Micro Segmentation for Zero trust security and compliance
1) What is Zero Trust?
2) How does zero trust relate to compliance?
3) Guardicore and Micro Segmentation,
4) YouAttest and Compliance
5) Short Demo and Q&A session
Understand the concepts of the NIST Zero Trust Architecture (ZTA). We will use a parenting analogy and show how it applies to protecting file as an enterprise resource.
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
Understand the concepts of the NIST Zero Trust Architecture (ZTA). We will use a parenting analogy and show how it applies to protecting file as an enterprise resource.
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
Presentation on Zero Trust model, used for the Codecademy Manipal Chapter event. Covers basic information about the Zero trust model, implementation, and benefits.
Here's the slide deck from my session titled "Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps" which was presented on the Modern Workplace Conference Paris 2022 Virtual event.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
The Zero Trust Model of information #security simplifies how #information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model— “trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
Get comprehensive protection across all your platforms and clouds
Protect your organization from threats across devices, identities, apps, data and clouds. Get unmatched visibility into your multiplatform environment that unifies Security Information and Event Management (SIEM) and Extended Detection and Response (XDR). Simplify your security stack with Azure Sentinel and Microsoft Defender.
[Round table] zeroing in on zero trust architectureDenise Bailey
Idea of Zero Trust
Frameworks e.g. NIST framework
Building a Zero Trust Architecture
Building Tech stack for transition to Zero Trust Architecture
Building Tech stack for directly implementing Zero Trust Architecture
This Deck, gives you an overview of the zero trust security posture, considerations you should have while looking to adopt that posture, and the advantages of doing so.
This is Microsoft Azure Information Protection which helps you out to protect your data being accessible to the unauthorized users. This is an overview for the AIP
Understanding Zero Trust Security for IBM iPrecisely
As security threats continue to evolve and increase, companies need to also adapt their approach to IT security. One important concept that is gaining in popularity and adoption is zero trust security. The main concept behind the zero trust security model is "never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified.
Zero Trust means moving beyond a perimeter security strategy. As companies offer customers and business partners new digital experiences and processes, networks can be local, in the cloud, or a combination or hybrid with resources anywhere as well as workers in any location. This dynamic is impacting IBM i customers and zero trust security is an important element of a modern security strategy.
Join us for this webcast to hear about:
• Understanding zero trust security concepts
• Zero trust security in the real world
• Zero trust security for IBM i environments
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
This presentation will bring insights into how the Zero Trust framework can help organizations improve their cybersecurity posture and resilience and what the organizational challenges are.
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to RealityPriyanka Aash
Zero Trust Architecture rethinks strategies to secure corporate assets. ZTA may allow us to create more enduring security architectures, with less entropy vs. today's security architectures. However, lack of enabling standards is causing confusion about what ZTA is and vendor hype isn't helping either. This session will describe the current state of ZTA, and standards initiatives that may help bring clarity and reduce barriers to adoption.
With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security.
During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach.
Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data.
Learning Objectives:
Upon completion of this seminar, participants will be able to:
1. Understand the history and evolution of Zero Trust and its application to data security.
2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security.
3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security.
4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data.
5. Network with other industry professionals to share insights and best practices.
Here's the slide deck from my session titled "Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps" which was presented on the Modern Workplace Conference Paris 2022 Virtual event.
A Zero Trust approach should extend throughout the entire digital estate and serve as an integrated security philosophy and end to end strategy.
Identities. Identities whether they represent people, services, or IOT devices define the Zero Trust control plane. When an identity attempts to access a resource, we need to verify that identity with strong authentication, ensure access is compliant and typical for that identity, and follows least privilege access principles.
Devices. Once an identity has been granted access to a resource, data can flow to a variety of different devices From IoT devices to smartphones, BYOD to partner managed devices, and on premises workloads to cloud hosted servers. This diversity creates a massive attack surface area, requiring we monitor and enforce device health and compliance for secure access.
Applications. Applications and APIs provide the interface by which data is consumed. They may be legacy on premises, lift and shifted to cloud workloads, or modern SaaS applications. Controls and technologies should be applied to discover Shadow IT, ensure appropriate in-app permissions, gate access based on real-time analytics, monitor for abnormal behavior, control of user actions, and validate secure configuration options.
Data. Ultimately, security teams are focused on protecting data. Where possible, data should remain safe even if it leaves the devices, apps, infrastructure, and networks the organization controls. Data should be classified, labeled, and encrypted, and access restricted based on those attributes.
Infrastructure. Infrastructure (whether on premises servers, cloud based VMs, containers, or micro services) represents a critical threat vector. Assess for version, configuration, and JIT access to harden defense, use telemetry to detect attacks and anomalies, and automatically block and flag risky behavior and take protective actions.
Networks. All data is ultimately accessed over network infrastructure. Networking controls can provide critical “in pipe” controls to enhance visibility and help prevent attackers from moving laterally across the network. Networks should be segmented (including deeper in network micro segmentation) and real time threat protection, end to end encryption, monitoring, and analytics should be employed.
Each of these six foundational elements serves as a source of the signal, a control plane for enforcement, and a critical resource to defend. You should appropriately spread your investments across each of these elements for maximum protection.
The Zero Trust Model of information #security simplifies how #information security is conceptualized by assuming there are no longer “trusted” interfaces, applications, traffic, networks, or users. It takes the old model— “trust but verify”—and inverts it, because recent breaches have proven that when an organization trusts, it doesn’t verify
The Zero Trust Model of Information Security Tripwire
In today’s IT threat landscape, the attacker might just as easily be over the cubicle wall as in another country. In the past, organizations have been content to use a trust and verify approach to information security, but that’s not working as threats from malicious insiders represent the most risk to organizations. Listen in as John Kindervag, Forrester Senior Analyst, explains why it’s not working and what you can do to address this IT security shortcoming.
In this webcast, you’ll hear:
Examples of major data breaches that originated from within the organization
Why it’s cheaper to invest in proactive breach prevention—even when the organization hasn’t been breached
What’s broken about the traditional trust and verify model of information security
About a new model for information security that works—the zero-trust model
Immediate and long-term activities to move organizations from the "trust and verify" model to the "verify and never trust" model
Get comprehensive protection across all your platforms and clouds
Protect your organization from threats across devices, identities, apps, data and clouds. Get unmatched visibility into your multiplatform environment that unifies Security Information and Event Management (SIEM) and Extended Detection and Response (XDR). Simplify your security stack with Azure Sentinel and Microsoft Defender.
[Round table] zeroing in on zero trust architectureDenise Bailey
Idea of Zero Trust
Frameworks e.g. NIST framework
Building a Zero Trust Architecture
Building Tech stack for transition to Zero Trust Architecture
Building Tech stack for directly implementing Zero Trust Architecture
This Deck, gives you an overview of the zero trust security posture, considerations you should have while looking to adopt that posture, and the advantages of doing so.
This is Microsoft Azure Information Protection which helps you out to protect your data being accessible to the unauthorized users. This is an overview for the AIP
Understanding Zero Trust Security for IBM iPrecisely
As security threats continue to evolve and increase, companies need to also adapt their approach to IT security. One important concept that is gaining in popularity and adoption is zero trust security. The main concept behind the zero trust security model is "never trust, always verify,” which means that devices should not be trusted by default, even if they are connected to a permissioned network such as a corporate LAN and even if they were previously verified.
Zero Trust means moving beyond a perimeter security strategy. As companies offer customers and business partners new digital experiences and processes, networks can be local, in the cloud, or a combination or hybrid with resources anywhere as well as workers in any location. This dynamic is impacting IBM i customers and zero trust security is an important element of a modern security strategy.
Join us for this webcast to hear about:
• Understanding zero trust security concepts
• Zero trust security in the real world
• Zero trust security for IBM i environments
BATbern48_How Zero Trust can help your organisation keep safe.pdfBATbern
This presentation will bring insights into how the Zero Trust framework can help organizations improve their cybersecurity posture and resilience and what the organizational challenges are.
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to RealityPriyanka Aash
Zero Trust Architecture rethinks strategies to secure corporate assets. ZTA may allow us to create more enduring security architectures, with less entropy vs. today's security architectures. However, lack of enabling standards is causing confusion about what ZTA is and vendor hype isn't helping either. This session will describe the current state of ZTA, and standards initiatives that may help bring clarity and reduce barriers to adoption.
With the increasing number of data breaches and cyber attacks, it's becoming clear that traditional security measures are no longer sufficient. Zero Trust security is an approach that assumes no user, device, or network is trustworthy by default. This seminar will explore the concept of Zero Trust and its application to data security.
During this seminar, we will cover a range of topics related to Zero Trust and data security, including the history and evolution of Zero Trust, the key principles of Zero Trust, and the different applications of Zero Trust in data security. We will also discuss the impact of Zero Trust on the job market and the skills required to work effectively with this approach.
Through a combination of lectures, case studies, and interactive discussions, attendees will gain a comprehensive understanding of the potential benefits of implementing a Zero Trust approach to data security. They will leave the seminar with practical insights and strategies to effectively leverage Zero Trust to protect their organization's data.
Learning Objectives:
Upon completion of this seminar, participants will be able to:
1. Understand the history and evolution of Zero Trust and its application to data security.
2. Gain insights into the key principles of Zero Trust and the different applications of this approach in data security.
3. Learn about the potential benefits and challenges of implementing a Zero Trust approach to data security.
4. Develop practical strategies for effectively leveraging Zero Trust to protect their organization's data.
5. Network with other industry professionals to share insights and best practices.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ISE and TrustSec
Recent breaches have demonstrated that insider threats and determined attackers are effectively able to operate on the network interior where they can wreak havoc on an organization. As a result, it has become necessary to implement security policies inside the network. This webinar describes a data intelligence-driven approach to dynamically segmenting the network to control threats and protect the enterprise through the use of NetFlow and Lancope’s StealthWatch® System in combination with Cisco ISE and TrustSec.
This webinar will cover:
• design and deployment scenarios
• use cases
• best practices
• configuration examples
• forward-leaning vision
The primary takeaway of this webinar is a methodology for leveraging StealthWatch to drive segmentation policies and control threats on the network interior.
Security Architecture Best Practices for SaaS ApplicationsTechcello
Gartner has predicted 18-20% growth in SaaS market, and expects it to hit US $22.1 billion by the year 2015. They have also measured that SaaS adoption rate has increased many fold in the last few years (almost 71% of enterprises use SaaS solutions).
Government Webinar: Improving Security Compliance with IT Monitoring Tools SolarWinds
In this webinar SolarWinds and DH Technologies discussed how SolarWinds infrastructure monitoring tools can be used to help improve your agency’s IT security posture. We discussed how our solutions help manage and monitor network devices and their configurations to enhance risk management, IT security, and compliance. Discussions included simplifying day-to-day operations, increasing automation, and generating reports to help verify compliance and highlight violations.
During this interactive webinar, attendees learned about:
Leverage Network Configuration Manager (NCM) and Security Event Manager (SEM) (formerly Log & Event Manager) to verify that controls have been implemented correctly
Employ SEM, Network Performance Monitor, and NCM to monitor that controls are working as expected
Quickly and easily produce out-of-the-box compliance reports for DISA STIGS, FISMA, and more
Leverage Server Configuration Monitor (SCM) to track and get alerted when server configurations change
Zero Trust Best Practices for KubernetesNGINX, Inc.
on-demand: https://www.nginx.com/resources/webinars/zero-trust-best-practices-for-kubernetes/
With adoption of containers, clouds, and distributed deployments, traditional perimeter-based security models no longer work. The sophistication and number of cybersecurity attacks is growing exponentially and Kubernetes carries significant risks of threat exposure if not properly secured.
In this webinar, we explore the benefits of adopting a Zero Trust model to secure your Kubernetes infrastructure. Our presenters will share seven best practices to help you achieve your security goals, solving the most common Kubernetes security challenges in the most efficient way.
There are five IT auditing mistakes organizations make in their goal to achieve the 6 "W"s compliance requirements. The presentation brings into attention the one security challenge we can address with Quest and data analytics platforms like Nextgen's Cyberquest
Cloud Security: A Business-Centric Approach in 12 StepsOmar Khawaja
The move to the cloud is being driven by the business (not IT), yet we continue to take an IT-centric (applications, servers, CPUs, etc.) approach to cloud security. We propose a way forward to address this incongruence, a recipe based on interactions with CIOs, CSOs and business leaders all over the world
The update to NIST Special Publication 800-63 Revision 3 covers guidelines on digital identity management, identity proofing and authentication of users working with government IT systems over open networks – and serves as de facto guidance far beyond government and into many industries that are depending on secure user authentication.
Part of the guidelines recommend higher-assurance authentication, including the use of multi-factor authentication with public key cryptography, where private keys are tightly bound to the device. This, of course, is the core of the FIDO approach which has been implemented in over 300 FIDO certified products worldwide that are powering authentication solutions from top service providers such as Google, Facebook, Aetna and more.
In this presentation, experts review the NIST guidelines and their relationship to FIDO Authentication.
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...SolarWinds
In this webinar, our SolarWinds sales engineer and guest speaker Eric Hodeen discussed how to reduce your vulnerabilities and harden your infrastructure. They also reviewed best practices, share resources, and demonstrate how our products can be used to help manage vulnerabilities at your organization. They reviewed common infrastructure hardening best practices and how to use the DISA STIGs to teach the basics such as validation of FIPS require protocols, baseline STIG’ed configuration for the enterprise, and other tips on securing your infrastructure .
During this interactive webinar, attendees learned how to::
• Leverage automated network configuration tools to deploy standardized configurations, detect out-of-process changes, audit configurations, and even correct violations
• Audit device configurations and logs for NIST FISMA, DISA STIG, and DSS PCI compliance
• Discover patch statuses and vulnerabilities, and automate patch management
• Detect, track, and compare system and application configuration changes to confirm changes, even when systems are off-line
• Leverage access rights management to understand and act on high-risk access and reduce vulnerabilities
Certes webinar securing the frictionless enterpriseJason Bloomberg
Join Jason Bloomberg, President of Intellyx and contributor to Forbes and Satyam Tyagi, CTO for Certes Networks as they explore securing the frictionless enterprise.
- The Dark Side of the Frictionless Enterprise
- The Limitations of Network Segmentation
- Borderless Enterprises Require Borderless Security
- Crypto-Segmentation: Security in a Post-Trust World
- Certes Networks CryptoFlows
- Crypto-Segmentation with CryptoFlows
Presentation during the Inaugural IEEE Smart Grid Cybersecurity Workshop (http://sites.ieee.org/ucw/). The talk was in Session 1: Overview of the Security Situation/Risk Managment. The presentation identifies 5 hurdles that need to be addressed before we can secure the grid. Other presentations from the event are available for download at the IEEE Smart Grid Resource Center http://resourcecenter.smartgrid.ieee.org/category/conferences/-/society-featured-articles/subcategory/913483
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Fina...Emrah Alpa, CISSP CEH CCSK
Micro Focus SRG Solution Mapping to the New BDDK Regulations for Turkish Finance Industry. ArcSight, Fortify, Voltage, NetIQ, Data Discovery and File Analysis suites.
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
Delve into the transformative realm of Zero Trust Architecture and witness its revolutionary impact on cybersecurity practices. This comprehensive exploration navigates the fundamental principles, practical applications, and strategic considerations of Zero Trust, empowering you to fortify your organization's defenses against modern cyber threats. Discover the tools, technologies, and methodologies driving Zero Trust implementation, and gain valuable insights into its benefits and challenges in today's dynamic digital landscape.
Webinar: Real IT Compliance with SolarWindsSolarWinds
In this webinar, attendees learned how to leverage automation to improve responsiveness to IT threats and help their organization comply with cyber security regulations, mandates, and policies. Attendees learned about SolarWinds products that can provide automated responses and how they can be leveraged to help reduce reaction times and improve their organization’s security posture.
SolarWinds Government and Education sales engineers reviewed and demonstrated automation features of Network Configuration Manager (NCM), Security Event Manager (SEM), formerly Log & Event Manager, NetFlow Traffic Analyzer (NTA), and Log Analyzer (LA), and how they can be used to help improve governmental and organizational compliance. They also reviewed how our API can be used to integrate with other applications to support organizational objectives.
During this interactive webinar, attendees learned about:
• How NCM detects out-of-process configuration changes, audits configurations, and even corrects violations
• How SEM provides cross-platform event processing, notification, and remediation
• How to configure SEM rules and active responses to meet your organization’s security objectives
• How NTA supports port 0 monitoring and how it can alert on flow traffic thresholds per protocol
• How LA provides real-time log streaming and visualization to help identify the root cause and reduce troubleshooting
• How to push and pull data leveraging the Orion® Platform API and utilize the OrionSDK and SWQL to sync between external applications and tools
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
3. • Introductions
• What is Micro-Segmentation and Zero Trust?
• How does Zero Trust relate to compliance?
• Guardicore and Micro-Segmentation
• YouAttest and Compliance
• Short Demo
• Q & A
Agenda
6. Zero Trust Defined
• Developed by Forrester in 2010
• Assumes that every user, device,
system, or connection is already
compromised
• Requires extensive segmentation
Zero Trust is strategically focused on
addressing lateral threat movement within the
network by leveraging microsegmentation and
granular enforcement, based on user context,
data access controls, location, app and the
device posture”
Dr. Chase Cunningham, Principal Analyst,
Forrester @ Forrester Security & Risk 2019
Conference
7. Why Zero Trust Matters: A Real-World Example
Fileless
SSH worm
P2P Botnet Novel (previously
unseen P2P module)
Aggressive
Efficient
8. So Why Haven’t More Enterprises Implemented Zero Trust?
43%
interested in
implementing Zero Trust
63%
say their organization’s legacy
firewall does not enable Zero
Trust across the enterprise
26%
Only
have already
implemented Zero Trust
9. How Are Security Vendors Adapting?
Guardicore is charging into the Zero Trust space,
with an approach to enabling Zero Trust that is
emblematic of the largest players…”
• Zero Trust Workloads
• Visibility and Analytics
• ZTX Vision and Strategy
• ZTX Roadmap and
Differentiation
• Portfolio Growth Rate
Guardicore named “Strong Performer, achieved
highest scores possible in 7 criteria, including:
10. Five Steps to a Systematic Zero Trust Architecture
Identify Your
Sensitive Data
Map the Flows of
Your Sensitive Data
Architect Your
Zero Trust
Microperimeters
Continuously Monitor
Your Zero Trust
Ecosystem with
Security Analytics
Embrace Security
Automation and
Orchestration
1. 2. 3. 4. 5.
11. Zero Trust and Compliance
Garret Grajek, CEH, CISSP
YouAttest, CEO
12. Tenants of Zero Trust
1. Enforce Authentication and Authorization
2. Maintain data integrity
3. Gather data for improved security
4. Consider every data source and computing device as
a resource
5. Keep all communication secured regardless of
network location
6. Grant resource access on a per-session basis
7. Moderate access w/ a dynamic policy
13. Requires regularly schedule user and access
reviews.
Asset owners should review user’s access rights
at regular intervals.
Specific Regulations: All Site Access Policies and Mandate Reviews
SOX 404B
ISO/IEC 27001
A.9.2.2.5
✔
✔
✔
HIPAA requires regularly review of audit logs,
access reports, and security incident tracking
reports.
HIPAA/HITRUST
✔ SOC 2 Type 2 Requires access controls in place for access to
data and this access be reviewed.
✔ PCI-DSS PCI Requirement 7.1.1-7.1.4 – requires quarterly
reviews of user accounts to verify roles and
privileges
14. PR.AC-4 - Identities and access must be reviewed
NIST PROTECT (PR) and Access Reviews
Access reviews are performed semiannually by each application or infrastructure owner, to confirm
that access is still required. Any exceptions found must be removed within ten business days..
(Appendix A: NIST CSF Internal Controls)
Appendix A: https://link.springer.com/content/pdf/bbm%3A978-1-4842-3060-2%2F1.pdf
15. NIST PROTECT (PR) and Access Reviews
The principle of least privilege is also applied to information system processes, ensuring that the
processes operate at privilege levels no higher than necessary to accomplish required organizational
missions/business functions. Organizations consider the creation of additional processes, roles, and
information system accounts as necessary, to achieve least privilege.
PR.AC-6 POLP - Principle of Least Privilege
16. Zero Trust Architecture: NIST Publishes SP 800-207
NIST publishes Special Publication (SP) 800-207, "Zero Trust Architecture."
August 11, 2020
• Is a series of cybersecurity measures and guidelines highlighting the core components
of Zero Trust principles.
• It is NOT currently
• A quantifiable list of mandatory to-dos for compliance
• This is not what NIST does
• NIST creates the standards
• Legislatures and industry groups determine to make regulations
• Often use NIST standards as guidelines
NIST and Zero Trust
20. It’s Time to Rethink Firewalls
Data Center Cloud
The old way
• Tied to environment and network
• Different approaches for different
environments / technologies
• Slow and difficult to change
• Network-centric policies
• Software-only approach
• One set of security policies
that work everywhere
• Easy to visualize and change
• Workload-centric policies
The new way
Faster
Lower risk
Lower
costs
Physical firewall appliances
creating network choke
points
Virtual firewall appliances
creating network choke
points
Data Center Cloud
Software-based policies based on finer-grained attributes
(e.g., process, user, fully-qualified domain name)
Minimize hardware
refresh cycles and
overhead
It’s Time to Rethink Firewalls
21. There is Now a Better Alternative
Faster
45
applications
6 weeks
No downtime
Lower
Risk
Up to 99%
attack surface
reduction
Lower
Cost
85% TCO
savings over
legacy
firewalls
ere is Now a Better Alternative
24. SECURITY
CLOUD
5 – Embrace Security Automation and Orchestration
VIRTUAL DESKTOPS AND APPS IOT
IT AUTOMATION AND ITSM SOLUTIONS
SIEM/SOAR IDENTITY & ACCESS MANAGEMENT
INFRASTRUCTURE
IGA
25. In Summary: Five Steps to Zero Trust
Identify Your
Sensitive Data
Map the Flows of
Your Sensitive Data
Architect Your
Zero Trust
Microperimeters
Continuously
Monitor Your Zero Trust
Ecosystem with Security
Analytics
Embrace Security
Automation and
Orchestration
Fast and simple
visualization identifies
and classifies sensitive
data and workloads
Automated flow and
dependency mapping
creates a visual map of all
flows to sensitive data
Policy Engine and
Wizards enable rapid
definition of any
segmentation/micro-seg
mentation policy
REST APIs and
Orchestration
Integration simplifies
automation in any
environment
Real-Time Monitoring
and Analysis quickly
identifies security
incidents and integrates
with SIEM.
Guidance
Guardicore
Capabilities
27. Source: https://docs.microsoft.com/en-us/windows/win32/ad/domain-user-accounts
A domain user account enables the service to take full advantage of the
service security features of Windows and Microsoft Active Directory Domain
ServicesWindow.
Advantage
• Domain user account is the service action are limited by the Access Rights and
Privileges associated w/ the account
Examples
• YouAttest API key is associated to a domain-based service account
• Where Read/Write privileges can be quantified
Microsoft Recommendation:
Domain User Service Accounts
28. Run a custom powershell script and upload AD Users
and Group CSV
33. Best practice is to:
• Many enterprises still use AD as store of record
• Enforce and audit your network permissions
YouAttest and Guardicore:
• Repeatable access reviews quantifying
• Roles
• Groups
• Permissions
Micro-Segmentation and Zero Trust
34. Technology partner focused on aligning People, Process, Technology, and Data.
• Business Outcomes
• Customer Success
• Experience / Approach
Cloud Ingenuity
Contact: shep@cloudingenuity.com
www.cloudingenuity.com