Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise.
Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence.
This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.
This is Part 4 of the GoldenGate series on Data Mesh - a series of webinars helping customers understand how to move off of old-fashioned monolithic data integration architecture and get ready for more agile, cost-effective, event-driven solutions. The Data Mesh is a kind of Data Fabric that emphasizes business-led data products running on event-driven streaming architectures, serverless, and microservices based platforms. These emerging solutions are essential for enterprises that run data-driven services on multi-cloud, multi-vendor ecosystems.
Join this session to get a fresh look at Data Mesh; we'll start with core architecture principles (vendor agnostic) and transition into detailed examples of how Oracle's GoldenGate platform is providing capabilities today. We will discuss essential technical characteristics of a Data Mesh solution, and the benefits that business owners can expect by moving IT in this direction. For more background on Data Mesh, Part 1, 2, and 3 are on the GoldenGate YouTube channel: https://www.youtube.com/playlist?list=PLbqmhpwYrlZJ-583p3KQGDAd6038i1ywe
Webinar Speaker: Jeff Pollock, VP Product (https://www.linkedin.com/in/jtpollock/)
Mr. Pollock is an expert technology leader for data platforms, big data, data integration and governance. Jeff has been CTO at California startups and a senior exec at Fortune 100 tech vendors. He is currently Oracle VP of Products and Cloud Services for Data Replication, Streaming Data and Database Migrations. While at IBM, he was head of all Information Integration, Replication and Governance products, and previously Jeff was an independent architect for US Defense Department, VP of Technology at Cerebra and CTO of Modulant – he has been engineering artificial intelligence based data platforms since 2001. As a business consultant, Mr. Pollock was a Head Architect at Ernst & Young’s Center for Technology Enablement. Jeff is also the author of “Semantic Web for Dummies” and "Adaptive Information,” a frequent keynote at industry conferences, author for books and industry journals, formerly a contributing member of W3C and OASIS, and an engineering instructor with UC Berkeley’s Extension for object-oriented systems, software development process and enterprise architecture.
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
Senior Director of Business Development, Matt Cowell's, S4x20 presentation details how to build an effective OT security operations center and the tools and skills needed.
Learn about the organizational and architectural strategies needed to make self-service analytics successful. Self-service is more about process and training instead of only focusing on tools.
Download this research to read about self-service architecture in detail:https://www.eckerson.com/articles/a-reference-architecture-for-self-service-analytics
If you need help with self-service analytics, data architecture or data management, contact us on the following link: https://www.eckerson.com/consulting
Recently, NTT published the Global Threat Intelligence Report 2016 (GTIR). This year’s report focused both on the changes in threat trends and on how security organizations around the world can use the kill chain to help defend the enterprise.
Turning threat intelligence data from multiple sources into actionable, contextual information is a challenge faced by many organizations today. The Global Threat Intelligence Platform provides increased efficiency, reduces risks and focuses on global coverage with accurate and up-to-date threat intelligence.
This presentation was given at Carnegie Mellon University by Kenji Takahashi, VP of Product Management, Security at NTT Innovation Institute.
This is Part 4 of the GoldenGate series on Data Mesh - a series of webinars helping customers understand how to move off of old-fashioned monolithic data integration architecture and get ready for more agile, cost-effective, event-driven solutions. The Data Mesh is a kind of Data Fabric that emphasizes business-led data products running on event-driven streaming architectures, serverless, and microservices based platforms. These emerging solutions are essential for enterprises that run data-driven services on multi-cloud, multi-vendor ecosystems.
Join this session to get a fresh look at Data Mesh; we'll start with core architecture principles (vendor agnostic) and transition into detailed examples of how Oracle's GoldenGate platform is providing capabilities today. We will discuss essential technical characteristics of a Data Mesh solution, and the benefits that business owners can expect by moving IT in this direction. For more background on Data Mesh, Part 1, 2, and 3 are on the GoldenGate YouTube channel: https://www.youtube.com/playlist?list=PLbqmhpwYrlZJ-583p3KQGDAd6038i1ywe
Webinar Speaker: Jeff Pollock, VP Product (https://www.linkedin.com/in/jtpollock/)
Mr. Pollock is an expert technology leader for data platforms, big data, data integration and governance. Jeff has been CTO at California startups and a senior exec at Fortune 100 tech vendors. He is currently Oracle VP of Products and Cloud Services for Data Replication, Streaming Data and Database Migrations. While at IBM, he was head of all Information Integration, Replication and Governance products, and previously Jeff was an independent architect for US Defense Department, VP of Technology at Cerebra and CTO of Modulant – he has been engineering artificial intelligence based data platforms since 2001. As a business consultant, Mr. Pollock was a Head Architect at Ernst & Young’s Center for Technology Enablement. Jeff is also the author of “Semantic Web for Dummies” and "Adaptive Information,” a frequent keynote at industry conferences, author for books and industry journals, formerly a contributing member of W3C and OASIS, and an engineering instructor with UC Berkeley’s Extension for object-oriented systems, software development process and enterprise architecture.
Dragos S4x20: How to Build an OT Security Operations CenterDragos, Inc.
Senior Director of Business Development, Matt Cowell's, S4x20 presentation details how to build an effective OT security operations center and the tools and skills needed.
Learn about the organizational and architectural strategies needed to make self-service analytics successful. Self-service is more about process and training instead of only focusing on tools.
Download this research to read about self-service architecture in detail:https://www.eckerson.com/articles/a-reference-architecture-for-self-service-analytics
If you need help with self-service analytics, data architecture or data management, contact us on the following link: https://www.eckerson.com/consulting
Cloud computing is an emerging technology that
offers opportunities for organisations to hire precisely those ICT
services they need (SaaS/PaaS/IaaS). Small and medium sized
enterprises (SMEs) can benefit a lot from software services that
are managed in a professional way. Cloud computing enables
them to overcome restrictions from low budgets and limited
resources for ICT. However, cloud adoption is challenging and
requires a clear cloud roadmap. Organisations lack knowledge of
cloud computing and are usually challenged by the adoption of
cloud services. In most cases, SMEs do not know what aspects
they have to take into consideration for a sound decision in
favour or against the cloud. A cloud readiness assessment is a
general approach to facilitate this decision-making process.
The presented study focuses on the development of an assessment framework for cloud services (SaaS) in the domain of enterprise content management (ECM) and social software (ecollaboration).
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud MigrationFloyd DCosta
Capgemini Cloud Assessment offers a methodology and a roadmap for Cloud migration to reduce decision risks, promote rapid user adoption and lower TCO of IT investments. It leverages pre-built accelerators such as ROI calculators, risk models and portfolio analyzers and provides three powerful deliverables in just six to eight weeks:
Comparative of risk analysis methodologiesRamiro Cid
A Comparison done by me of 3 different risk analysis methodologies: CRAMM, NIST and Octave.
Una comparativa desarrollada por mi de 3 metodologías diferentes de análisis de riesgo: CRAMM, NIST y Octave.
The numbers tell the story: 84% of C-suite executives believe they must leverage artificial intelligence (AI) to achieve their growth objectives, yet 76% report they struggle with how to scale. With the stakes higher than ever, what can we learn from companies that are successfully scaling AI, achieving nearly 3X the return on investments and an average 32% premium on key financial valuation metrics?
To answer that question, Accenture conducted a landmark global study involving 1,500 C-suite executives from organizations across 16 industries. The aim: Help companies progress on their AI journey, from one-off AI experimentation to gaining a robust organization-wide capability that acts as a source of competitive agility and growth.
Read the full report:
http://www.accenture.com/AI-Built-to-Scale-Slideshare
Cloud Migration Checklist | Microsoft Azure MigrationIntellika
This checklist walks you through the steps to plan, assess, and begin your cloud migration, and offers resources to help you move to the cloud with Microsoft Azure.
Learn more - https://www.intellika.in/cloud-migration/
Threat Modeling as a structured activity for identifying and managing the objects (such as application) threats.
Threat Modeling – also called Architectural Risk Analysis is an essential step in the development of your application.
Without it, your protection is a shot in the dark
In a world rocked by the Industrial Internet of Things (IIoT), the mobile revolution, Digital Transformation, and COVID-19, supervisory control and data acquisition (SCADA) remains an essential technology system for manufacturers. However, a SCADA system that was “good enough” 10 or 15 years ago will not be adequate in today’s environment. Before adopting or upgrading to a new SCADA system, you must be certain that it offers the power and flexibility your organization needs to adapt to these unfolding changes.
Cloud Migration: Cloud Readiness Assessment Case StudyCAST
Learn more about Cloud Migration: https://www.castsoftware.com/use-cases/cloud-readiness-and-migration
Review this case study of a CIO migrating applications to Microsoft Azure to see how a cloud readiness assessment help to identify obstacles preventing the organization from moving faster to Azure. Learn how to gain quick visibility through an objective assessment of your core application's cloud readiness, before you plan your cloud migration.
Learn more about Cloud Migration: https://www.castsoftware.com/use-cases/cloud-readiness-and-migration
Industry X.0 - Realizing Digital Value in Industrial Sectorsaccenture
Industry X.0 is a new way for manufacturing to operate. At its heart are highly intelligent, interconnected products and ecosystems that create a fully digital value chain, supplemented by new core innovation competences and deep cultural change. Learn more: https://accntu.re/2wKLK4m
Here is your guide on how to progress through the cyber security career ladder. This resource shows you all the different cyber security roles and the qualifications needed for each!
Building an Analytics CoE (Center of Excellence)Rahul Saxena
This deck is from a workshop I conducted at the Indian Institute of Management, Bangalore (IIMB) on 20th July, 2013.
Agenda:
* What does the organization want to do with analytics? What is the role of the CoE that they envision?
* What is the organizational context? Current providers of analytics? Leadership support?
* What will the Analytics CoE need to be like (now and in the future, up to the planning horizon)?
* Where do we stand with analytics capabilities now, compared to what we need?
* How will we evolve the CoE? Set expectations, drive the evolution, establish the value.
Cloud computing is an emerging technology that
offers opportunities for organisations to hire precisely those ICT
services they need (SaaS/PaaS/IaaS). Small and medium sized
enterprises (SMEs) can benefit a lot from software services that
are managed in a professional way. Cloud computing enables
them to overcome restrictions from low budgets and limited
resources for ICT. However, cloud adoption is challenging and
requires a clear cloud roadmap. Organisations lack knowledge of
cloud computing and are usually challenged by the adoption of
cloud services. In most cases, SMEs do not know what aspects
they have to take into consideration for a sound decision in
favour or against the cloud. A cloud readiness assessment is a
general approach to facilitate this decision-making process.
The presented study focuses on the development of an assessment framework for cloud services (SaaS) in the domain of enterprise content management (ECM) and social software (ecollaboration).
Capgemini Cloud Assessment - A Pathway to Enterprise Cloud MigrationFloyd DCosta
Capgemini Cloud Assessment offers a methodology and a roadmap for Cloud migration to reduce decision risks, promote rapid user adoption and lower TCO of IT investments. It leverages pre-built accelerators such as ROI calculators, risk models and portfolio analyzers and provides three powerful deliverables in just six to eight weeks:
Comparative of risk analysis methodologiesRamiro Cid
A Comparison done by me of 3 different risk analysis methodologies: CRAMM, NIST and Octave.
Una comparativa desarrollada por mi de 3 metodologías diferentes de análisis de riesgo: CRAMM, NIST y Octave.
The numbers tell the story: 84% of C-suite executives believe they must leverage artificial intelligence (AI) to achieve their growth objectives, yet 76% report they struggle with how to scale. With the stakes higher than ever, what can we learn from companies that are successfully scaling AI, achieving nearly 3X the return on investments and an average 32% premium on key financial valuation metrics?
To answer that question, Accenture conducted a landmark global study involving 1,500 C-suite executives from organizations across 16 industries. The aim: Help companies progress on their AI journey, from one-off AI experimentation to gaining a robust organization-wide capability that acts as a source of competitive agility and growth.
Read the full report:
http://www.accenture.com/AI-Built-to-Scale-Slideshare
Cloud Migration Checklist | Microsoft Azure MigrationIntellika
This checklist walks you through the steps to plan, assess, and begin your cloud migration, and offers resources to help you move to the cloud with Microsoft Azure.
Learn more - https://www.intellika.in/cloud-migration/
Threat Modeling as a structured activity for identifying and managing the objects (such as application) threats.
Threat Modeling – also called Architectural Risk Analysis is an essential step in the development of your application.
Without it, your protection is a shot in the dark
In a world rocked by the Industrial Internet of Things (IIoT), the mobile revolution, Digital Transformation, and COVID-19, supervisory control and data acquisition (SCADA) remains an essential technology system for manufacturers. However, a SCADA system that was “good enough” 10 or 15 years ago will not be adequate in today’s environment. Before adopting or upgrading to a new SCADA system, you must be certain that it offers the power and flexibility your organization needs to adapt to these unfolding changes.
Cloud Migration: Cloud Readiness Assessment Case StudyCAST
Learn more about Cloud Migration: https://www.castsoftware.com/use-cases/cloud-readiness-and-migration
Review this case study of a CIO migrating applications to Microsoft Azure to see how a cloud readiness assessment help to identify obstacles preventing the organization from moving faster to Azure. Learn how to gain quick visibility through an objective assessment of your core application's cloud readiness, before you plan your cloud migration.
Learn more about Cloud Migration: https://www.castsoftware.com/use-cases/cloud-readiness-and-migration
Industry X.0 - Realizing Digital Value in Industrial Sectorsaccenture
Industry X.0 is a new way for manufacturing to operate. At its heart are highly intelligent, interconnected products and ecosystems that create a fully digital value chain, supplemented by new core innovation competences and deep cultural change. Learn more: https://accntu.re/2wKLK4m
Here is your guide on how to progress through the cyber security career ladder. This resource shows you all the different cyber security roles and the qualifications needed for each!
Building an Analytics CoE (Center of Excellence)Rahul Saxena
This deck is from a workshop I conducted at the Indian Institute of Management, Bangalore (IIMB) on 20th July, 2013.
Agenda:
* What does the organization want to do with analytics? What is the role of the CoE that they envision?
* What is the organizational context? Current providers of analytics? Leadership support?
* What will the Analytics CoE need to be like (now and in the future, up to the planning horizon)?
* Where do we stand with analytics capabilities now, compared to what we need?
* How will we evolve the CoE? Set expectations, drive the evolution, establish the value.
After a major slowdown that stunted the growth of the IT sector briefly, the industry has revived and given a boost to its order books with its numerous efforts.
No “one size fits all” managed services solution will ever be ideal for every business. When evaluating prospective providers, consider important services such as monitoring, reporting, backup, remote management and security. Also consider key provider qualifications including location, third-party certifications, customer references, in-house staffing resources and contract items. After outsourcing, you should see immediate results in cost controls and service delivery.
Measuring the return from pharmaceutical innovation 2016Deloitte UK
The seventh annual pharmaceutical innovation study by the Deloitte UK Centre for Health Solutions looks at the challenges the industry faces in generating returns from its R&D investments while highlighting the key strategies to help increase pipeline value while reduce R&D costs to generate sustainable R&D returns.
Integrated Direct Procurement Made Easier with SAP and SAP Ariba SolutionsSAP Ariba
Many organizations continue to look for ways to improve direct materials procurement. Transforming direct procurement requires new capabilities for supply chain visibility, real-time collaboration, and advance sourcing. Join Deloitte for a discussion on how to deliver those capabilities through an integrated approach that leverages SAP Ariba solutions and other SAP offerings.
The 2013 Deloitte Undergraduate Case Competition challenged students to develop strategy, technology, and human capital recommendations for MAD HATS, a company that donates a hat to a person in need for each hat purchased by one of their customers.
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
A quick summary of the current state of big data technology and data science approaches used in cyber / network defender security analytics including summary use cases, a walk through of a reference architecture and breakdown of the required skills. Focus is on the knowledge needed to run a proof of concept and establish a programme for early benefits. Will then also include a view on the future of extending the platforms and capabilities of security analytics to cover performance metrics and data-driven security management approaches.
Splunk EMEA Webinar: Scoping infections and disrupting breachesSplunk
To successfully prevent infections from becoming a data breach, security analysts need the ability to continuously collect, analyse, correlate and investigate a diverse set of data.
Join this webinar to hear Matthias Maier, Splunk Security Product Marketing Manager and Filip Wijnholds, Splunk Senior Systems Engineer, discuss the specific data sources and capabilities required to determine the scope of an infection before it turns into a breach.
During this session, you'll learn:
- The capabilities required to distinguish an infection from a breach
- The specific analysis steps to understand the scope of an attack
- The data sources required to gain deep and broad visibility
- What to look for from network and endpoint data sources
We also demonstrate a live incident investigation using this approach, you can view the recording here:
https://splunkevents.webex.com/splunkevents/lsr.php?RCID=cab764b0457c615aa5f02ddfd351fe9f
Operationalizing Big Data Security Analytics - IANS Forum Toronto KeynoteInterset
Presented by Stephan Jou, Interset CTO, at IANS Forum Toronto 2018, this presentation explores how companies can operationalize security analytics with Interset's threat detection platform, which distills billions of events into a handful of prioritized threat leads through unsupervised machine learning and an open source, big data architecture.
Splunk for Enterprise Security featuring User Behavior AnalyticsSplunk
This session will review Splunk’s two premium solutions - Splunk Enterprise Security (ES) is Splunk's award-winning security intelligence solution that brings immediate value for continuous monitoring across SOC and
incident response environments. Splunk UBA is a new technology that applies unsupervised machine learning and data science to solving one of the biggest problems in information security today: insider threat. You’ll learn how Splunk UBA works in tandem with ES, or third-party data sources, to bring significant automated analytical power to your SOC and Incident Response teams.
Applied cognitive security complementing the security analyst Priyanka Aash
Security incidents are increasing dramatically and becoming more sophisticated, making it almost impossible for security analysts to keep up. A cognitive solution that can learn about security from structured and unstructured information sources is essential. It can be applied to empower security analysts with insights to qualify incidents and investigate risks quickly and accurately.
(Source : RSA Conference 2017)
Organizations need to apply security analytics to obtain seamless visibility and monitoring across both their on-premises and cloud environments. These challenges can be solved with comprehensive detection rules and behavioral analytics to ensure you detect potential threats.
Join FireEye and AWS to learn how Threat Analytics Platform (TAP) helped unify a major U.S. financial company’s on-premises and cloud-based Security Operations Centers (SOCs) by providing a single, cloud-based solution for monitoring their hybrid IT environment. FireEye’s TAP provides seamless visibility, detection and investigation across your on-premises and AWS Cloud environments ensuring actionable insight into threats targeting your company.
Join us to learn:
• How TAP ingests and analyzes AWS CloudTrail log files, providing visibility into both your AWS environment and the applications running on it
• TAP's best practices workflow to guide and inform your threat investigation
• How a major U.S. financial company unified their on-premises and cloud-based SOCs in to a single, cloud-based security operation
Who should attend: Directors and Managers of Security, IT Administrators, IT Architects, and IT Security Engineers
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentInfocyte
This webinar and presentation outlines the Infocyte HUNT threat detection and incident response platform, and how it enables state and local government organizations:
- Reduce risk across local, off-network, and cloud IT assets
- Expose and eliminate hidden cyber threats and vulnerabilities
- Streamline your overall security operations
- Achieve and maintain compliance
Using Infocyte, TIG can provide their customers with cost-effective, easy-to-manage, and on-demand cybersecurity consulting services (e.g. compromise assessments, incident response) and managed security services (e.g. managed detection and response).
Visit https://www.infocyte.com/ to learn more and request a demo, or request a cybersecurity risk assessment (Compromise Assessment) using the link below:
https://www.infocyte.com/free-compromise-assessment/
Similar to Virtual Gov Day - Security Breakout - Deloitte (20)
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...Splunk
.conf Go 2023 presentation:
"Das passende Rezept für die digitale (Security) Revolution zur Telematik Infrastruktur 2.0 im Gesundheitswesen?"
Speaker: Stefan Stein -
Teamleiter CERT | gematik GmbH M.Eng. IT-Sicherheit & Forensik,
doctorate student at TH Brandenburg & Universität Dresden
.conf Go 2023 presentation:
De NOC a CSIRT
Speakers:
Daniel Reina - Country Head of Security Cellnex (España) & Global SOC Manager Cellnex
Samuel Noval - Global CSIRT Team Leader, Cellnex
Splunk - BMW connects business and IT with data driven operations SRE and O11ySplunk
BMW is defining the next level of mobility - digital interactions and technology are the backbone to continued success with its customers. Discover how an IT team is tackling the journey of business transformation at scale whilst maintaining (and showing the importance of) business and IT service availability. Learn how BMW introduced frameworks to connect business and IT, using real-time data to mitigate customer impact, as Michael and Mark share their experience in building operations for a resilient future.
Data foundations building success, at city scale – Imperial College LondonSplunk
Universities have more in common with modern cities than traditional places of learning. This mini city needs to empower its citizens to thrive and achieve their ambitions. Operationalising data is key to building critical services; from understanding complex IT estates for smarter decision-making to robust security and a more reliable, resilient student experience. Juan will share his experience in building data foundations for a resilient future whilst enabling digital transformation at Imperial College London.
Splunk: How Vodafone established Operational Analytics in a Hybrid Environmen...Splunk
Learn how Vodafone has provided end-to-end visibility across services by building an Operational Analytics Platform. In this session, you will hear how Stefan and his team manage legacy, on premise, hybrid and public cloud services, and how they are providing a platform for complex triage and debugging to tackle use cases across Vodafone’s extensive ecosystem.
.italo operates an Essential Service by connecting more than 100 million people annually across Italy with its super fast and secure railway. And CISO Enrico Maresca has been on a whirlwind journey of his own.
Formerly a Cyber Security Engineer, Enrico started at .italo as an IT Security Manager. One year later, he was promoted to CISO and tasked with building out – and significantly increasing the maturity level – of the SOC. The result was a huge step forward for .italo.
So how did he successfully achieve this ambitious ask? Join Enrico as he reveals the key insights and lessons learned in his SOC journey, including:
Top challenges faced in improving security posture
Key KPIs implemented in order to measure success
Strategies and approaches applied in the SOC
How MITRE ATT&CK and Splunk Enterprise Security were utilised
Next steps in their maturity journey ahead
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
2. Deloitte at a Large State HHS Agency
Top IT Initiatives
Security Monitoring
– Looking for SIEM replacement
– Technical security
Compliance
– Subject to multiple yearly audits
– CMS, IRS, PCI
Healthcare Program Integrity
– Internal & external monitoring
– Looking for high-risk behaviors and activities – indicators
2
3. IT Challenges
Incident investigation/Incident Response:
– Tough to correlate events across infrastructure
– Time consuming process
– Low visibility into what’s actually going on in environment
Data Correlation:
– Other departments with relevant security data were creating a bottleneck
– Stove piped applications – hard to integrate applications
Program Integrity Issue detection:
– Need to detect high risk behaviors and activities proactively
Remaining compliant:
– Compliance reporting automation
– Splunk & Archer Integration
3
4. Improved Agency Efficiency
With Splunk:
Ingesting security data
– Couple of hours
Reporting & dashboard set-up
– 1-2 days
Incident investigation
– Days
Compliance reports
– Minutes
Program Integrity set-up
– 1-2 months
4
Without Splunk:
Ingesting security data
– 3-5 days
Reporting & dashboard set-up
– 1-2 weeks
Incident investigation
– 2-4 weeks
Compliance reports
– Days
Program Integrity set-up
– 6 months
5. Program Integrity
Agency defined 6 priority use cases to detect program integrity violations
within individuals benefits programs
Ingesting application, endpoint, backend and mainframe data to detect high
risk behaviors and activities
Monitoring external program integrity issues:
Individuals doubling up on monthly benefits
Multiple families receiving benefits under one household
Monitoring internal program integrity issues:
Agency caseworkers approving inappropriate transactions
5
6. Use Case: Program Integrity analysis
6
Insert Screenshot – can be dashboard, report, etc. Can add
as many as needed to explain how you’re using Splunk Dashboard to
identify repeated
issuances of
benefits within a
timeframe
7. Use Case: Database Audit
7
Insert Screenshot – can be dashboard, report, etc. Can add
as many as needed to explain how you’re using Splunk Dashboard to
analyze audit
logs from
multiple Oracle
database servers
8. Use Case: Access Logs
8
Insert Screenshot – can be dashboard, report, etc. Can add
as many as needed to explain how you’re using Splunk
Dashboard
provides
overview of
authentication
and
authorization
actions by
applications
9. Why Splunk?
Cost savings:
– One solution for security investigation, compliance
reporting and program integrity issue detection
Increased visibility
Flexibility:
– Ability to integrate data sources without help of an
application development team
– 450 custom reports
Fast time to value:
– Only took 4-6 months to implement
9
“Our client is very
happy with the results.
It would be hard to
convince them to get
rid of Splunk – they are
very, very impressed. ”
12. Advanced Threats Are Hard to Find
“Another Day, Another Retailer in a Massive
Credit Card Breach”
– Bloomberg Businessweek, March 2014
“Edward Snowden Tells SXSW He'd Leak
Those Secrets Again”
– NPR, March 2014
“Banks Seek U.S. Help on Iran Cyber attacks”
– Wall Street Journal, Jan 2013
Cyber Criminals
Nation States
Insider Threats
12
Source: Mandiant M-Trends Report 2012/2013/2014
100%
Valid credentials were used
40
Average # of systems accessed
229
Median # of days before detection
67%
Of victims were notified by
external entity
13. Attackers & Threats Have Changed & Matured
13
• Goal-oriented
• Human directed
• Multiple tools, steps & activities
• New evasion techniques
• Coordinated
• Dynamic, adjust to changes
People
• Outsider (organized crime, competitor,
nation/state)
• Insiders (contractor, disgruntled employee)
Technology
• Malware, bots, backdoors, rootkits, zero-day
• Exploit kits, password dumper, etc.
Threat
Process
• Attack Lifecycle, multi-stage, remote controlled
• Threat marketplaces – buy and rent
14. Modern Security Program Needs More than Technology
14
People
• Outsider (organized crime, competitor,
nation/state)
• Insiders (contractor, disgruntled employee)
Technology
• Malware, bots, backdoors, rootkits, zero-day
• Exploit kits, password dumper, etc.
Threat
Technology
• Firewall, Anti-malware, AV, IPS, etc.
• Anti-spam, etc.
Solution
Process
• Attack Lifecycle, multi-stage, remote controlled
• Threat marketplaces – buy and rent
Human
Intuition and Observation
Coordination, Collaboration
and Counter Measures
15. New Approach to Security Operations is Needed
15
• Goal-oriented
• Human directed
• Multiple tools & activities
• New evasion techniques
• Coordinated
• Dynamic (adjust to changes)
Threat
• Analyze all data for relevance
• Contextual and behavioral
• Rapid learning and response
• Leverage IOC & Threat Intel
• Share info & collaborate
• Fusion of technology, people
& process
16. From Alert Based to Analytics Driven Security
16
Traditional Alert-based Approach
Time & Event based
Data reduction
Event correlation
Detect attacks
Needle in a haystack
Power Users, Specialist
Additional Analysis Approach
..and phase, location, more…
Data inclusion
Multiple/dynamic relationships
Detect attackers
Hay in a haystack
Everyone - Analytics-enabled Team
17. Splunk software complements, replaces and goes beyond traditional SIEMs.
Moving Past SIEM to Security Intelligence
Small Data. Big Data. Huge Data.
SECURITY &
COMPLIANCE
REPORTING
REAL-TIME
MONITORING OF
KNOWN THREATS
DETECTING
UNKNOWN
THREATS
INCIDENT
INVESTIGATIONS
& FORENSICS
FRAUD
DETECTION
INSIDER
THREAT
18. Machine Data Enables Security and Business Insights
18
Order ID
Customer’s Tweet
Time Waiting On Hold
Product ID
Company’s Twitter ID
Order ID
Customer ID
Twitter ID
Customer ID
Customer ID
Twitter
Care IVR
Middleware
Error
Order Processing
Sources
21. Insider Threat
21
The CERT Top 10 List for Winning the Battle Against Insider Threats
Dawn Cappelli, Software Engineering Institute, Carnegie Mellon University, 2012
Non-tech indicators
HR
HDFS
SAP
Time
Management
Asset DB
Dunn &
Bradstreet
Lexus
Nexus
Traditional Data
Threat
Intelligence
User &
Identity
Network &
malware
Host &
Application
22. Human expertise fused with the power of
correlation and visualization technology are
key to detecting the unknowns
22
23. Visual Investigations for All Users
Visually organize and fuse any
data to discern any context
Giving users the ability to find
relationships visually
23
24. Enhance Security Analysis with Threat Intelligence
Integrate high fidelity and
complex URL’s and domain
names into threat
intelligence
Aggregation, de-duplication
and prioritization of
multiple feeds
Assign weights to the
business value of the feeds
24
29. Leverage a Rich Eco System
29
Security Intelligence platform
200+
SECURITY APPS/ADD-ONS
SPLUNK FOR
ENTERPRISE SECURITY
Cisco
WSA, ESA,
ISE, SF
Palo Alto
Networks
FireEye DShield
DNS
OSSEC
VENDOR COMMUNITY
CUSTOM APPS
Symantec
ADDITIONAL
SPLUNK APPS
…
Threat
Stream
30. Analytics Driven Security –
Empowering People and Data
A security intelligence platform should enable
any Security Program to leverage Technology,
Human Expertise, and Business/IT Processes in
the most effective way to deliver on security
30
31. 31
Why Splunk?
Integrated, Holistic & Open
• Single product & data store
• All original machine data is
indexed and searchable
• Open platform with API, SDKs,
+500 Apps
Flexible & Empowering
• Schema on read
• Search delivers accurate, faster
investigations and detection
• Powerful visualizations and
analytics help identify outliers
Simplicity, Speed and Scale
• Fast deployment + ease-of-
use = rapid time-to-value
• Runs on commodity hardware,
virtualized and/or in the cloud
• Scales as your needs grow
All Your Data in One Place:
Increases Collaboration and Partnership, Eliminates Silos & Delivers Proven ROI
Glenn – can you please update your title and add anyone else presenting with you?
You can add as many screen shots as you like – this is where you’d discuss your specific use case(s)
The number of threats is increasing and also becoming more advanced. Today’s advanced threats are stealthy and sophisticated and evade detection from traditional, point security products that look for specific threat signatures. Above are 3 types of advanced threats. They are good at stealing confidential data, whether it be credit cards or IP, and many of their victims unfortunately end up in the headlines.
Cyber criminals include the credit card theft at Target and Neiman Marcus. Nation state attacks include Iran and China attacking governments and private sector companies to steal intellectual property and/or national secrets.
FYI these advanced threats are also commonly called APTs, or Advanced Persistent Threats.
APT are hard to detect because they are not signature-based and hide behind legitimate credentialed activity to evade detection from traditional, point security products. Every year companies like Mandiant produce reports that describe the trends identified based on the breach investigation work that they do as part of their consulting practices. There are a couple metrics that I found interesting reading their recent reports.
100% is often via stealing password hashes or using keyloggers. Often they steal admin-level credentials so they can access many other systems and not be detected.
The 40 implies that even if you see malware in one place, you need to look much further as there are likely multiple infected machines and backdoors
243 days shows how they can evade detection for months at a time. They move slow and low and do not set off alarms from point, signature-based security products like anti-malware solutions.
63% of victims were notified by an external entity. Notification usually starts with customer complaints like bank account drained or credit card maxed out. Often FBI informs them.
Concept is that NEW analysis is required – beyond simple event correlation – this is why SIEMs are not solving the problem – the requires have changed
Phase, location, etc. – speak to additional attributes are required to both understand and to defend against attacks
Data inclusion – core splunk message – don’t filter/tune out noise/false positive, look at all data, collect so it’s available when needed
Multiple/dynamic relationships – the event chain and bits of any attack are scattered, and cannot be detected using pre-defined correlation rules – example of multiple login failure with success and then access to internal resources – great for gaining an advantage, but then what happens when they download additional malware – how does static correlation rules help find the new malware, or how does it look for potential data that is accessed/stolen.
Detect attackers – main concept is there is an attacker directing the malware (once internal access is established via valid credentials, therefore the attacker must be deduced from activities associated with normal activities from those trusted credentials) - once the malware is delivered, the additional attack tools and activities will not be “attacks” anymore, then are activities of the attacker
Hay in a haystack – needle is a different object from hay – but now, since trusted credential are used, and often in normal, good traffic – the analysis is to look for particular attributes and characteristics of the hay to determine good/bad – this applies to concepts like insider threat is an insider with access (account privileges, etc.), and fraud uses good access (credit card, accounts, etc.) – the identifiable traits are their activities, characteristics, etc.
Make sure to stress we are a Security Intelligence Platform and we can meet their needs these use cases plus more. We are more than a SIEM in that we are much more flexible and also can be used for use cases outside of security. Do not go into detail on the 5 use cases because the next few slides detail each of them. And highlight that many customers already have a SIEM and are generally happy with it. But they do have some pain with current SIEM….maybe it struggles getting in non-security data, maybe it has limited search/reporting capabilities, etc. In these cases, Splunk can happily complement their SIEM. They perhaps use their existing SIEM for alerting, and they then log into Splunk to do the investigation, etc. But key point is that we can easily complement or replace a SIEM.
Key part of IT security is protecting confidential data. Which means detecting advanced threats, like cybercriminals or malicious insiders, before they can steal your data. To detect or investigate them, you need non-security and security data because advanced threats avoid detection from signature-based security products; the fingerprints of an advanced threat often are in the “non-security” data. Most traditional SIEMs just focus on gathering signature-based threats which do *not* have the fingerprints of advanced threats.
Also the above scenario is worse if there is no SIEM. Instead point UIs and grep are used and aggregating data is very manual and time consuming.
Insight for Insider threats comes both traditional data sources used for security AS WELL AS FROM non-traditional, often from HR, personnel and other “people-oriented” data.
1 solution for Splunk for Security, but 3 offerings. At bottom is Splunk Enterprise, our core product. Every Splunk deployment includes this as this is where the core indexing and searching resides. Many customers build their own searches/reports/dashboards on top of it.
On top of it, optional Apps can be installed. Apps are basically a collection of reports, dashboards, and searches purpose-built for a specific use case or product. Can be built by Splunk, customer, partners and all but a few are free on Splunkbase. Apps are great for customers who want out-of-the-box content and do want to have to build it themselves, and want to extend point solutions. One key App is the Splunk-built Enterprise Security app with the arrow pointing at it. It is basically an out-of-the-box SIEM with reports, dashboards, correlation rules, and workflow for security use cases. (It does have a cost though) Besides this app there are over 80 security-centric free Apps on Splunkbase. These are offering 3.
The majority of Splunk security customers do Splunk Enterprise and the free apps. Also customers do leverage the API and SDKs that come with Splunk to further extend the platform.
3:45pm – Bert: Moderate Q&A
REMEMBER: Check the presenter pod to ensure Deloitte has not asked you to skip any questions
NEXT:
3:55pm – Close session:
Thank our presenters
Hand it over to Alicia to close and mention Splunk’s upcoming events
3:55pm – Close session:
Thank our presenters
Hand it over to Alicia to close and mention Splunk’s upcoming events