Name: Threat Prevention Anchored by Strong Security Hygiene and Posture Management
Start: 2022-05-16T15:00:00Z
End: 2022-05-16T15:00:20.000Z
Location: BrightTALK
Rating: 4.3

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

In the ever-evolving landscape of DevOps, the paradigm is now shifting - where security is taking the central stage. With vast surface areas including containers, cloud, repositories and third-party components, cyber threats became more prominent than ever before in DevOps.

This presentation will delve into the evolution from traditional DevOps to the advanced usage of artificial intelligence (AI) technologies to automate and optimize the software development and delivery processes. This includes automating code scanning, testing and deployment processes while eliminating the threats in each possible way in the cycle. 

In this session, join Jyotirmayee Pradeep Kumar (Vice President - Cloud DevOps at a well-known global bank) as she unravels the stages of integration of AI at each phase of DevOps. Topics for discussion include:
- Types of AI used in DevOps. 
- Benefits of using AI in DevOps.
- Implementation of AI in DevOps.
- Best practices for using AI in DevOps.
- Eliminating security threats using AI in DevOps.

Security Risks to Consider with AI Integration: AI in DevOps

In a world where the vast majority of cyber attacks leverage access-based methods to gain entry to an organization's resources, how can you be sure your organization remains secure?

This session explores best practices for ensuring all employees have the access they need, while ensuring that access is revoked promptly when they no longer need it. It starts with the reality that most enterprises have grown to large to rely on manual efforts, needing a combination of identity access management tools, implemented appropriately, and includes:

- The importance of creating a role-based access provisioning program that follows employees through their entire organizational lifecycle, from onboarding, through job changes, transfers and eventually, separation from the organization
- Automating and integrating the need for privileged access with the organization's change management process 

Be prepared for a primer in how to get started on this journey and make it successful over the long term.

Stay Safe: Managing Employee Access from Cradle to Grave

As organizations grow and evolve, the proliferation of disparate identity and access management (IAM) systems can create significant security vulnerabilities. Centralizing IAM is essential to mitigate these risks, but it presents challenges such as designing seamless interfaces and accommodating the dynamic needs of the business.

In this session, Vincent Amanyi (Founder, Boleam Inc) shares strategies to reduce fragmentation and centralize IAM systems using single sign-on (SSO) and role-based access control (RBAC). He will explore key internal and external considerations for developing comprehensive IAM policies that align with business evolution and industry changes.

Key Takeaways
- Optimize IAM Policies: Gain insights into the dynamic components of your organization's information access and learn how to support robust IAM policies.
- Foundation for Growth: Learn how to establish a strong foundation for managing identity risks in a rapidly evolving business landscape, especially during mergers and acquisitions.
- Risk Management: Understand how to identify gaps and effectively manage IAM sprawl risks to ensure a secure and compliant environment.

Mastering Identity Sprawl: Centralizing IAM for Enhanced Security

Remote and hybrid work remains a mainstay of most work environments post COVID-19 pandemic. Contrary to initial worries, the much-hyped IT security issues that most people dreaded from a remote and hybrid work setting did not adversely impact their organizations. This is due to the robust application of relevant IT governance, risk and compliance or IT GRC frameworks. 

In this presentation, Ralph Villanueva will speak about some of these frameworks, and why weaving them together can act like a protective web around the remote and hybrid IT ecosystem of the organization.

Applying IT GRC Solutions to Remote and Hybrid Work Security Issues

AI tools have been changing the landscape in many fields. The ability to impersonate someone using AI is of concern. Social engineering is a successful method for attackers to gain access to a network, and AI-enhanced social engineering will change the way these types of attacks will be perpetrated and how companies need to defend themselves. 

The presentation from industry thought leader Charles Kolodgy will provide useful insight and information designed to allow you to understand the increasing threat from AI enhanced social engineering and how best to defend against these types of attacks.

Join this discussion to learn:
- A quick understanding of social engineering and why it succeeds.
- Examples of how AI has been used to enhance social engineering attacks.
- What tools and options are available to defense against social engineering, including the use of defensive AI.
- How to evaluate various cybersecurity solutions that can aid in combating AI enhances social engineering.
- The importance of building a strong culture of security to combat social engineering.

Does AI Make Social Engineering Too Easy?

Senior management often has a fundamental question regarding cyberattacks: How would cyberattacks affect our organization?  Business impact analyses (BIA), as they have been performed for decades, are inadequate.  The determination of desired recovery times and recovery points may be meaningless in the face of stolen information and ransomware attacks that reflect what business leaders would like to be done rather than what IT can do.  Moreover, new government rules require analysis and disclosure that necessitate an understanding by executive management of what the impact of a cyberattack would be if an attack were to occur.  This session provides an approach to determining what the impact of a cyberattack would be.

Tune in to this webinar to learn:
- How cyberattacks change the context of BIA.
- What are the potential financial, operational, reputational, regulatory and societal impacts of cyberattacks.
- How to conduct a cyber impact analysis.
- How a cyber impact analysis can drive cyber resilience strategy.

Determining the Impact of Cyberattacks

Ransomware risks has the potency to affect the critical assets of organizations and wreak devastating consequences if left un-checked. This session from consultant and industry thought leader Vincent Amanyi will provide a clear strategy for managing the Ransomware-as-a-Service (RaaS) model effectively to stem better control and establish high entry barrier for cybercriminal.

Key Takeaways
- Understand when to plan and implement ransomware control strategies.
- Definition of process map to incident response plan.
- How to map gap to internal research.

Roadmap to an Iron-Clad Ransomware Defense System

Ransomware continues to be a major source of risk for virtually every industry and vertical in every country. From education, government, and healthcare, to finance, consulting, and manufacturing. For-profit companies are as much a target as not-for-profit. 

The question most CIOs and CISOs are asked by the Board and the Executive Team is, “Are we protected from a ransomware attack?” 

As a security leader, the answer you want to give to that question is, “Yes we are!”

But how do you protect yourself from a ransomware attack? You know you want to do more than have a great 3-2-1 backup strategy. Great backups are table stakes in the ransomware defense playbook. With great backups you can recover quickly from an attack. 

What you really want is to have a way to prevent or at least limit the blast radius if an attack happens. 

A good strategy to reduce the risk of a successful ransomware attack is to implement the family of principals and controls outlined in the NIST Zero Trust Architecture (SP 800-207). 

Remember, the goal of the criminals in a ransomware attack is to steal and encrypt your data. They want to attack the availability leg of our CIA triad, namely the availability of your data. 

In this presentation, industry thought leader John Bruggeman will review the general components of zero trust, review how you can do a readiness assessment that will let you know where you are in your ZT journey, and how a ZT framework reduces your risk of a ransomware attack.

Reinforce Your Data Fortress: How Zero Trust Can Help Reduce Your Risk of a Ransomware Attack

Ransomware attacks are one of the most terrible outcomes of cyber breach. Whether you believe in paying ransom demands or not, you must understand the need for a negotiator in such difficult situation. We will discuss challenges, pitfalls, and factors of success that a ransomware negotiator can bring to crisis.

Key Takeaways:
- Understand components of a ransomware attack.
- Recognize intricacies of ransomware negotiations.
- Avoid mistakes frequently made during ransomware attacks.
- Recognize red flags common during ransomware attacks.

Ransomware Negotiations: Everything You Need to Know

Snippet question: There is a blurring of the lines between CISOs and Chief Data Officers, or CDOs: With the roles of CISOs and Chief Data Officers (CDOs) increasingly overlapping, particularly in the realm of data protection and recent breaches, there can be friction despite a shared goal of safeguarding enterprise assets. Toby, what are some of the things your organization is doing to stay aligned around data security?

Black Hat 2024 Snippet Video with Toby Foss, Senior Director of Information Security, Informatica

Snippet question: How have you managed or improved the relationship with your CDO? Where do you find a win-win?

Black Hat 2024 Snippet Video with Brett Price, Lead Cybersecurity Consultant, vCISO, AccessIT Group

Snippet question: The convergence of data and security - Does the CDO become the new CD+SO?

Black Hat 2024 Snippet Video with Matt Murphy, Lead DevSecOps Engineer & Cyber Security Architect, Beyond Finance

Snippet question: What does LevelBlue’s latest report reveal about how the C-Suite sees cyber resilience?

Black Hat 2024 Snippet Video with Theresa Lanowitz, Chief Evangelist, LevelBlue

Snippet question: What do you predict will be the most significant change in the Application Security (AppSec) space, and what do you see as the biggest challenge for companies striving to reach the next level of maturity?

Black Hat 2024 Snippet Video with Boaz Barzel, Evangelist & Director of Technical Enablement, OX Security

Snippet question: What is the most important thing to know about securing your machine identities?

Black Hat 2024 Snippet Video with Uzi Ailon, VP, DevSecOps Solutions, CyberArk

Snippet question: Given the increasing complexity of the software supply chain, what challenges do you believe cause the most pain when trying to mitigate risks and ensure the integrity and security of not only your application portfolio but also the underlying software factory?

Black Hat 2024 Snippet Video with Joe Nicastro, Field CTO, Legit Security

2024 RSA Highlight Reel - Studios

2024 RSA Highlight Reel - TechTarget Editorial

Protecting organization data against cyber attacks, threats and data breaches

How Hackers Compromise the Cloud Control Plane

Get Backup & Running: Ransomware Protection & Recovery in AWS

Don't Become the Next Cautionary Tale: Top Breach Prevention Strategies

Planning Your Application Ecosystem Landscape to Withstand Multi-Layered Attack

The Art of Breach Detection

The Next-Gen SOC: Optimizing to Make the Most of Limited Resources

Understanding Your Attack Surface Through Vulnerability Disclosure

Create secure applications at the speed of DevOps

Key Findings from 2022 Data Threat Report - Global Edition

How to Keep up with the Cyber Threat Landscape

Use bad-guy trends, tactics and techniques against them for effective strategy

Decoding CUI: A Highly Valued Data Type at Risk

Faster Breach Detection

Avoid The Top Five Breach-Inducing Mistakes and Mitigate Log4Shell Risk

The Application Attack Threat Landscape - After Log4J

Fighting Cybercrime in 2022: All for one and one for all

Preventing Database Breaches with Application-Layer Encryption

Redefining Cyber Intelligence: The Shift from Threat to Risk

Trends in Cyber Threats and Top Countermeasures

What are the 3 main stages of Zero Trust and why does it matters to you?

Cyber Threats and Breach Protection

With any cyber-threat prevention strategy, organizations must know the assets connected to their networks, whether these assets are vulnerable to exploitation, and which vulnerable assets should be prioritized for remediation actions. These activities are known collectively as security hygiene and posture management. Unfortunately, organizations often manage these fundamental security best practices haphazardly, opening them up to cyber threats or the ever expanding attack surface. 

In this keynote presentation, ESG Senior Principal Analyst and Fellow, Jon Oltsik, will share new research and discuss the challenges around security hygiene and posture management to explore what companies can do to both address these challenges and establish best practices.

Threat Prevention Anchored by Strong Security Hygiene and Posture Management

Cyber Threats

Cyber Attacks

Attack Vectors

Cyber Incident Response

Threat Intelligence

security hygiene

posture managemenet

Security Breach

Asset Management

Threat Defence

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Threat Prevention Anchored by Strong Security Hygiene and Posture Management

Presented by

About this talk

More from this channel