Name: How LUCR-3 (Scattered Spider) Orchestrates Identity-Based Attacks Across Environments
Start: 2024-10-16T15:30:00Z
End: 2024-10-16T15:31:00.000Z
Location: BrightTALK
Rating: 0

This channel brings together the leading identity and security vendors and industry experts to regularly educate security leaders on how to reduce risk through identity-centric strategies. For more resources and education on identity-centric security strategies, visit www.idsalliance.org.

The cyber talent pool and experience in Latin America (LATAM), starting in Mexico and into Central America is growing exponentially. We will discuss what that means to the industry, as a whole. Does the purported talent gap truly exist? We will touch on the need for identity in cross-border acceptance and what that means in the long term.

Attendees Will Learn:
– What's going on with LATAM cyber talent
– The role identity plays in LATAM
– The significant differences between USA and LATAM cyber talent needs
– Any cyber talent differences between each country in LATAM

Who Should Attend:
– CISOs
– HR Professionals
– Hiring Managers
– CEOs

Identity and Security Talent in Latin America

Identity-based attacks are growing in potency and frequency: IDSA reported in their 2024 survey that 91% of organizations experienced identity-based attacks. While multifactor authentication has been available for years, most implementations are weak and do not provide true phishing resistance. By future-proofing your MFA you can defend against emerging attacks, strengthen your authentication posture, and authenticate users, devices, and applications ... without ripping a replacing your existing systems. The benefits? Lower costs, happier end users, and fewer support calls.

MFA Fatigue, SS7 Exploits, and Attack Kits: Future-proofing Your MFA

In today's complex regulatory environment, adhering to various cybersecurity and data privacy regulations is a challenging yet essential task for organizations. Join us for an insightful round table discussion where industry experts from senhasegura will delve into identity-centric strategies to simplify and streamline regulatory compliance. We'll explore frameworks such as NIST 2.0, ISO 27001, CIS Controls, and data privacy regulations like GDPR and CCPA. Learn how Privileged Access Management (PAM) plays a critical role in meeting these standards.

Discover how to navigate regulatory requirements effectively while enhancing your organization’s security posture. Our experienced panelists will share challenges, best practices, and actionable insights to bolster your compliance efforts and business continuity planning.

Attendees Will Learn:
– Key regulatory requirements and how identity management addresses them.
– Insights into NIST 2.0, ISO 27001, CIS Controls, GDPR, and CCPA.
– Practical steps for implementing PAM to ensure compliance.
– Common compliance challenges and best practices for overcoming them.
– How to integrate compliance and cybersecurity into business continuity planning.

Regulatory Compliance Made Easy with Identity-Centric Strategies

CyberArk Identity Security Threat Landscape Report 2024 surveyed 2,400 security decision-makers globally to understand how and why the identity-related threat landscape is expanding.

A tsunami of new identities, new environments and new attack methods are pummeling and muddying the threat landscape in 2024. Our findings indicate GenAI, rise of machine identities and a deluge of third- and fourth-party providers is compounding cyber debt. Find out how organizations are strategizing to drive improved identity security initiatives and reduce cyber debt.

Key takeaways from this session include:
– GenAI is a double-edged sword enabling the defenders and the offenders.
– Machine identities are the riskiest identity types and driver of overall identity growth.
– Bad actors target third- and fourth-party providers to maximize impact.

Cyber Debt Amplifies with GenAI, Machine Identities & Third- & Fourth-Party Risk

Gartner states that 80% of executive leaders outside of IT (CxOs) believe that digital leadership is part of their job. IDC states that only 30% of CIOs believe they own and/or influence more than half of the overall technology budget. IT leaders must find a way to connect decentralized SaaS back to the center of excellence, driven by an identity-first security strategy, without slowing down the business teams.

Attendees Will Learn:
– The state of decentralized SaaS purchasing and the impact on identity programs
– How to translate the most relevant and basic IAM terms for non-IT people
– How to connect decentralized SaaS apps back to identity providers and the identity center of excellence

How to Manage Disconnected Applications with Your Identity Program

Join Elias Jensen, Director, Architect Lead at Omada, for an exciting webinar that aims to guide the attendees through the various technologies that enable the application of AI for IGA.

This can help to drive significant improvements in workflow decision-making and accelerate your IGA journey towards an identity-first architecture. You will also hear about an example of how one of Omada’s customers are using AI today for IGA.

Attendees will learn:
-  IGA AI applications
-  The layers of AI impact within IGA
-  AI requirements before you can get going

How to Successfully Leverage AI Game-Changers Powering Identity Governance

Decentralized Identity standards and technologies are moving into the mainstream, whether mentioned explicitly in recent EU digital identity frameworks or re-packaged as "Reusable Identity" to focus on its benefits to onboarding. Kim Duffy, Executive Director of the Decentralized Identity Foundation, covers the key principles and tech behind decentralized identity, trends in adoption, and compelling use cases demonstrating how it can enable a trusted ecosystem, whether you're interacting with people, organizations, devices, or a complex chain including all of these.

Decentralized Identity for People & NPEs: Updates, Trends, & Killer Use Cases

In today's rapidly evolving business environment, the significance of identity security cannot be overstated. With both employees and non-employees having access to critical applications, data, and infrastructure, the need for robust identity security measures has never been more pressing.

Navigating Threats & Solutions in The Age of AI-driven Business

As the digital identity landscape continues to evolve at a rapid pace, understanding the needs, skills, and diversity of its practitioners is crucial for steering the industry towards a more inclusive and effective future. Join Heather Flanagan, Executive Director for IDPro and Principal Editor for the IDPro Body of Knowledge, for a sneak preview of the 2024 IDPro Skills, Programs & Diversity Survey results. This session aims to shed light on the current state of the digital identity industry, highlighting key trends in practitioner skills, program development challenges, and the critical importance of diversity in fostering innovation. [Optional Add] Participants will gain valuable insights into: - The emerging skills and expertise areas in high demand within the digital identity field. - Strategic guidance for individuals seeking to advance their careers and for organizations aiming to strengthen their identity management programs. - The role of diversity in driving technological and service innovation, and how organizations can tap into emerging opportunities. - Strategic guidance for businesses looking ahead to future opportunities and challenges in the world of digital identity.

Insights from the 2024 IDPro Skills, Programs & Diversity Survey

The Authorization Fabric decides whether a specific principal is authorized to perform a precise operation on a particular resource and whether the resource permits this access.The granularity of this approach is vital in today’s threat landscape, requiring organizations to shift their focus to a comprehensive, system-wide authorization framework. This shift parallels the principles of microservices but applies them to the realm of access control. Rather than depending on a single point of control, there is a need for a network proxy that acts as a bridge between trust and authorization. Join us on a journey towards a future powered by micro authorizations, where precision, adaptability, and contextual awareness define access control. Explore how micro authorizations can address contemporary security challenges and facilitate the adoption of the Zero Trust model.

Micro Authorizations: Enabling Zero Trust in PAM

Some cloud identity providers have been at the center of high-profile breaches as modern threat actors have been heavily targeting the identity layer of cloud. Many security teams simply don't have visibility into attacks wagered against the identity control plane. In this session, learn how threat actors target the identity control plane and how to secure your IdP to better protect your environment.

Observations from Real-life Attacks & Measures to Protect Your Environment

Recent security breaches, exemplified by incidents such as Cloudflare's, serve as a stark reminder of the inherent security in unmanaged Non-Human Identities (NHIs), such as service accounts, service principals, tokens, secrets and keys. These breaches underscore the complex operational hurdles even the most seasoned security teams struggle to overcome when it comes to governing and securing NHIs. While enterprises have rolled out programs to fortify the security of human identities, most lack a strategy and solution for NHIs.

Securing Non-Human Identities: Insights from Recent Breaches

For three years running, the most popular way people say they keep track of their passwords is by writing them down in a password notebook, according to the National Cybersecurity Alliance's annual Oh Behave! Cybersecurity Attitudes and Behaviors Report. We'll talk about those findings and more gleaned from surveying the public in the US, UK, Canada, Germany, France, and New Zealand.

People ❤️ Password Notebooks

We will cover how Identity GRC can serve as a strategic pillar in a firm’s cybersecurity strategy, providing robust tools and methodologies to safeguard digital assets, proactively managing identity-related risks to simplify compliance efforts and optimize cybersecurity posture.
We will discuss real-world examples to give insights into best practices for implementing Identity GRC effectively. By embracing this powerful approach, firms can learn to not only protect their digital assets but also thrive in the ever-changing cybersecurity landscape.

Leveraging Identity GRC to Supercharge Your Security Strategy

The OSIA (Open Standards Identity APIs) initiative to drive interoperability of identity systems has been adopted globally by the industry and leveraged as part of wider foundational identity schemes by a growing number of countries.

This presentation will introduce how to leverage OSIA to drive interoperability through identity ecosystems.
– Unleashing market innovation through interoperability
– Leveling the playing field to open markets and drive competition
– Ensuring product(s) compatibility after M&A activity

Introducing OSIA: a Universal Interoperability Framework

Get in the minds of Criminals, Nation States and Hacktivists.  Join us to explore the psychology, motivation, and cutting-edge tactics of today’s threat actors.  Our dynamic resident experts, Andy Thompson, and Brandon McCaffrey will unravel the intricacies of recent attacks and evolving threat methods that jeopardize your organization.

Modern Battlefield: Attacker Methods, Motivations & Building a Strategic Defense

The traditional security model of "trust but verify" is no longer sufficient in today's complex and dynamic threat landscape.
Zero Trust is a security concept that assumes that threats exist both inside and outside the network, and no entity should be trusted by default.

Zero Trust: Why It Matters and How to Implement in Your Organization

Advanced threat actors are compromising the identity infrastructure of some of the largest organizations in the world with ease. Upon gaining access to the identity provider, they are able to move laterally into Iaas, PaaS, and SaaS environments and steal data - all in the course of 2-3 days.

Join Ian Ahl, SVP of P0 labs and former Head of Advanced Practices at Mandiant, as he shares knowledge stemming from responding to hundreds of breaches in his career. Ian will walk through how advanced threat groups target human and non-human identities for compromise, how they maintain persistence in environments, and provide some tips for detecting suspicious and malicious activity in identity providers, cloud service provides, and SaaS applications. He’ll also provide actionable steps security teams can take to prevent breaches or know about them as quickly as possible.

Attendees Will Learn:
– How advanced threat groups target human and non-human identities for compromise
– Tips for detecting suspicious and malicious activity in identity providers, cloud service provides, and SaaS applications
– Actionable steps security teams can take to prevent breaches or know about them as quickly as possible

How LUCR-3 (Scattered Spider) Orchestrates Identity-Based Attacks Across Environments

Identity Management

Identity Security

Cloud Security

SaaS

IaaS

PaaS

CISO

Scattered Spider

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How LUCR-3 (Scattered Spider) Orchestrates Identity-Based Attacks Across Environments

Presented by

About this talk

More from this channel