A-SOC Technical Capabilities:
1- Data collection capabilities and compliance benefits of log management,
2- The correlation, normalization and analysis capabilities of SIEM (security information and event management)
3- The network visibility and advanced threat detection of NBAD (network behavior anomaly detection), and user behavior anomaly detection by machine learning - User Behavior Analytics
4- The ability to reduce breaches and ensure compliance provided by Risk Management,
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
The Verizon Breach Investigation Report (VBIR) is an annual report analyzing cybersecurity incidents based on real-world data. It categorizes incidents and identifies emerging trends, threat actors, motivations, attack vectors, affected industries, common attack patterns, and recommendations. Each report provides the latest insights and data to give organizations a global perspective on evolving cyber threats.
The document summarizes the top 10 cybersecurity risks presented to the board of directors of a manufacturing company. It discusses each risk such as insider threats, cloud security, ransomware attacks, third party risks, and data security. For each risk, it provides the current posture in terms of controls, compliance level, and planned improvements. The CISO and other leaders such as the managing director, finance director, and chief risk officer attended the presentation.
Simplifying data privacy and protection.pdfPriyanka Aash
1) Data is growing exponentially which increases the risk and impact of data breaches, while compliance requirements are also becoming more stringent.
2) IBM Security Guardium helps customers address this by discovering, classifying, and protecting sensitive data across platforms and simplifying compliance.
3) It detects threats in real-time, increases data security accuracy, and reduces the time spent on audits and issue remediation, helping customers minimize the impact of potential data breaches and address local compliance requirements.
Generative AI and Security (1).pptx.pdfPriyanka Aash
Generative AI and Security Testing discusses generative AI, including its definition as a subset of AI focused on generating content similar to human creations. The document outlines the evolution of generative AI from artificial neural networks to modern models like GPT, GANs, and VAEs. It provides examples of different types of generative AI like text, image, audio, and video generation. The document proposes potential uses of generative AI like GPT for security testing tasks such as malware generation, adversarial attack simulation, and penetration testing assistance.
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
The document discusses shifting the focus in cybersecurity from vulnerability management to weakness management and attack surface management. It argues that attacks persist because approaches focus only on software vulnerabilities, while ignoring other weaknesses like technological, people and process weaknesses that expand the potential attack surface. A new approach is needed that takes a holistic view of all weaknesses and continuously monitors the entire attack surface to better prevent attacks.
The document summarizes key aspects of the proposed Digital Personal Data Protection Act 2023 in India, including its scope, definitions, obligations of data fiduciaries, grounds for processing personal data, notice requirements for data principals, and penalties for non-compliance. It outlines categories of entities that would be considered significant data fiduciaries and the additional obligations that would apply to them. The summary also compares some aspects of the proposed Indian law to the General Data Protection Regulation (GDPR) in the European Union.
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
This document discusses cybersecurity threats and SentinelOne's solutions. It begins with questions about an organization's cyber preparedness and budget. It then discusses the cat-and-mouse game between attackers and defenders. The document highlights growing ransomware threats and payments. It argues SentinelOne provides a unified security solution that lowers costs, risks, and complexity while improving detection and response. It shares industry recognition for SentinelOne and concludes by thanking the audience.
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
The Verizon Breach Investigation Report (VBIR) is an annual report analyzing cybersecurity incidents based on real-world data. It categorizes incidents and identifies emerging trends, threat actors, motivations, attack vectors, affected industries, common attack patterns, and recommendations. Each report provides the latest insights and data to give organizations a global perspective on evolving cyber threats.
The document summarizes the top 10 cybersecurity risks presented to the board of directors of a manufacturing company. It discusses each risk such as insider threats, cloud security, ransomware attacks, third party risks, and data security. For each risk, it provides the current posture in terms of controls, compliance level, and planned improvements. The CISO and other leaders such as the managing director, finance director, and chief risk officer attended the presentation.
Simplifying data privacy and protection.pdfPriyanka Aash
1) Data is growing exponentially which increases the risk and impact of data breaches, while compliance requirements are also becoming more stringent.
2) IBM Security Guardium helps customers address this by discovering, classifying, and protecting sensitive data across platforms and simplifying compliance.
3) It detects threats in real-time, increases data security accuracy, and reduces the time spent on audits and issue remediation, helping customers minimize the impact of potential data breaches and address local compliance requirements.
Generative AI and Security (1).pptx.pdfPriyanka Aash
Generative AI and Security Testing discusses generative AI, including its definition as a subset of AI focused on generating content similar to human creations. The document outlines the evolution of generative AI from artificial neural networks to modern models like GPT, GANs, and VAEs. It provides examples of different types of generative AI like text, image, audio, and video generation. The document proposes potential uses of generative AI like GPT for security testing tasks such as malware generation, adversarial attack simulation, and penetration testing assistance.
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfPriyanka Aash
The document discusses shifting the focus in cybersecurity from vulnerability management to weakness management and attack surface management. It argues that attacks persist because approaches focus only on software vulnerabilities, while ignoring other weaknesses like technological, people and process weaknesses that expand the potential attack surface. A new approach is needed that takes a holistic view of all weaknesses and continuously monitors the entire attack surface to better prevent attacks.
The document summarizes key aspects of the proposed Digital Personal Data Protection Act 2023 in India, including its scope, definitions, obligations of data fiduciaries, grounds for processing personal data, notice requirements for data principals, and penalties for non-compliance. It outlines categories of entities that would be considered significant data fiduciaries and the additional obligations that would apply to them. The summary also compares some aspects of the proposed Indian law to the General Data Protection Regulation (GDPR) in the European Union.
Cyber Truths_Are you Prepared version 1.1.pptx.pdfPriyanka Aash
This document discusses cybersecurity threats and SentinelOne's solutions. It begins with questions about an organization's cyber preparedness and budget. It then discusses the cat-and-mouse game between attackers and defenders. The document highlights growing ransomware threats and payments. It argues SentinelOne provides a unified security solution that lowers costs, risks, and complexity while improving detection and response. It shares industry recognition for SentinelOne and concludes by thanking the audience.
An IT systems outage and distributed denial of service (DDoS) attack impacted an organization called XYZ Ltd. This was followed by a ransom demand email from an anonymous sender threatening to release sensitive project data. When the ransom deadline passed, anonymous hackers released a video on social media and the data breach began receiving media coverage. A customer then contacted XYZ to inquire about the data leak and if their content was impacted. The document outlines discussions between teams at XYZ on responding to the cyber incident and lessons learned.
The CISO Platform is a 10+ year old dedicated social platform for CISOs and senior IT security leaders that has grown to over 40,000 members across 20+ countries. Through sharing and collaboration, the community has created over 500 checklists, frameworks, and playbooks that are available for free to members. The platform also hosts an annual security conference with over 100 speakers and 20 workshops attended by 20,000 people. The goal of the CISO Platform is to build tangible community goods and resources through open sharing and collaboration among security professionals.
This document provides updates from the Chennai Chapter of the CISO Platform for 2021. It discusses the following:
1. The Breach and Attack Summit held in December which included panel discussions, presentations, task forces, and workshops despite natural disasters, with over 200 attendees.
2. Chapter meetings focused on ransomware trends and lessons learned from attacks.
3. A kids initiative to promote cybersecurity awareness through sessions for students, parents and teachers at local schools.
4. The task forces focused on topics like cyber risk quantification, quantum computing, cyber insurance and privacy.
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Lessons Learned From Ransomware AttacksPriyanka Aash
The document summarizes a ransomware attack experienced by the author's organization and the lessons learned. It describes how the ransomware encrypted files and powered off virtual machines. It then details the recovery process over several days, including bringing in an incident response firm, rebuilding infrastructure, and restoring service for customers. Key lessons included having stronger access controls, backups stored separately, and implementing security tools like EDR, centralized logging, and identity management best practices.
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
We are all aware of the current risks when developing a connected product, especially with vehicles since much is at stake both from an information and safety perspective. In this workshop, we will learn how to build Security requirements, architect, design, test and produce Safety and Security critical components using a methodology that works in harmony both with Engineering and Security
Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed.
"This workshop is for pentesters, security researchers or someone looking to get into IoT security but is reluctant due to the wide range of technologies involved and plethora of different tools. While it does require a considerable amount of knowledge in the domain, it is not as difficult as you may think. In this workshop we will introduce you to some of the important concepts and EXPLIoT framework in a very simple way that can be used for the various IoT attack vectors. The primary focus of this workshop is to introduce the attendees to the open source IoT Security Testing and Exploitation Framework - EXPLIoT (https://gitlab.com/expliot_framework/expliot) and enable them to use as well as extend it by writing plugins for new IoT based exploits and analysis test cases. It’s a flexible and extendable framework that would help the security community in writing quick IoT test cases and exploits. The objectives of the framework are:
1. Easy to use
2. Extendable
3. Support for hardware, radio and IoT protocol analysis
EXPLIoT currently supports the following protocols which can be utilized for writing new plugins/exploits:
1. Radio – BLE , Zigbee
2. Network – MQTT, CoAP, DICOM, MODBUS, MDNS, NMAP, TCP, UDP
3. Hardware – CAN, SPI, I2C, UART, JTAG
This talk would give attendees a first-hand view of the functionality, how to use it and how to write plugins to extend the framework."
This workshop aims to give an intermediate-level understanding of the potential risk associated with cellular mobile communication networks and the security issues in the radio access network. In particular, we begin with a brief history of Telecom, fundamentals of mobile network, radio signals, the security architecture of GSM/UMTS/LTE, cellular network attack detection methods, and security vulnerabilities with possible practical examples with case studies.
The European Parliament is the latest government entity Lars G. A. Hilse has briefed about the risks of cyberterrorism. Yet these risks aren’t limited to critical infrastructure. Cyberterrorism is responsible for devastating collateral damage in the private sector, also. This talk presents detailed insights into the past, present, and future of the most significant threat in history, and how these risks can be mitigated/reduced.
Rethinking Application Security for cloud-native eraPriyanka Aash
Cloud native applications are API driven and are based on distributed microservices. APIs are the gateway to your business and expose a lot of the business logic to the outside world. Legacy solutions to understand your applications security posture are not applicable to these modern continuously changing environments
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
An IT systems outage and distributed denial of service (DDoS) attack impacted an organization called XYZ Ltd. This was followed by a ransom demand email from an anonymous sender threatening to release sensitive project data. When the ransom deadline passed, anonymous hackers released a video on social media and the data breach began receiving media coverage. A customer then contacted XYZ to inquire about the data leak and if their content was impacted. The document outlines discussions between teams at XYZ on responding to the cyber incident and lessons learned.
The CISO Platform is a 10+ year old dedicated social platform for CISOs and senior IT security leaders that has grown to over 40,000 members across 20+ countries. Through sharing and collaboration, the community has created over 500 checklists, frameworks, and playbooks that are available for free to members. The platform also hosts an annual security conference with over 100 speakers and 20 workshops attended by 20,000 people. The goal of the CISO Platform is to build tangible community goods and resources through open sharing and collaboration among security professionals.
This document provides updates from the Chennai Chapter of the CISO Platform for 2021. It discusses the following:
1. The Breach and Attack Summit held in December which included panel discussions, presentations, task forces, and workshops despite natural disasters, with over 200 attendees.
2. Chapter meetings focused on ransomware trends and lessons learned from attacks.
3. A kids initiative to promote cybersecurity awareness through sessions for students, parents and teachers at local schools.
4. The task forces focused on topics like cyber risk quantification, quantum computing, cyber insurance and privacy.
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Lessons Learned From Ransomware AttacksPriyanka Aash
The document summarizes a ransomware attack experienced by the author's organization and the lessons learned. It describes how the ransomware encrypted files and powered off virtual machines. It then details the recovery process over several days, including bringing in an incident response firm, rebuilding infrastructure, and restoring service for customers. Key lessons included having stronger access controls, backups stored separately, and implementing security tools like EDR, centralized logging, and identity management best practices.
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
We are all aware of the current risks when developing a connected product, especially with vehicles since much is at stake both from an information and safety perspective. In this workshop, we will learn how to build Security requirements, architect, design, test and produce Safety and Security critical components using a methodology that works in harmony both with Engineering and Security
Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed.
"This workshop is for pentesters, security researchers or someone looking to get into IoT security but is reluctant due to the wide range of technologies involved and plethora of different tools. While it does require a considerable amount of knowledge in the domain, it is not as difficult as you may think. In this workshop we will introduce you to some of the important concepts and EXPLIoT framework in a very simple way that can be used for the various IoT attack vectors. The primary focus of this workshop is to introduce the attendees to the open source IoT Security Testing and Exploitation Framework - EXPLIoT (https://gitlab.com/expliot_framework/expliot) and enable them to use as well as extend it by writing plugins for new IoT based exploits and analysis test cases. It’s a flexible and extendable framework that would help the security community in writing quick IoT test cases and exploits. The objectives of the framework are:
1. Easy to use
2. Extendable
3. Support for hardware, radio and IoT protocol analysis
EXPLIoT currently supports the following protocols which can be utilized for writing new plugins/exploits:
1. Radio – BLE , Zigbee
2. Network – MQTT, CoAP, DICOM, MODBUS, MDNS, NMAP, TCP, UDP
3. Hardware – CAN, SPI, I2C, UART, JTAG
This talk would give attendees a first-hand view of the functionality, how to use it and how to write plugins to extend the framework."
This workshop aims to give an intermediate-level understanding of the potential risk associated with cellular mobile communication networks and the security issues in the radio access network. In particular, we begin with a brief history of Telecom, fundamentals of mobile network, radio signals, the security architecture of GSM/UMTS/LTE, cellular network attack detection methods, and security vulnerabilities with possible practical examples with case studies.
The European Parliament is the latest government entity Lars G. A. Hilse has briefed about the risks of cyberterrorism. Yet these risks aren’t limited to critical infrastructure. Cyberterrorism is responsible for devastating collateral damage in the private sector, also. This talk presents detailed insights into the past, present, and future of the most significant threat in history, and how these risks can be mitigated/reduced.
Rethinking Application Security for cloud-native eraPriyanka Aash
Cloud native applications are API driven and are based on distributed microservices. APIs are the gateway to your business and expose a lot of the business logic to the outside world. Legacy solutions to understand your applications security posture are not applicable to these modern continuously changing environments
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
2. 2
Advanced SOC - Features
Threat Assessment and Hunting
– Knowing Threats and Adversaries
– Their tools and methods
– Critical assets as targets
– Existing Controls and Weakness
– Monitoring presence , IOC Management
and Hunting
Threat Intelligence
– Internal threat intelligence
– External threat intelligence
– Application of threat intelligence
– Automated consumption of threat
intelligence (updated SIEM rules/
runbook)
Situational Awareness
– Context and enrichment
(Post correlation, joining the dots to see the
attack chain)
– Visibility
(Visualization to the state of security)
Security Analytics
– Behavioral profiling for users and
systems
– Database searches and statistical
modeling, reporting and visualization
– Forensics capability (Netflow/ replay)
3. Log Sources
Correlation
Analysis &
Reporting
Collection &
Aggregation
Connector Event Processor/ Logger
ESM Console
Storage Array
Online Logs and Reports
Portal Ticketing
Network Devices
Servers / Systems
Authentication/DNS/Apps
Reporting
Monitor everything
Logs, network traffic,
user activity
Correlate
intelligently
Connect the dots of
disparate activity
Detect anomalies
Alerts, Violation,
Unusual yet hidden
behavior
Single, Unified & Integrated
Mgt Console
Incident Management
Automation
Big Data Set - Machine Learning –
Analytics
3
A-SOC Architecture
NetFlow
Threat Intelligence
• Logs
• Contextual Data
• Vulnerability Asset
Inventories
• Reports and Analytics
Internal
• XFORCE
• CrowdStrike
• SecureWorks
• Deepsight
External
Threat Ingestion - Structured Threat Information
eXpression (STIX™)
Threat
Hunting
End Points /
Mobile / Cloud
UBA
4. • Data collection capabilities and compliance benefits of log management,
• The correlation, normalization and analysis capabilities of SIEM (security information and event
management)
• The network visibility and advanced threat detection of NBAD (network behavior anomaly detection), and
user behavior anomaly detection by machine learning - User Behavior Analytics
• The ability to reduce breaches and ensure compliance provided by Risk Management,
• The network traffic and application content insight afforded by Network Forensics.
• The automation of Incident Response by Artificial Intelligence / Run Books
• IOC / VM Management by Threat Intelligence
• Reporting and Visualization provided by Presentation Layer
SIEM as a platform should be a truly integrated solution built on a common codebase, with a single data
management architecture and a single user interface.
4
A-SOC Technical Capabilities
5. 5
A-SOC Framework
Strategy
Program vision, objectives, approach, initiatives, roadmap
SIEM Admin Operation
• Tool / Log Integration
• Reporting and Dashboards
• Rule Administration
• Device Administration
Threat Monitoring & Response
• Monitoring and Notification
• Validation and Triage
• Analysis and Escalation
Threat Hunting & Intelligence
• Internal Threat Intelligence (Assets/
Vulnerabilities/ Alerts
• External Threat Intelligence (Feeds,
analysis, actionable)
Governance
SOC Organization, Reporting, Service Level Management, Policy Approvals, Recommendations, Escalation.
NBAD and Forensics
• Network flow monitoring and anomaly
detection
• Full packet capture for forensics
Strategy &
Governance
Operations
SIEM Technology
• Log collection, processing and
correlation
• Data sources – structure, referential
and unstructured
Incident Management Tool
• Ticketing, run book automation, incident
response and collaboration and KPI
monitoring
Technology Analytics
• Big data – User Behavior Analytics
• End System Analytics
• Historical log and network and
application data correlation
Integration
• CMDB - Asset Modeling
• VM – Vulnerability Mapping
• Incident Mgt – Ticketing / Workflow
• Threat Intelligence Feeds
Business Intelligence
• Security Dashboard
• Visualization – Integrated Security
Posture
• Risk and Analysis Report
BUSINESS FUNCTION
• Requirement Analysis
• Risk Management
• Audit and Compliance Management
• Legal and Fraud Management
OPERATION FUNCTION
• Active Threat Hunting
• Run Book / Response Management
• IOC Management
• Use Case Management
• Intelligence Analysis
TECHNOLOGY FUNCTION
• Architecture and Integration
• Development
• Server Management
• Application, User and Data
monitoring
CSIRT
• Incident Response / Emergency
Response
• Forensics
A-SOC framework allow organizations to setup a cohesive and comprehensive cyber
defense SOC with a strong foundation
Advanced SOC
FRAMEWORK
6. Other Internal Teams
Systems
Applications
Network
Database
Vulnerability / Patch
Business
Risk / Compliance
Information
Technology
Information
Security and Risk
Management
CISO
CEO , COO, CRO
Board / Shareholders
Incident Responder
L2/L3 SOC Analysts
Service Desk
L-1 Monitoring Team
SOC Manager
SIEM Admins Forensics
Threat Hunter
Country CERT
Regulatory Bodies
CIO
SOC Team
Internal SOC organization associated roles
and responsibilities should be clearly
defined. The following is a sample
organization structure.
Threat Intelligence
6
A-SOC Organization Structure and Functions
7. Event Management
• Event monitoring, analysis and
correlation
• Triage and Escalation
• Containment
• Proactive intelligence and situational
awareness
• Response collaboration
Vulnerability & Patch Mgmt
• Vulnerability research
• Identification
• Patch management
• Dissemination
• Compliance monitoring
• Configuration / Control baselines
• Antivirus signature management
• Microsoft updates
Incident Response
• IM Charter, CSIRT and TIG Reporting Structure, R&R
• Incident Handling Process and Procedures for:
• Identification, validation, declaration, escalation,
containment, investigation, forensics, eradication,
recovery, post incident
• Cross functional RACI and co-ordination for response
• Forms and Templates
Threat Specific Response Procedures
• Phishhing / Spear Phishing
• Malware (virus, worms, trojans, spyware)
• NetFlow Abnormal Behavior Incident
• Network Behavior Analysis Incident
• (Distributed) Denial of Service
• Domain hijack or DNS cache poisoning
• Website defacement
• Web application incident
• Unauthorized access
• User account compromise
• Host compromise
SOC
• Charter
• Organization
• Roles and responsibilities
• Business requirements, scope
and architecture
• Service Catalogue
• SOC operations and
management procedures
• SOC metrics and KPIs
• SOC process and procedure
manual (all processes and
procedures including
tool/solution specific)
• SOC security policy
• SOC business continuity and
disaster recovery
Threat Hunting
• Threat Intelligence
• Threat Hunting
• Crown Jewel Mapping / TTPs
7
A-SOC Processes
8. 8
Incident Lifecycle Management
Threat Management – Our defence in Cyber Kill Chain
Know your
adversaries
and their
methods; IOC,
Hunt Mission
Detect threat
activity in kill
chain
Disrupt the kill
chain and stop
the attack
Eradicate
threat agent
and remove
the threat
Our Best Defence against advanced cyber threats lie in Advanced detection, hunting, analysis
intelligence and incident response working in cordial manner defined by our processes
Threat Intelligence & Hunting
Security Operation
Incident Response
Response StrategyDetection and Deception - Threat Indicators
Editor's Notes
Threat Assessment – Use case is critical asset modelling, viewing the connections, data transfers, in and out traffic to those assets. One can also create threat indicators to see behaviors that can be monitored via threat indicators.
Ability to view assets with vulnerabilities, patches, incidents, configuration and process weakness
Threat intelligence
Learning at someone else cost – 2 ways – research or discovery – reverse working – identifying indicators and automating
Work with internal threat intelligence before subscribing to external ones, fuse later.
There are many sources of threat intelligence and comes in variety of format- from emails, feeds, web sites. Need to carefully take the right quality and customized to the environment and paid.
Consume intelligence, take some action - intelligence is operational, it should tell you to go block this segment, give some patch information.
Auto consumption can help reduce time and based on trust configure, reconfigure systems
Should we automate the Threat Intelligence Response
Ingestion of threat intelligence
Searching for threat indicators
Enrichment
Disabling of AD accounts
Surgical end point containment
Situational Awareness
1. Analogy of the aircraft
2. SIEM provides log and event data, but not state information. As a result, you're only every getting a small piece of the picture about your security posture. It can tell you that youre under attack, but cant tell you specifically where from, where an attack is heading, or how quickly it is moving
3. As a result it cant tell you what you should do to repel an attack and to minimize the damage. So context in terms of Geo IP / Identity - this person and not MAC or IP address; Passive DNS/ WhoIS / Reputation data/ including using DGA to tell you how old the domain is?
Security Analytics
Large amount of data - one piece of activity and combination might realize that something is uncommon; with stream - one can monitor large amount of data like email, social media, web and DNS etc
Look for
Previously known bots and what are common ways they have
it can be how they communicate to the command and control centre
pattern is learnt from historical data
SIEM – often just use logs and alerts/ consume information that is available in logs
Cannot see what changed in the file, can monitor entire stream of data to replay (raw network traffic)
IBM is working on an innovative technology, also known as AI.
Only hope for advanced attack is security software based decisioning and intelligence.
It takes massive amount of security content - CVE threat database, deployment guide, how to procedures. Once the system detects the threat - generates questions with context - brute force. Reads up about the threat - it can look up sources of information; it associate confidence level and all in natural language. There are no memory lapses and it also has the ability to run simulation based on large variables and really models complex phenomenon
Post detection of the threat, Watson comes back and says – solution is remote login block and here is the config file, this is change that is sought and restart the system and the job is done