Name: Securing the Software Supply Chain with Code Signing
Start: 2024-04-05T15:23:00Z
End: 2024-04-05T15:23:35.000Z
Location: BrightTALK
Rating: 0

We are the world's leading provider of applied cryptography.
Over 100 Fortune 500 corporations have sought our help in protecting their most sensitive data and solving the most complex problems. Through our products and professional services, you can strengthen your ability to protect cryptographic keys, digital certificates, software code signing, Certificate Lifecycle management, and more. We are committed to staying up-to-date with the latest technology trends, compliances, and best practices in data security, and we leverage this expertise to help our clients achieve their security goals.

In this session, discover how automating encryption can simplify security management for application and SaaS providers. We’ll explore the technical challenges and solutions for seamlessly integrating encryption into your workflows, ensuring data protection at every stage. Learn best practices for automating key management, encryption processes, and compliance monitoring to secure sensitive data without disrupting operations. Real-world use cases will highlight successful implementations of automated encryption that reduced complexity and enhanced security for leading SaaS providers.

EC-Conference2024: Automating Encryption, A Guide for Application and SaaS Providers

This session provides a detailed overview of the FIPS 140-2 and FIPS 140-3 frameworks, focusing on security requirements, levels, and key changes. Learn how to navigate the implementation process, understand critical terminologies, and prepare for FIPS 140-3 compliance.
 
Key Takeaways:
- Overview of FIPS 140-2 and FIPS 140-3 standards
- Key differences and changes introduced in FIPS 140-3
- Understanding security levels and scope of requirements
- Steps for transitioning from FIPS 140-2 to FIPS 140-3
- Practical insights for ensuring cryptographic compliance and security

EC-Conference2024: Transitioning from FIPS 140-2 to FIPS 140-3, What You Need to Know

The migration of existing use cases to PQC is challenging the whole industry. There are general recommendations from industry committees and governmental institutions.  For example, the CNSA 2.0 constitutes concrete requirements for dedicated use cases starting in 2025.  The preferred PQC algorithms for long-term use cases like firmware signing are the so-called “stateful hash-based signatures.  These algorithms, i.e. LMS/HSS and XMSS/XMSS-MT, were standardized by NIST in 2020.  Utimaco will present  “OTS-preserving framework” for secure deployment and operating of these algorithms in Hardware Security Modules (HSM) in distributed systems and offline scenarios. Utimaco will outline the design criteria of this framework in real-world distributed environments, describe the proposed OTS-preserving framework, its implementation status, and its discussion within the PQC community, including with NIST, and conclude by presenting a customer implementation.  This will highlight the state handling challenge and how an ideal solution should look like to allow a smooth transition into the PQC era.

EC-Conference2024: Overcoming PQC Migration Challenges with Stateful Hash-Based Signatures and Secure Deployment in HSMs

Cryptography is now a hard requirement for many internal security policies and regulations such as PCI-DSS. However, due to silos inside an enterprise’s hyper-dynamic infrastructure, it’s difficult for security and compliance teams to deploy and evaluate encryption effectively.

In this session, we discuss real-world challenges and solutions for compliance use cases such as:

- Building an inventory and assess the risks of your cryptographic assets including PQC readiness
- Large-scale file-level encryption

EC-Conference2024: Taming the Crypto Chaos Across Hybrid Multicloud for Compliance

In our session, we will share insights on the FIPS standards for quantum-safe algorithms and their usage on HSMs. We will take you through all the coming changes to PKCS#11 and compare some speeds when using ML-DSA compared to other algorithms.

EC-Conference2024: Quantum-Safe Cryptography and HSMs FIPS Standards PKCS#11 Updates and ML-DSA Performance Insights

Explore the essential role of code-signing in regulatory compliance, covering key requirements like GDPR, HIPAA, and supply chain security. Learn how code-signing protects software integrity and helps organizations meet compliance standards. This session will also highlight best practices for implementing secure, automated code-signing processes and showcase real-life success stories from companies that have effectively used code-signing to streamline operations and ensure compliance.

EC-Conference2024: Your Roadmap to Code-Signing Compliance

Protecting data in applications instead of in storage can reduce attack vectors and improve overall data security, but it can be messy and impractical for most enterprises. What if it wasn’t? Learn about specific architectures that abstract how data is protected, centralize data protection policy controls, and deliver the crypto-agility needed to adapt data protection over time without expensive rework.

AUDIENCE TAKEAWAYS
1. Understand the data security gaps that traditional storage security does not address and benefits of protecting data in applications.

2. Understand the challenges of trying to interweave data security into applications that can drive complexity and implementation cost and lead to higher total cost of ownership.

3. Conduct ways to deliver robust data protection and privacy using a variety of techniques in conjunction with architectures that reduce complexities, implementation times, and overall costs.

EC-Conference2024: Thinking Differently About How and Where to Protect Sensitive Data

The goal of this session is to equip the attendees with the perspectives to consider when analyzing the risks in the Gen-AI/AGI space and the mitigation approaches. We will start by identifying the threats and risks from a different lens that accounts for the impacts on our professional and personal lives and how they may be intertwined. We will then walk through analytical methods to identify and implement mitigating controls. We will conclude with some example scenarios and sample mitigation options, one of which will be about leveraging the Gen-AI/AGI tools and the advances in technology to combat the threats from the same.

Gen-AI/AGI - How have these technological advances changed cybersecurity risk identification and mitigation approaches?

Join us for a session on the critical aspects of PKI and certificate management. Discover why a professional PKI health check and assessment are essential for maintaining a secure PKI environment. Learn about effective Certificate Lifecycle Management practices and why choosing the right certificate automation tool is crucial for streamlining operations and minimizing risks. Get valuable insights and practical strategies to ensure your PKI system is resilient, efficient, and ready for the future.

EC-Conference2024: Optimizing PKI & Certificate Management with Health Checks & Automation Tools

With the increase of constant threats and risks, now’s the time to get your house in order for Post-Quantum Cryptography. This session will highlight these increased risks and outline how to effectively counter against evolving threats with strategic and tactical steps of a PQC readiness plan. This session will also identify some of the challenges affecting today’s PKI, Code Signing, IoT, and TLS. To conclude, real-world strategies will be presented to provide the audience with present examples for a pragmatic & successful PQC migration plan that includes identification and testing against your priority enterprise applications and infrastructure.

Get your PQC Readiness Plan in Gear: How to Develop a Practical Plan

Join us for a session where we introduce our very own Generative AI solution for applied cryptography and we will take you through our innovative on-demand training platform and certifications. Experience firsthand the latest developments in our flagship products: Certificate Lifecycle Management Solution, CertSecure Manager and Code-Signing Solution, CodeSign Secure. Discover how CertSecure Manager now supports multi-cloud environments and learn about the new Apple signing capabilities in CodeSign Secure. Plus, get a complete overview of all our recent product advancements and future enhancements.

EC-Conference2024: Keynote Session

What if your security ecosystem was always ready to take on new threats and regulations that are constantly changing? Our webinar will explore common security gaps you need to be aware of and focus on protecting data from its core and everywhere across the organization. The session will examine best practices and technologies that will help you create a secure data infrastructure now, and in the future, so your organization is always prepared for the sophisticated threats.
Join Prime Factors Director of Product Management, Juan Asenjo and Encryption Consulting Security Architect, Parnashree Saha to hear insights on how to assess your data infrastructure and implement protection measures that will help you prepare for the threats of tomorrow and meet all the necessary compliance requirements. 

Join the webinar and learn:
- How you can identify your data security gaps?
- Why data-centric security is important?
- What application-level data protection means for your organization?
- Where to deploy it to enhance the security of your infrastructure?

Building a Data-Centric Secure Ecosystem

Join us to explore the critical role of code signing in enterprise cybersecurity strategies. Learn how code signing enhances trust, protects customer data, and protects brand integrity through secure software validation. With the rapid growth of digital signing driven by regulatory requirements and the rising need for security measures, it’s important to protect your organization from cyber threats. Our webinar will share insights on the impact of cyber incidents, effective strategies you can take into consideration, and what a well-defined code-signing process and practices look like for organizations. 
 
Key Takeaways:
- Discover how to implement effective code signing strategies to mitigate supply chain risks and unauthorized code distribution.
- Importance of regular certificate updates, auditing, and logging for maintaining compliance.
- The need for investing in code signing solutions to reduce costs and enhance security
- Enhanced security measures you can take through code signing that organizations can take to build customer confidence.
- Learn about digital signing of applications, firmware, and software that is driven by regulatory requirements and customer demands.
- How to properly manage and protect digital identities to prevent malicious use of software assets.
- Understand the potential ramifications of attacks exploiting insecure code signing..
- Common issues and threats related to code signing and how to address them.
- Explore common business risks of insecure code signing and how to effectively mitigate them
- Discover how to meet code signing requirements for enhanced security and compliance.

Securing The Enterprise with Code Signing Strategies for Protecting Client Data and Enhancing Trust

As organizations grow, so does their demand for digital certificates. Managing the lifecycle of these digital certificates is extremely important for maintaining the security and integrity of your organization’s data and communications. However manually managing certificates is not only time-consuming but also prone to human error, leading to potential security risks and costly certificate outages. Join our webinar to learn how automating PKI can help your Certificate Lifecycle Management (CLM) System. Our webinar will discuss the challenges of traditional certificate management and illustrate how automation can enhance efficiency, increase security, and ensure compliance.

Key Takeaways:
- Identify common pitfalls in manual certificate management that can lead to security vulnerabilities.
- Learn how automated certificate workflows can significantly mitigate human errors.
- Gain insights into the best practices for a smooth transition to automated certificate management.
- Learn how automated CLM can help ensure compliance with industry regulations and standards.
- Discover how to reduce operational costs through streamlined certificate management processes.
- Understand the importance of real-time monitoring and alerting in an automated CLM system.
- See how automation can help in managing certificates across diverse platforms and environments.
- Understand the role of PKI automation in supporting a zero-trust security framework.

Building a Resilient Certificate Lifecycle Management System with PKI Automation

2024 is moving quickly and across the globe, Post-Quantum Cryptography awareness is skyrocketing. With the increasing volume of ecosystem options available and emerging, now is the time to identify and test your priority enterprise applications and use cases. After identifying and highlighting some of the key challenges for PKI, Code Signing, IoT, and TLS use cases, this session will highlight real-life strategies already implemented to provide attendees with concrete examples for building & leveraging a PQC readiness plan. Most importantly, attendees will leave with a set of pragmatic steps for planning, budgeting, and communicating a Post-Quantum Cryptography (PQC) strategy.

PQC Readiness for 2024! How and why procrastination will only cause problems

Discover the latest NIST 2.0 Cybersecurity Framework and its enhanced potential to advocate on best practices followed to strengthen the encryption standards and cybersecurity posture, irrespective of the maturity level and technical sophistication of an organization’s cybersecurity programs. Providing a brief overview of what has changed from NIST framework Version 1.1 to Version 2.0 and how Encryption Consulting can help in verifying that your encryption standards comply with industry standards and best practices and NIST 2.0 cybersecurity framework.

NIST 2.0 Cybersecurity Compliance

Join us as we explore Google's decision to distrust Entrust's SSL certificates and its impact on online security. We cover the reasons behind Google's move, Mozilla's follow-up decision, and the implications for organizations. We also provide guidance on reissuing certificates, managing transitions, and how Encryption Consulting can help with migration strategies to ensure a secure and smooth transition.

Your Guide to Public CA Migration

In this eye-opening video, we delve into the looming threat posed by quantum computers to our current cryptographic systems. With the rapid advancement of quantum computing technology, the security of our digital infrastructure faces a critical challenge. Traditional encryption methods that safeguard our sensitive information could become obsolete in the face of quantum attacks, potentially leading to devastating breaches of privacy and security.
Join us as we explore the urgent need for quantum-resistant cryptography. We'll unravel the complexities of quantum computing and its implications for encryption, discussing the vulnerabilities of existing cryptographic algorithms and the pressing need for robust alternatives. From the potential impact on financial transactions to the security of government communications and personal data, the ramifications of ignoring this imminent threat are immense.

Why Quantum-resistant cryptography is an urgent need

In this webinar, Riley Dickens - a consultant with Encryption Consulting, will explore the benefits of code signing and how it can be used to secure the software supply chain. He will discuss the different types of code-signing certificates available and how they can be used to sign various types of software, including executables, drivers, and scripts. He will also cover best practices for implementing code signing in your organization and how to manage your code signing certificates. 

Key points his webinar discusses: 

- The importance of secure software supply chains 
- How code signing works and the different types of code signing certificates available 
- Best practices for implementing code signing in your organization 
- How to manage your code signing certificates and keep them secure 
- Real-world examples of code signing in action and how it has helped organizations prevent software supply chain attacks 

By the end of this webinar, you will have a better understanding of how code signing can help protect your organization from software supply chain attacks and how to implement it effectively. 

Questions Answered:
1. Where and when do you recommend code signing? Similarly, where and when do you recommend verifying the signed artifact?

2. How can organizations ensure that their code signing practices are compliant with industry standards and regulations? 

3. You mention a number of risks and threats to code signing, is it still safe to use even though there are so many risks involved?

Securing the Software Supply Chain with Code Signing

Code Sign

Code Signing

Supply Chain

Supply Chain Security

Code Verification

Code Integrity

Digital Signature

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Securing the Software Supply Chain with Code Signing

Presented by

About this talk

More from this channel