The document discusses Dell Technologies' cyber recovery services which aim to help organizations increase their confidence in recovering from cyberattacks. It outlines key benefits of the cyber recovery solution such as isolating critical data and systems, automating regular data copies to immutable storage, and providing intelligent security analytics. The services are tailored for specific customer needs and industries. Case studies describe how various organizations have implemented cyber recovery to address business drivers like regulatory compliance, ransomware attacks, and protecting critical data and applications.
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
Together, Cortex XSOAR and Elastic SIEM deliver a flexible and effective solution for today's security operations teams. Combining Cortex XSOAR's robust orchestration, automation, and case management capabilities with Elastic's open collection, search, and analytics abilities provides the comprehensive end-to-end strategy SOC teams need to gain visibility to stop threats.
Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology. Pete's presentation talks about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
From ATT&CKcon 3.0
By Ismael Valenzuela and Jose Luis Sanchez Martinez, Trellix
The Trellix team believes that creating and sharing compelling stories about cyber threats -with ATT&CK- is a powerful way for raising awareness and enabling actionability against cyber threats.
In this talk the team will share their experiences leveraging ATT&CK to disseminate Threat knowledge to different audiences (Software Development teams, Managers, Threat detection engineers, Threat hunters, Cyber Threat Analysts, Support Engineers, upper management, etc.).
They will show concrete examples and representations created with ATT&CK to describe the threats at different levels, including: 1) an Attack Path graph that shows the overall flow of the attack; 2) Tactic-specific TTP summary tables and graphs; 3) very detailed, step-by-step description of the attacker's behaviors.
Use Cases are a formal technique taught in most IS/IT disciplines. This presentation discusses a model to take that methodology and apply it to developing Security Operations and SIEM focused uses cases. The template discussed is in use at a major SIEM provider today, and is based on 10 years of implementing SIEM and building up SecOps across 15+ organizations over 10 years.
Upgrade Your SOC with Cortex XSOAR & Elastic SIEMElasticsearch
Together, Cortex XSOAR and Elastic SIEM deliver a flexible and effective solution for today's security operations teams. Combining Cortex XSOAR's robust orchestration, automation, and case management capabilities with Elastic's open collection, search, and analytics abilities provides the comprehensive end-to-end strategy SOC teams need to gain visibility to stop threats.
Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology. Pete's presentation talks about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.
Knowledge for the masses: Storytelling with ATT&CKMITRE ATT&CK
From ATT&CKcon 3.0
By Ismael Valenzuela and Jose Luis Sanchez Martinez, Trellix
The Trellix team believes that creating and sharing compelling stories about cyber threats -with ATT&CK- is a powerful way for raising awareness and enabling actionability against cyber threats.
In this talk the team will share their experiences leveraging ATT&CK to disseminate Threat knowledge to different audiences (Software Development teams, Managers, Threat detection engineers, Threat hunters, Cyber Threat Analysts, Support Engineers, upper management, etc.).
They will show concrete examples and representations created with ATT&CK to describe the threats at different levels, including: 1) an Attack Path graph that shows the overall flow of the attack; 2) Tactic-specific TTP summary tables and graphs; 3) very detailed, step-by-step description of the attacker's behaviors.
Use Cases are a formal technique taught in most IS/IT disciplines. This presentation discusses a model to take that methodology and apply it to developing Security Operations and SIEM focused uses cases. The template discussed is in use at a major SIEM provider today, and is based on 10 years of implementing SIEM and building up SecOps across 15+ organizations over 10 years.
Here are my slides on "Board and Cyber Security" that I presented at the Just People Information Security breakfast this morning. Thanks Adam for arranging the session and those who attended.
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
Here is your guide on how to progress through the cyber security career ladder. This resource shows you all the different cyber security roles and the qualifications needed for each!
What is a secure enterprise architecture roadmap?Ulf Mattsson
Webcast title : What is a Secure Enterprise Architecture Roadmap?
Description : This session will cover the following topics:
* What is a Secure Enterprise Architecture roadmap (SEA)?
* Are there different Roadmaps for different industries?
* How does compliance fit in with a SEA?
* Does blockchain, GDPR, Cloud, and IoT conflict with compliance regulations complicating your SEA?
* How will quantum computing impact SEA roadmap?
Presenters : Juanita Koilpillai, Bob Flores, Mark Rasch, Ulf Mattsson, David Morris
Duration : 68 min
Date & Time : Sep 20 2018 8:00 am
Timezone : United States - New York
Webcast URL : https://www.brighttalk.com/webinar/what-is-a-secure-enterprise-architecture-roadmap
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
We live in a time where digital technology is profoundly impacting our lives, from the way we connect with each other to how we interpret our world. First and foremost, this digital transformation is causing a tsunami of data. In fact, IDC estimates that in 2025, the world will create and replicate 163ZB of data, representing a tenfold increase from the amount of data created in 2016. In the past, organizations primarily dealt with documents and emails. But now they’re also dealing with instant messaging, text messaging, video files, images, and DIO files. The internet of things, or IOT, will only add to this explosion in data.
Managing this data overload and the variety of devices from which it is created is complicated and onerous as the market for solutions is fragmented and confusing. There are many categories of solutions, and within each, there are even more solutions to choose from. Many companies are struggling to decide how many of those solutions they need and where to start. Additionally, using multiple solutions means they won’t be integrated, so companies end up managing multiple applications from multiple disparate interfaces.
The question we often get asked is, “How can Microsoft 365 help me?”
Today, being connected on-line is a foundational aspect of many businesses. Everything from our computers and cars to phones and refrigerators are connected in the race to digital transformation.
But it comes with a cost. Every device and application in use increases our cyber-attack surface.
These slides--based on the webinar from leading IT research firm Enterprise Management Associates (EMA) and Risk IQ--provide information on:
- How to get an accurate picture of your attack surface
- How threat actors exploit our Internet presence within the context of business and security management tools, issues, and practices
- How you can reduce your risk of an attack
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
The document provides the structure and content for a general technical proposal based Symantec Data Loss Prevention. Please ensure that if being used, the latest information is provided.
Identity and Access Management Playbook CISO Platform 2016Aujas
Checklist Playbook for CISO, CSO and Information Risk & Security Managers to plan and implement a successful IAM (Identity and Access Management) program. It covers Access Governance and Identity Administration, Single Sign On (SSO), Privileged Identity Management, and more.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
This presentation goes through a higher level overview of understanding cyber resilience, important concepts, the difference between cybersecurity and cyber resilience, and frameworks aimed at achieving or assessing an organizations cyber resilience.
Intelligent compliance and risk management solutions.
First, we understand ‘compliance’ can have different meanings to various teams across enterprise. Compliance is an outcome of continuous risk management, involving compliance, risk, legal, privacy, security, IT and often even HR and finance teams which requires integrated approach to manage risk.
Let's start with the base pillar Compliance Management: compliance management is all about simplify risk assessment and mitigation in more automated way, providing visibility and insights to help meet compliance requirements.
Information Protection and Governance: we believe there is a huge opportunity for Microsoft to help our customers to know their data better, protect and govern data throughout its lifecycle in heterogenous environment. This is often the key starting point for many of our customers in their modern compliance journey – knowing what sensitive data they have, putting flexible, end-user friendly policies for both security and compliance outcomes, using more automation and intelligence.
Internal Risk Management: Internal risks are often what keeps business leaders up at night – regardless of negligent or malicious, identifying and being able to take action on internal risks are critical. The ability to quickly identify and manage risks from insiders (employees or contractors with corporate access) and minimize the negative impact on corporate compliance, competitive business position and brand reputation is a priority for organizations worldwide.
Last but not least, Discover and Respond: being able to discover relevant data for internal investigations, litigation, or regulatory requests and respond to them efficiently, and doing so without having to use multiple solutions and moving data in and out of systems to increase risk – is critical.
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
Channel Partners: Lead with Dell Software SolutionsDell World
Deliver real value to your customers as you expand your reach and increase your revenue with Dell Software (For Channel partners only).
Your customers are facing monumental challenges on managing and securing applications, data and their infrastructure. These challenges are driving cost and complexity into the IT environment. Dell Software’s end to end portfolio allows channel partners to expand their sales of solutions and services to both existing new customers while demonstrating tangible value by:
• Improving the efficiency of IT organizations through the centralized management and security
• Speeding the pace of business through better application availability, data protection and rapid recovery
• Enabling cloud and mobile application delivery through modernizing infrastructure software
• Securing the endpoint, the data and the network
Join Roy Appelbaum for this interactive break out session on how the Dell Software portfolio provides you the blueprint to help your customers build the future ready enterprise.
Are your backups are too big, and do you store them too long? Do missed SLAs, cost and complexity still vex you? Are you worried you won’t get all of your data back? Do you waste hours managing complicated, temperamental backup solutions?
We discuss ways to make backup predictable, shrink windows, over-perform on SLAs and get all your data back – every time, on time. See how others are matching their backup to their business, reducing stored data by up to 95% and speeding backups by 275%. Focus on your business—not your backups.
Here are my slides on "Board and Cyber Security" that I presented at the Just People Information Security breakfast this morning. Thanks Adam for arranging the session and those who attended.
Building an effective Information Security RoadmapElliott Franklin
As company information security functions continue to grow each year with increasing attacks and regulations, how are you handling the
pressure? Are you constantly battling to run the business projects and reacting to customer requests? Have you blocked off a few hours each week
on your calendar to close your email, turn off your phone and try to build, assess and maintain an effective vision for your security team? This
presentation will discuss a cascading approach to creating such a roadmap that is easily understood by executives and has helped gain quick buy
in for multiple enterprise wide security projects.
Here is your guide on how to progress through the cyber security career ladder. This resource shows you all the different cyber security roles and the qualifications needed for each!
What is a secure enterprise architecture roadmap?Ulf Mattsson
Webcast title : What is a Secure Enterprise Architecture Roadmap?
Description : This session will cover the following topics:
* What is a Secure Enterprise Architecture roadmap (SEA)?
* Are there different Roadmaps for different industries?
* How does compliance fit in with a SEA?
* Does blockchain, GDPR, Cloud, and IoT conflict with compliance regulations complicating your SEA?
* How will quantum computing impact SEA roadmap?
Presenters : Juanita Koilpillai, Bob Flores, Mark Rasch, Ulf Mattsson, David Morris
Duration : 68 min
Date & Time : Sep 20 2018 8:00 am
Timezone : United States - New York
Webcast URL : https://www.brighttalk.com/webinar/what-is-a-secure-enterprise-architecture-roadmap
Falcon OverWatch Experts Hunt 24/7 To Stop Incidents Before They Become Breaches
Is your IT security team suffering from alert fatigue? For many organizations, chasing down every security alert can tax an already overburdened IT department, often resulting in a breach that might have been avoided. Adding to this challenge is an increase in sophisticated threats that strike so fast and frequently, traditional methods of investigation and response can’t offer adequate protection.
A new webcast from CrowdStrike, “Proactive Threat Hunting: Game-Changing Endpoint Protection Above and Beyond Alerting,” discusses why so many organizations are vulnerable to unseen threats and alert fatigue, and why having an approach that is both reactive and proactive is key. You’ll also learn about Falcon OverWatch™, CrowdStrike’s proactive threat hunting service that investigates and responds to threats immediately, dramatically increasing your ability to react before a damaging breach occurs.
Download the webcast slides to learn:
--How constantly reacting to alerts prevents you from getting ahead of the potentially damaging threats designed to bypass standard endpoint security
--Why an approach that includes proactive threat hunting, sometimes called Managed Detection and Response, is key to increasing protection against new and advanced threats
--How CrowdStrike Falcon OverWatch can provide 24/7 managed threat hunting, augmenting your security efforts with a team of cyber intrusion detection analysts and investigators who proactively identify and prioritize incidents before they become damaging breaches
We live in a time where digital technology is profoundly impacting our lives, from the way we connect with each other to how we interpret our world. First and foremost, this digital transformation is causing a tsunami of data. In fact, IDC estimates that in 2025, the world will create and replicate 163ZB of data, representing a tenfold increase from the amount of data created in 2016. In the past, organizations primarily dealt with documents and emails. But now they’re also dealing with instant messaging, text messaging, video files, images, and DIO files. The internet of things, or IOT, will only add to this explosion in data.
Managing this data overload and the variety of devices from which it is created is complicated and onerous as the market for solutions is fragmented and confusing. There are many categories of solutions, and within each, there are even more solutions to choose from. Many companies are struggling to decide how many of those solutions they need and where to start. Additionally, using multiple solutions means they won’t be integrated, so companies end up managing multiple applications from multiple disparate interfaces.
The question we often get asked is, “How can Microsoft 365 help me?”
Today, being connected on-line is a foundational aspect of many businesses. Everything from our computers and cars to phones and refrigerators are connected in the race to digital transformation.
But it comes with a cost. Every device and application in use increases our cyber-attack surface.
These slides--based on the webinar from leading IT research firm Enterprise Management Associates (EMA) and Risk IQ--provide information on:
- How to get an accurate picture of your attack surface
- How threat actors exploit our Internet presence within the context of business and security management tools, issues, and practices
- How you can reduce your risk of an attack
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
The document provides the structure and content for a general technical proposal based Symantec Data Loss Prevention. Please ensure that if being used, the latest information is provided.
Identity and Access Management Playbook CISO Platform 2016Aujas
Checklist Playbook for CISO, CSO and Information Risk & Security Managers to plan and implement a successful IAM (Identity and Access Management) program. It covers Access Governance and Identity Administration, Single Sign On (SSO), Privileged Identity Management, and more.
What We’ve Learned Building a Cyber Security Operation Center: du Case StudyPriyanka Aash
The cybersecurity landscape is rapidly evolving, with new threats and threat actors emerging, and traditional security operations centers (SOCs) need to be augmented accordingly. This session will detail the journey of du in building and continually enhancing its SOC, physically and philosophically, to best deal with attack detection (offensively and defensively) and response.
(Source: RSA Conference USA 2017)
This presentation goes through a higher level overview of understanding cyber resilience, important concepts, the difference between cybersecurity and cyber resilience, and frameworks aimed at achieving or assessing an organizations cyber resilience.
Intelligent compliance and risk management solutions.
First, we understand ‘compliance’ can have different meanings to various teams across enterprise. Compliance is an outcome of continuous risk management, involving compliance, risk, legal, privacy, security, IT and often even HR and finance teams which requires integrated approach to manage risk.
Let's start with the base pillar Compliance Management: compliance management is all about simplify risk assessment and mitigation in more automated way, providing visibility and insights to help meet compliance requirements.
Information Protection and Governance: we believe there is a huge opportunity for Microsoft to help our customers to know their data better, protect and govern data throughout its lifecycle in heterogenous environment. This is often the key starting point for many of our customers in their modern compliance journey – knowing what sensitive data they have, putting flexible, end-user friendly policies for both security and compliance outcomes, using more automation and intelligence.
Internal Risk Management: Internal risks are often what keeps business leaders up at night – regardless of negligent or malicious, identifying and being able to take action on internal risks are critical. The ability to quickly identify and manage risks from insiders (employees or contractors with corporate access) and minimize the negative impact on corporate compliance, competitive business position and brand reputation is a priority for organizations worldwide.
Last but not least, Discover and Respond: being able to discover relevant data for internal investigations, litigation, or regulatory requests and respond to them efficiently, and doing so without having to use multiple solutions and moving data in and out of systems to increase risk – is critical.
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
Secure Systems Security and ISA99- IEC62443Yokogawa1
With the new Industrial Network standards like ISA-IEC62443 companies are evolving their IT and OT networks to face evolving threats. This presentation will cover industrial networking best practices, secure architectures and segregation techniques that can be used by all businesses to prevent a minor business network breach from becoming an industrial catastrophe.
Topics Covered in this Seminar Include:
Overview Of Cyber Threat
Introduction - ISA IEC Industrial Control Security Standards
An Example - Advanced Persistent Threat (APT)
ISA/IEC 62443-3-2 Network Separation - An APT countermeasure
The next step in APT defenses System Certification to ISA/IEC 62443 Cybersecurity Standards
ISA/IEC 62443 Cybersecurity Standards Current Efforts
The Future of ISA/IEC 62443 Cybersecurity Standards
Channel Partners: Lead with Dell Software SolutionsDell World
Deliver real value to your customers as you expand your reach and increase your revenue with Dell Software (For Channel partners only).
Your customers are facing monumental challenges on managing and securing applications, data and their infrastructure. These challenges are driving cost and complexity into the IT environment. Dell Software’s end to end portfolio allows channel partners to expand their sales of solutions and services to both existing new customers while demonstrating tangible value by:
• Improving the efficiency of IT organizations through the centralized management and security
• Speeding the pace of business through better application availability, data protection and rapid recovery
• Enabling cloud and mobile application delivery through modernizing infrastructure software
• Securing the endpoint, the data and the network
Join Roy Appelbaum for this interactive break out session on how the Dell Software portfolio provides you the blueprint to help your customers build the future ready enterprise.
Are your backups are too big, and do you store them too long? Do missed SLAs, cost and complexity still vex you? Are you worried you won’t get all of your data back? Do you waste hours managing complicated, temperamental backup solutions?
We discuss ways to make backup predictable, shrink windows, over-perform on SLAs and get all your data back – every time, on time. See how others are matching their backup to their business, reducing stored data by up to 95% and speeding backups by 275%. Focus on your business—not your backups.
Deployment of security countermeasures and –processes across public-, private- or hybrid cloud IT implementations.
How to deploy and manage security in dynamic environments - even in highly regulated environments.
Lastly, how security can support rather than interfere with IT management processes.
MT01 The business imperatives driving cloud adoptionDell EMC World
Cloud adoption has reached an inflection point, pushing organizations into an "adapt or die" state, forcing new operating models, effective management of internal and external resources, and transformation towards an application-centric mentality. Cloud approaches are maturing past the point of public clouds domination, shifting focus to private & hybrid cloud and effective management of a multi-cloud environment. Attend this session to learn how to realize true business value when the friction of the business dynamic is supported by flexible cloud services delivered with predictability & speed.
The 5 Biggest Data Myths in Telco: ExposedCloudera, Inc.
More than any business, telecommunications firms have long been dealing with huge, diverse sets of data. Big Data. Data that is unstructured, unwieldy and disorganised, making it difficult to analyse and costly to manage. Your landscape is fiercely competitive and you instinctively know it's exactly that data that would allow you to be more innovative. Data that would set you apart from the competition. You would like to realise its true potential yet you have concerns around security, RoI or integration with existing data management solutions.
The Business Case for Hosting JD Edwards in the CloudNERUG
This presentation will cover in detail the business case for hosting JD Edwards in the cloud. Hear from industry expert, John Bassett, CTO at GSI, Inc. During the presentation, John will address the following topics, comparing hosting to a more traditional in-house approach:
- Total cost of ownership (TCO)
- IT staffing and support costs
- Licensing costs
- Cost Predictability
- Security and compliance
- Scalability, performance and reliability
- Business continuity and redundancy
- System deployment
- System management, ongoing maintenance and upgrades
- Market adaptability, agility and innovation
David Cass discusses the role of security and how best practices can be used to accelerate cloud adoption and success.
Learn more by visiting our Bluemix Hybrid page: http://ibm.co/1PKN23h
Speaker: David Cass (Vice President, Cloud and SaaS CISO)
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
3 Things to Learn About:
* 1. Ransomware is a particular problem and currently the highest priority for healthcare organizations. Machine learning can use the structure of a malicious email to detect an attack even before the email is opened.
* 2. Big data architectures provide the machine-learning models with the volume and variety of data required to achieve complete visibility across the spectrum of IT activity—from packets to logs to alerts.
* 3. Intel and industry partners are currently running one-hour, complimentary, confidential benchmark engagements for HLS organizations that want to see how their security compares with the industry .
Cloud computing environments offer benefits to business and IT departments that aren't easily gained through the use of traditional IT infrastructures. Here are five of the most common applications for cloud computing right now.
Active Directory in ICS: Lessons Learned From The FieldDigital Bond
Donovan Tindall of Honeywell at the S4x15 Operations Technology Day (OTDay). A meaty, but practical technical session on how to use Active Directory to help manage and secure your ICS.
MT44 Dell EMC Data Protection: What You Need to Know About Data Protection Ev...Dell EMC World
Data protection is a critical pillar of any organization’s IT transformation, and Dell EMC is #1 in data protection, offering the industry’s most comprehensive portfolio of solutions.Our ‘Data Protection Everywhere’ strategy provides customers with the ultimate in choice and flexibility and eliminates the need to work with multiple vendors ‘point’ products. In this session learn how we enable you to solve your most difficult data protection challenges of today while laying the foundation to address the challenges of tomorrow. Whether your data is local or in the cloud, Dell EMC has you covered. Join this session and learn how to ensure you are protected.
More about Dell EMC World at http://dellemcworld.com/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Speaker Notes:
Staggering recent ransom demands [CLICK]
Led to
67% not confident in ability to recover after a destructive cyber attack: www.delltechnologies.com/gdpi
https://www.nbcnews.com/tech/security/colonial-hack-dhs-issues-first-cybersecurity-regulation-pipelines-rcna1050
“According to Gartner, by 2025, at least 75% of IT organisations will face one or more attacks, as free-rein researchers document a dramatic increase in ransomware attacks during 2020, pointing to sevenfold or higher rates of growth” – Gartner
“2021 saw 50% more cyber attacks per week on corporate networks compared to 2020.
https://www.forbes.com/sites/chuckbrooks/2022/01/21/cybersecurity-in-2022--a-fresh-look-at-some-very-alarming-stats/?sh=4f9a64186b61
Many organizations continue to invest in different strategies to mitigate cyber threats, like ransomware, or prevent breaches. However, according to Gartner®, “The inescapable conclusion is that breaches, whether targeted at specific organizations or affecting innocent bystanders in general, cannot be prevented.” What can your organization do to stay ahead of the rapidly changing threat landscape and sophisticated cyber criminals?
Read Recommendations from Complimentary Gartner® Report now
Our insights on the 5 traits of cyber resilient organizations identified by Gartner
Targeting of Minimal Viable Cybersecurity (MVC) – Overcome security complexity by consolidating security tools and utilize security services experts to help relieve your already strained security personnel.
Creation and Tracking of a Cyber Resilience Index – Assess your current cyber resiliency to determine your readiness and program maturity. Dell Technologies offers a Cyber Resiliency Assessment to understand where your cyber risks and vulnerabilities are now and receive actionable recommendations.
Transforming of aCybersecurity Into Cyber Resilience - The key to minimizing business damage is to develop resilience over defense. A resiliency strategy is one that balances active detection and prevention of attacks with being prepared for breach and able to recover operations quickly after an attack.
Hiring for Failure - To accelerate both your security and digital transformations into a competitive advantage, great security and resiliency practices need to be embedded into the DNA of your organization, educated thoroughly and practiced routinely.
Training for Enterprise Recovery - Recovery is a key element of cyber resiliency. Organizations with a mature cyber resiliency program rely on strong business continuity and recovery systems, and are capable of arresting attacks early, lessening the damage, and recovering with less disruption.
Dell agrees with Gartner’s recommendations that organizations should consider an approach that balances defensive strategies and cyber resiliency to mitigate business disruption. Gain peace of mind that your data IT assets are securely protected and available with intrinsically secure infrastructure, threat detection and response, data protection and cyber recovery.
Speaker notes:
It’s important to make sure that while your organization is focused on bolstering your cybersecurity capabilities, they fit within a holistic strategy to ensure you’re thinking about all of the necessary steps for your organization to become more cyber resilient. For this, we recommend following a known framework like the NIST Cybersecurity Framework. This is a holistic framework which breaks down into five key pillars: Identify, protect, detect, respond, and recover. These are how our services map to the NIST framework, with end-to-end capabilities which tie together people, processes and best-of-breed technologies to deliver on your cybersecurity needs.
You can see how these three capabilities we previously discussed connect to each other here across Detect, Respond, and Recover. The connection between these three mean that if a recovery is necessary, our teams have a coordinated response and can get your business back up and running.
END Speaker notes
Speaker Notes:
Being confident in your organization’s ability to recover from a disruptive cyber event is a key enabler in building cyber resilience. It’s absolutely critical that organizations are proactively implementing technologies, which are supported by tested and documented recovery programs, to form a last line of defense for the business. These are a few keys to enabling business process level recovery after a cyber attack:
Organizations need to utilize technology purpose-built for recovering from a cyber attack. The latest cyber recovery technologies create an effective vault by providing isolation and additional hardening features, such as air-gapping and immutable storage, alongside automation of key functionality to better protect data and enable recovery.
Continuously analyzing data for indicators of compromise with AI/ML based security analytics tools increases the likelihood that compromised data is quickly and accurately identified.
Developing a recovery processes is critical in operationalizing cyber recovery technologies and being ready for a recovery effort. This process must be tied tightly to recovering the most critical data first and should be documented in a runbook to ensure repeatability.
To deliver business recovery at speed and scale, it’s imperative to mature the cyber recovery program of the organization, tightly aligning recovery procedures with the criticality of specific business processes or application to normal business operations. This enables the core functions of the business to get back up and running as quickly as possible.
Full cross-functional enablement of the recovery capability further integrates with organization-wide incident response plans and ensures complete adoption and readiness to execute a recovery.
Now, how can you build your capabilities in these critical areas?
NEXT SLIDE
In order to build a mature recovery programs we help customers first understand their existing cyber recovery program maturity. We find most customers are between 0 and 1 and a cyber attack would have a devastating impact on the organizations ability to operate with extended recovery times on data they can recover.
By implementing purpose-built cyber recovery technologies, organizations can move to about a level three, and when those technologies are operationalized with a process focused on recovering the most critical business processes first, they can achieve higher levels of program maturity. This would mean during a recovery effort there’s a less significant impact to business operations.
The unfortunate reality is that it’s a matter of when, not if, your customer will be impacted by a cyber attack. As their businesses are becoming more digitally driven, it’s critical to their long-term success that they develop a cyber recovery capability which protects data and enables them to recover their business after a destructive cyber attack such as ransomware.
Parallel and iterative nature of workstreams tie agile and incremental activities to the bigger picture and help customer achieve short, intermediate and long term outcomes which increase cyber resilience.
Focusing in three key areas will help the organization ensure they have the technology, people and process ready to recover, and through that capability will transform the expectations of key business stakeholders, increasing confidence in their organizations ability to recover.
Services from advisory, deployment, runbook and managed services to increase program maturity.
Extend skills and capabilities with certified technical experts
Monitored and daily operations of Dell’s Cyber Recovery Solution 8x5
Help increase resiliency and minimize security risks
Deliver knowledge and experience with monitoring and daily operations of Dell Cyber Recovery solution
Optimize Cyber Vault components to ensure a smooth run state
Support data recovery and restore operations
Speaker Notes:
So, while Intrinsic Security provides a foundation for our overall security and cyber-related across Dell Technologies, our PowerProtect Cyber Recovery solutions and services provide the highest levels of protection, integrity and confidentiality for your most valuable data and critical business systems, in the wake of the most sophisticated cyber threats – at this level we’re not focusing on preventing ransomware or cyber attacks, but protecting critical data or apps and enabling you to recover those assets with integrity so you can resume normal business operations with confidence.
PowerProtect Cyber Recovery protects data and provides recovery across on-premises and multiple cloud environments including Dell Technologies Cloud and other leading service providers such as AWS, Microsoft Azure and Google Cloud Platform.
Our Multi-Cloud Data Services for Dell EMC PowerProtect Cyber Recovery offers the full capabilities of our on-premises Cyber Recovery vault in a secure cloud-adjacent Faction-powered data center. This provides the additional benefit of physical isolation for the Cyber Recovery vault with the simplicity and economics of the cloud.
And while we’ve been very successful helping over 750 organizations across the globe and every industry protect their business with PowerProtect Cyber Recovery, we realize there are many times more data-driven organizations who may not have the resources or IT staff to manage a physical vault, or they may simply want a cloud-based solution – we’re excited to offer PowerProtect Cyber Recovery for AWS.
For rapid deployments with flexible recovery options, PowerProtect Cyber Recovery for AWS provides an isolated data center environment disconnected from corporate or backup networks and managed separately through restricted access clearance. It is similar to the on-premises solution; however, it provides physical isolation within the AWS cloud for the vault's location.
We will continue to expand the ways we can deliver PowerProtect Cyber Recovery in more flexible options and services this year, so stay tuned.
Meanwhile, let’s take a closer look at how PowerProtect Cyber Recovery protects your critical data
NEXT SLIDE
Script:
This global shipping company’s subsidiary was impacted by a debilitating ransomware attack – causing hundreds of millions in losses, the company was de-listed from stock exchanges and public knowledge of the incident tarnished the brand of both the subsidiary and parent company.
To help them turn adversity into advantage, Dell worked with them to deliver a tailored end-to-end PowerProtect Cyber Recovery solution (hardware, software & services (assess, advise, design, deploy) to meet specific data protection & cyber security needs. In addition to helping the shipping company identify 30 applications to be protected in the cyber recovery vault we also helped them move those applications into the air-gapped recovery vault.
Dell Technologies Services enabled the organization to increase their business resilience for the initial set of applications and mitigate the impact of a future attack on those. This critical data is isolated off-network, which keeps gold copies safe and ready for recovery. This repeatable solution is being rolled out globally in an effort to further protect their brand and be more resilient.
CUSTOMER NAME NOT FOR PUBLIC DISCLOSURE
Script:
In order to maintain the highest levels of security, we generally recommend customers do not go public with their cyber recovery capabilities and even reduce the number of people inside the organization aware of all of the preparations in place. This will give them the highest chances possible of a successful recovery.
This large global bank engaged with Dell Technologies Services to take steps necessary to increase their cyber resilience and comply with new United States Federal Reserve rules for international banks. They weren’t satisfied with the results of their own cyber recovery test and needed to move quickly – they have to display the new capability to the Federal Reserve by the end of this year.
To enable the bank to achieve their regulatory compliance and leadership goals, Dell delivered a tailored end-to-end Cyber Recovery Solution to meet their requirements for recovery. Dell’s Advisory teams recommended a set of about 30% of their global backup applications and data to protect within the cyber recovery vault. This would enable them to quickly recover their most critical business functions in the event of an attack. They also are taking a phased approach to rolling out this technology in all of their global data centers, but will first prove success with a subset of applications for their regulators. One of the keys to the solution for this bank was that we architected a flexible services commercial model to enable them to have maximum flexibility with a program of work that would continue to be developed over an extended period of time.
With the regulatory concern for recovery as well as a budgetary focus on data protection and cybersecurity within the organization, the bank also decided to complete a larger backup transformation effort focused on many aspects of their data protection and archiving needs.
CUSTOMER NAME NOT FOR PUBLIC DISCLOSURE