Name: Anatomy of the MGM Hack: A CyberArk Labs Perspective
Start: 2023-11-15T00:15:00Z
End: 2023-11-15T00:15:46.000Z
Location: BrightTALK
Rating: 5

Centered on intelligent privilege controls, CyberArk provides the most comprehensive security offering for any identity - seamlessly securing human and machine identities accessing workloads from hybrid to multi-cloud, and flexibly automates the identity lifecycle all with continuous threat detection and prevention – protecting organization’s identities and most critical assets by enabling Zero Trust and enforcing least privilege.  

As more than 70% of reported security breaches are attributed to identity-based threats, questions arise about the relevance of the perimeter concept in safeguarding workforce identities and endpoints. Today, organizations must embrace a security-first mindset that transcends the traditional perimeter, adopting comprehensive identity and access controls that span the identity lifecycle from login and beyond. Watch this session to explore how to adopt the identity perimeter approach, the inherent risks in using traditional controls and the importance of a holistic IAM strategy in safeguarding workforce identities and endpoints that extend beyond the perimeter.

Going Beyond the Perimeter: Strategies to Secure Your Workforce and Endpoints

You may be familiar with current Cyber Insurance requirements, but do you have a forward-thinking security strategy, one that goes beyond “checking a box” and helps you to carefully plan for future renewals?  In this session, we’ll highlight the critical elements of a proactive security program, and we’ll provide examples of how to effectively showcase your organization to successfully obtain a policy or renewal. 

There isn’t a perfect security program. Storytelling is an important part of the process. Be ready to share a narrative about the plan you have in place now and how you will advance your program to address any gaps for risk reduction.  

In this session, Nick Graf, Vice President, Cyber Risk Control CNA Insurance and James Creamer, Senior Manager, Security Strategic Advisory CyberArk provide guidance on how to: 

Practically implement security controls 
Effectively communicate your strategy 
Plan for the next renewal. 

Nick Graf, Vice President,Cyber Risk Control for CNA Insurance and James Creamer, Senior Manager, Security Strategic Advisory for CyberArk

Developing a Next-Level Cyber Insurance Strategy

IT admins and developers are two highly targeted identities for attackers. So what's the best way to tackle their unique access needs without adding hurdles to their day-to-day workflows? Enforce just-in-time access principles and least privilege whenever possible.

Join us for a deep dive into the practical applications of just-in-time access and newer themes like zero standing privileges. We’ll explore how these concepts can be combined to bring both operational and security focused benefits with the goal of minimizing standing entitlements while maximizing visibility and user experience across data center and Cloud environments.

In this webinar, you will learn how to bring your security program from foundational to exceptional through best practices for both securing IT admins and developers, as well as discover:

How to deliver measurable cyber risk reduction while maintaining operational efficiency across these sensitive personas
How to reduce compliance gaps across environments
How to overcome identity explosion

Understanding Zero Standing Privilege and Just in Time Access

Implementing Zero Standing Privilege and Just in Time Access

In today’s rapidly evolving digital ecosystem, Cybersecurity is both a technical challenge and business imperative. The need to ensure the integrity, security and privacy of user information has never been greater. Following a “never trust, always verify” Zero Trust approach is an effective way to secure identities, endpoints, applications, data, infrastructure and networks, while providing visibility, automation and orchestration. Identity is the primary way organizations can determine and manage who has access to which resources – and under what conditions – and ensure that those access privileges are used appropriately. In this session, we cover emerging trends in identity security and IAM, effective identity-first security strategies and how to enhance user experiences with an identity security framework.

The Power of “Zero” in a Digital World

Introducing CyberArk’s Identity Security Clinic. Where experts dissect and diagnose your identity security challenges and prescribe a path forward with a comprehensive solution including actionable insights and strategies to safeguard all identities across your organization.

In our Identity Security Clinic, we will tackle this challenge:

I have developers requesting standing access because they need to connect natively from the CLI. Our current solution does provide standing access, but I need a more secure solution. What do I do?

In this webinar, we will talk through just-in-time access and zero standing privileges. Topics will include:

- Extending privilege controls to developer workflows.
- Maintaining native, frictionless access.
- Applying identity security best practices to developer and machine workloads.

Join us to learn how to master Identity Security best practices, apply zero trust principles, and reduce risk across all your IT admins, developers, non-human and workforce identities. By synergizing workforce identity security with robust IT security measures, organizations can establish a resilient defense against cyber threats while fostering a secure and productive working environment.

Identity Security Clinic: Securing Developers Beyond Standing Access

Watch to learn how we can help your organization secure IT admins and developers with breakthrough capabilities for Zero Standing Privileges and secure high-risk access for IT teams across all environments. CyberArk provides foundational PAM controls, modern session management to cloud workloads, JIT access with ZSP, and enables engineering velocity and efficiency through native user controls.

Securing Admins, Engineers and Developers in Digital Native Businesses

The European Union’s updated Network and Information Systems Directive (NIS2) comes into effect in October 2024. Ensuring best practice governance and reducing exposure to cyber-attacks are top business priorities right now, so following this legislation is a non-negotiable for those who want to protect themselves.

You should start by taking these steps towards compliance. Register for this webinar to learn more about:

Understanding more about the impact of NIS2 on your business
Learning about what other companies are doing for NIS2
Getting guidance on how your organization can be compliant.

Powered By CyberArk: Showing Companies How to Achieve NIS2 Compliance

Watch as we discuss how privileged access manangement (PAM) and identity security come together to meet the rigorous demands of audit and compliance in today's stringent regulatory environment. We will discuss the key principles of PAM and identity security to quickly reduce risk of high-risk accounts, applying security controls to meet cyber insurance requirements, and tips for building a proactive compliance program so your organization is audit-ready.

Building an Audit-Ready Proactive Compliance Program

To effectively protect your organization’s critical systems and sensitive data, it’s imperative to consider the full spectrum of identities, both human and machine, with access to a growing ecosystem of infrastructure and applications.   

It’s equally important to correlate controls with the levels of risk an identity poses to your organization should their access be compromised. In this session, we focus on this correlation and explain how to effectively apply and enforce dynamic and adaptive controls, such as just-in-time access with zero standing privileges.

Five Privilege Controls Essential for Identity Security

The rise of open source software was fast and furious – “free” software that was easy to try, customize, demo and build on…what could be better? But along the way, the challenges and hard truths with OSS have begun to raise their ugly heads. It requires a large dev staff to maintain and support; can often lead to sticker shock owing to expensive upgrades for key features along with a complex migration or upgrade path; not to mention security and maintenance concerns.

It’s no wonder that companies like Hashicorp have begun pivoting out from underneath their OSS licensing models. But the resultant there is broken trust and misaligned expectations between vendors and customers.

So what’s a company to do? Join CyberArk as we demo potential solutions like SaaS and recommended actions to protect your enterprise as OSS continues to evolve.

OSS Changes Got You Down? Could SaaS be the Solution?

If your business leverages digital technology – and who doesn’t – then securing human access is not enough, attackers will find the weak point. Don’t let it happen to you! In this session you'll learn why you need to secure both your human and machine identities, as well as the applications and workloads they access, along with approaches leading organizations are taking.

Join us to learn why a battle-tested Identity Security solution with the leading solution for secure cloud access and secrets management is best to deliver cyber-risk reduction across human and machine identities. Flexible dev options help accelerate the deployment of digital technologies across cloud and hybrid environments: a win for security and a win for the business.

Why Just Securing Human Identities Is Not Enough

"• Enterprise have struggled to deliver remote secure access to all their enterprise resources generally, even more today with business-critical data in cloud native services and SaaS apps. and secure browsing in particular for both employees and third parties. BYOD and unmanaged devices make this challenge particularly acute. Rise of social engineering identity centric attacks, with session hijacking and cookie-stealing attacks has further exacerbated this challenge. In this world, striking a balance security and productivity is critical, and the key to doing that is the paradigm of identity-centric secure browsing.  This webinar discusses enterprise secure access challenges, the security threats, and how identity-centric secure browsing helps solve these challenges. "

Secure Browser: Bringing Identity Security to the Endpoint

Watch to learn about different types of high-risk and administrative accounts, and the best practices to secure these human and non-human identities. Protecting access to critical systems and extending these controls to secure an evolving landscape is critical. We will discuss foundational principles, best practices for securing access to accounts with persistent access, how zero-standing privileges (ZSP) and just-in-time (JIT) reduces risk of credential theft past the principle of least privilege, and how to secure identities that are becoming frequent targets of attackers.

The Who's Who of IT Admins and How to Secure Them

Listen in on a fireside chat with CyberArk’s experts working on the front lines of today’s threat landscape. They share insights that will help you identify and bridge gaps in your defense. In this conversation led by CyberArk Labs, we will explore what threat actors are doing in the wild today, and how CyberArk’s Red Team emulates these attacks and bypasses detection. You’ll also get behind-the-scenes insights on how an Incident Response team helps organizations remove the threat actors and recover by rebuilding trust with identity security.

Tales from the Trenches: A Fireside Chat with CyberArk's Incident Response

Identity threats are rapidly evolving, rendering traditional access management inadequate. The surge in SaaS applications, cloud use, and remote work has made it more likely for workforce users to have admin rights formerly exclusive to IT admins. Users with such privileges face constant risks as attackers exploit identities to breach and navigate enterprise networks. To counter this, organizations must implement additional controls tailored to the specific actions, applications, or data accessed—both at login and beyond—to enhance workforce security. Watch CyberArk experts as they delve into these foundational controls, also known as Intelligent Privilege Controls, and share how you can easily apply them across your workforce to safeguard users navigating the intricate risk spectrum in their daily activities.

Securing the Modern Workforce: The Power of Intelligent Privilege Controls

The age of AI is shining a light on the most vulnerable identities within organizations. At the top of this list: developers. They're one of the most valuable assets for digital enterprises. Attackers know this. Initial access to a developer's credentials, an organization's repository, or secrets management leaves your company exposed. In this webinar, join CyberArk to discuss the changing cloud landscape and how it's created new circumstances and attack methods for developers--and what to do to about it.

You'll learn:
• Different methods of risk reduction to equip your security team to protect your organization
• How to maintain velocity of deployments without sacrificing security with zero standing privileges
• The T.E.A. on securing your cloud estate.

Securing Developers by  Closing Credential Security Gaps

Strengthening Your Security Perimeter to Shut Down Identity-Based Attacks

Manage Workforce Passwords Seamlessly Across the Enterprise

Going Passwordless for Enterprises Key Considerations for Success

Mitigate Your Risk with Six Steps and New CyberArk HAR Tool

3 Easy Ways to Automate PAM for a Huge Impact

From Foundational to Exceptional: Best Practices for Access Management

Better Security with Threat Response Automation

The Path to Secure HR-Driven Employee Lifecycle Management

You Have a Password Management Problem.  Let's Solve It.

Beyond the Login: Security First IAM

On September 11 threat actors initiated a social engineering attack that led to the near shutdown of MGM Resorts International.  This attack highlights the importance of deploying a wide variety of robust security measures and best practices in an organization’s strategy for protecting identities, especially those that are highly privileged.
CyberArk resident experts, Khizar Sultan and Andy Thompson, examine the root causes and lessons learned from the MGM Resorts attack based on publicly available sources. They also provide insights into properly implementing effective security measures and highlight the consequences of failing to do so.

Anatomy of the MGM Hack: A CyberArk Labs Perspective

Hackers

Data Breach

Cyber Threats

Risk Mitigation

Identity Security

Endpoint Privilege Management

Protecting Data

Security

Best Practice

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Anatomy of the MGM Hack: A CyberArk Labs Perspective

Presented by

About this talk

More from this channel