Name: The Broken State of Least Privilege: Reimagining a New Approach
Start: 2024-01-25T17:00:00Z
End: 2024-01-25T17:00:32.000Z
Location: BrightTALK
Rating: 4.7

This channel brings together the leading identity and security vendors and industry experts to regularly educate security leaders on how to reduce risk through identity-centric strategies. For more resources and education on identity-centric security strategies, visit www.idsalliance.org.

Five of the top 10 MITRE ATT&CK® techniques observed from July 2023 to June 2024 were identity-based. As identity-based attacks become a critical threat in cloud environments, mastering an identity-centric security strategy is imperative.

Join us and Kevin Tsuei, SVP Information Security Officer at the Commercial Bank of California and Venu Shastri, Director of Product Marketing at CrowdStrike to learn why considering a unified identity protection strategy covering both on-prem Active Directory and cloud identity providers is critical to protecting against modern adversaries.

Attendees Will Learn:
– Learn about unified identity protection
– Hear latest innovations on identity security from Fal.Con 2024
– Listen to a real-world customer case study – Commercial Bank of California, covering best practices

Beyond Boundaries: Revolutionizing Identity Security from On-Premises Environments to the Cloud

IAM leaders face increasing challenges, from technical debt to navigating organizational politics, all while striving to make meaningful impact. In this webinar, hosted by IDSA and featuring IAM industry veteran Steve Tout, we’ll explore the critical skills and mindsets needed to excel as an IT leader. Discover how to develop your unique leadership identity, hone your superpowers, and think like a data scientist to uncover innovative solutions. Through lessons from the Rubin vase illusion, Steve will challenge your perspective, equipping you with tools to align technical, strategic, and human dimensions for leading more impactful IAM strategies and programs.

Attendees Will Learn:
- Clarifying your leadership identity
- Identifying and hone your superpowers
- Developing next-gen leadership skills
- Charting your path to impact

Navigating IAM Leadership Challenges and Opportunities

As technology evolves, so do cyber threats. Join us for a forward-looking webinar on Cybersecurity Trends for 2025, where we explore imminent challenges and innovative solutions in the cybersecurity landscape. Our expert panel will uncover emerging threats, cutting-edge technologies, and strategic approaches that organizations must adopt to stay ahead in the digital race. Stay informed and prepared to protect your digital assets effectively.

Attendees Will Learn:
– Emerging Cyber Threats: Understand the latest cyber threats and attack vectors predicted for 2025.
– Advanced Defense Mechanisms: Explore next-generation cybersecurity technologies and tools.
– Regulatory Changes: Stay updated on upcoming regulatory changes and compliance requirements.
– Best Practices: Learn effective strategies and best practices for robust cybersecurity.

Cybersecurity Challenges of 2025: Uncovering the Role of Digital Identities

As we approach the end of 2024 and reach the midpoint of the roaring twenties, this decade has undoubtedly challenged us with a variety of issues, from cyber threats to revolutionary technology. With 2025 on the horizon, it’s an ideal moment to reflect on the cybersecurity trends that have emerged in recent years and to begin strategizing for what lies ahead.

Attendees Will Learn:
– The AI Threat – has it truly met expectations?
– Quantum Computing Threats – separating theory from reality
– Hidden “Paths to Privilege™” – a new battleground
– And much more!

Top Cybersecurity Trends & Predictions: A Look Into 2025 & Beyond

The cyber talent pool and experience in Latin America (LATAM), starting in Mexico and into Central America is growing exponentially. We will discuss what that means to the industry, as a whole. Does the purported talent gap truly exist? We will touch on the need for identity in cross-border acceptance and what that means in the long term.

Attendees Will Learn:
– What's going on with LATAM cyber talent
– The role identity plays in LATAM
– The significant differences between USA and LATAM cyber talent needs
– Any cyber talent differences between each country in LATAM

Who Should Attend:
– CISOs
– HR Professionals
– Hiring Managers
– CEOs

Identity and Security Talent in Latin America

Advanced threat actors are compromising the identity infrastructure of some of the largest organizations in the world with ease. Upon gaining access to the identity provider, they are able to move laterally into Iaas, PaaS, and SaaS environments and steal data - all in the course of 2-3 days.

Join Ian Ahl, SVP of P0 labs and former Head of Advanced Practices at Mandiant, as he shares knowledge stemming from responding to hundreds of breaches in his career. Ian will walk through how advanced threat groups target human and non-human identities for compromise, how they maintain persistence in environments, and provide some tips for detecting suspicious and malicious activity in identity providers, cloud service provides, and SaaS applications. He’ll also provide actionable steps security teams can take to prevent breaches or know about them as quickly as possible.

Attendees Will Learn:
– How advanced threat groups target human and non-human identities for compromise
– Tips for detecting suspicious and malicious activity in identity providers, cloud service provides, and SaaS applications
– Actionable steps security teams can take to prevent breaches or know about them as quickly as possible

How LUCR-3 (Scattered Spider) Orchestrates Identity-Based Attacks Across Environments

Identity-based attacks are growing in potency and frequency: IDSA reported in their 2024 survey that 91% of organizations experienced identity-based attacks. While multifactor authentication has been available for years, most implementations are weak and do not provide true phishing resistance. By future-proofing your MFA you can defend against emerging attacks, strengthen your authentication posture, and authenticate users, devices, and applications ... without ripping a replacing your existing systems. The benefits? Lower costs, happier end users, and fewer support calls.

MFA Fatigue, SS7 Exploits, and Attack Kits: Future-proofing Your MFA

In today's complex regulatory environment, adhering to various cybersecurity and data privacy regulations is a challenging yet essential task for organizations. Join us for an insightful round table discussion where industry experts from senhasegura will delve into identity-centric strategies to simplify and streamline regulatory compliance. We'll explore frameworks such as NIST 2.0, ISO 27001, CIS Controls, and data privacy regulations like GDPR and CCPA. Learn how Privileged Access Management (PAM) plays a critical role in meeting these standards.

Discover how to navigate regulatory requirements effectively while enhancing your organization’s security posture. Our experienced panelists will share challenges, best practices, and actionable insights to bolster your compliance efforts and business continuity planning.

Attendees Will Learn:
– Key regulatory requirements and how identity management addresses them.
– Insights into NIST 2.0, ISO 27001, CIS Controls, GDPR, and CCPA.
– Practical steps for implementing PAM to ensure compliance.
– Common compliance challenges and best practices for overcoming them.
– How to integrate compliance and cybersecurity into business continuity planning.

Regulatory Compliance Made Easy with Identity-Centric Strategies

CyberArk Identity Security Threat Landscape Report 2024 surveyed 2,400 security decision-makers globally to understand how and why the identity-related threat landscape is expanding.

A tsunami of new identities, new environments and new attack methods are pummeling and muddying the threat landscape in 2024. Our findings indicate GenAI, rise of machine identities and a deluge of third- and fourth-party providers is compounding cyber debt. Find out how organizations are strategizing to drive improved identity security initiatives and reduce cyber debt.

Key takeaways from this session include:
– GenAI is a double-edged sword enabling the defenders and the offenders.
– Machine identities are the riskiest identity types and driver of overall identity growth.
– Bad actors target third- and fourth-party providers to maximize impact.

Cyber Debt Amplifies with GenAI, Machine Identities & Third- & Fourth-Party Risk

Gartner states that 80% of executive leaders outside of IT (CxOs) believe that digital leadership is part of their job. IDC states that only 30% of CIOs believe they own and/or influence more than half of the overall technology budget. IT leaders must find a way to connect decentralized SaaS back to the center of excellence, driven by an identity-first security strategy, without slowing down the business teams.

Attendees Will Learn:
– The state of decentralized SaaS purchasing and the impact on identity programs
– How to translate the most relevant and basic IAM terms for non-IT people
– How to connect decentralized SaaS apps back to identity providers and the identity center of excellence

How to Manage Disconnected Applications with Your Identity Program

Join Elias Jensen, Director, Architect Lead at Omada, for an exciting webinar that aims to guide the attendees through the various technologies that enable the application of AI for IGA.

This can help to drive significant improvements in workflow decision-making and accelerate your IGA journey towards an identity-first architecture. You will also hear about an example of how one of Omada’s customers are using AI today for IGA.

Attendees will learn:
-  IGA AI applications
-  The layers of AI impact within IGA
-  AI requirements before you can get going

How to Successfully Leverage AI Game-Changers Powering Identity Governance

Decentralized Identity standards and technologies are moving into the mainstream, whether mentioned explicitly in recent EU digital identity frameworks or re-packaged as "Reusable Identity" to focus on its benefits to onboarding. Kim Duffy, Executive Director of the Decentralized Identity Foundation, covers the key principles and tech behind decentralized identity, trends in adoption, and compelling use cases demonstrating how it can enable a trusted ecosystem, whether you're interacting with people, organizations, devices, or a complex chain including all of these.

Decentralized Identity for People & NPEs: Updates, Trends, & Killer Use Cases

In today's rapidly evolving business environment, the significance of identity security cannot be overstated. With both employees and non-employees having access to critical applications, data, and infrastructure, the need for robust identity security measures has never been more pressing.

Navigating Threats & Solutions in The Age of AI-driven Business

As the digital identity landscape continues to evolve at a rapid pace, understanding the needs, skills, and diversity of its practitioners is crucial for steering the industry towards a more inclusive and effective future. Join Heather Flanagan, Executive Director for IDPro and Principal Editor for the IDPro Body of Knowledge, for a sneak preview of the 2024 IDPro Skills, Programs & Diversity Survey results. This session aims to shed light on the current state of the digital identity industry, highlighting key trends in practitioner skills, program development challenges, and the critical importance of diversity in fostering innovation. [Optional Add] Participants will gain valuable insights into: - The emerging skills and expertise areas in high demand within the digital identity field. - Strategic guidance for individuals seeking to advance their careers and for organizations aiming to strengthen their identity management programs. - The role of diversity in driving technological and service innovation, and how organizations can tap into emerging opportunities. - Strategic guidance for businesses looking ahead to future opportunities and challenges in the world of digital identity.

Insights from the 2024 IDPro Skills, Programs & Diversity Survey

The Authorization Fabric decides whether a specific principal is authorized to perform a precise operation on a particular resource and whether the resource permits this access.The granularity of this approach is vital in today’s threat landscape, requiring organizations to shift their focus to a comprehensive, system-wide authorization framework. This shift parallels the principles of microservices but applies them to the realm of access control. Rather than depending on a single point of control, there is a need for a network proxy that acts as a bridge between trust and authorization. Join us on a journey towards a future powered by micro authorizations, where precision, adaptability, and contextual awareness define access control. Explore how micro authorizations can address contemporary security challenges and facilitate the adoption of the Zero Trust model.

Micro Authorizations: Enabling Zero Trust in PAM

Some cloud identity providers have been at the center of high-profile breaches as modern threat actors have been heavily targeting the identity layer of cloud. Many security teams simply don't have visibility into attacks wagered against the identity control plane. In this session, learn how threat actors target the identity control plane and how to secure your IdP to better protect your environment.

Observations from Real-life Attacks & Measures to Protect Your Environment

Recent security breaches, exemplified by incidents such as Cloudflare's, serve as a stark reminder of the inherent security in unmanaged Non-Human Identities (NHIs), such as service accounts, service principals, tokens, secrets and keys. These breaches underscore the complex operational hurdles even the most seasoned security teams struggle to overcome when it comes to governing and securing NHIs. While enterprises have rolled out programs to fortify the security of human identities, most lack a strategy and solution for NHIs.

Securing Non-Human Identities: Insights from Recent Breaches

For three years running, the most popular way people say they keep track of their passwords is by writing them down in a password notebook, according to the National Cybersecurity Alliance's annual Oh Behave! Cybersecurity Attitudes and Behaviors Report. We'll talk about those findings and more gleaned from surveying the public in the US, UK, Canada, Germany, France, and New Zealand.

People ❤️ Password Notebooks

Traditional least privilege practices have proven inadequate. Enterprises are caught between over-provisioning roles or resort to the blunt instrument of full access removal – both lead to operational inefficiency and increased risk.

Gain insight into:
– Inefficiencies of all-or-nothing access policies in contemporary enterprise contexts.
– Strategies for implementing a nuanced access model that refines least privilege for practical, everyday use.
– Real-world examples showcasing the limitations of traditional PoLP and the benefits of a revised approach.

Attendees will get an enriched perspective on achieving true least privilege - one that reflects the changing realities of cloud (and on-prem) access requirements.

The Broken State of Least Privilege: Reimagining a New Approach

Least Privilege

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The Broken State of Least Privilege: Reimagining a New Approach

Presented by

About this talk

More from this channel