This document discusses how threat actors are increasingly using cloud services as an attack vector. It provides examples of malware campaigns that have used cloud services for hosting payloads, command and control, and spreading malware. Specifically, it outlines campaigns that have used Amazon S3, Dropbox, Google Drive and other cloud platforms at various stages of the attack lifecycle. The document recommends that organizations inspect cloud traffic, block unnecessary cloud services, and block unsanctioned instances of needed services to better protect their cloud security posture.
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top five CASB use cases that have the highest impact on cloud-consuming enterprises.
5 Highest-Impact CASB Use Cases - Office 365Netskope
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top Office 365-specific five CASB use cases that have the highest impact on cloud-consuming enterprises.
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
Security teams are constantly keeping up with complex attacks leveraging the cloud, but traditional security stacks just can’t keep pace with malicious actors or insiders. In the session, we’ll explore Gartner’s new SASE framework and how organizations can utilize Zero Trust, visibility into cloud-based traffic and cloud threat protection to build a modernized cloud-first stack.
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
At Cloudflare, we want to share our unique position — with more than 14 million domains interacting with 175 data centres worldwide, we can draw unparalleled insights into attack trends and what these attacks look like.
Join this webinar and learn:
- Three factors that we see are leading customers to a growing exposure to security threats
- The business impact and potential costs of security threats
- Threat mitigation strategies against volumetric layer 3/4 attacks, intelligent Layer 7 attacks, and bots
Application layer attack trends through the lens of Cloudflare dataCloudflare
The past few months have seen significant changes in how attackers target the application layer—through injection attacks, malicious bots, DDoS, API vulnerability exploits, and more. We can observe these changes by analyzing traffic from Cloudflare’s global network, which blocks an average of 45 billion threats per day for over 27 million Internet properties.
Watch this webinar to explore data on:
Which attack vectors have become more and less common
How those changes vary by region and industry
The business and societal trends behind these attacks
Strategies for addressing these latest attack tactics
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top five CASB use cases that have the highest impact on cloud-consuming enterprises.
5 Highest-Impact CASB Use Cases - Office 365Netskope
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top Office 365-specific five CASB use cases that have the highest impact on cloud-consuming enterprises.
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
Security teams are constantly keeping up with complex attacks leveraging the cloud, but traditional security stacks just can’t keep pace with malicious actors or insiders. In the session, we’ll explore Gartner’s new SASE framework and how organizations can utilize Zero Trust, visibility into cloud-based traffic and cloud threat protection to build a modernized cloud-first stack.
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
At Cloudflare, we want to share our unique position — with more than 14 million domains interacting with 175 data centres worldwide, we can draw unparalleled insights into attack trends and what these attacks look like.
Join this webinar and learn:
- Three factors that we see are leading customers to a growing exposure to security threats
- The business impact and potential costs of security threats
- Threat mitigation strategies against volumetric layer 3/4 attacks, intelligent Layer 7 attacks, and bots
Application layer attack trends through the lens of Cloudflare dataCloudflare
The past few months have seen significant changes in how attackers target the application layer—through injection attacks, malicious bots, DDoS, API vulnerability exploits, and more. We can observe these changes by analyzing traffic from Cloudflare’s global network, which blocks an average of 45 billion threats per day for over 27 million Internet properties.
Watch this webinar to explore data on:
Which attack vectors have become more and less common
How those changes vary by region and industry
The business and societal trends behind these attacks
Strategies for addressing these latest attack tactics
Zero trust for everybody: 3 ways to get there fastCloudflare
The COVID-19 pandemic has exposed the weaknesses of the traditional ‘castle-and-moat’ security model. Remote work has expanded attack surfaces infinitely outwards, and more than ever, organizations need to start from the assumption that their ‘castle’ is already compromised. Zero Trust has emerged as a compelling security framework to address the failures of existing perimeter-based security approaches. It’s aspirational, but not unachievable.
At Cloudflare, we’re making complicated security challenges easier to solve. Since 2018, Cloudflare Access has helped thousands of organizations big and small take their first steps toward Zero Trust.
In this presentation, Cloudflare will share their perspective on what the most successful organizations do first on their journey to Zero Trust.
We’ll cover:
-The Zero Trust framework, and our recommended ZT security model
-How 3 organizations of differing size and security maturity have implemented Zero Trust access
-Cloudflare’s Zero Trust implementation and lessons learned
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...Cloudflare
Join this webinar to learn how Paul Hartmann, a leading manufacturer of medical and healthcare products, leverages Cloudflare to strengthen its security posture and deliver a superior online experience to its customers
Bring speed and security to the intranet with cloudflare for teamsCloudflare
Cloudflare was started to solve one half of every IT organization's challenge: how do you ensure the resources and infrastructure that you expose to the Internet are safe from attack, fast, and reliable? To deliver that, we built one of the world's largest networks. Today our network spans more than 200 cities worldwide and is within milliseconds of nearly everyone connected to the Intranet.
Cloudflare for Teams is a new platform designed to solve the other half of every IT organization's challenge: ensuring the people and teams within an organization can safely access the tools they need to do their job. Now you can extend Cloudflare’s speed, reliability and protection to everything your team does on the Intranet.
In this webinar, you’ll learn:
- Common challenges of scaling security for your growing business
- How to extend Zero Trust security principles to your internally managed applications
- How to make Intranet access faster and safer for your employees
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
90% of cloud apps in the enterprise are being used without IT’s knowledge. Whether brought in by individuals or lines of business, there’s an average of 508 apps per enterprise and more than 5,000 in the world from which people can choose. Where things get even more interesting is when cloud and mobile combine and the opportunity for data loss and breaches multiply.
These slides are from a webinar where leading identity management, cloud security, and fraud management expert Andras Cser from Forrester and Netskope’s Sr. Director of Product Marketing Bob Gilbert talk about the importance of understanding which employees are using which cloud apps and from where they’re accessing them.
View the on-demand webinar here:
http://www.netskope.com/webinars/securing-cloud-users-left-devices/
CASB — Your new best friend for safe cloud adoption?
The explosive growth of cloud adoption, “cloud first” initiatives and BYOD have created security and compliance blind spots.
Forcepoint’s session examines the growing popularity of the Cloud Access Security Broker as a means to assist security leaders to support business innovation and manage cloud risk.
Network Transformation: What it is, and how it’s helping companies stay secur...Cloudflare
Rahul Deshmukh, Product Marketing at Cloudflare, & Varun Mehta, Solutions Engineer at Cloudflare, discuss how several companies have approached network transformation to improve the security, performance, and reliability of their infrastructure
Unveiling the most influential cloud security insights from the latest CSA and AlgoSec research. Hear what thousands of global cloud security experts are saying about their cloud and hybrid network infrastructure, responsibilities, security incidents, common pitfalls and vulnerability and risk management in the cloud.
Join John Yeoh, Global Vice President of Research from the Cloud Security Alliance (CSA) and Omer Ganot from AlgoSec to find out:
What companies are doing in the cloud
Top security concerns and challenges faced by survey research respondents
Who is ACTUALLY responsible for managing security in the cloud
How organizations are managing risk and vulnerabilities
The REAL contributors to network incidents in the cloud
A Different Approach to Securing Your Cloud JourneyCloudflare
Whether you are just exploring moving workloads to the cloud, or are fully cloud-enabled, one thing is certain: security has changed from a purely on-premise environment.
As cybersecurity risks continue to grow with more advanced attackers and more digital surface area, how you think about staying secure without compromising user experience must adapt.
During this talk, you will:
- Hear how global consistency, agile controls, and predictable costs are goals and principles that matter in this new environment
- Be able to evaluate your current plans against a "customer security model"
Strengthening security posture for modern-age SaaS providersCloudflare
Businesses become more resilient in times of crises. This is especially true for SaaS businesses that are facing unprecedented challenges in this environment. While some are catering to a surge in traffic, others are figuring out innovative solutions to retain their customers. In addition, increasing malicious attacks are straining the resources of these SaaS businesses.
Now more than ever, it is important for SaaS providers to deliver an uninterrupted experience. One that is fast, secure, and reliable to their customers in a cost effective manner.
Join this webcast to learn more about how ActiveCampaign leverages Cloudflare to deliver meaningful services to their end users.
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
Join this webinar to learn about:
- Growing threat landscape
- Challenges to a successful security strategy
- Business impact of attacks
- Securing web applications from attacks
The advancement in deep and machine learning, natural language understanding, and big data processing are paving the way for the rise in AI-powered bots, that are faster, getting better at understanding human interaction and can even mimic human behavior.
Cyber criminals are harnessing the latest tools available, and constantly changing their techniques to make their attacks more effective, faster and adaptable to safeguards.
Join this webinar to learn about:
- What type of workloads prone to bot attacks
- Which industries heavily affected by Bot attacks
- Learn about Cloudflare's Machine Learning and Behavioral Analysis driven approach to solving Bot menace.
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
Until recently, major public cloud providers have offered relatively basic toolsets for identifying suspicious activity occurring inside customer accounts that may indicate a compromise. Some organizations have invested significant resources to build their own tools or have leveraged industry vendor offerings to provide this visibility. The reality is, that barrier has meant that a large number of organizations haven't dedicated those resources to this problem and therefore operate without sufficient detection and response capabilities that monitor their cloud accounts for compromise.
Amazon Web Services, Google Cloud Platform, and Microsoft Azure have recently launched a new set of native platform threat and anomalous behavior detection services to help their customers better identify and respond to certain issues and activities occurring inside their cloud accounts. From detecting crypto-currency mining to identifying bot-infected systems to alerting on suspicious cloud credential usage to triggering on cloud-specific methods of data exfiltration, these new services aim to make these kinds of detections much easier and simpler to centrally manage.
But what new and unique insights do they offer? What configuration is required to achieve the full benefits of these detections? What types of activities are not yet covered? What attack methods and techniques can avoid detection by these systems and still be successful? What practical guidelines can be followed to make the best use of these services in an organization?
Follow along as we attempt to answer these questions using practical demonstrations that highlight the real threats facing cloud account owners and how the new threat detection capabilities perform in reducing the risks of operating workloads in the public cloud.
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler
The occurrence of SSL-based threats are continuing to rise. Hackers are getting more and more creative in how they deliver threats, which creates new inspection challenges. Attend this webcast to discuss the latest attack trends, and best practices you can employ within your Zscaler installation to bolster your security.
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCCloudflare
Join this webinar with guest speaker Romain Fouchereau, Manager of the Security Appliance Program, European Systems and Infrastructure Solutions at IDC and Cloudflare, recently named a Leader in the IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Vendor Assessment (Doc #US43699318, March 2019).
In this webinar, you will learn:
- Why defending against only volumetric layer 3 and 4 attacks will leave you vulnerable to other emerging DDoS attack vectors
- What economic and technological shifts are making DDoS more harmful and more evasive
- Why bot management should be considered in every DDoS mitigation strategy
- Which types of companies in EMEA are highly targeted and why
#ALSummit: Architecting Security into your AWS EnvironmentAlert Logic
Ryan Holland (Cloud Platform Solutions Director, Alert Logic)'s presentation on securing your AWS environment at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
No company is safe from a Ransomware attack (malicious forms of software programmed to steal company data and hold it for "ransom"). However, technology has allowed us to mitigate these attacks by implementing proper recovery systems that can ensure that cyber criminals will never see a dime from your business.
Zero trust for everybody: 3 ways to get there fastCloudflare
The COVID-19 pandemic has exposed the weaknesses of the traditional ‘castle-and-moat’ security model. Remote work has expanded attack surfaces infinitely outwards, and more than ever, organizations need to start from the assumption that their ‘castle’ is already compromised. Zero Trust has emerged as a compelling security framework to address the failures of existing perimeter-based security approaches. It’s aspirational, but not unachievable.
At Cloudflare, we’re making complicated security challenges easier to solve. Since 2018, Cloudflare Access has helped thousands of organizations big and small take their first steps toward Zero Trust.
In this presentation, Cloudflare will share their perspective on what the most successful organizations do first on their journey to Zero Trust.
We’ll cover:
-The Zero Trust framework, and our recommended ZT security model
-How 3 organizations of differing size and security maturity have implemented Zero Trust access
-Cloudflare’s Zero Trust implementation and lessons learned
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...Cloudflare
Join this webinar to learn how Paul Hartmann, a leading manufacturer of medical and healthcare products, leverages Cloudflare to strengthen its security posture and deliver a superior online experience to its customers
Bring speed and security to the intranet with cloudflare for teamsCloudflare
Cloudflare was started to solve one half of every IT organization's challenge: how do you ensure the resources and infrastructure that you expose to the Internet are safe from attack, fast, and reliable? To deliver that, we built one of the world's largest networks. Today our network spans more than 200 cities worldwide and is within milliseconds of nearly everyone connected to the Intranet.
Cloudflare for Teams is a new platform designed to solve the other half of every IT organization's challenge: ensuring the people and teams within an organization can safely access the tools they need to do their job. Now you can extend Cloudflare’s speed, reliability and protection to everything your team does on the Intranet.
In this webinar, you’ll learn:
- Common challenges of scaling security for your growing business
- How to extend Zero Trust security principles to your internally managed applications
- How to make Intranet access faster and safer for your employees
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
90% of cloud apps in the enterprise are being used without IT’s knowledge. Whether brought in by individuals or lines of business, there’s an average of 508 apps per enterprise and more than 5,000 in the world from which people can choose. Where things get even more interesting is when cloud and mobile combine and the opportunity for data loss and breaches multiply.
These slides are from a webinar where leading identity management, cloud security, and fraud management expert Andras Cser from Forrester and Netskope’s Sr. Director of Product Marketing Bob Gilbert talk about the importance of understanding which employees are using which cloud apps and from where they’re accessing them.
View the on-demand webinar here:
http://www.netskope.com/webinars/securing-cloud-users-left-devices/
CASB — Your new best friend for safe cloud adoption?
The explosive growth of cloud adoption, “cloud first” initiatives and BYOD have created security and compliance blind spots.
Forcepoint’s session examines the growing popularity of the Cloud Access Security Broker as a means to assist security leaders to support business innovation and manage cloud risk.
Network Transformation: What it is, and how it’s helping companies stay secur...Cloudflare
Rahul Deshmukh, Product Marketing at Cloudflare, & Varun Mehta, Solutions Engineer at Cloudflare, discuss how several companies have approached network transformation to improve the security, performance, and reliability of their infrastructure
Unveiling the most influential cloud security insights from the latest CSA and AlgoSec research. Hear what thousands of global cloud security experts are saying about their cloud and hybrid network infrastructure, responsibilities, security incidents, common pitfalls and vulnerability and risk management in the cloud.
Join John Yeoh, Global Vice President of Research from the Cloud Security Alliance (CSA) and Omer Ganot from AlgoSec to find out:
What companies are doing in the cloud
Top security concerns and challenges faced by survey research respondents
Who is ACTUALLY responsible for managing security in the cloud
How organizations are managing risk and vulnerabilities
The REAL contributors to network incidents in the cloud
A Different Approach to Securing Your Cloud JourneyCloudflare
Whether you are just exploring moving workloads to the cloud, or are fully cloud-enabled, one thing is certain: security has changed from a purely on-premise environment.
As cybersecurity risks continue to grow with more advanced attackers and more digital surface area, how you think about staying secure without compromising user experience must adapt.
During this talk, you will:
- Hear how global consistency, agile controls, and predictable costs are goals and principles that matter in this new environment
- Be able to evaluate your current plans against a "customer security model"
Strengthening security posture for modern-age SaaS providersCloudflare
Businesses become more resilient in times of crises. This is especially true for SaaS businesses that are facing unprecedented challenges in this environment. While some are catering to a surge in traffic, others are figuring out innovative solutions to retain their customers. In addition, increasing malicious attacks are straining the resources of these SaaS businesses.
Now more than ever, it is important for SaaS providers to deliver an uninterrupted experience. One that is fast, secure, and reliable to their customers in a cost effective manner.
Join this webcast to learn more about how ActiveCampaign leverages Cloudflare to deliver meaningful services to their end users.
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
Join this webinar to learn about:
- Growing threat landscape
- Challenges to a successful security strategy
- Business impact of attacks
- Securing web applications from attacks
The advancement in deep and machine learning, natural language understanding, and big data processing are paving the way for the rise in AI-powered bots, that are faster, getting better at understanding human interaction and can even mimic human behavior.
Cyber criminals are harnessing the latest tools available, and constantly changing their techniques to make their attacks more effective, faster and adaptable to safeguards.
Join this webinar to learn about:
- What type of workloads prone to bot attacks
- Which industries heavily affected by Bot attacks
- Learn about Cloudflare's Machine Learning and Behavioral Analysis driven approach to solving Bot menace.
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
Until recently, major public cloud providers have offered relatively basic toolsets for identifying suspicious activity occurring inside customer accounts that may indicate a compromise. Some organizations have invested significant resources to build their own tools or have leveraged industry vendor offerings to provide this visibility. The reality is, that barrier has meant that a large number of organizations haven't dedicated those resources to this problem and therefore operate without sufficient detection and response capabilities that monitor their cloud accounts for compromise.
Amazon Web Services, Google Cloud Platform, and Microsoft Azure have recently launched a new set of native platform threat and anomalous behavior detection services to help their customers better identify and respond to certain issues and activities occurring inside their cloud accounts. From detecting crypto-currency mining to identifying bot-infected systems to alerting on suspicious cloud credential usage to triggering on cloud-specific methods of data exfiltration, these new services aim to make these kinds of detections much easier and simpler to centrally manage.
But what new and unique insights do they offer? What configuration is required to achieve the full benefits of these detections? What types of activities are not yet covered? What attack methods and techniques can avoid detection by these systems and still be successful? What practical guidelines can be followed to make the best use of these services in an organization?
Follow along as we attempt to answer these questions using practical demonstrations that highlight the real threats facing cloud account owners and how the new threat detection capabilities perform in reducing the risks of operating workloads in the public cloud.
Zscaler ThreatLabz dissects the latest SSL security attacksZscaler
The occurrence of SSL-based threats are continuing to rise. Hackers are getting more and more creative in how they deliver threats, which creates new inspection challenges. Attend this webcast to discuss the latest attack trends, and best practices you can employ within your Zscaler installation to bolster your security.
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCCloudflare
Join this webinar with guest speaker Romain Fouchereau, Manager of the Security Appliance Program, European Systems and Infrastructure Solutions at IDC and Cloudflare, recently named a Leader in the IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Vendor Assessment (Doc #US43699318, March 2019).
In this webinar, you will learn:
- Why defending against only volumetric layer 3 and 4 attacks will leave you vulnerable to other emerging DDoS attack vectors
- What economic and technological shifts are making DDoS more harmful and more evasive
- Why bot management should be considered in every DDoS mitigation strategy
- Which types of companies in EMEA are highly targeted and why
#ALSummit: Architecting Security into your AWS EnvironmentAlert Logic
Ryan Holland (Cloud Platform Solutions Director, Alert Logic)'s presentation on securing your AWS environment at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
No company is safe from a Ransomware attack (malicious forms of software programmed to steal company data and hold it for "ransom"). However, technology has allowed us to mitigate these attacks by implementing proper recovery systems that can ensure that cyber criminals will never see a dime from your business.
Here Be Dragons: Security Maps of the Container New WorldC4Media
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1KjxPiO.
Josh Bregman explores some of the unique security challenges created by both the development workflow and application runtime, explains why and how the current approaches in SecDevOps 1.0 are insufficient, and how SecDevOps 2.0 techniques including Software Defined Firewalls (SDF) provide a promising path forward for all parties involved. Filmed at qconnewyork.com.
Josh Bregman is Information Security Architect and Executive Vice President for Technical Sales at Conjur Inc.
Inaugural Edition of Weekly Symantec Cyber Security topics and events. This weeks is primarily focused on Cloud Security and 3 Organizations transforming the world as we know it
Inaugural Edition of FullDay Faeder on Fridays Weekly Symantec Cyber Security topics and events. This weeks is primarily focused on Cloud Security and 3 Organizations transforming the world as we know it
ZKorum: Building the Next Generation eAgora powered by SSISSIMeetup
The immense potential unlocked by SSI in content-centric social networks (forums) is largely unaddressed by the recent wave of decentralized social networks. Enter ZKorum - a network of verifiable communities where members create anonymous polls and discussions. In this episode, Nicolas Gimenez, the Co-Founder and CTO of ZKorum, unveils the Alpha version and delves into its architecture, drawing inspiration from SSI, DWeb, and Password Managers.
Speaker 1: Ashwin Vamshi
Speaker 2: Abhinav Singh
Cloud services are built for increased collaboration and productivity, and provide capabilities like auto sync and API level communication. This has led enterprises to exclusively use SaaS, PaaS and IaaS services for storing and sharing critical and confidential data. End users as well as security products tend to place implicit trust in cloud vendors such as Microsoft, AWS, Google, and SaaS app vendors such as Box, Salesforce, DropBox. As a result, cybercriminals have started launching their attacks from these trusted cloud services. This talk will focus on how attackers are abusing these trusted cloud services to create Phishing attacks that are highly effective and hard to detect.
I'm Ian. I do that geek thing.
This is an introductory deck on why an SDL or quality/secure software program is a good idea.
I can be found here:
http://gorrie.org
@gorrie
The Definitive CASB Business Case Kit - PresentationNetskope
As #1 on Gartner’s information security agenda, CASB is a must-have. But is your business case lined up? Get started now with the definitive CASB business case starter kit. The kit includes:
- The Gartner Market Guide to Cloud Access Security Brokers
- A CASB justification letter that you can tailor and deliver to your decision-maker
- A CASB ROI calculator into which you can enter your assumptions, plus a 3-slide companion executive presentation
- A sample Cloud Risk Assessment so you know what to expect when you request this analysis from your CASB
- The Netskope Cloud Report, which contains the latest cloud security benchmarks
- The 15 Most Critical CASB Use Cases eBook, which will help you understand and prioritize your CASB use cases
In this Netskope Cloud Report™, we’ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform™. Report findings are based on usage seen across millions of users in hundreds of accounts globally, and represent usage trends from January 1 through March 31, 2016.
Report highlights:
- Three-quarters of cloud apps in use lack key capabilities to comply with the upcoming European Union General Data Protection Regulation.
- Malware continues its rise in enterprise clouds, with an average of 11.0 percent of enterprises detecting malware in their sanctioned apps.
- 26.2 percent of malware files discovered in sanctioned apps are shared with internal or external users or publicly.
- Enterprises have an average of 777 cloud apps in use, a slight rise from 769 last quarter. The Microsoft Office 365 suite continues to lead the pack in top-used business productivity apps, with Office 365 Outlook.com, OneDrive for Business, SharePoint, Yammer, and Lync in the number 2, 3, 12, 19, and 20 spots, respectively.
- Cloud Storage apps dominate cloud DLP violations, with 73.6 percent of the total.
June 2016 Worldwide Netskope Cloud Report Netskope
In this Netskope Cloud Report™, we’ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform™. Report findings are based on usage seen across millions of users in hundreds of accounts globally, and represent usage trends from January 1 through March 31, 2016.
Report highlights:
- Three-quarters of cloud apps in use lack key capabilities to comply with the upcoming European Union General Data Protection Regulation.
- Malware continues its rise in enterprise clouds, with an average of 11.0 percent of enterprises detecting malware in their sanctioned apps.
- 26.2 percent of malware files discovered in sanctioned apps are shared with internal or external users or publicly.
- Enterprises have an average of 935 cloud apps in use, a slight rise from 917 last quarter. The Microsoft Office 365 suite continues to lead the pack in top-used business productivity apps, with Office 365 Outlook.com, OneDrive for Business, SharePoint, Yammer, and Lync in the number 2, 3, 12, 19, and 20 spots, respectively.
- Cloud Storage apps dominate cloud DLP violations, with 73.6 percent of the total.
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudNetskope
The explosion of useful cloud applications has enabled new levels of productivity, resulting in strategic advantages for some healthcare providers. But cloud app usage is not without risk.
Craig Guinasso, CSO of Genomic Health, is leveraging the power of the cloud, while solving some of today’s most complex security challenges.
Craig, along with Krishna Narayanaswamy, co-founder and chief scientist of Netskope, discuss the top five strategies that healthcare technology and security leaders are adopting to get the most out of the cloud, while protecting patient health data and maintaining their organization’s compliance.
Attendees will learn how to:
- Think about cloud services in relation to business objectives
- Triage Shadow IT and consolidate on the most enterprise-ready cloud services
- Create checks and policies to identify and prevent PHI leaks
- Turn their business stakeholders into security champions
Quantifying Cloud Risk for Your Corporate LeadershipNetskope
The “move to the cloud” has long been considered a key initiative by organizations worldwide. With this move, there’s a level of increased risk that enterprises must address. What’s different is using cloud services requires abdicating some control over how systems and data are being protected. We begin this discussion on this footing.
Join Scott Hogrefe, Sr. Director of Market Data for Netskope, who will lead this discussion about what CISOs need to know about:
- Their cloud risk
- How to quantify it for their corporate leadership and board of directors
- How to convey it in the context of their overall cloud strategy
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Netskope
Let’s face it: When it comes to data loss prevention, we’re not in Kansas anymore. Any and all types of sensitive business data is now stored in the cloud and accessed from personal devices and most of the time, IT doesn’t even know it. This presentation is from a webinar with our guest speaker Forrester VP and Principal Analyst John Kindervag and Netskope VP of Product Management Rajneesh Chopra. In it, they explore the following:
- Trends surrounding cloud and data loss prevention
- How on-premises DLP users have helped shape the design of new, cloud-based solutions
- Key architectural considerations for enterprises who have invested in on-premises DLP
- Pitfalls that every IT security professional should look out for when developing a cloud DLP strategy
In this Netskope Cloud Report infographic, we've compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform.
Fall 2015 Worldwide Netskope Cloud Report Netskope
In this Netskope Cloud Report infographic, we've compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform.
Cloud Security for Dummies Webinar — The Identity EditionNetskope
Join "Cloud Security for Dummies" authors Ravi Ithal and Krishna Narayanaswamy, along with Patrick Harding, CTO from Ping Identity for this special “Identity Edition” of the Cloud Security for Dummies webinar series.
In this panel-style discussion, the experts will compare notes, debate approaches, and share stories from the cloud security and identity and access management front lines. IT security professionals will walk away with best practices on:
- Finding and assessing risk of all cloud apps running in your enterprise
- Onboarding new apps and bringing them into the secure Single Sign On fold
- Using identity to enable access and enforce usage and content policies
- Dealing with security issues such as poor reputation users and compromised accounts
- Communicating and coaching users
Office 365 in Focus. Security and Governance Strategies from the Experts - We...Netskope
One of today's biggest cloud trends is enterprise adoption of the Microsoft Office 365 suite. There is one wrinkle, though. Your business wants to move quickly to get immediate value, while your security team needs to proceed a little more cautiously to ensure they can govern usage and protect sensitive data. Can organizations move quickly and instrument the proper controls?
Join Adrian Sanabria, Senior Security Analyst from 451 Research, Shamiana Soderberg, Senior Business Development Manager Cloud Productivity from Microsoft, and Jamie Barnett, CMO of Netskope for a look at safe enablement best practices for Office 365, and the role Cloud Access Security Brokers play in this effort.
Attendees will come away with the ten real-world requirements that every organization should consider when adopting a sanctioned cloud productivity suite like Office 365. These requirements will address areas like:
- Granular administrative and user controls across the Office 365 suite
- DLP for content “at rest” within and “en route” to or from the suite
- Usage and data governance within the suite and its ecosystem
In this edition of the Netskope Cloud Report infographic for Europe, Middle East, and Africa, we've compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform.
In this Netskope Cloud Report infographic, we've compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform.
Making Cloud Security Part of Your DNA Webinar SlidesNetskope
To watch the full Making Cloud Security Part of Your DNA webinar video, please go to: https://resources.netskope.com/h/i/65967799-making-cloud-security-part-of-your-dna
Summary:
As Chief Security Officer for leading cancer diagnostic company Genomic Health, Craig Guinasso makes cloud a strategic advantage while solving some of today’s most complex security challenges.
Join Craig, along with Sanjay Beri, CEO of Netskope, Missy Krasner, Managing Director of Healthcare at Box, and David Baker, CSO of Okta, for a webinar on the top five strategies that healthcare technology leaders should adopt to get the most out of the cloud while also protecting patient health data and keeping their organizations compliant.
In this powerpoint, you will get a glimpse into the webinar where we discussed how to:
- Think about cloud services in relation to business objectives
- Triage Shadow IT and consolidate on the most enterprise-ready cloud services
- Create checks and policies to identify and prevent PHI leaks
- Turn their business stakeholders into security champions
NetskopeTM is the leader in cloud app analytics and policy enforce- ment. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps.
Data Privacy, Security, and Sovereignty in a Cloudy WorldNetskope
Jon Oltsik, ESG Senior Principal Analyst and widely recognized information security expert, reviews what it means to ensure data privacy, security, and sovereignty, and what you should be looking for from your cloud providers.
The Ponemon Institute issued a first-of-its-kind report sponsored by Netskope that identifies a “cloud multiplier effect” on the probability of a data breach. IT and security professionals believe that increasing the use of cloud services in the enterprise will increase the likelihood of a $20M data breach by as much as 3x. In these slides and the accompanying on-demand video, Dr. Larry Ponemon and Netskope CEO Sanjay Beri for a look at the report findings and for advice on how enterprises can mitigate this multiplier and enable safe cloud usage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
2. Rushikesh Vishwakarma
● Member of Technical Staff, Netskope
○ Cloud Security Enthusiast
○ Identifying the malware & phishing services using cloud
○ https://www.netskope.com/blog/author/rushikeshvishwakarma
3. Ashwin Vamshi
● Staff Security Research Engineer, Netskope
○ Interest in targeted attacks and malwares using cloud services
○ Speaker @ RSA, Defcon, Bsides
○ https://www.netskope.com/blog/author/ashwinvamshi
○ https://www.linkedin.com/in/ashwinvamshi
4. Cloud Transformation
❖ Enterprises are moving towards Cloud
➢ The traffic has moved from static websites to cloud
❖ Evaluations ?
➢ Do we know what is shared responsibility ?
■ Are we having enough controls ?
➢ What is our security posture ?
❖ Threat actors
➢ I can haz Cloud
8. Motivation for Threat actors to use Cloud
❖ Implicit trust
❖ Ease of use and abuse
❖ Reduces the infrastructure overhead
❖ More powerful than traditional hosting or computing services
❖ Significantly cheaper than traditional attack methods (No DGA or BPH needed)
❖ Protection by default (encrypted traffic, API driven communication, etc)
11. Agenda
❖ Detail specific attack patterns with the theme: Malware in the Cloud (MITC)
➢ Cloud as a malware hosting platform
➢ Cloud as a command and control channel
➢ Cloud as a platform to spread malware
➢ Cloud as a platform to host Crimeware as a Service
❖ How to protect against cloud threats
15. ShortJSRAT
❖ Scriptlets using the “Squiblydoo” technique
❖ Bypasses application whitelisting solutions like Windows Applocker
❖ Uses Cloud services for downloading the next stage payloads
➢ Google Shortener, Dropbox, Github
https://www.netskope.com/blog/shortjsrat-leverages-cloud-scriptlets
23. Cloud phishing fanout
❖ Victim shares bait via cloud app
➢ Secondary propagation vector - cloud sync email attachments
➢ Secondary victims lose context - where did the file originally come from?
❖ “Default allow” action in popular PDF readers
➢ No warnings after you allow a domain
➢ Attacker can easily deploy multiple attacks over same domain
https://www.netskope.com/blog/decoys-phishing-cloud-latest-fan-effect
31. ❖ PhaaS: Hosted in Amazon, Evennode, Now.
❖ Phishing pages hosted in Pomf clones
➢ SSL powered
➢ Designed to mimic login pages of
popular services like Microsoft, Google
Docs, Dropbox, and DocuSign
❖ Victims credentials recorded via websockets
Hackshit - Phishing as a Service
https://www.netskope.com/blog/resurgence-of-phishing-as-a-service-phaas-platforms
34. Cloud malware commonalities
❖ Users trust cloud services
❖ Users trust cloud files shared by coworkers and partners
❖ Blocking cloud malware is hard - you can’t just block the app
35. Recommendations
❖ Inspect your cloud traffic
❖ Block services you don’t need
❖ Block unsanctioned instances of services you do need