This document discusses Microsoft's security offerings for defending against modern threats. It summarizes Aidan Finn and MicroWarehouse's roles in promoting Microsoft security products. It then overviews several Microsoft security solutions like Advanced Threat Analytics, Enterprise Mobility + Security, Cloud App Security, Azure Information Protection, Azure Security Center, and Exchange Online Advanced Threat Protection. It argues these solutions are more affordable for small and medium businesses than dealing with security breaches. It promotes MicroWarehouse's role in reselling these cloud-based security services.
Prevent Data Leakage Using Windows Information Protection (WIP)BeyondTrust
Catch the full presentation here: https://www.beyondtrust.com/resources/webinar/prevent-data-leakage-using-windows-information-protection-wip/
In this presentation from his webinar, security expert for Microsoft-based systems, Russell Smith examines how the Windows 10 Anniversary Update can be used to prevent data leaks--and without negatively impacting the user experience, on both personal and company-owned devices. Learn why Microsoft believes WIP offers a better solution than traditional DLP, what the requirements are for WIP, how to make it work for your enterprise, and how WIP can be used in conjunction with least privilege security,application whitelisting, and Azure Rights Management.
This presentation and the webinar covers:
What is Data Leakage Protection (DLP)?
WIP vs. DLP
WIP requirements
Implementing WIP in your environment
Using WIP as part of a defense-in-depth strategy
Being more secure using Microsoft 365 BusinessRobert Crane
Microsoft 365 Business provides a range of services to make both data and devices more secure. This webinar will take you through the range of what these services are, the best practices way in which they should be configured and how you can extend security further with additional Microsoft solutions.
We are now three plus years into widespread adoption across industries of public SaaS apps like Office 365. Despite this momentum, security and compliance remain top challenges. This webinar, featuring Matt Hollcraft, CISO for Maxim Integrated, Dave Ruedger, Chief Security Architect for Maxim Integrated, and Rich Campagna, SVP of Products for Bitglass, will help you build a 2017 action plan to embrace public cloud without sacrificing security and compliance.
While offering practical, actionable advice for major apps like Office 365, Matt, Dave and Rich will address your top concerns, such as unmanaged device access, external sharing, and mitigating controls. They also will provide real world examples of how other organizations have securely navigated the public cloud.
Prevent Data Leakage Using Windows Information Protection (WIP)BeyondTrust
Catch the full presentation here: https://www.beyondtrust.com/resources/webinar/prevent-data-leakage-using-windows-information-protection-wip/
In this presentation from his webinar, security expert for Microsoft-based systems, Russell Smith examines how the Windows 10 Anniversary Update can be used to prevent data leaks--and without negatively impacting the user experience, on both personal and company-owned devices. Learn why Microsoft believes WIP offers a better solution than traditional DLP, what the requirements are for WIP, how to make it work for your enterprise, and how WIP can be used in conjunction with least privilege security,application whitelisting, and Azure Rights Management.
This presentation and the webinar covers:
What is Data Leakage Protection (DLP)?
WIP vs. DLP
WIP requirements
Implementing WIP in your environment
Using WIP as part of a defense-in-depth strategy
Being more secure using Microsoft 365 BusinessRobert Crane
Microsoft 365 Business provides a range of services to make both data and devices more secure. This webinar will take you through the range of what these services are, the best practices way in which they should be configured and how you can extend security further with additional Microsoft solutions.
We are now three plus years into widespread adoption across industries of public SaaS apps like Office 365. Despite this momentum, security and compliance remain top challenges. This webinar, featuring Matt Hollcraft, CISO for Maxim Integrated, Dave Ruedger, Chief Security Architect for Maxim Integrated, and Rich Campagna, SVP of Products for Bitglass, will help you build a 2017 action plan to embrace public cloud without sacrificing security and compliance.
While offering practical, actionable advice for major apps like Office 365, Matt, Dave and Rich will address your top concerns, such as unmanaged device access, external sharing, and mitigating controls. They also will provide real world examples of how other organizations have securely navigated the public cloud.
Cloud security: Accelerating cloud adoption Dell World
Organizations now have an opportunity to more rapidly overcome their security concerns by using third-party cloud platforms. In this session, Dell SecureWorks security experts discuss the Shared Security Responsibility model, how organizations need to think about security architecture in the cloud, and new Dell SecureWorks services that are helping organizations plan, architect, manage and respond to threats in the cloud.
Presented by Michael Scheidell, CISO Security Privateers at the PMI South Florida Day of Excellence.
Common Risks in Desktop, Server, Web, Cloud and Mobile.
Platform Specific Issues
Governance
Cloud Types: Shared, Private, Hybrid
Services to Protect: Authentication, Storage, Processing
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
If you’re implementing Office 365, Box, Salesforce, Google Apps – or virtually any SaaS application – and concerned about balancing security, compliance, and privacy, this is a session you can’t afford to miss. Join Bob Gilbert, Netskope’s Chief Evangelist and the author of the popular white paper, No Tradeoffs: Cloud Security and Privacy Don’t Need to Be at Odds: How Netskope Supports Privacy by Design, for a lively and interactive session featuring:
Cloud security best practices for business & IT leaders
Overcoming the shadow IT "chicken or egg" compliance dilemma
Dr. Cavoukian's Privacy by Design framework, how it applies to SaaS and how Cloud Access Security Brokers can help
Real-world case studies for balancing security and privacy in cloud security
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Michael Scheidell
(Companion whitepaper here:
http://blog.securityprivateers.com/2014/03/lessons-from-frog-and-ostrich.html )
CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME IN AMERICA AND IN 2014 1 IN 7 WILL BE VICTIMS
Part 1
Target: Retail Credit Card Thefts, Frogs, Ostriches and the barn door: Why we will continue to see credit card thefts.
TJMAX had a major breach in 2005 and didn’t know about for 18 months. The same fundamental problems caused the recent Target breach and will continue to plague government, retail and brick and mortar networks for years to come. Find out why a frog won’t let itself get boiled, and learn why humans are the only ones silly enough to bury their heads in the sand as we look at the core problems facing these institutions today.
Part 2
“I am a small company or just an individual, what do hackers want from me and how do they get it?”.
Think you are safe? You have nothing to lose? Nothing the hackers want? Think again. Turn every computer system you own off or use for 7 days and tell me you have nothing valuable. Hackers are after anything they can sell, from your list of customers to your web browser ‘favorites’ list. Find out several simple steps you can take to keep the hackers (and the government) out of your business.
During the 24th of October CollabDays BeNeLux, I did a session on the current and new functions for Information Protection. Including endpoint DLP. These are the slides for this session.
5 Security Questions To Ask When Deploying O365Bitglass
Migrating to Office 365 introduces several new avenues for data leakage: one-click sharing, desktop sync clients, unmanaged device access, and more. Particularly risky for organizations subject to compliance mandates. In this webinar, we'll detail the security gaps in Office 365 and explore how new approaches to cloud security can help mitigate the threat of data leakage with real-world use cases. Join our webinar to find out which questions you should be asking about Office 365 security.
Veeam backup for Office 365 is a product that lets you backup Exchange Online mailboxes . This product can be combined with Microsoft Azure to give a cloud-to-cloud backup as a service solution to customers.
June 2020 Microsoft 365 Need to Know WebinarRobert Crane
Slides from CIAOPS June webinar that provided Microsoft 365 news update, open Q & A as well as a focus session on information labels. Video recording is available at www.ciaopsacademy.com
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)Bitglass
As organizations transition from on-premise data storage and device-centric security to the cloud, the need for a data-centric solution becomes critical. Enterprises need to protect data in the cloud, at access, on the network, and across all devices. While cloud app vendors now offer robust functionality, they lack the level of granular control and deep visibility many organizations need, either for compliance purposes or simply to enable an increasingly mobile workforce.
Join Bitglass and CSA to learn how Cloud Access Security Brokers can protect data in the cloud by providing comprehensive security and real-time data protection. In this webinar, you will learn how CASBs leverage APIs and proxies to control data on both managed and unmanaged devices, enabling secure SaaS and BYOD.
Office365 in today's digital threats landscape: attacks & remedies from a hac...Benedek Menesi
Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
Office 365 Security: How to Safeguard Your DataBitglass
Greg Schaffer, CISO at FirstBank and Rich Campagna, VP of Products at Bitglass, provide practical cloud security advice that you can apply immediately in your organization.
Focusing on O365 but offering a broad view, Greg and Rich will cover top concerns, mitigating controls and give examples of how your peers have responded to the cloud security challenge.
July 2021 Microsoft 365 Need to Know WebinarRobert Crane
Recording of monthly Need to Know webinar for July 2021 that focused on providing a deep dive into email security. The session also includes Microsoft Cloud news and updates along with an open Q and A session around Microsoft 365. Video recording is available at www.ciaopsacademy.com
The Notorious 9: Is Your Data Secure in the Cloud?BCS ProSoft
The first part of this presentation is designed to scare the cloud out of you by talking about some of the common and often overlooked concerns with cloud security. Then we'll bring you right back by showing you how cloud technology publishers as well as VARS, like BCS Prosoft are taking steps to mitigate potential threats and keep you business up and running 24/7/365.
Cloud security: Accelerating cloud adoption Dell World
Organizations now have an opportunity to more rapidly overcome their security concerns by using third-party cloud platforms. In this session, Dell SecureWorks security experts discuss the Shared Security Responsibility model, how organizations need to think about security architecture in the cloud, and new Dell SecureWorks services that are helping organizations plan, architect, manage and respond to threats in the cloud.
Presented by Michael Scheidell, CISO Security Privateers at the PMI South Florida Day of Excellence.
Common Risks in Desktop, Server, Web, Cloud and Mobile.
Platform Specific Issues
Governance
Cloud Types: Shared, Private, Hybrid
Services to Protect: Authentication, Storage, Processing
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
If you’re implementing Office 365, Box, Salesforce, Google Apps – or virtually any SaaS application – and concerned about balancing security, compliance, and privacy, this is a session you can’t afford to miss. Join Bob Gilbert, Netskope’s Chief Evangelist and the author of the popular white paper, No Tradeoffs: Cloud Security and Privacy Don’t Need to Be at Odds: How Netskope Supports Privacy by Design, for a lively and interactive session featuring:
Cloud security best practices for business & IT leaders
Overcoming the shadow IT "chicken or egg" compliance dilemma
Dr. Cavoukian's Privacy by Design framework, how it applies to SaaS and how Cloud Access Security Brokers can help
Real-world case studies for balancing security and privacy in cloud security
Protecting the Castle: CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME ...Michael Scheidell
(Companion whitepaper here:
http://blog.securityprivateers.com/2014/03/lessons-from-frog-and-ostrich.html )
CYBER CRIME HAS BECOME THE NUMBER ONE PROPERTY CRIME IN AMERICA AND IN 2014 1 IN 7 WILL BE VICTIMS
Part 1
Target: Retail Credit Card Thefts, Frogs, Ostriches and the barn door: Why we will continue to see credit card thefts.
TJMAX had a major breach in 2005 and didn’t know about for 18 months. The same fundamental problems caused the recent Target breach and will continue to plague government, retail and brick and mortar networks for years to come. Find out why a frog won’t let itself get boiled, and learn why humans are the only ones silly enough to bury their heads in the sand as we look at the core problems facing these institutions today.
Part 2
“I am a small company or just an individual, what do hackers want from me and how do they get it?”.
Think you are safe? You have nothing to lose? Nothing the hackers want? Think again. Turn every computer system you own off or use for 7 days and tell me you have nothing valuable. Hackers are after anything they can sell, from your list of customers to your web browser ‘favorites’ list. Find out several simple steps you can take to keep the hackers (and the government) out of your business.
During the 24th of October CollabDays BeNeLux, I did a session on the current and new functions for Information Protection. Including endpoint DLP. These are the slides for this session.
5 Security Questions To Ask When Deploying O365Bitglass
Migrating to Office 365 introduces several new avenues for data leakage: one-click sharing, desktop sync clients, unmanaged device access, and more. Particularly risky for organizations subject to compliance mandates. In this webinar, we'll detail the security gaps in Office 365 and explore how new approaches to cloud security can help mitigate the threat of data leakage with real-world use cases. Join our webinar to find out which questions you should be asking about Office 365 security.
Veeam backup for Office 365 is a product that lets you backup Exchange Online mailboxes . This product can be combined with Microsoft Azure to give a cloud-to-cloud backup as a service solution to customers.
June 2020 Microsoft 365 Need to Know WebinarRobert Crane
Slides from CIAOPS June webinar that provided Microsoft 365 news update, open Q & A as well as a focus session on information labels. Video recording is available at www.ciaopsacademy.com
Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)Bitglass
As organizations transition from on-premise data storage and device-centric security to the cloud, the need for a data-centric solution becomes critical. Enterprises need to protect data in the cloud, at access, on the network, and across all devices. While cloud app vendors now offer robust functionality, they lack the level of granular control and deep visibility many organizations need, either for compliance purposes or simply to enable an increasingly mobile workforce.
Join Bitglass and CSA to learn how Cloud Access Security Brokers can protect data in the cloud by providing comprehensive security and real-time data protection. In this webinar, you will learn how CASBs leverage APIs and proxies to control data on both managed and unmanaged devices, enabling secure SaaS and BYOD.
Office365 in today's digital threats landscape: attacks & remedies from a hac...Benedek Menesi
Office 365 environments are very attractive targets for attackers. So, it's never been more important to understand how its security structure works, and how to best configure it.
In this in-depth session, we'll run through real-time attack scenarios and examine common attack vectors. And then we'll explore the various defense capabilities of Office 365, the MS Graph API, and Azure AD. We'll deep-dive into external sharing, authentication options, third-party application security (what apps should and shouldn't be able to do), and even some do's and don'ts regarding Azure AD endpoints and authorization mechanisms.
You'll walk away with a solid understanding of how to use the Office 365 defense tools at your disposal, such as the Attack Simulator and Threat Intelligence, as well as how they relate to real-world attacks.
Office 365 Security: How to Safeguard Your DataBitglass
Greg Schaffer, CISO at FirstBank and Rich Campagna, VP of Products at Bitglass, provide practical cloud security advice that you can apply immediately in your organization.
Focusing on O365 but offering a broad view, Greg and Rich will cover top concerns, mitigating controls and give examples of how your peers have responded to the cloud security challenge.
July 2021 Microsoft 365 Need to Know WebinarRobert Crane
Recording of monthly Need to Know webinar for July 2021 that focused on providing a deep dive into email security. The session also includes Microsoft Cloud news and updates along with an open Q and A session around Microsoft 365. Video recording is available at www.ciaopsacademy.com
The Notorious 9: Is Your Data Secure in the Cloud?BCS ProSoft
The first part of this presentation is designed to scare the cloud out of you by talking about some of the common and often overlooked concerns with cloud security. Then we'll bring you right back by showing you how cloud technology publishers as well as VARS, like BCS Prosoft are taking steps to mitigate potential threats and keep you business up and running 24/7/365.
Whenever people talk of vampires, it’s difficult to know exactly what they mean because the ‘vampire’ has transformed from the stalking, undead minion of fear to the romanticized (and usually erotic) tragic character of modern American culture.
Your organisation’s data are now everywhere: on your servers and your desktop PCs; on your employees’ smart phones, tablet computers and laptops; on social networks; and in public clouds. Some of these data require special protection but they also need to be accessed remotely, which makes security a considerable challenge. Can you trust public clouds to keep your data safe and secure? Can you trust your own internal systems? And on what criteria and risk management strategies should you base your trust? -- Dr Mark Ian Williams's presentation at the April 2012 'Why Cloud? Why now?' conference at the headquarters of the Institute of Chartered of Accountants of England Wales.
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
Trends like the increased use of cloud computing by businesses and their vendors introduce new complexities in reducing risk and assessing security across the supply chain. Demonstrating continuous risk reduction and compliance with internal policies and external regulations, fixing violations and configuration drift, centrally managing exceptions, and documenting progress are all common challenges.
The Center for Internet Security’s (CIS) Critical Security Controls (CSCs) were selected and prioritized by leading security experts to stop today’s most common and serious cyber threats. By implementing these controls, organizations can improve their security posture and reduce the risk of threats to critical assets, data, and network infrastructure.
In this webcast SANS Senior Analyst John Pescatore and Tim White, Director of Product Management for Qualys Policy Compliance (PC), discuss how you can achieve continuous security and compliance, and leverage Qualys solutions to address all 20 CSCs.
The presentation encompasses:
• An overview of the CIS Critical Security Controls, including ongoing updates
• Success patterns organizations have demonstrated for using the controls to their advantage
• How an automation can reduce the staffing load to determine whether controls are in place and effective
• How to prioritize remediation efforts
• Real-world examples of recent attacks that leveraged misconfigured systems
Watch the on-demand webcast: https://goo.gl/j6Posx
Deployment of security countermeasures and –processes across public-, private- or hybrid cloud IT implementations.
How to deploy and manage security in dynamic environments - even in highly regulated environments.
Lastly, how security can support rather than interfere with IT management processes.
Guest lecture on web application security, presented to students at the Indianapolis campus of The Iron Yard on November 9, 2016. This presentation was a basic overview/introduction to security, discussed the CIA Triad, why security is difficult, what happens if we don't do security right, what developers can do to enhance security, and included a brief overview of the OWASP Top Ten.
March 2021 Microsoft 365 Need to Know WebinarRobert Crane
Slides from CIAOPS March 2021 webinar that provided Microsoft 365 news update, open Q & A as well as a focus session on security. Video recording is available at www.ciaopsacademy.com
IBM i is securable BUT not secured by default. To help protect your organization from the increasing security threats, you must take control of all access points to your IBM i server. You can limit IBM i security threats by routinely assessing your risks and taking control of logon security, powerful authorities, and system access.
With the right tools and process, you can assure comprehensive control of unauthorized access and can trace any activity, suspicious or otherwise, on your IBM i systems.
Watch this on-demand webcast to learn:
• How to secure network access and communication ports
• How to implement different authentication options and tradeoffs
• How to limit the number of privileged user accounts
• How Precisely’s Assure Security can help
Keynote on why you should make Infosec a board level strategic item, how you should raise it to this level and how to approach Information Security strategically
Protecting Your Business - All Covered Security ServicesAll Covered
All Covered is a nationwide provider of IT services and security. This presentation highlights the most essential factors that businesses need to be aware of when implementing their security plan. It shows how any company, regardless of size, is at risk with external, and internal, security threats.
Whether you own a small, medium, or large business, IT security should be at the forefront of any discussion. It is better to be proactive and prevent an attack from happening than having to pick up the pieces after the damage has already been done to your business.
Deploying the right controls, in the right places, for the right reasons is a critical function of any security program. This presentation explores how to optimize existing controls, and when to consider new controls, so you can focus more on operations and less on new fads, while greatly improving your security posture.
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
Cyber Security and the Impact on your BusinessLucy Denver
With cyber scams costing UK businesses an estimated £4.14bn* in lost data, reputational damage and online theft every year, Cyber Security is rapidly climbing the priority list of directors across the UK. This presentation will help you to:
- spot the most common cyber attacks, defend your business and protect your critical data if the worst does happen;
- understand the impact of GDPR on your business and how to protect yourself against expensive data losses.
A discussion of the risks of cloud computing. While the cloud has compelling benefits, we need to evaluate and mitigate the risks - this presentation identifies some risk categories to consider in using the cloud.
Security For Business: Are You And Your Customers Safewoodsy01
This presentation takes a look at issues affecting cyber-security. It also covers some of SHBO Technologies\' capabilities of supporting and protecting clients.
Similar to Defending Today's Threats with Tomorrow's Security by Microsoft by Aidan Finn (20)
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
3. www.mwh.ie I
About Aidan Finn
• MVP, Cloud & Datacenter
Management (Hyper-V)
• Experienced with Azure, Hyper-V,
Windows Server/Desktop, System
Center, and IT infrastructure
• http://www.aidanfinn.com
• http://www.petri.com/author/aidan-finn
• @joe_elway
• aidanfinn.com
Technical Sales Lead, MicroWarehouse
4. www.mwh.ie I
About MicroWarehouse
• Irish owned/located distributor
• Park West, Dublin 12
• Distributors for:
• Microsoft on-premises & cloud
• Microsoft Surface
• DataOn for Storage Spaces
• Gridstore for Hyper-Convergence
• SkyKick for Office 365 backup
• And many more
• Value added distribution:
• Much more than selling licenses
• Get your licensing right
• Sales education
• Technical training
Value Added Distribution
5. www.mwh.ie I
Entire Hyper-V cluster for a small-mid business in 2U
12 x clustered data drives (e.g. 4 x SSD + 8 x HDD)
1023W (1+1) redundant power
2 x clustered Hyper-V hosts, each with:
o 2 x Intel® Xeon® E5-2600v3 (Haswell-EP)
o DDR4 Reg. ECC memory up to 512GB
o 2 x 1G SFP+ & IPMI management “KVM over IP” port
o 2 x PCI-e 3.0 x8 expansion slots
o 1 x 12Gb/s SAS x4 HD expansion port
o 2 x 2.5” 6Gb/s SATA OS drive bays
8. www.mwh.ie I
Microsoft Security in the Past
• Am not talking about:
• Firewall/proxy
• Anti-malware
• Etc
• Microsoft admitted that there were better
vendors
• Many partner with MSFT
• Featured in Azure Marketplace
Forefront was Microsoft’s old brand for security products
10. www.mwh.ie I
The Nature of Attacks
How are we being attacked?
• The first 48 hours are critical:
• Detection
• Analysis
• Remediation
• It takes over 200 days to discover a cyber
breach
• 70 days to contain a malicious insider
Symantec 2015 Internet Security Threat Report
• 74% of small businesses were breached in
2015
UK Government 2015 Information Security Breaches Survey
• 60% of compromises took just minutes
Verizon 2015 Data Breach Investigations Report
• 55% of attacks were carried out by insiders
IBM 2015 Cyber Security Intelligence Index
11. www.mwh.ie I
Fear of the Floppy is Failing
Attackers have moved on – why have you not?
• New wave of attacks:
• DDOS
• Crypto-ware
• Phishing
• Spear Phishing
• Watering holes
• Zero-day
• Deep Web / DarkNet
• Top origins of breaches:
• Malware: 5%
• Staff deliberate: 10%
• 3rd party supplier accident: 18%
• Organised crime: 23%
• Staff accident: 26%
UK 2015 INFORMATION SECURITY BREACHES SURVEY
13. www.mwh.ie I
How Secure are your Accounts?
• 75% of individuals use only three or four
passwords
Source: Security Week
• Over 60% of all network intrusions are
traced back to credentials
• Remember that 60% of intrusions took just
minutes?
• Compromised credentials lead to easy
attacks
• Weak passwords: Password123, Monkey, Dragon
• Stolen passwords – phishing is easy
• User education is not enough
Old problem that is more vulnerable in the cloud
15. www.mwh.ie I
ATA Availability
• Licensed per-user
• Available via:
• Open: Pre-purchase
• CSP: Pre-pay per month
• Packaging:
• By itself
• Part of Enterprise Mobility + Security (EMS)
Licensing
16. www.mwh.ie I
Enterprise Mobility + Security (EMS)
• Licensed per-user
• Up to 5 devices per user
• Available via:
• Open: Pre-purchase
• CSP: Pre-pay per month
• Contains:
• Advanced Threat Analytics (ATA)
• Azure Rights Management Services (RMS) *
• Microsoft Intune
• Azure AD (AAD) Premium
• Previous webinar: An Introduction to EMS
• http://www.mwh.ie/webinar-recording-microsoft-ems-with-
aidan-finn-1
* See Azure Information Protection
A Reminder
18. www.mwh.ie I
You Cannot Ban The Cloud
• Internet access = cloud access
• Users will find a way
• DropBox, Salesforce, etc
• Where is business data going?
• Accidental/deliberate leakage
• Regulatory compliance eroded
• Embrace the cloud … but take control
It’s like herding cats
19. www.mwh.ie I
What Cloud App Security Does
• Monitor usage via
firewall logs
• Integrate with
13,000+ SaaS
apps
• Create policy
• Control document
flow & monitor ID
Take control of SaaS
20. www.mwh.ie I
Cloud App Security Availability
• Licensed per-user
• Available via:
• Open: Pre-purchase
• CSP: Pre-pay per month
• Packaging:
• By itself
• Part of Enterprise Mobility + Security (EMS) E5
(QTR 4 2016)
Licensing
22. www.mwh.ie I
Data is Like Water
• Personal email
• USB sticks, phones, tablets
• What if:
• The employee joins a competitor?
• A customer forwards your pricing to a competitor?
• Data is stolen?
• Files are leaked to the press?
• Legacy solutions don’t work:
• Blocking/breaking USB
• Disk encyrption
It will always find a way to leak
23. www.mwh.ie I
What Azure Information Protection Offers
Manage documents & emails no matter where they are
24. www.mwh.ie I
Azure Information Protection Availability
• Availability:
• Sold as Azure Rights Management now
• Licensed per-user
• Available via:
• Open: Pre-purchase
• CSP: Pre-pay per month
• Packaging:
• By itself
• P1 available now as Azure Rights Management
• P2 adds automatic classification (QTR 4 2016)
• With the Enterprise Mobility Suite (EMS)
• Automatic classification in EMS E5 (QTR 4 2016)
Coming soon to a cloud near you
26. www.mwh.ie I
How do you Secure Cloud Deployments
• Point solutions aren’t working together
• Example:
• Increased activity on a database server
• Unusually high amount of traffic going to East
Europe
• And no one notices!
Same problem with on-premises security
27. www.mwh.ie I
How do you Secure Cloud Deployments
• Azure monitors all aspects of
feature deployment.
• Partner appliances also
supply data.
• Microsoft sees nature of
threats to you, other
customers, and Microsoft.
• Azure Machine Learning
analyses data.
• Can detect issues that point
solutions cannot.
• Centralized management (by
you) of all deployments in the
subscription, by policy.
Same problem with on-premises security
30. www.mwh.ie I
Advanced Security Management
• Threat detection
• Alerted when anomalies occur
• Repeated failed login
• Impossible login
• Enhanced control
• Customisable policies
• Logins from risky IP addresses
• Admin rights being granted
• Automatically suspend users
• Discovery & insights
• How is O365 being used
• Is there much shadow IT?
Office 365 E5 or per-user add-on to other E-plans
31. www.mwh.ie I
Exchange Online Advanced Threat Protection
• Changing nature of
attacks:
• Email is an easy vector
• Zero-day malware is detected
never after the damage is done
• It is disguised as business file
• Normal scanning takes
place
• Files & URLs
• Attachments sent to a
cloud “detonation
chamber”
• Any malware is encouraged to
trigger in the sandbox
• Reports:
• Who is being attacked
• Nature of attack
Included in E5, can add to other plans
32. www.mwh.ie I
Information Protection
• Data Loss Prevention for Emails
• Office 365 Pro Plus, E3, E5
• OneDrive & SharePoint
• Policies ID sensitive data
• Prevent unwanted operations
• Compliance
• E1, E3, E5
• Exchange, SharePoint & OneDrive
• Archive
• Auditing
• eDiscovery
Perfect for accountants, solicitors, sales, medical & similar
34. www.mwh.ie I
Oh Really?
• 74% of SMEs breached
• Up from 60% in 2014
• Median of 4 breaches per
SME
• The nature of attacks is that
they are more targeted
• SMEs are not immune by size
• Average cost to SME was
£75K - £311K
• Up from £65K - £115K
• 44% of SMEs increased
security spending
• Up from 27% in 2014
UK 2015 INFORMATION SECURITY BREACHES SURVEY
How much are the costs lost business & IT upgrades afterwards?
Credit: Foca.tk
35. www.mwh.ie I
Cloud Solution Provider (CSP) Reseller Channel
Cloud-based billing
• Per-month billing
• No CAPEX
• Save customer funds for business operations
• No long-term commitment
• Partners resell the service to the
customer
• Partner owns the customer/invoicing relationship
• MicroWarehouse is a CSP distributor
• Handles all the Microsoft complexity
• Sells to Microsoft partners
37. www.mwh.ie I
Value-Added Distribution
• Keep an eye on http://learn.mwh.ie
• Follow @MWHDistribution
• Or take our mailshots off your junk mail filter
• August 4th:
• Affordable Hyper-V Clustering for the
Small/Medium Enterprise & Branch Office
• Go to http://learn.mwh.ie/ for details & to register
We will do our best to help
38. www.mwh.ie I
Thank You!
Aidan Finn
aidanfinn@mwh.ie
@joe_elway
aidanfinn.com
http://learn.mwh.ie
@MWHDistribution
Watch out for emails about future events!