Presentations from the Toronto Stop of the Scalar Security Roadshow on March 4, covering technologies from Palo Alto Networks, F5, Splunk, and Infoblox.
Wireless Network Security Palo Alto Networks / Aruba Networks Integration
Topics Include:
The Backdrop for Mobile Security
Changes in the application landscape
State of the art in mobile threats
Issues with the current approaches to enterprise security
Aruba Networks / Palo Alto Networks Integration
Introduction to the Palo Alto Networks Network Security Platform
Integration points with Aruba Networks ClearPass Guest
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.
Wireless Network Security Palo Alto Networks / Aruba Networks Integration
Topics Include:
The Backdrop for Mobile Security
Changes in the application landscape
State of the art in mobile threats
Issues with the current approaches to enterprise security
Aruba Networks / Palo Alto Networks Integration
Introduction to the Palo Alto Networks Network Security Platform
Integration points with Aruba Networks ClearPass Guest
Presentación - Cisco ASA with FirePOWER ServicesOscar Romano
En la medida que más empresas mueven sus modelos de negocio hacia la movilidad, la nube e Internet de las cosas, sus soluciones de seguridad deben ser más dinámicas y escalables. Sin embargo, hasta la fecha, la mayoría de las soluciones de seguridad no han seguido el ritmo de cambio y no han podido adaptarse a las nuevas amenazas y ataques. Hoy, las soluciones de seguridad están basadas en un modelo binario de “bien vs mal”, el cual carece de la visibilidad necesaria para entender el contexto. El 16 de septiembre, Cisco dio a conocer su más reciente paso en esta dirección.
This presentations highlights the Cisco Security Architecture. For more information Cisco's security products and solutions please visit our website here: http://www.cisco.com/web/CA/products/vpn.html
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
This presentation examines next-generation firewalls, and provides practical advice on how to effectively and efficiently manage policies in a multi-product and even multi-vendor, defense-in-depth architecture.
By watching this webcast you will learn answers to the following questions:
-What constitutes a next-generation firewall and what problems does it solve?
What are the deployment options for next-generation firewalls?
What do policies in a defense-in-depth architecture look like?
How can you efficiently manage next-generation firewalls AND traditional firewall policies?
And much more
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including:
• Core features and functionality
• Market positioning and differentiators
• Technology integration for effective incident response
Palo Alto Networks - инновационная платформа сетевой безопасности ядром которой является next generation firewall, на базе уникальной, разработанной PA Networks технологии App-ID, обеспечивает безопасность сети на уровне приложений, пользователей и контента с использованием как физической так и виртуальной архитектуры. Решения сетевой защиты PAN соответствуют самым высоким требованиям к сетевой безопасности, как по производительности так и по функциональности, и являются безусловными лидерами отрасли, что подтверждено отчетами Gartner, количеством пользователей и растущим объемом продаж компании.
Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks.
The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
On April 15, 2015, Scalar hosted our Security Roadshow in Toronto where we'll be focused on defence in three key areas - endpoint, application, and network. Led by our team of experts, these quick-fire, interactive sessions will arm you with the knowledge you need to improve your cyber security posture in some of the most common areas of vulnerability.
Defend the Endpoint with Bromium
Bromium is a new security protection tool for the host that relies on task-based virtualization. In this demo we'll look at how Bromium runs and protects the endpoint. We'll invite 0days from the audience and bring our own to show how the system really works. Much like how each virtual server is contained in a hypervisor, with Bromium each individual task on a host is contained in its own task-based virtual container. If you’ve ever looked at the Windows Task Manager, or the output of a Unix ‘ps’ process list, imagine if each group of processes, that makes up the task, was contained in its own hypervisor. That can be 40-50 tasks or more, each isolated in its own little hypervisor with no real access to the host.
Why is task virtualization helpful? By keeping each task in its own hypervisor, Bromium gives you a bottoms-up view of each individual task’s behaviour – without impacting system performance. If each process is contained in its own hypervisor, it’s easy to see when a process begins spawning other activities or creating any unusual traffic. Basically, it can very easily identify anything shifty. This is the most granular level of inspection you can get at a host level – Bromium is there at the very beginning when the virus begins to execute.
Defend the Application with WhiteHat
In this session we will look at a newer approach to application security and penetration testing, which combines persistent and automated testing processes to continuously monitor applications for vulnerabilities, as well as deep inspection of the business logic by trained specialists. This approach exceeds newer PCI 3 requirements and provides ongoing assurance that web application vulnerabilities are quickly detected and tracked to remediation.
We'll walk through the WhiteHat Security client management portal and discuss the WhiteHat methodology that can now be used, by you, to leverage the 150+ application specialists at WhiteHat to build a continuous application assessment process for your company's active web applications and software development teams.
Defend the Network with LogRhythm
As the security landscape changes, Security Information and Event Management (SIEM) tools that detect and investigate security breaches and threats have become increasingly complex to implement, integrate, and support. Inefficient solutions leave organizations slow to defend against and respond to complex attacks.
LogRhythm’s Security Intelligence Platform has removed the complexity from SIEM, while leveraging real-time threat intelligence with behavioural an
This presentations highlights the Cisco Security Architecture. For more information Cisco's security products and solutions please visit our website here: http://www.cisco.com/web/CA/products/vpn.html
Your network holds the key to defending your organization. The Cisco switches, routers, and wireless solutions you deploy can complement and empower your security systems. Cisco provides a broad portfolio of capabilities to improve your defenses across the entire attack continuum. This presentation outlines how you can use your network as a sensor to protect your data, your customers, and your reputation.
Register to Watch Webcast: http://cs.co/9003CRsH
Join the Conversation: http://cs.co/9008CRt6
Key Policy Considerations When Implementing Next-Generation FirewallsAlgoSec
This presentation examines next-generation firewalls, and provides practical advice on how to effectively and efficiently manage policies in a multi-product and even multi-vendor, defense-in-depth architecture.
By watching this webcast you will learn answers to the following questions:
-What constitutes a next-generation firewall and what problems does it solve?
What are the deployment options for next-generation firewalls?
What do policies in a defense-in-depth architecture look like?
How can you efficiently manage next-generation firewalls AND traditional firewall policies?
And much more
ASA Firepower NGFW Update and Deployment ScenariosCisco Canada
This session will focus on typical deployment scenarios for the Adaptive Security Appliance family running FirePower Services. Also, a feature overview and comparison of the ASA with Firepower services and the new Firepower Threat Defense (FTD) image will be included with updates on the new Firepower hardware platform. Deployment use cases will include Internet Edge, various segmentation scenarios, and VPN. A configuration walk-through and accepted best practices will be covered. This session is designed for existing ASA customers and targets the security and network engineer. They will learn the benefit of a FirePower NGFW in network edge and Internet use cases
Cisco, Sourcefire and Lancope - Better TogetherLancope, Inc.
Technology overview for Sourcefire FireSIGHT and Lancope StealthWatch including:
• Core features and functionality
• Market positioning and differentiators
• Technology integration for effective incident response
Palo Alto Networks - инновационная платформа сетевой безопасности ядром которой является next generation firewall, на базе уникальной, разработанной PA Networks технологии App-ID, обеспечивает безопасность сети на уровне приложений, пользователей и контента с использованием как физической так и виртуальной архитектуры. Решения сетевой защиты PAN соответствуют самым высоким требованиям к сетевой безопасности, как по производительности так и по функциональности, и являются безусловными лидерами отрасли, что подтверждено отчетами Gartner, количеством пользователей и растущим объемом продаж компании.
Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks.
The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
On April 15, 2015, Scalar hosted our Security Roadshow in Toronto where we'll be focused on defence in three key areas - endpoint, application, and network. Led by our team of experts, these quick-fire, interactive sessions will arm you with the knowledge you need to improve your cyber security posture in some of the most common areas of vulnerability.
Defend the Endpoint with Bromium
Bromium is a new security protection tool for the host that relies on task-based virtualization. In this demo we'll look at how Bromium runs and protects the endpoint. We'll invite 0days from the audience and bring our own to show how the system really works. Much like how each virtual server is contained in a hypervisor, with Bromium each individual task on a host is contained in its own task-based virtual container. If you’ve ever looked at the Windows Task Manager, or the output of a Unix ‘ps’ process list, imagine if each group of processes, that makes up the task, was contained in its own hypervisor. That can be 40-50 tasks or more, each isolated in its own little hypervisor with no real access to the host.
Why is task virtualization helpful? By keeping each task in its own hypervisor, Bromium gives you a bottoms-up view of each individual task’s behaviour – without impacting system performance. If each process is contained in its own hypervisor, it’s easy to see when a process begins spawning other activities or creating any unusual traffic. Basically, it can very easily identify anything shifty. This is the most granular level of inspection you can get at a host level – Bromium is there at the very beginning when the virus begins to execute.
Defend the Application with WhiteHat
In this session we will look at a newer approach to application security and penetration testing, which combines persistent and automated testing processes to continuously monitor applications for vulnerabilities, as well as deep inspection of the business logic by trained specialists. This approach exceeds newer PCI 3 requirements and provides ongoing assurance that web application vulnerabilities are quickly detected and tracked to remediation.
We'll walk through the WhiteHat Security client management portal and discuss the WhiteHat methodology that can now be used, by you, to leverage the 150+ application specialists at WhiteHat to build a continuous application assessment process for your company's active web applications and software development teams.
Defend the Network with LogRhythm
As the security landscape changes, Security Information and Event Management (SIEM) tools that detect and investigate security breaches and threats have become increasingly complex to implement, integrate, and support. Inefficient solutions leave organizations slow to defend against and respond to complex attacks.
LogRhythm’s Security Intelligence Platform has removed the complexity from SIEM, while leveraging real-time threat intelligence with behavioural an
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
Responding to cyber incidents is not what it used to be, the landscape has changed considerably; proactive response now requires the use of many tools and extensive coordination and expertise. Adding to the complexity is the common confusion between IR and forensics. Where does forensics begin and incident response start? What incidents require forensic investigation? And what should you know to pull the pieces together?
Embarking on creating an incident response (IR) program can be challenging and frustrating. This presentation discusses that in order to adequately prepare for security incidents you need an IR framework that can lay the foundation for your IR plan and in turn help describe attacks. Describing attacks is important because you cannot respond to what you cannot identify.
VERIS will be used as an example framework to help you along your path in creating a successful cyber response program.
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly. In this quick-fire, half-day roadshow, Scalar brings you solutions to these problems from three of our most strategic security vendors, as well as a full presentation on our managed security services portfolio.
Session delivered by Scalar on Network Functions Virtualization. NFV allows for:
Rapid Service Deployment
– Ability to template and image NFV devices
– Deployment is as easy as copying an image and
spinning up a new VM
– Integration with Orchestration Stack
Elasticity
– Ideal for situations where temporary but large
scale increases in traffic and services exist
Lower Deployment Costs
– No additional hardware to purchase, as long as
resources exist in virtual environment
Scalar Decisions: Emerging Trends and Technologies in Storagepatmisasi
From a Feb 2014 TGIF Lunch and Learn event in Toronto, @Scalardecisions' Solution Architect Neil Bunn discusses key emerging trends in storage, (Flash, Object Storage, and Software Defined Storage.) including both concepts and vendor technologies applicable to each major theme.
TGIFs are FREE, technical sessions, helping our community understand architecture and deployment best practices
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
This session will provide details on the new law and its requirements, as well as address the current threat landscape, summarize existing data security laws in the U.S., discuss the new EU cyber directive, and continued impact of the Safe Harbor decision. We will disentangle these regulatory changes and challenges and provide tips and tricks for compliance.
EMC XtremIO and EMC Isilon scale-out architectures make them an ideal fit to handle the demanding Splunk requirements around intensive workloads. EMC brings the same enterprise-class data services to Splunk that earned them best of breed status across the board in area such Scale-Out NAS storage, data protection, compliance and performance tiering.
Connect the Dots: Draw a Clear Picture of Social’s Impact on Business ResultsSpredfast
Every company has objectives for business growth. Social marketing should support these key goals. And measurement of social marketing efforts should speak directly to goal-based results. Learn how socially mature organizations are connecting the dots between social measurement and bottom line business results. Understand the principles guiding these efforts and see how social is being integrated with other areas (and systems) across the business.
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly.
Together with our event partners Cisco, F5, and Bromium, Scalar brings you solutions to these problems, as well as a full presentation on our managed security services portfolio.
2013 Overview of Scalar Decisions. Scalar Decisions is the Canadian leader in delivering innovative IT solutions focused on the data centre. Our practice focus is around virtualization & cloud, data management, networks and security. Our deliverables are built upon designing world class systems for our clients, deployment through services, validation of those designs and finally the ongoing monitoring and management of those systems. Recognized on the PROFIT list of the fastest-growing companies in Canada for the last four years (since we became eligible in year 5 of our business). In 2013, we were 94 on the overall list, but 15 within the IT industry, and one of the highest-revenue companies overall.
Canadian company with nationwide presence
Number 15 on the CDN List of Top 100 Solution Providers
Also named #46 on Branham300 of Canada’s leading ICT companies
We have a deep technical bench, we are not a call centre shipping product, we position ourselves as an extension of your business, and have the team in place to back this up
Though Scalar is in its 10th fiscal year, our founders have been doing this since 1990 when they were running Enterprise Technology Group (ETG). Since then that team has delivered over $1BN in mission-critical infrastructure.
Core infrastructure is our background, our experience, and the primary focus of what we do – it underpins our business.
As infrastructure has changed with the industry to be spread across public, private, hybrid etc, our customer needs have changed, and therefore so does our portfolio and focus. Today, we focus on building core infrastructure and then assisting our clients in securing it, ensuring it is running well (performance), and managing it (control).
Though core infrastructure is the delivery vehicle for all applications, we do not deal at the application layer – We deal with security, performance, and control only as they relate to core infrastructure. This focus allows us to be the very best at what we do.
We answer the questions:
Core Infrastructure – How to Build It?
Security – How to secure it?
Performance – How is it running?
Control – How to manage it?
Presentation from the 2016 Scalar Security Study Roadshow, highlighting the findings from the second annual Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, which examines trends among Canadian organizations in dealing with growing cyber threats.
Compliance made easy. Pass your audits stress-free.AlgoSec
Don’t fail an audit ever again. Yes, it’s possible.
It doesn’t matter what regulation you are talking about, whether your own internal compliance standard or a common global framework such as PCI DSS, SOX, HIPPA, SWIFT, or even HKMA.
Overcoming the Challenges of Architecting for the CloudZscaler
The concept of backhauling traffic to a centralized datacenter worked when both users and applications resided there. But, the migration of applications from the data center to the cloud requires organizations to rethink their branch and network architectures. What is the best approach to manage costs, reduce risk, and deliver the best user experience for all your users?
Watch this webcast to uncover the five key requirements to overcome these challenges and securely route your branch traffic direct to the cloud.
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
Data centers move exabytes of data through their networks. This explosive growth in network traffic has put demands on data centers to adapt and add new technologies and standards to keep pace and make information easily accessible. Our personal information, company IP assets and sensitive data run across these networks that are constantly under persistent and malicious cyber attacks to look for vulnerabilities in their networks. IT security teams have to protect complex networks that are growing in size and complexity. They call for a new approach to gaining full – rather than partial – visibility into network behavior to stop downtime losses and data leaks.
By providing 1 to 1 NetFlow generation then collecting the data and analyzing the flow records is essential in time-to-resolution (TTR). To help you take full advantage of valuable NetFlow data for use in network security management, Emulex and Lancope have created a best-in-class network and security solution that allows you to quickly and continuously monitor the makeup of the traffic traversing your network.
In this webinar, we’ll explore why network security management is crucial in managing functionality and visibility of an organization’s network infrastructure and how Emulex helps address these deployment requirements. We'll also explore what matters most when network security is breached, and share some best practice insights gleaned from working with customers that run some of the largest and most critical data networks on the planet.
Introduction of Cloudflare Solution for Mobile PaymentJean Ryu
On 29th Apr, I've run a webinar together with my colleagues about how Cloudflare can help mobile payment industry, focusing on how to accelerate and secure mobile payment applications. Although the rapid move to cloud is happening in every industry, there're still challenges and technical debts that are unaddressed. In this webinar we draw an overview picture of Cloudflare as a Cloud based solution and describes how it can help financial industry and introduces reference customers.
On-premises web gateways are being disrupted, and the model of providing web content security is changing. The pace of technology change and evolving employee work habits are pushing on-premises gateways out of the picture. Many companies are outsourcing their Security to Managed Security Service Providers.
Zscaler is the only carrier-grade Security as a Service platform.
Zscaler serves large enterprises, governments & mid-sized organizations in 185+ countries.
Zscaler protects 13M+ users across 5,000+ clients.
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
When Edward Snowden leaked classified information to the mainstream media, it brought the dangers posed by insider threats to the forefront of public consciousness, and not without reason. Today’s agencies are drowning in fears surrounding sophisticated cyber-attacks but perhaps the most concerning type of attack out there – the insider threat. According to Forrester, abuse by malicious insiders makes up 25% of data breaches. Learn about the best practices and technologies you should be implementing now to avoid becoming the next victim of a high-profile attack.
- Become aware of the different types of insider threats, including their motives and methods of attack
- Understand why conventional security tools like firewalls, antivirus and IDS/IPS are powerless in the face of the insider threat
- Gain clarity on the various technologies, policies and best practices that should be put in place to help detect and thwart insider threats
- Discover how network logs, particularly NetFlow, can be used to cost-effectively monitor for suspicious insider behaviors that could indicate an attack
- Know about emerging attack methods such as muleware that could further escalate insider threats in the coming years
Save Your Network – Protecting Manufacturing Data from Deadly BreachesLancope, Inc.
As recent events have proven, manufacturing organizations are especially vulnerable to cyber-attacks due to the amount of valuable data they maintain. With advanced attacks becoming so ubiquitous, how can manufacturing organizations protect their data and avoid becoming the next high-profile victim in the headlines?
The answer lies in network visibility. Manufacturing providers and others are invited to join this complimentary webinar to learn how to:
- Cost-effectively transform their network into a sensor grid for detecting sophisticated attacks
- Quickly uncover suspicious behaviors associated with zero-day attacks, APTs, insider threats and other risks that frequently evade conventional defenses
- Protect their reputation by thwarting attacks before they lead to devastating data loss
CONFidence2015: Real World Threat Hunting - Martin NystromPROIDEA
Real World Threat Hunting
Security threats have grown from network annoyances to attacks on sensitive infrastructure; penetrating network perimeters, moving laterally within networks, breaching new device types, and cloaking movements. This presentation will share techniques utilized by Cisco to detect and investigate sophisticated, embedded threats.
The speaker, who has conducted monitoring and investigations on customer networks, will review recent real attacks observed on customer networks, from discovery to remediation, and provide lessons learned. These interactive case examples will highlight how to identify these threats using security intelligence, expert staff, and the Cisco OpenSOC platform.
Examples of attacks and illustrations:
* Sophisticated phishing attacks targeted at customer environments.
* Breaches and data exfiltration resulting from the high-profile HeartBleed and Shellshock vulnerabilities.
* Sophisticated malware targeting financial institutions with the goal of data theft.
* Use of full packet capture to identify data exfiltration.
Companies realize, to be successful, they must transform and deliver an enriched and full experience for both customers and the employees by:
• Integrating the entire business to deliver the results the customer and employee want, at every touch point.
• Establishing a frictionless enterprise platform, governed by a new, flexible operating model with adaptive and easily configurable processes and systems.
Digital Transformation: Enriching the user experience through strategy, process, people, and technology.
Highlights of the 2017 Scalar Security Study – The Cyber Security Readiness of Canadian Organizations. The third annual Scalar Security Study examines the cyber security readiness of Canadian organizations and the trends in dealing with growing cyber threats.
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
Executive Summary of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016/
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...Scalar Decisions
Highlights of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
CloudForms is a comprehensive IaaS cloud management platform that improves your virtual and cloud infrastructures with advanced capacity planning and resource management features.
Scalar & RedHat present a technical session to learn about CloudForms as the experts in cloud management!
Discussion Topics:
Red Hat and the Open Hybrid Cloud
Cloud Management & Orchestration using Cloud Forms
XtremIO finally delivers the breakthrough scale-out architecture, consistent performance, data reduction, thin provisioning, and manageability you’ve been waiting for in an enterprise flash array.
Hyperconverged Infrastructure: The Leading Edge of VirtualizationScalar Decisions
Hyper-convergence is today's leading edge of virtualization. Technologies have entered the market that have greatly simplified the deployment and maintenance of virtualized workloads. In this session, we will discuss the complexity associated with these types of highly virtualized environments and the modern approaches to reducing it.
Presentation from Scalar and NetApp discussing why CDOT is the promised land of storage and the future of NetApp, followed by a walk-through of the path to CDOT by one of Scalar's technical thought leaders.
The Cyber Security Readiness of Canadian OrganizationsScalar Decisions
Highlights of the 2015 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2015. The full report can be downloaded at: http://hubs.ly/y0tFbr0
Where Technology Meets Medicine: SickKids High Performance Computing Data CentreScalar Decisions
Case study look at the work Scalar conducted on the High-Performance Computing Data Centre at the Hospital for Sick Children (SickKids). The system is able to do 107 trillion calculations per second - one of the largest systems dedicated to health research.
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am GamesScalar Decisions
Toronto will soon host the largest international multi-sport Games in Canada, when more than 7,600 athletes from 41 countries across the Americas will compete at the TORONTO 2015 Pan Am/Parapan Am Games. Understandably,
IT security is top of mind for the Organizing Committee (known as TO2015). The event will rely on a number of applications and web portals, which include an interactive volunteer portal, athlete accreditation management
tools and a travel logistics site. Securing the data centre where these applications reside is of critical importance, ensuring risks are mitigated, threats are prevented and regulatory requirements are met.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
27. The basics
Threat
What
it
is
What
it
does
Exploit
Bad
applica8on
input
usually
in
the
form
of
network
traffic.
Targets
a
vulnerability
to
hijack
control
of
the
target
applica8on
or
machine.
Malware
Malicious
applica8on
or
code.
Anything
–
Downloads,
hacks,
explores,
steals…
Command-‐and-‐control
(C2)
Network
traffic
generated
Keeps
the
remote
a`acker
by
malware.
in
control
ands
coordinates
the
a`ack.
Indicators
of
compromise
(IoC)
Indica8ons
that
your
network
has
been
compromised
Allows
security
teams
to
find
and
confirm
breaches
31. The new threat landscape
Advanced threat
Commodity threats
Organized cybercrime
Nation state
(More customized exploits
and malware)
(very common, easily identified)
(Very targeted, persistent, creative)
§
Mostly addressed by
traditional AV and IPS
§
Somewhat more
sophisticated payloads
§
Low sophistication,
slowly changing
§
Evasion techniques
often employed
Machine vs. machine
§
Intelligent and
continuous monitoring of
passive network-based
and host-based sensors
§
§
§
Comprehensive
investigation after an
indicator is found
§
Highly coordinated
response is required for
effective prevention and
remediation
Sandboxing and other
smart detection often
required
34. Malware Vectors and Traditional Detection Times
Top 5 sources of unknown malware highlighted. FTP was a leading source
and rarely detected.
4
1 2
3
5
36. Automated network effect of sharing
§
Automatic detection in real time in
private or public cloud
§
§
Global intelligence
and protection
delivered to all users
Anti-malware signatures
DNS intelligence
Malware URL database
Anti-C2 signatures
10Gbps advanced threat visibility and
prevention on all traffic, all ports (web, email,
SMB, etc.)
Automatic generation of several
defensive measures
§
Automatic distribution of defensive
measures to all WildFire customers
within 30 minutes after initial detection
§
WildFire
TM
Automatic installation of defensive
measures provides full prevention
immediately
§
§
Command-and-control
Staged malware downloads
Host ID and data exfil
WildFire Appliance
(optional)
Malware, DNS, URL, and C2 signatures
automatically created based on WildFire
intelligence and delivered to customers globally
You benefit from the threat intelligence
of 2,500+ organizations across the
industry
Soak sites, sinkholes,
3rd party sources
WildFire Users
42. Regaining Control over Modern Threats
New Requirements for
Threat Prevention
1. Visibility into all traffic regardless of
port, protocol, evasive tactic or SSL
2. Stop all types of known network threats
(IPS, Anti-malware, URL, etc.) while
maintaining multi-gigabit performance
3. Find and stop new and unknown
threats even without a pre-existing
signature
Page 42 |
45. Imperatives to be secure
§ Evolving from incident response mindset to intelligence
mindset
§ No intelligence exists without visibility
§ Applying the intelligence and resulting IOCs to the kill
chain
§ Sharing what you know
46. Can’t understand what you don’t know
§ You don’t have intelligence if you don’t have visibility
§ Visibility required across the whole network
§ Ideally, you can see and understand applications,
content, and users
§ Then make sense of what you see
47. Share what you know
§ In the cyber security battle, sharing is key
§ Three ways this is happening
1. External – industry initiatives
2. External – technology partnerships
3. Internal – your security technology should leverage the network
48. vSphere
Virtual Firewall
as a Guest VM
Gateway Edition
VM-100
NSX
Virtual Firewall
as a Hypervisor Service
VM-1000-HV Edition
VM-200
VM-300
Modeled from VM-300
75. Built for intelligence, speed and scale
Users
Resources
Concurrent user sessions
100K
Concurrent logins
1,500/sec.
Throughput
640 Gbps
Concurrent connections
288 M
DNS query response
10 M/sec
SSL TPS (2K keys)
240K/sec
Connections per second
8M
83. Splunk
Overview
Company
(NASDAQ:
SPLK)
"
"
"
"
Founded
2004,
first
sogware
release
in
2006
HQ:
San
Francisco
/
Regional
HQ:
London,
Hong
Kong
Over
1000
employees,
based
in
12
countries
2012
Revenue:
$199M
(YoY
+60%)
Business
Model
/
Products
"
Free
download
to
massive
scale
"
Splunk
Enterprise,
Splunk
Cloud
Hunk:
Splunk
Analy8cs
for
Hadoop
"
6,400+
Customers
"
Customers
in
over
90
countries
60
of
the
Fortune
100
"
Largest
license:
Over
100
Terabytes
per
day
"
83
85. The
Accelera8ng
Pace
of
Data
Volume
|
Velocity
|
Variety
|
Variability
GPS,
Machine
data
is
fastest
growing,
most
RFID,
Hypervisor,
complex,
most
valuable
area
of
big
data
Web
Servers,
Email,
Messaging,
Clickstreams,
Mobile,
Telephony,
IVR,
Databases,
Sensors,
Telema8cs,
Storage,
Servers,
Security
Devices,
Desktops
85
86. The
Splunk
Security
Intelligence
Plaqorm
Security
Use
Cases
Machine
Data
Online
Services
Forensic
InvesQgaQon
Web
Services
Security
Servers
Security
OperaQons
Compliance
Fraud
DetecQon
GPS
Loca8on
Networks
Packaged
Applica8ons
Desktops
Storage
Messaging
Telecoms
Custom
Applica8ons
RFID
Energy
Meters
Online
Shopping
Cart
Databases
Web
Clickstreams
Call
Detail
Records
HA
Indexes
and
Storage
Smartphones
and
Devices
4
Commodity
Servers
87. Rapid
Ascent
in
the
Gartner
SIEM
Magic
Quadrant
2011
2012
87
2013
88. Industry
Accolades
Best
SIEM
SoluQon
Best
Enterprise
Security
SoluQon
88
Best
Security
Product
91. Partner
Ecosystem
What
is
the
Value
Add
to
ExisQng
Customers?
Visibility
and
Correla8on
of
Rich
Data
Improved
Security
Posture
Configurable
Dashboard
Views
92. All
Data
is
Security
Relevant
=
Big
Data
Databases
Email
Web
Desktops
Servers
DHCP/
DNS
Network
Flows
Tradi&onal
SIEM
Custom
Hypervisor
Badges
Firewall
Authen8ca8on
Vulnerability
Apps
Scans
Storage
Mobile
An8-‐
Intrusion
Data
Loss
Detec8on
Preven8on
Malware
Service
Desk
Industrial
Call
Control
Records
93. Making
Sound
Security
Decisions
Binary
Data
(flow
and
PCAP)
Log
Data
Security
Decisions
Threat
Intelligence
Feeds
Context
Data
Volume
Velocity
Variety
Variability
93
94. Case
#1
-‐
Incident
Inves8ga8on/Forensics
January
•
May
be
a
“cold
case”
inves8ga8on
requiring
machine
data
going
back
months
March
April
Ogen
ini8ated
by
alert
in
another
product
•
February
•
Suspect
A
Need
all
the
original
data
in
one
place
and
a
fast
way
to
search
it
to
answer:
client=unknown[
99.120.205.249]
<160>Jan
2616:27
(cJFFNMS
Suspect
B
– What
happened
and
was
it
a
false
posi8ve?
– How
did
the
threat
get
in,
where
have
they
gone,
and
did
they
steal
any
data?
truncating
integer value >
32 bits
<46>Jan
ASCII from
client=unknow
n
– Has
this
occurred
elsewhere
in
the
past?
•
Take
results
and
turn
them
into
a
real-‐8me
search/alert
if
needed
Accomplice A
DHCPACK
=ASCII
from
host=85.19
6.82.110
Suspect
C
Accomplice B
94
95. Case
#2
–
Real-‐8me
Monitoring
of
Known
Threats
Sources
Example
CorrelaQon
–
Data
Loss
20130806041221.000000Cap8on=ACME-‐2975EBAdministrator
Descrip8on=Built-‐in
account
for
administering
the
computer/domainDomain=ACME-‐2975EB
InstallDate=NULLLocalAccount
=
IP:
10.11.36.20
TrueName=Administrator
SID
=S-‐1-‐5-‐21-‐1715567821-‐926492609-‐725345543
500SIDType=1
Default
Admin
Account
Status=Degradedwmi_
type=UserAccounts
Source
IP
Windows
AuthenQcaQon
Aug
08
06:09:13
acmesep01.acmetech.com
Aug
09
06:17:24
SymantecServer
acmesep01:
Virus
found,Computer
name:
ACME-‐002,Source:
Real
Time
Scan,Risk
name:
Hackertool.rootkit,Occurrences:
1,C:/Documents
and
Sexngs/smithe/Local
Sexngs/Temp/evil.tmp,"""",Actual
ac8on:
Quaran8ned,Requested
ac8on:
Cleaned,
8me:
2009-‐01-‐23
03:19:12,Inserted:
2009-‐01-‐23
03:20:12,End:
2009-‐01-‐23
03:19:12,Domain:
Default,Group:
My
Malware
Found
Source
IP
CompanyACME
Remote,Server:
acmesep01,User:
smithe,Source
computer:
,Source
IP:
10.11.36.20
Endpoint
Security
Aug
08
08:26:54
snort.acmetech.com
{TCP}
10.11.36.20:5072
-‐>
10.11.36.26:443
itsec
snort[18774]:
[1:100000:3]
[Classifica8on:
Poten8al
Corporate
Privacy
Viola8on]
Credit
Card
Number
Detected
in
Clear
Text
Source
IP
[Priority:
2]:
Data
Loss
Intrusion
DetecQon
All
three
occurring
within
a
24-‐hour
period
Time
Range
95
96. Case
#3
–
Real-‐8me
Monitoring
of
Unknown
Threats
-‐
Spearphishing
Sources
Example
CorrelaQon
User
Name
2013-‐08-‐09T12:40:25.475Z,,exch-‐hub-‐den-‐01,,exch-‐mbx-‐cup-‐00,,,STOREDRIVER,DELIVER,
79426,<20130809050115.18154.11234@acme.com>,johndoe@acme.com,,685191,1,,,
hacker@neverseenbefore.com
,
Please
open
this
a`achment
with
payroll
informa8on,,
,
2013-‐08-‐09T22:40:24.975Z
Email
Server
Rarely
seen
email
domain
Rarely
visited
web
site
2013-‐08-‐09
16:21:38
10.11.36.29
98483
148
TCP_HIT
200
200
0
622
-‐
-‐
OBSERVED
GET
www.neverbeenseenbefore.com
HTTP/1.1
0
"Mozilla/4.0
(compa8ble;
MSIE
6.0;
Windows
NT
5.1;
SV1;
.NET
CLR
2.0.50727;
InfoPath.1;
MS-‐RTC
LM
8;
.NET
CLR
1.1.4322;
.NET
CLR
3.0.4506.2152;
)
User
John
Doe,"
User
Name
Web
Proxy
Endpoint
Logs
User
Name
08/09/2013
16:23:51.0128event_status="(0)The
opera8on
completed
successfully.
"pid=1300
process_image="John
DoeDeviceHarddiskVolume1WindowsSystem32neverseenbefore.exe“
registry_type
="CreateKey"key_path="REGISTRYMACHINESOFTWAREMicrosogWindows
NTCurrentVersion
Printers
PrintProviders
John
Doe-‐PCPrinters{}
NeverSeenbefore"
data_type""
Rarely
seen
service
All
three
occurring
within
a
24-‐hour
period
Time
Range
96
97. $500k
Security
ROI
@
Interac
•
Challenges:
Manual,
costly
processes
– Significant
people
and
days/weeks
required
for
incident
inves8ga8ons.
$10k+
per
week.
– No
single
repository
or
UI.
Used
mul8ple
UIs,
grep’d
log
files,
reported
in
Excel
– Tradi8onal
SIEMs
evaluated
were
too
bloated,
too
much
dev
8me,
too
expensive
Enter
Splunk:
Fast
inves8ga8ons
and
stronger
security
–
–
–
–
Feed
15+
data
sources
into
Splunk
for
incident
inves8ga8ons,
reports,
real-‐8me
alerts
Splunk
reduced
inves8ga8on
8me
to
hours.
Reports
can
be
created
in
minutes.
Real-‐8me
correla8ons
and
aler8ng
enables
fast
response
to
known
and
unknown
threats
ROI
quan8fied
at
$500k
a
year.
Splunk
TCO
is
less
than
10%
of
this.
“
“
•
Splunk
is
a
product
that
provides
a
looking
glass
into
our
environment
for
things
we
previously
couldn’t
see
or
would
otherwise
have
taken
days
to
see.
Josh
Diakun,
Security
Specialist,
Informa8on
Security
Opera8ons
97
98. Replacing
a
SIEM
@
Cisco
•
Challenges:
SIEM
could
not
meet
security
needs
– Very
difficult
to
index
non-‐security
or
custom
app
log
data
– Serious
scale
and
speed
issues.
10GB/day
and
searches
took
>
6
minutes
– Difficult
to
customize
with
reliance
on
pre-‐built
rules
which
generated
false
posi8ves
Enter
Splunk:
Flexible
SIEM
and
empowered
team
–
–
–
–
–
Easy
to
index
any
type
of
machine
data
from
any
source
Over
60
users
doing
inves8ga8ons,
RT
correla8ons,
repor8ng,
advanced
threat
detec8on
All
the
data
+
flexible
searches
and
repor8ng
=
empowered
team
900
GB/day
and
searches
take
<
minute.
7
global
data
centers
with
350TB
stored
data
Es8mate
Splunk
is
25%
the
cost
of
a
tradi8onal
SIEM
“
We
moved
to
Splunk
from
tradi8onal
SIEM
as
Splunk
is
designed
and
engineered
for
“big
data”
use
cases.
Our
previous
SIEM
was
not
and
simply
could
not
scale
to
the
data
volumes
we
have.
Gavin
Reid,
Leader,
Cisco
Computer
Security
Incident
Response
Team
“
•
98
99. Security
and
Compliance
@
Barclays
Challenges:
Unable
to
meet
demands
of
auditors
–
–
–
–
•
Scale
issues,
hard
to
get
data
in,
and
impossible
to
get
data
out
beyond
summaries
Not
op8mized
for
unplanned
ques8ons
or
historical
searches
Struggled
to
comply
with
global
internal
and
external
mandates,
and
to
detect
APTs
Other
SIEMs
evaluated
were
poor
at
complex
correla8ons,
data
enrichment,
repor8ng
Enter
Splunk:
Stronger
security
and
compliance
posture
–
–
–
–
Fines
avoided
as
searches
easily
turned
into
visualiza8ons
for
compliance
repor8ng
Faster
inves8ga8ons,
threat
aler8ng,
be`er
risk
measurement,
enrichment
of
old
data
Scale
and
speed:
Over
1
TB/day,
44
B
events
per
min,
460
data
sources,
12
data
centers
Other
teams
using
Splunk
for
non-‐security
use
cases
improves
ROI
“
We
hit
our
ROI
targets
immediately.
Our
regulators
are
very
aggressive,
so
if
they
say
we
need
to
demonstrate
or
prove
the
effec8veness
of
a
certain
control,
the
only
way
we
can
do
these
things
is
with
Splunk.
Stephen
Gailey,
Head
of
Security
Services
“
•
99
100. Splunk
Key
Differen8ators
Splunk
Single
product,
UI,
data
store
Tradi8onal
SIEM
Sogware-‐only;
install
on
commodity
hardware
Quick
deployment
+
ease-‐of-‐use
=
fast
8me-‐to-‐value
Can
easily
index
any
data
type
All
original/raw
data
indexed
and
searchable
Big
data
architecture
enables
scale
and
speed
Flexible
search
and
repor8ng
enables
be`er/faster
threat
inves8ga8ons
and
detec8on,
incl
finding
outliers/anomalies
• Open
plaqorm
with
API,
SDKs,
Apps
• Use
cases
beyond
security/compliance
•
•
•
•
•
•
•
100
101. For
your
own
AHA!
Moment
Reach
out
to
your
Scalar
and
Splunk
team
for
a
demo
Thank
you!