Name: How to Mitigate Cyber-Risks Through a Threat Exposure Management Program
Start: 2023-04-20T14:00:00Z
End: 2023-04-20T14:01:01.000Z
Location: BrightTALK
Rating: 4.2

Dedicated to serving the information security community, in person, in print and online.

In the era of Zero Trust and increasingly sophisticated cyber threats, time synchronization is no longer just a technical detail, it’s a foundational element of cybersecurity. This webinar will explore how secure, accurate and precise timekeeping using Stratum 1 network time servers can dramatically improve security posture, incident response and regulatory compliance.
  
Attendees will learn:
• Why trusted time sources are critical for Zero Trust architectures
• How inaccurate timestamps can undermine forensic investigations, SIEM effectiveness, and authentication protocols
• The risks of relying on public NTP servers and how attackers exploit time-based vulnerabilities
• How Stratum 1 time servers with GNSS hardening and atomic clocks protect against spoofing, jamming and NTP-specific attacks
• Real-world use cases across industries like finance, healthcare, government, and critical infrastructure

Time Is a New Attack Surface: Securing Networks with Trusted Time Synchronization

With the speed of development in AI-driven threats, SOC teams are more and more overwhelmed by increasingly sophisticated threats that demand a smarter approach. 
AI-driven insights are now essential for security teams to detect, investigate and respond to threats through integrated Cloud SIEM, while keeping systems secure and running smoothly.
As defenders face resource constraints, deploying specialized AI agents into security operations can help streamline data analysis, highlight relevant intelligence, distil insights from complex data and multiply analyst capabilities.
During this session, our panel of experts will also discuss how defenders can leverage AI tools to reduce the mean time to recovery (MTTR) and substantially reduce the financial cost of incident response.
By joining this webinar, you will learn:
• How defenders must adopt intelligent approach to intelligence operations in the age of AI 
• How to bring together IT, development and security operations with full-stack visibility through the unified Intelligent Operations platform
• How built-in monitoring, troubleshooting and security with Sumo Logic built on AWS provides end-to-end monitoring across AWS and brings 50% faster analysis and 75% reduction in MTTR

How To Enhance Security Operations with AI-Powered Defenses

Modern adversaries are relentless. They are not hacking in, they are simply logging in. Identity is your new perimeter. According to the Veza 2026 State of Identity & Access Report, 38% of accounts are dormant accounts with live entitlements. And, compared to the previous year, ‘safe, compliant’ permissions plummeted to just about 55%, driven by the increase in local accounts that are not linked to the identity provider (IdP). This is ‘identity debt’ at scale, and adversaries are capitalizing on it.

It’s time to shift from static, reactive defenses to continuous protection. Join our webinar to understand the key highlights of the report that will help guide your 2026 identity security strategy.

You will learn:
• Why you should quantify your identity debt
• The importance of shifting to an authorization-focused approach
• How to eliminate non-human and AI agent identity blindspots
• The 5 key identity security strategies for 2026

Five Non-Negotiable Strategies to Get Identity Security Right in 2026

Standard Microsoft 365 data protection is failing against modern adversaries who weaponize compromised identities. With ransomware attacks on Microsoft customers surging 275% year-over-year, true cyber resilience requires more than just backup, it demands a strategy that unifies data security with robust identity recovery.
In this session, we will dissect how threat actors, such as Scattered Spider, exploit gaps between identity and access management (IAM) and data storage to paralyze organizations. 
We will move beyond high-level theory to specific, practical strategies for proactive data security posture management (DSPM) and orchestrated Active Directory/Entra ID recovery.
Join this webinar to:
• Understand modern identity-based tactics: Move beyond general ransomware trends to understand specifically how modern adversaries are weaponizing valid credentials in Active Directory and Entra ID to bypass traditional M365 defenses
• Close the identity-data gap: Most organizations have separate strategies for IAM and data protection. This session addresses the critical vulnerability that exists between them, explaining why recovering data is impossible without first recovering the identity system cleanly
• Shift from reactive to proactive: Learn how DSPM is evolving from a compliance checkbox into a proactive tool for reducing the blast radius of an attack before it happens

Securing M365 Data and Identity Systems Against Modern Adversaries

While traditional Infosec focuses on infrastructure responsibility, SaaS introduces a shared security model. The platform provider (like Salesforce) secures the apartment building and shared utilities, but the customer controls who has the 'front door key' and what happens inside—meaning they own the data and access controls.
 
 This is critical for availability and integrity. Standard Recovery Time Objective (RTO) and Recovery Point Objective (RPO) metrics don't capture the customer's burden of granular data recovery (e.g., fixing a single field value across millions of records). 
 
 More importantly, in interconnected SaaS ecosystems, rolling back a flawed change is insufficient. As demonstrated by scenarios like manufacturing errors, the integrity of downstream processes is lost. Therefore, senior security leaders must embrace a remediate-to-fail-forward strategy instead of relying on traditional failure mitigation.
 
 Join this session to: 
 
 • Understand why traditional RTO and RPO are insufficient for SaaS data resilience and learn practical steps needed to bridge the gap between platform-level uptime and application-level data integrity
 
 • Learn why rolling back changes in SaaS often makes things worse and how adopting a “fail-forward” approach ensures faster recovery and preserves data integrity across interconnected systems
 
Gain clarity on where SaaS provider responsibility ends and your ownership begins, plus practical steps for managing access, user provisioning, and data backup to strengthen compliance and reduce risk

Revisiting CIA: Developing Your Security Strategy in the SaaS Shared Reality

With 63% of breached organizations lacking AI policies and one in four CISOs reporting AI-generated attacks, the need for AI security expertise has never been more critical.  
Enter ISACA's new Advanced in AI Security Management (AAISM) certification, the industry's answer to the AI security governance problem. Designed exclusively for CISM and CISSP holders, AAISM validates your ability to govern, assess and secure AI implementations at the enterprise level.  
In this 30-minute session, ISACA's Kirsten Lora and Infosec Institute's Keatron Evans will unpack the new AAISM certification and share insights into mastering AI security. 
Join this 30-minute session to learn: 
• Why ISACA created the AAISM certification 
• If the AAISM is right for you and your team 
• Current AI governance and security challenges 
• Practical advice for implement AI governance frameworks

Mastering AI Security With ISACA’s New AAISM Certification

The race to integrate generative AI has created a dangerous blind spot, expanding the digital attack surface with entirely new vulnerabilities. This new frontier demands we understand the difference between AI Security (protecting the system) vs AI Safety (ensuring responsible behavior).

Join our panel of industry experts, including veteran pentester Gisela Hinojosa, research lead at Cobalt. Gisela will share firsthand accounts from the front lines of AI pentesting, including tactics attackers use and the defensive strategies you can deploy.

Join this session to learn:

• The critical differences between AI Security and AI Safety, and why you should address both
• Real-world examples of how attackers exploit LLMs, including prompt injection and sensitive data disclosure
• Actionable advice for building a proactive security program

Exposing AI’s Blind Spots: Security vs Safety in the Age of Gen AI

In an era of rapidly expanding regulations and a dynamic, complex risk environment, traditional approaches to IT audit and Governance, Risk, and Compliance (GRC) are proving insufficient. 
Many organisations grapple with outdated technologies and reactive, ad-hoc processes, leaving them vulnerable to data breaches, privacy violations, and non-compliance. 
This session will explore the transformative potential of emerging technologies, including Artificial Intelligence (AI), automated workflows, and advanced data analytics. 
We will delve into practical strategies for integrating these tools to build more effective, efficient, and forward-thinking IT audit and GRC programs, enabling teams to proactively address new challenges and safeguard their organisations.
• Understand the Modern IT Audit and GRC Imperative: Review the foundational principles of IT audit and GRC, and discuss why evolving risk landscapes and regulatory demands necessitate a shift from legacy practices.
• Demystify Key Emerging Technologies: Define and differentiate core concepts of AI, RPA, and data analytics, and identify their specific applications and benefits within audit and GRC contexts.
• Create Technology Integration Plans: Discuss best practices for identifying organizational needs and effectively integrating data analytics and other emerging technologies to enhance assessment, testing, and continuous monitoring processes.
• Address Implementation Challenges: Identify common pain points, bottlenecks, and risks (e.g., data leakage, IP concerns) associated with adopting new technologies and explore strategies to mitigate them.

Audit and Compliance in the Era of AI and Emerging Technology

Between rising regulatory demands, evolving threats, and stretched security teams, it’s no surprise that organizations are rethinking how they approach GRC. But nearly one third (30%) still rank compliance as a top-three challenge. 
In this session, explore the biggest sources of friction to maturing a GRC program, areas where GRC teams have leveraged orchestration and automation to make an immediate impact, and what the path forward looks like for proactively managing risk and compliance in high-regulation environments. Transform GRC from a checkbox into a strategic advantage.
Join this session to learn: 
Practical insights into reducing friction in GRC processes without adding headcount
Real-world examples of how teams are using workflow automation to drive efficiency and resilience
Actionable steps to align your GRC strategy with today’s regulatory environment and threat landscape

Modernizing GRC: From Checkbox to Strategic Advantage

This year has seen numerous well-known brands suffer cyber-incidents as a result of attacks emanating from compromised third-party vendors. The litany of victims include airlines, retail giants, fashion brands, tech companies and manufacturers. 

In many cases, attackers have targeted third-party suppliers with social engineering techniques which have been successful in enabling them access to high-value credentials. 

The spate of recent attacks has seen significant operational disruption and loss of revenue for victims. 

During this discussion, a panel of experts will analyze the lessons that can be taken from recent incidents and how third-party risk management strategies must evolve to keep pace with attackers' tactics.

Join this session to learn:

• How social engineering has been leveraged to steal credentials from third-party IT providers in 2025
• Why current third-party risk management strategies have fallen short in preventing these incidents
• How third-party strategies need to evolve to protect organizations from tactics deployed by groups like Scattered Spider

How to Stop the Third-Party Breach Epidemic Before It Hits You

The pressure is on for CISOs to present a clear, compelling case for cybersecurity to senior leadership, the c-suite and board of directors.

CISOs must assess their company's risk appetite (e.g. what level of risk is the organization willing to accept to achieve its objectives?) and tailor their communication to demonstrate how cybersecurity initiatives fall within that appetite.

During this discussion, a panel of experts will cover what metrics matter most to the board, how to frame security investments in terms of business value and best practices for demonstrating the ROI of your security program.


By joining this session, you will leave with a clear understanding of how to build trust and credibility with key stakeholders.

Join this session to learn:

 • Strategies to assess your organization’s risk appetite and align to your risk and threat profile (critical asset, sensitive data, attack surface, threat intelligence reports…)
 • How to prepare and deliver effective briefings that resonate with non-technical audiences
 • How to translate this risk profile into business terms and actionable insights 
 • Best practices for calculating and communicating the ROI of your security investments

Briefing the Board: Communicating Cyber Risk to Executives and Stakeholders

Discover why mid-market businesses are now prime cyber targets and how you can turn this risk into a strategic advantage. 

During this webinar, our panel of experts will discuss how to unlock the full value of your existing Microsoft Security stack, harness AI for both defense and efficiency, and build a culture of resilience through people and process. 

Take away practical steps to maximize your security investments, leverage AI and empower your team to transform cybersecurity from a cost centre into a true business enabler.

Join this session to:
Understand how you can maximise what you already own
 • Most mid-market firms have access to enterprise-grade Microsoft security tools. The challenge is activation, configuration, and ongoing optimisation, not buying more tech
 • Action: Audit your current Microsoft security stack and engage expert partners to unlock its full potential
Harness the power of AI with Microsoft Security
 • Cybercriminals are weaponizing AI, but Microsoft’s AI-powered security tools (like Security Copilot) can help you detect and respond to threats faster and smarter
 • Action: Invest in AI-driven security solutions and ensure your team is trained to use them effectively
Leverage your first line of defence: people & process
 • Technology alone isn’t enough. Regular employee training, a Zero Trust approach, and managed detection & response are critical for resilience
Action: Build a culture of security awareness and consider partnering with a specialist MSP for 24/7 protection

How Mid-Market Businesses Can Leverage Microsoft Security for Proactive Defenses

IT compliance and cybersecurity teams have long struggled to effectively communicate the impact of threats and vulnerabilities to executives. 

When done right, cyber risk quantification allows IT professionals to speak the language of the business: financial impact. 

While the importance of cyber risk quantification is apparent, many organizations struggle to get these projects funded. 

During this webinar we will explain how cyber risk quantification can mature your overall risk management program. Our panel of experts will also help you recognize the limitations of solely relying on compliance frameworks and adopt a proactive, business-aligned approach to IT security and assurance.

Communication is key and cybersecurity leaders must develop the skills to articulate the financial impact of cyber risks effectively, enabling IT compliance teams to align with business objectives and secure buy-in for key initiatives.

Join our experts to explore: 

● The basics of risk quantification and how to get started without trying to boil the ocean
● The importance of moving beyond framework-driven security and assurance
● Best practices for communicating the impact of IT security and supporting business growth
● How to drive risk-informed decision-making within your organization

Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

Operational technology (OT) security continues to evolve and is an increasingly complex environment to manage. 

Security teams require more details, context and evidence to proactively tackle growing threats and meet internal and external documentation requirements, including to the boardroom and regulators.

In this environment, OT entities must establish a thorough, contextual view of the environment as well as automate and update its data in near real time.

In this 30-minute session, Rockwell Automation’s John Speakman will set out how to build a multi-dimensional view of the OT environment, going far beyond a simple inventory.

The presentation will also highlight how these insights can be leveraged for proactive risk identification and reduction across multiple industries.

Join this webinar to learn:

• The significant data collection and context challenges in OT security
• How to build a multi-dimensional view of the OT environment
• Gaining contextual risk calculation and resulting automated analysis
• Case studies from successful OT practitioners

OT Security Ecosystem for Targeted Risk Reduction and Reporting

The browser has become the central hub for modern work, yet it remains a significant blind spot in many organizations' security strategies. 
This 30-minute talking tactics webinar will explore the evolving landscape of browser-based attacks, drawing insights from real-world incidents and threat intelligence. This session will feature Mandiant and Chrome Enterprise experts who will provide frontline insights and practical guidance.
Join this session to:
• Uncover the hidden risks: Gain insights into real-world attack scenarios that exploit browser vulnerabilities, including phishing, data breaches and malicious extensions, highlighting the limitations of traditional security measures
• Gain practical strategies: Get actionable strategies for enhancing browser security
• Hear expert perspectives: Benefit from frontline insights from Mandiant and Chrome Enterprise experts, gain a deeper understanding of the threat landscape and learn effective defense techniques

The Invisible Frontline: Proactive Approaches to Browser Defense

Rapid digitization in the past few years has led to an explosion of digital assets across different cloud services, SaaS applications and remote devices within organizations. These assets have their own security profiles, vulnerabilities and access to critical datasets, significantly expanding business’ cyber-attack surface and level of exposure.

Therefore, for security teams to effectively manage and reduce their cyber risks, they must have visibility of the many different assets across their organization’s system and the differing levels of threat they pose. This will allow an accurate analysis of the impact of a breach and the security controls required to mitigate this threat.

In this webinar, a panel of experts will highlight: 


• Best practices on leveraging existing security and IT data sources to map cyber relationships and risk across the organization
• How to identify security coverage gaps and ‘toxic combinations’ relevant to your business
• Industry best practice on how to implement an exposure management program in your organization

How to Mitigate Cyber-Risks Through a Threat Exposure Management Program

Cloud

SaaS

Cyber Risk Management

Threat Landscape

security controls

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How to Mitigate Cyber-Risks Through a Threat Exposure Management Program

Presented by

About this talk

Infosecurity Magazine