Top 5 Information Security Lessons Learned from Transitioning to the Cloud

Speakers from Forcepoint and IDC discuss the top 5 information security lessons learned from transitioning to the cloud

© IDC 2
Today’s Panelists
Nicolas Fischbach
CTO,
Forcepoint
Carla Arend
Senior Program Director - Cloud,
IDC
Arun Singh
Director of Security Customer
Engagements,
Salesforce

Poll Question 1:
© IDC 3
0 5 10 15 20 25 30 35 40 45
Other
Different security domains
Different information exposed through APIs
Different sign-in frameworks
Different onboarding mechanisms
Which area of multi-cloud management
presents you with the greatest challenge?

Multi-cloud adoption:
Exposing challenges for security
architectures
© IDC 4

Current Cloud Adoption
44% 34%
IaaS
30%
PaaS
39%
SaaS
56%
Private Public
37% have a multi cloud strategy
© IDC 5

Security: Cloud Inhibitor or Cloud Enabler?
Security concerns
still rank as number
1 reason for not
using cloud services
• 52% of
organizations
Improved
Security seen as
benefit of using
cloud services
• 36% of
organizations
© IDC 6

GDPR implications with a cloud-
first strategy
© IDC 7

GDPR: Driver or Inhibitor of Cloud Adoption?
It is inhibiting our
adoption of cloud
services — we will use
fewer cloud services
and/or delay adoption
of new cloud services
52%
It is driving our
adoption of cloud
services — we will use
more cloud services
and/or will accelerate
our adoption of new
cloud services
48%
© IDC 8

Effect of GDPR on Cloud Service Usage
It will stop us using the
cloud altogether
0%
Move to in-
country cloud
Move to in-region (Europe-based)
but not in-country cloud
datacenters
5%
Move to in-country cloud
datacenters
6%
We don't use cloud
services
14%
Move to in-region
(Europe-based) cloud
providers
18%
No impact — we'll carry
on using cloud services
54%
© IDC 9
Move to in-country
cloud providers 3%

Cloud application visibility and
control are key
© IDC 10

How organizations plan to secure data in the
cloud for compliance
0% 5% 10% 15% 20% 25% 30% 35% 40%
Have our data managed and accessible only by a
provider with local storage and processing facilities
Use only cloud services providers that are ISO 27018
certified
Use a sovereign/national cloud infrastructure, such as
the Microsoft and T-Systems trustee model
Use a cloud security gateway solution to ensure secure
access to cloud services
Use only cloud service providers with GDPR and security
certifications
Encrypt our data and locally manage the keys
© IDC 11

Poll Question 2:
© IDC 12
0 5 10 15 20 25 30 35 40
I don’t know
No
It depends
Yes, but only with EU member states and the US
Yes, but only with EU member states
Yes, any peace-loving state with ISO/IEC 27001,
ISO/IEC 27018 and CSA STAR cloud security…
Would you mind if your digital medical records were processed and stored
in the cloud on servers located outside the country in which you live?

Data management and DLP in the
Cloud
© IDC 13

Top Cloud Security Concerns
50.0% 52.0% 54.0% 56.0% 58.0% 60.0% 62.0% 64.0%
Data residency (i.e. where the data is stored)
Compliance management for the cloud (e.g. data
privacy)
Other cloud security concern
Availability of the cloud services (i.e. relating to back-up
and recovery)
Identity and access management for the cloud (i.e.
concerns over who has access to the data)
Data loss or leakage of data from the cloud
© IDC 14

How to leverage User and Entity
Behaviour Analytics (UEBA) for
protection in the cloud
© IDC 15

© IDC 16
Thank You!
Nicolas Fischbach
CTO,
Forcepoint
Carla Arend
Senior Program Director - Cloud,
IDC
Arun Singh
Director of Security Customer
Engagements,
Salesforce

 Read the eBook ‘All Clouds are not Equal’
https://www.forcepoint.com/resources/ebooks/all-clouds-are-
not-equal
 Register for a Free Cloud Threat Assessment Report
https://www.forcepoint.com/cloud-threat-assessment
 EMEA Webcast: Maximize your O365 investment with Forcepoint
Wed, March 14: 10.00 GMT | 11.00 CET | 15.30 IST
https://go.forcepoint.com/EMEAO365WebinarRegistration.html
Suggested Follow-up Activities
© IDC 17

How can we verify identity using unstructured data from a user device? While biometrics like fingerprinting and facial recognition are often used for authentication, research around natural language processing has found people's use of language as uniquely identifying. In this session, we will discuss multiple facets of language modeling: • Efficacy on different kinds of unstructured text within a corporate network • As a technique to detect anomalous user activity, compromised accounts, and stolen credentials • As an integral part of a cybersecurity program in addition to UEBA and risk-adaptive protection

Forcepoint Dynamic Data Protection

MarketingArrowECS_CZ

Cloud has changed the way we use computing and can yield significant economic, collaborative and efficiency benefits. But with this increased adoption, at both the personal & business level, comes increased exposure to potential risks, threats and attacks. This talk will introduce the fundamentals of cloud security, how cloud service and deployment models influence security, and practices that we can all undertake for threat and risk protection.

Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...

Protecting Your Data In Office 365

Office 365 revolutionized how employees work and collaborate by embracing the power of the software-as-a-service (SaaS) model. While the easy deployment and broad access of Office 365 makes it invaluable to business productivity, a SaaS model adds increased risk of malicious or accidental leakage of business-critical data. In this webinar Protect Your Data in Office365 you will learn to: Understand how Office 365 is being used by your users Identify sensitive content (like payment information, healthcare records, source code, or other types of data) being shared Uncover risky or anomalous behavior by rogue insiders Automate protection against Office 365 data breaches, minimize false positives, and eliminate the constant retuning of data classification policies. Watch the on-demand webcast at https://www.elastica.net/protect-your-data-in-office365/

Ciso Platform Webcast: Shadow Data ExposedElastica Inc.

Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...

Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)

As organizations transition from on-premise data storage and device-centric security to the cloud, the need for a data-centric solution becomes critical. Enterprises need to protect data in the cloud, at access, on the network, and across all devices. While cloud app vendors now offer robust functionality, they lack the level of granular control and deep visibility many organizations need, either for compliance purposes or simply to enable an increasingly mobile workforce. Join Bitglass and CSA to learn how Cloud Access Security Brokers can protect data in the cloud by providing comprehensive security and real-time data protection. In this webinar, you will learn how CASBs leverage APIs and proxies to control data on both managed and unmanaged devices, enabling secure SaaS and BYOD.

Reasoning About Enterprise Application Security in a Cloudy World

Symantec Webinar | Tips for Successful CASB Projects

June 2016 EMEA Netskope Cloud Report

In this Netskope Cloud Report™, we’ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform™. Report findings are based on usage seen across millions of users in hundreds of accounts globally, and represent usage trends from January 1 through March 31, 2016. Report highlights: - Three-quarters of cloud apps in use lack key capabilities to comply with the upcoming European Union General Data Protection Regulation. - Malware continues its rise in enterprise clouds, with an average of 11.0 percent of enterprises detecting malware in their sanctioned apps. - 26.2 percent of malware files discovered in sanctioned apps are shared with internal or external users or publicly. - Enterprises have an average of 777 cloud apps in use, a slight rise from 769 last quarter. The Microsoft Office 365 suite continues to lead the pack in top-used business productivity apps, with Office 365 Outlook.com, OneDrive for Business, SharePoint, Yammer, and Lync in the number 2, 3, 12, 19, and 20 spots, respectively. - Cloud Storage apps dominate cloud DLP violations, with 73.6 percent of the total.

CASB Cases: How Your Peers are Securing the Cloud

5 Highest-Impact CASB Use Cases

Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations. This presentation covers the top five CASB use cases that have the highest impact on cloud-consuming enterprises.

Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention

IBM Security

View on demand webinar: https://securityintelligence.com/events/introducing-ibm-cloud-security-enforcer-casb-idaas-and-threat-prevention/ Cloud Security Enforcer is the first solution to combine Cloud Access Security Broker (CASB) functionality with identity services (IDaaS), policy enforcement and dynamic threat prevention intelligence into a single integrated SaaS solution. Join Daniel Wolff, Program Director Cloud Security Product Management, and Gonzalo de la Hoz, IAM European Segment Leader, as we discuss how IBM Cloud Security Enforcer has integrated multiple technologies crucial to enabling safe adoption of cloud applications in the enterprise: - Cloud application discovery and risk - Cloud identity services and application on-boarding - Closing the mobile device gap - Policy enforcement and threat prevention

CASBs and Office 365: The Security Menace

Office 365 and other SaaS apps offer a number of advantages over premises-based apps, from easy access and deployment to lower costs. A key advantage of SaaS apps is IT's ability to shift the burden for app and infrastructure security to the cloud vendor while data security remains the responsibility of the enterprise. Migrating to Office 365 introduces several new avenues for data leakage: one-click sharing, desktop sync clients, unmanaged device access, and many more. Bitglass and (ISC)2 presents Episode 2 of our CASB Wars webinar trilogy where we explore the security gaps in Office 365 and how a Cloud Access Security Broker (CASB) can help mitigate the threat of data leakage across all SaaS apps. Using real-world use cases, see where native Office 365 security falls short and how a CASB can protect data end-to-end, from cloud to device.

June 2016 Worldwide Netskope Cloud Report

In this Netskope Cloud Report™, we’ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform™. Report findings are based on usage seen across millions of users in hundreds of accounts globally, and represent usage trends from January 1 through March 31, 2016. Report highlights: - Three-quarters of cloud apps in use lack key capabilities to comply with the upcoming European Union General Data Protection Regulation. - Malware continues its rise in enterprise clouds, with an average of 11.0 percent of enterprises detecting malware in their sanctioned apps. - 26.2 percent of malware files discovered in sanctioned apps are shared with internal or external users or publicly. - Enterprises have an average of 935 cloud apps in use, a slight rise from 917 last quarter. The Microsoft Office 365 suite continues to lead the pack in top-used business productivity apps, with Office 365 Outlook.com, OneDrive for Business, SharePoint, Yammer, and Lync in the number 2, 3, 12, 19, and 20 spots, respectively. - Cloud Storage apps dominate cloud DLP violations, with 73.6 percent of the total.

Shadow Data Exposed

Elastica conducted an exhaustive analysis of over 100 million customer files in order to better understand how employees use (and occasionally abuse) file sharing apps. This data has been anonymized and aggregated and, for the first time ever, sheds some much-needed light on typical file sharing behaviors, the nature of the data being shared, including unmanaged “shadow data”, and the possible consequences of file sharing data breaches for organizations like yours. This slideshare, “Shadow Data Exposed”, delves deeply into this research data to help you unlock the business potential of cloud sharing apps and uncover and manage the “Shadow Data” stored in them, while ensuring these apps are used safely and in compliance with your corporate policy. You will learn: • Why traditional security technologies like DLP, firewalls, endpoint solutions and antivirus are ineffective in the brave new world of file sharing apps. • How to spot 7 risks of managing file sharing apps, as revealed by Elastica’s big security data research. • How to build an effective cloud app security architecture that provides visibility, control and remediation.

How to Extend Security and Compliance Within Box

African Cyber Security Summit

Choosing an enterprise-class file sharing service such as Box is a great first step in safely migrating to the cloud. However even with the most robust service, enterprise organizations are still responsible for how their users take advantage of the service, what sensitive content they upload and share, and potential damage due to compromised user credentials. In this on-demand webcast Eric Andrews, Elastica VP of Marketing, will discuss: • What base level security Box provides • Best practices in identifying sensitive, shared content that may violate compliance policies (PCI, PHI, PII, etc.) • Best practices in using data science to uncover risky or anomalous behavior

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report

Iftikhar Ali Iqbal

This document is a sample report on the POC (proof of concept) document of MVISION Cloud (MVC), McAfee's Cloud Access Security Broker (CASB) solution - formerly Skyhigh Networks. It includes the following: - MVISION Cloud (MVC) Overview - MVISION Cloud (MVC) Architecture - MVISION Cloud (MVC) for Shadow IT -- Observations and Recommendations - MVISION Cloud (MVC) for Sanctioned SaaS -- Observations and Recommendations - MVISION Cloud (MVC) for Sanctioned IaaS -- Observations and Recommendations - End User Experience - Administrator Experience Goes well with the MVC POC document uploaded. Please note all the information is based prior to July 2019.

Atelier Technique - Symantec - #ACSS2019

Séduites par une vaste gamme d'applications de productivité, réunies sur une même plate-forme, de nombreuses entreprises s’intéressent à Office 365. Mais celles qui franchissent le pas se rendent compte que les enjeux de sécurité du cloud ne sont pas aussi simples à résoudre qu’elles le pensaient. La plate-forme Office 365 réunit des outils de communication, de création de contenu et de partage au sein d’un environnement cloud ouvert à tous les utilisateurs et compatibles avec tous les appareils. Cette plate-forme unique concentre ainsi tous les enjeux de sécurité auxquelles l’entreprise doit faire face. Il est donc impératif de bien réfléchir à cette question. Retrouvez nous pour ce workshop pour en savoir plus sur les implications de sécurité et les éléments clés à prendre en considération pour toute entreprise ayant adopté ou prévoyant de passer à Office 365. Abderezak OUARET - Business Development Manager North Africa - SYMENTEC

Cloud Security: A New Perspective

Wen-Pai Lu

Preventing Data Cloud Breaches with Zero Trust

Sara Goodison

Large profile data breaches have become a part of our daily reality. Shouldn't the move to the data cloud make organizations more secure? Turns out, making sense of the who, what, where, and how of data use is only getting more complex. Join us to learn about how to protect your data with Zero Trust Architecture. We'll cover the common security mistakes organizations make in the data cloud, and the tactics that attackers use to take advantage of them. By the end of the session, you'll learn new approaches that help your security or DevOps teams observe, control, and protect data.

What's hot

CASB — Your new best friend for safe cloud adoption?

Digital Transformation EXPO Event Series

Stop Hackers with Integrated CASB & IDaaS Security

OneLogin

Introduction to Cloud Security

Susanne Tedrick

Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...

Protecting Your Data In Office 365

Ciso Platform Webcast: Shadow Data ExposedElastica Inc.

Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...

Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)

Reasoning About Enterprise Application Security in a Cloudy World

Symantec Webinar | Tips for Successful CASB Projects

June 2016 EMEA Netskope Cloud Report

CASB Cases: How Your Peers are Securing the Cloud

5 Highest-Impact CASB Use Cases

Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention

IBM Security

CASBs and Office 365: The Security Menace

June 2016 Worldwide Netskope Cloud Report

In this Netskope Cloud Report™, we’ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform™. Report findings are based on usage seen across millions of users in hundreds of accounts globally, and represent usage trends from January 1 through March 31, 2016. Report highlights: - Three-quarters of cloud apps in use lack key capabilities to comply with the upcoming European Union General Data Protection Regulation. - Malware continues its rise in enterprise clouds, with an average of 11.0 percent of enterprises detecting malware in their sanctioned apps. - 26.2 percent of malware files discovered in sanctioned apps are shared with internal or external users or publicly. - Enterprises have an average of 935 cloud apps in use, a slight rise from 917 last quarter. The Microsoft Office 365 suite continues to lead the pack in top-used business productivity apps, with Office 365 Outlook.com, OneDrive for Business, SharePoint, Yammer, and Lync in the number 2, 3, 12, 19, and 20 spots, respectively. - Cloud Storage apps dominate cloud DLP violations, with 73.6 percent of the total.

Shadow Data Exposed

How to Extend Security and Compliance Within Box

African Cyber Security Summit

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report

Iftikhar Ali Iqbal

Atelier Technique - Symantec - #ACSS2019

What's hot (20)

CASB — Your new best friend for safe cloud adoption?

Stop Hackers with Integrated CASB & IDaaS Security

Introduction to Cloud Security

Symantec Webinar | Implementing a Zero Trust Framework to Secure Modern Workf...

Protecting Your Data In Office 365

Ciso Platform Webcast: Shadow Data Exposed

Symantec - The Importance of Building Your Zero Trust Program on a Solid Plat...

Beyond the Firewall: Securing the cloud with a CASB (in partnership with CSA)

Reasoning About Enterprise Application Security in a Cloudy World

Symantec Webinar | Tips for Successful CASB Projects

June 2016 EMEA Netskope Cloud Report

CASB Cases: How Your Peers are Securing the Cloud

5 Highest-Impact CASB Use Cases

Introducing IBM Cloud Security Enforcer, CASB, IDaaS and Threat Prevention

CASBs and Office 365: The Security Menace

June 2016 Worldwide Netskope Cloud Report

Shadow Data Exposed

How to Extend Security and Compliance Within Box

McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB) - POC Report

Atelier Technique - Symantec - #ACSS2019

Similar to Top 5 Information Security Lessons Learned from Transitioning to the Cloud

Cloud Security: A New Perspective

Wen-Pai Lu

Preventing Data Cloud Breaches with Zero Trust

Sara Goodison

Automation alley day in the cloud presentation - formattedMatthew Moldvan

Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...

SLA-Ready Network

One of the major challenges to wider uptake of cloud services is lack of clarity about customer risks. Arthur van der Wees from Arthur's Legal explains why we need to create comfort and trust in the cloud, with greater standardisation and transparency so organisations can make an informed decision on what services to use, what to expect and what to trust. The cloud service level agreement is a key interface between the provider and customer but there are complexities all the way through it, from assessing it, to negotiation and contracting, execution and operation to termination and consequences of termination. Arthur explains the purpose and value of service level objectives and gives insights into the current maturity level of cloud service providers.

Cloud is not an option, but is security?

Jody Keyser

A "cloudless" computing environment in your enterprise is not an option, due to the coming wave of the Cloud. Cloud Security is an option of course. Spend an hour with one of the industries top cloud security consultants, Graham Silver. Webinar / Discussion / Q&A AGENDA: - Common understanding of Cloud - Look at Cloud Computing Trends - Examine Cloud Security Concerns - Introduce Cloud Life Cycle - Cloud Security Assessment

Cloud computing security issues and challenges

Kresimir Popovic

In the last few years, cloud computing has grown from being a promising business concept to one of the fastest growing segments of the IT industry. Now, recession-hit companies are increasingly realizing that simply by tapping into the cloud they can gain fast access to best-of-breed business applications or drastically boost their infrastructure resources, all at negligible cost. But as more and more information on individuals and companies is placed in the cloud, concerns are beginning to grow about just how safe an environment it is. This paper discusses security issues, requirements and challenges that cloud service providers (CSP) face during cloud engineering. Recommended security standards and management models to address these are suggested for technical and business community.

Information security group presentation ppt

vaishalshah01

Business with Cloud Computing

IMC Institute

Information security group presentation

vaishalshah01

Security, Compliance and Cloud - Jelecos

Erin_Jelecos

5787355.ppt

ahmad21315

Trusted Cloud

Microsoft

Cloud Computing markedet er præget af både mange myter og mange forskellige definitioner – i sessionen gives et indblik i de overordnede elementer set fra Microsofts vinkel. Hvordan håndterer Microsoft cyberkriminalitet, beskyttelse af privacy, overholdelse af gældende lovgivning, internationale standarder etc. Der gives også gode råd om, hvad man bør overveje i sin vurdering af hvad Cloud evt kan hjælpe virksomheden med og ikke mindst hvordan man i mange tilfælde kan opnå et markant højere sikkerhedsniveau gennem implementeringen af rene eller hybride cloud løsninger.

Nuovi modelli di sicurezza IT: le trasformazioni degli Innovation Accelerators

IDC Italy

Cloud data governance, risk management and compliance ny metro joint cyber...

Ulf Mattsson

The rapid rise of cloud data storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned. In this session Protegrity CTO and data security thought leader Ulf Mattsson will focus on practical advice on what to look for in cloud service providers and a review of the technologies and architectures available to protect sensitive data in the cloud, both on- and off-site. Through real life use cases, Ulf will discuss solutions to some of the most common issues of data governance, usability, compliance and security in the cloud environment.

Risk management for cloud computing hb final

Christophe Monnier

Oracle here. now. your choice.

CIOEastAfrica

Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...Miriade Spa

Security in Cloud Computing

Ashish Patel

Idge dell private cloud2014 qp #1

jmariani14

Technology Megatrends Reshaping IT: What’s Your Migration Path

Fadi Semaan

Similar to Top 5 Information Security Lessons Learned from Transitioning to the Cloud (20)

Cloud Security: A New Perspective

Preventing Data Cloud Breaches with Zero Trust

Automation alley day in the cloud presentation - formatted

Arthur van der Wees, Arthur's Legal on Making Cloud SLAs readily usable in th...

Cloud is not an option, but is security?

Cloud computing security issues and challenges

Information security group presentation ppt

Business with Cloud Computing

Information security group presentation

Security, Compliance and Cloud - Jelecos

5787355.ppt

Trusted Cloud

Nuovi modelli di sicurezza IT: le trasformazioni degli Innovation Accelerators

Cloud data governance, risk management and compliance ny metro joint cyber...

Risk management for cloud computing hb final

Oracle here. now. your choice.

Aerohive Networks e ZScaler, le soluzioni tecnologiche per il nuovo ecosistem...

Security in Cloud Computing

Idge dell private cloud2014 qp #1

Technology Megatrends Reshaping IT: What’s Your Migration Path

More from Forcepoint LLC

Rethinking the concept of trust (DoDIIS 2019 presentation)

Sparking Curiosity to Change Security Behaviors

In this presentation Dr. Margaret Cunningham, Principal Research Scientist, Forcepoint X-Labs, explores the topic of curiosity in cybersecurity. Curiosity is a powerful catalyst for behavioral changes, but for the most part, curiosity has been used to exploit users rather than to motivate positive security behaviors. This session explores the science of curiosity, provides examples of how curiosity increases security risks, and discusses strategies for using curiosity to increase engagement and positive security behaviors. Through this session attendees can apply strategies learned for motivating positive security behaviors as a means to mitigate risk and decrease alert fatigue within an organization. Presented at Black Hat USA 2019 on Wednesday August 7, 2019. Related blog: https://www.forcepoint.com/blog/x-labs/sparking-curiosity-change-security-behaviors-bhusa-2019-slides-and-summary

Understanding the "Intelligence" in AI

In this presentation Raffael Marty, VP of Research of Intelligence, Forcepoint X-Labs, explores the topic of Artificial Intelligence (AI) in cyber security. What is AI and how do we get to real intelligence in a cyber context? Raffael outlines some of the dangers of the way we are using algorithms (AI, Machine Learning) today and what that leads to. We then explore how we can add real intelligence through export knowledge to the problem of finding attackers and anomalies in our applications and networks. Presented at AI 4 Cybersecurity in NYC on April 30, 2019

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Informat...

Wishful thinking won’t protect your data and systems. Without understanding two key psychological constructs, motivated reasoning and decision fatigue, people will continue to put their trust in software alone to keep their systems safe – and then shift responsibility for adverse events onto end users. For example, those impacted by motivated reasoning will reuse passwords without believing it might actually have an impact. People who experience decision fatigue avoid decisions or choose the least effortful action. However, there are steps organisations and individuals can take to recognise and cope with these parts of human nature – are you prepared?

AI and ML in Cybersecurity

Every single security company is talking about how they are using machine learning—as a security company you have to claim artificial intelligence to be even part of the conversation. However, this approach can be dangerous when we blindly rely on algorithms to do the right thing. Rather than building systems with actual security knowledge, companies are using algorithms that nobody understands and, in turn, discovering wrong insights. In this session, we will discuss: • Limitations of machine learning and issues of explainability • Where deep learning should never be applied • Examples of how the blind application of algorithms can lead to wrong results

One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...

This 20 minute talk was delivered by Forcepoint Principal Security Analyst Carl Leonard at Infosecurity Europe 2018. Delivered to the Strategy track this talk provides a review of the macro trends affecting businesses today, reviews root cause of standout data breaches, highlights the security risk presented by employees, and offers guidance on how to protect your business from specific root causes.

Addressing Future Risks and Legal Challenges of Insider Threats

A Predictive “Precrime” Approach Requires a Human Focus

In Philip K. Dick’s 1956 “The Minority Report,” murder ceased to occur due to the work of the “Precrime Division,” that anticipated and prevented killings before they happened. Today, we are only beginning to see the impact of predictive analytics upon cybersecurity – especially for insider threat detection and prevention. Based on user interaction with data, CISOs and their teams emerge as the IT equivalent of a Precrime Division, empowered to intervene before a violation is ever committed. Discover the technologies which make predictive analytics valuable, along with ethically minded guidance to strike the balance between vigilance and privacy.

Cyber Convergence, Warfare and You

A pirate used to have to show up on your shores, now they can stay on the other side of the world and still be a pirate. They are the mercenaries of the modern day – hackers who carry out crippling cyberattacks for personal gain, for political motivations, or perhaps on behalf of foreign governments, wittingly or unwittingly. The complexity of the problem also means there’s no simple answer for the global community. Mr. Daly looked at how we arrived at this convergence of actors and discussed efforts to get countries cooperating more effectively to prevent international cybercrime and bound cyber warfare.

Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)

The DoD Mission Partner Environment (MPE) enables Command and Control (C2) for operational support planning and execution – residing on a shared network infrastructure at a single security level with a common language. Rory Kinney, OSD DoD CIO, shared his perspectives on how an MPE capability allows Mission Partners (MPs) to share information with all participants within a specific partnership or coalition and the role MPE-IS plays in securing the global mission.

Security Insights for Mission-Critical Networks

Maintaining Visibility and Control as Workers and Apps Scatter

Balancing productivity and security has been an age old challenge for IT. Nowadays, tight budgets and a shortage of skilled security personnel are further complicating the security equation at a time when mobile workers and cloud applications require effective defenses beyond traditional perimeters. Fortunately, there are new perspectives and best practices to help Government IT security leaders secure systems and users everywhere, with the same level of mission-critical protection that Federal networks require.

Embracing the Millennial Tsunami

Shift the Burden

Many organizations are struggling to combat advanced threats, focusing on what they should be doing to prevent these threats vs. creating a strategy to shift the burden. Josh Douglas, Chief Strategy Officer at Raytheon Foreground Security, talked about why shifting the burden matters in order to reduce dwell time and how you can make that happen by investing in user awareness training, assessments, incident response and threat hunting.

Revolutionary, Not Evolutionary

Guy Filippelli, CEO of RedOwl, shared observations and principles honed from experiences leading software teams in Afghanistan and Baghdad, and how such insights ought to be applied to increasingly complex data challenges in security analytics, with a particular focus on insider risk. Guy shared his views on topics such as the importance of vision, the criticality of diverse data, the empowerment of the analyst, and the role of analytics.

Cybersecurity and the Human Psyche

Theresa Payton discusses how security is fundamentally broken, because we're not focused on the human point. As employees, people want to have mobile experiences the same way they do as consumers. Workforces need the right tools to do their job, but ensure they're protected from the threats that come from mobile technology. It's time we embrace these technologies and empower our teams to make good choices as they interact with data.

The Human Point

An Inside-Out Approach to Security in Financial Services

Cloudy with a Chance of...Visibility, Accountability & Security

Cloud adoption is driving value into businesses like never before. Trying to manage security and compliance in the use of cloud platforms and applications can be challenging, with visibility being "cloudy" at best. That situation can drive stress and frustration into already overworked security teams. In this session Doug Copley will explain how the latest cloud security platforms can be the foglight to improve visibility and information risk management while enabling organizations to safely adopt those transformative technologies that will advance the mission of the organization.

More from Forcepoint LLC (19)

Rethinking the concept of trust (DoDIIS 2019 presentation)

Sparking Curiosity to Change Security Behaviors

Understanding the "Intelligence" in AI

Weary Warriors: Reducing the Impact of Wishful Thinking & Fatigue on Informat...

AI and ML in Cybersecurity

One Year After WannaCry - Has Anything Changed? A Root Cause Analysis of Data...

Addressing Future Risks and Legal Challenges of Insider Threats

A Predictive “Precrime” Approach Requires a Human Focus

Cyber Convergence, Warfare and You

Securing the Global Mission: Enabling Effective Information Sharing (DoD MPE-IS)

Security Insights for Mission-Critical Networks

Maintaining Visibility and Control as Workers and Apps Scatter

Embracing the Millennial Tsunami

Shift the Burden

Revolutionary, Not Evolutionary

Cybersecurity and the Human Psyche

The Human Point

An Inside-Out Approach to Security in Financial Services

Cloudy with a Chance of...Visibility, Accountability & Security

Recently uploaded

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

FIDO Alliance Osaka Seminar: Overview.pdf

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Neuro-symbolic is not enough, we need neuro-*semantic*

Frank van Harmelen

Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”. All of this illustrated with link prediction over knowledge graphs, but the argument is general.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Search and Society: Reimagining Information Access for Radical Futures

Bhaskar Mitra

The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf