#IMOS18 - Here Come the Robots: What and When to Automate Your Security

Many organizations have been forced to quickly adapt to remote working during the COVID-19 crisis, and this has posed a number of new security risks. Cyber-criminals are ramping up attacks on remote workforces as a result, and the ability to respond quickly and effectively to security incidents in this context is crucial. However, this requires a fundamental rethink in incident response practices and procedures, with it harder for IT and security staff to orchestrate approaches and a greater reliance being placed on the actions of individual employees.

In this webinar, we will look at how organizations need to prepare for cyber-incidents whilst operating remotely, including the implementation of training exercises and updated processes and procedures.

Key takeaways:
• What are the main security incident and responses challenges faced by organizations today
• How the remote working landscape has impacted incident response strategies
• How to master incident response in the current and future remote working paradigm

Distributed Denial of Service (DDoS) attacks combined with BOT attacks have become a part of the attacker’s arsenal, hitting businesses with ever larger assaults. This has led to the adoption of DDoS and BOT-Management solutions by many organizations in an effort to prevent their success.

In this webinar, we will look at the impact of a DDoS attack combined with BOT to see how these appear from the attacker, and the defender’s perspective, and what the attack will look like with and without protection in place.

Key takeaways:

What a DDoS attack can look like in real time and what role BOTs have during attack
Why defences can work, and what the correct settings can be
What will happen to a layer 7 website if it is not protected

Digital transformation has resulted in new tech such as the IoT, cloud tech and enterprise mobility proliferating, maximizing the attack surface and making networks more vulnerable. Given that most of these technologies intercommunicate (thereby eliminating the concept of perimeters), all data needs to be encrypted in transit, and also while it is at rest. This points towards the concept of zero-trust security.

By protecting data where it resides, or while it is in transit, security teams can ensure that the perimeter begins with the data itself – and in order to achieve this, businesses need an effective cryptographic strategy.

In this webinar, a panel of experts will discuss encryption strategy and explore how organizations can execute, monitor and track it in an enterprise environment.

Key Takeaways:
• The relationship between perimeters and zero-trust security
• The role of cryptography in 2021
• How to define and enforce effective crypto-strategies

The journey of establishing a DevSecOps culture within an organization can be one of significant challenge and complexity. However, in the modern landscape, it’s vital that organizations are able to understand the security implications that surround DevOps and successfully implement an effective DevSecOps strategy.

In this webinar, a panel of experts will discuss the key best DevSecOps practices for organizations with unique insight into the strategies educational publishing giant Pearson has adopted as part of its DevSecOps journey.

Join this webinar to learn:

Strategies for on-boarding new services and encouraging developers’ adoption
How to deal with prioritization of different DevOps security issues and measure success and maturity level
How working with champions has supported this effort at Pearson

In response to the increasing trend of cyber threats, the U.S. Department of Defense has launched a new information security framework and audit program to assure its vendors are adequately securing their confidential data.

The Cybersecurity Maturity Model Certification (CMMC) combines certifications into a unified cybersecurity standard and will assess the maturity of an organization’s cybersecurity practices. Defense Industrial Base (DIB) partners and contractors have to meet the DOD’s new CMMC to bid on future procurement

In this webinar, we will discuss steps to take to meet specific CMMC level compliance in relation to Identity and Access Management (IAM), including Privileged Access, how compliance can be achieved to pass your audit, and which technologies can aid preparations.
How to work within the CMMC timeframe
MFA best practices to achieve compliance under the mandate
What to consider when choosing the right MFA security partner
How to implement a future-proof and scalable MFA solution for your company in preparation for the future requirement changes.CMMC, Cyber Maturity, Certification, ISO, NIST

File upload protection is a critical gap in web app security. How do you secure public portals and web applications from malicious attacks via file uploads?

Organizations increasingly rely on web portals and web apps for critical customer and client interactions. Developing public-facing portals and the transfer of PII and sensitive or confidential information creates huge risks for these originations.

Hackers target portals to gain access into an organization and securing these workflows and ensuring sensitive data doesn’t fall into the wrong hands isn’t easy.

In this webinar, a panel of security experts will explore why file upload remains a major attack vector and how it is often not protected by traditional web application defenses.

Join this webinar to learn:
• The top security risks from file uploads for web portals and web apps
• How to apply a zero-trust model to prevent and protect your organization from attackers
• Best practices to consider for file upload protection

For modern organizations, the ability to implement effective threat detection and response is paramount. Given the extensive cyber-risks that now threaten organizations, it is crucial that threat detection and response approaches are holistically sufficient to combat the numerous risks faced by organizations. This has given rise to the concept of extended threat detection and response (XDR).

XDR may still be evolving in scope and definition, but its goals are clear – greater context of threats for security analysts and ensuring security gaps are filled.

This webinar will explore a critical step in building the foundations of a successful XDR strategy, and why you need to include a powerhouse system that you might not have considered – the mainframe.

Despite long-held beliefs that mainframes are secure by design, new research shows security events do happen and a number of vulnerabilities are unaddressed on the average mainframe.

Join this webinar to learn:
• Why XDR is a critical element of your organization’s modern security and risk management strategy
• The first steps to help ensure a successful XDR strategy for your business
• How perhaps the most securable system in existence can be included in your XDR strategy, and the steps to take to ensure it remains secure

To prevent ransomware from taking over your organization’s resources, your network must be internally segmented. This stops the malware from moving freely inside the network from one infected computer to the next.

However, many IT security professionals aren’t sure where to begin or what approach to take when implementing micro-segmentation.

In this webinar, a panel of security experts will discuss the importance of a micro-segmentation approach and outline how to make a success of a micro-segmentation security project with best practice strategies and insightful use cases.
 
Join this webinar to discover:
• The stages of a successful micro-segmentation project
• How intent-based network security and application discovery are crucial to the success of micro-segmentation
• The role of policy change management and automation in micro-segmentation

The last six months have seen businesses adapt to new ways of working, new methods to engage customers, employees and communities. IT teams have had to react quickly, implementing systems and facilities for home working and operating remotely, far faster than normal. This has seen a surge in the deployment of cloud and hybrid environments without, in many cases, robust testing.

With these developments, businesses are beginning to looking at security from a Secure Access Server Edge (SASE) viewpoint. This can enabling companies to protect web, cloud, network and data security from a single source. In this webinar, we will look at the concept of SASE, what it can do for your security posture and secure your cloud and hybrid environments

Key takeaways:

Understand how to better secure your cloud and hybrid environments
How SASE works and what it can add for your business
How much cloud security impacted and enabled the remote working change

Many organizations around the world have had to quickly pivot and introduce online and digital channels for working and delivering services. Adding remote working and new systems and platforms have introduced risks, threats and vulnerabilities to information security frameworks. Regardless of industry, at least some degree of remote-working and digital transformation is here to stay.

In this webinar, we will discuss the new threat landscape and consider the importance of cyber and information security standards such as ISO 27001, and how this and other certifications can be leveraged to manage risks.

Key takeaways
•What organizations need to know about how to safely conduct business remotely
•What steps they can take to mitigate the risk to their business and information assets
•How ISO 27001 can help reduce and manage information security risks
•Maintaining compliance with security certifications during the pandemic

The attack on Twitter in mid July enabled attackers to take control of major accounts with millions of followers, and collect over $100,000 through a Bitcoin scam. We subsequently learned that this was achieved by a spear phishing attack sent to Twitter staff, giving the attackers full control over a subset of accounts.

In this webinar, we will look at the incidents that enabled the attack, what companies can do to ensure that phishing messages do not succeed and if extra solutions are needed to better detect and prevent phishing messages from getting to your employees.

Key takeaways:

How the attack was successful
Why you need to limit employee access to sensitive user details
How to evaluate a better phishing solution

The typical security network structure consists of many working parts, but is that enough to protect the modern business from modern cyber-threats? Well, the number of successful attacks would suggest not. So where can things be improved? One way is to consider software-defined segmentation and how it can replace the firewall to give you a competitive advantage for security.

In this webinar, a panel of experts will discuss the state of the firewall from its origins to its modern use points and ask if it is really still fit for security needs or whether the future of security requires a more dynamic solution.

Key takeaways:
•How you can use software-defined segmentation and what benefits it can bring to security strategies
•Why you don’t need to rip out your old firewalls but also why you should consider how newer technology can be a security enabler
•Why you need to consider monitoring of outsourced services

The issue of insider threat has been a testing one for cybersecurity – we know it goes on, but it is rarely reported, companies struggle to detect and prevent it, and the issues of monitoring employees come with the taboo of privacy and surveillance.

In this webinar, we will look at both the issue of how the insider threat has risen and been dealt with, and also how you can create a strategy to better detect malicious insiders, and how to deal with the person and the issue.

Key takeaways:

How to create an insider threat strategy and what it can look like
Issues on using monitoring technology in the workplace and on remote users
How to classify data with a remote workforce