Learn how Cedar is leveraging Detections-as-Code with Panther to build high-signal alerts to gain visibility into user activity, suspicious behaviors, and unauthorized data sharing.
Taking Action on Your Security Alerts with Panther and Tines Panther Labs
Learn how to craft high-value alerts in Panther that trigger robust remediation workflows in the industry’s leading no-code security automation platform, Tines.
Learn how to improve cloud security posture by using pre-built policies or writing custom policies. Perform real-time continuous monitoring of cloud infrastructure.
Detecting s3 breaches with panther slide deckKartikey Pandey
Jack Naglieri, founder and CEO of Panther, presented on detecting S3 breaches. Panther provides end-to-end visibility and real-time monitoring of security logs and cloud resources like S3. Naglieri discussed options for monitoring S3 like using CloudTrail or S3 server access logs, and outlined goals like understanding S3 security posture and detecting insecure access. He demonstrated example log formats and provided open source policies for improving security of S3 buckets through configurations like encryption and access controls. Recaps included choosing monitoring options based on needs, ensuring proper bucket configurations, and turning on logging to detect threats.
End-to-End Security Analytics with the Elastic StackElasticsearch
Interested in staying ahead of the adversary in a shifting security landscape? Learn how to create a centralized security analytics platform with the speed and scale you need for ad hoc analysis during threat detection and hunting exercises.
We’ve got more assets in the cloud than ever. Unfortunately, we also have less visibility and control in these environments, as well. Implementing detection and response controls that leverage cloud provider tools and controls, as well as automation strategies and processes, is critical for effective incident detection and response in hybrid cloud environments. This session will get you started!
(Source: RSA Conference USA 2018)
Taking Action on Your Security Alerts with Panther and Tines Panther Labs
Learn how to craft high-value alerts in Panther that trigger robust remediation workflows in the industry’s leading no-code security automation platform, Tines.
Learn how to improve cloud security posture by using pre-built policies or writing custom policies. Perform real-time continuous monitoring of cloud infrastructure.
Detecting s3 breaches with panther slide deckKartikey Pandey
Jack Naglieri, founder and CEO of Panther, presented on detecting S3 breaches. Panther provides end-to-end visibility and real-time monitoring of security logs and cloud resources like S3. Naglieri discussed options for monitoring S3 like using CloudTrail or S3 server access logs, and outlined goals like understanding S3 security posture and detecting insecure access. He demonstrated example log formats and provided open source policies for improving security of S3 buckets through configurations like encryption and access controls. Recaps included choosing monitoring options based on needs, ensuring proper bucket configurations, and turning on logging to detect threats.
End-to-End Security Analytics with the Elastic StackElasticsearch
Interested in staying ahead of the adversary in a shifting security landscape? Learn how to create a centralized security analytics platform with the speed and scale you need for ad hoc analysis during threat detection and hunting exercises.
We’ve got more assets in the cloud than ever. Unfortunately, we also have less visibility and control in these environments, as well. Implementing detection and response controls that leverage cloud provider tools and controls, as well as automation strategies and processes, is critical for effective incident detection and response in hybrid cloud environments. This session will get you started!
(Source: RSA Conference USA 2018)
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
The increasing mobility of professional users has brought an end to the traditional corporate security perimeter. Google has reinvented its security perimeter around devices through its groundbreaking "BeyondCorp" initiative. In this talk, two Google security leaders will share how this transformation took place, where it's headed and how you can apply this approach to your organization.
(Source: RSA Conference USA 2017)
Save Time and Act Faster with PlaybooksThreatConnect
Ingesting threat data, malware analysis, and data enrichment can all be time consuming tasks. ThreatConnect’s Playbooks feature can automate these things along with almost any cybersecurity task using an easy drag-and-drop interface - no coding needed.
You’ll learn how to:
- Build Playbooks that automatically run based on events in your network.
- Easily send indicators to any of ThreatConnect’s 100+ integration partners including firewalls and SIEMS.
- Ingest and send data from any tool (including tools not yet integrated with ThreatConnect).
- Use Playbooks to get disconnected tools to all talk to each other.
We build a Playbook live on the webinar and also show you where to find ThreatConnect-provided Playbook templates.
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
This document discusses how security and operations teams can work together more effectively. It emphasizes that security can no longer be isolated to the network perimeter and must rely on operations teams to install monitoring tools and remediate issues. Operations teams in turn rely on security teams for guidance on building secure systems. The document argues that both teams need a high-velocity feedback loop built on trust and data sharing. It also provides recommendations for rethinking people, processes, and tools to better support this collaboration, including focusing on empathy over rules, reducing risk through isolation, and leveraging existing communication channels. The overall aim is to enable faster incident response through continuous monitoring, automation, and embracing new deployment models.
Detecting and Blocking Suspicious Internal Network Traffic LogRhythm
Internal network traffic in an organization can be as nefarious as an outside hacker trying to gain access to sensitive information. Every organization needs visibility into their network, both internal and external, in order to detect and respond to threats.
Recently, we had an organization that needed a way to detect and block suspicious internal network traffic using SmartResponse from LogRhythm to block shady activity.
View the presentation to see how SmartResponse was enabled to quickly detect suspicious internal network activity against a Web server.
The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software.
For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
James Brown (VP Technology Solutions Group, Alert Logic), Stephen Coty (Chief Security Evangelist, Alert Logic), and Paul Fletcher (Security Evangelist, Alert Logic)'s live hack demonstration at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
#ALSummit: Accenture - Making the Move: Enabling Security in the CloudAlert Logic
Bill Phelps (Managing Director of Security Programs, Accenture)'s presentation on observations of cloud security trends at the NYC Alert Logic Cloud Security Summit on June 14th, 2016.
Dr. Anton Chuvakin discusses the future of security information and event management (SIEM) technologies in 2012. He outlines five areas where SIEM is likely to expand: 1) collecting and analyzing more context data, 2) sharing intelligence between SIEM systems, 3) monitoring emerging environments like virtual systems, cloud, and mobile, 4) developing new analytic algorithms to better detect threats, and 5) expanding to monitor application security in addition to infrastructure security. Chuvakin advises organizations to start integrating more context data, collecting security feeds, and expanding SIEM coverage to prepare for these evolving capabilities.
#ALSummit: Cyber Resiliency: Surviving the BreachAlert Logic
- The document discusses strategies for both before and after a security breach occurs.
- Before a breach, the key recommendations are to adopt resilient design patterns like limiting credential reuse, isolating applications, and continuously snapshotting configurations. Critical logs should also be collected and stored immutably outside the environment.
- After a breach is discovered, the document advises cutting connections but also considers briefly observing the attacker first to understand the full scope. Isolating compromised infrastructure and practicing incident response drills are also suggested.
The document summarizes the findings of a 2015 study on the costs of cybercrime:
- The average annual cost of cybercrime per company was $7.7 million globally, with successful attacks occurring over 1.9 times per company per week. Business disruption and lost productivity accounted for 39% of costs, while information loss accounted for 35%.
- The most effective tools for reducing costs were security intelligence systems, which saved companies an average of $1.9 million annually with a 23% ROI. Extensive deployment of encryption technologies saved $883,000 on average.
- The costliest attacks were from malicious insiders averaging $144,542 per attack, while detection of attacks was the most expensive internal
This presentation will lay out the latest improvements and features in the platform while highlighting the ways that you and your team will be able to benefit from them.
You'll learn:
- How to make analysts' lives easier
- How to unite and empower your threat intel team
- Evaluating the return on investment in threat intelligence
- New ways to visualize threat intel
- The value of using one platform for everything
Managing Indicator Deprecation in ThreatConnectThreatConnect
The document discusses managing indicator deprecation in ThreatConnect. It explains that indicator deprecation is a system for automatically lowering an indicator's confidence rating over time based on configurable rules. This helps reflect an indicator's staleness and can automatically delete old indicators. The document provides examples of setting deprecation rules for different indicator types and sources, and best practices used by ThreatConnect's research team.
Esta presentación describe la naturaleza de las ciberamenazas modernas y cómo afectan la transición de la empresa a la infraestructura de la nube. Más específicamente, las suposiciones sobre la seguridad de la infraestructura en la nube que serán desafiadas y reexaminadas desde la perspectiva de un atacante, y se explorarán los puntos débiles de la nube. Esta presentación debe dar una perspectiva a las organizaciones con respecto a algunos de los puntos clave de debilidad en su nube, y qué se puede hacer para mitigar las amenazas que apuntan a estas debilidades en el futuro.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported. This talk covers the framework and then dives into some stories from the field.
Will County Sheriff’s Office: Solving Crime with DataElasticsearch
Learn how the Elastic Stack helped the Will County Sheriff's Office build Network Monitoring and Security, Operational Analysis at the Will County Adult Detention Facility, and Crime Analysis for their area.
#ALSummit: Realities of Security in the CloudAlert Logic
The document discusses security in the cloud and outlines a shared responsibility model between cloud providers and customers. It notes that cloud workloads can be as secure or more secure than on-premises workloads when best practices are followed. Building security maturity over time is important, ranging from basic security to threat management and security operations capabilities. While security principles remain the same, the approach must change in cloud environments. Specifically, understanding shared responsibilities, applying the same standards to cloud workloads, and leveraging cloud-native security tools are emphasized.
Part 3, the final part of the series "Mastering Next Gen SIEM Use Cases".
The following presentation talks about building use cases to detect anomalies pertaining to applications and application servers.
Importance of correlating events pertaining to applications and applications servers.
Discover sample use cases for detecting anomalies in the SWIFT application.
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarSumo Logic
In this webinar, Sumo Logic VP of Security and Compliance George Gerchow dives into how to make the shift to DevSecOps, discussing how to:
- Incorporate fundamental and high impact security best practices into your current DevOps operations
- Gain visibility into your compliance posture
- Identify potential risks and threats in your environments
Threat Hunting for Command and Control ActivitySqrrl
Sqrrl's Security Technologist Josh Liburdi provides an overview of how to detect C2 through a combination of automated detection and hunting.
Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-for-command-and-control-activity
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
Doug Meier, Director of Security and Compliance at Pandora, shares how Pandora defines and handles “shadow IT”, assesses and onboards vendors, all while keeping pace with the company’s must-do business in the cloud. He covers hot topics such as single sign-on, identity management, and active directory integration.
Cyberware covers technologies you need to enjoy our security monitoring services. With our third-party service implemented rules and use cases, threat intelligence, GeoIP technology, human analysts to analyze and recommend your needs and requirements, you can invest your resources on what you do best and make better, faster decisions when cyber incidents arise. - https://www.cyberware.ai/security-monitoring/
How Google Protects Its Corporate Security Perimeter without FirewallsPriyanka Aash
The increasing mobility of professional users has brought an end to the traditional corporate security perimeter. Google has reinvented its security perimeter around devices through its groundbreaking "BeyondCorp" initiative. In this talk, two Google security leaders will share how this transformation took place, where it's headed and how you can apply this approach to your organization.
(Source: RSA Conference USA 2017)
Save Time and Act Faster with PlaybooksThreatConnect
Ingesting threat data, malware analysis, and data enrichment can all be time consuming tasks. ThreatConnect’s Playbooks feature can automate these things along with almost any cybersecurity task using an easy drag-and-drop interface - no coding needed.
You’ll learn how to:
- Build Playbooks that automatically run based on events in your network.
- Easily send indicators to any of ThreatConnect’s 100+ integration partners including firewalls and SIEMS.
- Ingest and send data from any tool (including tools not yet integrated with ThreatConnect).
- Use Playbooks to get disconnected tools to all talk to each other.
We build a Playbook live on the webinar and also show you where to find ThreatConnect-provided Playbook templates.
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
This document discusses how security and operations teams can work together more effectively. It emphasizes that security can no longer be isolated to the network perimeter and must rely on operations teams to install monitoring tools and remediate issues. Operations teams in turn rely on security teams for guidance on building secure systems. The document argues that both teams need a high-velocity feedback loop built on trust and data sharing. It also provides recommendations for rethinking people, processes, and tools to better support this collaboration, including focusing on empathy over rules, reducing risk through isolation, and leveraging existing communication channels. The overall aim is to enable faster incident response through continuous monitoring, automation, and embracing new deployment models.
Detecting and Blocking Suspicious Internal Network Traffic LogRhythm
Internal network traffic in an organization can be as nefarious as an outside hacker trying to gain access to sensitive information. Every organization needs visibility into their network, both internal and external, in order to detect and respond to threats.
Recently, we had an organization that needed a way to detect and block suspicious internal network traffic using SmartResponse from LogRhythm to block shady activity.
View the presentation to see how SmartResponse was enabled to quickly detect suspicious internal network activity against a Web server.
The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software.
For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
James Brown (VP Technology Solutions Group, Alert Logic), Stephen Coty (Chief Security Evangelist, Alert Logic), and Paul Fletcher (Security Evangelist, Alert Logic)'s live hack demonstration at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
#ALSummit: Accenture - Making the Move: Enabling Security in the CloudAlert Logic
Bill Phelps (Managing Director of Security Programs, Accenture)'s presentation on observations of cloud security trends at the NYC Alert Logic Cloud Security Summit on June 14th, 2016.
Dr. Anton Chuvakin discusses the future of security information and event management (SIEM) technologies in 2012. He outlines five areas where SIEM is likely to expand: 1) collecting and analyzing more context data, 2) sharing intelligence between SIEM systems, 3) monitoring emerging environments like virtual systems, cloud, and mobile, 4) developing new analytic algorithms to better detect threats, and 5) expanding to monitor application security in addition to infrastructure security. Chuvakin advises organizations to start integrating more context data, collecting security feeds, and expanding SIEM coverage to prepare for these evolving capabilities.
#ALSummit: Cyber Resiliency: Surviving the BreachAlert Logic
- The document discusses strategies for both before and after a security breach occurs.
- Before a breach, the key recommendations are to adopt resilient design patterns like limiting credential reuse, isolating applications, and continuously snapshotting configurations. Critical logs should also be collected and stored immutably outside the environment.
- After a breach is discovered, the document advises cutting connections but also considers briefly observing the attacker first to understand the full scope. Isolating compromised infrastructure and practicing incident response drills are also suggested.
The document summarizes the findings of a 2015 study on the costs of cybercrime:
- The average annual cost of cybercrime per company was $7.7 million globally, with successful attacks occurring over 1.9 times per company per week. Business disruption and lost productivity accounted for 39% of costs, while information loss accounted for 35%.
- The most effective tools for reducing costs were security intelligence systems, which saved companies an average of $1.9 million annually with a 23% ROI. Extensive deployment of encryption technologies saved $883,000 on average.
- The costliest attacks were from malicious insiders averaging $144,542 per attack, while detection of attacks was the most expensive internal
This presentation will lay out the latest improvements and features in the platform while highlighting the ways that you and your team will be able to benefit from them.
You'll learn:
- How to make analysts' lives easier
- How to unite and empower your threat intel team
- Evaluating the return on investment in threat intelligence
- New ways to visualize threat intel
- The value of using one platform for everything
Managing Indicator Deprecation in ThreatConnectThreatConnect
The document discusses managing indicator deprecation in ThreatConnect. It explains that indicator deprecation is a system for automatically lowering an indicator's confidence rating over time based on configurable rules. This helps reflect an indicator's staleness and can automatically delete old indicators. The document provides examples of setting deprecation rules for different indicator types and sources, and best practices used by ThreatConnect's research team.
Esta presentación describe la naturaleza de las ciberamenazas modernas y cómo afectan la transición de la empresa a la infraestructura de la nube. Más específicamente, las suposiciones sobre la seguridad de la infraestructura en la nube que serán desafiadas y reexaminadas desde la perspectiva de un atacante, y se explorarán los puntos débiles de la nube. Esta presentación debe dar una perspectiva a las organizaciones con respecto a algunos de los puntos clave de debilidad en su nube, y qué se puede hacer para mitigar las amenazas que apuntan a estas debilidades en el futuro.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported. This talk covers the framework and then dives into some stories from the field.
Will County Sheriff’s Office: Solving Crime with DataElasticsearch
Learn how the Elastic Stack helped the Will County Sheriff's Office build Network Monitoring and Security, Operational Analysis at the Will County Adult Detention Facility, and Crime Analysis for their area.
#ALSummit: Realities of Security in the CloudAlert Logic
The document discusses security in the cloud and outlines a shared responsibility model between cloud providers and customers. It notes that cloud workloads can be as secure or more secure than on-premises workloads when best practices are followed. Building security maturity over time is important, ranging from basic security to threat management and security operations capabilities. While security principles remain the same, the approach must change in cloud environments. Specifically, understanding shared responsibilities, applying the same standards to cloud workloads, and leveraging cloud-native security tools are emphasized.
Part 3, the final part of the series "Mastering Next Gen SIEM Use Cases".
The following presentation talks about building use cases to detect anomalies pertaining to applications and application servers.
Importance of correlating events pertaining to applications and applications servers.
Discover sample use cases for detecting anomalies in the SWIFT application.
Making the Shift from DevOps to Practical DevSecOps | Sumo Logic WebinarSumo Logic
In this webinar, Sumo Logic VP of Security and Compliance George Gerchow dives into how to make the shift to DevSecOps, discussing how to:
- Incorporate fundamental and high impact security best practices into your current DevOps operations
- Gain visibility into your compliance posture
- Identify potential risks and threats in your environments
Threat Hunting for Command and Control ActivitySqrrl
Sqrrl's Security Technologist Josh Liburdi provides an overview of how to detect C2 through a combination of automated detection and hunting.
Watch the presentation with audio here: http://info.sqrrl.com/threat-hunting-for-command-and-control-activity
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
Doug Meier, Director of Security and Compliance at Pandora, shares how Pandora defines and handles “shadow IT”, assesses and onboards vendors, all while keeping pace with the company’s must-do business in the cloud. He covers hot topics such as single sign-on, identity management, and active directory integration.
Cyberware covers technologies you need to enjoy our security monitoring services. With our third-party service implemented rules and use cases, threat intelligence, GeoIP technology, human analysts to analyze and recommend your needs and requirements, you can invest your resources on what you do best and make better, faster decisions when cyber incidents arise. - https://www.cyberware.ai/security-monitoring/
OWASP AppSec EU 2016 - Security Project Management - How to be Agile in Secu...Simone Onofri
This document discusses how to take an agile approach to security project management and testing. It defines agile as an iterative approach where requirements and solutions evolve through collaboration. The key aspects of agile security project management covered are:
- Using agile techniques like planning poker, timeboxing, and MoSCoW prioritization to plan and manage security testing projects.
- Integrating security testing into the agile software development lifecycle through techniques like defining security acceptance criteria, implementing "evil user stories", and pairing programmers with security experts.
- Managing vulnerabilities found during testing through techniques like blocking work items in a kanban board until vulnerabilities are retested and resolved.
The document provides examples and tips
John Eccleshare, Head of Compliance and Information Security at bet365, discusses bet365's migration of their Splunk deployment to Splunk Cloud. Some key points:
- bet365 processed 3 TB of data per day in their on-prem Splunk deployment but scaling it for new use cases was challenging.
- Migrating to Splunk Cloud improved performance, enhanced security capabilities, and freed up 4 FTEs by reducing maintenance and upgrade work.
- Lessons learned included needing more business input on requirements and migrating sooner for increased agility. Recommendations included running parallel deployments during migration and using professional services.
Slides from Alexandre BRIANCEAU's talk at #OSSPARIS19 (Open Source Summit Paris 2019).
Security is everyone's business, an exploited breach is enough. Teams are aware of this and yet it is still as difficult as ever to be able to ensure, be confident, and reassure others (prove) that at least one party is under control.
And when it comes to server infrastructure, especially at the OS / middleware level, everything gets complicated. Even with an operational security team, it is difficult to ensure that the Information System Security Policy and security recommendations are properly implemented on all servers.
How can we be sure that our security policies are properly applied on all our servers other than through a massive and costly audit? Even if they were when they were created, how do you know if they remain perfectly compliant after a few days / weeks / months?
Let's discover together RUDDER, an open-source solution for continuous compliance based on configuration management to automatically audit and/or correct our systems.
Protecting endpoints from targeted attacksAppSense
This document discusses strategies for protecting endpoints from targeted attacks. It begins with an overview of the increasing threats facing organizations from malware and cyber attacks. It then outlines five principles for an effective endpoint security strategy: 1) get organizational endpoints in order through vulnerability management and application control, 2) focus on protecting data rather than infrastructure on unmanaged devices, 3) utilize thin clients and cloud-based solutions, 4) implement a zero-trust approach to authentication, and 5) maintain visibility into endpoint activity. The document recommends implementing application control, patching vulnerabilities, deploying recommended security practices, improving authentication, and integrating network and endpoint security controls. It emphasizes continuing to shift focus to securing unmanaged devices by decoupling protection from infrastructure.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
This document provides information about Alpha Team Technologies, a company that has helped businesses reduce IT costs, increase productivity, and streamline operations for 27 years. It discusses Alpha Team's 15-member team and customer-focused approach to providing daily IT support, helpdesk services, and infrastructure monitoring. The document also outlines several IT assessment, optimization, and security services Alpha Team can provide, including baseline assessments, policies and procedures, risk mitigation, backup solutions, hardware upgrades, patching, access controls, and disaster recovery planning. Cost estimates provided include $137,000 for man hours, $150,000 for materials/services/licensing, and $57,000 for initial setup and management, for a total cost of $342
SanerNow a platform for Endpoint security and systems ManagementSecPod Technologies
Endpoint security can be more effective and less costly by simplifying management through a unified platform rather than multiple point products. Currently, organizations invest heavily in numerous security products yet still struggle with attacks, complexity, and high costs. A single platform called SanerNow provides tools to automate tasks like vulnerability management, patching, and threat detection through continuous monitoring from the cloud. It aims to reduce security costs by up to 60% by addressing issues holistically rather than relying on numerous specialized products with overlapping functionality.
This document summarizes a presentation given by Craig Heilmann of IBM Security Services at the S4 ICS Security Conference in January 2015. The presentation discussed accelerating cyber security for operational technology (OT) using a case study. The case study involved a large manufacturer that wanted to transform its security operations over 5 years but faced constraints. The solution was to focus first on operations using an "elastic and agile" model with processes, operations, and technology improvements to quickly detect, respond, and disrupt attacks. This included enterprise-wide password changes and a security program framework to continuously adapt and mature capabilities over time. Cost modeling was also introduced to better plan and rationalize security spending.
Information Security Risks - What You Can Do To Help Your Clients Avoid Costl...Net at Work
This webinar discussed cybersecurity best practices for small businesses. It covered current types of attacks like malware, denial of service, and ransomware. The presenters recommended best practices including regular backups, managing technical vulnerabilities, security awareness training, having an incident response plan, effective communication and testing of the plan, and security monitoring. They argued that managed IT services can help businesses implement these practices and mitigate security risks in a cost-effective way. The webinar provided resources for attendees and took questions at the end.
This document summarizes best practices for building an application security program at a startup. It recommends getting organizational buy-in, building a security team by networking and attending events, and shifting security left by training developers. It also discusses implementing threat modeling, carefully vetting security vendors, embedding security engineers with developer teams, and continuing to improve processes over time. The overall message is that security is a collaborative effort involving the whole company.
(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...Andrew O. Leeth
The document discusses improving cloud vendor security assessments between customers and vendors. It outlines the challenges both parties face, including the overwhelming volume of assessments vendors receive and customers asking the wrong questions. The document provides recommendations for both customers and vendors, such as customers assessing the security of the solution and not just the vendor, and vendors establishing dedicated security teams to efficiently respond to assessments. The goal is for both parties to work together to continuously improve the security assessment process.
Why does security matter for devops by Caroline WongDevSecCon
This document discusses why security matters for DevOps. It begins by introducing the speaker and intended audience. It then explains how the role of security is changing from protecting the perimeter to addressing risks from vendors and mobile endpoints. Security matters for DevOps because major companies have experienced high-profile data breaches, which hurt sales, acquisition, press, and compliance. The document outlines the NIST Cybersecurity Framework approach of identifying, preventing, detecting, responding to, and recovering from incidents. It emphasizes that security for DevOps must be business-driven, on-demand to fit the DevOps toolchain, and built on a culture of trust.
Empired Convergence 2017 - Keeping Pace, Staying Safe in the Digital WorldEmpired
This document discusses how organizations can keep pace with digital transformation and security challenges. It recommends developing a cybersecurity program to understand threats, identify risks, build defensive strategies, and continuously validate effectiveness. It also suggests reviewing network perimeters as traditional firewalls are no longer sufficient, and establishing identity as the new control plane since users, apps and data now extend beyond network boundaries. Identity-driven security is presented as a solution to gain visibility and control over users, devices, apps and data both on-premises and in the cloud.
Schneider Electric provides a comprehensive approach to cyber security for critical infrastructure. They recognize cyber attacks have expanded from disrupting IT systems to endangering physical assets and human life. The document outlines Schneider's investments in security technologies and services to protect customers across industries. It describes their defense-in-depth strategy including secure product design, testing, compliance with standards, and security services to monitor, detect, and respond to threats. The goal is to help customers comply with regulations and mitigate risks through an integrated portfolio.
Enterprise Vulnerability Management: Back to BasicsDamon Small
Vulnerability Management is the lifecycle of identifying and remediating vulnerabilities in an organization's enterprise. A number of companies are starting to do this well, but in some cases, focus on advanced and emerging threats has had the unintended consequence of leaving Vulnerability Management unattended. Defense is actually hard work and people aren't doing it as well as they should! Considered in the context of asymmetric warfare, Blue Teaming is more difficult than Red Teaming. Coupled with the fact that most vulnerabilities do not actually suffer from advanced attacks and 0-days, Vulnerability Management must be the cornerstone of any Information Assurance Program.
The speakers, Kevin Dunn and Damon Small, will describe the key elements of a mature Vulnerability Management Program (VMP) and the pitfalls encountered by many organizations as they try to implement it. Dunn and Small will include detailed examples of why purchasing the scanner should be one of the last decisions made in this process, and what the attendee must do to ensure the successful defense of company assets and data. This session will cover:
- Vulnerability Management: What is it good for?
- What is it not good for?
- How do I make a real difference?
This document discusses the challenges of audit compliance and proposes a continuous monitoring approach. It describes how organizations often scramble to prepare for audits in an unplanned, reactive way that disrupts work and does not maintain long-term compliance. The document proposes establishing security controls integrated with daily operations to make compliance a natural byproduct. It provides steps for continuous monitoring, including categorizing assets, determining risk thresholds, setting monitoring frequencies, and generating detailed reports to assess risk and guide security improvements. The benefits are presented as leveraging automation to reduce audit effort while providing objective data to address gaps and priorities.
Similar to Customer Story: Scaling Security With Detections-as-Code (20)
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
3. Today’s Speakers
Jack Naglieri
Founder, CEO, Panther Labs
Aaron Zollman
CISO, Cedar
9+ years in detection and response
Ex-Airbnb and Yahoo
Co-creator of StreamAlert
20+ years in security
Offense -> Threat Intel -> Defense
Startups -> Finance -> Back again
4. Scaling up detection and response in a
rapidly changing environment is hard
Intro
5. How Cedar Scales Security:
● Going from 0 to 1 with a small team
● Using detections-as-code to identify “badness”
● Operationalizing alerting response
● Scaling all of the above by onboarding new data
Today We’ll Cover
6. The billing process
was not made for patients
W H Y C E D A R
R E C E I V E S T R E A T M E N T
P A Y E R T O U C H P O I N T S
● Provider bill(s)
● Calls, payment plans, discounts
● Pay bill
P R O V I D E R T O U C H P O I N T S
● Complicated payer EOB(s)
● Calls, appeals, denials
● COB and subrogation calls
Patient
of healthcare consumers
had a healthcare bill go to
collections in the last year1
34%
T O P R E A S O N S I N C L U D E :
43% 26%
confusion about
bill amount1
outdated billing &
notification process1
22m
Americans with otherwise clean
credit have had their credit score
affected by medical bills <$2502
1.Cedar/Survata research
2.U.S. Consumer Financial Protection Bureau
7. A standout
user experience
7
Remove barriers to
engagement (and payment)
● Reach patients at the time in the
right place with dynamic outreach
● Drive engagement with
easy-to-understand messaging
● Guide patients to the best possible
outcomes with tailored payment options
8. 8
2020 Cedar, Inc. All rights reserved
157m
$ 10m+
33 50b
$
funding
client partners
patients served
per year
net patient
revenue of clients
8
Top technology investors
150+ team members from
About Cedar
+
+
9. Who? Small team, in a highly regulated industry
Goal: To keep up with speed of business &
rapidly evolving attack surface
Cedar Security Team
10. Panther alleviates the problems
with traditional SIEMs
Why?
Detections-as-Code Structured Data Lake Cloud-Native
13. Detecting manual AWS changes in production
● Ideally: Changes happen with infrastructure-as-code
● Scary scenario: Identify attackers attempting to circumvent controls or exfil
● More likely scenario: senior engineer with a high priority change request
● Demo example: manual changes to security groups
Scenario 1
14. CloudTrail
Events are sent
to Panther in
real-time via S3
Panther
Panther parses,
normalizes, applies
Python detections
Scenario 1
Slack
The team is notified in
Slack, reviews the
alert, and responds
with emojis
17. Benefits
● Repeatable
● Consistent
● Easy to Maintain
What is it?
● Express cloud components as reusable
code
● Support for CloudFormation or Terraform
● Onboarding additional accounts is fast
● Serverless for high-scale
#1 - Infrastructure-as-Code (IaC)
18. A modern and systematic way to write detections
using software engineering principles
Detection-as-Code
19. Monitoring Google Drive Shared Files
● Single SIEM managing both “prod” and “corp” environment
● PHI, PII and sensitive data loss is a risk to the business across the board
● Google Workspace is one of our key collaboration tools
● Teams vary widely in risk and operational complexity
● Approach has to be targeted but scalable
Scenario 2
23. Code review and versioning
● Cross-team collaboration
● History of changes and approvals
● Satisfy auditing and compliance
needs
#3 - Source Control
24. Hands-off detection management
● Consistency and reliably
● Auto-upload on merge
● Staging/prod parity
#4 - Continuous Deployment
Develop
Security team
creates new
detections
GitHub
A branch is pushed to
source control and a
pull request is opened
Panther
On merge, a job will
automatically push
directly to Panther
25. Shared logic applied to multiple detections
● Convenience functions
● Global configurations
● Data models
#5 - Helpers and Models
27. Discovery and onboarding of new data
● Ingesting custom logs
● The process
○ Write schema and data models
○ Ingest the data
○ Discover behaviors
○ Write detections
Next Steps
28. Small security teams can be mighty!
● Understand your environment and the right approach for your team
● Centralize and normalize data
● Iterate and evolve your detections over time
● Techniques for Scaling:
○ Infrastructure-as-Code
○ Detection-as-Code
○ Testing
○ Source Control
○ Continuous Deployment
○ Helpers and Models
Key Takeaways