Use NIST Risk Management and Cybersecurity Frameworks to understand and manage business risk as you extend the network to public cloud or move data outside the datacentre perimeter.
IKare vulnerability management software proactively scans network environments for misconfigurations, default passwords and vulnerabilities. As a result, it dramatically reduces risk exposure.
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
Skybox Security joins SANS to address using a network model to gain insight into your attack surface and how to address SANS Critical Controls 10 and 11
The Dynamic Nature of Virtualization SecurityRapid7
The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional “scan-and-patch” vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. This whitepaper explores the challenges of securing a virtualized environment and gives actionable solutions to address them.
IKare vulnerability management software proactively scans network environments for misconfigurations, default passwords and vulnerabilities. As a result, it dramatically reduces risk exposure.
From SIEM to SOC: Crossing the Cybersecurity ChasmPriyanka Aash
You own a SIEM, but to be secure, you need a Security Operations Center! How do you cross the chasm? Do you hire staff or outsource? And what skills are needed? Mike Ostrowski, a cybersecurity industry veteran, will review common pitfalls experienced through the journey from SIEM to SOC, the pros and cons of an all in-house SOC vs. outsourcing, and the benefits of a hybrid SOC model.
Learning Objectives:
1: You own a SIEM, but to be secure, you need a SOC. How do you cross the chasm?
2: What are the pros and cons of in-house, fully managed and hybrid security?
3: What considerations go into deciding whether to employ a hybrid strategy?
(Source: RSA Conference USA 2018)
Using a Network Model to Address SANS Critical Controls 10 and 11Skybox Security
Skybox Security joins SANS to address using a network model to gain insight into your attack surface and how to address SANS Critical Controls 10 and 11
The Dynamic Nature of Virtualization SecurityRapid7
The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional “scan-and-patch” vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. This whitepaper explores the challenges of securing a virtualized environment and gives actionable solutions to address them.
Public cloud providers operate on a shared responsibility model, which places the onus on the customer to define and secure the data and applications that are hosted within cloud infrastructure.
To that end, it is critical that organizations accurately and selectively pinpoint which cloud workloads and virtual IT assets must be monitored, updated and patched based on developing threats to customer data and applications.
In this webcast, Mark Butler, Chief Information Security Officer at Qualys, and Hari Srinivasan, Director of Product Management for Qualys Cloud and Virtualization Security detail how you can gain complete visibility of your organization’s entire cloud asset inventory and security posture to help you keep up with shared security responsibility models across public cloud infrastructure.
The presentation covers:
• Challenges surrounding increased migration to public clouds
• Using automation for secure DevOps
• How to ensure effective and efficient operations
To watch the on-demand webcast, visit https://lps.qualys.com/securing-your-public-cloud-infrastructure.html
This presentation provides overview about the different threat modeling approach with examples from Automotive. This presentation was given in IEEE VTS Event on 4 Sep - "Safe and Secure Automotive" Workshop
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
View on-demand webinar: https://securityintelligence.com/events/choose-right-security-information-event-management-siem-solution/
Learn what matters most when choosing a SIEM solution. In this session, we take a tour of the 2015 Gartner Magic Quadrant for SIEM, and IBM experts will discuss what we believe has set IBM Security QRadar® apart from other vendors for 7 consecutive years.
Today’s networks are larger and more complex than ever before, and
protecting them against malicious activity is a never-ending task.
Organizations seeking to safeguard their intellectual property, protect
their customer identities and avoid business disruptions need to do more
than monitor logs and network flow data; they need to leverage advanced
tools to detect these activities in a consumable manner.
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
As quickly as we learn to detect new threats, the threats change — like a game of Whack-a-Mole happening at an ever-increasing pace.
A new survey by the SANS Institute focuses on providing valuable intelligence into the types of threats most severely impacting organizations like yours, and how those threats are evolving.
In this webcast, Lee Neely, who teaches cyber security courses for SANS, Mark Butler, Chief Information Security Officer at Qualys, and other survey sponsors discuss what threat actors are currently up to and how they’re getting around existing defenses, so that you can anticipate attacks and get ahead of the attackers.
Key trends discussed include:
• Primary vectors attackers enter through
• Methods attackers use most effectively as part of their layered attacks
• Impacts of breaches and how to remediate
• Best places to apply defenses
• Lessons learned by those who have been breached
Watch the on-demand webcast: https://www.sans.org/webcasts/105430
Download the complete report: https://goo.gl/rP4KEs
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
Industrial Control Systems Cybersecurity Technology SelectionDragos, Inc.
Selection criteria for today’s ICS cybersecurity technology presented at S4 2019. Includes:
- Recommendations for best practices before evaluating an industrial cybersecurity solution in OT environments
- Outline of different ICS cybersecurity technologies such as the differences between active and passive scanning, anomaly detection, threat behavior analytics
- What’s important in an industrial control systems cybersecurity platform
- Practical guide to pilots and bake-offs
To learn more read the whitepaper Key Considerations For Selecting An Industrial Cybersecurity Solution for Asset Identification, Threat Detection, and Response https://dragos.com/resource/key-considerations-for-selecting-an-industrial-cybersecurity-solution-for-asset-identification-threat-detection-and-response/
For more about Dragos and the 2019 S4 Detection challenge, read the blog and watch the video here: https://dragos.com/blog/industry-news/dragos-results-of-s4-industrial-cybersecurity-detection-challenge-contest/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/dragos-inc./
Follow us on Twitter: https://twitter.com/dragosinc
Everything visible. Everything secure.
Unparalleled 2-second visibility across all of your global IT assets – on premises, endpoints and Private or Public Clouds.
We’ve got more assets in the cloud than ever. Unfortunately, we also have less visibility and control in these environments, as well. Implementing detection and response controls that leverage cloud provider tools and controls, as well as automation strategies and processes, is critical for effective incident detection and response in hybrid cloud environments. This session will get you started!
(Source: RSA Conference USA 2018)
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
Presentation from "International Data Protection Day" IT Security seminary on 28th of January, 2014, organized by "Data Security Solutions", IBM Security Systems partner in the Baltic States.
Learn from our Security Expert on how to use the Splunk App for Enterprise Security (ES) in a live, hands-on session. We'll take a tour through Splunk's award-winning security offering to understand some of the unique capabilities in the product. Then, we'll use ES to work an incident and disrupt an adversary's Kill Chain by finding the Actions on Intent, Exploitation Methods, and Reconnaissance Tactics used against a simulated organization. Data investigated will include threat list intelligence feeds, endpoint activity logs, e-mail logs, and web access logs. This session is a must for all security experts! Please bring your laptop as this is a hands-on session.
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy and new) and an opportunity because the devices that users more and more carry with them offer new abilities to enable a more seamless authentication experience for those users. Both of these aspects demand a consistent, cohesive and interoperable identity layer across IoT verticals, platforms, and protocols. Critically, we need an identity layer that acknowledges the full continuum of risk (and so appropriate security measures) that the IoT presents. Good security means knowing who entities (both device & user) are and what they should or should not be allowed to do. Good privacy requires that users will be able to control how their devices collect, store and share data. This talk will examine how existing & new tools (like OAuth, UMA, FIDO, and DLTs) may help meet these fundamental requirements for securing the IoT.
(Source: RSA Conference USA 2018)
Slide Griffin - Practical Attacks and MitigationsEnergySec
Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks.
This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.
Public cloud providers operate on a shared responsibility model, which places the onus on the customer to define and secure the data and applications that are hosted within cloud infrastructure.
To that end, it is critical that organizations accurately and selectively pinpoint which cloud workloads and virtual IT assets must be monitored, updated and patched based on developing threats to customer data and applications.
In this webcast, Mark Butler, Chief Information Security Officer at Qualys, and Hari Srinivasan, Director of Product Management for Qualys Cloud and Virtualization Security detail how you can gain complete visibility of your organization’s entire cloud asset inventory and security posture to help you keep up with shared security responsibility models across public cloud infrastructure.
The presentation covers:
• Challenges surrounding increased migration to public clouds
• Using automation for secure DevOps
• How to ensure effective and efficient operations
To watch the on-demand webcast, visit https://lps.qualys.com/securing-your-public-cloud-infrastructure.html
This presentation provides overview about the different threat modeling approach with examples from Automotive. This presentation was given in IEEE VTS Event on 4 Sep - "Safe and Secure Automotive" Workshop
How to Choose the Right Security Information and Event Management (SIEM) Solu...IBM Security
View on-demand webinar: https://securityintelligence.com/events/choose-right-security-information-event-management-siem-solution/
Learn what matters most when choosing a SIEM solution. In this session, we take a tour of the 2015 Gartner Magic Quadrant for SIEM, and IBM experts will discuss what we believe has set IBM Security QRadar® apart from other vendors for 7 consecutive years.
Today’s networks are larger and more complex than ever before, and
protecting them against malicious activity is a never-ending task.
Organizations seeking to safeguard their intellectual property, protect
their customer identities and avoid business disruptions need to do more
than monitor logs and network flow data; they need to leverage advanced
tools to detect these activities in a consumable manner.
Security Whack-a-Mole: SANS 2017 Threat Landscape SurveyQualys
As quickly as we learn to detect new threats, the threats change — like a game of Whack-a-Mole happening at an ever-increasing pace.
A new survey by the SANS Institute focuses on providing valuable intelligence into the types of threats most severely impacting organizations like yours, and how those threats are evolving.
In this webcast, Lee Neely, who teaches cyber security courses for SANS, Mark Butler, Chief Information Security Officer at Qualys, and other survey sponsors discuss what threat actors are currently up to and how they’re getting around existing defenses, so that you can anticipate attacks and get ahead of the attackers.
Key trends discussed include:
• Primary vectors attackers enter through
• Methods attackers use most effectively as part of their layered attacks
• Impacts of breaches and how to remediate
• Best places to apply defenses
• Lessons learned by those who have been breached
Watch the on-demand webcast: https://www.sans.org/webcasts/105430
Download the complete report: https://goo.gl/rP4KEs
the IBM Security Intelligence Platform, also known as QRadar®, integrates SIEM, log management, anomaly detection, vulnerability management, risk management and incident forensics into a unified, highly scalable, real-time solution that provides superior threat detection, greater ease of use, and low total cost of ownership compared with competitive products
Industrial Control Systems Cybersecurity Technology SelectionDragos, Inc.
Selection criteria for today’s ICS cybersecurity technology presented at S4 2019. Includes:
- Recommendations for best practices before evaluating an industrial cybersecurity solution in OT environments
- Outline of different ICS cybersecurity technologies such as the differences between active and passive scanning, anomaly detection, threat behavior analytics
- What’s important in an industrial control systems cybersecurity platform
- Practical guide to pilots and bake-offs
To learn more read the whitepaper Key Considerations For Selecting An Industrial Cybersecurity Solution for Asset Identification, Threat Detection, and Response https://dragos.com/resource/key-considerations-for-selecting-an-industrial-cybersecurity-solution-for-asset-identification-threat-detection-and-response/
For more about Dragos and the 2019 S4 Detection challenge, read the blog and watch the video here: https://dragos.com/blog/industry-news/dragos-results-of-s4-industrial-cybersecurity-detection-challenge-contest/
More info: www.dragos.com
Follow us on LinkedIn: https://www.linkedin.com/company/dragos-inc./
Follow us on Twitter: https://twitter.com/dragosinc
Everything visible. Everything secure.
Unparalleled 2-second visibility across all of your global IT assets – on premises, endpoints and Private or Public Clouds.
We’ve got more assets in the cloud than ever. Unfortunately, we also have less visibility and control in these environments, as well. Implementing detection and response controls that leverage cloud provider tools and controls, as well as automation strategies and processes, is critical for effective incident detection and response in hybrid cloud environments. This session will get you started!
(Source: RSA Conference USA 2018)
Data security solutions_Baltics_IBM_QRadar_SIEM_Use_Cases_28.01.2014Andris Soroka
Presentation from "International Data Protection Day" IT Security seminary on 28th of January, 2014, organized by "Data Security Solutions", IBM Security Systems partner in the Baltic States.
Learn from our Security Expert on how to use the Splunk App for Enterprise Security (ES) in a live, hands-on session. We'll take a tour through Splunk's award-winning security offering to understand some of the unique capabilities in the product. Then, we'll use ES to work an incident and disrupt an adversary's Kill Chain by finding the Actions on Intent, Exploitation Methods, and Reconnaissance Tactics used against a simulated organization. Data investigated will include threat list intelligence feeds, endpoint activity logs, e-mail logs, and web access logs. This session is a must for all security experts! Please bring your laptop as this is a hands-on session.
Identity-Based Security and Privacy for the Internet of ThingsPriyanka Aash
The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy and new) and an opportunity because the devices that users more and more carry with them offer new abilities to enable a more seamless authentication experience for those users. Both of these aspects demand a consistent, cohesive and interoperable identity layer across IoT verticals, platforms, and protocols. Critically, we need an identity layer that acknowledges the full continuum of risk (and so appropriate security measures) that the IoT presents. Good security means knowing who entities (both device & user) are and what they should or should not be allowed to do. Good privacy requires that users will be able to control how their devices collect, store and share data. This talk will examine how existing & new tools (like OAuth, UMA, FIDO, and DLTs) may help meet these fundamental requirements for securing the IoT.
(Source: RSA Conference USA 2018)
Slide Griffin - Practical Attacks and MitigationsEnergySec
Over the past few years, penetration testing has gotten easier. What used to take a week of scanning, analysis, and exploit research now happens in one day on average in a common IT environment. The efficiency of compromise has increased based on several factors including increased knowledge sharing, more robust computing, and automated exploitation tools. OT environments are often utilizing the same operating systems and are prone to many of the same attacks. The main differences are the presence of custom protocols, embedded systems, and lack of formal security programs to address the gaps created by two-way data communication networks.
This talk will show the most common attacks which our team currently uses to gain access and control over the networks and systems we test. More importantly, we will discuss the “top 10” things an organization can do to mitigate, remediate, and have active visibility into critical systems.
Splunk's Minister of Defense and security guru, Monzy Merza, shows how to use the Splunk App for Enterprise Security to detect, respond to and mitigate advanced malware through various phases of the threat's lifecycle chain.
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
Building seamless, consistent security policies across on-premises and cloud IT environments can be challenging without comprehensive workload visibility. Learn how to gain greater control over your applications, automatically create consistent and uniform security policies, and prevent known and unknown threats within application flows.
Join us to Learn:
How to protect and automate your AWS deployments while maintaining data segregation
Best practices for creating consistent security for data moving to and from the cloud
How to securely extend your application development testing environment to AWS
Speakers:
AWS Speaker: David Wright, Solution Architect
Palo Alto Networks Speaker: Bisham Kishnani, Senior Consulting Engineer
Cyber Crime Conference 2017 - DFLabs Supervised Active Intelligence - Andrea ...DFLABS SRL
Supervised Active Intelligence: an innovative approach to Automated Incident Response based on Machine Learning, leveraging orchestration, automated playbooks and integration with existing Security Ecosystem
Preview delle ultime novità di prodotto Sourcefire IPS Entriamo in dettaglio delle novità di prodotto annunciate da Sourcefire nell\’ultimo mese, incluso:
New 3D8000 Series Sensors with FirePOWER
New Defense Center Models
New IPSx Solution
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
I'm preparing for the CISSP next week and also speaking for ISACA, so created this deck to help my peers with some concepts that appear in CISM/ CISSP and ITIL practitioner exams
Cisco Cloud Access Security with Elastica protects you from the hidden threats to cloud apps. It provides new visibility by monitoring your cloud app usage in real time, extends your control into cloud apps, and combats evolving threats through intelligent protection using data science.
Panda Adaptive Defense 360 is the first and only product in the market to combine in a single solution Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) capabilities.
Do you want to get to know more about Adaptive Defense 360?
- Test a demo: http://bit.ly/21jl4Bi
- Talk to an expert: http://bit.ly/1Ouzvve
- Get more info: http://bit.ly/21jljMu
Proactive Threat Detection and Safeguarding of Data for Enhanced Cyber resili...Sandeep Patil
IBM Storages like IBM Spectrum Scale/IBM CLoud Object storage System integrate with leading SIEM like IBM QRadar / SPLUNK for proactive threat detection and Cyber Resiliency
In today's cloud era, admins struggle to keep their IT infrastructures safe. Cloud security is joint responsibility and what we need is a new approach!
In this session, you will learn how to securely deploy and maintain Azure infrastructure solutions, why automation is essential, what network security and encryption options you have, and how access control can prevent you from having sleepless nights.
We will successfully attack an Azure environment live on stage, dive deep into Azure Security Center, and see how we can use it to ultimately secure IT infrastructures on premises, hybrid, and on Azure.
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
A great deal of attention in medical devices has shifted towards cybersecurity with the ratification of section 524B of the FD&C act. This new law enables the FDA to enforce cybersecurity controls in any medical device that is capable of networked communications or that has software. In this webinar we will recap the process for managing vulnerabilities, identify categories of vulnerabilities and solutions and more.
SCADA and HMI Security in InduSoft Web StudioAVEVA
In this security focused webinar, we will learn from InduSoft experts how to protect systems against cybersecurity threats, and we’ll have an opportunity to learn more from IT experts at Capstone Works about how to protect networks from both internal and external threats to security.
Splunk for Enterprise Security Featuring User Behavior Analytics Splunk
This session will review Splunk’s two premium solutions for information security organizations: Splunk for Enterprise Security (ES) and Splunk User Behavior Analytics (UBA). Splunk ES is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and incident response environments – allowing you to quickly detect and respond to external and internal attacks, simplifying threat management while decreasing risk. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams. We’ll discuss each solution and see them integrated and in action through detailed demos.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
1. Microsoft Cloud User Group – London
Get Your Cloud Project Past IT Security
Alex Magnay
@AlexMags
2. About us
CONSULT CREATE CHANGE ADVANCE
A series of thorough
discovery and consultation
sessions enables the KA2
team to understand your
precise business and
technology change
programme requirements.
We cannot do this without
you.
Close collaboration, together
with unrivalled expertise and
fresh thinking enables KA2 to
create customised, future-
proofed technology change
driven programmes that
meet your needs. It is all
about you.
Rigorous end-to-end
programme management
throughout the entire
transformation journey
ensures the implementation
process is fast and efficient.
We will take good care of
you.
With innovation at the core
of everything we do, our
clients can embrace the
future, safe in the knowledge
their businesses will
seamlessly adapt to
whatever is thrown at them.
Your success is our success.
https://ka2.io
contact@ka2.io
21. Our two secret weapons!
1. NIST Risk Management Framework
This is aligned with
2. Product release roadmap
which implements
3. NIST Cyber Security Framework Controls
22. Categorise
system
and data
Select
controls to
reduce risk
Implement
controls
Assess
controls
Authorise.
Risk is
acceptable
Monitor
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Risk Management Framework
23. Categorise
system
and data
Select
controls to
reduce risk
Implement
controls
Assess
controls
Authorise.
Risk is
acceptable
Monitor
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Risk Management Framework
24. Categorise
system
and data
Select
controls to
reduce risk
Implement
controls
Assess
controls
Authorise.
Risk is
acceptable
Monitor
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Risk Management Framework
25. Categorise
system
and data
Select
controls to
reduce risk
Implement
controls
Assess
controls
Authorise.
Risk is
acceptable
Monitor
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Risk Management Framework
26. Categorise
system
and data
Select
controls to
reduce risk
Implement
controls
Assess
controls
Authorise.
Risk is
acceptable
Monitor
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Risk Management Framework
27. Categorise
system
and data
Select
controls to
reduce risk
Implement
controls
Assess
controls
Authorise.
Risk is
acceptable
Monitor
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Risk Management Framework
28. Categorise
system
and data
Select
controls to
reduce risk
Implement
controls
Assess
controls
Authorise.
Risk is
acceptable
Monitor
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Risk Management Framework
29. Categorise
system
and data
Select
controls to
reduce risk
Implement
controls
Assess
controls
Authorise.
Risk is
acceptable
Monitor
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Risk Management Framework
30. • What data is moving to public cloud and when?
Product Release roadmap
34. NIST CyberSecurity Framework
• Identify - who/what you’re protecting
• Protect - the data/system
• Detect - problems
• Respond– know who to tell, what to do
• Recover – have a plan
https://www.nist.gov/cyberframework
36. Categorise
system
and data
Select
controls to
reduce risk
Implement
controls
Assess
controls
Authorise.
Risk is
acceptable
Monitor
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Risk Management Framework
Categorise system
• How many users?
• Who are they?
• What data?
38. Example
NIST Function NIST Category Your Risks Your Controls Your Work items
Multifactor authentication (PR.AC) Enable MFA
Priv Identity Management (PR.AC) Enable AAD PIM
Admin roles follow least rights privileged (PR.AC) Implement RBAC
Encrypt communications containing credentails (PR.AC) Disable basic auth
(PR.AC) Rotate service passwords
(PR.AC) Rotate API Keys
Misconfiguration results in
unauthorised access
IT admins complete training module before access (PR.AT) Cloud Admin course tracking
Critical data is uploaded before
environment is ready
Users sign up to terms of use (no business data) (PR.AT) Enable AAD Conditional Access ToS
Data Security Data is not protected Classifiy data (PR.DS) Implement AIP
Maintenance software vulnerabilities OS and application secuirty patching (PR.MA) Enforce auto updates
Protective Technology Malware results in outage,
unauthorised access or data loss
antimalware (PR.PT) Enable Windows Defender ATP
(PR.IP) Block inbound internet access
Identity Management
and Access Control
Awareness and Training
Information Protection
Processes and
Procedures
Data loss protection
Protect
Service account password and API keys rotated
Unauthorised access is obtained
Data loss from attack or
accidental disclosure
39. Completed controls reduce risk
Sprint1
PR.AC MFA
PR.AC Rotate keys
Sprint2
PR.AC RBAC
PR.IP Block internet
Sprint3
PR.AC AAD PIM
PR.IP Azure firewall
PR.PR Defender ATP
PR.MA Auto update
41. Categorise
system
and data
Select
controls to
reduce risk
Implement
controls
Assess
controls
Authorise.
Risk is
acceptable
Monitor
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Risk Management Framework
Assess Controls
• Do they work?
• Can they be circumvented?
• How much residual risk remains?
42. NIST Function NIST Category Your Risks Your Controls Your Work items
Multifactor authentication (PR.AC) Enable MFA
Priv Identity Management (PR.AC) Enable AAD PIM
Admin roles follow least rights privileged (PR.AC) Implement RBAC
Encrypt communications containing credentails (PR.AC) Disable basic auth
(PR.AC) Rotate service passwords
(PR.AC) Rotate API Keys
Misconfiguration results in
unauthorised access
IT admins complete training module before access (PR.AT) Cloud Admin course tracking
Critical data is uploaded before
environment is ready
Users sign up to terms of use (no business data) (PR.AT) Enable AAD Conditional Access ToS
Data Security Data is not protected Classifiy data (PR.DS) Implement AIP
Maintenance software vulnerabilities OS and application secuirty patching (PR.MA) Enforce auto updates
Protective Technology Malware results in outage,
unauthorised access or data loss
antimalware (PR.PT) Enable Windows Defender ATP
(PR.IP) Block inbound internet access
Identity Management
and Access Control
Awareness and Training
Information Protection
Processes and
Procedures
Data loss protection
Protect
Service account password and API keys rotated
Unauthorised access is obtained
Data loss from attack or
accidental disclosure
44. Categorise
system
and data
Select
controls to
reduce risk
Implement
controls
Assess
controls
Authorise.
Risk is
acceptable
Monitor
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf
Risk Management Framework
45. Risk based approach to
Infra as a Service
(IaaS)
Virtual Datacentre example
(Check this: http://aka.ms/VDC)
48. • It’s waterfall (build then run)
• Visualisation of the end goal
• Clear interdependencies
http://www.infrastructures.org/papers/bootstrap/bootstrap.htm
49.
50. NIST Function Your Risks NIST Category Your Controls Work items
Multifactor authentication
(PR.AC) Enable MFA
Priv Identity Management (PR.AC) Enable AAD PIM
Admin roles follow least rights privileged (PR.AC) Implement RBAC
Encrypt communications containing credentails (PR.AC) Disable basic auth
(PR.AC) Rotate service passwords
(PR.AC) Rotate API Keys
IT admins complete training module before access (PR.AT) Cloud Admin course tracking
Users sign up to terms of use (no business data) (PR.AT) Enable AAD Conditional Access ToS
Data Security Classifiy data (PR.DS) Implement AIP
(PR.IP) Block inbound internet access
(PR.IP) Block outbound internet access
(PR.IP) Implement proxy URL filtering
(PR.IP) Implement proxy DLP
Maintenance OS and application secuirty patching (PR.MA) Enforce auto updates
Protective Technology antimalware (PR.PT) Enable Windows Defender ATP
Identity Management
and Access Control
Awareness and Training
Information Protection
Processes and
Procedures
Data loss protection
Protect Unauthorised access is obtained
Data loss from attack or
accidental disclosure
Service account password and API keys rotated
Malware results in outage,
unauthorised access or data loss
Categoris
e system
and data
Select
controls
to reduce
risk
Impleme
nt
controls
Assess
controls
Authorise
. Risk is
acceptabl
e
Monitor
Categoris
e system
and data
Select
controls
to reduce
risk
Impleme
nt
controls
Assess
controls
Authorise
. Risk is
acceptabl
e
Monitor
Categoris
e system
and data
Select
controls
to reduce
risk
Impleme
nt
controls
Assess
controls
Authorise
. Risk is
acceptabl
e
Monitor
Categoris
e system
and data
Select
controls
to reduce
risk
Impleme
nt
controls
Assess
controls
Authorise
. Risk is
acceptabl
e
Monitor
NIST Function Your Risks NIST Category Your Controls Work items
Multifactor authentication
(PR.AC) Enable MFA
Priv Identity Management (PR.AC) Enable AAD PIM
Admin roles follow least rights privileged (PR.AC) Implement RBAC
Encrypt communications containing credentails (PR.AC) Disable basic auth
(PR.AC) Rotate service passwords
(PR.AC) Rotate API Keys
IT admins complete training module before access (PR.AT) Cloud Admin course tracking
Users sign up to terms of use (no business data) (PR.AT) Enable AAD Conditional Access ToS
Data Security Classifiy data (PR.DS) Implement AIP
(PR.IP) Block inbound internet access
(PR.IP) Block outbound internet access
(PR.IP) Implement proxy URL filtering
(PR.IP) Implement proxy DLP
Maintenance OS and application secuirty patching (PR.MA) Enforce auto updates
Protective Technology antimalware (PR.PT) Enable Windows Defender ATP
Identity Management
and Access Control
Awareness and Training
Information Protection
Processes and
Procedures
Data loss protection
Protect Unauthorised access is obtained
Data loss from attack or
accidental disclosure
Service account password and API keys rotated
Malware results in outage,
unauthorised access or data loss
NIST Function Your Risks NIST Category Your Controls Work items
Multifactor authentication
(PR.AC) Enable MFA
Priv Identity Management (PR.AC) Enable AAD PIM
Admin roles follow least rights privileged (PR.AC) Implement RBAC
Encrypt communications containing credentails (PR.AC) Disable basic auth
(PR.AC) Rotate service passwords
(PR.AC) Rotate API Keys
IT admins complete training module before access (PR.AT) Cloud Admin course tracking
Users sign up to terms of use (no business data) (PR.AT) Enable AAD Conditional Access ToS
Data Security Classifiy data (PR.DS) Implement AIP
(PR.IP) Block inbound internet access
(PR.IP) Block outbound internet access
(PR.IP) Implement proxy URL filtering
(PR.IP) Implement proxy DLP
Maintenance OS and application secuirty patching (PR.MA) Enforce auto updates
Protective Technology antimalware (PR.PT) Enable Windows Defender ATP
Identity Management
and Access Control
Awareness and Training
Information Protection
Processes and
Procedures
Data loss protection
Protect Unauthorised access is obtained
Data loss from attack or
accidental disclosure
Service account password and API keys rotated
Malware results in outage,
unauthorised access or data loss
51.
52.
53.
54.
55. NIST Function Your Risks NIST Category Your Controls Work items
Multifactor authentication
(PR.AC) Enable MFA
Priv Identity Management (PR.AC) Enable AAD PIM
Admin roles follow least rights privileged (PR.AC) Implement RBAC
Encrypt communications containing credentails (PR.AC) Disable basic auth
(PR.AC) Rotate service passwords
(PR.AC) Rotate API Keys
IT admins complete training module before access (PR.AT) Cloud Admin course tracking
Users sign up to terms of use (no business data) (PR.AT) Enable AAD Conditional Access ToS
Data Security Classifiy data (PR.DS) Implement AIP
(PR.IP) Block inbound internet access
(PR.IP) Block outbound internet access
(PR.IP) Implement proxy URL filtering
(PR.IP) Implement proxy DLP
Maintenance OS and application secuirty patching (PR.MA) Enforce auto updates
Protective Technology antimalware (PR.PT) Enable Windows Defender ATP
Identity Management
and Access Control
Awareness and Training
Information Protection
Processes and
Procedures
Data loss protection
Protect Unauthorised access is obtained
Data loss from attack or
accidental disclosure
Service account password and API keys rotated
Malware results in outage,
unauthorised access or data loss
Categoris
e system
and data
Select
controls
to reduce
risk
Impleme
nt
controls
Assess
controls
Authorise
. Risk is
acceptabl
e
Monitor
Categoris
e system
and data
Select
controls
to reduce
risk
Impleme
nt
controls
Assess
controls
Authorise
. Risk is
acceptabl
e
Monitor
Categoris
e system
and data
Select
controls
to reduce
risk
Impleme
nt
controls
Assess
controls
Authorise
. Risk is
acceptabl
e
Monitor
Categoris
e system
and data
Select
controls
to reduce
risk
Impleme
nt
controls
Assess
controls
Authorise
. Risk is
acceptabl
e
Monitor
NIST Function Your Risks NIST Category Your Controls Work items
Multifactor authentication
(PR.AC) Enable MFA
Priv Identity Management (PR.AC) Enable AAD PIM
Admin roles follow least rights privileged (PR.AC) Implement RBAC
Encrypt communications containing credentails (PR.AC) Disable basic auth
(PR.AC) Rotate service passwords
(PR.AC) Rotate API Keys
IT admins complete training module before access (PR.AT) Cloud Admin course tracking
Users sign up to terms of use (no business data) (PR.AT) Enable AAD Conditional Access ToS
Data Security Classifiy data (PR.DS) Implement AIP
(PR.IP) Block inbound internet access
(PR.IP) Block outbound internet access
(PR.IP) Implement proxy URL filtering
(PR.IP) Implement proxy DLP
Maintenance OS and application secuirty patching (PR.MA) Enforce auto updates
Protective Technology antimalware (PR.PT) Enable Windows Defender ATP
Identity Management
and Access Control
Awareness and Training
Information Protection
Processes and
Procedures
Data loss protection
Protect Unauthorised access is obtained
Data loss from attack or
accidental disclosure
Service account password and API keys rotated
Malware results in outage,
unauthorised access or data loss
NIST Function Your Risks NIST Category Your Controls Work items
Multifactor authentication
(PR.AC) Enable MFA
Priv Identity Management (PR.AC) Enable AAD PIM
Admin roles follow least rights privileged (PR.AC) Implement RBAC
Encrypt communications containing credentails (PR.AC) Disable basic auth
(PR.AC) Rotate service passwords
(PR.AC) Rotate API Keys
IT admins complete training module before access (PR.AT) Cloud Admin course tracking
Users sign up to terms of use (no business data) (PR.AT) Enable AAD Conditional Access ToS
Data Security Classifiy data (PR.DS) Implement AIP
(PR.IP) Block inbound internet access
(PR.IP) Block outbound internet access
(PR.IP) Implement proxy URL filtering
(PR.IP) Implement proxy DLP
Maintenance OS and application secuirty patching (PR.MA) Enforce auto updates
Protective Technology antimalware (PR.PT) Enable Windows Defender ATP
Identity Management
and Access Control
Awareness and Training
Information Protection
Processes and
Procedures
Data loss protection
Protect Unauthorised access is obtained
Data loss from attack or
accidental disclosure
Service account password and API keys rotated
Malware results in outage,
unauthorised access or data loss
56. Shortcuts
• Embed someone from InfoSec in your team (DevSecOps)
They can review controls as they’re implemented
• Learning by doing takes time…
Work with a cloud migration specialist
Inherit their code and security controls
Jump ahead to IAM v7, landing zone v9 etc..
• Be a chameleon. Fold into existing governance
• Call your team the Cloud Adoption Team (CAT)
57.
58.
59. Thanks!
KA2 is an expert technology change consultancy specialising in financial services, the insurance
industry and public sector. The company provides expert services across the entire technology
change spectrum including; cloud migration, target operating models and digital transformation
strategies; the modern workplace; service management; enterprise architecture; network design;
enterprise security and voice and unified communications. The team includes highly skilled and
experienced programme leaders, technical architects, solutions consultants and business analysts
who all bring a proven track record in delivering successful technology change programmes for a
wide range of blue-chip organisations.
Email: contact@ka2.io
Editor's Notes
A problem my consultancy hit on a recent cloud migration engagement, whats happening now and hopefully you’ll be able to make use of this too.
Last seen working at public cloud service provider Hentsu spinning up infra for new hedge funds and migrating hedge funds to public cloud
Background engineering teams investment banking, asset managementregulatory compliance, high security, high availability, high tech
Industry cert certifications & scout computer badge!!
Loaded up with Historical cargo
CEO of Infor at AWS Summit 2014
Building a computer room/dc is kind of interesting
Keeping it running is a burden
Huge distraction from working on stuff the business or the customer actually cares about
Move dcs to public cloud and refocus on more important stuff that’s going to make company money/customers happy
Building and maintaining DCs does keep you busy, doesn't make you valuable
Azure datacenters are positioned on laylines of tremendous connectivityIf you’re an international organization , investigate if you can ditch your point to point international lease lines and use public cloud provider as a hub to link your offices and datacenters.
When comparing the cost of on prem vs public cloud
You assemble a team of mercenaries/contractors
Infosec Fortress
Cyber defence 1976
Administration – who has access to what (from where), rbac, how you operate the service, still you
AWS – same deal, still up to you to secure the data
Where’s the magic dial?
1 A way of discussing risk with infosec and getting approvals
2. Release roadmap, what we’re going to do in stages
3. Helps us figure out risks and what to do about them
Click through
Categorize the system and the information processed, stored, and transmitted by the system based on an analysis of the impact of loss
Describe the risk – what bad things could happen with this system / this data
Select an initial set of controls for the system and tailor the controls as needed to reduce risk to an acceptable level based on an assessment of risk. Technical/processNIST Cyber Framework can help with this
Implement the controls and describe how the controls are employed within the system and its environment of operation.
Assess the controls to determine if the controls are implemented correctly, operating as intended, and producing the desired outcomes with respect to satisfying the security and privacy requirements.
Authorize the system or common controls based on a determination that the risk to organizational operations and assets, individuals, other organizations, and the Nation is acceptable.
Monitor the system and the associated controls on an ongoing basis to include assessing control effectiveness, documenting changes to the system and environment of operation, conducting risk assessments and impact analyses, and reporting the security and privacy posture of the system.
Categorize the system and the information processed, stored, and transmitted by the system based on an analysis of the impact of loss
Describe the risk – what bad things could happen with this system / this data
Click to releases
Categorize the system and the information processed, stored, and transmitted by the system based on an analysis of the impact of loss
Select an initial set of controls for the system and tailor the controls as needed to reduce risk to an acceptable level based on an assessment of risk.
Implement the controls and describe how the controls are employed within the system and its environment of operation.
Assess the controls to determine if the controls are implemented correctly, operating as intended, and producing the desired outcomes with respect to satisfying the security and privacy requirements.
Authorize the system or common controls based on a determination that the risk to organizational operations and assets, individuals, other organizations, and the Nation is acceptable.
Monitor the system and the associated controls on an ongoing basis to include assessing control effectiveness, documenting changes to the system and environment of operation, conducting risk assessments and impact analyses, and reporting the security and privacy posture of the system.
Secret weapon number 3
Categorize the system and the information processed, stored, and transmitted by the system based on an analysis of the impact of loss
Select an initial set of controls for the system and tailor the controls as needed to reduce risk to an acceptable level based on an assessment of risk. Technical/process
Implement the controls and describe how the controls are employed within the system and its environment of operation.
Assess the controls to determine if the controls are implemented correctly, operating as intended, and producing the desired outcomes with respect to satisfying the security and privacy requirements.
Authorize the system or common controls based on a determination that the risk to organizational operations and assets, individuals, other organizations, and the Nation is acceptable.
Monitor the system and the associated controls on an ongoing basis to include assessing control effectiveness, documenting changes to the system and environment of operation, conducting risk assessments and impact analyses, and reporting the security and privacy posture of the system.
Risk – whats the bad thing that could happenControl – what makes it unlikely or lower impact
Work items – well defined so people can crack on
Talk with infosec, which risks and controls will get you to next stage on your roadmap?
Categorize the system and the information processed, stored, and transmitted by the system based on an analysis of the impact of loss
Select an initial set of controls for the system and tailor the controls as needed to reduce risk to an acceptable level based on an assessment of risk. Technical/process
Implement the controls and describe how the controls are employed within the system and its environment of operation.
Assess the controls to determine if the controls are implemented correctly, operating as intended, and producing the desired outcomes with respect to satisfying the security and privacy requirements.
Authorize the system or common controls based on a determination that the risk to organizational operations and assets, individuals, other organizations, and the Nation is acceptable.
Monitor the system and the associated controls on an ongoing basis to include assessing control effectiveness, documenting changes to the system and environment of operation, conducting risk assessments and impact analyses, and reporting the security and privacy posture of the system.
50% green
Monitor the system and the associated controls on an ongoing basis to include assessing control effectiveness, documenting changes to the system and environment of operation, conducting risk assessments and impact analyses, and reporting the security and privacy posture of the system.
Excuse the GFX, it was 1998, on unix, we’re lucky it’s not ASCII art!
High risk – don’t put anything important here!
Getting better, safer…
Time for low value apps….
Party time, upload the business critical data
High risk – don’t put anything important here!
Getting better, safer…
Time for low value apps….
Party time, upload the business critical data
Bootstrap – POCs look like this often
Central ID and RBAC
App ready
Data ready
High risk – don’t put anything important here!
Getting better, safer…
Time for low value apps….
Party time, upload the business critical data
But the burners on
Stop fighting with IT Security
Find that common ground, common language. Agree a plan, execute the plan and keep talking throughout.
May your quests by really successful!
A problem my consultancy hit on a recent cloud migration engagement, whats happening now and hopefully you’ll be able to make use of this too.