This presentation on Continuous Monitoring was created by Bryce Schroeder, who leads Tripwire's global presales engineering team at Tripwire.
He has over 29 years of IT architectural and security expertise solving Enterprise challenges. Bryce joined Tripwire from NetApp where he led a team of Architects and Systems Engineering in enterprise Cloud infrastructure solutions.
Numerous articles on Continuous Monitoring can be found here:
http://www.tripwire.com/state-of-security/tag/continuous-diagnostics-and-mitigation/
Achieving Continuous Monitoring with Security AutomationTripwire
This presentation provides:
An overview of continuous monitoring
Discusses federal requirements for continuing monitoring
Explains why it is critical for risk mitigation
Describes an effective continuous monitoring strategy that brings together data from different security controls in one place
Watch the webcast here: http://www.tripwire.com/register/achieving-continuous-monitoring-easily-with-security-automation/
Developing a Continuous Monitoring Action PlanTripwire
At the direction of OMB and NIST, security and IT pros in federal government must develop plans to implement "continuous monitoring," the practice of using IT security controls to constantly monitor and manage the security status of their information systems and networks. The transition from static security to continuous monitoring requires a new approach to IT security, and IT teams must devise a strategy and roadmap to be successful.
In this editorial Webcast, cybersecurity experts will help discuss the tools and processes involved in moving from a traditional security environment to one designed around continuous monitoring. This Webcast will help government IT pros:
Understand the objectives of continuous monitoring, such as reduced threat exposure through real time risk assessment and response.
Identify the steps involved, including determining the security impact of changes to IT systems and producing assessment reports.
Assess system requirements in areas such as malware detection and event and incident management.
Determine the need for upgrades and investment in new technologies.
"Backoff" Malware: How to Know If You're InfectedTripwire
The US-CERT organization recently updated its Alert TA14-212A, which warns that Point-of-Sale (POS) memory-scraping malware has been found in 3 separate forensic investigations. The Secret Service estimates over 1000+ businesses of all types that accept credit card transactions may be affected. Most may not know it yet.
Join us to learn key “Indicators of Compromise” (IOCs) for Backoff, and what you can do about it.
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
For many energy companies, readying for compliance with the latest version of NERC Critical Infrastructure Protection (CIP) standards, whether they be v5, v6, v7 or beyond is not the first priority – delivering reliable energy to the BES is. So, how does a company deal not only with the impending changes of CIP v5, but do so in a manner that best positions them for compliance with future versions and secures their cyber environment?
Join our live webcast on Thursday February 5 to hear from ICF, Tripwire, and AssurX industry experts who are helping organizations already grappling with the new and upcoming CIP requirements, implementing a risk based approach, the steps they are taking to get ahead of the curve, and addressing the uncertainty.
Key Takeaways - Regarding Readiness for NERC CIPv5 (and beyond):
•Best approaches for achieving compliance in a changing environment. (i.e. v5, v6, v7).
•How to save time, resources, and achieve automation with practical guidance on compliance efforts for current and future CIP requirements.
•Practical highlights and key controls from those already working on the most pressing issues.
The complexities of NERC CIP-007-5 Requirement 1 (R1) make this one of the most violated requirements in all the NERC standards. NERC CIP-007-5 is the standard focused on Systems Security Management. R1 is intended to minimize the attack surface of critical systems by disabling or limiting access to unnecessary network accessible logical ports and services. For most electric utilities, meeting the mandatory controls of this requirement is an incredibly tedious and labor-intensive effort.
Tripwire has a unique whitelisting profiler extension that can automate monitoring ports, services, user accounts, software, and other requirements within NERC CIP-007-05-R1. Join Robert Held, Senior Systems Engineer, as he live-demos how customer sites are saving man-years of effort in preparing and automating for their audits. Also joining to share their customer experience will be Marc Child, CISSP , Information Security Program Manager at Great River Energy.
Key Takeaways:
-Understand what CIP-007-5-R1 means to your organization
-Learn how to automate the processes required for assessing High and Medium Impact Cyber Assets
-Get audit-ready “Evidence of Compliance” reporting to provide auditors with what they need
-Hear how Marc Child at Great River Energy uses the whitelisting profiler for security and compliance
Achieving Continuous Monitoring with Security AutomationTripwire
This presentation provides:
An overview of continuous monitoring
Discusses federal requirements for continuing monitoring
Explains why it is critical for risk mitigation
Describes an effective continuous monitoring strategy that brings together data from different security controls in one place
Watch the webcast here: http://www.tripwire.com/register/achieving-continuous-monitoring-easily-with-security-automation/
Developing a Continuous Monitoring Action PlanTripwire
At the direction of OMB and NIST, security and IT pros in federal government must develop plans to implement "continuous monitoring," the practice of using IT security controls to constantly monitor and manage the security status of their information systems and networks. The transition from static security to continuous monitoring requires a new approach to IT security, and IT teams must devise a strategy and roadmap to be successful.
In this editorial Webcast, cybersecurity experts will help discuss the tools and processes involved in moving from a traditional security environment to one designed around continuous monitoring. This Webcast will help government IT pros:
Understand the objectives of continuous monitoring, such as reduced threat exposure through real time risk assessment and response.
Identify the steps involved, including determining the security impact of changes to IT systems and producing assessment reports.
Assess system requirements in areas such as malware detection and event and incident management.
Determine the need for upgrades and investment in new technologies.
"Backoff" Malware: How to Know If You're InfectedTripwire
The US-CERT organization recently updated its Alert TA14-212A, which warns that Point-of-Sale (POS) memory-scraping malware has been found in 3 separate forensic investigations. The Secret Service estimates over 1000+ businesses of all types that accept credit card transactions may be affected. Most may not know it yet.
Join us to learn key “Indicators of Compromise” (IOCs) for Backoff, and what you can do about it.
Stop Chasing the Version: Compliance with CIPv5 through CIPv99 Tripwire
For many energy companies, readying for compliance with the latest version of NERC Critical Infrastructure Protection (CIP) standards, whether they be v5, v6, v7 or beyond is not the first priority – delivering reliable energy to the BES is. So, how does a company deal not only with the impending changes of CIP v5, but do so in a manner that best positions them for compliance with future versions and secures their cyber environment?
Join our live webcast on Thursday February 5 to hear from ICF, Tripwire, and AssurX industry experts who are helping organizations already grappling with the new and upcoming CIP requirements, implementing a risk based approach, the steps they are taking to get ahead of the curve, and addressing the uncertainty.
Key Takeaways - Regarding Readiness for NERC CIPv5 (and beyond):
•Best approaches for achieving compliance in a changing environment. (i.e. v5, v6, v7).
•How to save time, resources, and achieve automation with practical guidance on compliance efforts for current and future CIP requirements.
•Practical highlights and key controls from those already working on the most pressing issues.
The complexities of NERC CIP-007-5 Requirement 1 (R1) make this one of the most violated requirements in all the NERC standards. NERC CIP-007-5 is the standard focused on Systems Security Management. R1 is intended to minimize the attack surface of critical systems by disabling or limiting access to unnecessary network accessible logical ports and services. For most electric utilities, meeting the mandatory controls of this requirement is an incredibly tedious and labor-intensive effort.
Tripwire has a unique whitelisting profiler extension that can automate monitoring ports, services, user accounts, software, and other requirements within NERC CIP-007-05-R1. Join Robert Held, Senior Systems Engineer, as he live-demos how customer sites are saving man-years of effort in preparing and automating for their audits. Also joining to share their customer experience will be Marc Child, CISSP , Information Security Program Manager at Great River Energy.
Key Takeaways:
-Understand what CIP-007-5-R1 means to your organization
-Learn how to automate the processes required for assessing High and Medium Impact Cyber Assets
-Get audit-ready “Evidence of Compliance” reporting to provide auditors with what they need
-Hear how Marc Child at Great River Energy uses the whitelisting profiler for security and compliance
INFOSECFORCE Risk Management Framework Transition PlanBill Ross
7 slide briefing showing the migration from DIACAP to the Risk Management Framework. It also shows the idea and synchronization between RMF and continuou monitoring. PCI should adopt this framework.
People are a critical factor in any cyber security imitative. In this session we will cover the roles and responsibilities defined by NIST for the Risk Management Framework (RMF). This is third in a series on NIST’s Risk Management Framework (RMF). This session covers topics in (ISC)2 CAP certification, FISMA, Certification and Accreditation, DIACAP, and DIARMF.
Presentation to Nov 2015 "Chicago Security Intelligence with SIEM" meetup.
Overview of SIEM as part of Continuous Monitoring in the NIST CyberSecurity framework.
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Managementdanphilpott
Presented in the ACT/IAC Information Security and Privacy SIG webinar focused on presenting the updated FISMA security requirements described in NIST SP 800-37r1. The other presenters were Ron Ross of NIST and Patti Titus of Unisys.
Meeting the True Intent of File Integrity MonitoringTripwire
Today, organizations simply use file integrity monitoring (FIM) to meet one of the many regulations, like PCI, that require it. But for most, the term “FIM” has become synonymous with “noise” due to the volume of change data it indiscriminately produces. Learn what true FIM is, and why it’s still critical for security and compliance.
Whitepaper here: http://www.tripwire.com/register/meeting-the-true-intent-of-file-integrity-monitoring/
Building a Business Case for Credentialed Vulnerability ScanningTripwire
To Authenticate or Not to Authenticate? Understand how to use Tripwire IP360 Deep Reflex Testing (DRT) credentialed scanning for a truer picture of endpoint vulnerability and security posture.
INFOSECFORCE Risk Management Framework Transition PlanBill Ross
7 slide briefing showing the migration from DIACAP to the Risk Management Framework. It also shows the idea and synchronization between RMF and continuou monitoring. PCI should adopt this framework.
People are a critical factor in any cyber security imitative. In this session we will cover the roles and responsibilities defined by NIST for the Risk Management Framework (RMF). This is third in a series on NIST’s Risk Management Framework (RMF). This session covers topics in (ISC)2 CAP certification, FISMA, Certification and Accreditation, DIACAP, and DIARMF.
Presentation to Nov 2015 "Chicago Security Intelligence with SIEM" meetup.
Overview of SIEM as part of Continuous Monitoring in the NIST CyberSecurity framework.
FISMA NextGen - Continuous Monitoring, Near Real-Time Risk Managementdanphilpott
Presented in the ACT/IAC Information Security and Privacy SIG webinar focused on presenting the updated FISMA security requirements described in NIST SP 800-37r1. The other presenters were Ron Ross of NIST and Patti Titus of Unisys.
Meeting the True Intent of File Integrity MonitoringTripwire
Today, organizations simply use file integrity monitoring (FIM) to meet one of the many regulations, like PCI, that require it. But for most, the term “FIM” has become synonymous with “noise” due to the volume of change data it indiscriminately produces. Learn what true FIM is, and why it’s still critical for security and compliance.
Whitepaper here: http://www.tripwire.com/register/meeting-the-true-intent-of-file-integrity-monitoring/
Building a Business Case for Credentialed Vulnerability ScanningTripwire
To Authenticate or Not to Authenticate? Understand how to use Tripwire IP360 Deep Reflex Testing (DRT) credentialed scanning for a truer picture of endpoint vulnerability and security posture.
Network Situational Awareness using Tripwire IP360Tripwire
Learn how to use Tripwire IP360 to find the devices on your network that you know about, as well as the devices you don’t know about. View this presentation to learn how Tripwire IP360 helps you discover and inventory devices, the systematic process Tripwires IP360 uses to profile hosts, and how to extend the scope of Tripwire IP360 discovery scans at no additional cost.
Survival of the Fittest: How to Build a Cyber Resilient OrganizationTripwire
Cyber threats are growing increasingly complex, and with the explosion of the internet of things (IoT), organizations need to take steps to protect themselves and their customers. Intel has projected there will be over 200 billion IoT devices by 2020, and online data volumes are expected to grow up to 50 times what they are today. Infotech and security leaders are now evaluating a new cyber resilient architecture that can adapt and scale with rapid business digitalization and new IT models. Simplifying the security stack is no longer just a cost-saving priority – with cybercrime threatening to cost $6 trillion by 2021, it is also a prerequisite for uninterrupted visibility, responsiveness and resilience.
In this webinar, guest speaker Jeff Pollard, Principal Analyst at Forrester, and David Meltzer, Chief Technology Officer at Tripwire, discuss the growing challenges of cyber threats and share steps you can take now to build a cyber resilient organization.
Topics include:
-How to identify and cut the technology bloat in your security operations.
-Challenges and opportunities as IT transitions from on-premise to in the cloud.
-Eliminating blind spots and dark spots for uninterrupted visibility, regardless of the endpoint or its location.
-How to re-evaluate strategic planning so that you can align your security programs to new business models.
Keep Your Guard: Stay Compliant and Be SecureTripwire
NERC CIPv6’s deadline has come and gone and yet there are many organizations still struggling to stay compliant. While maintaining continuous compliance is a daunting task, compliance does not equal security. Assuring your environment is not compromised with a security breach that brings critical infrastructure down is a top priority. Over 295 incidents on Industrial Control Systems (ICS) were cited in 2015 (ICS-CERT) and most were in energy and manufacturing sectors.
8 Tips on Creating a Security Culture in the WorkplaceTripwire
October is National Cyber Security Awareness Month (NCSAM). We asked experts in the field how companies can motivate their workforce to help strengthen their IT security posture. Read the full article on The State of Security here: http://tripwire.me/2d2INVY
Implementing IT changes is imperative to the infrastructure of a business, but it can also open the door to breaches, viruses and malware, such as ransomware. So, how can organizations manage change effectively, maintain compliance and still reduce security risk? One answer lies in change management across your IT systems.
Jeff Lawson, Sr. Director, Product Management at Tripwire, and Geoff Hancock, Principal at Advanced Cybersecurity Group, cover:
-How IT operations and security teams can cooperate to improve IT stability and reduce security risk.
-How to reduce risks associated with poor configuration management.
-How leveraging Tripwire Enterprise for change detection enhances your change control process and keeps your systems, and organization, operating effectively and securely.
Marshall Bowen shares some of his best advice when it comes to situational awareness and being on your toes in different situations. Enjoy the slideshow & please feel free to share! Thank you for viewing.
Tripwire is a reliable intrusion detection system. It is a software tool that checks to see what has changed in your system. It mainly monitors the key attribute of your files; by key attribute we mean the binary signature, size and other related data. Security and operational stability must go hand in hand; if the user does not have control over the various operations taking place, then naturally the security of the system is also compromised. Tripwire has a powerful feature which pinpoints the changes that has taken place, notifies the administrator of these changes, determines the nature of the changes and provide you with information you need for deciding how to manage the change.
Tripwire Integrity management solutions monitor changes to vital system and configuration files. Any changes that occur are compared to a snapshot of the established good baseline. The software detects the changes, notifies the staff and enables rapid recovery and remedy for changes. All Tripwire installation can be centrally managed. Tripwire software’s cross platform functionality enables you to manage thousands of devices across your infrastructure.
Security not only means protecting your system against various attacks but also means taking quick and decisive actions when your system is attacked.
First of all we must find out whether our system is attacked or not, earlier system logs are certainly handy. You can see evidences of password guessing and other suspicious activities. Logs are ideal for tracing steps of the cracker as he tries to penetrate into the system. But who has the time and the patience to examine the logs on a daily basis??
This presentation gives a very short introduction to security situational awareness. It shows what the state of the art in security visualization is and where there are challenges to be solved. The presentation also features a visualization maturity scale that is published here for the first time.
This presentation was given
Learn how Tripwire helps you to discover the assets on your network and quickly identify and tag the vulnerable assets while applying the appropriate policies and remediation to improve your security posture and efficiencies while reducing the overall cost to your organization.
In this presentation, Tripwire’s CTO, Dwayne Melançon, discusses how vulnerability scanning can produce vulnerability intelligence, and how that intelligence can be integrated with other sources of context from within information security to produce more effective and efficient detection, response and prevention.
A brief discussion of network security and an introduction to cryptography. We end the presentation with a discussion of the RSA algorithm, and show how it works with a basic example.
Navigating the complex Risk Management Framework (RMF) requirements can be daunting. Learn best practices and gain a better understanding of NIST's RMF.
This presentation simplifies Cloud, Cloud Security and Cloud Security Certifications. This includes the following:
- Understanding Cloud
- Understanding Cloud Security using the Risk Management and Cloud Security Control Frameworks
- Cloud Security Certifications
- Key Definitions
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxInfosectrain3
The CompTIA Cybersecurity Analyst+ (CySA+) certification exam requires you to know how to use tools and resources to monitor activities so that you can observe what’s going on and what the apps and users are doing, as well as how the system is working, and there are a variety of tools you may use to do so.
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
Slides from training session "Chef's tour of the Security Adoption Framework" by Mark Simos at Tampa BSides training day on 5 April 2024
This session provides a view of end to end security following Zero Trust principles (and how Microsoft guides customers through this modernization journey)
CompTIA CySA+ domains and their Weightage.pptxInfosectrain3
CompTIA CySA+ is an acronym for Computing Technology Industry Association (CompTIA) CyberSecurity Analysts (CySA). It is an intermediate-level certification that is awarded by CompTIA to professionals who apply behavioral analytics to detect, prevent, and combat cybersecurity threats by continuous monitoring.
Jonathan Pollet and Mark Heard of Red Tiger Security at S4x15 OTDay.
The NIST Cybersecurity Framework (CSF) has been out for a year now, and some owner/operators have begun to use it to help create an ICS cyber security program. The Red Tiger Security team discusses what the CSF is and there experience in using it with real world clients.
Control Cyber Feared Events and Risks
- Quick! Automated simulations to detect risk signals
- Consistent! Repeatable testing, emphasising diversity, complexity and people
- Actionable! Better decisions, making sense of complexity
CyPHA enables the secure design and operation of resilient Critical National Infrastructure & Industrial Infrastructure
Setting up your compliance program at the corporate level.
Conducting Rapid - Low Fidelity Assessment for generating SPRS Scores.
Developing a completed SSP (System Security Plan).
How and why to create a POA&M (Plan of Actions & Milestones)
CCI2018 - La "moderna" Sicurezza informatica & Microsoftwalk2talk srl
Microsoft è diventata oramai la più grande azienda di cybersecurity al mondo per quantità annua di investimenti.
E infatti la sicurezza è o dovrebbe essere oggi la maggior preoccupazione delle aziende che affrontano la trasformazione digitale.
Oggi grazie a questi continui investimenti Microsoft ci mette a disposizione alcuni tra gli strumenti più evoluti ed innovativi per incidere effettivamente sui tre fondamentali pilastri della sicurezza:
•contrasto a software ed azioni malevoli
•protezione delle identità
•protezione dei dati
Avete mai sentito parlare di Intelligent Security Graph con Application Guard, Credential Guard, Device Guard, Windows Defender, Advanced Threat Analytics, Advanced Threat Protection, Threath Intelligence, Cloud App Security, Microsoft Intune, MFA....?
In questa sessione cercheremo di "presentare" tutte queste tecnologie introducendone caratteristiche e funzionalità!
By Giampiero Cosainz
This presentation provides an overview of the NIST SP 500-299 NIST Cloud Computing Security Reference Architecture. It includes a brief description of the Cloud Computing Architecture, its services along with the required Risk Management activities.
Cloud Security using NIST guidelines, using NIST Cloud Computing Security Reference Architecture
(NIST SP 500-299), NIST Cloud
Computing Reference Architecture (NIST SP 500-292), NIST's Guide for Applying the Risk Management Framework to Federal Information Systems (NIST SP 800-37)
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
World's #1 SIEM technology in GRC (Governance, Risk, Compliance). QRadar Risk Manager provides organizations with a pre-exploit solution that allows network security professionals to assess what risks exist during and after an attack, while also answering many "What if?" questions ahead of time, which can greatly improve operational efficiency and reduce network security risks.
RiskWatch for Physical & Homeland Security™CPaschal
RiskWatch for Physical and Homeland Security™ assists the user in conducting automated risk analyses, physical security reviews, audits and vulnerability assessments of facilities and personnel. Security threats addressed include crimes against property, crimes against people, equipment of systems failure, terrorism ,natural disasters, fire and bomb threats. Question sets include entry control, perimeters, fire, facilities management, guards, including a specialized set of questions for the maritime/shipping industry. New ASP functionality allows the organization in question to put the entire questionnaire process on it\'s server, where users can easily log in by ID # and answer questions appropriative to their job. From there, all answers are instantly imported into the RiskWatch for Physical and Homeland Security™ program.
Similar to Continuous Monitoring: Getting Past Complexity & Reducing Risk (20)
Key Challenges Facing IT/OT: Hear From The ExpertsTripwire
When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning.
However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!
As online sales surge, retail cybersecurity professionals are taking additional precautions to protect their organizations and their customers’ data. On top of this, the COVID-19 pandemic has driven even more consumers to turn to online shopping. Tripwire worked with Dimensional Research to better understand cybersecurity programs in the retail industry as they prepared for the holiday season.
Download the full report here: https://www.tripwire.com/solutions/solutions-by-industry/retail-and-hospitality/retail-holiday-cybersecurity-survey-report
Tripwire recently examined how organizations are experiencing the cybersecurity impacts of COVID-19 and shifts to working from home. Dimensional Research conducted the survey, which included responses from 345 IT security professionals, in April 2020. Check out some of the key findings from the survey.
Industrial Cybersecurity: Practical Tips for IT & OT CollaborationTripwire
How can IT and OT teams work together effectively to secure the entire infrastructure? We asked industry experts for their top tips. Read their full responses here: https://www.tripwire.com/state-of-security/ics-security/it-collaborate-ics-security/
Tripwire 2019 Skills Gap Survey: Key FindingsTripwire
The skills gap remains one of the biggest challenges for the cybersecurity industry. To gain more perspective on what organizations are experiencing, Tripwire partnered with Dimensional Research to survey 336 security professionals on this issue. For additional key findings, visit: https://www.tripwire.com/state-of-security/security-awareness/security-pros-skills-gap-worsened/
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
Major healthcare providers are tasked with protecting patient data and maintaining complex security compliance requirements enforced through rigorous audits. Mercy Health, a major Midwestern hospital system, became a Tripwire customer in 2013. Using Tripwire technology, they created a successful IT service by integrating their ITSM tool, streamlining their reporting process and more.
Mercy Health and Tripwire show you how to:
-Implement effective change management
-Strengthen security in Epic records systems
-Streamline the audit process
Tripwire State of Cyber Hygiene 2018 Report: Key FindingsTripwire
Tripwire examined how organizations are implementing security controls that the Center for Internet Security (CIS) refers to as "Cyber Hygiene." The survey, conducted in July in partnership with Dimensional Research, included responses from 306 IT security professionals.
Read the full report here: https://www.tripwire.com/misc/state-of-cyber-hygiene-report-register/?referredby=socialmedia/
Defend Your Data Now with the MITRE ATT&CK FrameworkTripwire
MITRE is a not-for-profit organization that operates federally-funded research and development centers. Their ATT&CK framework is a useful cybersecurity model illustrating how adversaries behave and explaining the tactics you should use to mitigate risk and improve security. ATT&CK stands for “adversarial tactics, techniques and common knowledge.”
This presentation explores a methodology for pairing proven industry frameworks like MITRE ATT&CK with threat modeling practices to quickly detect and respond to cyber threats. With this approach, industrial organizations can slice their infrastructure into smaller components, making it easier to secure their assets and minimize the attack surface.
Takeaways include how to:
-Make the most out of their threat intelligence feeds
-Report on progress and compliance
-Negotiate trust relationships in the intelligence sharing cycle
-Improve their organization’s overall security posture
Defending Critical Infrastructure Against Cyber AttacksTripwire
In our increasingly connected world, networks of machines help critical infrastructure run more efficiently and prevent downtime. However, systems which were once isolated are now being exposed to digital security threats that operators never considered.
Joseph Blankenship of Forrester Research and Gabe Authier of Tripwire discuss the evolving threat landscape and how we can protect these critical assets from cyber threats.
Topics covered include:
-Examples of some of the most recent cyber-attacks to critical infrastructure
-Why traditional IT security approaches won't work
-Recommended approaches for securing critical infrastructure
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
3. Sr. Director of Systems Engineering
Bryce leads the global presales engineering team
at Tripwire. He has over 29 years of IT
architectural and security expertise solving
Enterprise challenges. Bryce joined Tripwire from
NetApp where he led a team of Architects and
Systems Engineering in enterprise Cloud
infrastructure solutions. Prior to NetApp, Bryce
served in senior leadership roles at Symantec, Sun
Microsystems and Tektronix. Previous to that he
bschroeder@tripwire.com held system admin and hardware and software
design roles.
4.
5. 2013
2011
2010
2007
2005
1997
Tripwire
File System
Monitoring
Tripwire
Enterprise
Integrated
Change Audit for
Servers, Network
Devices, DataBases & Active
Directory
Configuration
Assessment
Industry’s
largest library
of security,
regulatory and
operational
policies
Log and
Security Event
Management
Integrated log
and event
management
solution
Thoma Bravo
acquires
Tripwire
Accelerates
Tripwire’s
Creating Real
Confidence
vision
Tripwire acquires
nCircle
Delivers the
Industry’s most
complete set of
foundational
security controls
for the enterprise –
SCM, VA, FIM, LM
6. 100
10 Million
Foreign Intelligence organizations trying
to hack into our military’s digital networks
Cyber attacks daily at Department of Energy
100K’s
Attack surface and amount of data is increasing
400%+
Increase of cyber attacks since 2006
80%
Attacks leveraging known vulnerabilities & configuration
setting weaknesses
7. NIST SP 800-137
• Defines base requirements for CM
NIST SP 800-53
• Describes automated inspection items (controls) for security
• Aids automated Security Configuration Management strategy
NERC / FERC CIP
• Requirements for Federal Energy Critical Infrastructure
Protection
ISO / IEC 27001
• Framework for continuous process improvement in
information security
FISMA / FISMA 2
• Includes CM for configuration management and control of
components; impact analysis of changes to systems, and
ongoing assessment of security controls
12. • Aligned with RMF (NIST 800-37) and CM requirements
(NIST SP 800-137)
Start
SP800-137
Monitor Security
State
Authorize
Information System
Categorize
Information System
Select Security
Controls
NIST
Risk Management
Framework
SP800-37
Implement Security
Controls
Assess Security
Controls
19. • Aligned with RMF (NIST 800-37) and CM requirements
(NIST SP 800-137)
Start
SP800-137
Monitor Security
State
Authorize
Information System
Categorize
Information System
Select Security
Controls
NIST
Risk Management
Framework
SP800-37
Implement Security
Controls
Assess Security
Controls
20.
21. Act on priorities from the Categorize Assets step
Prioritize
Monitor and alert based on relative value of
Assets
High, Moderate, Low impact
DMZ, Mission X, Processing, etc…
Categorize logically and by criticality
Benefits of Categorization
Easier to make risk-based decisions
Risks are easier to determine knowing
the mission the asset supports
Enables rapid triage during incident response
22. Determine
Risk
Threshold
Identify and apply your scoring methods
OCTAVE, CAESARS, iPOST, iRAMP, etc.
Map thresholds to policies
and assign weights to control checks
Example of Policy Thresholds
<50% Do Not Operate
<80% System should go through preplanning
>80% Operational
Assign weights for control test items - weights affect the
Risk scoring
Example:
HIGH - Administrator set to blank or default password
LOW – Users are part of a remote desktop group
30. Configuration Quality:
% of configurations compliant with target security standards (risk-aligned)
i.e. >95% in High; >75% in Medium
number of unauthorized changes with security impact (by area)
patch compliance by target area based on risk level
i.e. % of systems patched within 72 hours for High; within 1 week for Medium
Control effectiveness:
% of incidents detected by an automated control
% of incidents resulting in loss
mean time to discover security incidents
% of changes that follow change process
And of course, I recently completed this chart and a detailed sub-control mapping across our blended product line. What I like about this chart is the NSA rankings and how they rank with the first four CSC as well. This is impactful. When the NSA, SANS, and mappings to both NIST and ISO support working on the first four CSC to get you significantly down the road to improved cybersecurity – AND it aligns with 2013 FISMA metrics. It’s not a bad place to start.
Another approach is what we call ‘Traditional Configuration Assessment,’ which can bring you up to compliance rapidly, but if changes happen after, you have no visibility or control of those changes, and it’s only when you do another scan where you will get back into compliance. And even the highest performing organizations do these ‘mega-scans’ once a month at best! The frequency of assessing IT configurations opens the door to risk and potential security breaches.
When you’re looking for a continuous monitoring solution – you need to consider a solution that enables 4 very specific capabilities.
Is it a critical asset? Medical system?
You need intelligent information to make risk-based decisions.
You cannot “turn on” continuously monitoring or real-time on everything. So you need to choose the frequency.
You need to feed that information to your authorizing official
Support the businessBe controllableIf you can't influence it, why report on it?Be quantitativeBe easy to collect and analyzeIf it takes 3 weeks to gather data you report on monthly, something is wrongToo hard to gather & interpretReporting too oftenSubject to trendingMetrics must be changeable - Things you report on will changeYour targets will change
So those are some of the things are going right. But let's take a look at what isn't going as well.In organizations that are stuck or stall, here are some of the things that tend to slow them down.The 1st is the use of what I referred to as a boil the ocean approach. In other words trying to do too much across too broad of a landscape of your business. Rather than trying to solve every risk problem in the organization pick one or 2 key areas, that relate to one or 2 key business processes, and start there. Remember, non-technical executives tend to think of things in terms of revenue, costs, customer satisfaction, fulfillment, or other key processes in the business. Figure out what the most important process is, what the biggest risk is that's facing that particular area, then identify what you can do from an IT risk perspective to mitigate that risk. If you're successful, those early winds can make it a lot easier to move onto future phases of your projects.Another problem I've seen is when the discussion goes to granular or too geeky very quickly. Executives have short attention spans so keep it high level, and get to the point quickly.Closely related to this, is when there is no buy-in from other parts of the organization. This can be very frustrating because it often looks like a superhero in the IT organization trying to take on the rest of the organization, and force them to adopt a risk oriented focus. If you don't have by and, you're not ready to start executing.The most effective place to get support, is as high in the organization as you can manage. I mentioned tone at the top before. If you're trying to embark on a risk management project to get risk management adopted across your organization, make sure you have an executive sponsor. This is generally either the CEO or someone reporting to the CEO in your organization.We've talked a bit about this one already, but I've also seen ineffective metrics or a complete lack of metrics, stall risk management efforts. I'll get to that in a minute.Finally as I mentioned before, too many organizations are focused on cost as the primary focus of the risk management and security programs. This has got to change.
Explain the roles and responsibilities of individuals in IT security, IT and the business organization have in implementing a continuous monitoring.
Investigating and adopting a repeatable frameworkFAIR, OCTAVE, OVAL, CAESARS, ISO, etc.Applying risk ranking/scoring methodsEngaging cross-functional “steering committees” to examine various risksStrategic & Operational, Information Security, Financial, Employment Practices, Intellectual Property, Physical, Legal, Regulatory, etc.Prioritizing projects, actions, and investments to bias toward areas of highest risk and impactEstablishing Key Risk Indicators (KRI’s) and Key Risk Objectives (KRO’s) to measure progress