Name: Securing SAML/SSO in a post-SolarWinds Attack World - Webinar Recording
Start: 2021-02-17T18:00:00Z
End: 2021-02-17T18:01:06.000Z
Location: BrightTALK
Rating: 5

This webinar addresses how to start a Zero Trust project - addresses NAC security in the enterprise. We will also address how a NAC project is done right can address the compliance and security needs of the enterprise. Relevant compliance measures include:: SOX, PCI-DSS, HIPAA/HITRUST, ISO 27001, and best NIST practices.

But how do we get started with a Zero Trust project? Network segmentation is done at an enterprise-level - with identity mapping to the enterprise user store: Active Directory. The webinar will discuss not only the benefits but how actually implement. Lastly, full NAC security maps to your audit.

This webinar will cover:

• NAC implementation and relation to Zero Trust

Details:
• Details in network segmentation
• Enterprise management
• Identity Governance and Compliance

The Agenda:

• Introductions
• What is NAC and Zero Trust?
• How does it relate to compliance?
• Guardicore and NCA
• YouAttest and Compliance
• Short Demo
• Q & A

A Q&A session will follow the presentation and a hands-on demo.

Guardicore and YouAttest - Zero Trust, Micro-Segmentation and Compliance

www.youattest.com
sales@youattest.com

What will the Experts Cover? 

How do we: 
   - Understand how the SolarWinds hack could affect our SSO?
   - Understand the weak points in Application/User SSO?
   - Identify what can and has been compromised?
   - Understand what we can do to protect ourselves

Other topics covered in this webinar will include:

   - Key concerns on implementing property controls
   - Administrative accounts
   - Credential Handling
   - Answering Your Questions

Securing SAML/SSO in a post-SolarWinds Attack World - Webinar Recording

Have you had recurring Active Directory access review audit nightmares?

If you’re ever had to conduct an access review audit of Active Directory, you know that it’s a long, cumbersome, error-prone process, and it’s not just a one-off project. CISAs have a lot on their plates already, but when AD must be audited, someone has to do it, and this chore tends to fall to CISAs.

Fighting with spreadsheets, lengthy email chains, service tickets, and weeks of toil isn’t anyone’s definition of a “productive workflow,” so organizations with deep pockets often turn to “automated” audits, which aren’t all that automated. These tend to be expensive on-premises systems that require hefty service contracts. 

Pick your poison, because neither approach scales. 

If you have Active Directory access review audits in your future, and you’d like to break this expensive, labor-intensive cycle, you’ll want to join us on Wednesday, September 2 at 10:00 AM PT as we discuss how to turn Okta into a high-octane IGA engine.

Webinar: How to use Okta as a high-octane IGA engine

CISAs, CISOs, and IT leaders already trust Okta to deliver comprehensive IAM/SSO capabilities. Now, through new partner YouAttest, Okta customers are able to directly integrate a fully functional IGA Access review system via a secure and certified set of APIs – all at a fraction of the cost of DIY systems, consultants, or bloated and costly IAM solutions that duplicate many of the features you’re already paying for with IDaaS/SSO.

Speakers:

Jennifer Galvin, Team Lead, CIAM Specialist, Field Alliances Enablement for Okta, Okta Certified Consultant and Okta Certified Developer

Raj Sawhney, Managing Director, IT and Internal Audit at Focal Point

Garret Grajek, CEO of YouAttest

AD Best Practices for Audit - Okta's Jennifer Galvin & Focal Point's Raj Sawhney

User-Centric Auditing - Vituity and YouAttest

Your organization has to complete a SOC report - what does this mean and how to meet the objectives? You are a consumer or cloud-based services - thus you are required to conduct user access reviews of these cloud services:

• What are these SOC guidance?
• What is the practices and procedures of the audit?
• Which applications do you need to audit?

Esteemed risk management and internal audit expert Raj Sawhney, practice lead from Focal Point, will lead in this discussion with 20+ years of experience on SOC, SOX, cybersecurity, and business processes will help us understand:

• Focus SOC 1 and SOC 2
• Difference between SOC 1 and SOC 2
• Focus: Operational Effectiveness for Type 2 Audit
• User Entity Requirements/Complementary User Entity Controls (CUECs)
• YouAttest for user access reviews
- Focus on user information relevant to application for SOC report
- SOC report for cloud-based services

User Access Reviews for SOC Compliance - Guest Speaker Raj Sawhney

Auditing is a necessary, but expensive, process. Beyond traditional financial and physical security audits, the recent explosion of remote work has shined a light on the need to secure – and validate – identities and permissions.

To securely manage remote workers, IT staffs must perform periodical IT Access Review audits to determine that only the right users in the proper roles are accessing various corporate resources. To cope with ballooning external risks, businesses must also turn to DRP (Digital Risk Protection) services in order to get the full picture of the organization's overall risk profile. 

Of course, both IT Access Reviews and DRP audits are costly endeavors. Worse, those costs can easily spiral out of control because there are so many unknowns involved with each audit. 

What will be found? What won’t be discovered, and which audit findings must be remediated?

Beyond those unknowns lies uncertainty around cost itself. Traditional auditing firms have, for years, utilized re-assigned (and overworked) IT workers to perform audits and craft reports. However, there is a better way: tools exist to improve the efficacy and reduce the cost of the audit process, while also eliminating dangerous blind spots across governance, risk, and compliance.

In this webinar, we'll talk to a security analyst and cost analysis expert to learn: 

-  What is the value of utilizing auditing accelerators?  
-  How can we quantify the complexity of our current processes?
-  How do we justify the investment in automation?
-  What are the financial implications of doing nothing?
-  What is the risk of an overlooked credential/access mistake?

Slashing the Cost of IT Access Reviews and the TCO of Audit Tools

Access Reviews are a key component of a secure enterprise. They are part of the NIST Cybersecurity Framework (PR.AC.4) and mandated by regulations like SOX, PCI-DSS, HITRUST and ISO 27001.

We will have an expert explain:
• Which regulations require access reviews
• Why Access Reviews are important
• What information needs to be reviewed
• Who does the reviewing

YouAttest will then show how access reviews can be automated with its cloud identity Governance product:

• Access reviewed by application, users, groups
• Reviews auto and manually delegated
• Access can be certified and revoked
• Accesses can be AUTOMATICALLY scheduled

Webinar Recording: Auto-Schedule Access Reviews - The Whys and Hows

The SolarWinds attack with its embedded hack right into the heart of our enterprises. But more importantly, this attack has shown us that this TYPE of hack is possible. That is - a hack that part-of-our TRUSTED communication and can thus access our key components.

As SSO is one of the most important.

So how do we: .
• Understand how the SolarWinds hack could affect our SSO?
• Understand the weak points in Application/User SSO?
• Identify what can and has been compromised?
• Understand what we can do to protect ourselves

This webinar will cover:

• Key concerns on implementing property controls
• Administrative accounts
• Credential Handling

Leading the conversation will be Mark Lambiase - 14 U.S. patents, IT security Expert. Resume includes Cisco Security Lead and Consulting Engineer, SecureAuth Chief Scientist and Researcher and CTO of Fox Technologies and Ground Work Open Source. Mark is known in the field for his unrelenting passion for excellence and unforgiving attitude to anything but flawless execution on security.

Access Management

Audit

Compliance

Governance

ISO 27001

okta

Security

solarwinds

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Securing SAML/SSO in a post-SolarWinds Attack World - Webinar Recording

Presented by

About this talk

More from this channel