Identity + Security: Welcome to Your New Career

•

1 like•254 views

See Chris "Sully" Sullivan's presentation from this year's Gartner IAM Summit in Las Vegas where he outlines how identity and security are coming together to form a new team and a new career path.

Software

Identity
+
Security:
Welcome
to
your
new
career
Chris
Sullivan
(Sully)

SVP,
Chief
Information
Security
Office

Securing
Digital
Business
SecureAuth,
Core
Security,
Damballa,
Courion,
Secure
Reset,
Bay31
• We
are
leaders
in
IDM,
IGA,
SSO,
Adaptive
Auth,

TI,
Vulnerability
Management,
Pen-‐Testing,
Threat

Detection,
Threat
Intel
• We
do
primary
research,
analytics,
automation

and
orchestration
across
the
entire
threat
surface

Device
Centric
Investigations
The
Old
Way
Defense
In-‐Depth Manual
Response
Limited
Control
Over
Devices
Manual
Investigation
Silos
Of
Data
Alert
Overload
Alert
Fatigue
Point
Products
Focused
On
Devices
O R C H E S T R A T I O NI D E N T I T Y C A S E
M G M TA N A L Y T I C S A U T O M A T I O N
LACKS

Access
Attack
Paths
Billions
of
Changing
Relationships
I D E N T I T Y
A C C O U N T S
E N T I T L E M E N T S
R O L E S
A P P L I C AT I O N S

The
Role
of
Identity
in
Digital
Business
is
Evolving

IT
Efficiency
IT
ComplianceSecurity
Business

Agility
Scale
UX
API
API
AI

I N T EL L I G EN T
I D EN T I T Y
I S
V I TAL / N EC ES SARY
FO R
S EC UR I T Y

Identity
Security
Automation
The
Only
Way
O R C H E S T R A T I O NI D E N T I T Y C A S E
M G M TA N A L Y T I C S A U T O M A T I O N
IDENTITY
SECURITY
AUTOMATION
Any
| Any
|
Any
Identity
Centric
Telemetry
Device
Agnostic
WORKFORCE
PARTNERS
CONSUMERS
ANY
USER ANY
DEVICE
MOBILE
TABLET
LAPTOP
SERVER
ANY
PATH
CLIENT
APP
MOBILE
APP
BROWSER
EMAIL
Contextual
Evidence
Orchestration
of
Siloed
Data
Identity
Context
Authentication
Attempts
Network
Behavior
Vulnerable
Attack
Paths
3rd Party
Sec.
Controls
Automated
Investigation
Analytics
Driven
Case
Mgmt.
With
High
Confidence
Adaptive
Automation
Playbooks
for
Rapid
Response
At
Identity
Layer
&
Beyond

CONVENTIONAL
VIEW
OF
ACCESS
CLUSTER
ANALYSIS
OF
ACCESS
LINK
ANALYSIS
OF
ACCESS
ATTACK
PATH
REVIEW

Reducing
Business
Friction
Securely
Adaptive
Authentication
Device
Recognition
Threat
Service
Directory
Lookup
Geo-‐Location
Geo-‐Velocity
Geo-‐Fencing
Phone
Number
Fraud
Prevention
Behavioral
Biometrics
Identity
Governance
User
&
Entity
Behavior
Analytics
Do
we
recognize
this
device?
Associated
with
a
user
we
know?
Real-‐time
Threat
Intelligence
IP
Address
Interrogation
Group
membership
and
attribute

checking
Request
coming
from
a
known
location?
Do
we
have
employees,
partners
or
customers
here?
Has
an
improbable
travel
event

taken
place?
Track
normal
behavior
Looking
for
anomalies
Who
should/does
have
access
rights?
High
Access
Rights
=
greater
risk/vulnerability
Access
request
coming
from
within
or

outside
a
geographic
barrier
Typing
Sequences
&
Mouse
Movements
Unique
to
each
user
on
each
device
Reduce
#
of
OTPs,
Block
device
class,
Identify
“porting”
status,
Block
by
carrier

214– Allow
us
to

continue
to
assist
Extract
IP
address
from
major
target

systems
and
evaluate
activity

Gain
Awareness
Define
criteria
to
determine
level
of

acceptance
by
use
case
or
user
category

Understand
seasonality
and
impact
to
risk

tolerance

Assess
Acceptable
Risk
Create
metrics
for
success
(near
term,
mid

term,
long
term)
Determine
success?

Make
a
time
investment
in
a

Risk
Awareness
Workshop

© 2017
by
SecureAuth +
Core
Security

All
rights
reserved
Thank
you…

Thank
you
very
much.

What's hot

Video Surveillance in Residential Communities!.pptx

Technomine

Threat Detection and Response Solutions

The TNS Group

Easy Solutions Product Brochure

Ben Massey

What is Threat Intelligence? It's more than raw source feeds and technical information. If you ask most vendors, they talk about their lists of "bad" IP addresses and domain names, which don't enable the business to make informed decisions on assessing risk and taking action; it lacks -- well, intelligence. We'll cover what Threat Intelligence is, why analysis is an important factor and methods available to analyze raw data.

Ed McCabe - Putting the Intelligence back in Threat Intelligence

centralohioissa

Holy Threat Intelligence AMPman! We Need Endpoint Security!

Force 3

The numbers are shocking: 69% of enterprise security executives report having experienced insider threats over one year. At the same time, 62% of business users report having access to data they should not see. Making matters worse? 43% of business say it takes at least a month (if not longer) to detect employees viewing files and emails they’re not authorized to access.* With its comprehensive suite of flexible, simple, efficient solutions, Cisco Security offers a seamless approach designed to ease the burden on your IT team while strengthening your security posture. That includes Cisco Stealthwatch, a network visibility and security analytics system. Using NetFlow, Stealthwatch helps you use your network as a security sensor and enforcer to detect and remediate attacks, ultimately improving your threat defense—including time to detection and response. Today, nearly a third of organizations lack the ability to prevent or deter insider threats.* Don’t let your agency be one of them.

Detect Threats Faster

Force 3

Attacks on organizations are in the news every day. How can your organization keep from becoming tomorrow’s headline? Join SecureAuth as we take a deeper look at how adaptive authentication techniques can enable your organization to stop attackers in their tracks. With live intelligence data as a part of your authentication workflows, you can easily identify suspicious actors before they enter your network, not after they violate a policy.

How to Stop Cyber Attacks Using Adaptive Authentication

SecureAuth

Actualmente las organizaciones enfrentan el reto de mejorar su eficiencia y niveles de seguridad, el desarrollar una estrategia de integración donde exista comunicación entre la infraestructura de seguridad garantiza que se tenga un nivel de colaboración y mejora en el nivel de seguridad. Hoy esto ya es posible siendo una realidad para mejorar gasto y mejora en la eficiencia operativa de seguridad de las organizaciones. Conozca cómo llegar a construir este modelo SPEAKER : Juan Pablo Páez, CISSP, CISM - Gerente Regional Latinoamérica de Ingeniería y Preventa McAfee Juan Pablo tiene 14 años de experiencia profesional en seguridad de la información, especializado en tecnologías de seguridad, arquitectura de seguridad y gestión de operaciones automatizadas e inteligentes. Certificado CISSP, CISM CEH. Adicionalmente, tiene conocimiento para el desarrollo de diseños de redes seguras, arquitecturas, operaciones de seguridad inteligente iSOC basados en las mejoras prácticas de la industria y estándares como el ISO27000, PCI-DSS entre otros.

BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...

Cristian Garcia G.

Security from the cloud is challenging traditional approaches. As organizations transition from perimeter-based security towards user-centric approaches, Security and Risk professionals are transitioning to cloud IAM services or IDaaS (Identity as a Service) to manage identities across cloud environments. By overcoming the limitations of legacy on-premises IAM solutions, organizations are accelerating SaaS adoption, increasing user productivity and recognizing greater returns on their cloud investments. View our slides for IAM overview and learn about: • Trends in cloud, and the standards to support them • State of Identity, Digital Trust, Authentication and Access • Directory Services and Federation • SSO (Desktop SSO, Web SSO, and Mobile SSO) • Automating Onboarding Practices, Provisioning and Deprovisioning Watch the on-demand webinar here: https://www.brighttalk.com/channel/12923/onelogin?utm_source=brighttalk

Identity Access Management 101

OneLogin

Perimeter Protection Solutions

The TNS Group

Open Source Intelligence Gathering (OSINT) is growing in popularity among attackers and defenders alike. When an attacker comes knocking on your network's front door, the warning lights go off in multiple systems (IDS, IPS, SIEM, WAF). More sophisticated attackers, however, spend considerable time gathering information using tools and techniques that never touch any of your systems. As a result, these attackers are able to execute their attacks and make off with proprietary data before you even know they are there. This presentation provides an introduction to many OSINT tools and techniques, as well as methods you can use to minimize your exposure.

Jerod Brennen - What You Need to Know About OSINT

centralohioissa

"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...

Jack Pringle

Introduction to MicroSolved, Inc.

MRMaguire

5 Signs Your End-Users Need a Security Boost

The TNS Group

Are Computer Hacker Break-ins Ethical -- Spafford

Mia Eaker

Managed Security: How Secure Are You During COVID?

The TNS Group

Hacking and Penetration Testing - a beginners guide

Pankaj Dubey

FINTECH: Industries we Serve

The TNS Group

Managed Services: Turning Pandemic Into Profitable Protection

The TNS Group

Its time to grow up by Eric C.

ISSA LA

What's hot (20)

Video Surveillance in Residential Communities!.pptx

Threat Detection and Response Solutions

Easy Solutions Product Brochure

Ed McCabe - Putting the Intelligence back in Threat Intelligence

Holy Threat Intelligence AMPman! We Need Endpoint Security!

Detect Threats Faster

How to Stop Cyber Attacks Using Adaptive Authentication

BUSCAS UNA SEGURIDAD INTEGRADA Y DINÁMICA? ; INTELIGENCIA Y COLABORACIÓN LA ...

Identity Access Management 101

Perimeter Protection Solutions

Jerod Brennen - What You Need to Know About OSINT

"We Have Met the Enemy and He Is Us": The Role of the Human Factor in Protect...

Introduction to MicroSolved, Inc.

5 Signs Your End-Users Need a Security Boost

Are Computer Hacker Break-ins Ethical -- Spafford

Managed Security: How Secure Are You During COVID?

Hacking and Penetration Testing - a beginners guide

FINTECH: Industries we Serve

Managed Services: Turning Pandemic Into Profitable Protection

Its time to grow up by Eric C.

Similar to Identity + Security: Welcome to Your New Career

It’s the Epic battle between business enablement and data protection. In the past, there was no winner. If business enablement wins, your attack surface is broad. If locking down your data wins, your business can’t thrive. No matter how you stack the sides, they both hinge on IDENTITY. In this presentation, Stephen Newman shares the combined product vision of SecureAuth and Core Security and introduces Identity Security Automation: where the worlds of identity management and security operations meet.

Product Vision - Stephen Newman – SecureAuth+Core Security

Core Security

Corporate boards and audit committees are taking a greater interest in cybersecurity and plans to mitigate related risks. Headline-grabbing data breaches are prevalent. Shareholders and oversight bodies are concerned about the potential impact to their organizations’ financial well-being and reputation. Today, cyber adversaries are well-organized and well-funded, and they are more able to enter commercial and governmental organizations than ever before. No company has the capability and capacity to prevent all attacks. The only way to operate securely is to assume a breach has occurred, is occurring and will occur. This requires “complicate, detect and respond” mindset when developing and automating controls. For more information, please visit http://cainc.to/Nv2VOe

Complicate, detect, respond: stopping cyber attacks with identity analytics

CA Technologies

Companies have AI projects. Security products use AI to keep attackers out and insiders at bay. But what is this "AI" that everyone talks about? In this talk we will explore what artificial intelligence in cyber security is, where the limitations and dangers are, and in what areas we should invest more in AI. We will talk about some of the recent failures of AI in security and invite a conversation about how we verify artificially intelligent systems to understand how much trust we can place in them. Alongside the AI conversation, we will discover that we need to make a shift in our traditional approach to cyber security. We need to augment our reactive approaches of studying adversary behaviors to understanding behaviors of users and machines to inform a risk-driven approach to security that prevents even zero day attacks.

Artificial Intelligence – Time Bomb or The Promised Land?

Raffael Marty

Actionable Threat Intelligence

OWASP Delhi

Cybercrime future perspectives

SensePost

LIFT OFF 2017: Transforming Security

Robert Herjavec

Anton Chuvakin on Threat and Vulnerability Intelligence

Anton Chuvakin

Data loss is considered by security experts to be one of the most serious threats that businesses currently face. Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy. However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]: The Bank of America: Losing the personal employee information of over one million employees The United States Government: Losing data related to the military Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data. Interestingly, it is not just cybercriminals who represent a threat as: 64% of data loss is caused by well-meaning insiders. 50% of employees leave with data. $3.5 million average cost of a security breach. Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss. Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization. For more information contact: rkopaee@riskview.ca https://www.threatview.ca http://www.riskview.ca

Data Loss Prevention

Reza Kopaee

Integrating Physical And Logical Security

Jorge Sebastiao

Security technologists, practitioners, and the media love to talk about the latest malware, and zero-day attacks that hackers and nation states direct against their targets. The reality is that a significant portion of security incidents and data breaches come from within an organization’s security perimeter. The insider threat is the unglamorous side of security, and one that most vendors and industry professionals tend to ignore. Which tools in your security stack truly address the insider threat problem? What percentage of your security budget is dedicated to this issue? This presentation will explore the rise of the insider threat, and the five essential components of an effective approach to identifying and investigating breaches that result from the malicious or innocent actions of internal actors. Learning Objectives: • Learn about the trends, size & scope of the insider threat problem • How to Evaluate your security stack against the insider threat problem • Explore emerging concept of insider detection and investigation and the five required components of an insider threat approach.

Insider Threat: How Does Your Security Stack Measure Up?

ThinAir

Security threats and countermeasures in daily life - Symantec

Natarajan V

01.L1 Deck- Singularity Platform.pptx

Carlos González García, PMP®

DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS

Cristian Garcia G.

Cognitive automation with machine learning in cyber security

Rishi Kant

Best Practices for Scoping Infections and Disrupting Breaches

Splunk

NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0

James Perry, Jr.

Network Security in a Virtualized Environment

LiveAction Next Generation Network Management Software

OSB50: Operational Security: State of the Union

Ivanti

Data exfiltration so many threats 2016

FitCEO, Inc. (FCI)

Mobile Apps and Security Attacks: An Introduction

Nagarro

Similar to Identity + Security: Welcome to Your New Career (20)

Product Vision - Stephen Newman – SecureAuth+Core Security

Complicate, detect, respond: stopping cyber attacks with identity analytics

Artificial Intelligence – Time Bomb or The Promised Land?

Actionable Threat Intelligence

Cybercrime future perspectives

LIFT OFF 2017: Transforming Security

Anton Chuvakin on Threat and Vulnerability Intelligence

Data Loss Prevention

Integrating Physical And Logical Security

Insider Threat: How Does Your Security Stack Measure Up?

Security threats and countermeasures in daily life - Symantec

01.L1 Deck- Singularity Platform.pptx

DETECTE E INVESTIGUE LAS AMENAZAS AVANZADAS

Cognitive automation with machine learning in cyber security

Best Practices for Scoping Infections and Disrupting Breaches

NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0

Network Security in a Virtualized Environment

OSB50: Operational Security: State of the Union

Data exfiltration so many threats 2016

Mobile Apps and Security Attacks: An Introduction

More from Core Security

Identity Governance and Administration solutions are more than the newest security buzzword, they are integral solutions that work with your Identity and Access Management solutions to keep your network safe. In this webinar, our product solutions team will talk about, and explain how to solve, the three biggest struggles they see with IGA programs such as: - Dealing with Third Party Contractors - Struggling with finding time to do more reviews - Keeping up with compounding access

How to Solve the Top 3 Struggles with Identity Governance and Administration ...

Core Security

Lazy Penetration Tester Tricks

Core Security

Thanks for All the Phish: Introducing Core Impact 18.1

Core Security

Joseph Blankenship is a leading security industry veteran and currently a senior analyst at Forrester serving security and risk professionals. This session examined how analytics and automation are combining to transform security operations. Specifically, he will address how combating threats and keeping pace with change requires security technologies to work together and security leaders to embrace automation.

Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...

Core Security

In 2016 alone, over 4000 cyber attacks were reported globally – with many more never reported or even detected. Enterprises deploy security point solutions in the hopes of stopping a data breach, while savvy attackers work to exploit the whitespace between them. This session will explore how a connected approach to security, one where vendors are joining forces to specifically address the data breach problem, will eliminate the silos that make it possible for breaches to happen.

No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe

Core Security

Passwords, multi-factor authentication, knowledge-based questions/answers, and hard tokens are based on technologies that are now 20 years old. With organizations losing the battle against cyber attacks, it’s clearly time to move beyond these legacy technologies and adopt a modern approach in which awareness and flexibility are king. Authentication must adapt based on the level of risk, so that it can deliver strong security yet be invisible to users most of the time. Achieving that balance of strong security and appropriate user friction is the basis for modern authentication. This session will explore what modern authentication is and why using it across all users, devices, and services is vital to turning a losing battle into a winning strategy to stop cyber attacks.

Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...

Core Security

Vulnerability Assessments, Penetration Tests and Red Teaming – Do you know what these tactics are all about? In this session, we will present our understanding of these practices in terms of when to apply them and what to expect. Nowadays, organizations run on top of hundreds, if not thousands, of Information Technology assets with some of them on premise and others cloud based. Having control over all of this is a challenging task. Based on our extensive experience with securing our customers, I will show what real findings and attack trends look like while hopefully, shedding some light on how to be prepared to resist current attacks.

Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...

Core Security

Threat Dissection - Alberto Soliño Testa Research Director, Core Security

Core Security

Vulnerability Management is like a Hydra, chop off one head and two more grow back. It is impossible to keep up. How do you prioritize? How can you get ahead? Maybe “ahead” is too ambitious - but what about drastically reducing risk? One way to make an impact is with attack path mapping. Allowing VM teams to quickly identify the weak device in the chain on how an attacker could move laterally to the so-called “Crown Jewels.” In this session, users will learn the best practices on how to ingest router and firewall data for better attack path mapping and how to quickly break the chain in the attack path, allowing you to sever the head of the Hydra.

How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...

Core Security

Whether it’s the revered single plane of glass view in a SIEM or building an auto containment workflow for compromised devices, Network Insight admins can use built-in integrators to take action quickly or build their own with the API. With SIEM for instance, what if the view is wrong or incomplete? This can cause the response teams to spend invaluable time looking and or chasing the wrong things. It’s critical to understand how to ingest the NI outputs into your SIEM to keep things flowing smoothly. In this session we will cover the two different types of feeds and ideas on how to best incorporate them into your SIEM workflow. This session will help responders understand the Network Insight SIEM output so they can quickly understand the output and how to build SIEM workflows and dashboards to get optimal results. Also covered will be use cases for Next Generation Firewall (NGFW), Network Access Control (NAC) and Proxy integrations.

Understanding Network Insight Integrations to Automate Containment and Kick S...

Core Security

How do you separate the good from the bad actors? Put on your white hat as we go on an adventure to separate the wheat from the chaff; or the good from the bad and not so bad. Join us for a chance to learn from our Threat Research team and how they track and expose threat operators and build that intelligence into Network Insight. Not only that, but discover the different ways our Threat Research team is able to apply their findings. This will be an insightful session for anyone interested in learning more about a day in the life of a threat researcher.

The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...

Core Security

Come meet the newest member of the Core Security product family – Core Role Designer. Our visual-first, analytics driven approach to designing roles will help you understand the relationship between people and what they have access to. You’ll not only be able to create the best roles possible, you’ll also discover rogue access and underprovisioned accounts in your organization. Step up your role game with Core Role Designer.

Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...

Core Security

Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...

Core Security

Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...

Core Security

The Why - Keith Graham, CTO – SecureAuth+Core Security

Core Security

Everyone loves a good tip, like using a stick of spaghetti to light a hard to reach candle wick or using Doritos to start a fire. In this session VI users will learn the top tips and tricks for both the GUI and configurations. Along with ingesting router data and using it for attack path identification, users will learn how to quickly use the existing Attack Strategy to first prioritize any immediate critical vulnerabilities, how to setup campaigns for critical assets and tips for report usage and customization. There will also be time for users to share their favorite tips with other attendees. The more we all share, the more value everyone can get from the tool.

Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security

Core Security

Speed to respond is critical in fighting cyber threats and cyberattacks. Learning how to quickly assess findings leads to faster response and containment. As users get familiar with the Network Insight, formerly Failsafe, user console and how to read results, quick decisions can be made as to next steps to response. In this session, we will cover how to quickly assess findings in the GUI directly or when pivoting from a SIEM or ITSM in response to a case – including top dashboard widgets for quickly drilling down on pre-filtered lists of assets. This session will cover asset filtering methods to highlight what things are important to each organization. Most importantly you will learn how to drill down on individual assets, what to look for and which sections can quickly decide on next steps.

Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...

Core Security

10 IT Security Trends to Watch for in 2016

Core Security

State and local information security leaders continue to be challenged with the “new norm,” to do more with less, while remaining on top of technology trends driving the marketplace. Traditional information security approaches often have limited impact and require more attention and resources. Please join Grayson Walters, Information Security Officer of Virginia Department of Taxation, and Eric Cowperthwaite, Vice President of Advanced Security and Strategy at Core Security as they discuss some of the top IT security trends and developments in the public sector, more specifically, within state and local governments.

Trending it security threats in the public sector

Core Security

What your scanner isn't telling you

Core Security

More from Core Security (20)