Alex Michael - 2017/2018 Cyber Threat Report in an Enterprise Mobile WorldPro Mrkt
Alex Michael from SonicWall present "2017/2018 Cyber Threat Report in an Enterprise Mobile World" at the Midlands Cyber Security Expo 2018 #midscybersecurity18
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldPro Mrkt
Darren Rawlinson from Samsung presents "Dealing with Cyber Threats in an Enterprise Mobile World" at the Midlands Cyber Security Expo 2018 #midscybersecurity18
Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...Pro Mrkt
Adam Maskatiya from Kaspersky Lab is delivering an insightful talk entitled "Redefining Security in an Era of Digital Transformation" at the Midlands Cyber Security Expo 2018 #midscybersecurity18
Why cyber-threats could kill your business transformation
We live in a connected world, and many organisations have responded with business transformation programs encompassing cloud, remote endpoints, shared networks, and more. How long can these connected systems and processes survive in a world of next generation, increasingly stealthy and complex cyber threats? This presentation will consider the threats facing digitally-powered businesses today and in the coming years – and how the security industry can help them address these threats. Not just through multi-layered, machine-learning and intelligence-based protection, but, equally importantly, through collaboration – with each other and with the business community – to share intelligence, build skills, and ensure security is built in from the very start of every new product and service.
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis
In the wake of the massive "WannaCry" ransomware attack that took the world by storm on Friday, May 12, businesses are scrambling to improve their IT security. Learn how Acronis Active Protection can help prevent another attack like this one from knocking your business offline.
Join the Community IT monthly webinar series as we discuss the latest trends in IT Security for Nonprofits. Make IT Security a priority for your nonprofit in 2016.
Don’t let Ransomware hold your data and your company hostage. Ransomware attacks increased by over 300% in 2016. Watch this Tech Demo to see how Unitrends addresses this prolific threat.
Alex Michael - 2017/2018 Cyber Threat Report in an Enterprise Mobile WorldPro Mrkt
Alex Michael from SonicWall present "2017/2018 Cyber Threat Report in an Enterprise Mobile World" at the Midlands Cyber Security Expo 2018 #midscybersecurity18
Darren Rawlinson - Dealing with Cyber Threats in an Enterprise Mobile WorldPro Mrkt
Darren Rawlinson from Samsung presents "Dealing with Cyber Threats in an Enterprise Mobile World" at the Midlands Cyber Security Expo 2018 #midscybersecurity18
Adam Maskatiya - Redefining Security in an Era of Digital Transformation #mid...Pro Mrkt
Adam Maskatiya from Kaspersky Lab is delivering an insightful talk entitled "Redefining Security in an Era of Digital Transformation" at the Midlands Cyber Security Expo 2018 #midscybersecurity18
Why cyber-threats could kill your business transformation
We live in a connected world, and many organisations have responded with business transformation programs encompassing cloud, remote endpoints, shared networks, and more. How long can these connected systems and processes survive in a world of next generation, increasingly stealthy and complex cyber threats? This presentation will consider the threats facing digitally-powered businesses today and in the coming years – and how the security industry can help them address these threats. Not just through multi-layered, machine-learning and intelligence-based protection, but, equally importantly, through collaboration – with each other and with the business community – to share intelligence, build skills, and ensure security is built in from the very start of every new product and service.
Acronis Active Protection: A Way To Combat Ransomware AttackAcronis
In the wake of the massive "WannaCry" ransomware attack that took the world by storm on Friday, May 12, businesses are scrambling to improve their IT security. Learn how Acronis Active Protection can help prevent another attack like this one from knocking your business offline.
Join the Community IT monthly webinar series as we discuss the latest trends in IT Security for Nonprofits. Make IT Security a priority for your nonprofit in 2016.
Don’t let Ransomware hold your data and your company hostage. Ransomware attacks increased by over 300% in 2016. Watch this Tech Demo to see how Unitrends addresses this prolific threat.
#ESGJRConsultingInc #Software #Cisco #Network #Engineering #CNSVitalSigns #DNAIDSmartCard
Cisco Certifications
Go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Projects.
La seguridad cibernética es claramente un tema de creciente importancia en estos días. La presentación invitará a reflexionar sobre la semántica de las palabras que usamos al hablar sobre seguridad cibernética, y lo guiará a través del mapa de perspectivas y metodologías hacia su propio camino para estar seguros y protegidos en el entorno digital. La charla se ajusta tanto para los líderes empresariales como técnicos.
If your business operates on Windows computers, be on the lookout. Cybercriminals created malicious computer software, called CryptoLocker, which can invade your computer, encrypt your data, and then demand you pay a ransom. Afterwards, you have roughly 72 hours to pay the ransom of at least $200 in bitcoins. If you don’t pay the ransom on time, the price can go up to $2,000. Or don’t pay and lose your data forever, which likely won’t be an option if CryptoLocker encrypted files critical to operating your business, such as legal documents, payroll forms, and customer information.
Peter B. Lange: Collaborative threat intelligence and actionable integration
http://www.infinit.dk/dk/nyheder-og-reportager/cyber-security-4-0-reportage.htm
Strategies to combat new, innovative cyber threats in 2019SrikanthRaju7
We will focus on sharing our predictions for the big new changes we expect to see in cyber attacks and attack patterns in the coming year.
Before we dive into those, we will spend a little bit of time focusing on the five newest tactical attacks we expect to see a whole lot more of in 2019. After that, we will look into the big new shifts in targets and attack strategy that will dominate
Cyberwarfare over the coming year.
After we review the tactical and strategic threats you will need to look out for next year, We will provide a look at the primary defensive strategies you can deploy to combat tomorrow’ emerging threats.
That being said, while we feel confident that these represent some of the biggest new movements in the cybersecurity landscape in 2019, we also recognize that we are not the only experts here. And that there might be some big, effective attack and defense strategies that did not make it into our presentation.So, I welcome you to please share your own views on what you think will be the key threats in the comments here.
With that being said, let’s get started!
The cybersecurity experts here at SARA will help you deal with any of the cyber-attacks or security hacks that have ever ruled over your digital assets. Additionally secures your entire IT department with an impenetrable security layer.
By 2025, millennials are projected to make up 75% of the total workforce. Organizations have been adapting their processes, policies and environments to match the millennial culture, but are they truly prepared to handle millennial technology practices? Michael Crouse – Forcepoint VP, Insider Threat explains.
Michael Appelby: Why the protection of information is critical for our society
http://www.infinit.dk/dk/nyheder-og-reportager/cyber-security-4-0-reportage.htm
Outpost24 webinar - A day in the life of an information security professional Outpost24
Get more information about security challenges and pitfalls you might face throughout the vulnerability management cycle, including internal obstacles thanks to these slides
DHS Cybersecurity Services for Building Cyber ResilienceDawn Yankeelov
DHS Cybersecurity Analyst details the US Department of Homeland Security Services for all businesses to build cyber resilience at the Technology Association of Louisville's CyberSecurity Summit on June 14, 2019.
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them SrikanthRaju7
The attached deck "Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them" talks about strategic and tactical attacks to watch out for in 2019 and the defensive strategies to deploy against these emerging threats.
Outpost24 webinar - Improve your organizations security with red teamingOutpost24
Our Red Teaming expert Hugo van den Toorn explains the key elements of a red team operations, what companies can expect from the assessment and how to benefit from the ‘moment of truth’
Summary
The GRC (governance, risk and compliance) market is driven by three factors: government regulation such as Sarbanes-Oxley, industry compliance such as PCI DSS 1.2 and growing numbers of data security breaches and Internet acceptable usage violations in the workplace. $14BN a year is spent in the US alone on corporate-governance-related IT spending1.
Are large internally-focused GRC systems the solution for improving risk and compliance? Or should we go outside the organization to look for risks we’ve never thought about and discover new links and interdependencies2.
This article introduces a practical approach that will help the CISOs/CSOs in any sized business unit successfully improve compliance and reduce information value at risk. We call this approach “The Tao of GRC” and base it on 3 principles.
1. Adopt a standard language of threats
2. Learn to speak the language fluently
3. Go green – recycle your risk and compliance
Threats that Matter - Murray State University 2017chrissanders88
In this presentation I discuss the current state of information security and where innovation is failing to make it back to smaller businesses. I identify threats that matter most to businesses through the lens of a framework for the evaluation of threats. I also describe five things you can do to increase your network security right now in the wake of these threats.
Cybersecurity in the Workplace is Everyone's Business Symantec
Building a culture of cybersecurity is critical to every organization no matter the size. Join Aaron Cohen, Director of Cyber Security Services, to learn more about how to strengthen your organization’s cyber resiliency.
#ESGJRConsultingInc #Software #Cisco #Network #Engineering #CNSVitalSigns #DNAIDSmartCard
Cisco Certifications
Go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Projects.
La seguridad cibernética es claramente un tema de creciente importancia en estos días. La presentación invitará a reflexionar sobre la semántica de las palabras que usamos al hablar sobre seguridad cibernética, y lo guiará a través del mapa de perspectivas y metodologías hacia su propio camino para estar seguros y protegidos en el entorno digital. La charla se ajusta tanto para los líderes empresariales como técnicos.
If your business operates on Windows computers, be on the lookout. Cybercriminals created malicious computer software, called CryptoLocker, which can invade your computer, encrypt your data, and then demand you pay a ransom. Afterwards, you have roughly 72 hours to pay the ransom of at least $200 in bitcoins. If you don’t pay the ransom on time, the price can go up to $2,000. Or don’t pay and lose your data forever, which likely won’t be an option if CryptoLocker encrypted files critical to operating your business, such as legal documents, payroll forms, and customer information.
Peter B. Lange: Collaborative threat intelligence and actionable integration
http://www.infinit.dk/dk/nyheder-og-reportager/cyber-security-4-0-reportage.htm
Strategies to combat new, innovative cyber threats in 2019SrikanthRaju7
We will focus on sharing our predictions for the big new changes we expect to see in cyber attacks and attack patterns in the coming year.
Before we dive into those, we will spend a little bit of time focusing on the five newest tactical attacks we expect to see a whole lot more of in 2019. After that, we will look into the big new shifts in targets and attack strategy that will dominate
Cyberwarfare over the coming year.
After we review the tactical and strategic threats you will need to look out for next year, We will provide a look at the primary defensive strategies you can deploy to combat tomorrow’ emerging threats.
That being said, while we feel confident that these represent some of the biggest new movements in the cybersecurity landscape in 2019, we also recognize that we are not the only experts here. And that there might be some big, effective attack and defense strategies that did not make it into our presentation.So, I welcome you to please share your own views on what you think will be the key threats in the comments here.
With that being said, let’s get started!
The cybersecurity experts here at SARA will help you deal with any of the cyber-attacks or security hacks that have ever ruled over your digital assets. Additionally secures your entire IT department with an impenetrable security layer.
By 2025, millennials are projected to make up 75% of the total workforce. Organizations have been adapting their processes, policies and environments to match the millennial culture, but are they truly prepared to handle millennial technology practices? Michael Crouse – Forcepoint VP, Insider Threat explains.
Michael Appelby: Why the protection of information is critical for our society
http://www.infinit.dk/dk/nyheder-og-reportager/cyber-security-4-0-reportage.htm
Outpost24 webinar - A day in the life of an information security professional Outpost24
Get more information about security challenges and pitfalls you might face throughout the vulnerability management cycle, including internal obstacles thanks to these slides
DHS Cybersecurity Services for Building Cyber ResilienceDawn Yankeelov
DHS Cybersecurity Analyst details the US Department of Homeland Security Services for all businesses to build cyber resilience at the Technology Association of Louisville's CyberSecurity Summit on June 14, 2019.
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them SrikanthRaju7
The attached deck "Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them" talks about strategic and tactical attacks to watch out for in 2019 and the defensive strategies to deploy against these emerging threats.
Outpost24 webinar - Improve your organizations security with red teamingOutpost24
Our Red Teaming expert Hugo van den Toorn explains the key elements of a red team operations, what companies can expect from the assessment and how to benefit from the ‘moment of truth’
Summary
The GRC (governance, risk and compliance) market is driven by three factors: government regulation such as Sarbanes-Oxley, industry compliance such as PCI DSS 1.2 and growing numbers of data security breaches and Internet acceptable usage violations in the workplace. $14BN a year is spent in the US alone on corporate-governance-related IT spending1.
Are large internally-focused GRC systems the solution for improving risk and compliance? Or should we go outside the organization to look for risks we’ve never thought about and discover new links and interdependencies2.
This article introduces a practical approach that will help the CISOs/CSOs in any sized business unit successfully improve compliance and reduce information value at risk. We call this approach “The Tao of GRC” and base it on 3 principles.
1. Adopt a standard language of threats
2. Learn to speak the language fluently
3. Go green – recycle your risk and compliance
Threats that Matter - Murray State University 2017chrissanders88
In this presentation I discuss the current state of information security and where innovation is failing to make it back to smaller businesses. I identify threats that matter most to businesses through the lens of a framework for the evaluation of threats. I also describe five things you can do to increase your network security right now in the wake of these threats.
Cybersecurity in the Workplace is Everyone's Business Symantec
Building a culture of cybersecurity is critical to every organization no matter the size. Join Aaron Cohen, Director of Cyber Security Services, to learn more about how to strengthen your organization’s cyber resiliency.
The Silicon Valley Security Debate: Demo by Symphony’s CTO and CSOSymphony.com
Lawrence Miller, Chief Security Officer, Symphony & Mike Harmon, Chief Technology Officer, Symphony, demonstrate Symphony encryption live at Symphony Innovate Asia 2018.
Presented live at HKEX Connect Hall in Hong Kong on 7 June.
Cybersecurity - How to Protect your Organisation from Cybersecurity Threats Craig Thornton
With cyberattacks being on the increase, it is an important topic for all organisations.
Here’s what this slideshare presentation covers:
- Why cybersecurity affects all businesses
- What systems you need to manage cybersecurity risk
- Integrating your IT security requirements into your business management system
- 5 essential functions you need for protection
There were an estimated 300 million cyberattacks during 2015. Of those, only 90 million were detected. This means 70% of cyberattacks go unnoticed. Such attacks are increasing at an annual rate of approximately 40 percent.
To watch the webinar recording of this presentation all yo need to do is copy and paste the following link into your web browser:
http://www.mangolive.com/blog-mango/how-to-protect-your-organisation-against-cybesecurity-threats-1
A Data Privacy & Security Year in Review: Top 10 Trends and PredictionsDelphix
Paying attention to data privacy and security is no longer optional. From a mega breach at Equifax to emerging regulations such as GDPR, data security is driving both today’s headlines and the IT initiatives of tomorrow. Join us for a fascinating discussion on how data privacy and security have evolved in 2017—and what to expect in 2018.
What have we learned from 2017's biggest breaches and how will we deal with 2018's emerging threats? Attempting to look both backward and forward over the cyber landscape, Peter Wood will review lessons learned and apply them to the evolving threatscape.
The Importance of Cybersecurity in 2017R-Style Lab
Small and medium-sized companies embrace digital transformation in order to cut operating costs, boost employee productivity and gain a better insight into customer behavior. However, they tend to underestimate the importance of cybersecurity… and end up paying ransoms to hackers due to weak defense systems. Why is cybersecurity important and how to protect your enterprise IT infrastructure?
Do You Manage Software? Understanding Your Role in Cybersecurity DefenseFlexera
Organizations are under constant attack by hackers targeting applications used by the business. The University of Maryland recently quantified the near-constant rate of attacks on computers with Internet access to every 39 seconds. The best defense requires a holistic approach and collaboration of different teams in a concerted effort to reduce the attack surface for hackers. In this webinar we will discuss the roles and the impact that activities, not always associated with security, have in reducing risk. Whether you are an asset manager, a desktop or datacenter manager, or an IT security professional, your role has a significant impact on your organizations ability to reduce the risk of cyber-attack.
A brief overview presentation of Trend Micro that includes our history, growth story, and financials. It also covers how Trend Micro’s artfully combines proven foresight, XGen™ security, and passionate people to enable us to deliver market leading solutions to our customers and partners alike.
Is Your Use of Windows Backup Opening the Door to Hackers?marketingunitrends
The go-to choice for IT pros to secure their data was Windows-based backup. But with all the malware and ransomware designed to attack Windows, many are trusting their backups to a hardened, purpose-built Linux appliance. Are you?
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how.
Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How:
What is a Digital Footprint?
Breakdown of External Threats (Social, Mobile, Web)
What are blended attacks?
What is actually being targeting at your company?
How are your brands, customers, and employees being attack outside of your company?
How to become proactive in threat monitoring on the internet?
Considerations in External Threat solutions
Threat correspondence tracking considerations
Is legal cease and desist letters adequate in stopping attacks?
Examination of a phishing attack campaign
How phishing kits work
Analysis and lesson learned from recent published attacks
What are the most important capability in a digital risk monitoring solution?
Making Security Work—Implementing a Transformational Security ProgramCA Technologies
Recent newsworthy data breaches have business and IT leaders asking, “Are we learning from the mistakes of others?” In an ever-increasing threat environment, security leaders face mounting pressures to deliver effective security capabilities that protect business assets while balancing budgets, security risks and regulatory issues.
For more information on Security, please visit: http://cainc.to/CAW17-Security
Similar to David Tweedale - The Evolving Threat Landscape #midscybersecurity18 (20)
NHS Webinar: Our journey to treat patients virtually. Protect the NHS, Save L...Pro Mrkt
Amongst unprecedented times, Neil will share his experience of rapidly identifying and deploying a solution across multiple sites, and the key challenges and barriers he and his team have had to overcome for success. It aims to provide short cuts for digital leaders looking for ways to treat patients virtually.
David Hall | The Accidental Criminal: Common Security Laws You Could be BreakingPro Mrkt
David Hall from Mills & Reeve LLP is delivering an insightful talk on The Accidental Criminal: Common Security Laws You Could be Breaking at the Midlands Cyber Security Expo 2019 #midscybersecurity19
Dr Alisdair Ritchie | Research: The Answer to the Problem of IoT SecurityPro Mrkt
Dr Alisdair Ritchie from the WMG, University of Warwick is taking us through his research on IoT security at the Midlands Cyber Security Expo 2019 #midscybersecurity19
Alex Michael | Empowering End Users: Your Frontline Cyber Security DefencePro Mrkt
Alex Michael from SonicWall is talking about how empowering end users can strenghen your frontline cyber security defence at the Midlands Cyber Security Expo 2019 #midscybersecurity19
Nicola Whiting | How Diversity Can Help Fight Cyber-AttacksPro Mrkt
Nicola Whiting from the Titania Group talks about How Diversity Can Help Fight Cyber-Attacks at the Midlands Cyber Security Expo 2019 #midscybersecurity19
Mark Lomas | Zero-Trust Trust No One, Trust NothingPro Mrkt
Mark Lomas speaking about Zero-Trust Trust No One, Trust Nothing. Managing and Mitigating Risk in a Post-GDPR World at Midlands Cyber Security Expo 2019 #midscybersecurity19
Matthew Hough Clewes | Cyber Crime and its ImpactsPro Mrkt
Matthew Hough Clewes from the West Midlands Police presenting Cyber Crime and its Impacts at the Midlands Cyber Security Expo 2019 #midscybersecurity19
David Emm | The What, How, Who and Why of Computer MalwarePro Mrkt
David Emm from Kaspersky Lab is delivering an insightful presentation on The What, How, Who and Why of Computer Malware Midlands Cyber Security Expo #midscybersecurity10
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Like to take a few minutes to tell you more about Mimecast.
Outline the issues we help customers tackle.
Explain why our approach is different from others.
Share some detail on our services.
I’m not going to start today with a presentation about features and benefits, products and add-ons.
Instead, for the next 10 or 15mins I’m going to be talking about the threat landscape. My aim is to try and highlight some of the risks to your customers, and some of the misconceptions they might have about the way they’ve protected themselves, their users and their data.
You may notice on the screen we have a timer counting down – it started at 1min 22.
No, that’s not how long it takes me to tie my tie or do up my shoe laces, or how long it will take you to close your first deal after this session (although let’s hope for that).
In the time its taken me to complete this introduction and let the clock run down – your business has been compromised by a phishing attack.
Number one is the fact that email remains the number one attack vector for hackers. This is backed by key stats from the 2017 Verizon Data Breach Investigation Report which indicates:
91% of attacks started with a phishing email.
There was a 55% increase in spear-phishing attacks
1300% increase in impersonation attack losses and
400% increase in ransomware attacks.
So who’s doing the dirty work here and sending malicious emails?
Sometimes it can be just for fun – the guys that hacked TalkTalk said they did it just to see if they could. But often it is a lot more sinister.
There are a number of examples of attacks thought to be state sponsored…North Korea for example are said to have sponsored the attack on Sony Pictures in 2014 in response to the movie The Interview!
Anyone who watches the news is likely to have heard of Russian “meddling” in the US election – with CNBC reporting that 39 states were targeted by Russian hackers during the election campaign.
https://www.cnbc.com/2017/06/13/russias-cyber-attack-on-39-states-could-jeopardize-future-us-elections.html
Bet Clinton wishes she was a bit more careful!
And email and cyber attacks are now often part of the important groundwork for organised criminals – often opening the door and breaking down defences that allow traditional physical crimes to occur.
Think disabling a security system to rob a bank – might sound quite Oceans 11 but a perfectly reasonable and realistic way to cripple an organisation…especially if you only need to send a few emails to do it!
Finally, it might be Joe, or Fred, or Sarah…or any of the people sitting in your offices or in this room. A compromised or malicious insider is in a unique and powerful position to cause damage to an organisation.
Many traditional security solutions are only interested about what comes in from the outside – but mayhem could just as easily be caused by the chap sitting next to you.
Liam, what kinds of techniques are these nasty people using?
And what methods are these people using?
Tor, the Onion Router, the dark web – whichever name you want to give it – allows you to browse and communicate anonymously, making illegal cyber activity easy and difficult to trace.
Bulletproof hosting sites – good destinations for phishing links
And its easy to find Bulletproof hosting sites – services that give compute, storage, bandwidth, management and say “we don’t care what you host, that’s your business!”
And then we have bitcoins…the ultimate anonymous currency – each time it changes hands the encryption becomes more sophisticated as the exchange lengthens the key.
Attackers don’t have to know how to code, they don’t even have to be smart.
Ransomware as a Service has almost become an industry, with tools like TOX which allow attackers to track how many folks have been infected and track the ransom paid
If you’re an attacker and can code but don’t know how to evade sandbox detection, that’s not a problem there’s an online service that can help that too!
FUD- fully undetectable decrypting services use obfuscation, encryption and code manipulation.
Many of your targets wont have the technical knowledge to setup, purchase, transfer crypto-currency or use the decryption keys – for a fee you can have a multi-lingual call centre ensure that your victims are able to pay you and get their data back.
But the biggest problem for any organisation is this – Social Engineering – the easiest way to penetrate an organisations defences…exploiting their users!
There is loads of literature available on Social Engineering if you’d like to become an expert (not that we’d endorse that kind of behaviour)
But for now, let’s go through a step by step guide for co-ordinating a simple but devastating email attack.
It is very easy to identify the key stakeholders in a business, who’s important, who’s not, and who reports into who. A simple “about us” page often hands hackers an exec list on a plate…
What better way to entice a user to open an email than having it look like it’s from the CEO, the CFO or some other senior leader?
When we know the key stakeholders LinkedIn can help us do some more digging and build a strategy…
Very quickly I can identify who reports into who, who’s responsible for what, and tailor my attack to their position in the organisation
…and all through your homepage and a fake LinkedIn account – simples!
Once we’ve got this far, its simple – send some targeted emails to the people we’ve researched with a call to action.
For example, send a CV embedded with ransomware to the HR Manager we spoke to on LinkedIn
Or send somebody in the warehouse an email confirming their delivery…with a malicious URL to “track their parcel”
Even better…pretend to be the CEO and ask the new guy in accounts to action an urgent wire transfer
Simples!
So what do we need to do to stop this?
Our MEME IS THIS
You think your security looks like this.
But it actually looks like this.
IMAGE FROM DOOMSDAY PREPPERS.
The issue here is the risk profile is all wrong.
Snipers rifle.
Magazine’s clipped in.
Can’t climb the stairs without getting out of breath.
WE’RE SPENDING TOO MUCH MONEY ON THE WRONG THINGS
So what do we need to do differently? We need to build layers.
The first layer is of course the technology – a combination of traditional and advanced, targeted threat protection to mitigate the risks in todays threat landscape.
But the second layer is just as important – the human firewall.
Its the on-going education of the weakest links in our business – the users – to minimise their risk to us. That might mean pentesting, dynamic user awareness technologies, even just regular emails.
Both layers are just as important as each other – its prevent and improve now, not just prevent.
And that brings us nicely to the concept I mentioned in the title.
Cyber resilience definition from Wikipedia.
It demonstrates that protecting our customers today involves more than just cyber security.
PROTECT It is more than just protection before an attack….what about during and after an attack. If you cannot answer three questions….then you are not using a cyber resilience strategy.
Users (security)
Data (multi-purpose archiving / backup)
Productivity (operations continuity)
FROM
Malicious intent (internal and external)
Human error
Technological failure
BY
Preventing incidents (before)
Recovering and mitigating (during)
Improving and analyzing (after)
If you want to build a proper cyber resilience plan that protects your organisation and its end users, we can help you to address these four key points.
Prepare – enable your users to look out for these kinds of emails, and have solutions in place that protect you, your data, and to be compliant
Prevent an attack, with a layered approach to security – with traditional filtering services overlapped with targeted threat protection for phishing, whaling and ransomware
Detect – reporting is more important than ever, so deploy SIEM, systematic alerting and regular reporting to give you visibility of what’s happening in your network
And finally, Respond to an incident with immediate recovery, instant remediation, and on-going targeted education to prevent a future incident…and you’ll notice we’ve looped back around.
So as you sit in the sessions today on security, continuity and archiving – think about how you can knit these themes together and start having a conversation with your customer about cyber resiliency.