Incident Response Whitepaper from AlienVault, one of the multiple SIEM solutions that Panda Adaptive Defense (360) works with, in addition to native Advanced Reporting/LogTrust.
Unified, Coordinated Security Monitoring
Simple Security Event Management & Reporting
Log Management
User Monitoring & File Integrity Monitoring
Threat Intelligence
Fast Deployment
One Easy-to-Use Console
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
This presentation covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets.
Key take-aways:
* Integrating the 3 critical factors - people, processes & technology
* Saving time and money via automated tools
* Anticipating and overcoming common Vulnerability Management roadblocks
* Meeting security regulations and compliance requirements with Vulnerability Management
Enterprise Class Vulnerability Management Like A Bossrbrockway
A fluid and effective Vulnerability Management Framework, a core pillar in most Enterprise Security Architectures (ESA), remains a continual challenge to most organizations. Ask any of the major breach targets of the past several years. This talk takes the recent OWASP Application Security Verification Standard (ASVS) 2014 framework and applies it to Enterprise Vulnerability Management in an attempt to make a clearly complicated yet necessary part of your organization's ESA much more manageable, effective and efficient with feasible recommendations based on your business' needs.
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
You can tune in for the full webinar recording here: https://www.beyondtrust.com/resources/webinar/10-steps-to-building-an-effective-vulnerability-management-program/
In this presentation from the webinar by cyber security expert Derek A, Smith, hear a step-by-step overview of how to build an effective vulnerability management program. Whether your network consists of just a few connected computers or thousands of servers distributed around the world, this presentation discusses ten actionable steps you can apply whether its to bolster your existing vulnerability management program--or building one from scratch.
Enterprise Vulnerability Management: Back to BasicsDamon Small
Vulnerability Management is the lifecycle of identifying and remediating vulnerabilities in an organization's enterprise. A number of companies are starting to do this well, but in some cases, focus on advanced and emerging threats has had the unintended consequence of leaving Vulnerability Management unattended. Defense is actually hard work and people aren't doing it as well as they should! Considered in the context of asymmetric warfare, Blue Teaming is more difficult than Red Teaming. Coupled with the fact that most vulnerabilities do not actually suffer from advanced attacks and 0-days, Vulnerability Management must be the cornerstone of any Information Assurance Program.
The speakers, Kevin Dunn and Damon Small, will describe the key elements of a mature Vulnerability Management Program (VMP) and the pitfalls encountered by many organizations as they try to implement it. Dunn and Small will include detailed examples of why purchasing the scanner should be one of the last decisions made in this process, and what the attendee must do to ensure the successful defense of company assets and data. This session will cover:
- Vulnerability Management: What is it good for?
- What is it not good for?
- How do I make a real difference?
Incident Response Whitepaper from AlienVault, one of the multiple SIEM solutions that Panda Adaptive Defense (360) works with, in addition to native Advanced Reporting/LogTrust.
Unified, Coordinated Security Monitoring
Simple Security Event Management & Reporting
Log Management
User Monitoring & File Integrity Monitoring
Threat Intelligence
Fast Deployment
One Easy-to-Use Console
Planning and Deploying an Effective Vulnerability Management ProgramSasha Nunke
This presentation covers the essential components of a successful Vulnerability Management program that allows you proactively identify risk to protect your network and critical business assets.
Key take-aways:
* Integrating the 3 critical factors - people, processes & technology
* Saving time and money via automated tools
* Anticipating and overcoming common Vulnerability Management roadblocks
* Meeting security regulations and compliance requirements with Vulnerability Management
Enterprise Class Vulnerability Management Like A Bossrbrockway
A fluid and effective Vulnerability Management Framework, a core pillar in most Enterprise Security Architectures (ESA), remains a continual challenge to most organizations. Ask any of the major breach targets of the past several years. This talk takes the recent OWASP Application Security Verification Standard (ASVS) 2014 framework and applies it to Enterprise Vulnerability Management in an attempt to make a clearly complicated yet necessary part of your organization's ESA much more manageable, effective and efficient with feasible recommendations based on your business' needs.
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
You can tune in for the full webinar recording here: https://www.beyondtrust.com/resources/webinar/10-steps-to-building-an-effective-vulnerability-management-program/
In this presentation from the webinar by cyber security expert Derek A, Smith, hear a step-by-step overview of how to build an effective vulnerability management program. Whether your network consists of just a few connected computers or thousands of servers distributed around the world, this presentation discusses ten actionable steps you can apply whether its to bolster your existing vulnerability management program--or building one from scratch.
Enterprise Vulnerability Management: Back to BasicsDamon Small
Vulnerability Management is the lifecycle of identifying and remediating vulnerabilities in an organization's enterprise. A number of companies are starting to do this well, but in some cases, focus on advanced and emerging threats has had the unintended consequence of leaving Vulnerability Management unattended. Defense is actually hard work and people aren't doing it as well as they should! Considered in the context of asymmetric warfare, Blue Teaming is more difficult than Red Teaming. Coupled with the fact that most vulnerabilities do not actually suffer from advanced attacks and 0-days, Vulnerability Management must be the cornerstone of any Information Assurance Program.
The speakers, Kevin Dunn and Damon Small, will describe the key elements of a mature Vulnerability Management Program (VMP) and the pitfalls encountered by many organizations as they try to implement it. Dunn and Small will include detailed examples of why purchasing the scanner should be one of the last decisions made in this process, and what the attendee must do to ensure the successful defense of company assets and data. This session will cover:
- Vulnerability Management: What is it good for?
- What is it not good for?
- How do I make a real difference?
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
Abstract:
While vulnerability assessments are an essential part of understanding your risk profile, it's simply not realistic to expect to eliminate all vulnerabilities from your environment. So, when your scan produces a long list of vulnerabilities, how do you prioritize which ones to remediate first? By data criticality? CVSS score? Asset value? Patch availability? Without understanding the context of the vulnerable systems on your network, you may waste time checking things off the list without really improving security.
Join AlienVault for this session to learn:
*The pros & cons of different types of vulnerability scans - passive, active, authenticated, unauthenticated
*Vulnerability scores and how to interpret them
*Best practices for prioritizing vulnerability remediation
*How threat intelligence can help you pinpoint the vulnerabilities that matter most
7 Steps to Build a SOC with Limited ResourcesLogRhythm
Most organizations don't have the resources to staff a 24x7 security operations center (SOC). This results in events that aren't monitored around the clock, major delays in detecting and responding to incidents, and the inability for the team to proactively hunt for threats. It's a dangerous situation.
But there is a solution. By using the Threat Lifecycle Management framework to combine people, process, and technology to automate manual tasks, your team can rapidly detect and respond to threats—without adding resources. Read on to learn 7 steps to building your SOC, even when your resources are limited.
Is Your Vulnerability Management Program Keeping Pace With Risks?Skybox Security
To effectively reduce the risks of cyber attacks, comply with continuous monitoring requirements, and provide visibility to executives, organizations need to manage their vulnerabilities and associated risks continuously. This is required in order to match or exceed the daily rate of attacks.
Why bother to assess your risks every 90 days when new threats are unleashed every day?
See how you can:
• Transform vulnerability discovery from a ‘round robin’ schedule to continuous monitoring for vulnerabilities
• Prioritize vulnerabilities based on exploitability and potential business impact
• Focus remediation efforts and track progress to show a measurable reduction of risk
• Make vulnerability management an essential part of daily change management processes
These slides will include case studies, survey data, and best practices – ideal for IT security practitioners who are considering, or already implementing, next-generation vulnerability management to effectively and measurably mitigate risk.
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
Vulnerability Management Nirvana: A Study in Predicting Exploitability
When everything is a priority, nothing is. 15% or 10,000 vulnerabilities have a CVSS score of 10. Vendors and practitioners alike use CVSS or their own threat intelligence models to predict which vulnerabilities will be exploited next. We review current options, present a predictive data-driven prioritization model, and how attendees can get started using our approach in their vulnerability management program.
This white paper endeavors to compare the traditional Threat identification techniques and the challenges they pose as they are applied into current product designs. It also proposes the key elements to consider while designing new threat identification solutions.
Is Your Vulnerability Management Program Irrelevant?Skybox Security
In this webcast, Scott Crawford from Enterprise Management Associates and Michelle Johnson Cobb of Skybox Security will discuss how to:
Link vulnerability discovery, risk-based prioritization, and remediation activities to effectively mitigate risks before exploitation.
Build a remediation strategy that addresses ‘unpatchable’ systems
Minimize change management headaches by anticipating unintended impacts due to system and application interdependencies.
Use metrics and key performance indicators (KPI’s) like remediation latency to track effectiveness of the vulnerability management program.
Topic Maps Web Service: Case Examples and General Structuretmra
We implemented Topic Maps besed web applications which use the Topic Maps web service. We are publishing the applications on the internet. By using the service, according to identified subjects the web applications can get richer information from other topic map web applications easily and effectively. In this paper, we describe usable components for the service. We report the case examples of topic map web applications and Topic Maps web services which we implemented. They use the PSIs to identify subjects among applications. They also use TMRAP (Topic Maps Remote Access Protocol) which is a Web API to exchange Topic Maps fragment. We also consider the general structure of Topic Maps web service.
Vulnerability Management: What You Need to Know to Prioritize RiskAlienVault
Abstract:
While vulnerability assessments are an essential part of understanding your risk profile, it's simply not realistic to expect to eliminate all vulnerabilities from your environment. So, when your scan produces a long list of vulnerabilities, how do you prioritize which ones to remediate first? By data criticality? CVSS score? Asset value? Patch availability? Without understanding the context of the vulnerable systems on your network, you may waste time checking things off the list without really improving security.
Join AlienVault for this session to learn:
*The pros & cons of different types of vulnerability scans - passive, active, authenticated, unauthenticated
*Vulnerability scores and how to interpret them
*Best practices for prioritizing vulnerability remediation
*How threat intelligence can help you pinpoint the vulnerabilities that matter most
7 Steps to Build a SOC with Limited ResourcesLogRhythm
Most organizations don't have the resources to staff a 24x7 security operations center (SOC). This results in events that aren't monitored around the clock, major delays in detecting and responding to incidents, and the inability for the team to proactively hunt for threats. It's a dangerous situation.
But there is a solution. By using the Threat Lifecycle Management framework to combine people, process, and technology to automate manual tasks, your team can rapidly detect and respond to threats—without adding resources. Read on to learn 7 steps to building your SOC, even when your resources are limited.
Is Your Vulnerability Management Program Keeping Pace With Risks?Skybox Security
To effectively reduce the risks of cyber attacks, comply with continuous monitoring requirements, and provide visibility to executives, organizations need to manage their vulnerabilities and associated risks continuously. This is required in order to match or exceed the daily rate of attacks.
Why bother to assess your risks every 90 days when new threats are unleashed every day?
See how you can:
• Transform vulnerability discovery from a ‘round robin’ schedule to continuous monitoring for vulnerabilities
• Prioritize vulnerabilities based on exploitability and potential business impact
• Focus remediation efforts and track progress to show a measurable reduction of risk
• Make vulnerability management an essential part of daily change management processes
These slides will include case studies, survey data, and best practices – ideal for IT security practitioners who are considering, or already implementing, next-generation vulnerability management to effectively and measurably mitigate risk.
Vulnerability Management Nirvana - Seattle Agora - 18Mar16Kymberlee Price
Vulnerability Management Nirvana: A Study in Predicting Exploitability
When everything is a priority, nothing is. 15% or 10,000 vulnerabilities have a CVSS score of 10. Vendors and practitioners alike use CVSS or their own threat intelligence models to predict which vulnerabilities will be exploited next. We review current options, present a predictive data-driven prioritization model, and how attendees can get started using our approach in their vulnerability management program.
This white paper endeavors to compare the traditional Threat identification techniques and the challenges they pose as they are applied into current product designs. It also proposes the key elements to consider while designing new threat identification solutions.
Is Your Vulnerability Management Program Irrelevant?Skybox Security
In this webcast, Scott Crawford from Enterprise Management Associates and Michelle Johnson Cobb of Skybox Security will discuss how to:
Link vulnerability discovery, risk-based prioritization, and remediation activities to effectively mitigate risks before exploitation.
Build a remediation strategy that addresses ‘unpatchable’ systems
Minimize change management headaches by anticipating unintended impacts due to system and application interdependencies.
Use metrics and key performance indicators (KPI’s) like remediation latency to track effectiveness of the vulnerability management program.
Topic Maps Web Service: Case Examples and General Structuretmra
We implemented Topic Maps besed web applications which use the Topic Maps web service. We are publishing the applications on the internet. By using the service, according to identified subjects the web applications can get richer information from other topic map web applications easily and effectively. In this paper, we describe usable components for the service. We report the case examples of topic map web applications and Topic Maps web services which we implemented. They use the PSIs to identify subjects among applications. They also use TMRAP (Topic Maps Remote Access Protocol) which is a Web API to exchange Topic Maps fragment. We also consider the general structure of Topic Maps web service.
When developing topic maps and their applications, key challenges are how to pick up the main subjects in targeted domains and how to systematize those subjects. This paper introduces a topic map development about topic map case examples. It also introduces what kinds of subjects were extracted and how the identifiers of those subjects were given and how those subjects were classified in the first version. Then the difficulties which were emerged during the development are discussed. In order to promote sharing of the case examples and make good use of them, I provide some consideration and future works.
Open-Source Security Management and Vulnerability Impact AssessmentPriyanka Aash
Re-usage of Open Source Software (OSS) has increased in commercial software development by orders of magnitude. This presentation will show how OSS vulnerabilities can be managed at large scale (about 10,000 OSS usages in our case), and how to address sins from the past. At last a concept will be shown which automates the analysis of the exploitability potential of an insecure OSS component.
(Source: RSA USA 2016-San Francisco)
Multi-faceted Classification of Big Data Use Cases and Proposed Architecture ...Geoffrey Fox
Keynote at Sixth International Workshop on Cloud Data Management CloudDB 2014 Chicago March 31 2014.
Abstract: We introduce the NIST collection of 51 use cases and describe their scope over industry, government and research areas. We look at their structure from several points of view or facets covering problem architecture, analytics kernels, micro-system usage such as flops/bytes, application class (GIS, expectation maximization) and very importantly data source.
We then propose that in many cases it is wise to combine the well known commodity best practice (often Apache) Big Data Stack (with ~120 software subsystems) with high performance computing technologies.
We describe this and give early results based on clustering running with different paradigms.
We identify key layers where HPC Apache integration is particularly important: File systems, Cluster resource management, File and object data management, Inter process and thread communication, Analytics libraries, Workflow and Monitoring.
See
[1] A Tale of Two Data-Intensive Paradigms: Applications, Abstractions, and Architectures, Shantenu Jha, Judy Qiu, Andre Luckow, Pradeep Mantha and Geoffrey Fox, accepted in IEEE BigData 2014, available at: http://arxiv.org/abs/1403.1528
[2] High Performance High Functionality Big Data Software Stack, G Fox, J Qiu and S Jha, in Big Data and Extreme-scale Computing (BDEC), 2014. Fukuoka, Japan. http://grids.ucs.indiana.edu/ptliupages/publications/HPCandApacheBigDataFinal.pdf
IBM DataPower Gateway appliances are used in a variety of user scenarios to enable security, control, integration and optimized access for a range of workloads including Mobile, Web, API, B2B, Web Services and SOA. This presentation from the IBM DataPower team provides an in-depth look at each use case.
Penetration Testing is interesting and difficult work.
The main result of this work is Report. It can be used for Customer Presentation, Vulnerabilities Mitigation and Audit Compliance. Report is final proof of completed work and good overall score of Security Status.
Proatively Engaged: Questions Executives Should Ask Their Security TeamsFireEye, Inc.
Jim Aldridge from FireEye discusses what executives should ask their security teams. This is available on the FireEye Blog www.fireeye.com/blog/executive-perspective/2015/11/proactively_engaged.html
Mapping the Enterprise Threat, Risk, and Security Control Landscape with SplunkAndrew Gerber
As threats evolve, it is essential to move beyond looking at events toward developing behavioral analysis capabilities. Knowing not only the components but also the rhythms of your environment becomes crucial to enable earlier detection of attackers. This session will review the threat and risk landscape today, recommend approaches to bolster your security control monitoring, apply situational awareness and kill chain techniques, and walk through the construction of two specific use cases. They are 1) detecting compromised accounts via remote access behavior analysis and 2) detecting malicious activity (attacker or insider) by detecting and tracing network jumpers from corporate to guest networks. The session will discuss the design approach and searches used in these two use cases so that you can build other use cases to improve your security capability and posture.
When to Implement a Vulnerability Assessment or Pen Test | IT Security & Risk...Cam Fulton
Learn how to evaluate risk, what the differences are between vulnerability assessments and penetration tests, and when to implement both.
Presented by AWA International, a division of I.S. Partners, LLC https://www.ispartnersllc.com/awa-international-group/
Professional Services :
We offer bespoke penetration services to meet the requirements of our clients. We bring years of global experience and stamina to guide our clients through the ever-evolving cyber security threat landscape
We are driven to understand your security concerns and are committed to delivering high quality security solutions, such as :
-Research Powerhouse
-Client-centric Focus
-Affordable
-Certified Security Experts
-Global Consulting Services
https://redfoxsec.com/
How to Perform Continuous Vulnerability ManagementIvanti
Without treating security as an ongoing process, hackers will find, weaponize, deploy, and attack your infrastructure faster than your team can patch. At the same time, the experience of your IT team working with the security group is frustrating and leads to many, many hours of manual work. Learn how to stay ahead of the bad guys and improve the experience for your team with continuous vulnerability management.
How to Build and Validate Ransomware Attack Detections (Secure360)Scott Sutherland
Ransomware is a strategy for adversaries to make money – a strategy that’s proven successful. During this presentation, we will cover how ransomware works, ransomware trends to watch, best practices for prevention, and more. At the core of the discussion, Scott will explain how to build detections for common tactics, techniques, and procedures (TTPs) used by ransomware families and how to validate they work, ongoing, as part of the larger security program. Participants will leave this webinar with actionable advice to ensure their organization is more resilient to ever-evolving ransomware attacks.
Explain in Hindi: https://www.youtube.com/watch?v=6xqkDB3NHN0
Discovering vulnerabilities is important, but being able to estimate the associated risk to the business is just as important. Early in the life cycle, one may identify security concerns in the architecture or design by using threat modeling. Later, one may find security issues using code review or penetration testing. Or problems may not be discovered until the application is in production and is actually compromised.
Reference: https://owasp.org/www-community/OWASP_Risk_Rating_Methodology
https://www.owasp-risk-rating.com/
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. Disclaimer
2
During the course of this presentation, we may make forward looking statements regarding future events
or the expected performance of the company. We caution you that such statements reflect our current
expectations and estimates based on factors currently known to us and that actual events or results
could differ materially. For important factors that may cause actual results to differ from those contained
in our forward-looking statements, please review our filings with the SEC. The forward-looking
statements made in the this presentation are being made as of the time and date of its live presentation.
If reviewed after its live presentation, this presentation may not contain current or accurate information.
We do not assume any obligation to update any forward looking statements we may make. In addition,
any information about our roadmap outlines our general product direction and is subject to change at
any time without notice. It is for informational purposes only and shall not, be incorporated into any
contract or other commitment. Splunk undertakes no obligation either to develop the features or
functionality described or to include any such feature or functionality in a future release.
4. Short intro
4
Splunker 2 years.
Information Security focused “day job” over 5 years.
Doing security work “don’t get hacked” over a decade, if we do get
hacked they don’t get anything important.
6. Framework / Approach
6
Problem
Type
Essential
Use Cases
Maturing
Use Cases
Data and
Events
Enrichment
Options
Scoping
Parameters
Regulatory
and Control
Parameters
Risk
Perspective
Technology
Providers
Implementation
Viability
Identify pain Set goals Establish initial
conditions
Map critical path
Response plan/
Operational processes
Effectiveness
Monitoring
Artifacts
T1 / Triage
Procedure
T2 /
Investigative
Guidelines
7. Use Case Development
7
Communicates progress toward agreed goals
Holds accountable the teams creating events for analysis
Justifies the value of work
Validates the investment in technology?
Links events of interest to concrete concepts, spend less time
explaining why something is important.
8. Everyone knows your goals
8
Maybe. Agreeing to the words and the definitions are not the same
thing. You say - they heard – but confusion follows
Stakeholders have different views
Define the goal and the measurement up front
9. Example goal and measure
9
Goal: reduce the risk of loss of data or operational availability due to
malware operating in the environment.
Measure Identification of patient zero for new malware strains,
allowing analysts to identify opportunities for prevention through
the application of enhancements to preventive controls. (trackable)
Test monitor for infections for signatures where outbreak occurs
more than n hours after first encounter.
10. What are valid goals
10
Any meaningful measure of progress towards one of the following:
Organizational high level risk statement
Compliance with internal or external standard by which the security
program is measured or assessed, COBIT, HIPPA-HiTech, PCI, SOX etc
Increase in the stature of the team within the organization, or
increase in the reputation of the organization with its customers,
vendors or peers as a competitive advantage
Reduction in the operational expense or opportunity cost of any
current process.
11. Who are goal setters
11
Risk frameworks
The Headlines
Executive meetings at the golf course
Keeping up with the Jones Inc.
Conferences
Auditors (based on standards, or Google searching)
Security Concerns
12. Lets set some goals
12
Show progress in the reduction of risk or impact
RV1-AbuseofAccess — Abuse of access addressed the risk of authorized or entitled access in such a
way as to cause harm to the organization
RV2-Access — Access addressed the risk of unauthorized access in such a way as to cause harm to
the organization
RV3-MaliciousCode — Malicious code addressed the risk of processes used against the organization,
these risks include "malware" as well as authorized software used for malicious intent.
RV4-ScanProbe — Risk of activities that could discover a weakness in the organizations systems,
controls, or configuration that could latter be used to harm the organization
RV5-DenialofService — Risk of denial of service includes such concerns as load based and destructive
change to the infrastructure.
RV6-Misconfiguration — Modification of a system that results in a misconfiguration defined as
insecure or unreliable impacting the compliance, security, or availability of the system. Such
configuration may increase the likelihood or impact of other adverse events.
13. Or maybe these
13
In the constantly evolving threat landscape organizations often must
set aside strategic plans and react to specific threats. Tactical threat
motivations support the urgent on boarding of missing critical data
sources.
Problems Types
PRT05-TacticalThreat-InsiderThreat
PRT05-TacticalThreat-Ransomeware
PRT05-TacticalThreat-SpearphishingCampaign
15. Recognizing our goal setters
15
We may not like that external pressures set our priorities, you may
not have this problem but this is a fact of life in most organizations
working with these pressures to gain momentum will enable more
success in the short and long term.
16. How to define ”progress”
16
That is a really good question, and it must be asked
Some solutions can satisfy more than one rubric, many times just
one but that’s not bad.
Did we improve the efficiency of the operation by reducing the time
required, or improving accuracy
Did we create new knowledge that can be used to inform our future
decisions
Did we identify an occurrence of an adverse event? Is it working
17. How to Prioritize Problem Types
17
Go through each problem type
Extract out the essential use cases
What data and events do you need
What enrichment options do you have
Score the rest based on:
– Adoption phase
– Severity
– Fidelity
– Load factor
– Etc.
Map out fastest time to impact
Define process / teams
18. Does it work?
18
Does the approach produce results
October 2015 Documented the first 20 risk mitigation Focused
October 2016 …...
19. Adoption
Motivations
Defined use
cases
Taxonomy Consumer
Friendly
Extensible Adoptable Opposition
• Proactive:
• Business
Problems
• Business Risks
• Compliance
• Expectations
• Reactive:
• Technology
Driven
• Expectations
• Single definition of
a use case for
multiple
audiences
• Structured
approach
• Defined terms
• Technician Level
• Manager Level
• Director Level
• Executive Level
• Sales Engineer
Level
• Account Manager
Level
• Started with
use cases for ES
• Added use
cases for PCI
• Structured to
embrace ITSI
and ITOA
• Code provided
for ten use
cases
• Structured for
Content Pack
Creation
• Built on the
concepts of
previous efforts
7 85 20 7 ∞ 10 0
By the Numbers it does
19
110
Use Cases
25. Example – Malware - basics
25
From here we start to walk through 3 levels of use cases and how to
structure the concepts and scope. Monitoring can have depth and
breadth.
Level Essentials monitor alerts from detections systems for things to
fix/things to know
Level Maturing monitor indicators of malware not identified by
preventive systems
Level Mature use level 1 and level 2 data to identify related malware
activity not picked up by detective systems
26. Malware – Level 1 use cases
Keep an eye on AV
26
UC0028 Endpoint Multiple infections over short time (Narrative and
Use Case Center)
Multiple infections detected on the same endpoint in a short period
of time could indicate the presence of a undetected loader malware
component (apt).
UC0030 Endpoint uncleaned malware detection (Narrative and Use
Case Center)
Endpoint with malware detection where anti malware product
attempted to and was unable to clean, remove or quarantine.
Problem Types Addressed Risk Addressed Event Data Sources
Enrichment
27. Malware – Level Essentials
When the AV misses
27
UC0020 Attempted communication through external firewall not
explicitly granted (Narrative and Use Case Center)
Any attempted communication through the firewall not previously
granted by ingress/egress policies could indicate either a
misconfiguration (causing systems behind the firewall to be
vulnerable) or malicious actions (bypassing the firewall).
28. Malware – Level Essentials
If its not encrypted listen to your IDS
28
UC0074 Network Intrusion Internal Network (Narrative and Use Case
Center)
IDS/IPS detecting or blocking an attack based on a known signature.
29. Malware – Level Essentials
Smarter Malware uses your proxy
29
UC0047 Communication with newly seen domain (Narrative and Use Case
Center)
Newly seen domain's may indicated interaction with risky or malicious
servers. Identification of new domains via web proxy logs without other
IOCs allows the analyst/threat hunter to explore the relevant data and
potentially identify weaknesses
UC0081 Communication with unestablished domain (Narrative and Use
Case Center)
Egress communication with a newly seen, newly registered, or registration
date unknown domain may indicate the presence of malicious code. Assets
communicating with external services excluding Alexa TOP 1M whose
reputation score exceeds acceptable norms will be flagged
30. Malware – Level Mature
Your AV is talked listen
30
UC0025 Endpoint Multiple devices in 48 hours in the same site (Narrative and Use Case Center)
Multiple infected devices in the same site could indicate a successful watering hole attack. Monitor
for more than 5% of the hosts in a site.
UC0026 Endpoint Multiple devices in 48 hours in the same subnet (Narrative and Use Case Center)
Multiple infected devices in the same subnet could indicate lateral movement of an adversary or a
possible worm. Monitor for more than 5% of the host addresses on a subnet as it is not readily
possible to know how many hosts are active on a subnet.
UC0027 Endpoint Multiple devices in 48 hours owned by users in the same organizational
unit (Narrative and Use Case Center)
Multiple infected devices in the same organizational unit could indicate a successful spear phishing
attack. Monitor for more than 5% of the hosts in an organizational unit.
UC0029 Endpoint new malware detected by signature (Narrative and Use Case Center)
When a new malware variant is detect by endpoint antivirus technology it is possible the
configuration or capability of other controls are deficient. Review the sequence of events leading to
the infection to determine if additional preventive measures can be put in place.
31. Threats – Level Mature
They are everywhere
31
UCESS053 Threat Activity Detected Review all log sources with src
and dest, IP, fqdn and email addresses for potential match on trusted
threat source.
32. How to work with us
32
Splunk-led workshop – 3-day agenda – contact PS
– Good for project managers, biz analyst, tech analyst/architect, sec analyst,
test lead, exec sponsors, exec stakeholders / deputies, compliance analysts,
internal assessors / auditors
Splunk-led assessment – contact sales and/or PS
– UCA tool developed by Ryan Faircloth (PS) and Erick Mechler (sales)