This document discusses how phishing attacks have evolved to take advantage of cloud services. It provides examples of phishing-as-a-service models that easily host phishing sites on cloud infrastructure. Attackers are able to make phishing sites appear more legitimate by using SSL certificates and domains from major cloud providers. The document also examines how malicious files spread unintentionally through default file sharing and syncing features of cloud apps, multiplying the impact of attacks. Abusing open redirection and default file handling policies, attackers can leverage the cloud to construct complex redirection chains to deliver malware while appearing innocuous. The widespread adoption of cloud services by both attackers and defenders means cloud security must be a priority to prevent abuse while realizing the benefits of the
5 Highest-Impact CASB Use Cases - Office 365Netskope
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top Office 365-specific five CASB use cases that have the highest impact on cloud-consuming enterprises.
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top five CASB use cases that have the highest impact on cloud-consuming enterprises.
5 Highest-Impact CASB Use Cases - Office 365Netskope
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top Office 365-specific five CASB use cases that have the highest impact on cloud-consuming enterprises.
Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top five CASB use cases that have the highest impact on cloud-consuming enterprises.
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
90% of cloud apps in the enterprise are being used without IT’s knowledge. Whether brought in by individuals or lines of business, there’s an average of 508 apps per enterprise and more than 5,000 in the world from which people can choose. Where things get even more interesting is when cloud and mobile combine and the opportunity for data loss and breaches multiply.
These slides are from a webinar where leading identity management, cloud security, and fraud management expert Andras Cser from Forrester and Netskope’s Sr. Director of Product Marketing Bob Gilbert talk about the importance of understanding which employees are using which cloud apps and from where they’re accessing them.
View the on-demand webinar here:
http://www.netskope.com/webinars/securing-cloud-users-left-devices/
Security O365 Using AI-based Advanced Threat ProtectionBitglass
Office 365 has garnered widespread adoption from enterprises due to its advantages such as ease of deployment, lower TCO, and high scalability. Additionally, it enables end-users to work and collaborate from anywhere and on any device. Although Office 365 enables IT to shift the burden for app and infrastructure to the cloud vendor, data security remains the responsibility of the enterprise. Given the limitations of native malware protection on Office 365, should the enterprise rely on Office 365 to protect their data from malware and ransomware?
Join Bitglass and Cylance for a discussion on malware protection solutions for Office 365. We will cover the limitations of native Office 365 malware protection as well as the benefits of AI and machine learning based approaches. We will wrap up the session by discussing how CASBs, with Advanced Threat Protection (ATP) capabilities, are uniquely positioned to protect cloud apps and end-points from malware attacks and proliferation.
Shadow IT is often used in a derogatory manner, but what if the apps and services a company's employees are bringing into the enterprise were actually the secret to their success? What if the efficiency and productivity gains your company is experiencing are owed, in part, to these apps that IT isn't responsible for sourcing and enabling? In this presentation Netskope discusses the challenges and opportunities that come from the use of rogue apps in the enterprise and how IT can turn the corner and end the catch-22 between enablement and security.
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
Security teams are constantly keeping up with complex attacks leveraging the cloud, but traditional security stacks just can’t keep pace with malicious actors or insiders. In the session, we’ll explore Gartner’s new SASE framework and how organizations can utilize Zero Trust, visibility into cloud-based traffic and cloud threat protection to build a modernized cloud-first stack.
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
There is an art to securely using cloud apps and services, including SaaS, PaaS, and IaaS. In this Symantec webcast, hear from Steve Riley, a Gartner senior director analyst who focuses on public cloud security, and Eric Andrews, Symantec’s vice president of cloud security, as they share best practices with practical tips for deploying CASB. Watch here: https://symc.ly/2QTyUec.
Esta presentación describe la naturaleza de las ciberamenazas modernas y cómo afectan la transición de la empresa a la infraestructura de la nube. Más específicamente, las suposiciones sobre la seguridad de la infraestructura en la nube que serán desafiadas y reexaminadas desde la perspectiva de un atacante, y se explorarán los puntos débiles de la nube. Esta presentación debe dar una perspectiva a las organizaciones con respecto a algunos de los puntos clave de debilidad en su nube, y qué se puede hacer para mitigar las amenazas que apuntan a estas debilidades en el futuro.
Lacework Overview: Security Redefined for Cloud ScaleLacework
Cloud computing has revolutionized IT and is disrupting security. Speed, elasticity, and unlimited scale are characteristics of the cloud that conventional security does not support well.
To succeed, cloud security teams need to operate at the same pace as DevOps, secure thousands of continuously changing workloads, and monitor activities and metrics that are unique to the cloud.
This is exactly what the team had in mind when building the Lacework Cloud Security Platform. Our approach natively brings speed and automation to every cloud security process, and:
- Automates the discovery of what must be protected
- Monitors for behavioral anomalies to detect threats and prevent breaches
- Eliminates the use labor-intensive rules and policies
- Delivers comprehensive insights that replace time-consuming log analysis
The result is better security regardless of the technology in use now and in the future. Lacework supports public and private clouds, VMs or containers, Docker or Kubernetes, Linux or Windows Server and any combination of these.
#ALSummit: Realities of Security in the CloudAlert Logic
James Brown (VP Technology Solutions Group, Alert Logic)'s presentation on the reality of securing your digital transformation to the cloud at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
Join this webinar to learn about:
- Growing threat landscape
- Challenges to a successful security strategy
- Business impact of attacks
- Securing web applications from attacks
Application layer attack trends through the lens of Cloudflare dataCloudflare
The past few months have seen significant changes in how attackers target the application layer—through injection attacks, malicious bots, DDoS, API vulnerability exploits, and more. We can observe these changes by analyzing traffic from Cloudflare’s global network, which blocks an average of 45 billion threats per day for over 27 million Internet properties.
Watch this webinar to explore data on:
Which attack vectors have become more and less common
How those changes vary by region and industry
The business and societal trends behind these attacks
Strategies for addressing these latest attack tactics
Cloud adoption introduces new attack vectors and poses new security challenges. Learn how a visibility platform can help protect your data and applications in the cloud.
How Lacework delivers automated security for AWS. From initial configuration to compliance assessment and daily operations, Lacework integrates with and augments AWS services to deliver advanced protection to the assets you deploy on AWS.
Strengthening security posture for modern-age SaaS providersCloudflare
Businesses become more resilient in times of crises. This is especially true for SaaS businesses that are facing unprecedented challenges in this environment. While some are catering to a surge in traffic, others are figuring out innovative solutions to retain their customers. In addition, increasing malicious attacks are straining the resources of these SaaS businesses.
Now more than ever, it is important for SaaS providers to deliver an uninterrupted experience. One that is fast, secure, and reliable to their customers in a cost effective manner.
Join this webcast to learn more about how ActiveCampaign leverages Cloudflare to deliver meaningful services to their end users.
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaCristian Garcia G.
Hoy en día, una media de más de 1000 aplicaciones Cloud se está utilizando en cada empresa, de las cuales, el 98% se categoriza como «Shadow IT», lo cual significa que la dirección IT no las controla.
Además, 80% de la información que sale afuera de las empresas se comparte utilizando aplicaciones Cloud. Y más de 50% del acceso y uso de las aplicaciones Cloud se realiza desde fuera de las redes corporativas.
Speaker 1: Ashwin Vamshi
Speaker 2: Abhinav Singh
Cloud services are built for increased collaboration and productivity, and provide capabilities like auto sync and API level communication. This has led enterprises to exclusively use SaaS, PaaS and IaaS services for storing and sharing critical and confidential data. End users as well as security products tend to place implicit trust in cloud vendors such as Microsoft, AWS, Google, and SaaS app vendors such as Box, Salesforce, DropBox. As a result, cybercriminals have started launching their attacks from these trusted cloud services. This talk will focus on how attackers are abusing these trusted cloud services to create Phishing attacks that are highly effective and hard to detect.
Forrester Research: Securing the Cloud When Users are Left to Their Own DevicesNetskope
90% of cloud apps in the enterprise are being used without IT’s knowledge. Whether brought in by individuals or lines of business, there’s an average of 508 apps per enterprise and more than 5,000 in the world from which people can choose. Where things get even more interesting is when cloud and mobile combine and the opportunity for data loss and breaches multiply.
These slides are from a webinar where leading identity management, cloud security, and fraud management expert Andras Cser from Forrester and Netskope’s Sr. Director of Product Marketing Bob Gilbert talk about the importance of understanding which employees are using which cloud apps and from where they’re accessing them.
View the on-demand webinar here:
http://www.netskope.com/webinars/securing-cloud-users-left-devices/
Security O365 Using AI-based Advanced Threat ProtectionBitglass
Office 365 has garnered widespread adoption from enterprises due to its advantages such as ease of deployment, lower TCO, and high scalability. Additionally, it enables end-users to work and collaborate from anywhere and on any device. Although Office 365 enables IT to shift the burden for app and infrastructure to the cloud vendor, data security remains the responsibility of the enterprise. Given the limitations of native malware protection on Office 365, should the enterprise rely on Office 365 to protect their data from malware and ransomware?
Join Bitglass and Cylance for a discussion on malware protection solutions for Office 365. We will cover the limitations of native Office 365 malware protection as well as the benefits of AI and machine learning based approaches. We will wrap up the session by discussing how CASBs, with Advanced Threat Protection (ATP) capabilities, are uniquely positioned to protect cloud apps and end-points from malware attacks and proliferation.
Shadow IT is often used in a derogatory manner, but what if the apps and services a company's employees are bringing into the enterprise were actually the secret to their success? What if the efficiency and productivity gains your company is experiencing are owed, in part, to these apps that IT isn't responsible for sourcing and enabling? In this presentation Netskope discusses the challenges and opportunities that come from the use of rogue apps in the enterprise and how IT can turn the corner and end the catch-22 between enablement and security.
Why Everyone Needs a Cloud-First Security Program - SASEfaction Guaranteed!Netskope
Security teams are constantly keeping up with complex attacks leveraging the cloud, but traditional security stacks just can’t keep pace with malicious actors or insiders. In the session, we’ll explore Gartner’s new SASE framework and how organizations can utilize Zero Trust, visibility into cloud-based traffic and cloud threat protection to build a modernized cloud-first stack.
Symantec Webinar | Tips for Successful CASB ProjectsSymantec
There is an art to securely using cloud apps and services, including SaaS, PaaS, and IaaS. In this Symantec webcast, hear from Steve Riley, a Gartner senior director analyst who focuses on public cloud security, and Eric Andrews, Symantec’s vice president of cloud security, as they share best practices with practical tips for deploying CASB. Watch here: https://symc.ly/2QTyUec.
Esta presentación describe la naturaleza de las ciberamenazas modernas y cómo afectan la transición de la empresa a la infraestructura de la nube. Más específicamente, las suposiciones sobre la seguridad de la infraestructura en la nube que serán desafiadas y reexaminadas desde la perspectiva de un atacante, y se explorarán los puntos débiles de la nube. Esta presentación debe dar una perspectiva a las organizaciones con respecto a algunos de los puntos clave de debilidad en su nube, y qué se puede hacer para mitigar las amenazas que apuntan a estas debilidades en el futuro.
Lacework Overview: Security Redefined for Cloud ScaleLacework
Cloud computing has revolutionized IT and is disrupting security. Speed, elasticity, and unlimited scale are characteristics of the cloud that conventional security does not support well.
To succeed, cloud security teams need to operate at the same pace as DevOps, secure thousands of continuously changing workloads, and monitor activities and metrics that are unique to the cloud.
This is exactly what the team had in mind when building the Lacework Cloud Security Platform. Our approach natively brings speed and automation to every cloud security process, and:
- Automates the discovery of what must be protected
- Monitors for behavioral anomalies to detect threats and prevent breaches
- Eliminates the use labor-intensive rules and policies
- Delivers comprehensive insights that replace time-consuming log analysis
The result is better security regardless of the technology in use now and in the future. Lacework supports public and private clouds, VMs or containers, Docker or Kubernetes, Linux or Windows Server and any combination of these.
#ALSummit: Realities of Security in the CloudAlert Logic
James Brown (VP Technology Solutions Group, Alert Logic)'s presentation on the reality of securing your digital transformation to the cloud at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
Are you aware of the current security threats to your business? Are you prepared to handle the next big DDoS attack? What can you do to be prepared?
Join this webinar to learn about:
- Growing threat landscape
- Challenges to a successful security strategy
- Business impact of attacks
- Securing web applications from attacks
Application layer attack trends through the lens of Cloudflare dataCloudflare
The past few months have seen significant changes in how attackers target the application layer—through injection attacks, malicious bots, DDoS, API vulnerability exploits, and more. We can observe these changes by analyzing traffic from Cloudflare’s global network, which blocks an average of 45 billion threats per day for over 27 million Internet properties.
Watch this webinar to explore data on:
Which attack vectors have become more and less common
How those changes vary by region and industry
The business and societal trends behind these attacks
Strategies for addressing these latest attack tactics
Cloud adoption introduces new attack vectors and poses new security challenges. Learn how a visibility platform can help protect your data and applications in the cloud.
How Lacework delivers automated security for AWS. From initial configuration to compliance assessment and daily operations, Lacework integrates with and augments AWS services to deliver advanced protection to the assets you deploy on AWS.
Strengthening security posture for modern-age SaaS providersCloudflare
Businesses become more resilient in times of crises. This is especially true for SaaS businesses that are facing unprecedented challenges in this environment. While some are catering to a surge in traffic, others are figuring out innovative solutions to retain their customers. In addition, increasing malicious attacks are straining the resources of these SaaS businesses.
Now more than ever, it is important for SaaS providers to deliver an uninterrupted experience. One that is fast, secure, and reliable to their customers in a cost effective manner.
Join this webcast to learn more about how ActiveCampaign leverages Cloudflare to deliver meaningful services to their end users.
Proteja sus datos en cualquier servicio Cloud y Web de forma unificadaCristian Garcia G.
Hoy en día, una media de más de 1000 aplicaciones Cloud se está utilizando en cada empresa, de las cuales, el 98% se categoriza como «Shadow IT», lo cual significa que la dirección IT no las controla.
Además, 80% de la información que sale afuera de las empresas se comparte utilizando aplicaciones Cloud. Y más de 50% del acceso y uso de las aplicaciones Cloud se realiza desde fuera de las redes corporativas.
Speaker 1: Ashwin Vamshi
Speaker 2: Abhinav Singh
Cloud services are built for increased collaboration and productivity, and provide capabilities like auto sync and API level communication. This has led enterprises to exclusively use SaaS, PaaS and IaaS services for storing and sharing critical and confidential data. End users as well as security products tend to place implicit trust in cloud vendors such as Microsoft, AWS, Google, and SaaS app vendors such as Box, Salesforce, DropBox. As a result, cybercriminals have started launching their attacks from these trusted cloud services. This talk will focus on how attackers are abusing these trusted cloud services to create Phishing attacks that are highly effective and hard to detect.
Risks in cloud computing
Data security in cloud
Cloud security services
Tools and technologies for cloud
Cloud mashaps
Apache hadoop
Cloud tools
central level security
This presentation was delivered at the 2nd International Conference on Recent Trends in Information Technology and Computer Science in Mumbai. The paper deals with security issues in Cloud Computing, its mitigation and proposes a secure cloud mechanism with an implementation of the single-sign on mechanism on the Ubuntu Enterprise Cloud
Cloud Security Issues and Challenge.pptxinfosec train
Cloud computing has reformed the way businesses operate these days. Today, the cloud is being adopted by an increasing number of enterprises.
https://www.infosectrain.com/courses/certified-cloud-security-engineer-training-course/
Gartner predicts that nearly 40% of enterprise IT application spend will be shifted to cloud versus on-premise by 2020.
However, most IT departments evaluate and select cloud-based apps based on their many business productivity benefits but a number of critical security and performance issues need to be considered at the same time.
This white paper details some of the major considerations you will need to focus on when looking for cloud app security. You will also learn about:
Limitations of existing products
Integrated cloud security gateway approach
Malware and data security challenges
And much, much more
The transition to cloud services provides many advantages to the organization, including scalability, flexibility, efficiency, reducing cost and enjoying an enterprise grade level of security that meets the highest standards. However, cloud services also entail various risks that the organization must recognize and mitigate before the transition to the cloud.
The transition to cloud services contain many advantages to the organization such as, scalability, flexibility, efficiency, reducing cost and enjoying an enterprise grade level of security that meets the highest standards. However, cloud services also entail various risks that the organization must recognize and mitigate before the transition to the cloud.
Many organizations fear migrating their applications to the cloud because it can
be an extremely challenging and complex task. This process will require proper
planning, effort, and time in order for it to be successful.
The security measures as well as practices that organizations have built for their
on-premise infrastructure do not coincide with what they require in the cloud,
where everything is deeply integrated.
Before streamlining your workflow with cloud computing, you must be aware of
the most challenging security risks and how to avoid them. Let's explore how
organizations should approach the security aspects of cloud migration, from API
integration to access control and continuous monitoring.
This article will highlight some of the most common fears organizations have
while moving from an on-premise infrastructure to a cloud environment.
Cloud Computing offers an on-demand and scalable access to a shared pool of resources hosted in a data center at providers’ site. It reduces the overheads of up-front investments and financial risks for the end-user. Regardless of the fact that cloud computing offers great advantages to the end users, there are several challenging issues that are mandatory to be addressed.
Cloud Security - Types, Common Threats & Tips To Mitigate.pdfDataSpace Academy
With businesses increasingly relying on the cloud, hackers are fast targeting cloud computing networks. There is an urgent need for robust cloud security measures to keep your network and data safe from prying eyes. The blog begins with a discussion on the significance of cloud security and types of cloud security. It also talks about the common threats faced by a cloud network. The blog further wraps up with a detailed list of the best security practices to follow to ensure a powerful security infrastructure for cloud networks.
The Definitive CASB Business Case Kit - PresentationNetskope
As #1 on Gartner’s information security agenda, CASB is a must-have. But is your business case lined up? Get started now with the definitive CASB business case starter kit. The kit includes:
- The Gartner Market Guide to Cloud Access Security Brokers
- A CASB justification letter that you can tailor and deliver to your decision-maker
- A CASB ROI calculator into which you can enter your assumptions, plus a 3-slide companion executive presentation
- A sample Cloud Risk Assessment so you know what to expect when you request this analysis from your CASB
- The Netskope Cloud Report, which contains the latest cloud security benchmarks
- The 15 Most Critical CASB Use Cases eBook, which will help you understand and prioritize your CASB use cases
In this Netskope Cloud Report™, we’ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform™. Report findings are based on usage seen across millions of users in hundreds of accounts globally, and represent usage trends from January 1 through March 31, 2016.
Report highlights:
- Three-quarters of cloud apps in use lack key capabilities to comply with the upcoming European Union General Data Protection Regulation.
- Malware continues its rise in enterprise clouds, with an average of 11.0 percent of enterprises detecting malware in their sanctioned apps.
- 26.2 percent of malware files discovered in sanctioned apps are shared with internal or external users or publicly.
- Enterprises have an average of 777 cloud apps in use, a slight rise from 769 last quarter. The Microsoft Office 365 suite continues to lead the pack in top-used business productivity apps, with Office 365 Outlook.com, OneDrive for Business, SharePoint, Yammer, and Lync in the number 2, 3, 12, 19, and 20 spots, respectively.
- Cloud Storage apps dominate cloud DLP violations, with 73.6 percent of the total.
June 2016 Worldwide Netskope Cloud Report Netskope
In this Netskope Cloud Report™, we’ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform™. Report findings are based on usage seen across millions of users in hundreds of accounts globally, and represent usage trends from January 1 through March 31, 2016.
Report highlights:
- Three-quarters of cloud apps in use lack key capabilities to comply with the upcoming European Union General Data Protection Regulation.
- Malware continues its rise in enterprise clouds, with an average of 11.0 percent of enterprises detecting malware in their sanctioned apps.
- 26.2 percent of malware files discovered in sanctioned apps are shared with internal or external users or publicly.
- Enterprises have an average of 935 cloud apps in use, a slight rise from 917 last quarter. The Microsoft Office 365 suite continues to lead the pack in top-used business productivity apps, with Office 365 Outlook.com, OneDrive for Business, SharePoint, Yammer, and Lync in the number 2, 3, 12, 19, and 20 spots, respectively.
- Cloud Storage apps dominate cloud DLP violations, with 73.6 percent of the total.
Cure for the Common Cloud: How Healthcare can Safely Enable the CloudNetskope
The explosion of useful cloud applications has enabled new levels of productivity, resulting in strategic advantages for some healthcare providers. But cloud app usage is not without risk.
Craig Guinasso, CSO of Genomic Health, is leveraging the power of the cloud, while solving some of today’s most complex security challenges.
Craig, along with Krishna Narayanaswamy, co-founder and chief scientist of Netskope, discuss the top five strategies that healthcare technology and security leaders are adopting to get the most out of the cloud, while protecting patient health data and maintaining their organization’s compliance.
Attendees will learn how to:
- Think about cloud services in relation to business objectives
- Triage Shadow IT and consolidate on the most enterprise-ready cloud services
- Create checks and policies to identify and prevent PHI leaks
- Turn their business stakeholders into security champions
Quantifying Cloud Risk for Your Corporate LeadershipNetskope
The “move to the cloud” has long been considered a key initiative by organizations worldwide. With this move, there’s a level of increased risk that enterprises must address. What’s different is using cloud services requires abdicating some control over how systems and data are being protected. We begin this discussion on this footing.
Join Scott Hogrefe, Sr. Director of Market Data for Netskope, who will lead this discussion about what CISOs need to know about:
- Their cloud risk
- How to quantify it for their corporate leadership and board of directors
- How to convey it in the context of their overall cloud strategy
Lions, Tigers, and PHI, Oh My! The latest in data loss prevention in the cloud.Netskope
Let’s face it: When it comes to data loss prevention, we’re not in Kansas anymore. Any and all types of sensitive business data is now stored in the cloud and accessed from personal devices and most of the time, IT doesn’t even know it. This presentation is from a webinar with our guest speaker Forrester VP and Principal Analyst John Kindervag and Netskope VP of Product Management Rajneesh Chopra. In it, they explore the following:
- Trends surrounding cloud and data loss prevention
- How on-premises DLP users have helped shape the design of new, cloud-based solutions
- Key architectural considerations for enterprises who have invested in on-premises DLP
- Pitfalls that every IT security professional should look out for when developing a cloud DLP strategy
In this Netskope Cloud Report infographic, we've compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform.
Fall 2015 Worldwide Netskope Cloud Report Netskope
In this Netskope Cloud Report infographic, we've compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform.
Cloud Security for Dummies Webinar — The Identity EditionNetskope
Join "Cloud Security for Dummies" authors Ravi Ithal and Krishna Narayanaswamy, along with Patrick Harding, CTO from Ping Identity for this special “Identity Edition” of the Cloud Security for Dummies webinar series.
In this panel-style discussion, the experts will compare notes, debate approaches, and share stories from the cloud security and identity and access management front lines. IT security professionals will walk away with best practices on:
- Finding and assessing risk of all cloud apps running in your enterprise
- Onboarding new apps and bringing them into the secure Single Sign On fold
- Using identity to enable access and enforce usage and content policies
- Dealing with security issues such as poor reputation users and compromised accounts
- Communicating and coaching users
Office 365 in Focus. Security and Governance Strategies from the Experts - We...Netskope
One of today's biggest cloud trends is enterprise adoption of the Microsoft Office 365 suite. There is one wrinkle, though. Your business wants to move quickly to get immediate value, while your security team needs to proceed a little more cautiously to ensure they can govern usage and protect sensitive data. Can organizations move quickly and instrument the proper controls?
Join Adrian Sanabria, Senior Security Analyst from 451 Research, Shamiana Soderberg, Senior Business Development Manager Cloud Productivity from Microsoft, and Jamie Barnett, CMO of Netskope for a look at safe enablement best practices for Office 365, and the role Cloud Access Security Brokers play in this effort.
Attendees will come away with the ten real-world requirements that every organization should consider when adopting a sanctioned cloud productivity suite like Office 365. These requirements will address areas like:
- Granular administrative and user controls across the Office 365 suite
- DLP for content “at rest” within and “en route” to or from the suite
- Usage and data governance within the suite and its ecosystem
In this edition of the Netskope Cloud Report infographic for Europe, Middle East, and Africa, we've compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform.
In this Netskope Cloud Report infographic, we've compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform.
Making Cloud Security Part of Your DNA Webinar SlidesNetskope
To watch the full Making Cloud Security Part of Your DNA webinar video, please go to: https://resources.netskope.com/h/i/65967799-making-cloud-security-part-of-your-dna
Summary:
As Chief Security Officer for leading cancer diagnostic company Genomic Health, Craig Guinasso makes cloud a strategic advantage while solving some of today’s most complex security challenges.
Join Craig, along with Sanjay Beri, CEO of Netskope, Missy Krasner, Managing Director of Healthcare at Box, and David Baker, CSO of Okta, for a webinar on the top five strategies that healthcare technology leaders should adopt to get the most out of the cloud while also protecting patient health data and keeping their organizations compliant.
In this powerpoint, you will get a glimpse into the webinar where we discussed how to:
- Think about cloud services in relation to business objectives
- Triage Shadow IT and consolidate on the most enterprise-ready cloud services
- Create checks and policies to identify and prevent PHI leaks
- Turn their business stakeholders into security champions
NetskopeTM is the leader in cloud app analytics and policy enforce- ment. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps.
Data Privacy, Security, and Sovereignty in a Cloudy WorldNetskope
Jon Oltsik, ESG Senior Principal Analyst and widely recognized information security expert, reviews what it means to ensure data privacy, security, and sovereignty, and what you should be looking for from your cloud providers.
The Ponemon Institute issued a first-of-its-kind report sponsored by Netskope that identifies a “cloud multiplier effect” on the probability of a data breach. IT and security professionals believe that increasing the use of cloud services in the enterprise will increase the likelihood of a $20M data breach by as much as 3x. In these slides and the accompanying on-demand video, Dr. Larry Ponemon and Netskope CEO Sanjay Beri for a look at the report findings and for advice on how enterprises can mitigate this multiplier and enable safe cloud usage.
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...Netskope
Shadow IT. It's not a new term and certainly not a new challenge. But with only blunt-force solutions like saying "no" or blocking cloud services at the firewall, IT has not been able to do much to address the challenge. This is all changing. Business and IT leaders alike see real value in cloud services and want to take a lean-forward approach to enabling them. The reality, though, is that cloud services are not without their risks, and the risk of a data breach increases when the cloud is involved. Hear from Netskope about the risks, economic impact, and multiplier effect of a cloud data breach, and how forward-looking organizations are walking the razor’s edge to mitigate these risks while enabling the cloud.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
2. ❖ @ashwin_vamshi
❖ https://www.linkedin.com/in/ashwinvamshi
❖ Staff Security Research Engineer, Netskope
➢ Innate interest in targeted attacks and malwares
using cloud services.
➢ Identifying malwares, campaigns and threat
actors using ‘cloud as an attack vector’
Ashwin Vamshi
2
4. Attacks “at the scale of cloud”
• Wide-scale adoption of cloud services by cybercriminals with an
increase around phishing attacks.
• The phished baits are designed to mimic login pages of popular
cloud services
• Phishing attacks hosted in the cloud are highly effective and hard
to detect.
• Example - Phishing website with a Microsoft domain and a
Microsoft-issued SSL certificate, asking for Office 365 credentials.
4
6. BEC in the cloud era - Problem statement
• Attacks with SSL certificates/Cloud services to
appear legitimate.
• Tricks corporate users that are savvy enough
to check that the domain and SSL certificate
of a website is from a trusted origin.
• Slow take-downs, fast recovery.
6
7. 1. PhaaS - Phishing as a Service
Cloud Abuse techniques
8. PhaaS - Attack Description
• Cloud hosted Phishing-as-a-Service cyber-crime model.
• Click, Build & Host.
• Flexible plans with wide variety of payment options being
accepted.
• Additional features like user training, 24/7 customer
support and remote monitoring.
8
10. Hackshit – Infection Monitoring Page
10
• The phished baits were served with SSL
certificates signed by LetsEncrypt or Comodo.
• TLD’s: “moe”, “tn”, “cat”, “wtf”, and “space”.
• These websites were clones built using a file
uploading and sharing platform named Pomf.
• Pomf clones not indexed by search engines.
12. Hackshit - Pointers
• Recorded the victims credentials via websocket
service hosted in the cloud.
• Shift of service: Amazon > Evennode > Now.
• Takedowns → resurface and reuse attack elements.
• Classic example of reusing the same attack elements
onto new cloud accounts.
12
18. 3. Cloud Fan-out
Effect
• Infection spreading through the default Sync-&-
Share property of SaaS services.
• Use of collaboration tools that automatically sync
email attachments to SaaS apps.
• Self inflicted propagation of malicious file across
the peer network.
• Even if unsuccessful- may leave the target
vulnerable to future attacks. (Default Allow Policy)
18
19. CloudPhishing Fan-out – Case Study
A victim inadvertently shares the phishing
document with colleagues, whether
internal or external, via a cloud service.
Secondary propagation vector.
Shared users lose the context of the document’s external origin and may trust the
internally shared document as if it were created internally.
22. Attack Description - Default Allow Policy
22
ABUSES THE “DEFAULT ALLOW” POLICY
FOR POPULAR PDF READERS.
WARNING FROM PDF VIEWING
APPLICATION POINTING TO AN
EXTERNAL LINK CONNECTING TO THE
CLOUD APPLICATION. FOR LEGITIMATE
REASONS.
THE NORTH ALWAYS “REMEMBERS”
25. Attack Description - PDF Annotations
25
Indicates that the attackers plan to reuse the decoy template by
appending new links when the URL is taken down.
Annotations mostly carried out using RAD PDF annotator by
threat actors.
Attack campaign artifacts are simply being reused by the
malware author to rapidly adapt to malicious file takedowns.
27. Attack Description
• Phishing email containing PDF decoy
document which points to Google
app engine.
• Abuses Google Cloud app engine’s
open redirection to deliver malware.
• Allows the attacker to
construct a redirection chain.
• The URL redirection case falls
under the category of
Unvalidated Redirects and
Forwards as per OWASP.
27
28. GCP Open redirection chain
The user is logged out from appengine.google.com
and a response status code ‘302’ is generated for
URL redirection.
– As this action gets executed, the user is in
turn redirected to google.com/url using the
query “?continue=”.
– Using this redirection logic, the destination
landing page is reached.
• These Themed decoys primarily targeted
governments, banking and financial firms
worldwide via phishing emails sent by the
attackers posing as legitimate customers of
those institutions.
29. Motivation
behind
abusing
cloud
services
29
Ease of use and abuse.
Reduces the infrastructure overhead.
Way more powerful than traditional hosting or
computing services.
Significantly cheaper than traditional attack
methods (No DGA or BPH needed).
Gives attackers protection by default (encrypted
traffic, API driven communication etc).
30. Conclusion
30
Cloud adoption helps organizations in
improving their IT infrastructure and control
cost.
Its rapid adoption has also caught the
attention of cyber criminals who are
financially motivated.
Cloud Service Providers (CSP) have adopted
the concept of shared responsibility model for
securing the workloads.
Organizations should carefully assess the risks
and potential threats when moving towards
the cloud.
31. Defensive
Measures
31
Enterprises should educate their users to recognize
private and public cloud URLs, so they can discern
malicious sites from official sites.
Actively track usage of unsanctioned cloud services
and enforce DLP policies to control files and data en
route to or from your corporate environment
Un-check the option “Remember this action for this
site for all PDF documents” in PDF reader software
Business Email conversations seldom ask for your
personal or account information. Consult the
relevant organisation if in doubt before giving off
sensitive personal or account information