Hi [[ session.user.profile.firstName ]]

Third-Party Vulnerabilities: Demystifying the Unknown

What parts of your cyber supply chain are you unknowingly neglecting? The SolarWinds hack was a wake-up call for companies to check their suppliers and partners for risk. There are still plenty of other dangers lurking in third party systems ranging from software applications and APIs through to embedded devices, chipsets, firmware, and IoT solutions.

These risks lie in other organizations' assets and are seemingly out of your control, but there are protective measures that you can take. Attending this webinar will give you a new perspective on this complex challenge and some actionable insights on where to begin.

Talking points will include:
- The kinds of vulnerabilities that exist in third-party resources
- How to audit for supply chain vulnerabilities
- Strategies for mitigating supply chain availabilities early
Live online Oct 7 5:00 pm UTC
or after on demand 75 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Danny Bradbury
Presentation preview: Third-Party Vulnerabilities: Demystifying the Unknown
  • Channel
  • Channel profile
  • Machine ID Management vs. Digital Transformation: Building a Secure Future Oct 21 2021 2:00 pm UTC 75 mins
    Benjamin David
    Machines already outnumber the humans on your network, which means every machine needs a trusted identity. Consider IoT devices, mobile devices and software-defined workloads and applications – trusted identity for each and every machine is critical.

    As zero-trust and multi-cloud architecture become the norm, the role of machine identities in enterprise IAM (identity and access management) has reached critical importance – each needing to be managed and protected. The stakes are high, and keeping ahead of outages, key theft or misuse and internal and regulatory audits is a serious challenge.

    In this webinar, our panel will discuss:
    · The use (and misuse) of machine identities in organizations today
    · Implications of machine IDs on data privacy and protection
    · Strategies and recommendations to manage machine identities
    · How to operationalize your strategy with a Crypto Center of Excellence (CCoE)
  • Third-Party Vulnerabilities: Demystifying the Unknown Oct 7 2021 5:00 pm UTC 75 mins
    Danny Bradbury
    What parts of your cyber supply chain are you unknowingly neglecting? The SolarWinds hack was a wake-up call for companies to check their suppliers and partners for risk. There are still plenty of other dangers lurking in third party systems ranging from software applications and APIs through to embedded devices, chipsets, firmware, and IoT solutions.

    These risks lie in other organizations' assets and are seemingly out of your control, but there are protective measures that you can take. Attending this webinar will give you a new perspective on this complex challenge and some actionable insights on where to begin.

    Talking points will include:
    - The kinds of vulnerabilities that exist in third-party resources
    - How to audit for supply chain vulnerabilities
    - Strategies for mitigating supply chain availabilities early
  • How to Rethink End-User Protection and Eliminate Phishing and Ransomware Sep 23 2021 2:00 pm UTC 75 mins
    Moderator: James Coker
    Ransomware attacks have surged in the past year–and with the rise of ransomware-as-a-service, it’s become an increasingly profitable tactic for cyber criminals.

    According to Cybersecurity Ventures, in 2021 global losses from ransomware attacks are expected to exceed $20bn, and by 2031 that figure may be as high as $265bn. This follows recent high-profile attacks that led to Colonial Pipeline in the US paying over $4m in Bitcoin to the attackers and Travelex paying $2.3m to regain control after hackers shut down its financial transaction networks.

    Such is the severity of the situation that 60% of respondents to a recent Menlo poll think ransomware attacks should be treated the same as terrorist attacks. But it is quite possible to make malware, even ransomware attacks, a distant memory. To do so, organizations should discard outdated detect-and-remediate approaches and rethink how they protect users, applications, data and the business from these attacks from the outset.

    Join this 1-hour webinar to learn:
    • How phishing and ransomware attack trends have changed as a result of COVID-19
    • Ways you can eliminate ransomware and protect your digital and remote workforce
    • How a leading logistics and insurance business achieves 100% malware protection without impacting end-user experience or convenience
  • #IMOS21 How To: Use AI to Strengthen Cybersecurity Posture Without Compromise Sep 21 2021 3:00 pm UTC 30 mins
    Moderator: Benjamin David
    This technical how-to session, delivered by an artificial intelligence expert, will offer a step-by-step guide to using AI to strengthen your cybersecurity posture.
  • #IMOS21 Cyber Threat Landscape: Trends, Evolving Techniques & Attacks Sep 21 2021 1:45 pm UTC 60 mins
    Moderator: Eleanor Dallaway
    In this session, a panel of experts will consider the current global cyber-threat landscape. What are the changing tactics being explored and deployed in countries around the world? What are the notable trends in the more notable regions in the cybercrime / cyberwarfare world, and how do they differ from each other? Are there any new emerging attack vectors and techniques? This session will look to answer these questions and more.
  • #IMOS21 Safer Online: Strengthening the Resiliency of the Internet Sep 21 2021 12:30 pm UTC 60 mins
    Moderator: James Coker
    In June 2021, the world watched as a single software bug in Fastly brought down large parts of the internet. It was fleeting, but it shone a light on just how vulnerable the internet can be. What needs to be done in order to strengthen the resilience of the internet? What can major companies and governments do to reduce reliance on the companies forming the building blocks of the internet? This session takes a look at the risks if cyber-criminals were to target these companies.
  • #IMOS21 Keynote Presentation Sep 21 2021 11:30 am UTC 30 mins
    Moderator: Eleanor Dallaway
    Infosecurity invites its headline sponsor to present on the key themes, topics and challenges currently affecting its customers and the wider industry.
  • #IMOS21 SOC .vs. MSSP: Which Is Right For Your Organization? Sep 21 2021 10:15 am UTC 60 mins
    Moderator: James Coker
    For organizations looking to strengthen their security posture, and let’s face it, who isn’t, the decision about whether to build an internal Security Operations Center(SOC) versus choosing to delegate and select an external Managed Security Service Provider (MSSP) is often a challenging one. Considerations need to include resource and skills, budget, time demands, security posture, technology, ROI…the list goes on. In this session, experts will weigh up the pros and cons of SOCs and MSSPs and give you the knowledge you need to make your own decision on which is the right solution for your organization.
  • #IMOS21 From Hero to Zero: Strategies for Zero Trust Sep 21 2021 9:00 am UTC 60 mins
    Moderator: Benjamin David
    Zero trust has emerged as an important part of an enterprise security strategy. With organizations facing increasingly complex environments with ever-more remote and mobile workforces, organizations need a new security model. Is the “never trust, always verify” model the right one? And what considerations and strategies for zero trust do CISOs need to think about before deploying a zero trust model? Join this session to find out.
  • #IMOS21 Headline Keynote Sep 21 2021 8:15 am UTC 30 mins
    A leading information security expert and thought-leader will open the first day of the Infosecurity Magazine with a keynote address exploring the most important, relevant and impactful issues affecting the sector today.
  • New Strategies for Managing Machine Identities Sep 16 2021 5:00 pm UTC 75 mins
    Danny Bradbury
    Machine identities are everywhere. From cloud services, containers, and applications, to the code running on them, every machine needs a trusted identity.

    But with the rapid increase in machine identities, many security and infrastructure teams are left with an uneasy feeling of not being in control. The stakes are high – keeping ahead of certificate outages, key theft or misuse, and audits is a constant challenge.

    The result? 88% of organizations still experience serious outages due to expired certificates. Another 89% of organizations experienced at least three failed audits due to insufficient key management.
    In this webinar, you’ll learn:
    • Why crypto-agility emerged as a top priority for organizations
    • Key risks and challenges in managing machine identities
    • How to build a case for prioritizing machine identity and reduce risk of unmanaged machine identities
    • Steps for building a Crypto Center of Excellence (CCoE)
  • Securing Active Directory in a Hybrid Identity Environment Sep 16 2021 2:00 pm UTC 75 mins
    James Coker
    Active Directory (AD) access points are frequently used to launch cyber-attacks and adequately securing these systems has become increasingly critical to organizations’ security, particularly amid the shift to hybrid working.

    This webinar will focus on this exact topic, with a panel of experts highlighting how cyber-criminals have successfully targeted AD and offering guidance on how to secure this area. This will include the security risks to watch for in managing AD as well as Azure AD, how to look for warning signs that your core identity-management system has been compromised, and how your business should respond in the event of a successful attack. The panel will also exchange real life experiences with securing AD and Azure AD and the challenges they overcame.

    Attendees will learn:
    · The common AD and Azure AD weak spots exploited in recent cyber-attacks
    · Top security risks to watch for in managing a hybrid identity environment
    · Preparing for AD and AAD attack remediation
    · How to enabling proper backup and recovery procedures for either environment
  • Data Security: From Creation to Sharing Sep 9 2021 2:00 pm UTC 75 mins
    James Coker
    All organizations need to ensure their employees have quick and easy access to data so they can be as productive as possible. Sadly, this approach often increases the risk of data breaches occurring, particularly among hybrid workforces operating outside of corporate buildings.

    In this environment, the traditional focus on infrastructure control is no longer sufficient to protect organizations’ data. Instead, steps must be taken to protect data throughout its entire lifecycle, from the point that it is created, to various ways it is shared, going beyond our control into the hands of a business partner, shareholder or customer.

    In this webinar, a panel of experts will highlight the key mechanisms organizations need to introduce to protect their data at all stages, thereby developing a best-in-class policy that their customers can have confidence in.

    Attendees will learn:
    · The common ways data breaches occur, especially since the start of COVID-19
    · The inadequacies of traditional approaches to data protection
    · The key technologies and processes required to secure data across its entire lifecycl
  • Building a Privileged Access Management Strategy for the Post-COVID World Recorded: Jul 22 2021 62 mins
    James Coker
    Improvements in cybersecurity technologies have made it more difficult for threat actors to mount direct attacks on organizations’ networks. Cyber-criminals are therefore increasingly looking for alternative routes into systems to steal sensitive and confidential data. One of these involves compromising the login credentials of employees or external contractors/vendors, especially those who have privileged accounts and are able to freely access sensitive systems and data.

    This issue has been exacerbated by the COVID-19 pandemic, with remote employees more vulnerable to having their login credentials compromised. A zero-trust model of security has regularly been highlighted as vital to keeping a hybrid workforce secure alongside internal employees and external contractors, and this must be underpinned by a strong privileged access management policy, ensuring that compromised accounts do not lead to disastrous data breaches for businesses.
    This webinar will explore the latest trends and challenges in privileged access management, and outline the strategies and technologies required to stay one step ahead of threat actors.

    In this webinar, a panel of experts will discuss:
    · How threat actors are increasingly targeting staff or contractor accounts to steal sensitive data
    · The importance of privileged access management in keeping organizations secure, particularly for a hybrid workforce
    · The steps required to develop a successful privileged access management policy
  • Overcoming ‘Shadow IT’ Need and Risk Recorded: Jul 8 2021 66 mins
    James Coker
    The escalating use of shadow IT – information technology outside IT approval – creates significant risk to organizations and is one of the biggest challenges in digital forensics today.

    During investigations, incidents, litigation or regulatory and legal compliance, companies must be able to acquire, preserve, analyse, examine and present digital media in a forensically sound manner.

    According to McAfee, 80% of workers admit to using SaaS applications at work, in many cases without IT approval. Bring Your Own Device (BYOD) policies and remote working since the pandemic have continued to blur the lines between company and personal device usage.

    Organizations need to understand how to get to grips with the expanding shadow IT environment in order to overcome the need and risk attached.

    Join this webinar to learn:
    · The growing challenges and risk of shadow IT
    · Strategies for overcoming shadow IT, including the importance of staff awareness training
    · How technologies can help enforce policies, protect data and intellectual property, and reduce costs
  • How To Achieve Passwordless Authentication and Cohesive Credential Management Recorded: Jul 1 2021 60 mins
    Danny Bradbury
    Access Identity credentials are one of your organization's biggest secrets. They're like oil: valuable, powerful, and - in the wrong hands - highly toxic. How can you manage them and make sure they’re secure?

    In this webinar, our panel of experts will discuss the nature of access identity credentials, how they have evolved, and
    some of the risks involved with not managing them properly.

    We will also look at how you can keep credentials safe. What are the common credential management tasks that cause companies problems? How does the technical environment (for example, machine-to-machine infrastructure machine identities vs human users) affect credential management tasks? How can we ensure that end-users register and use
    their credentials when they receive them, especially in a world of remote work? What best practices can companies follow when managing credentials, and how can technology help?

    Talking points will include:
    - What the modern credential authentication landscape looks like.
    - Common credential management problems facing administrators.
    - How credential management challenges face will change as we move to a passwordless world.
  • The Battle of Algorithms: How AI is beating AI at its own game Recorded: Jul 1 2021 64 mins
    Eleanor Dallaway
    Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyber-attacks exponentially more dangerous, and harder to identify.

    As AI-driven attacks evolve, they will be almost indistinguishable from genuine activity, and conducted at an unprecedented speed and scale. In the face of offensive AI, only defensive AI can fight back, detecting even the most subtle indicators of attack in real time, and respond with surgical actions to neutralize threats - wherever they strike.

    In this session, discover:
    · How cyber-criminals are leveraging AI tools to create sophisticated cyber weapons
    · What an AI-powered spoofing threat may look like, and why humans will not be able to spot them
    · Why defensive AI technologies are uniquely positioned to fight back
  • How To Navigate the Critical Intersection Between Data Security and Data Privacy Recorded: Jun 24 2021 61 mins
    Eleanor Dallaway
    Standard security controls are excellent at ensuring that data stays secure and is only accessed by those with appropriate permissions. However, where security fails is knowing the information that privacy requires, such as where the data came from, why the data is being stored, who the data belongs to, who it’s shared with, and how long it will be retained. The answers to those questions for every system or data element has an impact on which security controls a company needs to have in place.

    Join Infosecurity Magazine and data expert Chris Pin as he explains the critical intersection between data security and data privacy, including:
    · The key differences between data security and data privacy
    · Why it’s possible to have security without privacy, but impossible to have privacy without security
    · How to enable and support both security and privacy when it comes to data
  • Defining the Zero Trust and SASE Relationship Recorded: Jun 24 2021 62 mins
    James Coker
    By taking a Zero Trust approach, security departments assume that all content–regardless of whether it originates from a trusted source–is untrustworthy. Treating all content as if it is malicious eliminates the need to make an allow-or-block decision at the point of a click. With cyber-attacks and data breaches becoming more prevalent since the shift to remote working, traditional detect-and-remediate approaches to cybersecurity are falling short and security leaders are increasingly adopting Zero Trust as a way to overcome the challenges presented by the anywhere, anytime workforce.

    In addition, amid growing cloud adoption, many security leaders are looking to introducing Secure Access Service Edge (SASE) architecture into their organizations. Is there a tie between Zero Trust and SASE? Does SASE come in a box? Do you need to choose between one or the other?

    During this session, a panel of experts will tackle these questions and discuss:
    - Why focusing on detection is a reactive approach to security
    - The relationship between SASE and Zero Trust
    - Why isolation is the secret sauce in today’s fight against online security threats
  • Managing the cybersecurity transition to the cloud Recorded: Jun 17 2021 60 mins
    Danny Bradbury
    Moving your cybersecurity to the cloud is a good way to protect your entire infrastructure, both in the cloud and on-premise. It makes security more consistent and scalable, and it integrates tightly with cloud-native systems. But for many, it's still a daunting prospect.

    This webinar explores the process of transitioning your cybersecurity operation to the cloud, either as a standalone project, or as a necessary part of a broader cloud migration.

    You'll leave with a better understanding of what to watch out for, what the best practices
    are, and how your service provider can help ease the journey.

    Talking points will include:
    - The biggest concerns about moving cybersecurity measures to the cloud
    - How cloud security has evolved and improved over the last decade
    - Common misconceptions about cloud security
Strategy - Insight - Technology
Dedicated to serving the information security community, in person, in print and online.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Third-Party Vulnerabilities: Demystifying the Unknown
  • Live at: Oct 7 2021 5:00 pm
  • Presented by: Danny Bradbury
  • From:
Your email has been sent.
or close