CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons it’s Written On - Alex Simons

•

2 likes•1,017 views

This session will review digital identity’s transition from vulnerable authentication methods and what Microsoft and others are doing to address the hard problems associated with managing and protecting digital identities.

Without great security,
Digital Identity is not worth
the electrons it’s written on
Alex Simons
DirectorofProgramManagement
MicrosoftCorporation

90%
organizations using
Microsoft Active
Directory WW
500M
10Bdaily Microsoft
Account logons
active Microsoft Account users 5.5M
organizations using
Microsoft Azure
Active Directory
>1,000
Microsoft engineers
working on Identity
and Security

The frequency and sophistication of cybersecurity attacks are
escalating
$500B
total potential cost
of cybercrime to the
global economy
$3.5M
average cost of a
data breach to a
company
200+
median # days attackers
reside within a victim’s
network before detection
network intrusions
due to compromised
user credentials
75%+

rule-based detection
static analysis
machine learning
anomaly detection
real-time risk scoring
device profiling
adaptive authentication
conditional access
smart cards
security tokens
OTPs & OATH codes
authenticator apps
biometrics
dedicated teams
threat intelligence
dark web
shared intelligence
bounties
Credential
Hardening
Dynamic
Mitigation
Attack
Intelligence
Advanced
Detection

On premises
In the cloud
Machine Learning
User and Entity Behavior Analytics

Brute force
cameroncameron1cameron2cameron3cameron4cameron5cameron6cameron7cameron8cameron9cameron10cameron11cameron12cameron13cameron14cameron15cameron16cameron17cameron18cameron19cameron25cameron26cameron27cameron28cameron29cameron30cameron31cameron32cameron33cameron34cameron35cameron36cameron37cameron38cameron39cameron40cameron41cameron42cameron43cameron44cameron45cameron46cameron47cameron48cameron49cameron50
ÛÛÛÛÛÛÛÛÛÛÛÛ

Monitoring abuse across tenants
Bad username
IP address: 199.34.28.10
Probable
Penetration
IP address: 199.34.28.10
Bad username
Bad password
Bad password
Bad username
Bad password
Bad username
Bad username
Logon Successful

Anonymizers
IP address: 199.34.28.10
IP address: 199.34.28.10

N
Botnets
192.168.1.10 10.18.91.42 172.16.4.19 192.168.1.12 172.16.11.14 199.34.28.10 192.168.9.5 172.16.21.98 10.129.6.21 172.16.5.2
172.16.42.2 192.168.14.11 172.16.82.14 10.111.4.53 192.168.21.1 10.34.71.5 172.16.87.9 192.168.28.10 172.16.25.6 10.4.221.34
199.34.28.10
199.34.28.10199.34.28.10

Security issues and risks
Broken trust
Weak protocols
Known protocol vulnerabilities

Malicious attacks
Pass-the-Ticket (PtT)
Pass-the-Hash (PtH)
Overpass-the-Hash
Forged PAC (MS14-068)
Golden Ticket
Skeleton key malware
Reconnaissance
BruteForce

Abnormal behavior
Anomalous logins
Remote execution
Suspicious activity
Unknown threats
Password sharing
Lateral movement

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons it’s Written On - Alex Simons

KasperskyOS – Secure Operating System for embedded connected systems with specific requirements for cyber security. KasperskyOS aims to protect software and data systems from the consequences of the intrusion of malicious code, viruses and hacker attacks. These can provoke harmful behavior in any part of the system, potentially resulting in loss or leakage of sensitive data, reduced performance and denial of service. In addition it reduces the risk of harm caused by program bugs, unintentional mistakes or premeditated abuse.

IoT Security: Cases and Methods [CON5446]

Leonardo De Moura Rocha Lima

In developing for IoT, security is not often the highest priority: APIs exposed without care and devices deployed with default passwords become gateways to your network and your data. Many best practices can be used to thwart attacks on your devices, but they have to be thought through from the first architectural design. This session covers many recent IoT attacks, their consequences, and how they could have been prevented. It also explores the many security levels one device can have, from totally exposed to completely secured against physical tampering and identity theft.

IoT security and privacy: main challenges and how ISOC-OTA address them

Radouane Mrabet

Internet Society (ISOC) aims are: make security an integrated function of connected objects and encourages IoT device and service providers for consumers to adopt the Online Trust Alliance (OTA) security and privacy principles ; increase the consumer demand for security and privacy in the IoT devices they purchase; create government policies and regulations that promote better security and privacy features in IoT devices.

Internet of Things Security Patterns

Mark Benson

Presented at Internet of Things Stream Conference 2015 in San Francisco by Mark Benson on April 2nd, 2015. ABSTRACT: The growth of IoT is occurring at an incredible rate, justly raising alarms about security and privacy issues as we become increasingly reliant on these intelligent, interconnected devices in our lives and businesses. How are we to protect billions of devices from attacks and intrusions that could compromise our personal privacy, public safety, or business viability? Building an IoT solution involves securing sensors, devices, networks, cloud platforms, web applications, and mobile applications for diverse industries. This presentation examines the landscape of emerging security challenges posed by connected devices and offers a catalog of security deployment patterns that have been successfully used by some of the world’s most well known OEMs to deploy connected product fleets.

IoT Security: How Your TV and Thermostat are Attacking the Internet

Nathan Wallace, PhD, PE

Space infrastructure has become an integral part of everyday life, with individuals, businesses and governments relying overwhelmingly on it. However, despite the space industry’s technical sophistication, its cybersecurity efforts have lagged behind that of other high-tech sectors. Block Armour has developed a next-gen Zero Trust Cybersecurity solution explicitly designed for connected devices, integrated IoT systems and related communication networks. And, is extending the solution to deliver Zero Trust Cybersecurity for Software-defined Space based Systems.

IoT Security, Mirai Revisited

Clare Nelson, CISSP, CIPP-E

This talk revisits the 2016 Mirai attack which targeted IoT devices including IP cameras, WiFi-connected refrigerators, home routers, and more. The resulting botnet was used to attack Dyn’s DNS platform, which affected many websites including Twitter, SoundCloud, Airbnb, and Spotify. You will learn and discuss the answers to these questions and more: • What is the current state of Mirai and Mirai variants? • What Distributed Denial of Service (DDoS) defenses do you have in place? • How can you prepare to detect and defend against them botnet malware? • What is recommended in the September 2018 NISTIR Draft, Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks.

IoT Security: Cases and Methods

Leonardo De Moura Rocha Lima

Iot Security

MAITREYA MISRA

Ryan Wilson - ryanwilson.com - IoT Security

Ryan Wilson

Security for iot and cloud aug 25b 2017

Ulf Mattsson

Zero Trust Run-time Kubernetes Security made easy with AccuKnox

AccuKnox

Adopting A Zero-Trust Model. Google Did It, Can You?

Zscaler

Security in the Internet of Things

ForgeRock

Iot(security)

Shreya Pohekar

Internet of Things Security

Tutun Juhana

Three ways-zero-trust-security-redefines-partner-access-ch

Zscaler

One of the toughest IT challenges has been figuring out how to allow users to bring their own devices to work while maintaining the security of internal apps. It becomes even more complicated when a good chunk of users are partners, contractors, and other third parties—those who present a disproportionately high security risk. IT teams have begun to leverage a zero trust security strategy that enables third parties and users on unmanaged devices to securely access internal apps. But can such access be accomplished without placing users on the network and without a mobile client?

Privacy and security in IoT

Vasco Veloso

An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.

LoginCat - Zero Trust Integrated Cybersecurity

Rohit Kapoor

Block Armour Unified Secure Access Solution (based on Zero Trust principles)

Block Armour

The rapid adoption of Cloud technology and employees working from home due to Covid-19 has resulted in highly distributed and hybrid IT ecosystems. Cyberattacks are on the rise and legacy tools like VPNs are unable to deliver secure access for today’s modern enterprise-IT environments Block Armour offers a Unified Secure Access solution to provide secure and compliant access to enterprise-IT systems for users working within the office or remotely. The integrated solution - based on Zero Trust principles - delivers secured access to on-prem and Cloud / multi-Cloud based systems It replaces four traditional point products (VPN, NAC, Cloud Firewall, and Multi-Factor Authentication) while additionally delivering next-gen Zero Trust Network Access and Server Protection.

Enabling Data Protection through PKI encryption in IoT m-Health Devices

Charalampos Doukas

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CloudIDSummit

The IAM program needs to align behind the shift towards ITaaS, building the platform for execution and supporting transformation and migration activities. CIOs should keep informed through a relevant IAM capability roadmap in order to make calculated decisions on where investments should be made. Ongoing investments in the IAM program are crucial in order to fill capability gaps, keep up-to-date with support and license agreements and make opportunistic progress on the strategic roadmap. In this talk, Steve discusses recent experiences and lessons learned in preparing for and pitching VMware’s CIO on enterprise IAM program initiatives.

Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit

What's hot

IoT Security Challenges and Solutions

Intel® Software

Security Fundamental for IoT Devices; Creating the Internet of Secure Things

Design World

Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016

David Glover

Zero Trust Cybersecurity for Microsoft Azure Cloud

Block Armour

Next-generation Zero Trust Cybersecurity for the Space Age

Block Armour

IoT Security, Mirai Revisited

Clare Nelson, CISSP, CIPP-E

IoT Security: Cases and Methods

Leonardo De Moura Rocha Lima

Iot Security

MAITREYA MISRA

Ryan Wilson - ryanwilson.com - IoT Security

Ryan Wilson

Security for iot and cloud aug 25b 2017

Ulf Mattsson

Zero Trust Run-time Kubernetes Security made easy with AccuKnox

AccuKnox

Adopting A Zero-Trust Model. Google Did It, Can You?

Zscaler

Security in the Internet of Things

ForgeRock

Iot(security)

Shreya Pohekar

Internet of Things Security

Tutun Juhana

Three ways-zero-trust-security-redefines-partner-access-ch

Zscaler

Privacy and security in IoT

Vasco Veloso

LoginCat - Zero Trust Integrated Cybersecurity

Rohit Kapoor

Block Armour Unified Secure Access Solution (based on Zero Trust principles)

Block Armour

Enabling Data Protection through PKI encryption in IoT m-Health Devices

Charalampos Doukas

What's hot (20)

IoT Security Challenges and Solutions

Security Fundamental for IoT Devices; Creating the Internet of Secure Things

Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016

Zero Trust Cybersecurity for Microsoft Azure Cloud

Next-generation Zero Trust Cybersecurity for the Space Age

IoT Security, Mirai Revisited

IoT Security: Cases and Methods

Iot Security

Ryan Wilson - ryanwilson.com - IoT Security

Security for iot and cloud aug 25b 2017

Zero Trust Run-time Kubernetes Security made easy with AccuKnox

Adopting A Zero-Trust Model. Google Did It, Can You?

Security in the Internet of Things

Iot(security)

Internet of Things Security

Three ways-zero-trust-security-redefines-partner-access-ch

Privacy and security in IoT

LoginCat - Zero Trust Integrated Cybersecurity

Block Armour Unified Secure Access Solution (based on Zero Trust principles)

Enabling Data Protection through PKI encryption in IoT m-Health Devices

Viewers also liked

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CloudIDSummit

Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit

CIS 2016 Content Highlights

CloudIDSummit

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CloudIDSummit

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CloudIDSummit

Viewers also liked (6)

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

Mobile security, identity & authentication reasons for optimism 20150607 v2

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

CIS 2016 Content Highlights

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

Similar to CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons it’s Written On - Alex Simons

Webinar Mastering Microsoft Security von Baggenstos

JenniferMete1

20181115 O365 connect protecting your data in office 365

Arjan Cornelissen

O365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen

NCCOMMS

NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...

Morgan Simonsen

A common trend in today’s cloud based world is identity driven security. As the name implies this makes user identity really important; user identity is now the key to unlock everything. Building the infrastructure to support this trend is very hard; you bear all the responsibilities and can rely on only your own signal data and threat detection. With Azure AD there is a better way! Come join this session to see how Azure AD Identity Protection is using signals from the global Microsoft cloud, Big Data and Machine Learning to protect your users’ accounts, and also how Azure AD Conditional Access makes it easy to enforce application access policies based on things like location and device. We will show you how to set it all up, what works and what doesn’t and how it integrates with other Microsoft protection services in the cloud, and your existing systems. Come and be safe!

20181213 - wazug protecting your data with azure ad

Arjan Cornelissen

Daniel Grabski | Microsofts cybersecurity story

Microsoft Österreich

Mitigating Malware Presentation Jkd 11 10 08 Aitp

Joann Davis

"Evolving Cybersecurity Strategies" - Identity is the new security boundary

Dean Iacovelli

Microsoft 365 Security Overview

Robert Crane

Cisco Security DNA

Matteo Masi

Cisco Digital Network Architecture is based on these pillars 1) Service Virtualisation (eNFV and 3th party hosting) 2) Automation/SDN/Policy based networking 3) Analytics 4) Orchestration 5) Hybrid 6) Open and Programmable 7) Physical and Virtual 8) Software Driven Analytics are key to implement NaaS (Network as a Sensor) and NeeE (Network as Enforcer) https://masimatteo.wordpress.com/2016/06/21/from-we-must-have-a-network-cheap-to-ask-the-network-how-to-reinvent-the-business/

Securely logging to Microsoft 365

Robert Crane

Getting access to your information in Microsoft 365 starts with logging in but is it secure as it could be? Understanding security options at the point of entry like MFA, Legacy Authentication and Conditional Access on all devices is critical to keeping information protected as it is not only you that is trying to log into your account these days! Learn what security technologies you can add at login and the best practices approaches to configuring and monitoring these. Security starts at the doorway to Microsoft 365 and simple configurations can greatly reduce your risks of unauthorised access. Come and learn what can be done.

20171207 we are moving to the cloud what about security

Arjan Cornelissen

20181110 sps leicester connect protecting your data in office 365

Arjan Cornelissen

Cisco Web and Email Security Overview

Cisco Security

The top two attack vectors for malware are email and web browsers. Watering-hole attacks conceal malware on member-based sites and phishing scams can target individuals with personal details. This PPT describes a different security approach to protect against these threats while achieving business growth, efficiency and lowered expenses. The presentation features Cisco Email, Web and Cloud Web Security and covers basic features, offers, benefits, newest features and product integrations. Watch the webinar: http://cs.co/9004BGqvy

The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...

Amazon Web Services

Centrify rethink security brochure

Mark Gibson

Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptx

Matthew Levy

Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats. In today's cybersecurity galaxy, the landscape has become increasingly sophisticated with cybercriminal activities. We need to work together in new ways to protect the cybersecurity of the planet. In this session Matthew will discuss • The threats we need to defend against • The things in our galaxy that need protecting • The Defender suite from Microsoft • The Zero Trust architecture You will learn 5 basic things you should be doing to protect yourself, and that you are not alone in this galaxy because you can leverage the Defender products from Microsoft to defend you're world.

Emerging application and data protection for multi cloud

Ulf Mattsson

Emerging Application and Data Protection for Multi-Cloud Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data - how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.

3 Modern Security - Secure identities to reach zero trust with AAD

Andrew Bettany

Cybersecurity Slides

Jim Kaplan CIA CFE

Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues. In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including: Where are we now and Where are we going? Current Cyberrisks • Data Breach and Cloud Misconfigurations • Insecure Application User Interface (API) • The growing impact of AI and ML • Malware Attack • Single factor passwords • Insider Threat • Shadow IT Systems • Crime, espionage and sabotage by rogue nation-states • IoT • CCPA and GDPR • Cyber attacks on utilities and public infrastructure • Shift in attack vectors

Similar to CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons it’s Written On - Alex Simons (20)

Webinar Mastering Microsoft Security von Baggenstos

20181115 O365 connect protecting your data in office 365

O365Con18 - Protecting your Data in Office 365 - Arjan Cornelissen

NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Micro...

20181213 - wazug protecting your data with azure ad

Daniel Grabski | Microsofts cybersecurity story

Mitigating Malware Presentation Jkd 11 10 08 Aitp

"Evolving Cybersecurity Strategies" - Identity is the new security boundary

Microsoft 365 Security Overview

Cisco Security DNA

Securely logging to Microsoft 365

20171207 we are moving to the cloud what about security

20181110 sps leicester connect protecting your data in office 365

Cisco Web and Email Security Overview

The-Enterprise-Immune-System-Using-Machine-Learning-for-Next-Generation-Cyber...

Centrify rethink security brochure

Defenders of the Galaxy - Protecting the (Cloud) galaxy from threats.pptx

Emerging application and data protection for multi cloud

3 Modern Security - Secure identities to reach zero trust with AAD

Cybersecurity Slides

More from CloudIDSummit

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CloudIDSummit

The Cloud Identity Summit was founded by Ping Identity with support from industry leaders in 2010 to bring together the brightest minds across the identity and security industry. Today the event is recognized as the world’s premier identity industry conference and includes tracks from industry thought leaders, CIOs and practitioners. Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. For more info, go to www.cloudidentitysummit.com. Be apart of the convo on Twitter: @CloudIDSummit + #CISNOLA

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CloudIDSummit

In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism. With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments. How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CloudIDSummit

Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them? In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CloudIDSummit

You'll laugh, you'll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You'll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CloudIDSummit

Companies and researchers are exploring ways to make software and hardware development easier for the masses. Soon you will be able to build your own autonomous drone, create a sensor that assess the watering needs of your plants, and develop a cat tracking device with minimal coding and hardware skills. What is the place of security and privacy in this exciting development? Are we building the next generation of Internet security vulnerabilities right now? In his talk Hannes Tschofenig will highlight challenges with Internet of Things, what role standardization plays, and what contributions ARM, a provider of microprocessor IP, is making to improve IoT security.

CIS 2015 The IDaaS Dating Game - Sean Deuby

CloudIDSummit

The IDaaS (identity as a service) market segment continues to grow in popularity, and the scope of its vendor's capabilities continue to grow as well. It's still not a match for everyone, however. Join identity architect Sean Deuby for an overview of the most popular IDaaS deployment scenarios, scenarios where IDaaS has a tougher time meeting customer requirements, and whether your company is likely to find its perfect IDaaS mate.

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CloudIDSummit

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CloudIDSummit

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CloudIDSummit

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CloudIDSummit

Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CloudIDSummit

Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.

CIS 2015 Identity Relationship Management in the Internet of Things

CloudIDSummit

Devices need owners, people need confidence in device authenticity, data needs to persist in systems long after devices change hands, and access needs to be authorized selectively. That's a lot to ask; even if emerging web identity and security technologies are simpler than the models of yesteryear, IoT devices have complicating limitations when it comes to processing power, memory, user interface, and connectivity. But many use cases span web and IoT environments, so we must try! What are the specific requirements? What elements of web technologies can we borrow outright? What elements may need tweaking?

CIS 2015 The Ethics of Personal Data - Robin Wilton

CloudIDSummit

We're all more conscious than we were 2 years ago, about how much data is collected about us, and how revealing it can be. The commercial and government direction of travel is clear: more data, more mining, more monetization. And if personal data fuels the information economy, who'd want to stop that? But can we get the economic benefits, without selling our digital souls in the process? - Is there a data equivalent to the ""polluter pays"" principle? And if not, is there an alternative? - Ethical data handling sounds great in principle, but can it be practical? - How can organizations put ethical data handling into practice?

CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...

CloudIDSummit

CIS 2015 OpenID Connect and Mobile Applications - David Chase

CloudIDSummit

CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay

CloudIDSummit

DIRECTORY CIS 2015 - Eric Fazendin

CloudIDSummit

How many non-employee users do you store in your on-premise, enterprise directory? In most organizations, the answer is too many. If you need a way to authenticate customers and partners to give them access to applications, but you don't want to be in the business of storing and managing those identities yourself, we have an alternative. Come learn about PingOne's directory, a user directory available to you in the PingOne IDaaS platform.

CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man

CloudIDSummit

When applying multi-factor authentication to your organization, it is highly important to cover all use cases. PingID’s set of integrations, together with PingFederate’s, PingOne’s and PingAccess’ provide you with a wider applications coverage. Come learn about the new enterprise grade VPN, Remote access and SSH integrations and see how easy it is to roll out. In addition, new user authentication methods will be introduced, both mobile App oriented and non-mobile. So all your users can be secured, the easy way.

CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe

CloudIDSummit

Want to configure SSO for your users or improve your utilization of Ping’s services and take advantage of the latest features that Ping Identity has available in our PingFederate and PingOne products? Come learn about improvements in how PingFederate and PingOne work together both in the initial setup phase and the configuration of SSO applications. Come and discover new provisioning capabilities including support for additional applications and an expanded use of SCIM. Additionally, find out about new API enablement functionality of PingOne that focuses on Employee SSO which can be used to automate the setting up of a customer’s connection to PingOne as well as a customer’s application configurations. And more.

CIS 2015 User Managed Access - George Fletcher

CloudIDSummit

As the Internet of Things grows, along with electronic health care records, the need for machine based discovery will grow substantially. One of the problems with standards based discovery today is that it can expose private information which a user might not want exposed. This talk will look at UMA protecting the webfinger discovery specification to create a discovery mechanism that provides user specified authorization policy for access to the discovery information. Issues and gaps will be identified.

More from CloudIDSummit (20)

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CIS 2015 The IDaaS Dating Game - Sean Deuby

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CIS 2015 Identity Relationship Management in the Internet of Things

CIS 2015 The Ethics of Personal Data - Robin Wilton

CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...

CIS 2015 OpenID Connect and Mobile Applications - David Chase

CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay

DIRECTORY CIS 2015 - Eric Fazendin

CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man

CIS 2015 Easy Federation in Cloud and on Premises - Ian Jaffe

CIS 2015 User Managed Access - George Fletcher

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

UiPath Community Day Dubai: AI at Work..

UiPathCommunity

Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking. 📕 Curious on our agenda? Wait no more! 10:00 Welcome note - UiPath Community in Dubai Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank 10:20 A UiPath cross-region MEA overview Ashraf El Zarka, VP and Managing Director MEA, UiPath 10:35: Customer Success Journey Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank 11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more Boris Krumrey, Global VP, Automation Innovation, UiPath 12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services. Brendan Lingam, Director of Sales and Business Development, Marc Ellis

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Accelerate your Kubernetes clusters with Varnish Caching

Thijs Feryn

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

The Future of Platform Engineering

Jemma Hussein Allen

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Epistemic Interaction - tuning interfaces to provide information for AI support

UiPath Community Day Dubai: AI at Work..

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

The Art of the Pitch: WordPress Relationships and Sales

Essentials of Automations: The Art of Triggers and Actions in FME

Accelerate your Kubernetes clusters with Varnish Caching

Pushing the limits of ePRTC: 100ns holdover for 100 days

The Future of Platform Engineering

Climate Impact of Software Testing at Nordic Testing Days

PHP Frameworks: I want to break free (IPC Berlin 2024)

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

UiPath Test Automation using UiPath Test Suite series, part 4

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Quantum Computing: Current Landscape and the Future Role of APIs

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons it’s Written On - Alex Simons

2. Without great security, Digital Identity is not worth the electrons it’s written on Alex Simons DirectorofProgramManagement MicrosoftCorporation

3. 90% organizations using Microsoft Active Directory WW 500M 10Bdaily Microsoft Account logons active Microsoft Account users 5.5M organizations using Microsoft Azure Active Directory >1,000 Microsoft engineers working on Identity and Security

4. The frequency and sophistication of cybersecurity attacks are escalating $500B total potential cost of cybercrime to the global economy $3.5M average cost of a data breach to a company 200+ median # days attackers reside within a victim’s network before detection network intrusions due to compromised user credentials 75%+

5. rule-based detection static analysis machine learning anomaly detection real-time risk scoring device profiling adaptive authentication conditional access smart cards security tokens OTPs & OATH codes authenticator apps biometrics dedicated teams threat intelligence dark web shared intelligence bounties Credential Hardening Dynamic Mitigation Attack Intelligence Advanced Detection

6. On premises In the cloud Machine Learning User and Entity Behavior Analytics

7. Brute force cameroncameron1cameron2cameron3cameron4cameron5cameron6cameron7cameron8cameron9cameron10cameron11cameron12cameron13cameron14cameron15cameron16cameron17cameron18cameron19cameron25cameron26cameron27cameron28cameron29cameron30cameron31cameron32cameron33cameron34cameron35cameron36cameron37cameron38cameron39cameron40cameron41cameron42cameron43cameron44cameron45cameron46cameron47cameron48cameron49cameron50 ÛÛÛÛÛÛÛÛÛÛÛÛ

8. Monitoring abuse across tenants Bad username IP address: 199.34.28.10 Probable Penetration IP address: 199.34.28.10 Bad username Bad password Bad password Bad username Bad password Bad username Bad username Logon Successful

9. Anonymizers IP address: 199.34.28.10 IP address: 199.34.28.10

10. N Botnets 192.168.1.10 10.18.91.42 172.16.4.19 192.168.1.12 172.16.11.14 199.34.28.10 192.168.9.5 172.16.21.98 10.129.6.21 172.16.5.2 172.16.42.2 192.168.14.11 172.16.82.14 10.111.4.53 192.168.21.1 10.34.71.5 172.16.87.9 192.168.28.10 172.16.25.6 10.4.221.34 199.34.28.10 199.34.28.10199.34.28.10

11.

12. Security issues and risks Broken trust Weak protocols Known protocol vulnerabilities

13. Malicious attacks Pass-the-Ticket (PtT) Pass-the-Hash (PtH) Overpass-the-Hash Forged PAC (MS14-068) Golden Ticket Skeleton key malware Reconnaissance BruteForce

14. Abnormal behavior Anomalous logins Remote execution Suspicious activity Unknown threats Password sharing Lateral movement

15. http://aka.ms/aadtrial

16. http://aka.ms/atatrial

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons it’s Written On - Alex Simons

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (6)

Similar to CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons it’s Written On - Alex Simons

Similar to CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons it’s Written On - Alex Simons (20)

More from CloudIDSummit

More from CloudIDSummit (20)

Recently uploaded

Recently uploaded (20)

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons it’s Written On - Alex Simons