#IMOS18 - Here Come the Robots: What and When to Automate Your Security

Organizational threat detection is the process of using data to discover security threats across a business, both of internal and external nature. The objective is to find anomalies, analyze their threat level and determine what actions may be required to respond to them.

In today’s multi-faceted cyber-threat landscape, having the ability to detect data security risks is of paramount importance, but effective data detection requires careful consideration and forethought.

This webinar will examine the current data threat detection landscape, assess how data threat protection can be used to aid organizations in their information security strategies and outline best practices for successfully mastering the art of threat detection.

Key takeaways:
•Learn the importance of advanced threat protection in your organization
•Discover strategies for implementing effective threat detection strategies
•Learn about emerging technologies and approaches for threat detection and response

Also known as micro-segmentation, there are many misnomers on what software-defined segmentation entails, it’s broad spectrum of use cases and what features are essential when selecting a software-defined segmentation solution.
In this webinar, we will dive into the concept of software-defined segmentation and the challenges it brings about, along with outlining the essential components and steps that should be on your list when embarking on a segmentation project to guarantee an improved security posture.

Key takeaways:
• The challenges of software-defined segmentation
• Software-Defined Segmentation use cases
• Learn key software segmentation roll-out steps
• Understand the solution requirements for software segmentation
• How to carry out software segmentation correctly, quickly and easily

Zero Trust is quickly becoming the dominant security model for the cloud, shifting the perimeter from the network to the people and devices that make up a modern workforce.

Traditional enterprise security models were built on an assumption that everything inside the network – whether its devices or people – is trustworthy. However, the evolution of attack sophistication and the proliferation of BYOD has brought greater risk, which means that newer, more holistic measures must be taken to ensure security across the business.

Zero Trust can be used to effectively secure modern organizations from a variety of threats.

However, implementing an effective zero trust approach is not without its challenges, and for a model with many moving parts, the immediate question is: where to start?

This session will explore:
• How to effectively manage a successful Zero Trust strategy
• The full zero trust reference architecture and steps to get there
• Why identity is the foundational layer to build contextual access controls from

Editor Michael Hill discusses the current state of play of cloud security, greatest challenges, best practices and paths of improvement with Frank Downs, ISACA director, cybersecurity practices; Chris DeRamus, CTO and co-founder, Divvy Cloud and Monty LaRue, Technical Leader, Cylidify.

Editor Michael Hill sat down with ISACA board director Asaf Weisberg and Andrej Volchkov, consultant, Stramizos at #InfosecNA 2019 to discuss all things #securityawareness

Editor Michael Hill sat down with Simone Petrella and Allan Boardman to discuss cyber workforce training/skills development at Infosecurity ISACA North America 2019.

Editor Michael Hill talks to Tom Brennan, Chair, CREST and Ian Glover, President, CREST about proactive and reactive security approaches at Infosecurity ISACA North America 2019.

Editor Michael Hill sat down with Christopher Kennedy, CISO and VP of customer success AttackIQ at Infosecurity Isaca North America to discuss the MITRE ATT&CK framework.

Editor Michael Hill discusses Digital Identity and the role it plays in information security with Ben Goodman, Senior Vice President, Global Business and Corporate Development at ForgeRock and Ranulf Green, Head of Assurance USA at Context Information Security, at Infosecurity ISACA North America 2019, in New York, NY, USA.

Compromised privileged credentials remain the #1 tool of attackers, despite adoption of privileged access management technology. Legacy approaches focused on protecting secrets have proven ineffective with excessive standing privilege leaving a clear path for lateral movement when a user is compromised.

In this webinar, we will challenge your assumptions about privileged access management and describe a simpler, more effective approach to PAM built on best practices.

Key takeaways:
•Understand how privileged access is used by attackers, and how to foil attempts
•What a Just In Time approach looks like and the concept of Zero Standing Privileges (ZSP)
•How to make privileged access a straightforward element of your security program
•How a single elegant approach to PAM can meet the demands of cloud, hybrid cloud and on-premise computing
•How Dev-ops and automation solutions can operate within a modern PAM solution

The road to compliance continues to be more rocky, with new frameworks due in 2020 set to further make the job of the data protection and compliance officer more complex. In order to achieve compliance, could a segmentation strategy – enabling better visibility of assets – be a way to ensure compliance is better achieved?

In this webinar, we will look at the concept of network segmentation and how it enables compliance, how failed segmentation in the cloud led to some cases of data breaches and which compliance frameworks you need to be aware of, now and in the future.

Key takeaways:

- How segmentation can aid visibility of your network
- How to start a segmentation strategy that makes security more robust and easier to manage
- The key steps to enabling compliance, like PCI or SWIFT, with simple segmentation and visibility

With the talk of supply chain and third party risk being a more serious cause of security weakness in an organization, how confident are you that your tech stack and security environment is the most secure it can be? Is there a way to get a “grade” of how secure your business is?

In this webinar, we will uncover the concept of cybersecurity ratings, how they can give you a non-intrusive snapshot or “grade” of how secure your business is, and better enable (third party) risk management.

Key takeaways:
-Get a better understanding of cybersecurity risk ratings, and their importance
-How to get the best return from your security investments
-Understand what your rating is against other security teams
-How to get the best return from your security investment

Insiders have something outside threat actors never will: trust. They’ve surpassed the challenge of external security defenses and can navigate sensitive internal resources with breakneck speed.

Today, 60% of attacks are carried out by insiders (IBM Cyber Security Intelligence Index), and the average cost of this type of breach is $8.76m (Ponemon Institute).

Unfortunately, many teams aren’t equipped to act quickly to detect and stop these incidents before it’s too late.

In this webinar, we will explore the top motives of insider threats and outline how organizations can determine the right countermeasures to stop both accidental and malicious insider threats in their tracks.

Key takeaways:
•The top seven most common insider threat focus areas, from accidental leaks to espionage
•What motivates these insider threat actors
•The risks of each type of insider threat
•Real-world examples of these threats in action
•Countermeasures to defend against each type of threat

Today’s attackers come in many forms, from criminal gangs to state-sponsored military operations, and they use an array of attack tactics to break into your network. From APT-style attacks used by organized groups, to offensive AI measures, the capabilities of attacks are becoming more advanced.

In this webinar, we will look at how threat actors will use AI to automate the traditional attack process, how real the threat is, and what sort of tactics businesses can deploy to best defend against AI-powered threats.

Key takeaways:

Recent developments in the cyber threat landscape
The difference between an APT-style attack and automated attacks
How to prepare for AI-powered attacks
How defensive AI can help human security teams regain advantage

How is your organization moving sensitive files? Human error, file transfer inefficiency, and subpar encryption processes are among the common challenges that IT security professionals face when sharing files both inside and outside the organization.

In this webinar, we will look at how your business can avoid the common file transfer pitfalls, how MFT is implemented, and what configurations and management are needed, and what the outsourced options look like.

Key takeaways:

•Avoiding the negative impact that privacy breaches can have on your business
•How to integrate and streamline connectivity with the apps you use every day on the cloud
•How to automate your processes between multiple web and cloud services at once through cloud application integrations with MFT
•Enabling audit trails and visibility and have evidence of transfer completion

Cybercrime and data breaches receive enormous amount of our attention, but the fact still remains that physical access control is a critical front-line defense in a comprehensive digital security posture. As the security landscape continues to change and become more complex, it brings with it opportunities to look at new technologies that respond to escalating security threats.

Card credential and other form factor technologies are common place in many office environments. Now that mobile devices are ubiquitous as well, employees are beginning to expect Mobile Access – the use of a mobile device such as a smartphone, tablet or wearable, to gain access to secured doors, gates, networks and more – as a choice.

However, the challenge for organizations is how to derive the greatest value from the infrastructure in place while integrating new solutions.

In this webinar, we will explore:

• Key insights into why mobile access drives a higher level of security
• The challenges that exist in implementing a mobile access program
• The best practices that create a path to mobile access today