Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
Intelligence-based computer network defence: Understanding the cyber kill cha...Huntsman Security
An overview of the cyber-security kill chain concept and the implications for computer security and network defence using real-time anomaly detection, threat intelligence and intelligence response.
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
El panorama de amenazas en evolución basado en nuestro ISTR (Reporte de Anual de Amenazas en Internet Vol. 24) recientemente publicado, refleja las últimas tendencias y cómo se aplican a Colombia y América Latina. Las principales tendencias de transformación digital, como la nube y la movilidad, junto con los nuevos desafíos de seguridad han cambiado el panorama de ciberseguridad por lo que la estrategia debe enfocarse en términos de riesgos clave, regulaciones y hallazgos sobre la madurez de la seguridad. Recomendaciones para enfocar y mejorar las posturas de ciberseguridad para abordar estas tendencias, incluidos los marcos clave, las tecnologías, los procesos y los cambios culturales son parte integral de los pasos a seguir.
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
Gain valuable insight whether you’re well on your way to Zero Trust implementation or are just considering it. Watch the original webinar here https://www.symantec.com/about/webcasts?commid=347274.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
El control de cuentas y accesos privilegiados enfrenta la realidad actual que involucra complejidad de ambientes de nube, sistemas y plataformas SAAS, así como sistemas legados y bajo premisa. ¿Cómo se adecúan los productos de administración de accesos actuales a esta realidad tecnológica? ¿En torno a qué deben estar listas estas soluciones?
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
Intelligence-based computer network defence: Understanding the cyber kill cha...Huntsman Security
An overview of the cyber-security kill chain concept and the implications for computer security and network defence using real-time anomaly detection, threat intelligence and intelligence response.
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
El panorama de amenazas en evolución basado en nuestro ISTR (Reporte de Anual de Amenazas en Internet Vol. 24) recientemente publicado, refleja las últimas tendencias y cómo se aplican a Colombia y América Latina. Las principales tendencias de transformación digital, como la nube y la movilidad, junto con los nuevos desafíos de seguridad han cambiado el panorama de ciberseguridad por lo que la estrategia debe enfocarse en términos de riesgos clave, regulaciones y hallazgos sobre la madurez de la seguridad. Recomendaciones para enfocar y mejorar las posturas de ciberseguridad para abordar estas tendencias, incluidos los marcos clave, las tecnologías, los procesos y los cambios culturales son parte integral de los pasos a seguir.
Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...Symantec
Gain valuable insight whether you’re well on your way to Zero Trust implementation or are just considering it. Watch the original webinar here https://www.symantec.com/about/webcasts?commid=347274.
RETOS ACTUALES E INNOVACIÓN SOBRE EL CONTROL DE ACCESOS PRIVILEGIADOS.Cristian Garcia G.
El control de cuentas y accesos privilegiados enfrenta la realidad actual que involucra complejidad de ambientes de nube, sistemas y plataformas SAAS, así como sistemas legados y bajo premisa. ¿Cómo se adecúan los productos de administración de accesos actuales a esta realidad tecnológica? ¿En torno a qué deben estar listas estas soluciones?
Advanced threat security - Cyber Security For The Real WorldCisco Canada
Cisco delivers intelligent cybersecurity for the real world, providing one of the industry's most comprehensive advanced threat protection portfolio of solutions and services that are integrated, pervasive, continuous and open.
Cisco's threat-centric approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection across the entire attack continuum, allowing customers to act smarter and more quickly -- before, during, and after an attack.
More information on security here: http://bit.ly/1paUnZV
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoCristian Garcia G.
Para trabajar en un ecosistema digitalmente transformado, los directores de sistemas de información y otros líderes empresariales tienen que navegar en un entorno de amenazas a la seguridad en constante cambio. Las soluciones de Next Gen Security (NGS) son soluciones de seguridad optimizadas para trabajar mejor con la escala masiva y cobertura expansiva de la Tercera Plataforma. Aunque 7 de cada 10 empresas afirman estar en el proceso de implementar una solución más de seguridad de nueva generación, 3 de esos 7 no tendrá éxito por la falta de competencia interna, por lo que el tema de seguridad es cada día más crítico”. Akamai ofrece un rendimiento a escala con la solución de distribución en la nube más grande y confiable del mundo. Sus recursos se escalan de forma que sus clientes no tengan que hacerlo. Akamai tiene una visibilidad sin igual de las propiedades más atacadas en la web y obtiene inteligencia ante amenazas continuamente a partir de inspecciones avanzadas tanto del tráfico bueno como del malo.
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
La transformación digital es toda una nueva estrategia para orientar a las organizaciones a ser cada más efectivas en el retorno de inversión de cada $1. El departamento de tecnología de información es el pilar fundamental para liderar dicho esfuerzo sin embargo los retos, riesgos e impactos son mayores cada vez que los cibercriminales aumentan en cantidad, incentivos y capacidad. En esta charla veremos las últimas tendencias de ataques, historias de ciberguerras reales que hemos enfrentado directamente en Estados Unidos y Europa así como la forma en que hemos administrado el riesgo mitigando el impacto.
The session focuses The session focuses how EDR detects suspicious or threatening activity on endpoints. EDR constantly monitors endpoints allowing for immediate response. The information collected from the monitoring process is recorded to be analysed and investigated to enable response.
The session is handled by Mr.Ranjit Sawant, Regional Security Architect (APAC), FireEye Inc.
With over 16 years’ experience in Information Security, he has been working with various verticals such as BFSI, IT Services and Manufacturing.Being a technocrat, Ranjit worked on technologies pertaining to Endpoint, Network, Application Security and since last 8+ years his focus & investment is on Advance Threat Protection Solutions.
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
The purpose of the session is to ensure security on the rapidly scaled work from Home situations during the COVID-19 outbreak. The objective is to ensure that they can securely and rapidly connect to all of their applications, including SaaS, cloud, and data-center applications.
The session will be delivered by Mohammad Faizan Sheikh, Channel Systems Engineer, India & SAARC for Palo Alto Networks..
Ransomware webinar may 2016 final version externalZscaler
In the last few years, ransomware has taken the cybercrime world by storm. CryptoWall 3.0, one of the most lucrative and broad-reaching ransomware campaigns, was alone responsible for 406,887 infection attempts and accounted for about $325 million in damages in 2015.1 And, according to the Institute for Critical Infrastructure Technology, ransomware promises to wreak more havoc in 2016.
While individual users were once the preferred target of ransomware, perpetrators have increasingly set their sights on businesses and organizations. And you can bet that with larger targets, the ransom demands will increase accordingly.
Are you prepared for such an attack?
In this presentaiton we will highlight how ransomware can impact your business and why legacy security solutions don’t stand a chance against such threats.
Cloud has changed the way we use computing and can yield significant economic, collaborative and efficiency benefits. But with this increased adoption, at both the personal & business level, comes increased exposure to potential risks, threats and attacks. This talk will introduce the fundamentals of cloud security, how cloud service and deployment models influence security, and practices that we can all undertake for threat and risk protection.
Do you know the internal signs of a compromise? This deck takes you through the process our Mandiant services teams go through to help discover if an organization has been compromised. You can also view the full webinar here: https://www.brighttalk.com/webcast/10703/187133?utm_source=SS
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaCristian Garcia G.
Hoy en día, una media de más de 1000 aplicaciones Cloud se está utilizando en cada empresa, de las cuales, el 98% se categoriza como «Shadow IT», lo cual significa que la dirección IT no las controla.
Además, 80% de la información que sale afuera de las empresas se comparte utilizando aplicaciones Cloud. Y más de 50% del acceso y uso de las aplicaciones Cloud se realiza desde fuera de las redes corporativas.
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
Cognitive Threat Analytics is a technology that analyzes web requests to identify Command & Control traffic, identifying threats that are currently present in a network. It is currently available across the entire Cisco Web Security portfolio, including Cloud Web Security (CWS) and the Web Security Appliance (WSA). To learn more, watch this webinar: http://cs.co/9000BuggO
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
A hybrid Architecture is one of the easiest ways to securely address new application requirements and cloud-first development initiatives. This approach allows you to start small and expand as your requirements change while maintaining a strong security posture. In this session, you will learn the 5 key steps to building a hybrid architecture using the VM-Series next-generation firewall.
Speaker: Bisham Kishnani, Consulting Engineer (APJC) – DataCenter & Virtualization, Palo Alto Networks
Advanced threat security - Cyber Security For The Real WorldCisco Canada
Cisco delivers intelligent cybersecurity for the real world, providing one of the industry's most comprehensive advanced threat protection portfolio of solutions and services that are integrated, pervasive, continuous and open.
Cisco's threat-centric approach to security reduces complexity, while providing unmatched visibility, continuous control and advanced threat protection across the entire attack continuum, allowing customers to act smarter and more quickly -- before, during, and after an attack.
More information on security here: http://bit.ly/1paUnZV
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoCristian Garcia G.
Para trabajar en un ecosistema digitalmente transformado, los directores de sistemas de información y otros líderes empresariales tienen que navegar en un entorno de amenazas a la seguridad en constante cambio. Las soluciones de Next Gen Security (NGS) son soluciones de seguridad optimizadas para trabajar mejor con la escala masiva y cobertura expansiva de la Tercera Plataforma. Aunque 7 de cada 10 empresas afirman estar en el proceso de implementar una solución más de seguridad de nueva generación, 3 de esos 7 no tendrá éxito por la falta de competencia interna, por lo que el tema de seguridad es cada día más crítico”. Akamai ofrece un rendimiento a escala con la solución de distribución en la nube más grande y confiable del mundo. Sus recursos se escalan de forma que sus clientes no tengan que hacerlo. Akamai tiene una visibilidad sin igual de las propiedades más atacadas en la web y obtiene inteligencia ante amenazas continuamente a partir de inspecciones avanzadas tanto del tráfico bueno como del malo.
Empowering Digital Transformation in Financial ServicesCristian Garcia G.
La transformación digital es toda una nueva estrategia para orientar a las organizaciones a ser cada más efectivas en el retorno de inversión de cada $1. El departamento de tecnología de información es el pilar fundamental para liderar dicho esfuerzo sin embargo los retos, riesgos e impactos son mayores cada vez que los cibercriminales aumentan en cantidad, incentivos y capacidad. En esta charla veremos las últimas tendencias de ataques, historias de ciberguerras reales que hemos enfrentado directamente en Estados Unidos y Europa así como la forma en que hemos administrado el riesgo mitigando el impacto.
The session focuses The session focuses how EDR detects suspicious or threatening activity on endpoints. EDR constantly monitors endpoints allowing for immediate response. The information collected from the monitoring process is recorded to be analysed and investigated to enable response.
The session is handled by Mr.Ranjit Sawant, Regional Security Architect (APAC), FireEye Inc.
With over 16 years’ experience in Information Security, he has been working with various verticals such as BFSI, IT Services and Manufacturing.Being a technocrat, Ranjit worked on technologies pertaining to Endpoint, Network, Application Security and since last 8+ years his focus & investment is on Advance Threat Protection Solutions.
Secure Access – Anywhere by Prisma, PaloAltoPrime Infoserv
The purpose of the session is to ensure security on the rapidly scaled work from Home situations during the COVID-19 outbreak. The objective is to ensure that they can securely and rapidly connect to all of their applications, including SaaS, cloud, and data-center applications.
The session will be delivered by Mohammad Faizan Sheikh, Channel Systems Engineer, India & SAARC for Palo Alto Networks..
Ransomware webinar may 2016 final version externalZscaler
In the last few years, ransomware has taken the cybercrime world by storm. CryptoWall 3.0, one of the most lucrative and broad-reaching ransomware campaigns, was alone responsible for 406,887 infection attempts and accounted for about $325 million in damages in 2015.1 And, according to the Institute for Critical Infrastructure Technology, ransomware promises to wreak more havoc in 2016.
While individual users were once the preferred target of ransomware, perpetrators have increasingly set their sights on businesses and organizations. And you can bet that with larger targets, the ransom demands will increase accordingly.
Are you prepared for such an attack?
In this presentaiton we will highlight how ransomware can impact your business and why legacy security solutions don’t stand a chance against such threats.
Cloud has changed the way we use computing and can yield significant economic, collaborative and efficiency benefits. But with this increased adoption, at both the personal & business level, comes increased exposure to potential risks, threats and attacks. This talk will introduce the fundamentals of cloud security, how cloud service and deployment models influence security, and practices that we can all undertake for threat and risk protection.
Do you know the internal signs of a compromise? This deck takes you through the process our Mandiant services teams go through to help discover if an organization has been compromised. You can also view the full webinar here: https://www.brighttalk.com/webcast/10703/187133?utm_source=SS
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaCristian Garcia G.
Hoy en día, una media de más de 1000 aplicaciones Cloud se está utilizando en cada empresa, de las cuales, el 98% se categoriza como «Shadow IT», lo cual significa que la dirección IT no las controla.
Además, 80% de la información que sale afuera de las empresas se comparte utilizando aplicaciones Cloud. Y más de 50% del acceso y uso de las aplicaciones Cloud se realiza desde fuera de las redes corporativas.
Identify Zero-Day Breaches with Cognitive Threat Analytics on Cisco Web Secur...Cisco Security
Cognitive Threat Analytics is a technology that analyzes web requests to identify Command & Control traffic, identifying threats that are currently present in a network. It is currently available across the entire Cisco Web Security portfolio, including Cloud Web Security (CWS) and the Web Security Appliance (WSA). To learn more, watch this webinar: http://cs.co/9000BuggO
5 Steps to a Secure Hybrid Architecture - Session Sponsored by Palo Alto Netw...Amazon Web Services
A hybrid Architecture is one of the easiest ways to securely address new application requirements and cloud-first development initiatives. This approach allows you to start small and expand as your requirements change while maintaining a strong security posture. In this session, you will learn the 5 key steps to building a hybrid architecture using the VM-Series next-generation firewall.
Speaker: Bisham Kishnani, Consulting Engineer (APJC) – DataCenter & Virtualization, Palo Alto Networks
Palo Alto Networks - инновационная платформа сетевой безопасности ядром которой является next generation firewall, на базе уникальной, разработанной PA Networks технологии App-ID, обеспечивает безопасность сети на уровне приложений, пользователей и контента с использованием как физической так и виртуальной архитектуры. Решения сетевой защиты PAN соответствуют самым высоким требованиям к сетевой безопасности, как по производительности так и по функциональности, и являются безусловными лидерами отрасли, что подтверждено отчетами Gartner, количеством пользователей и растущим объемом продаж компании.
On December 1st 2015, Lars Putteneers gave a presentation on Sophos Cloud during the Sophos Security Day. Sophos Cloud is the fastest growing and most innovative product within Sophos' product portfolio.
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
On April 15, 2015, Scalar hosted our Security Roadshow in Toronto where we'll be focused on defence in three key areas - endpoint, application, and network. Led by our team of experts, these quick-fire, interactive sessions will arm you with the knowledge you need to improve your cyber security posture in some of the most common areas of vulnerability.
Defend the Endpoint with Bromium
Bromium is a new security protection tool for the host that relies on task-based virtualization. In this demo we'll look at how Bromium runs and protects the endpoint. We'll invite 0days from the audience and bring our own to show how the system really works. Much like how each virtual server is contained in a hypervisor, with Bromium each individual task on a host is contained in its own task-based virtual container. If you’ve ever looked at the Windows Task Manager, or the output of a Unix ‘ps’ process list, imagine if each group of processes, that makes up the task, was contained in its own hypervisor. That can be 40-50 tasks or more, each isolated in its own little hypervisor with no real access to the host.
Why is task virtualization helpful? By keeping each task in its own hypervisor, Bromium gives you a bottoms-up view of each individual task’s behaviour – without impacting system performance. If each process is contained in its own hypervisor, it’s easy to see when a process begins spawning other activities or creating any unusual traffic. Basically, it can very easily identify anything shifty. This is the most granular level of inspection you can get at a host level – Bromium is there at the very beginning when the virus begins to execute.
Defend the Application with WhiteHat
In this session we will look at a newer approach to application security and penetration testing, which combines persistent and automated testing processes to continuously monitor applications for vulnerabilities, as well as deep inspection of the business logic by trained specialists. This approach exceeds newer PCI 3 requirements and provides ongoing assurance that web application vulnerabilities are quickly detected and tracked to remediation.
We'll walk through the WhiteHat Security client management portal and discuss the WhiteHat methodology that can now be used, by you, to leverage the 150+ application specialists at WhiteHat to build a continuous application assessment process for your company's active web applications and software development teams.
Defend the Network with LogRhythm
As the security landscape changes, Security Information and Event Management (SIEM) tools that detect and investigate security breaches and threats have become increasingly complex to implement, integrate, and support. Inefficient solutions leave organizations slow to defend against and respond to complex attacks.
LogRhythm’s Security Intelligence Platform has removed the complexity from SIEM, while leveraging real-time threat intelligence with behavioural an
Session delivered by Scalar on Network Functions Virtualization. NFV allows for:
Rapid Service Deployment
– Ability to template and image NFV devices
– Deployment is as easy as copying an image and
spinning up a new VM
– Integration with Orchestration Stack
Elasticity
– Ideal for situations where temporary but large
scale increases in traffic and services exist
Lower Deployment Costs
– No additional hardware to purchase, as long as
resources exist in virtual environment
Presentations from the Toronto Stop of the Scalar Security Roadshow on March 4, covering technologies from Palo Alto Networks, F5, Splunk, and Infoblox.
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
Responding to cyber incidents is not what it used to be, the landscape has changed considerably; proactive response now requires the use of many tools and extensive coordination and expertise. Adding to the complexity is the common confusion between IR and forensics. Where does forensics begin and incident response start? What incidents require forensic investigation? And what should you know to pull the pieces together?
Embarking on creating an incident response (IR) program can be challenging and frustrating. This presentation discusses that in order to adequately prepare for security incidents you need an IR framework that can lay the foundation for your IR plan and in turn help describe attacks. Describing attacks is important because you cannot respond to what you cannot identify.
VERIS will be used as an example framework to help you along your path in creating a successful cyber response program.
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.
Scalar Decisions: Emerging Trends and Technologies in Storagepatmisasi
From a Feb 2014 TGIF Lunch and Learn event in Toronto, @Scalardecisions' Solution Architect Neil Bunn discusses key emerging trends in storage, (Flash, Object Storage, and Software Defined Storage.) including both concepts and vendor technologies applicable to each major theme.
TGIFs are FREE, technical sessions, helping our community understand architecture and deployment best practices
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
This session will provide details on the new law and its requirements, as well as address the current threat landscape, summarize existing data security laws in the U.S., discuss the new EU cyber directive, and continued impact of the Safe Harbor decision. We will disentangle these regulatory changes and challenges and provide tips and tricks for compliance.
EMC XtremIO and EMC Isilon scale-out architectures make them an ideal fit to handle the demanding Splunk requirements around intensive workloads. EMC brings the same enterprise-class data services to Splunk that earned them best of breed status across the board in area such Scale-Out NAS storage, data protection, compliance and performance tiering.
Steve Porter : cloud Computing SecurityGurbir Singh
A recording of the Northwest Regional meeting of the Institute of Information Security Professionals in Manchester on 5th July 2012. Stephen Porter from Trend Mirco Limited was on the theme of cloud computing security. Copyright of this presentation is held by the author, Stephen Porter.
Strengthening security posture for modern-age SaaS providersCloudflare
Businesses become more resilient in times of crises. This is especially true for SaaS businesses that are facing unprecedented challenges in this environment. While some are catering to a surge in traffic, others are figuring out innovative solutions to retain their customers. In addition, increasing malicious attacks are straining the resources of these SaaS businesses.
Now more than ever, it is important for SaaS providers to deliver an uninterrupted experience. One that is fast, secure, and reliable to their customers in a cost effective manner.
Join this webcast to learn more about how ActiveCampaign leverages Cloudflare to deliver meaningful services to their end users.
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.
Security O365 Using AI-based Advanced Threat ProtectionBitglass
Office 365 has garnered widespread adoption from enterprises due to its advantages such as ease of deployment, lower TCO, and high scalability. Additionally, it enables end-users to work and collaborate from anywhere and on any device. Although Office 365 enables IT to shift the burden for app and infrastructure to the cloud vendor, data security remains the responsibility of the enterprise. Given the limitations of native malware protection on Office 365, should the enterprise rely on Office 365 to protect their data from malware and ransomware?
Join Bitglass and Cylance for a discussion on malware protection solutions for Office 365. We will cover the limitations of native Office 365 malware protection as well as the benefits of AI and machine learning based approaches. We will wrap up the session by discussing how CASBs, with Advanced Threat Protection (ATP) capabilities, are uniquely positioned to protect cloud apps and end-points from malware attacks and proliferation.
The session will be focusing how cloud-native security platform can continuously discovers workloads, identifies risk, and enforces security policies in any multi-cloud environment. Additionally it will also cover the Automated policy generation through agent-less security controls makes protecting data and applications the easiest thing to do in the cloud.
The Speaker of the session will be Dr. Ratinder Paul Singh Ahuja, Founder and Chief Research and Development Officer, Shield X, USA
Dr. Ratinder leads ShieldX and its mission as its central pivot point. Drawing from a career as a successful serial entrepreneur and corporate leader, he brings his unique blend of business acumen, industry network and deep technical knowledge.
At his previous start-ups, Internet Junction, Webstacks and Reconnex he served as Chief Technology Officer and Vice President of the Mobile and Network Security Business Units. His knowledge of innovation and emerging trends in networking, network security, and data-loss prevention are derived from years of industry experience. Dr. Ahuja holds a BS in Electronics & Electrical Engineering from Thapar University, in India, and a Masters and Ph.D. in Computer Engineering from Iowa State University. Dr. Ahuja has been granted 61 patents for security-based technologies, and has presented in many public forums, including the Content Protection Summit, IC3, IEEE Computer Society, McAfee FOCUS, and the Cloud Expo.
A Different Approach to Securing Your Cloud JourneyCloudflare
Whether you are just exploring moving workloads to the cloud, or are fully cloud-enabled, one thing is certain: security has changed from a purely on-premise environment.
As cybersecurity risks continue to grow with more advanced attackers and more digital surface area, how you think about staying secure without compromising user experience must adapt.
During this talk, you will:
- Hear how global consistency, agile controls, and predictable costs are goals and principles that matter in this new environment
- Be able to evaluate your current plans against a "customer security model"
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...Amazon Web Services Korea
스폰서 발표 세션 | 클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic
채현주 보안기술본부장, Openbase
클라우드 환경의 다양한 서비스로 인해 자산을 지키는 보안을 위한 작업은 더욱 복잡해지고 있다. 기존 온프라미스에서 해 오던 방식으로 클라우드 보안에 접근하는 것은 비용 및 자원활용 측면에서도 낭비이며, 기술의 발전 속도를 따라가기도 어렵다. 본 세션에서는 클라우드 환경의 보안 특성을 살펴보고 효율적인 보안시스템 구축을 위한 가이드를 제시하며, 아울러 전문적인 보안 지식이나 자체 구축 보안시스템 없이도 즉시 활용할 수 있는 Alert Logic의 보안 서비스를 소개한다.
Journey to the Cloud: Securing Your AWS Applications - April 2015Alert Logic
James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers:
• The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS.
• Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections)
• Best practices for how to protect your environment from the latest threats
Detect and Respond to Threats Better with IBM Security App Exchange PartnersIBM Security
Since its launch a year ago, the IBM Security App Exchange has added over 60 apps to help extend the value of security solutions. In this webinar, meet three developers of the newest apps that help detect and respond to threats across networks and endpoints to improve security decision making and speed investigations.
Prevoty Runtime Application and Data Visibility for IBM QRadar provides real-time insights into application attacks, including the OWASP Top 10, data exfiltration and fraudulent behavior. Prevoty's solution is installed directly within an application and travels wherever it is deployed, in the cloud or on-premises. By using Prevoty, enterprises have unprecedented visibility and correlation across network, application and database activity.
Niara User and Entity Behavior Analysis for IBM QRadar reduces alert white noise and accelerates SOC attack response by utilizing QRadar data to provide a new dimension of analytics enabled by over 100 rule-less Machine Learning models designed to detect attacks that have evaded real time defenses while providing detailed forensic visibility.
Check Point Software SmartView for IBM QRadar consolidates monitoring, logging, reporting and event analysis into a single console to bring you comprehensive, easy-to-understand threat visibility to enable your security team to focus their efforts on the critical threats for forensic analysis within a unified console.
Join this webinar hosted by Russ Warren, IBM Security Intelligence Program Manager, to hear more about these apps and how they extend the power of IBM QRadar SIEM, and also how you can develop your own apps.
Similar to Disrupting the Malware Kill Chain - What's New from Palo Alto Networks. (20)
Companies realize, to be successful, they must transform and deliver an enriched and full experience for both customers and the employees by:
• Integrating the entire business to deliver the results the customer and employee want, at every touch point.
• Establishing a frictionless enterprise platform, governed by a new, flexible operating model with adaptive and easily configurable processes and systems.
Digital Transformation: Enriching the user experience through strategy, process, people, and technology.
Highlights of the 2017 Scalar Security Study – The Cyber Security Readiness of Canadian Organizations. The third annual Scalar Security Study examines the cyber security readiness of Canadian organizations and the trends in dealing with growing cyber threats.
Presentation from the 2016 Scalar Security Study Roadshow, highlighting the findings from the second annual Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, which examines trends among Canadian organizations in dealing with growing cyber threats.
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
Executive Summary of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016/
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...Scalar Decisions
Highlights of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016
CloudForms is a comprehensive IaaS cloud management platform that improves your virtual and cloud infrastructures with advanced capacity planning and resource management features.
Scalar & RedHat present a technical session to learn about CloudForms as the experts in cloud management!
Discussion Topics:
Red Hat and the Open Hybrid Cloud
Cloud Management & Orchestration using Cloud Forms
XtremIO finally delivers the breakthrough scale-out architecture, consistent performance, data reduction, thin provisioning, and manageability you’ve been waiting for in an enterprise flash array.
Hyperconverged Infrastructure: The Leading Edge of VirtualizationScalar Decisions
Hyper-convergence is today's leading edge of virtualization. Technologies have entered the market that have greatly simplified the deployment and maintenance of virtualized workloads. In this session, we will discuss the complexity associated with these types of highly virtualized environments and the modern approaches to reducing it.
Presentation from Scalar and NetApp discussing why CDOT is the promised land of storage and the future of NetApp, followed by a walk-through of the path to CDOT by one of Scalar's technical thought leaders.
The Cyber Security Readiness of Canadian OrganizationsScalar Decisions
Highlights of the 2015 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2015. The full report can be downloaded at: http://hubs.ly/y0tFbr0
Where Technology Meets Medicine: SickKids High Performance Computing Data CentreScalar Decisions
Case study look at the work Scalar conducted on the High-Performance Computing Data Centre at the Hospital for Sick Children (SickKids). The system is able to do 107 trillion calculations per second - one of the largest systems dedicated to health research.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
7. What’s Changed?
Known Threats
OrganizationalRisk
Zero-Day Exploits/Vulnerabilities
Unknown & Polymorphic Malware
Evasive Command-and-Control
Lateral Movement
Changing Application Environment
SSL Encryption
Mobile Threats
THE EVOLUTION OF THE ATTACK
9. App-ID
User-ID
URL
IPS
Spyware
AV
Files
Unknown
Threats
Bait the end-user Exploit
Download
Backdoor Command/Control
Block high-risk
apps – User
control
decryption
Block known
malware sites
Email links
Block the
exploit
Block malware
Prevent drive-
by-downloads
Detect 0-day
malware
Block new C2
traffic
Block spyware,
C2 traffic
Block fast-flux,
bad domains
Block C2 on
open ports
1 2 3 4 5
Lateral Movement /
Zero Trust
6
Exfiltration
Of Data
Block the
exploit
Block malware
Detect 0-day
malware
Block fast-flux,
bad domains
Block Files
Data Filtering
Block high-risk
apps – User
control
decryption
Block high-risk
apps – User
control
decryption
Breaking the Kill Chain at Every step
10. DETECT AND PREVENT THREATS AT EVERY POINT ACROSS THE
ORGANIZATION – NOT JUST THE INTERNET EDGE
At the internet
edge
Between
employees and
devices within the
LAN
At the data center
edge, and
between VM’s
At the mobile
device
Cloud
Within private,
public and hybrid
clouds
Requirements for the Future
11. 1. Application based security rules
Including the ability to decrypt flows
2. Rules based on User Identity/User Groups
3. Wildfire subscription to detect unknown malware
4. Threat Prevention subscription to enable dynamic prevention signatures for malware
5. URL (PAN-DB) subscription to enable dynamic prevention of malware Command &
Control
6. GlobalProtect to secure against the threat of time and to help assert Identity
Requirements for Security in Today’s Threat Landscape
14. Prevention of One Technique in the Chain will Block the Entire Attack
DLL
Security
IE Zero Day
CVE-2013-3893
Heap Spray
DEP
Circumvention
UASLR
ROP/Utilizing
OS Function
ROP
Mitigation/
DLL Security
Adobe Reader
CVE-2013-3346
Heap Spray
Memory Limit
Heap Spray
Check and
Shellcode
Preallocation
DEP
Circumvention
UASLR
Utilizing
OS Function
DLL
Security
Adobe Flash
CVE-2015-
3010/0311
ROP
ROP
Mitigation
JiT Spray J01
Utilizing
OS Function
DLL
Security
Memory
Limit Heap
Spray Check
Exploit Prevention Case Study
Unknown Exploits Utilize Known Techniques
15. Begin
Malicious
Activity
Normal Application
Execution
Heap
Spray
DEP
Circumvention
Utilizing
OS Function
Gaps Are
Vulnerabilities
Activate key logger
Steal critical data
More…
Exploit Attack
2. PDF is opened and exploit
techniques are set in motion to
exploit vulnerability in Acrobat
Reader.
1. Exploit attempt contained in a PDF
sent by “known” entity.
3. Exploit evades AV and drops a
malware payload onto the target.
4. Malware evades AV, runs in
memory.
Exploit Techniques
16. Normal Application
Execution
Heap
Spray
Traps
EPM
No Malicious
Activity
Exploit Attack
2. PDF is opened and exploit
techniques are set in motion to
exploit vulnerability in Acrobat
Reader.
1. Exploit attempt contained in a PDF
sent by “known” entity.
3. Exploit evades AV and drops a
malware payload onto the target.
4. Malware evades AV, runs in
memory.
Traps Exploit Prevention
Modules (EPM)
1. Exploit attempt blocked. Traps
requires no prior knowledge of the
vulnerability.
Exploit Techniques
17. Normal Application
Execution
Heap
Spray
DEP
Circumvention
No Malicious
Activity
Traps
EPM
Exploit Attack
2. PDF is opened and exploit
techniques are set in motion to
exploit vulnerability in Acrobat
Reader.
1. Exploit attempt contained in a PDF
sent by “known” entity.
3. Exploit evades AV and drops a
malware payload onto the target.
4. Malware evades AV, runs in
memory.
Traps Exploit Prevention
Modules (EPM)
1. Exploit attempt blocked. Traps
requires no prior knowledge of the
vulnerability.
2. If you turn off EPM #1, the first
technique will succeed but the next
one will be blocked, still preventing
malicious activity.
Exploit Techniques
22. Your DC is the target!
21% MS-RPC
15%
Web
Browsing
11% SMB
10% MS-SQL
Monitor
10%
MS-Office
Communicato
r
4%
SIP
3% Other
2% Active
Directory
2% RPC
1% DNS
25%
MS-SQL
10 out of 1,395
applications generated 97%
of the exploit logs
9of these were datacenter
applications
Source -- “Application Usage and Threat Report” (Palo Alto Networks) 2013 and 2014
24. VM-Series for AWS
Identify and control
applications traversing the
VPC
Prevent known and unknown
threats, inbound and EC2-to-
EC2
Streamline policy updates,
simplify management
Full next-generation firewall functionality for AWS
25. Identify and control applications traversing the VPC
Visibility: Classify all VPC traffic based on application identity
Control: Enable those applications you want, deny those you don’t
Authorize: Grant access based on user identity
RDP
SharePoint
Administrators
Marketing
26. Streamline management and policy updates
Centrally manage configuration and policy deployment of the VM-Series for AWS
Manage all Palo Alto Networks next-generation firewall instances, both
hardware and virtualized form factor
Aggregate traffic logs across multiple VM-Series for AWS instances for visibility,
forensics and reporting
Streamline policy updates with VM-Monitoring, Dynamic Address Groups and an
API
MS SQLSharePointWeb FE
Credit Card /
Intellectual Property / PII
Panorama
27. Deployment Scenarios
1. Gateway: Full NGFW security for all traffic traversing the AWS deployment
• Visibility, application control, prevention of known/unknown threats, access control based on user
2. Hybrid cloud (IPSec VPN)
• Extend enterprise datacenter to AWS: IPSec VPN + full NGFW feature set
3. VPC-to-VPC protection
• Control traffic between VPCs; block known and unknown threats from moving laterally
• A combination of gateway and hybrid within the VPC
4. GlobalProtect Gateway: Use VM-Series deployed across various AWS regions as a VPN gateway
• Secure mobile users anywhere by leveraging AWS infrastructure around the world
IPSec
VPN
IPSec VPN
End-Users over Internet
Corporate Network
28. GlobalProtect: Consistent Security Everywhere
•Headquarters •Branch Office
malware
botnets
exploits
• VPN connection to a purpose built firewall
• Automatic protected connectivity for users both inside and outside
• Unified policy control, visibility, compliance & reporting
39. Our unique approach makes us the only solution that…
Scans ALL applications (including SSL traffic) to secure all avenues in/out of a network,
reduce the attack surface area, and provide context for forensics
Prevents attacks across ALL attack vectors (exploit, malware, DNS, command & control,
and URL) with content-based signatures
Detects zero day malware & exploits using public/private cloud and automatically creates
signatures for global customer base
Identify & control
Prevent known
threats
Detect unknown
threats
Rapid, global sharing
All applications
Turning the Unknown into the Known
40. Segment your network with a “zero-trust” model as the foundation for
defense
Only allow content to be accessed:
By a limited and identifiable set of users
Through a well-defined set of applications
Blocking everything else
Block all known threats:
Threat Prevention would have identified and stopped parts of the attack
Across known vulnerability exploits, malware, URLs, DNS queries
And command-and-control activity
Identify and block all unknown threats:
WildFire had identified members of the “BlackPOS” malware family in the past
Using Behavioral characteristics such as
Communicating over often-abused ports (139 or 445)
Using WebDev to share information,
Changing the security settings of Internet Explorer
Modifying Windows registries and many more
Breaking the Attack Kill Chain at Multiple Points
INFRASTRUCTURE: Industry leader in infrastructure and next generation data centre technologies. (INTEGRATION OF EMERGING TECHNOLOGIES: )SECURITY: - Canada’s #1 provider of security, risk and compliance solutions. (CONTEXT BASED SECURITY)CLOUD: Leading architect for the design, deployment and management of hybrid cloud solutions.
THIS IS OUR GO-TO-MARKET STRATEGY We help our customers PREPARE to address today’s security challenges by Understanding risks to their critical business assetsBuilding effective security programs including people, process and technology, andAttracting and retaining (or hiring) top security talent, both leadership and technicalScalar leverages its pedigree and core competency as an integrator of emerging technology to help customers DEFEND their critical business assets and data byImplementing the most robust security defensesLeveraging leading technologies and integrating & configuring them in a way to optimize performance and effectivenessMaximizing the use of technologies to gain visibility, understanding and control over security eventsMost organizations will suffer a breach eventually. We help our customers by:Monitoring critical business assetsResponding rapidly when we see indicators of compromise or confirmed security incidents, andProviding ongoing validation of the effectiveness of security controls. 1
The key points here are:Most security studies are global in nature and do not apply well to the size and cultural uniqueness of Canadian businesses.We took 650 results from over 2,000 respondents to ensure the data is validWe asked questions about:a) what risks impact Canadian businessesb) what measures they have taken to address security riskc) what are the most effective ways to reduce security riskd) overall, how prepared do Canadian businesses believe they are in reducing security riskWe identified “Top Performers” – those companies that reported a reduction in risk: a) we examined the data from Top Performers to understand what investments they made in people, process and technology b) we found that TOP PERFORMERS WERE 28% LESS LIKELY TO SUFFER A SECURITY BREACH.We transfer this knowledge to all of our security customers1
Over the last two years in particular we’ve seen a dramatic change in both the attacker and the techniques they use. By many estimates cybercrime is now a $1+ trillion industry. And like any industry, opportunity fuels more investment and it is clear this “industry” isn’t being deprived. But like any industry investment decisions are made based on the expectation of profit. The best way to get an industry to collapse on itself is take away that potential for profit. Our strategy is quite simple - make it so unbelievably hard for cybercriminals to achieve their objectives that their only recourse is to invest more and more resources to stage a successful attack, or give up and move on to someone else.
Today there are more than 100 nations who are actively building cyber military capabilities. Out of the 100 there are about 20 who are considered serious players. These nation states follow a completely different set of motives, and are not concerned about profit. These new units are accelerating the weaponization of vulnerabilities. They’re launching sophisticated campaigns at our employees looking to take advantage of weak defensive links. They are not motivated by profit. They’re motivated by warfare, terrorism, theft of secrets that may give their country an advantage. Equally so, we need to make it unbelievably hard for these nations to achieve their objectives.
To achieve this we must consider a new approach.
---------------------------------------------------------
Facts & Credits
Peter W. Singer, director of the Center for 21st Century Security and Intelligence at the Brookings Institution, said 100 nations are building cyber military commands, and of that there are about 20 that are serious players and a smaller number could carry out a complete cyberwar campaign.
The barrier to entry for attackers has come down significantly in the last couple of years with the accessibility of exploit kits that may be easily purchased online with full support.
This new approach must account for the realities that today’s attacks are not only multi-dimensional in nature, but also use an increasingly sophisticated set of techniques that are constantly in a state of change. As these techniques evolve the risk of breach increases. And as we all know an organization is only as strong as its weakest entry point, therefore an effective strategy must include multiple kill-points working together to prevent all aspects of an attack. This includes
Blocking the different techniques attackers might use to evade detection and establish command-and-control channels
Preventing installation of malware – including unknown and polymorphic malware
Blocking the different techniques that attackers must follow in order to exploit a vulnerability
Closely monitoring and controlling communications within the organization to protect against the unabated lateral movement when legitimate identities are hijacked
With the evolution of the attack and the attacker as a backdrop, let’s take a quick look at where some of the breakdowns in approaches are occurring.
---------------------------------------------------------
Facts & Credits
Today we detect and analyze over 2M forms of new malware within WildFire. This trend line is increasing monthly.
Malvertising hosted in Azure
Angler Exploit kit
Bedep & Cryptowall
Reconnaissance
We bring multiple security disciplines into a single context / single threat prevention engine.
See beyond individual security events and recognize the full extent of a threat.
In a uniform context, you can see the interconnection of: Applications, Exploits, Malware, URLs, DNS queries, Anomalous network behaviors, Targeted malware
It is the unique value of our integrated solution that allows us to see this interconnection.
This should be our main talking point to customers… and have them realize that their strategy should not be based on ‘best of breed products’ any longer.
Your architecture must also be able to detect and prevent threats at every point across the organization:
Attacks targeting your mobile workers
Attacks targeting your perimeter
Attacks moving between employees and devices within your LAN, or from guests or other 3rd party contractors that might have access to your network
Attacks targeting the heart of your virtualized data center
Attacks targeting your cloud-based infrastructure, both private and public
We’d like to help you build a prevention-focused architecture that stops at nothing short of complete visibility into all traffic; is natively integrated in such a way that no gaps exist and context is delivered so you only have to react to the threats that are critically important; is highly automated to reduce or remove manual response; and enables you to drive seamless policy throughout your organization to reduce your attack surface and eliminate unnecessary risk.
How do we do that?
If you go back in time, the first thing we said we were going to do as a company was safely enable the use of all applications on your network. Why is that important? Attackers know that one of the easiest ways to get into your network is through an application. Back in the mid-90’s our founder, Nir Zuk, created the first stateful inspection firewall. Stateful inspection firewalls use port, protocol and IP addresses to make security policy decisions. That was OK in the mid-90’s when you had only two applications on your network – email and web that communicated over a very predictable set of ports. At the time there was also a very limited number of devices to contend with on your network. Fast forward to the early-2000’s and Nir could see that the number of applications landing on the network was about to explode, and that stateful-based firewalls would be incapable of handling this new environment where these applications utilized significantly more ports and followed non-standard patterns that the stateful firewall simply couldn’t anticipate. Mega trends like BYOD, mobility and cloud computing added further complications. Nir made the decision to re-invent the firewall and develop a new approach that took the guessing out of security, and provided a much more robust solution for managing applications, users and devices. That approach led to the formation of Palo Alto Networks in 2005, and the creation of the industries first next-generation firewall in 2007. The big different between stateful firewalls and next-generation firewalls is we don’t guess. We don’t guess about applications, we don’t guess about users, we don’t guess about content, and we don’t guess about devices. We definitively inspect and identify all applications, users, content, and devices operating across your network. That means you get real visibility on your network which leads to better security.
The next thing we said we were going to do was prevent both known and unknown cyber threats for all users on any device across any network. To achieve this we developed a series of cloud-based services that integrate closely with the next-generation firewall and deliver automated threat detection and prevention. We have four cloud-based services today – Threat Prevention, URL Filtering, WildFire and GlobalProtect for mobile security. Let’s pick one of these services, WildFire, to demonstrate to power of this integrated approach. Now, if an attacker attempts to breach your organization using a known threat we’re going to automatically block that attack using a combination of our next-generation firewall and cloud-based services (Threat Prevention, URL Filtering and GlobalProtect). If the threat is unknown we’re going to quickly turn it into a known threat using WildFire which detects and analyzes potentially malicious files looking for new forms of malware, malicious URLs or command-and-control sites. As those unknown threats are detected, WildFire automatically develops new protections and within minutes routes those tools back to your cloud based services. We don’t just route those tools to your systems, we route them to the global customer base so you benefit from the multiplier effect of a large threat intelligence community. This automated process ensures that your platform can delivery the highest levels of security for all users on any device across your entire network.
The newest technology we’ve brought to market is advanced endpoint protection. Let me tell you why we went down this path. Legacy providers have not been able to keep up with the challenges associated with advanced threats that have been finding their way onto the endpoint, then working their way into the network. We looked across the market, at all of the different approaches and decided something truly disruptive had to happen. Many of the “newer” technologies have effectively given up on prevention and instead focus their efforts on detection and remediation. Other prevention-based approaches were simply ineffective at stopping advanced threats, or imposed too much operational overhead to be viable on a large scale basis. We came up with a very unique approach that prevents all exploit and malware-based attacks, even those based on unknown zero-day vulnerabilities. And we do this with a very lightweight and scalable technology. This approach has proven to be highly effective at protecting endpoints from advanced attacks – including laptops, servers, industrial control systems, bank ATMs, medical devices and retail point of sale systems.
So, to wrap it up our core value proposition is that we provide an enterprise security platform that safely enables all applications through granular use of controls and prevention of known and unknown cyber threats for all users on any device across any network. In doing so we’re able to deliver superior security with superior TCO.
Go to Whiteboard!
<Optional slide>
This is yet another proof point that your DC and infrastructure apps are heavily targetted. This data comes from one of our recent Application usage and threat reports.
It’s a global view into enterprise application usage and the associated threats summarized from network traffic assessments conducted across more than 3,000 global organizations. This isn’t a survey, it is real data collected from live traffic. We share our insights in our “Application Usage and Threat Report”.
The 2013 report reveals 10 of the 1,395 applications represented 97% of the 60 Million exploit logs found.
9 of those applications are business critical. - internal or infrastructure-related applications that are integral to many business functions.
Here are the most heavily targeted – [list a few of them off] – “let me see a show of hands – how many of you can say you are not using any of these applications?”
In the example we are allowing access to the environment for admins using RDP, and marketing to use sharepoint.
VM Monitoring for AWS
Extends existing VM Monitoring function in PAN-OS to poll VPC EC2 instances
Tags include: IDs, state, subnet, type, placement, DNS names, and custom tags
What are customers using VM-Series for in AWS?
Gateway: Protect applications and services hosted in AWS where users are coming in over the open Internet
Hybrid cloud: This is about extending the private data center into the cloud to take advantage of the on-demand pricing, scalability and elasticity of a public cloud. This today is of strongest interest for enterprises.
VPC to VPC: A VPC is a virtual private cloud, i.e. a virtual data center in AWS, and a VPC to VPC is one architecture pattern.
GP: leveraging the AWS infrastructure to secure a global workforce
We’d like to help you build a prevention-focused architecture that stops at nothing short of complete visibility into all traffic; is natively integrated in such a way that no gaps exist and context is delivered so you only have to react to the threats that are critically important; is highly automated to reduce or remove manual response; and enables you to drive seamless policy throughout your organization to reduce your attack surface and eliminate unnecessary risk.
How do we do that?
If you go back in time, the first thing we said we were going to do as a company was safely enable the use of all applications on your network. Why is that important? Attackers know that one of the easiest ways to get into your network is through an application. Back in the mid-90’s our founder, Nir Zuk, created the first stateful inspection firewall. Stateful inspection firewalls use port, protocol and IP addresses to make security policy decisions. That was OK in the mid-90’s when you had only two applications on your network – email and web that communicated over a very predictable set of ports. At the time there was also a very limited number of devices to contend with on your network. Fast forward to the early-2000’s and Nir could see that the number of applications landing on the network was about to explode, and that stateful-based firewalls would be incapable of handling this new environment where these applications utilized significantly more ports and followed non-standard patterns that the stateful firewall simply couldn’t anticipate. Mega trends like BYOD, mobility and cloud computing added further complications. Nir made the decision to re-invent the firewall and develop a new approach that took the guessing out of security, and provided a much more robust solution for managing applications, users and devices. That approach led to the formation of Palo Alto Networks in 2005, and the creation of the industries first next-generation firewall in 2007. The big different between stateful firewalls and next-generation firewalls is we don’t guess. We don’t guess about applications, we don’t guess about users, we don’t guess about content, and we don’t guess about devices. We definitively inspect and identify all applications, users, content, and devices operating across your network. That means you get real visibility on your network which leads to better security.
The next thing we said we were going to do was prevent both known and unknown cyber threats for all users on any device across any network. To achieve this we developed a series of cloud-based services that integrate closely with the next-generation firewall and deliver automated threat detection and prevention. We have four cloud-based services today – Threat Prevention, URL Filtering, WildFire and GlobalProtect for mobile security. Let’s pick one of these services, WildFire, to demonstrate to power of this integrated approach. Now, if an attacker attempts to breach your organization using a known threat we’re going to automatically block that attack using a combination of our next-generation firewall and cloud-based services (Threat Prevention, URL Filtering and GlobalProtect). If the threat is unknown we’re going to quickly turn it into a known threat using WildFire which detects and analyzes potentially malicious files looking for new forms of malware, malicious URLs or command-and-control sites. As those unknown threats are detected, WildFire automatically develops new protections and within minutes routes those tools back to your cloud based services. We don’t just route those tools to your systems, we route them to the global customer base so you benefit from the multiplier effect of a large threat intelligence community. This automated process ensures that your platform can delivery the highest levels of security for all users on any device across your entire network.
The newest technology we’ve brought to market is advanced endpoint protection. Let me tell you why we went down this path. Legacy providers have not been able to keep up with the challenges associated with advanced threats that have been finding their way onto the endpoint, then working their way into the network. We looked across the market, at all of the different approaches and decided something truly disruptive had to happen. Many of the “newer” technologies have effectively given up on prevention and instead focus their efforts on detection and remediation. Other prevention-based approaches were simply ineffective at stopping advanced threats, or imposed too much operational overhead to be viable on a large scale basis. We came up with a very unique approach that prevents all exploit and malware-based attacks, even those based on unknown zero-day vulnerabilities. And we do this with a very lightweight and scalable technology. This approach has proven to be highly effective at protecting endpoints from advanced attacks – including laptops, servers, industrial control systems, bank ATMs, medical devices and retail point of sale systems.
So, to wrap it up our core value proposition is that we provide an enterprise security platform that safely enables all applications through granular use of controls and prevention of known and unknown cyber threats for all users on any device across any network. In doing so we’re able to deliver superior security with superior TCO.
-Reduce the attack surface
-
-We use information learned while running files through WildFire to improve our signature-based threat prevention capabilities. E.g. We can harvest bad domains, malicious URLs, Command & Control information, etc. to build new DNS signatures, C&C signatures, and add to the malware category in PAN-DB.
Timely and accurate threat intelligence data is the only way to remain up to date with emerging threats and bad actors/attackers. We use this data to detect early warning signs of potential threats and attacks that may impact our customers. Early warning helps stop attacks before they propagate and result in data loss.We apply advanced analytics to understand how threats are impacting our customers. We do this by correlating the data from our threat feeds with security event data generated within our customers’ environments. We also aggregate data across our customer base to identify trends that may be specific to certain industries or technologies so we can focus our efforts on proactive protection measures and rapid detection & response.Protecting critical assets is key to an effective security strategy. We see millions of security data points per day, and the only way to effectively reduce these into meaningful information we can analyze is to apply advanced automation and analytics focusing on the most critical assets that require protection.When incidents occur, we need trained professionals who can rapidly confirm incidents, assess the impact to our customer’s business, and respond effectively. Often, incident handling goes beyond simply reconfiguring or rebuilding systems, but also looking at what other systems or data may have been affected, what the impact has been on customers, business partners, and key stakeholders, and any communication and legal steps required. Most importantly, we need to continuously validate the effectiveness of the security controls in place. Validation occurs on a regular basis, monthly for example. It is also critically important following an incident to ensure measures have been taken to ensure known risks are mitigated effectively. The only way to demonstrate effectiveness of security controls is through robust reporting – customers need metrics on key data that demonstrates that security risks are identified, measured, and reduced. 1
Successful outcomes:Reduced risk at the enterprise level – again, focused on business criticality for maximum impactLower breach cost – not limited to direct costs, but indirect costs such as reputational damage which is often the highest component according to the study we conducted in 2015Return on investment – through proper design, deployment, integration and tuning – to maximize value of spendEnable business – by providing secure solutions, the business is free to provide innovative services to the marketplace within acceptable risk toleranceMeasurable outcomes – the only way to demonstrate effectiveness of security spend is to measure key performance indicators and report on a regular basis. 1
This slide is quite straightforward – the talk track follows prepare-defend-respond.Follows the Scalar approach of Prepare, Defend, Respond.first step in preparedness is to perform a risk assessment to understand gaps in current security posture and build an effective program to manage enterprise security risk.Next, deploy a security infrastructure to provide visibility, understanding and control – maximize the effectiveness through proper configuration and tuningFinally, when security incidents happen, respond quickly to contain and remediate – then continuously validate the effectiveness of controls and changes that are made on an ongoing basis. 1