This document discusses CIS Top 20 Critical Security Control #5 on controlling use of administrative privileges. It provides an overview of privileged accounts and why tight control is important. It then outlines 10 specific steps to implement the control and secure privileged access. Tools and best practices are also mentioned to inventory, authorize, and monitor administrative accounts while enforcing least privilege.
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. They are developed, renewed, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security (www.cisecurity.org). Contributors, adopters, and supporters are found around the world and come from all types of roles, backgrounds, missions, and businesses. State and local governments, power distributors, transportation agencies, academic institutions, nancial services, federal government, and defense contractors are among the hundreds of organizations that have adopted the Controls. They have all implemented the Controls to address the key question: “What needs to be done right now to protect my organization from advanced and
targeted attacks?”
Top 20 Security Controls for a More Secure InfrastructureInfosec
The CIS® (Center for Internet Security, Inc.®) Controls offer 20 proven, globally recognized best practices for securing your IT systems and data against the most pervasive attacks. Join Tony Sager, CIS Senior Vice President and Chief Evangelist, to learn:
- Origin and purpose of the CIS Controls
- How to prioritize implementation
- How to make the CIS Controls a foundational part of your security program, and improve your enterprise defenses, operations, compliance and security awareness
Watch the full webinar: https://www2.infosecinstitute.com/l/12882/2018-12-06/bcbc68
Effective Cyber Defense Using CIS Critical Security ControlsBSides Delhi
The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. They are developed, renewed, validated, and supported by a large volunteer community of security experts under the stewardship of the Center for Internet Security (www.cisecurity.org). Contributors, adopters, and supporters are found around the world and come from all types of roles, backgrounds, missions, and businesses. State and local governments, power distributors, transportation agencies, academic institutions, nancial services, federal government, and defense contractors are among the hundreds of organizations that have adopted the Controls. They have all implemented the Controls to address the key question: “What needs to be done right now to protect my organization from advanced and
targeted attacks?”
Top 20 Security Controls for a More Secure InfrastructureInfosec
The CIS® (Center for Internet Security, Inc.®) Controls offer 20 proven, globally recognized best practices for securing your IT systems and data against the most pervasive attacks. Join Tony Sager, CIS Senior Vice President and Chief Evangelist, to learn:
- Origin and purpose of the CIS Controls
- How to prioritize implementation
- How to make the CIS Controls a foundational part of your security program, and improve your enterprise defenses, operations, compliance and security awareness
Watch the full webinar: https://www2.infosecinstitute.com/l/12882/2018-12-06/bcbc68
Information Assurance Metrics: Practical Steps to MeasurementEnclaveSecurity
Show up to a security presentation, walk away with a specific action plan. In this presentation, James Tarala, a senior instructor with the SANS Institute, will be presenting on making specific plans for information assurance metrics in an organization. Clearly this is an industry buzzword at the moment when you listen to presentations on the 20 Critical Controls, NIST guidance, or industry banter). Security professionals have to know that their executives are discussing the idea. So exactly how do you integrate information assurance metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program. Small steps are better than no steps, and by the end of this presentation, students will have a start integrating metrics into their information assurance program.
The SANS Institute, in collaboration with the Center for Strategic and International Studies (CSIS) have recently released updates to the 20 Critical Controls / Consensus Audit Guidelines. These updates are based on industry changes and new attack signatures which have been collected over the previous 18 months from those directly involved on the front lines of stopping targeted cyber-attacks. This presentation will share details on the changes to the most recent version of the controls and share insights into the development of the controls, future evolutions, along with practical tips collected from organizations actively involved in implementing these controls.
More practical insights on the 20 critical controlsEnclaveSecurity
This presentation is for both alumni of the SANS 440 / 566 courses on the 20 Critical Controls and anyone considering implementing these controls in their organizations. Since the first version of the 20 Critical Controls were released, many organizations internationally have been considering implementing these controls as guideposts and metrics for effectively stopping directed attacks. Some organizations have been doing this effectively, others have struggled. This presentation will give case studies of organizations that have implemented these controls, what they have learned from their implementations about what works and what does not work practically. Not only will the discussion focus around what organizations are doing to implement the controls, but also what vendors are doing to help automate the controls and the status of resources and projects in the industry. Students will walk away with even more tools to be effective with their implementations.
Solving the CIO’s Cybersecurity DilemmaJohn Gilligan
Solving the CIO’s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense. a presentation by John M. Gilligan at the National Summit on Planning and Implementing the 20 Critical Controls, held in November 2009.
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
The development of the Critical Security Controls is transforming the way companies measure and monitor the success of their security programs while drastically reducing the cost of security. Fifteen of the twenty controls can be automated, some at limited cost to the organization, and the data is readily available to be presented in conference rooms and board rooms. Upon implementing, hospitals will have the ability to measure compliance, track progress, and know when they’ve reached certain goals.
They were developed and agreed upon by a consortium including NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center as well as the top commercial forensics experts and pen testers serving the banking and critical infrastructure communities. Since the US State Department implemented these controls they have demonstrated “more than 80% reduction in ‘measured’ security risk through the rigorous automation and measurement of the Top 20 Controls.”
"Backoff" Malware: How to Know If You're InfectedTripwire
The US-CERT organization recently updated its Alert TA14-212A, which warns that Point-of-Sale (POS) memory-scraping malware has been found in 3 separate forensic investigations. The Secret Service estimates over 1000+ businesses of all types that accept credit card transactions may be affected. Most may not know it yet.
Join us to learn key “Indicators of Compromise” (IOCs) for Backoff, and what you can do about it.
NetStandard CTO John Leek presents 20 Critical Security Controls for the Cloud at Interface Kansas City. This presentation is based on controls set forth by the SANS Institute. Learn more at http://www.netstandard.com.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Kevin Wheeler, Founder and Managing Director, InfoDefense
Securing Industrial Control Systems
Our nation’s critical infrastructure is controlled by SCADA and other industrial control technologies. Water utilities, petroleum refineries, oil pipelines, food processors, manufacturers and power companies all use SCADA systems to control and monitor operations. The vast majority of these industrial control systems have been in place for decades with few, if any, enhancements to effectively protect against today’s advanced threats. As a result, industrial control system vulnerabilities are currently a major concern.
Legacy SCADA systems can be secured using many of the same best practices that are used to protect the enterprise. This presentation provides an overview of SCADA threats as well as practical solutions for protecting industrial control systems.
Cyber security series administrative control breaches Jim Kaplan CIA CFE
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 8 of 10
This Webinar focuses on Administrative Control Breaches
• Security Administration
• Purpose of Security Tools
• Examples of Security Tools
• Security Incident Manager (SIM)
• Problems with Security Administration
• Improving Administration
Information Assurance Metrics: Practical Steps to MeasurementEnclaveSecurity
Show up to a security presentation, walk away with a specific action plan. In this presentation, James Tarala, a senior instructor with the SANS Institute, will be presenting on making specific plans for information assurance metrics in an organization. Clearly this is an industry buzzword at the moment when you listen to presentations on the 20 Critical Controls, NIST guidance, or industry banter). Security professionals have to know that their executives are discussing the idea. So exactly how do you integrate information assurance metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program. Small steps are better than no steps, and by the end of this presentation, students will have a start integrating metrics into their information assurance program.
The SANS Institute, in collaboration with the Center for Strategic and International Studies (CSIS) have recently released updates to the 20 Critical Controls / Consensus Audit Guidelines. These updates are based on industry changes and new attack signatures which have been collected over the previous 18 months from those directly involved on the front lines of stopping targeted cyber-attacks. This presentation will share details on the changes to the most recent version of the controls and share insights into the development of the controls, future evolutions, along with practical tips collected from organizations actively involved in implementing these controls.
More practical insights on the 20 critical controlsEnclaveSecurity
This presentation is for both alumni of the SANS 440 / 566 courses on the 20 Critical Controls and anyone considering implementing these controls in their organizations. Since the first version of the 20 Critical Controls were released, many organizations internationally have been considering implementing these controls as guideposts and metrics for effectively stopping directed attacks. Some organizations have been doing this effectively, others have struggled. This presentation will give case studies of organizations that have implemented these controls, what they have learned from their implementations about what works and what does not work practically. Not only will the discussion focus around what organizations are doing to implement the controls, but also what vendors are doing to help automate the controls and the status of resources and projects in the industry. Students will walk away with even more tools to be effective with their implementations.
Solving the CIO’s Cybersecurity DilemmaJohn Gilligan
Solving the CIO’s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense. a presentation by John M. Gilligan at the National Summit on Planning and Implementing the 20 Critical Controls, held in November 2009.
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
The development of the Critical Security Controls is transforming the way companies measure and monitor the success of their security programs while drastically reducing the cost of security. Fifteen of the twenty controls can be automated, some at limited cost to the organization, and the data is readily available to be presented in conference rooms and board rooms. Upon implementing, hospitals will have the ability to measure compliance, track progress, and know when they’ve reached certain goals.
They were developed and agreed upon by a consortium including NSA, US Cert, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center as well as the top commercial forensics experts and pen testers serving the banking and critical infrastructure communities. Since the US State Department implemented these controls they have demonstrated “more than 80% reduction in ‘measured’ security risk through the rigorous automation and measurement of the Top 20 Controls.”
"Backoff" Malware: How to Know If You're InfectedTripwire
The US-CERT organization recently updated its Alert TA14-212A, which warns that Point-of-Sale (POS) memory-scraping malware has been found in 3 separate forensic investigations. The Secret Service estimates over 1000+ businesses of all types that accept credit card transactions may be affected. Most may not know it yet.
Join us to learn key “Indicators of Compromise” (IOCs) for Backoff, and what you can do about it.
NetStandard CTO John Leek presents 20 Critical Security Controls for the Cloud at Interface Kansas City. This presentation is based on controls set forth by the SANS Institute. Learn more at http://www.netstandard.com.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Kevin Wheeler, Founder and Managing Director, InfoDefense
Securing Industrial Control Systems
Our nation’s critical infrastructure is controlled by SCADA and other industrial control technologies. Water utilities, petroleum refineries, oil pipelines, food processors, manufacturers and power companies all use SCADA systems to control and monitor operations. The vast majority of these industrial control systems have been in place for decades with few, if any, enhancements to effectively protect against today’s advanced threats. As a result, industrial control system vulnerabilities are currently a major concern.
Legacy SCADA systems can be secured using many of the same best practices that are used to protect the enterprise. This presentation provides an overview of SCADA threats as well as practical solutions for protecting industrial control systems.
Cyber security series administrative control breaches Jim Kaplan CIA CFE
This webinar series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
The series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk based IT audits.
Session 8 of 10
This Webinar focuses on Administrative Control Breaches
• Security Administration
• Purpose of Security Tools
• Examples of Security Tools
• Security Incident Manager (SIM)
• Problems with Security Administration
• Improving Administration
Revealing the 2016 State of IBM i SecurityHelpSystems
The 2016 State of IBM i Security Study reveals exclusive information about what tools and strategies organizations are using to secure IBM i—and where they’re leaving the platform vulnerable. Get a first look at the results here, and download the full report to learn more: bit.ly/1SoAuNs
IBM i is securable BUT not secured by default. To help protect your organization from the increasing security threats, you must take control of all access points to your IBM i server. You can limit IBM i security threats by routinely assessing your risks and taking control of logon security, powerful authorities, and system access.
With the right tools and process, you can assure comprehensive control of unauthorized access and can trace any activity, suspicious or otherwise, on your IBM i systems.
Watch this on-demand webcast to learn:
• How to secure network access and communication ports
• How to implement different authentication options and tradeoffs
• How to limit the number of privileged user accounts
• How Precisely’s Assure Security can help
PowerTech - Part-Time Privileges: Accountability for Powerful UsersHelpSystems
One of the greatest challenges in IBM i security is managing the powerful users charged with its care, especially in hard-to-audit environments like SQL.
Getting Started with IBM i Security: Securing PC AccessHelpSystems
This PowerPoint explains how to secure network access through PCs. Find out how well-known services like FTP and ODBC enable users to access sensitive data without oversight or restrictions. Exit programs and how you can use them to protect your organization are explained as well. Protect your system from unauthorized network access through readily available PC tools.
Many enterprises are implementing least privileges to add a solid layer of defense for desktop environments, further protecting against malware and Advanced Persistent Threats. Viewfinity provides enterprises with the solutions needed to manage and execute an end-to-end automated and non-disruptive move to a least privileges environment.
Viewfinity Privilege Management suite provides tighter, yet flexible control over the types of applications and desktop functions your distributed workforce are allowed to run through lockdown, application control and privilege management.
5 Things Your Security Administrator Should Tell YouHelpSystems
The IBM i operating system is lauded as one of the most secure available. Unfortunately, the truth is that many configurations result in shocking server vulnerabilities. If you have an interest in security or regulatory compliance, view this slideshow to learn about 5 important “secrets” that your administrator needs to be sharing with you.
Watch the on-demand webinar at HelpSystems.com.
http://www.helpsystems.com/powertech/events/recorded-webinars/5-things-your-administrator
Monitoring and Reporting on IBM i Compliance and SecurityPrecisely
Today’s world of complex regulatory requirements and evolving security threats requires you to find simple ways to monitor all IBM i system and database activity, identify security threats and compliance issues in real time, produce clear and concise reports, and maintain an audit trail to satisfy security officers and auditors.
IBM i log files and journals are rich sources of system and database activity. However, they are in their own proprietary format, and they are not easy to manually analyze for security events. View this webinar on-demand to learn more about:
• Key IBM i log files and static data sources that must be monitored
• Automating real-time analysis of log files to identify threats to system and data security
• Integrating IBM i security data into SIEM solutions for a clear view of security across multiple platforms
Lexcomply - ERM enables organizations to implement an Enterprise Risk management (ERM) & Internal Controls framework. Risk Manager captures information such as loss events, key risk indicators (KRIs), assessment responses and scenario analysis data in a flexible and connected way. Connecting the entire risk eco system including internal and external stakeholders, it allows Risk managers to analyse risk intelligence and communicate effectively.
In today’s world of evolving threats and complex regulatory requirements, you must be confident that your IBM i system and data is secure – but this isn’t a one-and-done process. You must continuously monitor all system and database activity, identify security threats and compliance issues in real-time, and report on outcomes. With the growth of SIEM solutions, such as Splunk or IBM QRadar, you’ll also likely need to send IBM i security data to these platforms to enable a complete 360-degree view across the enterprise.
The good news is that IBM i log files and journals are rich sources of security-related system and database activity – if you know what to look for, and how to make sense of it.
View this webinar on-demand to learn best practices for capturing, monitoring, and reporting IBM i security data with SIEM solutions. During this webinar, we discuss topics such as:
• Key IBM i data and sources that must be monitored
• Automating real-time analysis of log files to identify threats to system and data
security
• Integrating IBM i security data into SIEM solutions for a clear view of security
across multiple platforms
Viewfinity offers the following Privilege Management features:
• Elevate Privileges
• Policy Management
• Block Application/Whitelisting
• Activity Auditing
• Policy Auditing
• Support for FDCC, SOX, PCI Compliance and other desktop-level control procedures
One of the greatest challenges to securing any IBM i environment is protecting the system from the people charged with its care: programmers, administrators, and security officers. Even regular end users often carry more privileges than necessary.
Power users might need access to restricted objects and commands, but they rarely need that level of access 24 hours a day, and accountability is essential.
In this slide deck, IBM i security expert Robin Tatam first points out the vulnerabilities associated with powerful users. Then, explore an award-winning approach to regaining the control your auditors demand while allowing your administrators and programmers to do their jobs.
Included is a demonstration of tracking users in hard-to-audit environments such as SQL, QShell, DFU, SEU, and SST.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
10. CIS Top 20 Critical Security Controls
• What is a privileged Account?
11. CIS Top 20 Critical Security Controls
• Why are they Dangerous?
12. CIS Top 20 Critical Security Controls
• What can we do about it?
13. CIS Top 20 Critical Security Controls
How to Get Started
Step 1. Gap Assessment.
2. Implementation Roadmap
3. Implement the First Phase of Controls
4. Integrate Controls into Operations
5. Report and Manage Progress
14. CIS Top 20 Critical Security Controls
Develop Privileged User Access Management Does your Agency grant privileged user access (e.g. access that allows
the user to make mass changes such as system, network, database
admins)following a formal approval process involving an information
security officer / similar designated role?
Is the approval granted to individuals based on documented business
need and role requirements?
Does the Agency control, monitor and report privileged accounts
periodically?
Develop User Access Account Review Cycles Does your Agency conduct reviews of user accounts periodically to
ensure that:
➢ Access levels remain appropriate
➢ Terminated employees do not have active accounts
➢ Group accounts exist, if approved
➢ No duplicate user identifiers
If the Agency conducts period reviews, is there a defined schedule?
Does your Agency review information system accounts within every 180
days?
In addition, does your Agency require information system accounts be
to recertified annually?
15. CIS Top 20 Critical Security Controls
Implement Separation of Duties Does your Agency enforce separation of duties for access controls
through assigned access authorizations, some of which are noted
below?
➢ Audit function and information system access administration;
➢ Management of critical business and information systems;
➢ System testing and production;
➢ Independent entity for information system security testing.
Develop the process of Least Privilege Has your Agency implemented a process to:
a) Disable file system access not explicitly required
b) Provide minimal physical and system access to contractors
c) Require contractors’ access policy compliance
d) Grant role-based-access
e) Disable systems and removable media boot access unless
authorized by the CIO
If authorized, boot access must be password protected
16. CIS Top 20 Critical Security Controls
• Security Model Level - Basic
• Manual processes for managing privileged passwords, including spreadsheets, physical
safes
• Local administrator access on their machines
• Individual vulnerability patching, management, and inconsistent policies by application
• Lack of auditing and control over root and privileged accounts
• No session monitoring or recording of privileged use
• No singular, clear picture of threats or what to do about them
• Disorganized and chaotic directory services infrastructure, with multiple logons
required, and inconsistent policy
• No visibility over changes made to AD objects, configurations, or permissions;
• Always reacting
17. CIS Top 20 Critical Security Controls
• Progressing
• Some automation and some cycling of some privileged passwords
• 50% or fewer users with administrator credentials in the organization
• More automated scanning on vulnerable systems
• Common use of the root account, with some auditing of usage,
perhaps sudo
• Some session monitoring for compliance purposes, snapshotting
• Threat analytics mostly from SIEMs
• Few (but not one) logins to heterogeneous systems
• Some change auditing, but lacking recovery of unwanted changes
18. CIS Top 20 Critical Security Controls
• Advanced
• Automated password and session management of all shared accounts
• Rules-based least privilege implemented organization-wide, on all systems
• Automated scanning, patching, and reporting of vulnerable systems
• Full control and accountability over privileged users on any system,
eliminating root access or insufficient methods like sudo
• Automatic recording of keystrokes/video/over-the-shoulder activities
• Integrated threat analytics to improve decision-making
• Single sign on for heterogeneous systems leveraging familiar infrastructure
• Full auditing and recovery of changes across the environment; Ability to
proactively know and deliver what auditors are looking for
19. CIS Top 20 Critical Security Controls
• However, before you can start protecting
privileged user and application accounts, you
must first be able to find them, which can be
incredibly difficult.
20. CIS Top 20 Critical Security Controls
• CSC 5.1 Run automated Privileged Account scanning tools against all
systems on the network on a monthly basis
• CSC 5.1 Procedure: Scan entire network monthly for Privileged and
shared accounts
• The organization:
– IT department to run scan monthly
– IT department will review scan logs for completeness
– Metrics:
– IT department will report in new administrator level accounts
– The IT department will audit SIEM logs daily for authentication
successes and failures of administrative accounts
21. CIS Top 20 Critical Security Controls
• Step 1: Improve Accountability and Control
Over Privileged Passwords
22. CIS Top 20 Critical Security Controls
• Step 2: Implement Least Privilege, Application
Control for Windows & Mac Desktops
23. CIS Top 20 Critical Security Controls
• Step 3: Leverage Application-Level Risk to
Make Better Privilege Decisions
24. CIS Top 20 Critical Security Controls
• Step 4: Implement Least Privilege in Unix &
Linux Environments
25. CIS Top 20 Critical Security Controls
• Step 5: Unify Management, Policy, Reporting,
and Threat Analytics
26. CIS Top 20 Critical Security Controls
• Step 6: Integrate Unix, Linux, and Mac into
Windows
27. CIS Top 20 Critical Security Controls
• Step 7: Real-Time Change Auditing and
Recovery for Windows Environments
28. CIS Top 20 Critical Security Controls
5.1
Minimize administrative privileges and only use administrative accounts when they are required. Implement focused auditing on the use of
administrative privileged functions and monitor for anomalous behavior.
5.2
Use automated tools to inventory all administrative accounts and validate that each person with administrative privileges on desktops, laptops,
and servers is authorized by a senior executive.
5.3
Before deploying any new devices in a networked environment, change all default passwords for applications, operating systems, routers,
firewalls, wireless access points, and other systems to have values consistent with administration-level accounts.
5.4
Configure systems to issue a log entry and alert when an account is added to or removed from a domain administrators’ group, or when a new
local administrator account is added on a system.
5.5 Configure systems to issue a log entry and alert on any unsuccessful login to an administrative account.
5.6
Use multifactor authentication for all administrative access, including domain administrative access. Multi-factor authentication can include a
variety of techniques, to include the use of smart cards, certificates, One Time Password (OTP) tokens, biometrics, or other similar authentication
methods.
5.7 Where multi-factor authentication is not supported, user accounts shall be required to use long passwords on the system (longer than 14
characters).
5.8
Administrators should be required to access a system using a fully logged and non-administrative account. Then, once logged on to the machine
without administrative privileges, the administrator should transition to administrative privileges using tools such as Sudo on Linux/UNIX, RunAs
on Windows, and other similar facilities for other types of systems.
5.9
Administrators shall use a dedicated machine for all administrative tasks or tasks requiring elevated access. This machine shall be isolated from the
organization's primary network and not be allowed Internet access. This machine shall not be used for reading e-mail, composing documents, or
surfing the Internet.
29. CIS Top 20 Critical Security Controls
• AUTHOR NOTE! With the recent vulnerability disclosures of Kerberos Golden & Silver tickets, this section
is particularly important!
• 5-1 - Minimize administrative privileges and only use administrative accounts when they are required.
Implement focused auditing on the use of administrative privileged functions and monitor for anomalous
behavior.
• This is pretty standard in Linux. You crazy Windows users need to stop setting everyone as local admin. At
the VERY least, create a second account for them to use when needing to perform admin tasks, and
disable login from those account through group policy.
• RunAsSPC - While not an application whitelist, it can allow users to run applications which require
elevation
• Use your SIEM to monitor
• Commercial Tools
• PowerBroker - Powerful tool to escalate privileges and take care of pesky UNC. Solution for Windows and
Linux.
• PolicyPak - Integrates with Group Policy
• Centrify Server Suite - Windows and Linux application and Privilege control.
30. CIS Top 20 Critical Security Controls
• 5 -2 - Use automated tools to inventory all administrative accounts and validate
that each person with administrative privileges on desktops, laptops, and
servers is authorized by a senior executive.
• Windows security event log can be monitored to detect real-time changes to
the administrators group on workstations, servers, and privileged domain
security groups.
• SCCM
• Viewfinity by CyberArk
• PowerBroker by BeyondTrust
• Secret Server by Thycotic
• Centrify Privilege Account Suite
31. CIS Top 20 Critical Security Controls
• 5-3 - before deploying any new devices in a networked environment,
change all default passwords for applications, operating systems,
routers, firewalls, wireless access points, and other systems to have
values consistent with administration-level accounts.
• Rapid7 - Nexpose & IoT seeker
• Tenable –Nessus
• can scan for default accounts on many types of common systems
32. CIS Top 20 Critical Security Controls
• 5-4 - Configure systems to issue a log entry and alert when an account is
added to or removed from a domain administrators' group, or when a
new local administrator account is added on a system.
• Free Tools
• Netwrix - AD Change Reporter Free, One of the most simple setups I have
ever performed. But, you MUST read the user guide that comes with the
download file. There are some pre-requisites that must be met.
• Scripted - Alternative to using 3rd party software. Easy to follow guide.
• GPO - Only enables logging, you still need to alert
• Commercial Tools
• ADAuditPlus - ManageEngines real time monitor and alerting tool
• Netwrix also offers commercial versions of their free tool above.
33. CIS Top 20 Critical Security Controls
• 5-5 - Configure systems to issue a log entry and alert when unsuccessful login to an
administrative account is attempted.
• One consideration, you have more than just domain admin and local admin
accounts you should worry about. You have Schema Admins, Enterprise Admins,
SQL admins, Spiceworks admins, IIS Admins, Switch Admins... ANY admin account
on any device/application should be monitored.
• Free Tools
• If you enable logging on your domain controllers, the logging is taken care of. You
now need something that can report on these logs. SEIM comes to mind
• Splunk - There is a discussion on their community regarding this feature.
• Commercial Tools
The above listed tool has a commercial versions too
34. CIS Top 20 Critical Security Controls
• 5-6 - Use multifactor authentication for all administrative access, including
domain administrative access. Multi-factor authentication can include a
variety of techniques, to include the use of smart cards with certificates,
One Time Password (OTP) tokens, and biometrics.
• Free Tools
• FreeRADIUS - This is the poor-man's RSA token. But, it works.
• Authy - 2 factor authentication
• Commercial Tools
• Centrify
• Okta
• BeyondTrust
35. CIS Top 20 Critical Security Controls
• 5-7 - Configure all administrative passwords to be complex and contain
letters, numbers, and special characters intermixed, and with no dictionary
words present in the password. Pass phrases containing multiple dictionary
words, along with special characters, are acceptable if they are of a
reasonable length.***Where MFA is not used
• Tools
• While you’re at it, mitigate pass-the-hash attacks with the following tool:
• LAPS - Randomize each local admin account's password and store is
securely in Active Directory. Can be deployed through GPMC.
36. CIS Top 20 Critical Security Controls
• 5-8 - Block access to a machine (either remotely or locally) for administrator-
level accounts. Instead, administrators should be required to access a system
using a fully logged and non-administrative account. Then, once logged on to
the machine without administrative privileges, the administrator should
transition to administrative privileges using tools such as Sudo on Linux/UNIX,
RunAs on Windows, and other similar facilities for other types of systems.
• ****AUTHOR NOTE! You should also deny logons to your service accounts,
but grant them the "log on as a service" right in Group Policy.
• Tools
• GPO - Deny logons to specific groups/users
37. CIS Top 20 Critical Security Controls
• 5-9 - Administrators shall use a dedicated machine for all administrative
tasks or tasks requiring elevated access. This machine shall be isolated from
the organization's primary network and not be allowed Internet access. This
machine shall not be used for reading e-mail, composing documents, or
surfing the Internet.
• Tools
• Centrify Jumpbox
38. CIS Top 20 Critical Security Controls
• Note - Passwords should be hashed or encrypted in storage.
Passwords that are hashed should be salted and follow
guidance provided in NIST SP 800-132 or similar guidance. Files
containing these encrypted or hashed passwords required for
systems to authenticate users should be readable only with
super-user privileges.
• You can monitor these files, and access attempts with a good
HIDS (CSC 5-2).
39. CIS Top 20 Critical Security Controls
Top privileged password management tool capabilities to look for:
1. Full network scanning, discovery, and profiling with auto-onboarding
2. Builds permission sets dynamically according to data from scans
3. Automatically rotates SSH keys and cycles passwords according to a defined schedule
4. Provides granular access control, workflow, and auditing
5. Workflow-based and break glass options for requesting access
6. Password and session management integrated within the same solution – no
requirement for two different interfaces, or to be charged separately for each
7. Leverages an integrated data warehouse and threat analytics across the privilege
landscape
8. Flexible deployment options: hardware appliances, virtual appliances, or software
40. CIS Top 20 Critical Security Controls• A few general best practices to consider as well
– Remove local admin accounts
– Enforcing context-aware multifactor authentication
– Consolidating identity stores into a single directory
– Implementing single sign-on
– Conducting periodic access review for administrative and privileged users
– Limiting access for remote identities to just the applications or systems they immediately require
– Governing access through time-bound and temporary privileged access
– Automating role-based provisioning and deprovisioning to apps and infrastructure
– Automating mobile app provisioning and deprovisioning
– Automatically deprovisioning privileged users’ access rights in high-risk environments when they terminate
– Implementing least-privilege access for administrators
– Centrally controlling access to shared and service accounts
– Eliminating shared administrative accounts
– Managing privileged access at the granular command or app level
– Actively monitoring all privileged sessions and commands
– Recording all privileged sessions and commands
41. CIS Top 20 Critical Security Controls
• Center for Internet Security (CIS): https://www.cisecurity.org/
• NIST Cyber Security Framework (CSF): http://www.nist.gov/cyberframework/
• CIS Critical Security Controls (CSC):
https://www.cisecurity.org/critical-controls.cfm
• Auditscripts resources (provided by James Tarala, CSC Editor):
https://www.auditscripts.com/free-resources/critical-security-controls/
• STIG https://iase.disa.mil/stigs/Pages/index.aspx
42. CIS Top 20 Critical Security Controls
• SynerComm’s IT Summit
• April 9-10th
• Lambeau Field, Green Bay, WI
• Validate Your IT Strategy
• FREE!!
• Register: www.events.synercomm.com
43. CIS Top 20 Critical Security Controls
Thank you for Attending.
Hope you can join us for the Complete CIS Top 20 CSC
Tuesday April 3rd
CIC CSC #6
Maintenance, Monitoring, and Analysis of Audit Logs