Name: The MITRE ATT&CK for ICS Framework... And What to do About it
Start: 2023-12-18T16:00:00Z
End: 2023-12-18T16:00:59.000Z
Location: BrightTALK
Rating: 4.7

Tenable®, Inc. is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at www.tenable.com.

As cyber threats against operational technology and critical infrastructure grow more sophisticated, traditional security tools leave dangerous blind spots. For guidance on effectively addressing this challenge, check out this on-demand webinar exploring a unified approach to managing cyber exposures.

During the session, Tenable experts share ways to uncover and close attack paths before breaches begin, prioritize real risks over theoretical ones, and better align security and business objectives to protect your organization more effectively. Key takeaways will include:

>> Getting the attacker's view: Identify hidden vulnerabilities and attack paths that put cyber-physical systems at risk
>> Moving from reactive to proactive: Use AI-powered insights to stop threats before they materialize
>> Optimizing security investments: Align remediation priorities with business impact to maximize ROI

How to protect cyber-physical systems and uncover hidden risks with exposure management

Addressing the escalating cybersecurity risks for K-12 and higher education with resource-conscious, effective solutions from Tenable.
Educational institutions, from K-12 to colleges and universities, face growing cyber threats that can compromise student data, disrupt operations, and strain already limited resources. In this on-demand webinar, Tenable shares insights into how you can use risk-based exposure management to support the unique cybersecurity needs of educational institutions.

Led by Joseph Decker, a Tenable education-sector expert, this session covers:

>> Strategies to manage decentralized, multi-campus IT environments while optimizing resources
>> Best practices for reducing third-party and vendor-related cyber risks
>> Insights into securing legacy systems and infrastructure against modern threats

More secure schools: how a risk-based cyber strategy can make a difference

The Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), in cooperation with CISA, the NSA, Canadian Centre for Cyber Security (CCCS), United Kingdom National Cyber Security Centre (NCSC-UK), and New Zealand National Cyber Security Centre (NCSC-NZ) recently recommended strategies to mitigate 17 attack techniques used by adversaries and malicious actors to compromise Active Directory (AD).

Join Tenable AD security experts Tim Oroszi and Bradford Eadie for this on-demand webinar to learn how you can detect and mitigate 16 of these threats using Tenable Identity Exposure.

Detect and mitigate 16 widely deployed Active Directory compromises

Led by Tenable Cloud researcher Ari Eitan, and cloud security expert Lior Zatlavi, this on-demand webinar breaks down findings from the Tenable Cloud Risk Report 2024 and shares actionable steps to strengthen your organization’s cloud security in the year ahead. Topics covered will include:

>> Key findings, from the high-risk use of access keys to unmitigated vulnerabilities and publicly accessible Kubernetes API servers
>> Implications of the toxic cloud trilogy found in 38% of workloads
>> Practical tips, practices, and tooling for protecting your organization from these cloud risks and others

Empower Your 2025 Cloud Security Planning with Tenable's Data Insights

Check out this on-demand Tenable webinar exploring a unified approach to cloud security that breaks down silos to protect your entire cloud stack, including data and AI resources.

Know Your Exposure: Is Your Cloud Data Secure in the Age of AI?

Learn how to leverage the latest enterprise risk management technologies and frameworks, including S.E.R.F. and R.A.I.S.E., to empower corporate leaders with actionable insight into your organization’s security posture.

How to Effectively Communicate OT/IoT Risk Across the Enterprise

Discover how Cloud Infrastructure Entitlement Management (CIEM) can transform your cloud security posture.
In the ever-evolving landscape of cloud security, managing identities and entitlements is the key to protecting your organization's sensitive data. Check out this on-demand webinar to explore how CIEM, as part of a unified CNAPP, can help you gain control, reduce risk, and streamline your cloud security efforts.

Through discussion and demonstration, this webinar will help you gain:

* A clear roadmap to achieve deep multi-cloud visibility and continuous discovery
* Strategies to streamline risk analysis and auto-remediate excess permissions
* Practical tips for enforcing compliance and least privilege access

Cloud Security's Blind Spot: Are You Overlooking Identity?

Gain insights to help you overcome complexity and better discover, prioritize, remediate, and report on your organization’s cloud security posture.
Widespread adoption of public cloud services is the norm. To do your job effectively, you need to reduce security risks, stay a step ahead of constantly changing tech, and ensure you meet compliance obligations of your org’s increasingly complex cloud environment.

Let’s help you make that happen. Check out this on-demand webinar exploring the benefits of agentless cloud-native vulnerability management, and offering guidance for extending your vulnerability management strategy to the cloud using unified security tooling.

By watching, you will learn about:

>> Reducing alert overload by using toxic combinations to identify which vulnerabilities pose the greatest threat
>> Accelerating response time by identifying and remediating threats using automated processes
>> How Tenable Cloud Security enables holistic workload protection and vulnerability management that bridge the skills gap between IT, cloud, and cyber teams

A Cyber Pro's Guide to Cloud-Native Vulnerability Management: Start, Scale, and Secure with Confidence

Join us to find out how Tenable helps you effectively identify and fix the vulnerabilities creating the most risk for your enterprise.
Feeling overwhelmed by the sheer number of vulnerabilities impacting your organization? You’re not alone. With over 28,000 vulnerabilities recorded so far this year alone, it’s easy to feel buried. But here’s the good news: only 3.2% of those vulnerabilities truly matter.

Check out this on-demand webinar for insights into Tenable's latest research. We’ll also review ways you can leverage the Tenable Vulnerability Priority Rating (VPR), Vulnerability Intelligence, and Exposure Response to focus your efforts where they count the most.

>> Discover how to identify the 3.2% of vulnerabilities that are true threats to your organization.
>> Gain actionable insights from real-world data to reduce risk and improve your security posture.
>> How Tenable Vulnerability Management lets you focus on the most harmful risks in your ecosystem more effectively

Focus Where It Counts: Prioritizing the 3% of Vulnerabilities that Matter Most

Learn how Tenable Cloud Security reduces complexity to enable robust protection for your containers and Kubernetes deployments.
As containers and Kubernetes become more prevalent, so does the complexity of ensuring their security. To help you overcome this challenge, check out this on-demand webinar exploring how Tenable Cloud Security enables robust protection for your containerized workloads, as part of an overall cloud security strategy.

Led by Lior Zatlavi, Director, Cloud Security Advocacy, by attending this on-demand webinar you will:

>> Learn to implement comprehensive vulnerability management for containers from build to runtime.
>> Gain insights into customizing security policies and managing containerized cloud deployments with precision.

Ready to Boost Your Container Security Confidence? Tenable Experts Explain How

Understanding and mitigating emerging risks to secure your cloud infrastructure more effectively.
The recent discovery of the critical remote code execution (RCE) vulnerability "CloudImposer" in Google Cloud Platform (GCP) workloads by Tenable Research highlights the pressing issue of supply chain vulnerabilities in the cloud. With millions of servers at risk and third-party code in IaC tools under scrutiny, knowing who's responsible and how to defend your cloud environments is vital. Let’s help you make that happen.

Check out this on-demand webinar for an in-depth exploration of these emerging risks. You will also gain insight into how Tenable Research works, the team’s recent discoveries, and practical mitigation strategies to protect your cloud infrastructure.

Uncover Hidden Threats: Tenable Research Reveals Cloud Supply Chain Risks

Join Tenable experts to learn how easy it is to set up and scale Tenable Cloud Security to continually assess, report on, and strengthen your organization’s cloud security posture.

Through discussion and demonstration, this on-demand webinar covers:

>> How to overcome common cloud security operational challenges
>> Tenable’s approach to discovering and developing a deployment plan that addresses your organization’s needs and workflows
>> Demonstration of key Tenable Cloud Security capabilities

The First 90 Days of a CNAPP: Effectively Operationalizing Security In Multi- and Hybrid-Cloud Environments

Results from our global 2024 Cloud Security Outlook study are out! In the past 18 months, 95% of organizations surveyed had cloud-related breaches, and many were harmed by exposed sensitive data. To gain insight into the report findings, as well as real-world innovations that can make your enterprise's cloud security investments more effective, join our team of cloud security experts to explore:

>> Best practices to reduce the risk of cloud data breaches
>> How to strengthen the weakest link in your cloud security environment
>> Top key performance indicators (KPIs) that organizations are using to show the return on their security investments

Tenable Cloud Security Outlook Report 2024

Water and wastewater utilities are critical to public health and safety. Recognizing the ever-present and evolving nature of cyber threats, state, and local government agencies need to prioritize the security of water systems and protect these vital services from disruption. 

You can elevate your cybersecurity knowledge and capabilities by checking out this expert-led on-demand webinar, providing actionable insights and strategies for public-sector water utilities.

Topics covered:

>> A brief review of the threat landscape targeting the water sector
>> Regulation, legislation, and funding opportunities
>> Best practices and proactive measures to bolster your cybersecurity resilience and protect your operations
>> How Tenable OT Security helps strengthen your cyber defenses and safeguard your services

Safeguarding Your Water Utility: Tenable Experts Share Cybersecurity Insights

Learn how Tenable Cloud Security helps you implement AWS security best practices and reduce risk across even the most complex environments.
Are you looking to strengthen the security and boost the compliance of your AWS deployments? Join Lior Zatlavi, Director of Cloud Security Advocacy at Tenable, for an insightful webinar sharing practical guidance and best practices for securing your AWS environment.

During this on-demand webinar, Lior reviews key concepts from understanding the shared responsibility model to governing and reporting on compliance frameworks such as the AWS Well-Architected, covering:

>> Implementing robust access controls and identity management best practices
>> Enhancing visibility and monitoring capabilities to better detect and respond to security incidents and maintain compliance
>> Identifying and preventing common misconfigurations and security pitfalls
>> How Tenable Cloud Security effectively automates and simplifies AWS security best practices and compliance efforts

Secure Your AWS Environment with Confidence

Learn how to develop a comprehensive vulnerability management program that balances operational continuity with risk reduction.

Vulnerabilities are inevitable in complex operational technology (OT) environments. While patching and remediation are ideal, some vulnerabilities may remain unaddressed due to operational constraints, legacy systems, or vendor limitations.

Join us for this on-demand episode of “In The Lab with Tenable OT Security” to explore effective strategies for mitigating risks from vulnerabilities that cannot be immediately remediated. Topics covered include:

>> Identifying and prioritizing non-remediable vulnerabilities in your OT environment using Tenable OT Security
>> Understanding the potential operational impact and risk exposure of these vulnerabilities
>> Implementing compensating controls and mitigation techniques to reduce attack surface and exploitation risk
>> Developing comprehensive vulnerability management programs aligning with best practices, and compliance requirements, and balancing operational continuity with risk reduction

Risk Mitigation When You Cannot Remediate Vulnerabilities On Critical OT Systems

The Tenable OT Security integration with Splunk provides deeper visibility into OT assets, vulnerabilities, and threats, enabling more informed risk assessment and faster, more effective incident investigation and response. For guidance on making this happen, check out this on-demand webinar with experts from Tenable and Splunk exploring the capabilities and benefits of the integrated Tenable OT Security and Splunk solution.

Topics covered:

>> Achieving comprehensive visibility and asset inventory across your organization’s entire IT-OT attack surface
>> Enhanced security monitoring, risk-based decision-making, and incident investigation and response
>> Streamlined compliance monitoring and reporting for requirements of NERC CIP and common regulations and frameworks

Splunk & Tenable Optimize Security Across Your IT/OT Enterprise Attack Surface

Conventional wisdom suggests larger budgets and staff equate to greater security. In practice, these investments are often made in silos, leading to fragmented visibility across the attack surface. Lacking the attacker’s perspective, teams can be inundated by alert noise, making it hard to see the forest through the trees. So, how can you optimize outcomes from cyber investments to deliver measurable improvements in risk posture?

For answers, check out this on-demand webinar hosted by Tenable's Director of Exposure Management, Pierre Coyne, and Manager, Security Engineering, Michael Morgan. Topics covered include:

>> The limitations of siloed security and how threat actors exploit them
>> Five steps to improve visibility and prioritization across traditionally siloed security programs, including vulnerability, cloud, web, identity, and OT
>> Approaches to align cyber spend and resources to business goals
>> Key indicators that will help you drive measurable exposure reduction

5 Steps to Help You Optimize Prioritization and Disrupt Attack Paths

For organizations reliant on operational technologies, one of the important threat detection frameworks is MITRE ATT&CK® for ICS. Based on real actions exhibited by threat actors, MITRE ATT&CK for ICS is a variant of the enterprise and mobile ATT&CK matrices, and is regularly updated to reflect the latest adversary behaviors.

Join Dick Bussiere for this on-demand webinar to learn the techniques attackers use to compromise OT infrastructures. By understanding the techniques, you can proactively bolster your security posture with Tenable.ot. Through discussion and demonstration, the session will explore:

> Using MITRE to think like an attacker and become more proactive
> Ways to incorporate MITRE ATT&CK for ICS into your overall OT security workflows
> How Tenable.ot maps to the ATT&CK techniques and tactics

The MITRE ATT&CK for ICS Framework... And What to do About it

MITRE ATT&CK for ICS

Operational Technology

SCADA

Industrial Cyber Security

Cybersecurity

Industrial Control Systems

Critical Infrastructure

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The data center management community focuses on the holistic management and optimization of the data center. From technologies such as virtualization and cloud computing to data center design, colocation, energy efficiency and monitoring, the BrightTALK data center management community provides the most up-to-date and engaging content from industry experts to better your infrastructure and operations. Engage with a community of your peers and industry experts by asking questions, rating presentations and participating in polls during webinars, all while you gain insight that will help you transform your infrastructure into a next generation data center.

Data Center Management

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The MITRE ATT&CK for ICS Framework... And What to do About it

Presented by

About this talk

More from this channel