Modern Security the way Equifax Should Have
•Download as PPTX, PDF•
1 like•242 views
Robin Systems VP of Products Razi Sharir sits down with Cybersecurity Expert Eric Vandenburg for a chat about modern datacenter and hybrid cloud security challenges and considerations in the context of Equifax breach.
Report
Share
Report
Share
Recommended
Garantice la continuidad de su negocio Damian Prieto
This document discusses strategies for securely delivering apps and data. It outlines challenges around mobile security, secured access, data and IP protection, compliance, and business continuity. It then presents the Secure Digital Workspace solution from Citrix, which uses a software-defined perimeter, centralized management, and contextual access to address these challenges. Contact information is provided for Damián Prieto and Vanessa Vilchez to discuss this solution further.
Intelligent Cybersecurity for the Real World
Cisco is investing heavily in cybersecurity to address the growing threat landscape and security effectiveness gap. The company's threat-centric security model provides visibility, control, intelligence and context across networks, endpoints, mobile devices, virtual systems and the cloud to speed detection and remediation times. Cisco's integrated threat defense architecture aims to simplify security through automation and sharing of global intelligence while improving efficacy.
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Abu Sadeq gave a presentation at the NTXISSA Cyber Security Conference on taking a holistic approach to cybersecurity. He discussed using the NIST Cybersecurity Framework (CSF) to assess an organization's cybersecurity program. The CSF consists of five functions - Identify, Protect, Detect, Respond, Recover - to help manage cybersecurity risks. Sadeq also emphasized implementing seven key controls, such as inventory management and secure configurations, which provide effective defense against most common cyber attacks.
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
1) The document discusses Cisco Tetration Analytics, a product that provides visibility and security for data centers through machine learning-powered network monitoring and analytics.
2) Tetration collects data from sensors on network devices, servers, and endpoints to generate metadata about all network traffic and identify anomalies, outliers, and deviations from baselines.
3) It offers capabilities like application dependency mapping, real-time whitelisting, inventory of software and open ports, and network forensics to help strengthen data center security, reduce mean time to identify issues, and enable compliance.
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNorth Texas Chapter of the ISSA
Ed Higgins presented on adopting a zero trust security model at the NTXISSA Cyber Security Conference on November 10-11, 2017. He discussed how the traditional perimeter-based security model has failed as data becomes more mobile, and zero trust is a more effective approach. Zero trust requires that all access be earned through authentication and authorization, and assumes there is no implicit trust granted by network location or IP address. Higgins outlined some of the key advantages of zero trust, such as making lateral movement harder for attackers and enabling digital transformation by removing inconsistent security controls.Accelerating Digital Leadership
This document discusses security threats for Internet of Things (IoT) devices and proposes a "Security as a Service" model. It outlines common attacks like viruses, replay attacks, man-in-the-middle attacks, and distributed denial of service attacks that can threaten IoT environments. The document recommends using existing security standards and adding encryption where possible to help secure IoT devices and gateways. It also suggests outsourcing security functions to specialized providers if security is not a core competency. The "Security as a Service" model involves providing managed security systems, security operation centers, and other services to help protect IoT networks and devices.
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...NetworkCollaborators
The document discusses the challenges of cybersecurity in a world of digital business and relentless change. It notes that data has become currency, but that information overload, skills gaps, and evolving threats pose challenges. It asks how organizations can change the equation to more effectively protect themselves through approaches like controlling network access, quickly finding and containing problems, simplifying network segmentation, and stopping threats at the edge. The document advocates the Cisco security architecture and threat intelligence approach to enable seeing threats once and protecting everywhere across endpoints, cloud, and networks. It provides examples of challenges like WannaCry and the transition to multi-cloud environments.Web hacking using Cyber range
Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed.
Recommended
Garantice la continuidad de su negocio Damian Prieto
This document discusses strategies for securely delivering apps and data. It outlines challenges around mobile security, secured access, data and IP protection, compliance, and business continuity. It then presents the Secure Digital Workspace solution from Citrix, which uses a software-defined perimeter, centralized management, and contextual access to address these challenges. Contact information is provided for Damián Prieto and Vanessa Vilchez to discuss this solution further.
Intelligent Cybersecurity for the Real World
Cisco is investing heavily in cybersecurity to address the growing threat landscape and security effectiveness gap. The company's threat-centric security model provides visibility, control, intelligence and context across networks, endpoints, mobile devices, virtual systems and the cloud to speed detection and remediation times. Cisco's integrated threat defense architecture aims to simplify security through automation and sharing of global intelligence while improving efficacy.
Ntxissacsc5 blue 5-holistic approach to cybersecurity-abu_sadeq
Abu Sadeq gave a presentation at the NTXISSA Cyber Security Conference on taking a holistic approach to cybersecurity. He discussed using the NIST Cybersecurity Framework (CSF) to assess an organization's cybersecurity program. The CSF consists of five functions - Identify, Protect, Detect, Respond, Recover - to help manage cybersecurity risks. Sadeq also emphasized implementing seven key controls, such as inventory management and secure configurations, which provide effective defense against most common cyber attacks.
[Cisco Connect 2018 - Vietnam] Anh duc le building a secure data center
1) The document discusses Cisco Tetration Analytics, a product that provides visibility and security for data centers through machine learning-powered network monitoring and analytics.
2) Tetration collects data from sensors on network devices, servers, and endpoints to generate metadata about all network traffic and identify anomalies, outliers, and deviations from baselines.
3) It offers capabilities like application dependency mapping, real-time whitelisting, inventory of software and open ports, and network forensics to help strengthen data center security, reduce mean time to identify issues, and enable compliance.
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higgins
Ntxissacsc5 blue 7-zerotrust more effective approach to security-ed higginsNorth Texas Chapter of the ISSA
Ed Higgins presented on adopting a zero trust security model at the NTXISSA Cyber Security Conference on November 10-11, 2017. He discussed how the traditional perimeter-based security model has failed as data becomes more mobile, and zero trust is a more effective approach. Zero trust requires that all access be earned through authentication and authorization, and assumes there is no implicit trust granted by network location or IP address. Higgins outlined some of the key advantages of zero trust, such as making lateral movement harder for attackers and enabling digital transformation by removing inconsistent security controls.Accelerating Digital Leadership
This document discusses security threats for Internet of Things (IoT) devices and proposes a "Security as a Service" model. It outlines common attacks like viruses, replay attacks, man-in-the-middle attacks, and distributed denial of service attacks that can threaten IoT environments. The document recommends using existing security standards and adding encryption where possible to help secure IoT devices and gateways. It also suggests outsourcing security functions to specialized providers if security is not a core competency. The "Security as a Service" model involves providing managed security systems, security operation centers, and other services to help protect IoT networks and devices.
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...
Cisco Connect 2018 Malaysia - Changing the equation-cybersecurity in digital ...NetworkCollaborators
The document discusses the challenges of cybersecurity in a world of digital business and relentless change. It notes that data has become currency, but that information overload, skills gaps, and evolving threats pose challenges. It asks how organizations can change the equation to more effectively protect themselves through approaches like controlling network access, quickly finding and containing problems, simplifying network segmentation, and stopping threats at the edge. The document advocates the Cisco security architecture and threat intelligence approach to enable seeing threats once and protecting everywhere across endpoints, cloud, and networks. It provides examples of challenges like WannaCry and the transition to multi-cloud environments.Web hacking using Cyber range
Bring out the hacker in you by trying out Security Innovation’s Hacking CyberRange – specially designed web applications with real world vulnerabilities. A parallel class session will also teach novices about how to uncover simple vulnerabilities and evolve into uncovering more complex vulnerabilities. You can simply sit and learn or get straight to hacking our application or follow along and do both. Live scores of participants will be displayed.
Cisco Connect 2018 Indonesia - Delivering intent for data center networking
The document discusses Cisco's approach to intent-based networking for data centers. It describes how modern data centers are increasingly complex with distributed applications and microservices. It introduces Cisco's intent lifecycle approach, which includes automation, analytics, assurance, and policy to guarantee consistency and compliance with intent. Key components of Cisco's solution include Application Centric Infrastructure (ACI), Tetration for visibility and segmentation, and the Network Assurance Engine for continuously validating the network configuration matches intent through mathematical modeling.
Infosec Europe 2017 Highlights | Lastline, Inc.
Advanced malware protection was a Major draw at Infosecurity Europe this year. This SlideShare includes highlights from the Lastline team.
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
See how Citadel Group replaced their IT ops infrastructure monitoring tool with Elastic Security and Elastic Cloud Enterprise — and how it positively impacted their enterprise software and services managed offerings for their end customers across the world.
Netskope Overview
NetskopeTM is the leader in cloud app analytics and policy enforce- ment. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps.
Innovating at speed and scale with implicit security
Growth depends on continuous innovation with emerging technology at speed and scale. How can you do it securely? And why is the timing so vital, as businesses emerge from economic uncertainty?
ePlus Virtual Chief Information Security Officer (vCISO)
This document describes the virtual Chief Information Security Officer (vCISO) services offered by ePlus Security. The vCISO supplements an organization's existing security and IT staff by providing strategic security expertise and tactical execution. This includes conducting security program reviews, developing incident response plans, and mentoring information security managers. Hiring a vCISO from ePlus allows organizations to gain a better understanding of security threats, develop stronger risk frameworks, and educate executive leadership on the business value of security.
Growing need for cyber security
Cyber security is a procedure of protecting computers, networks, programs and data from unauthorized entree. It hinges on a technology with multiple layers of protection while educating its users with smart cyber defense choices in the process.
The Definitive CASB Business Case Kit - Presentation
As #1 on Gartner’s information security agenda, CASB is a must-have. But is your business case lined up? Get started now with the definitive CASB business case starter kit. The kit includes:
- The Gartner Market Guide to Cloud Access Security Brokers
- A CASB justification letter that you can tailor and deliver to your decision-maker
- A CASB ROI calculator into which you can enter your assumptions, plus a 3-slide companion executive presentation
- A sample Cloud Risk Assessment so you know what to expect when you request this analysis from your CASB
- The Netskope Cloud Report, which contains the latest cloud security benchmarks
- The 15 Most Critical CASB Use Cases eBook, which will help you understand and prioritize your CASB use cases
Cost of Cyber Crime UK Data
UK Insights on investments in security capabilities that can realize the greatest efficiency and effectiveness.
Cisco Connect 2018 Vietnam - Cisco meraki
The document discusses Cisco's Meraki and DNA Center products. It describes how DNA Center version 1.1 allows Meraki devices to be managed through the DNA Center controller, providing visibility of Meraki networks. This integration provides customers with a single management option for hybrid Meraki and DNA Center networks. The document also outlines new features for Meraki products including wireless health monitoring, location analytics, and business intelligence tools.
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...African Cyber Security Summit
Les équipes de sécurité ont besoin de solutions de cyber sécurité de pointe (Arbor Edge Defense) , capables
de détecter et d’arrêter tous les types de menaces cybernétiques - qu’elles soient des menaces entrantes
(DDOS & Advanced Threat) ou des communications malveillantes sortantes à partir de périphériques internes
compromis. De manière aussi importante, ces solutions doivent également pouvoir s'intégrer dans la pile de sécurité existante d'une organisation et / ou consolider des fonctionnalités afin de réduire les coûts, la complexité et les
risques.
La conférence a pour objectif de montrer l’évolution des menaces DDOS et Advanced threat sur le volet de la
complexité et aussi la volumétrie. Cette évolution a un impact directe sur les solutions à mettre en place pour faire face à ce changement.
NETSCOUT AED (Arbor Edge Defence) est une telle solution pour répondre efficacement à cette
problématique. La position unique d'AED sur le bord du réseau (c'est-à-dire entre le routeur et le pare-feu), son moteur de traitement de paquets sans état et les informations de menace basées sur la réputation qu'elle reçoit du flux ATLAS Threat Intelligence de NETSCOUT lui permettent de détecter et d'arrêter automatiquement les menaces entrantes et les communications sortantes. des hôtes internes compromis - agissant essentiellement en tant que première et dernière ligne de défense pour les organisations.
Moncef ZID - Arbor Networks Sales Manager France and North Africa - NetscoutDASA: FASS 2: Overview of DASA
Defence and Security Accelerator (DASA)
Future Aviation Security Solutions - competition 2 (FASS 2)
Finding explosives hidden in electrical items
Innovation network event
Finding explosives hidden in electrical items
London, 28 November 2017
Paradigm of Dependable Security
The speaker discusses where dependable security comes from. He argues that while vendors, standards, and consultants play a role, dependable security ultimately comes from dependable people. The International Society of Secure Application (ISSA) is working to make security professionals more dependable by focusing on their education, professional development, delivering value to members and communities, and strengthening local chapters globally. The presentation concludes with a discussion.
Security Consulting Services
Every organization has security concerns. ePlus Security Consulting Services can help you make sense of it all. Contact ePlus today to start addressing today's security challenges.
Ministry of Foreign Affairs
Barack Obama hosted the first Nuclear Security Summit in 2010 to address nuclear terrorism. The 2014 summit in The Hague brought together 58 world leaders to discuss progress and remaining goals. Cisco helped design and implement a secure wired and wireless network for the event to support over 1500 delegates on portable devices without any security breaches or downtime. The network performed well under pressure as concerns were raised on social media during the summit.
How Silicon Valley startups are approaching security differently
Presented at Secure 360 in May 2015:
Based on my blog post: 5 Ways Silicon Valley “Startups” Are Approaching Security Differently – Available here: http://blog.opendns.com/2014/09/26/5-ways-silicon-valley-startups-approaching-security-differently
The perimeter is dissolving. Your users are going mobile. The Cloud is descending upon us. However you say it, the IT landscape is definitely changing, and thanks to these seismic shifts, cracks in your security have developed that allow the bad guys in. So if you could start from scratch and design your IT organization again with the benefit of today’s technology, how would you do it differently? I asked that question and got answers from a few of the who’s who of the Silicon Valley “startups” that have experienced explosive growth in recent years. While it may be impossible or impractical to immediately apply these changes to your organization, understanding their approach could give you a valuable window into how your organization may be forced to change in the coming months or years if you hope to be successful securing your IT environment of the future.
Seguridad en Capas: Smart & Actionable Data
This document discusses the growing threat of distributed denial of service (DDoS) attacks and the Internet of Things (IoT). It notes that DDoS attacks have increased dramatically in size, frequency and complexity in recent years due to the rise of IoT botnets. In 2016, a massive DDoS attack leveraging the Mirai botnet brought down a major DNS provider, disrupting access to many websites. The document warns that DDoS attacks will continue to grow larger in scale and become more sophisticated over time as attackers develop new techniques, with a 1.7 terabit per second attack occurring in 2018 using the Memcached protocol. It emphasizes the need for layered security solutions to effectively defend against evolving
Feb13 webinar the path to u.s. - japan data transfer compliance - final
Japan’s data protection law, the Act on the Protection of Personal Information (APPI) requires that companies have sufficient data protections for data transfers out of Japan. Since APPI went into effect in May 2017, companies, including subsidiaries of U.S.-headquartered companies in Japan, are liable for any violation and are subject to enforcement.
APPI recognizes that the APEC Cross Border Privacy Rules (CBPR) system is one mechanism to demonstrate that required data protections are in place. An APEC CBPR Certification can support companies’ compliance efforts with APPI and show their commitment to secure U.S . -Japan data transfer.
This webinar covered the following:
-International data transfer requirements under APPI and who they apply to along with how the APEC CBPR system fits in with these requirements
-Introduction to APEC CBPR certification, including benefits in the context of APPI requirements
-Real-world examples from industry experts on how APEC CBPR certification can fit in with your global compliance strategy
Cisco Connect 2018 Indonesia - The Network Intutive
The document discusses Cisco's Meraki and DNA Center products. It describes how DNA Center 1.1 provides visibility into Meraki devices, integrating them into the DNA Center controller. This allows for hybrid management of Meraki and Cisco networks from a single pane of glass. The document also outlines new features for Meraki, including Meraki Insight for operational efficiency, MV Analytics for business intelligence, and Wireless Health. These enhancements provide troubleshooting insights, application visibility, and wireless client health metrics.
Conferencia principal: Evolución y visión de Elastic Security
Los equipos de SecOps asumen más responsabilidad que nunca para aumentar actividad desde una fuerza de trabajo recientemente remota, lo que acelera la necesidad de la transformación digital. Conoce cómo evolucionó Elastic Security para ayudar a los equipos de SecOps tomar un enfoque más amplio e inclusivo en base a la seguridad y preparar a sus organizaciones para el éxito. Además, conoce la visión de lo que vendrá.
CWIN17 Rome / A holostic cybersecurity
The document discusses adopting a holistic approach to cybersecurity that incorporates technical, human, and physical factors. A holistic approach is needed because risk can never be zero, technology is only a small part of the solution, and attackers only need to find one vulnerability. The document then outlines Capgemini's cybersecurity framework and services, including consulting, protection, monitoring, and threat hunting services. It argues this holistic 360-degree approach is needed to securely control assets across IT systems, operational technology, the internet of things, and cloud environments.
Cy Cops Company Presentation
CyCOPS is an information security company based in Hyderabad, India founded in 2008. It has a team of 25 security professionals with certifications like CISSP and CEH. CyCOPS provides services like vulnerability assessments, penetration testing, security audits, digital forensics, and wireless security. It has experience working with clients in India and abroad from sectors like banking, government, and technology. CyCOPS also partners with IBM and Sipera Systems to offer additional managed security services and unified communications security solutions.
More Related Content
What's hot
Cisco Connect 2018 Indonesia - Delivering intent for data center networking
The document discusses Cisco's approach to intent-based networking for data centers. It describes how modern data centers are increasingly complex with distributed applications and microservices. It introduces Cisco's intent lifecycle approach, which includes automation, analytics, assurance, and policy to guarantee consistency and compliance with intent. Key components of Cisco's solution include Application Centric Infrastructure (ACI), Tetration for visibility and segmentation, and the Network Assurance Engine for continuously validating the network configuration matches intent through mathematical modeling.
Infosec Europe 2017 Highlights | Lastline, Inc.
Advanced malware protection was a Major draw at Infosecurity Europe this year. This SlideShare includes highlights from the Lastline team.
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
See how Citadel Group replaced their IT ops infrastructure monitoring tool with Elastic Security and Elastic Cloud Enterprise — and how it positively impacted their enterprise software and services managed offerings for their end customers across the world.
Netskope Overview
NetskopeTM is the leader in cloud app analytics and policy enforce- ment. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps.
Innovating at speed and scale with implicit security
Growth depends on continuous innovation with emerging technology at speed and scale. How can you do it securely? And why is the timing so vital, as businesses emerge from economic uncertainty?
ePlus Virtual Chief Information Security Officer (vCISO)
This document describes the virtual Chief Information Security Officer (vCISO) services offered by ePlus Security. The vCISO supplements an organization's existing security and IT staff by providing strategic security expertise and tactical execution. This includes conducting security program reviews, developing incident response plans, and mentoring information security managers. Hiring a vCISO from ePlus allows organizations to gain a better understanding of security threats, develop stronger risk frameworks, and educate executive leadership on the business value of security.
Growing need for cyber security
Cyber security is a procedure of protecting computers, networks, programs and data from unauthorized entree. It hinges on a technology with multiple layers of protection while educating its users with smart cyber defense choices in the process.
The Definitive CASB Business Case Kit - Presentation
As #1 on Gartner’s information security agenda, CASB is a must-have. But is your business case lined up? Get started now with the definitive CASB business case starter kit. The kit includes:
- The Gartner Market Guide to Cloud Access Security Brokers
- A CASB justification letter that you can tailor and deliver to your decision-maker
- A CASB ROI calculator into which you can enter your assumptions, plus a 3-slide companion executive presentation
- A sample Cloud Risk Assessment so you know what to expect when you request this analysis from your CASB
- The Netskope Cloud Report, which contains the latest cloud security benchmarks
- The 15 Most Critical CASB Use Cases eBook, which will help you understand and prioritize your CASB use cases
Cost of Cyber Crime UK Data
UK Insights on investments in security capabilities that can realize the greatest efficiency and effectiveness.
Cisco Connect 2018 Vietnam - Cisco meraki
The document discusses Cisco's Meraki and DNA Center products. It describes how DNA Center version 1.1 allows Meraki devices to be managed through the DNA Center controller, providing visibility of Meraki networks. This integration provides customers with a single management option for hybrid Meraki and DNA Center networks. The document also outlines new features for Meraki products including wireless health monitoring, location analytics, and business intelligence tools.
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...African Cyber Security Summit
Les équipes de sécurité ont besoin de solutions de cyber sécurité de pointe (Arbor Edge Defense) , capables
de détecter et d’arrêter tous les types de menaces cybernétiques - qu’elles soient des menaces entrantes
(DDOS & Advanced Threat) ou des communications malveillantes sortantes à partir de périphériques internes
compromis. De manière aussi importante, ces solutions doivent également pouvoir s'intégrer dans la pile de sécurité existante d'une organisation et / ou consolider des fonctionnalités afin de réduire les coûts, la complexité et les
risques.
La conférence a pour objectif de montrer l’évolution des menaces DDOS et Advanced threat sur le volet de la
complexité et aussi la volumétrie. Cette évolution a un impact directe sur les solutions à mettre en place pour faire face à ce changement.
NETSCOUT AED (Arbor Edge Defence) est une telle solution pour répondre efficacement à cette
problématique. La position unique d'AED sur le bord du réseau (c'est-à-dire entre le routeur et le pare-feu), son moteur de traitement de paquets sans état et les informations de menace basées sur la réputation qu'elle reçoit du flux ATLAS Threat Intelligence de NETSCOUT lui permettent de détecter et d'arrêter automatiquement les menaces entrantes et les communications sortantes. des hôtes internes compromis - agissant essentiellement en tant que première et dernière ligne de défense pour les organisations.
Moncef ZID - Arbor Networks Sales Manager France and North Africa - NetscoutDASA: FASS 2: Overview of DASA
Defence and Security Accelerator (DASA)
Future Aviation Security Solutions - competition 2 (FASS 2)
Finding explosives hidden in electrical items
Innovation network event
Finding explosives hidden in electrical items
London, 28 November 2017
Paradigm of Dependable Security
The speaker discusses where dependable security comes from. He argues that while vendors, standards, and consultants play a role, dependable security ultimately comes from dependable people. The International Society of Secure Application (ISSA) is working to make security professionals more dependable by focusing on their education, professional development, delivering value to members and communities, and strengthening local chapters globally. The presentation concludes with a discussion.
Security Consulting Services
Every organization has security concerns. ePlus Security Consulting Services can help you make sense of it all. Contact ePlus today to start addressing today's security challenges.
Ministry of Foreign Affairs
Barack Obama hosted the first Nuclear Security Summit in 2010 to address nuclear terrorism. The 2014 summit in The Hague brought together 58 world leaders to discuss progress and remaining goals. Cisco helped design and implement a secure wired and wireless network for the event to support over 1500 delegates on portable devices without any security breaches or downtime. The network performed well under pressure as concerns were raised on social media during the summit.
How Silicon Valley startups are approaching security differently
Presented at Secure 360 in May 2015:
Based on my blog post: 5 Ways Silicon Valley “Startups” Are Approaching Security Differently – Available here: http://blog.opendns.com/2014/09/26/5-ways-silicon-valley-startups-approaching-security-differently
The perimeter is dissolving. Your users are going mobile. The Cloud is descending upon us. However you say it, the IT landscape is definitely changing, and thanks to these seismic shifts, cracks in your security have developed that allow the bad guys in. So if you could start from scratch and design your IT organization again with the benefit of today’s technology, how would you do it differently? I asked that question and got answers from a few of the who’s who of the Silicon Valley “startups” that have experienced explosive growth in recent years. While it may be impossible or impractical to immediately apply these changes to your organization, understanding their approach could give you a valuable window into how your organization may be forced to change in the coming months or years if you hope to be successful securing your IT environment of the future.
Seguridad en Capas: Smart & Actionable Data
This document discusses the growing threat of distributed denial of service (DDoS) attacks and the Internet of Things (IoT). It notes that DDoS attacks have increased dramatically in size, frequency and complexity in recent years due to the rise of IoT botnets. In 2016, a massive DDoS attack leveraging the Mirai botnet brought down a major DNS provider, disrupting access to many websites. The document warns that DDoS attacks will continue to grow larger in scale and become more sophisticated over time as attackers develop new techniques, with a 1.7 terabit per second attack occurring in 2018 using the Memcached protocol. It emphasizes the need for layered security solutions to effectively defend against evolving
Feb13 webinar the path to u.s. - japan data transfer compliance - final
Japan’s data protection law, the Act on the Protection of Personal Information (APPI) requires that companies have sufficient data protections for data transfers out of Japan. Since APPI went into effect in May 2017, companies, including subsidiaries of U.S.-headquartered companies in Japan, are liable for any violation and are subject to enforcement.
APPI recognizes that the APEC Cross Border Privacy Rules (CBPR) system is one mechanism to demonstrate that required data protections are in place. An APEC CBPR Certification can support companies’ compliance efforts with APPI and show their commitment to secure U.S . -Japan data transfer.
This webinar covered the following:
-International data transfer requirements under APPI and who they apply to along with how the APEC CBPR system fits in with these requirements
-Introduction to APEC CBPR certification, including benefits in the context of APPI requirements
-Real-world examples from industry experts on how APEC CBPR certification can fit in with your global compliance strategy
Cisco Connect 2018 Indonesia - The Network Intutive
The document discusses Cisco's Meraki and DNA Center products. It describes how DNA Center 1.1 provides visibility into Meraki devices, integrating them into the DNA Center controller. This allows for hybrid management of Meraki and Cisco networks from a single pane of glass. The document also outlines new features for Meraki, including Meraki Insight for operational efficiency, MV Analytics for business intelligence, and Wireless Health. These enhancements provide troubleshooting insights, application visibility, and wireless client health metrics.
Conferencia principal: Evolución y visión de Elastic Security
Los equipos de SecOps asumen más responsabilidad que nunca para aumentar actividad desde una fuerza de trabajo recientemente remota, lo que acelera la necesidad de la transformación digital. Conoce cómo evolucionó Elastic Security para ayudar a los equipos de SecOps tomar un enfoque más amplio e inclusivo en base a la seguridad y preparar a sus organizaciones para el éxito. Además, conoce la visión de lo que vendrá.
What's hot (20)
Cisco Connect 2018 Indonesia - Delivering intent for data center networking
Cisco Connect 2018 Indonesia - Delivering intent for data center networking
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
The Journey from Zero to SOC: How Citadel built its Security Operations from ...
Innovating at speed and scale with implicit security
Innovating at speed and scale with implicit security
ePlus Virtual Chief Information Security Officer (vCISO)
ePlus Virtual Chief Information Security Officer (vCISO)
The Definitive CASB Business Case Kit - Presentation
The Definitive CASB Business Case Kit - Presentation
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
Conférence - Arbor Edge Defense, Première et dernière ligne de défense intell...
How Silicon Valley startups are approaching security differently
How Silicon Valley startups are approaching security differently
Feb13 webinar the path to u.s. - japan data transfer compliance - final
Feb13 webinar the path to u.s. - japan data transfer compliance - final
Cisco Connect 2018 Indonesia - The Network Intutive
Cisco Connect 2018 Indonesia - The Network Intutive
Conferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic Security
Similar to Modern Security the way Equifax Should Have
CWIN17 Rome / A holostic cybersecurity
The document discusses adopting a holistic approach to cybersecurity that incorporates technical, human, and physical factors. A holistic approach is needed because risk can never be zero, technology is only a small part of the solution, and attackers only need to find one vulnerability. The document then outlines Capgemini's cybersecurity framework and services, including consulting, protection, monitoring, and threat hunting services. It argues this holistic 360-degree approach is needed to securely control assets across IT systems, operational technology, the internet of things, and cloud environments.
Cy Cops Company Presentation
CyCOPS is an information security company based in Hyderabad, India founded in 2008. It has a team of 25 security professionals with certifications like CISSP and CEH. CyCOPS provides services like vulnerability assessments, penetration testing, security audits, digital forensics, and wireless security. It has experience working with clients in India and abroad from sectors like banking, government, and technology. CyCOPS also partners with IBM and Sipera Systems to offer additional managed security services and unified communications security solutions.
Mobile Forensics and Cybersecurity
Mobile device usage has skyrocketed in enterprises and so have the risks. Eric Vanderburg and Trevor Tucker discuss the evidentiary value of mobile forensics, its limitations, and how cybersecurity can ensure the processes, procedures, and controls necessary to protect mobile devices and organizational data. This helps companies and attorneys to be better prepared for investigations and associated legal implications of mobile use in the enterprise.
Cyber Resilency VANCOUVER, BC Nov 2017
Resiliency: Defense Lessons learned from WannaCry, Petya, Equifax, etc. Delivered at the Vancouver Security Special Interest Group.
Cyber Threats
The document discusses cyber threats and security. It outlines various threat actors like cyber criminals, terrorist groups, and state-sponsored hackers. It then covers challenges to cybersecurity like policies, resources, and awareness. Specific threats are discussed such as phishing, malware, cryptojacking, and denial of service attacks. Digital forensics concepts are introduced like using forensics to understand events, maintaining a chain of custody of evidence, and collecting evidence. The Equifax data breach is presented as a case study, outlining the vulnerability exploited, timeline of the attack, and lessons learned. Careers in cybersecurity like threat analyst, security consultant, and digital forensics are also mentioned.
Netwatcher Credit Union Tech Talk
Credit Union Tech Talk asked us to lead a webinar on cyber trends, managed detection and response and where NetWatcher fits
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...NetworkCollaborators
This document discusses cybersecurity challenges in Southeast Asia and outlines Cisco's approach to addressing these challenges. It notes that ASEAN countries face rising cyber threats but have low policy preparedness. The cybersecurity landscape is complex and fragmented. Cisco's strategy involves integrating security across networks, endpoints, cloud, and other domains. It aims to provide visibility, detection, prevention and response capabilities through technologies, training programs, and collaborations.Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Description : Organizations have spent massive amounts of money to protect the perimeter of their networks, but if your business exists on the internet, there really is no perimeter. In this presentation, we'll discuss Digital Footprints in understanding your company’s external attack surface. We will discuss social, mobile, web attacks and analyze and review lessons learned recently publicized attacks (Polish banking institutions, Apache Struts Vulnerability or WannaCry ransomware. The speed of business and cybercrime isn't slowing down, so how can you be prepared to address and defend against these types of threats? Attend our session to find out how.
Reducing Your Digital Attack Surface and Mitigating External Threats - What, Why, How:
What is a Digital Footprint?
Breakdown of External Threats (Social, Mobile, Web)
What are blended attacks?
What is actually being targeting at your company?
How are your brands, customers, and employees being attack outside of your company?
How to become proactive in threat monitoring on the internet?
Considerations in External Threat solutions
Threat correspondence tracking considerations
Is legal cease and desist letters adequate in stopping attacks?
Examination of a phishing attack campaign
How phishing kits work
Analysis and lesson learned from recent published attacks
What are the most important capability in a digital risk monitoring solution?
The 4horsemen of ics secapocalypse
What are the myths & legends around securing Industrial Controlled Systems? In a short presentation some of the day to day experiences are explained around problems/risks, fairy-tales around securing ICS. After reading the presentation will lead to start doing some homework....
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and cyber threats: A glimpse of cybersecurity's opponent. Presented by Eric Vanderburg and the CBLA on October 25, 2017.
Ethical hacking
The document discusses ethical hacking and provides an overview of hacking techniques. It defines ethical hacking as offering objective security analysis for organizations through penetration testing. The objectives are to analyze an organization's security posture and provide an actionable report with recommendations. As technology evolves, ethical hackers must improve techniques and tools to ensure security. The document outlines hacking processes like footprinting, scanning, gaining access, and maintaining access. It also discusses hacker types, required skills, attacks, protections, and response after a hack.
Adapted from an ESG report - Outnumbered, Outgunned.
The document discusses how Proofpoint helps security teams address skills shortages through advanced threat protection products. It notes that threats are evolving across multiple vectors while security skills are hard to find. Proofpoint provides threat intelligence and tools to help security teams block attacks, detect threats, and respond to breaches without requiring expert skills. Through products like Targeted Attack Protection and the Nexus Threat Graph, Proofpoint aggregates data to identify attackers and campaigns in order to help security teams prioritize and resolve risks.
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...DATA SECURITY SOLUTIONS
The document discusses the OSSTMM (Open Source Security Testing Methodology Manual) from ISECOM (Institute for SECurity and Open Methodologies). It provides an overview of ISECOM and its mission to provide practical security knowledge. The OSSTMM is ISECOM's flagship project, having over 8 million downloads worldwide. It is a free and open-source methodology for performing security tests across different domains like physical security, information security, wireless security, and more. The document outlines the history and development of the OSSTMM, how it works, and its modular approach across different operating areas.Modernizing Your SOC: A CISO-led Training
Today's threats demand a more active role in detecting and isolating sophisticated attacks. This must-see presentation provides practical guidance on modernizing your SOC and building out an effective threat hunting program. Ed Amoroso and David Bianco discuss best practices for developing and staffing a modern SOC, including the essential shifts in how to think about threat detection.
Watch the presentation with audio here: http://info.sqrrl.com/webinar-modernizing-your-security-operations
Security in the age of open source - Myths and misperceptions
As delivered at Interop ITX 2017.
The security of open source software is a function of the security of its components. For most applications, open source technologies are at their core, but security related issues may not be disclosed directly against the application because its use of the open-source component is hidden. In this talk, I explored how information flow benefits attackers, but how awareness can help defenders. I presented key attributes any vulnerability solution should have - including deep understanding of how open source development works and being DevOps aware.
Cisco Connect 2018 Philippines - security keynote
The document discusses the challenges facing cybersecurity in Southeast Asia. It notes a rising risk of cyber attacks in the region due to increasing digital connectivity and interdependence between countries. Cyber defenses are often porous due to limited intelligence sharing and underinvestment. The cybersecurity industry in Southeast Asia is fragmented with many small players and a lack of holistic providers. The document calls for sustained regional commitment to cybersecurity and building cybersecurity capabilities to strengthen the ecosystem.
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Timothy Opsitnick and Eric Vanderburg of TCDI presented at the Risk Management Society's 2017 Northeast Ohio Regional Conference on Cybersecurity incident response strategies and tactics.
Don’t WannaCry? Here’s How to Stop Those Ransomware Blues
This document discusses the WannaCry ransomware attack of May 2017. It provides an overview of how WannaCry worked, including that it infected over 300,000 Windows machines worldwide by encrypting their contents until a ransom was paid in bitcoin. It spread using vulnerabilities in Microsoft SMB and EternalBlue/DoublePulsar exploits. The document advocates for securing networks and applications to manage risks from these types of attacks and focuses on quality and security practices across the software development lifecycle.
Verisign iDefense Security Intelligence Services
VeriSign iDefense provides security intelligence services including vulnerability research, malware analysis, and threat reports. They have a global team of analysts that track threats from public and private sources. Their services help customers proactively respond to security incidents and prioritize patching. Customers gain advanced warning of vulnerabilities and actionable intelligence to manage security risks.
VeriSign iDefense Security Intelligence Services
Visão geral sobre a solução iDefense da VeriSign de resposta a incidentes em tempo real, remediação de fraudes on-line, gerenciamento de riscos, conhecimentos dos impactos globais das ameaças, proteção proativa, entre outros benefícios.
Similar to Modern Security the way Equifax Should Have (20)
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Adapted from an ESG report - Outnumbered, Outgunned.
Adapted from an ESG report - Outnumbered, Outgunned.
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Proactive security: The Opensource Security Testing Methodology Manual (OSSTM...
Security in the age of open source - Myths and misperceptions
Security in the age of open source - Myths and misperceptions
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Don’t WannaCry? Here’s How to Stop Those Ransomware Blues
Don’t WannaCry? Here’s How to Stop Those Ransomware Blues
More from Eric Vanderburg
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy, and Cybersecurity presented by Eric Vanderburg and Stephanie Gruber at the MIT Chief Data Officer Information Quality Symposium on July 20, 2018.
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
The document discusses security challenges with the Internet of Things (IoT). It notes that while IoT usage is growing, security has not kept pace, leaving many devices vulnerable to attacks. Common threats discussed are distributed denial of service attacks using compromised IoT devices, ransomware targeting IoT, surveillance through insecure cameras and assistants, backdoors in device firmware, data breaches exposing private information, and botnets of hijacked IoT devices used to launch attacks. The document advocates for securing IoT through built-in security practices, segmentation, access control, patching, and disabling unused functions.
Ransomware: 2016's Greatest Malware Threat
Ransomware has troubled many individuals and companies and it has been called the greatest malware threat of 2016. Learn how it works and how to protect yourself.
Emerging Technologies: Japan’s Position
This document discusses Japan's position regarding emerging technologies such as information technology, the human genome project, and nanotechnology. It notes that while Japan was an early leader in concepts like a fiber optic network and human genome mapping, it failed to maintain leads in these areas due to lack of sustained governmental support and inconsistent funding. Currently, Japan is a top investor in nanotechnology but has fewer startups than the US; maintaining leadership will depend on supporting infrastructure and applying its materials expertise to drive more products to market.
Principles of technology management
This document discusses principles of technology management. It defines technology management as leveraging technology components to maximize economic gains by managing challenges posed by emerging technologies from research to commercialization. It notes competitiveness is key. It also discusses methods of acquiring technology, such as internal R&D, technological learning, and alliances. Factors that determine international competitiveness include a country's technology trajectory, barriers to entry, pace of innovation, macroeconomic environment, and Porter's Diamond model relating to firm strategy, demand conditions, supporting industries, and factor conditions.
Japanese railway technology
Japanese railway technology dates back to the Meiji Era when Japan sought foreign technology from Britain and Germany. A key milestone was the 1964 development of the Tokaido Shinkansen, which became the fastest train in the world at 200km/h and helped transform Japan's railway system. Before the Shinkansen, 60 trains carried 60,000 passengers daily between Tokyo and Osaka, but now 285 trains carry 360,000 passengers daily with significant time savings and economic benefits. The Shinkansen system prioritizes speed, safety, reliability, and large transport capacity through features like elevated tracks, automated stopping controls, and rigorous maintenance practices.
Evaluating japanese technological competitiveness
This document analyzes Japan's technological competitiveness. It finds that while Japan faces economic challenges, it remains competitive in niche markets and product innovation. Japan spends a high percentage of its GDP on research and development, focusing on applied research and incremental improvements. This approach, along with strong industrial clusters and a commitment to quality, has allowed Japan to capture significant global market shares in various niche technology areas.
Japanese current and future technology management challenges
This document discusses Japan's current and future technology management challenges across various sectors. It outlines Japan's large-scale projects and research in areas like nuclear energy, space development, aviation, marine development, life sciences, and computer sciences. While Japan has had some successes, it also faces ongoing challenges with safety, cost, and developing breakthrough technologies to solve major problems. The document concludes by noting that Japan has established public and private business incubators, but the results have not been very encouraging so far.
Technology management in Japan: Robotics
This document provides an overview of robotics management in Japan. It discusses the history of robots beginning with Isaac Asimov coining the term "robotics" in 1942 and establishing three laws of robotics. Japan became a leader in robotics through manga influences and the growth of its robot industry in the 1970s. Today, Japan produces and uses more industrial robots than any other country, with major robotics firms like Sony, Honda, and Toyota. The document outlines various uses for robots and recent innovations from Japanese researchers. It predicts continued growth in markets like domestic robots and notes Japan's strategies to maintain leadership through constant innovation.
Incident response table top exercises
An unauthorized individual accessed private confidential data on an FTP server, triggering an incident response. The response team needed to determine how the data was accessed, scope the incident, and identify impacted stakeholders. They then took steps to contain the incident by blocking IP addresses, shutting down the FTP server, changing credentials, and moving servers. The team also restored data from backups and requested clients resend information. Post-incident activities included meetings with management and IT to prevent future occurrences through measures like shortening timeouts, adding alerts and encryption, and restricting FTP server access.
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Malware is an ailment many companies suffer from but the prescription for protection is simpler than you think. In this presentation, Vanderburg and Salamakha apply the five rights for avoiding drug errors to the malware problem at the Advanced Persistent Threats Summit.
1) Right client – Authentication
2) Right route – Gaps and strategies
3) Right drug – Security controls
4) Right dose – Security/business balance
5) Right time – Staying up to date.
Stay healthy, stay safe.
Cloud Storage and Security: Solving Compliance Challenges
This document discusses challenges and best practices for cloud storage and security. It begins by introducing the panelists and outlining the topics to be discussed, which include realities and pain points of cloud storage, how and where cloud security could be compromised, navigating legal and regulatory compliance, and recommendations for deploying the right cloud storage strategy. Key points made include that sensitive data is often stored in the cloud without visibility, cloud breaches and unauthorized access are concerns, and regulations like GDPR and ISO 27001 provide security standards to consider. The document emphasizes knowing cloud vendors, evaluating costs and benefits, and establishing secure data management practices throughout the data lifecycle.
Hacktivism: Motivations, Tactics and Threats
This document summarizes a presentation on hacktivism given by Eric Vanderburg. It defines hacktivism as hacking to promote a political, religious, or social ideology. It discusses how technology and anonymity on the internet have enabled hacktivist groups like Anonymous and LulzSec to conduct cyberattacks. Common hacktivist tactics discussed include DDoS attacks, website defacement, negative SEO, doxxing, and information disclosure. The document advises organizations to assess their culture and risks from hacktivism through background checks, social engineering tests, and limiting social media use.
Correct the most common web development security mistakes - Eric Vanderburg
The document discusses common web development security mistakes and how to correct them. It covers security misconfiguration, unrestricted URL access, unvalidated redirects and forwards, direct object references, insecure storage of sensitive data, and insufficient transport layer protection. Mistakes in these areas can allow attackers to access unauthorized data and functionality. The document provides techniques to protect against these risks, such as verifying system configurations, restricting access by URL and role, validating redirect targets, encrypting sensitive data storage and transmissions, and more.
Deconstructing website attacks - Eric Vanderburg
The document discusses various types of website attacks such as injection attacks, cross-site scripting, session management attacks, and object reference attacks. It provides details on the nature of each attack, their potential impacts, and techniques for protecting against them. Some key points are that the average breach costs $214 per record and $7.2 million per incident, while the US is increasing cybersecurity funding by 35% to $548 million. Injection attacks can allow access to entire databases or operating systems if not properly protected against with input validation and encoding. Cross-site scripting can steal user data or install malware if raw user input is reflected in outputs. The document recommends output encoding and validating all user input to prevent attacks.
Countering malware threats - Eric Vanderburg
Malware is a significant threat as it provides a way for an attacker to use your machine for nefarious means or take data from you and those connected to you. Learn how to combat this threat and protect yourself.
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom was presented at the Information Security Summit in 2014 by Dr. Eric Vanderburg and Ramana Gaddamanugu.
Untangled Conference - November 8, 2014 - Security Awareness
Security awareness for church employees. This presentation was given at the Untangled Conference on November 8, 2014.
http://getuntangled.org/
Physical security primer - JURINNOV - Eric Vanderburg
This document provides an overview of physical security strategies and controls. It discusses four key strategies: territoriality, natural surveillance, activity support, and access control. Various physical security controls are described, including locks, biometrics, lighting, alarms, closed-circuit television, fences, barriers, patrols, and interior safeguards. The goals of a physical security system are to provide the necessary level of protection through balancing security needs with operational and aesthetic concerns.
Security Governance Primer - Eric Vanderburg - JURINNOV
The document outlines the security policy cycle which includes identifying risks through asset inventory, threat analysis, and vulnerability assessment. This information is used to design a security policy to mitigate risks. The policy should include acceptable use, passwords, privacy, disposal, and incident response. Compliance monitoring evaluates the policy effectiveness and drives updates when attacks occur.
More from Eric Vanderburg (20)
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
Japanese current and future technology management challenges
Japanese current and future technology management challenges
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
Correct the most common web development security mistakes - Eric Vanderburg
Correct the most common web development security mistakes - Eric Vanderburg
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Preventing Fraud from Top to Bottom - Vanderburg, Gaddamanugu - Information S...
Untangled Conference - November 8, 2014 - Security Awareness
Untangled Conference - November 8, 2014 - Security Awareness
Physical security primer - JURINNOV - Eric Vanderburg
Physical security primer - JURINNOV - Eric Vanderburg
Security Governance Primer - Eric Vanderburg - JURINNOV
Security Governance Primer - Eric Vanderburg - JURINNOV
Recently uploaded
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
ここ3000字までしか入らないけどタイトルの方がたくさん文字入ると思います。
Climate Impact of Software Testing at Nordic Testing Days
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications.
UiPath Test Automation using UiPath Test Suite series, part 6
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Building RAG with self-deployed Milvus vector database and Snowpark Container...
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
20240609 QFM020 Irresponsible AI Reading List May 2024
Everything I found interesting about the irresponsible use of machine intelligence in May 2024
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Recently uploaded (20)
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Modern Security the way Equifax Should Have
- 1. © 2017 Technology Concepts & Design, Inc. All Rights Reserved. Managing Security The Way Equifax Should Have ERIC VANDERBURG VICE PRESIDENT, CYBERSECURITY TCDI November 7, 2017
- 2. © 2017 Technology Concepts & Design, Inc. All Rights Reserved. Over 40 certifications Published author Licensed private investigator Expert witness and thought leader 18 years in cybersecurity Specializations include: Risk management Governance and compliance Security strategy ERIC VANDERBURG VICE PRESIDENT, CYBERSECURITY
- 3. © 2017 Technology Concepts & Design, Inc. All Rights Reserved. Equifax Apache Struts patch released and team told to apply it within 48 hours Scans didn’t detect the vulnerability Vulnerability is exploited Equifax spots suspicious activity Equifax notifies public 145 million people exposed March 8 March 15 May 13 June 29 September 7
- 4. © 2017 Technology Concepts & Design, Inc. All Rights Reserved. One massive problem One individual One scanner One process Diverse scanners Team + Automation Redundant processes Auditing Equifax
- 5. © 2017 Technology Concepts & Design, Inc. All Rights Reserved. Technology Boosts and Burdens Boost Burden Machine Learning Better analytics and attack insight Better attacks Encryption Data unavailable to attackers Data unavailable to users Cloud Empowerment Entitlement Open Source Peer review and diversity of thought in development Persistent vulnerabilities from abandoned features
- 6. © 2017 Technology Concepts & Design, Inc. All Rights Reserved.
- 7. © 2017 Technology Concepts & Design, Inc. All Rights Reserved. DevOps Creates more effective teams Security early in the development cycle Optimizes with workflow automation Continually test (QA and Security) ◦Code analysis tools ◦Automated attacks and scans DevOps accelerates security Quality Assurance Information Technology Development Information Security
- 8. © 2017 Technology Concepts & Design, Inc. All Rights Reserved. Cybersecurity Concerns
- 9. © 2017 Technology Concepts & Design, Inc. All Rights Reserved. Cybersecurity Advances
- 10. © 2017 Technology Concepts & Design, Inc. All Rights Reserved. Balance Preventative Reactive
- 11. © 2017 Technology Concepts & Design, Inc. All Rights Reserved. Questions? @evanderburg 216-664-1100