best practices for identity security?
>> How do you operationalize security programs to increase maturity?
>> How can you achieve the optimal level of maturity through continuous validation and monitoring

Zero Trust Maturity & Continuous Assessment of Identity Risk

Tenable experts share insights into the Apache Log4j library vulnerability, AKA Log4Shell and LogJam (CVE-2021-44228). Topics covered:

 - What is Log4Shell and why it demands your immediate attention
 - How Tenable helps you find, prioritize and remediate Log4Shell

Who should participate?
All cyber security/infosec and IT professionals responsible for the secure operation of affected assets are encouraged to participate in this webinar.

Vulnerability Alert - Responding to Log4Shell in Apache Log4j

Cyber Defence

Cyber Security

Cyber Threats

Information Security

Log4Shell

Vulnerability Management

Vulnerability Scanning

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Vulnerability Alert - Responding to Log4Shell in Apache Log4j

Presented by

About this talk

More from this channel