Most organizations have multiple administrators with privileged accounts. But when you consider Hank the Hacker only has to breach one of those accounts to obtain privileged access to your environment, you start to get an idea of how important it is to keep an eye on those accounts.
In this live webcast, AD experts will show you how to both automatically remediate unauthorized actions immediately to minimize potential damage, but also automate security policy enforcement across Active Directory (on-premises and Azure AD) to mitigate the potential for recurrence.
Find out more at: quest.com/stophank
Identifying Hybrid AD Security Risks with Continuous Assessment Quest
There are more hybrid Active Directory (AD) security risks in your environment than you think. Proper AD security isn’t just about whether it’s configured correctly; it’s about proactively assessing who has access to what: permissions, privileged groups, sensitive business groups, GPOs and data.
In this on-demand webcast, Quest AD experts will show you how to conduct a thorough assessment of your environment so you know who has access to what. Assessing your security configuration makes it so you can easily identify access to:
• Active Directory
• Exchange Online
• File Servers
Take a look at the entire series: https://www.quest.com/stophanknow
Sounding the Alarm with Real-Time AD Detection and AlertingQuest
Just because your hybrid Active Directory (AD) environment is secure today doesn’t mean it will be tomorrow. You need to stay on top of unusual or suspicious activity if you want to ensure everything happening in your environment is always on the up and up.
In this live webcast, AD experts will identify our two-fold strategy that defines inappropriate changes and then creates strategic alerts for when they occur. We’ll then explore how this strategy helps to reduce the risk of exposure caused by insider attacks and data breaches.
Take a look at the entire series: https://www.quest.com/stophanknow
Investigating and Recovering from a Potential Hybrid AD Security BreachQuest
In this on-demand webcast, Quest AD experts will show you how to reduce incident response time investigations across your environment. Discover how to automate your AD business continuity plan (BCP) to minimize your RTO (recovery time objective) in the event of a security incident that causes partial or total damage across your AD infrastructure.
Find out more at: quest.com/stophank
Matti Neustadt Storie, Microsoft
Alex Harmon, Microsoft
Christopher Mills, Microsoft
The European Union’s General Data Protection Regulation (GDPR) is the most impactful privacy law of the last generation. The GDPR requires us to apply more rigor to data privacy to avoid burdensome restrictions on data collection, and use, significant fines and credibility issues. Microsoft has developed a cross-company privacy architecture that will help enable compliance with this law, and those efforts include processes and procedures to manage and delete data as well as respond to data subject requests and enforce data subject rights. A general misunderstanding of when to de-identify items such as IP addresses, email addresses, internal customer or resource IDs, certificate thumbprints, VM names or any other piece of information can be considered “Personal Data” can lead to negative impact on security response. Learning how to work within the law while still preserving this key evidence like service tenant VM names, crash dumps, system logs containing personal identifiers, subscription IDs, or identifying content relating to vulnerability descriptions or proofs-of-concept, is necessary to do continued work in cybersecurity threat intelligence, forensic investigation, attacker attribution, and incident response. This presentation is designed to provide actionable information about how you can address your GDPR compliance obligations while still ensuring an effective cybersecurity readiness program.
HIPAA 101 Compliance Threat Landscape & Best PracticesHostway|HOSTING
The healthcare IT landscape is changing daily, and trying to keep up with requirements like HIPAA and HITECH can leave you and your clients extremely vulnerable. Register today to hear more about the current HIPAA threat landscape and learn best practices for protection.
Experts from Hostway and Alert Logic will keep you up-to-date on the latest trends in healthcare IT.
You'll learn about the following:
- The current state of the healthcare IT industry and the role of HIPAA
- Threats associated with the healthcare landscape
- How a security breach can impact your organization
- Security best practices for HIPAA compliant cloud hosting and more!
Save Time and Act Faster with PlaybooksThreatConnect
Ingesting threat data, malware analysis, and data enrichment can all be time consuming tasks. ThreatConnect’s Playbooks feature can automate these things along with almost any cybersecurity task using an easy drag-and-drop interface - no coding needed.
You’ll learn how to:
- Build Playbooks that automatically run based on events in your network.
- Easily send indicators to any of ThreatConnect’s 100+ integration partners including firewalls and SIEMS.
- Ingest and send data from any tool (including tools not yet integrated with ThreatConnect).
- Use Playbooks to get disconnected tools to all talk to each other.
We build a Playbook live on the webinar and also show you where to find ThreatConnect-provided Playbook templates.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported. This talk covers the framework and then dives into some stories from the field.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported.
Identifying Hybrid AD Security Risks with Continuous Assessment Quest
There are more hybrid Active Directory (AD) security risks in your environment than you think. Proper AD security isn’t just about whether it’s configured correctly; it’s about proactively assessing who has access to what: permissions, privileged groups, sensitive business groups, GPOs and data.
In this on-demand webcast, Quest AD experts will show you how to conduct a thorough assessment of your environment so you know who has access to what. Assessing your security configuration makes it so you can easily identify access to:
• Active Directory
• Exchange Online
• File Servers
Take a look at the entire series: https://www.quest.com/stophanknow
Sounding the Alarm with Real-Time AD Detection and AlertingQuest
Just because your hybrid Active Directory (AD) environment is secure today doesn’t mean it will be tomorrow. You need to stay on top of unusual or suspicious activity if you want to ensure everything happening in your environment is always on the up and up.
In this live webcast, AD experts will identify our two-fold strategy that defines inappropriate changes and then creates strategic alerts for when they occur. We’ll then explore how this strategy helps to reduce the risk of exposure caused by insider attacks and data breaches.
Take a look at the entire series: https://www.quest.com/stophanknow
Investigating and Recovering from a Potential Hybrid AD Security BreachQuest
In this on-demand webcast, Quest AD experts will show you how to reduce incident response time investigations across your environment. Discover how to automate your AD business continuity plan (BCP) to minimize your RTO (recovery time objective) in the event of a security incident that causes partial or total damage across your AD infrastructure.
Find out more at: quest.com/stophank
Matti Neustadt Storie, Microsoft
Alex Harmon, Microsoft
Christopher Mills, Microsoft
The European Union’s General Data Protection Regulation (GDPR) is the most impactful privacy law of the last generation. The GDPR requires us to apply more rigor to data privacy to avoid burdensome restrictions on data collection, and use, significant fines and credibility issues. Microsoft has developed a cross-company privacy architecture that will help enable compliance with this law, and those efforts include processes and procedures to manage and delete data as well as respond to data subject requests and enforce data subject rights. A general misunderstanding of when to de-identify items such as IP addresses, email addresses, internal customer or resource IDs, certificate thumbprints, VM names or any other piece of information can be considered “Personal Data” can lead to negative impact on security response. Learning how to work within the law while still preserving this key evidence like service tenant VM names, crash dumps, system logs containing personal identifiers, subscription IDs, or identifying content relating to vulnerability descriptions or proofs-of-concept, is necessary to do continued work in cybersecurity threat intelligence, forensic investigation, attacker attribution, and incident response. This presentation is designed to provide actionable information about how you can address your GDPR compliance obligations while still ensuring an effective cybersecurity readiness program.
HIPAA 101 Compliance Threat Landscape & Best PracticesHostway|HOSTING
The healthcare IT landscape is changing daily, and trying to keep up with requirements like HIPAA and HITECH can leave you and your clients extremely vulnerable. Register today to hear more about the current HIPAA threat landscape and learn best practices for protection.
Experts from Hostway and Alert Logic will keep you up-to-date on the latest trends in healthcare IT.
You'll learn about the following:
- The current state of the healthcare IT industry and the role of HIPAA
- Threats associated with the healthcare landscape
- How a security breach can impact your organization
- Security best practices for HIPAA compliant cloud hosting and more!
Save Time and Act Faster with PlaybooksThreatConnect
Ingesting threat data, malware analysis, and data enrichment can all be time consuming tasks. ThreatConnect’s Playbooks feature can automate these things along with almost any cybersecurity task using an easy drag-and-drop interface - no coding needed.
You’ll learn how to:
- Build Playbooks that automatically run based on events in your network.
- Easily send indicators to any of ThreatConnect’s 100+ integration partners including firewalls and SIEMS.
- Ingest and send data from any tool (including tools not yet integrated with ThreatConnect).
- Use Playbooks to get disconnected tools to all talk to each other.
We build a Playbook live on the webinar and also show you where to find ThreatConnect-provided Playbook templates.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported. This talk covers the framework and then dives into some stories from the field.
The Phishing Intelligence Engine (PIE) is a framework that will assist with the detection and response to phishing attacks. An Active Defense framework built around Office 365, that continuously evaluates Message Trace logs for malicious contents, and dynamically responds as threats are identified or emails are reported.
The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software.
For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.
Info Sec Opportunity – Embracing Big Data with People, Process, & Technology
Increased awareness for participants to begin and/or expand upon channels for utilizing Big Data to enhance their respective programs via People, Process & Technology.
Webinar: Vawtrak v2 the next big Banking TrojanBlueliv
A few years ago we entered a new era of cyber threats.
At the beginning of the Internet, most intrusions and ‘hacks’ were committed for the sole purpose of proving that it was possible, basically because the authors could do it.
At some point though, someone realized that hacking could generate a revenue, there was information that could be stolen and sold, and services that could be provided to make it easier, and thus, the cybercrime industry was born.
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24
In this webinar, our expert will discuss why CISOs must embrace unified cyber risk management for greater consolidation and simplification of business risk to build trust and maximize business resilience.
See Web Security Trend from OWASP Top 10 - 2017Chia-Lung Hsieh
OWASP Top 10 is the most well-known web security awareness document. From the first publication in 2003 till the latest one of 2017, OWASP Top 10 has become the de facto application security standard.
OWASP Top 10 – 2017 can be the best start for your journey on application security. The speaker will introduce the OWASP Top 10 structure, historical comparison, and the latest trends. Besides, the speaker will also introduce other popular application security documents and tools for developers, security testers and application managers.
Security by Design: An Introduction to Drupal SecurityTara Arnold
Security experts from Mediacurrent, Townsend Security and Lockr uncover how you can protect your site from the growing cybercrime business by starting off on the right foot. This interactive webinar will get you the foundation you need to protect your site and your organization when using Drupal.
YOU'LL LEARN:
Security by design in Drupal
Site audit and security best practices
Encrypting sensitive data
Key management (encryption & API)
Resources to improve security
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017Micro Focus
The cyber threats facing businesses today are
constantly evolving. They are being perpetrated
by highly skilled, well-organized and well-funded
groups.
In this session we’ll take a look at
some of these threats, and how you can
mitigate your risks.
Fidelis Endpoint combines rich endpoint visibility and multiple defenses with incident response workflow automation including deep interrogation and recorded playbacks reducing response time from hours to minutes for security analysts. The Fidelis Endpoint module is a component of the Fidelis Elevate platform that delivers automated detection and response.
Here’s some of what we’ll cover:
-Visibility into all threat activity at the endpoint
-Hunting for threats directly on the endpoint, in both file system and memory
-Key event recording and automatic timeline generation
-Automated endpoint response using scripts and playbooks
-Integration with Fidelis Network to improve your team's effectiveness and efficiency
Many solutions in the DLP marketplace today are more focused on monitoring and alerting when data has been leaked rather than preventing the actual leak. To ensure adequate protection of sensitive digital assets, it is imperative to implement a solution that not only identifies but prevents a leak before it occurs.
Ensure the security of digital assets with a full-featured network DLP solution.
With Fidelis Network®, you can block network data exfiltration in the present and look back in time to understand where, when, and how these exfiltration attempts took place and what systems were compromised.
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
A Zero Trust network abolishes the quaint idea of a “trusted” internal network demarcated by a corporate perimeter. Instead it advocates microperimeters of control and visibility around the enterprise’s most sensitive data assets and the ways in which the enterprise uses its data to achieve its business objectives.
In this webinar, guest speaker John Kindervag, Vice President and Principal Analyst at Forrester Research, and Nimmy Reichenberg, VP of Strategy at AlgoSec will explain why a Zero Trust network should be the foundation of your security strategy, and present best practices to help companies achieve a Zero Trust state.
The webinar will cover:
• What is a Zero Trust network, and why it should be a core component of your threat detection and response strategy
• Turning theory into practice: Five steps to achieve Zero Trust information security
• How security policy management can help you define and enforce a Zero Trust network
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
Organizations receive an overwhelming amount of alerts every day from their SIEMs, IPS/IDS, next gen firewalls, etc. Result is too many alerts and not enough manpower, visibility across the organization or enough context to make the right decisions.
We look at every stage of the attack lifecycle…and on every port and protocol. With Fidelis there’s no place for attackers to hide.
This in-depth understanding of your cyber terrain informs your defense, allowing you to lay traps and pitfalls for would-be attackers. Knowing what attackers are looking for and how they are going to try to move throughout your network provides you with a key advantage. With this knowledge, Deception technology becomes a powerful weapon in your defensive arsenal.
Threat Intelligence is by far one of the most over-used buzz words in the security industry. Many professionals have very mixed feelings about Threat Intelligence feeds as well. This discussion is around how LogRhythm’s internal security team utilizes Threat Intelligence to operationalize efficiently and streamline Security Operations processes and help improve an organization’s defenses. We will show how you can generate your own Threat Intelligence and create information sharing loops within like industries to fully realize the team's defensive capabilities. On top of the technical aspects around building out a good Threat Intel program, we will discuss how to manage this from a leadership perspective and get buy-in from the top. Most importantly, once these systems are in place, how we can show value to leadership using key performance indicators and leverage this to improve the overall security program.
The Shifting Landscape of PoS MalwareOutputSilas Cutler
2014 was plagued with news breaches involving the payment card processing systems of major retailers such as Target, Home Depot, and UPS. While most financially motivated hacking is done with banking Trojans such as Zeus, Point-of-Sale (PoS) malware has managed to archive a high degree of success and notoriety, while being relatively simplistic in design and untrodden in the malware world. Together, we'll take a look at some of the most well know Point-of-Sale malware families, their technical aspects, and explore a little bit of the underground credit card fraud market.
Reducing the Chance of an Office 365 Security BreachQuest
Office 365 includes some security features, however those may not be enough. Join Orin Thomas and Quest's Todd Mera as they discuss what you can do to reduce the risk of an Office 365 security breach.
Your database holds your company's most sensitive and important assets- your data. All those customers' personal details, credit card numbers, social security numbers- you can't afford leaving them vulnerable to any- outside or inside- breaches.
The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software.
For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.
Info Sec Opportunity – Embracing Big Data with People, Process, & Technology
Increased awareness for participants to begin and/or expand upon channels for utilizing Big Data to enhance their respective programs via People, Process & Technology.
Webinar: Vawtrak v2 the next big Banking TrojanBlueliv
A few years ago we entered a new era of cyber threats.
At the beginning of the Internet, most intrusions and ‘hacks’ were committed for the sole purpose of proving that it was possible, basically because the authors could do it.
At some point though, someone realized that hacking could generate a revenue, there was information that could be stolen and sold, and services that could be provided to make it easier, and thus, the cybercrime industry was born.
Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...Outpost24
In this webinar, our expert will discuss why CISOs must embrace unified cyber risk management for greater consolidation and simplification of business risk to build trust and maximize business resilience.
See Web Security Trend from OWASP Top 10 - 2017Chia-Lung Hsieh
OWASP Top 10 is the most well-known web security awareness document. From the first publication in 2003 till the latest one of 2017, OWASP Top 10 has become the de facto application security standard.
OWASP Top 10 – 2017 can be the best start for your journey on application security. The speaker will introduce the OWASP Top 10 structure, historical comparison, and the latest trends. Besides, the speaker will also introduce other popular application security documents and tools for developers, security testers and application managers.
Security by Design: An Introduction to Drupal SecurityTara Arnold
Security experts from Mediacurrent, Townsend Security and Lockr uncover how you can protect your site from the growing cybercrime business by starting off on the right foot. This interactive webinar will get you the foundation you need to protect your site and your organization when using Drupal.
YOU'LL LEARN:
Security by design in Drupal
Site audit and security best practices
Encrypting sensitive data
Key management (encryption & API)
Resources to improve security
PROTECT AND SURVIVE – SAFEGUARDING YOUR INFORMATION ASSETS - #MFSummit2017Micro Focus
The cyber threats facing businesses today are
constantly evolving. They are being perpetrated
by highly skilled, well-organized and well-funded
groups.
In this session we’ll take a look at
some of these threats, and how you can
mitigate your risks.
Fidelis Endpoint combines rich endpoint visibility and multiple defenses with incident response workflow automation including deep interrogation and recorded playbacks reducing response time from hours to minutes for security analysts. The Fidelis Endpoint module is a component of the Fidelis Elevate platform that delivers automated detection and response.
Here’s some of what we’ll cover:
-Visibility into all threat activity at the endpoint
-Hunting for threats directly on the endpoint, in both file system and memory
-Key event recording and automatic timeline generation
-Automated endpoint response using scripts and playbooks
-Integration with Fidelis Network to improve your team's effectiveness and efficiency
Many solutions in the DLP marketplace today are more focused on monitoring and alerting when data has been leaked rather than preventing the actual leak. To ensure adequate protection of sensitive digital assets, it is imperative to implement a solution that not only identifies but prevents a leak before it occurs.
Ensure the security of digital assets with a full-featured network DLP solution.
With Fidelis Network®, you can block network data exfiltration in the present and look back in time to understand where, when, and how these exfiltration attempts took place and what systems were compromised.
5 Steps to a Zero Trust Network - From Theory to PracticeAlgoSec
A Zero Trust network abolishes the quaint idea of a “trusted” internal network demarcated by a corporate perimeter. Instead it advocates microperimeters of control and visibility around the enterprise’s most sensitive data assets and the ways in which the enterprise uses its data to achieve its business objectives.
In this webinar, guest speaker John Kindervag, Vice President and Principal Analyst at Forrester Research, and Nimmy Reichenberg, VP of Strategy at AlgoSec will explain why a Zero Trust network should be the foundation of your security strategy, and present best practices to help companies achieve a Zero Trust state.
The webinar will cover:
• What is a Zero Trust network, and why it should be a core component of your threat detection and response strategy
• Turning theory into practice: Five steps to achieve Zero Trust information security
• How security policy management can help you define and enforce a Zero Trust network
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
Organizations receive an overwhelming amount of alerts every day from their SIEMs, IPS/IDS, next gen firewalls, etc. Result is too many alerts and not enough manpower, visibility across the organization or enough context to make the right decisions.
We look at every stage of the attack lifecycle…and on every port and protocol. With Fidelis there’s no place for attackers to hide.
This in-depth understanding of your cyber terrain informs your defense, allowing you to lay traps and pitfalls for would-be attackers. Knowing what attackers are looking for and how they are going to try to move throughout your network provides you with a key advantage. With this knowledge, Deception technology becomes a powerful weapon in your defensive arsenal.
Threat Intelligence is by far one of the most over-used buzz words in the security industry. Many professionals have very mixed feelings about Threat Intelligence feeds as well. This discussion is around how LogRhythm’s internal security team utilizes Threat Intelligence to operationalize efficiently and streamline Security Operations processes and help improve an organization’s defenses. We will show how you can generate your own Threat Intelligence and create information sharing loops within like industries to fully realize the team's defensive capabilities. On top of the technical aspects around building out a good Threat Intel program, we will discuss how to manage this from a leadership perspective and get buy-in from the top. Most importantly, once these systems are in place, how we can show value to leadership using key performance indicators and leverage this to improve the overall security program.
The Shifting Landscape of PoS MalwareOutputSilas Cutler
2014 was plagued with news breaches involving the payment card processing systems of major retailers such as Target, Home Depot, and UPS. While most financially motivated hacking is done with banking Trojans such as Zeus, Point-of-Sale (PoS) malware has managed to archive a high degree of success and notoriety, while being relatively simplistic in design and untrodden in the malware world. Together, we'll take a look at some of the most well know Point-of-Sale malware families, their technical aspects, and explore a little bit of the underground credit card fraud market.
Reducing the Chance of an Office 365 Security BreachQuest
Office 365 includes some security features, however those may not be enough. Join Orin Thomas and Quest's Todd Mera as they discuss what you can do to reduce the risk of an Office 365 security breach.
Your database holds your company's most sensitive and important assets- your data. All those customers' personal details, credit card numbers, social security numbers- you can't afford leaving them vulnerable to any- outside or inside- breaches.
What Does a Full Featured Security Strategy Look Like?Precisely
In today’s IT world, the threats from bad actors are increasing and the negative impacts of a data breach continue to rise. Responsible enterprises have an obligation to handle the personal data of their customers with care and protect their company’s information with all the tools at their disposal.
For IBM i customers, this includes system settings, company-wide security protocols and the strategic use of additional third-party solutions. These solutions should include things like multi factor authentication (MFA), auditing and SEIM features, access control, authority elevation, and more. In this presentation, we will help you understand how all these elements can work together to create an effective, comprehensive IBM i security environment.
Watch this on-demand webinar to learn about:
• taking a holistic approach to IBM i Security
• what to look for when you consider adding a security product to your IBM i IT infrastructure.
• the components to consider a comprehensive, effective security strategy
• how Precisely can help
UpdateConf 2018: Top 18 Azure security fails and how to avoid themKarl Ots
As presented on 22th of November 2018 in Prague.
Karl Ots has assessed the security of over 100 Azure solutions. He has found that there are 18 security pitfalls that are common across all industry verticals and company sizes. In this session, he will share what these security pitfalls are, why do they matter and how to mitigate them.
Mitigating Risk in a Complex Hybrid Directory EnvironmentQuest
Webcast discussion on our Hybrid Active Directory Security story. Any defense is only as strong as its weakest point. Office 365 and its Azure Active Directory underpinnings are highly security focused, with features like conditional access, multi-factor authentication, and best-in-class identity security reporting. But if you have a hybrid identity architecture in which your Active Directory users and groups are projected into the cloud, your weakest link isn't the cloud--it's your Active Directory.
A presentation the enables a user to obtain an primary understanding of Cyber Security
Common types of cyber security,
types of Malware,
areas marked for vigilance and surveillance
Case Studies on Data or security breaches
1. Facebook with points for discussion
2. Google search with points for discussion
3. WhatsApp with points for discussion
4. Wells Fargo with points for discussion
Solving 4 of Active Directory Management’s Biggest Problems with Simple Solut...ScriptLogic
Active Directory touches everything in a Windows environment. It’s responsible for authentication, but it’s also a permissions system, a configuration management system, and an activity monitoring system. Being mission critical it also requires guaranteed backups. Yet oddly these four activities are perhaps the most problematic for all but the most enterprise of businesses. They require deep-level knowledge, scripting experience, and hacker-level technical chops if you’re to accomplish them successfully.
In this webinar, we’ll review some of Active Directory Management’s biggest problems and provide simple solutions for fixing them:
Delegation
Backup & Restore
Group Policy Management
Auditing
Greg Shields of Concentrated Technology has been working with Active Directory since before most directories were active. He’s seen what works, and what fails miserably. And he’s ready to see how his native solutions stack up to the automated alternatives one gets with solutions like ScriptLogic’s Active Administrator. Join Greg and Todd Tobias of ScriptLogic to see where spending “time” versus “money” makes the best sense in solving 4 of Active Directory’s biggest problems.
Threat Modeling for Dummies - Cascadia PHP 2018Adam Englander
No developer wants to be responsible for a major data breach. Unfortunately, when it comes to application security, most developers have more questions than answers. How do I get started? Who should I be protecting against? How much security is enough? Is there a best practice to follow? In less than an hour, I will give you the tools you need to begin integrating threat modeling into your existing application lifecycle. Start building secure applications today.
MongoDB.local Sydney: The Changing Face of Data Privacy & Ethics, and How Mon...MongoDB
Public concern for the safety of data is growing – not just in how criminals might use stolen data to commit fraud, but also in how personal data is used by the organisations we engage with. This is limiting growth in digital services, and damaging trust in government and enterprises.
The EU's General Data Protection Regulation (GDPR) came into force in May 2018. Now it is influencing new privacy regulations around the world, governing how organisations collect, store, process, retain, and share the personal data of citizens.
In this session, we explore the specific data management requirements demanded by new privacy regulations, digital ethics, and everyone's role in being conscientious stewards of customer data. We discuss how MongoDB can provide the core technology foundations to help you accelerate your path to compliance with new privacy demands.
Outpost24 webinar - Enhance user security to stop the cyber-attack cycleOutpost24
We discuss how securing Active Directory and helping employees recognize common attack methods are key to reducing cyber risk to your organization in and out of the office
The ever-escalating threats to your business posed by ransomware and all forms of malware cannot be ignored. Cyber-criminals are employing every technology and tactic available to defeat your security systems and then go completely unnoticed as they systematically penetrate and catalog your systems and data to methodically prepare for a coordinated, carefully orchestrated, multipronged attack. The IBM i can be a rich target of valuable data for these bad actors.
Malware attacks are active, not static. Traditional automated scanning, alerting and remediation practices are no longer enough. Instead, the focus needs to be upon securing critical assets and data stores using a multi-layered defensive approach. In practical terms, this means employing every possible security tool and tactic available, in a coordinated, programmatic way.
Join us for this on-demand webinar to better understand:
o The risks of relying on an “identify and remediate” approach to malware
o A different approach to more effectively prevent malware
o How a multi-layered security strategy can protect IBM i from malware threats
An overview of current cyber security concerns and ways to combat them, as well as an introduction to some of the capabilities of Azure Active Directory
Cybersecurity 101 - A Masterclass in Securing MSPs and IT Pros Navigating the Cybersecurity Landscape: Economics, Targeting, and the Best Security Controls
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...SBWebinars
Curious about what hackers really think of your cyber defenses? Thycotic’s new 2018 Black Hat Conference survey conducted in Las Vegas in August reveals some disturbing answers.
75% hackers say companies fail at applying the principle of least privilege
50% of hackers say they easily compromised both Windows 10/8 within the past year
More than 90% say they compromised Windows environments despite the use of Group Policy Objects (GPO)
Join Thycotic’s Chief Cyber Security Scientist Joseph Carson as he dives into what hackers say about top vulnerabilities they exploit, and how companies are failing to control privileged account credentials. He will then guide you through action steps you can take to limit “overprivileged” users without impacting their productivity.
Similar to Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged Access (20)
DBA vs Deadlock: How to Out-Index a Deadly Blocking ScenarioQuest
Deadlocks strike fear into the heart of even seasoned DBAs-- but they don't have to! In this session, you will get the code to cause a sample deadlock in SQL Server. You'll see how to interpret the deadlock graph to find out where the conflict lies, and how to design an index to make the deadlock disappear. You'll leave the session with the steps you need to confidently tackle future deadlocks.
As if your relational databases weren’t enough to handle, now you’ve got open source and non-relational databases on your plate, too. With so much at stake, it’s time to tap into your hidden super powers as you discover an easy way to centralize monitoring and management – across your entire database environment. In this session, you’ll see how to: - Centralize visibility into the health and status of MySQL (including MariaDB), PostgreSQL, MongoDB and Cassandra. - Get alerts for critical problems in your database environment. - Diagnose both real-time and historical performance problems. - Report on database availability and health.
SQL Server 2017 Enhancements You Need To KnowQuest
In this session, database experts Pini Dibask and Jason Hall reveal the lesser-known features that’ll help you improve database performance in record time.
Quest to the Cloud - Identifying the Barriers to Accelerate Office 365 AdoptionQuest
Find out how to successfully complete your Office 365 migration, and manage your Office 365 environment. Learn from Quest customers about their experiences in this discussion.
Top 10 Enterprise Reporter Reports You Didn't Know You NeededQuest
With almost 300 built-in reports, Enterprise Reporter is an invaluable solution for admins seeking visibility into their Microsoft environments, both on-premises and Office 365. But, with so many reports available, sometimes it’s hard to know where to start.
Check out these slides from our Enterprise Reporter experts panel discussion where they’ll reveal their top 10 reports for on-premises, hybrid and cloud environments.
Plus, see how scheduled report delivery makes it easier for key stakeholders to stay informed and ahead of security risks.
Watch the Top 10 Enterprise Reporter Reports You Didn’t Know You needed: http://ow.ly/dqB330gErO7
Migrating to Windows 10: Starting Fast. Finishing StrongQuest
Industry expert and founder of Techvangelism, Nick Cavalancia, and KACE product expert Bruce Johnson discuss the current migration trends, considerations and benefits of migrating.
The Cost of Doing Nothing: A Ransomware Backup StoryQuest
This on-demand webcast shows you how you shield your organization from such attacks – as well as how to respond if ransomware does penetrate your organization. Baseline Technologies’ Mike Crowley gives you the inside track on how ransomware works and how to lower your risk of ransomware attacks.
Our own UEM solutions engineer Bruce Johnson is teaming up with Microsoft MVP Nathan O’Bryan to help you strengthen your unified endpoint management strategy.
Effective Patch and Software Update ManagementQuest
In this session, industry expert and Penton Tech contributing editor Orin Thomas, offers all the advice you need to create a comprehensive and proactive strategy for implementing patches and updates.
Predicting the Future of Endpoint Management in a Mobile WorldQuest
In this on-demand webcast, you’ll get a feel for looming changes in the endpoint management landscape over the course of the next six months to five years.
Office 365 Best Practices That You Are Not Thinking AboutQuest
Microsoft MVP Mike Crowley, Baseline Technologies, will join Quest cloud expert Ron Robbins to explore how to translate your existing on-premises security and compliance strategy to the cloud.
How to Restructure Active Directory with ZeroIMPACTQuest
We’ll explore best practices for reducing risk and avoiding disruption during AD migrations, ways to improve security, ensure compliance and simplify AD consolidations, and integration processes that can help carefully manage your project before, during and after the actual merger.
Understanding "Red Forest" - The 3-Tier ESAE and Alternative Ways to Protect ...Quest
Security expert Randy Franklin Smith will explain the reasons why you might go through the extra trouble of a "red forest" — as well as the limitations of this structure.
Top Five Office 365 Migration Headaches and How to Avoid ThemQuest
Join experts J. Peter Bruzzese, Microsoft MVP, and Jeff Shahan, migration guru at Quest, as they pull together their real-world migration experience to outline five potential migration risks and how to avoid them.
KACE Endpoint Systems Management Appliances - What’s New for 2017Quest
Quest endpoint systems management experts Sean Musil and Bruce Johnson will show you how securing your network can be made faster, safer and easier with the newest capabilities added to KACE Endpoint Systems Management Appliances. Watch the webcast here: http://bit.ly/2gIOc50.
How to Restructure and Modernize Active DirectoryQuest
In this presentation, you’ll learn how to apply best practices for reducing migration risk and avoiding disruption, improve security, ensure compliance and simplify your consolidation, and carefully manage your project before, during and after the active directory merger. You can listen to the presentation here: http://bit.ly/2gowzqI.
How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange ...Quest
Focusing on auditing mailbox activity such as administration operations and non-owner mailbox access, Randy took customers through the native capabilities through PowerShell and the Office 365 portal. Bryan Patton then shows how Change Auditor for Exchange made it easy for customers to be able to audit mailbox activity whether on premise Exchange or Exchange Online, and how having a 3rd party solution fills the gaps of native capabilities. Watch the webcast here: http://bit.ly/2hkbKPb.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Who’s Watching the Watchers? Fixing and Preventing Inappropriate Privileged Access
1. How to Overcome Common Hybrid AD
and Cloud Security Challenges
• Part 3: Who’s Watching the Watchers? Fixing and
Preventing Inappropriate Privileged Access
2. Confidential2
Today’s speakers
Mark Broghammer
Systems Consultant, Microsoft Platform Management
Mark.Broghammer@quest.com
Dan Gauntner
Sr. Product Marketing Manager, Microsoft Platform Management
Daniel.Gauntner@quest.com
Chris Ashley
Sr. Product Manager, Microsoft Platform Management
Chris.Ashley@quest.com
3. Confidential3 Confidential3
Webcast Series: How to Overcome Common Hybrid AD
and Cloud Security Challenges
Part 1: Identifying Hybrid AD
Security Risks with Continuous
Assessment
• May 3rd at 11est
Part 2: Sounding the Alarm with
Real-Time AD Detection and Alerting
• May 10th at 11est
Part 3: Who’s Watching the
Watchers? Fixing and Preventing
Inappropriate Privileged Access
• May 17th at 11est
Part 4: Investigating and Recovering
from a Potential Hybrid AD Security
Breach
• May 24th at 11est
Quest.com/StopHankNow
4. • What is Hybrid Directory Security?
• Who is Hank the Hacker?
• Hybrid AD and Cloud Security challenges
• Quest Hybrid AD Security Solutions
• Live Demo
• Q&A and Wrap-up
Agenda
6. Confidential6 Confidential6
• Office 365 requires an Azure
AD instance
• Azure AD provides the
Directory Service for Office
365 applications
• Azure AD integrates with On-
premise AD creating a Hybrid
Directory environment
Hybrid Active Directory Environment
7. Confidential7 Confidential7
What does AD have to do with Office 365 Security?
95 Million
AD authentications are under
attack daily
90%
Of companies use on-
premises AD
70%
YoY growth for Office 365 adoption
1 Million
Subscribers a month
moving to Office 365
700 Million
Azure AD accounts
10 Billion
On-prem AD authentications per
day
1.3 Billion
MS cloud login attempts per day
75%
Of enterprises with more
than 500 employees sync on
prem. AD to Azure AD
10 Million
Daily MS Cloud logins are
cyber-attacks
8. Confidential8 Confidential8
Active Directory Security is Critical
On-premises AD remains the core of security even in a
cloud/hybrid environment
On-prem is authoritative source and will replicate to Azure AD &
Office 365
With security, you are only as secure as your weakest link
1
2
3
13. Key Considerations
• Is access control allowing those whitelisted
in and blacklisted out?
• Do my users have the lowest level of user
rights possible to do their jobs?
• Are my sensitive resources protected?
• How much time will it take me to manually
remediate unauthorized changes?
Key Considerations
14. Confidential14 Confidential14
Key Challenges
• Too many over-privileged users
71% of users have inappropriate access
• Privileged account misuse
• Incorrect/outdated group
membership
• Group Policy management
16. Confidential16 Confidential16
Quest On-Prem & Hybrid Security Solutions
• Investigate AD security Incidents
• Continuously test your AD business
continuity plan
• Recover from a security incident
• Improve your RTO following a
disaster
• Secure access to AD DC data
• Enforce permission
blacklisting/whitelisting in AD
• Implement AD least-privilege
access model
• Reduce surface attack area in AD
• Prevent unauthorized access to
sensitive resources
• Remediate unauthorized activities
• Who has access to what
sensitive data
• Who has elevated privileged
permissions
• What systems are vulnerable to
security threats
• Detect suspicious privileged
activities
• Alert on potential insider threats
• Notify in real time of
unauthorized intrusions against
• Detect and alert on brute-force
attacks
Continually
assess
Detect
and alert
Investigate
and recover
Remediate
and mitigate
17. Confidential17 Confidential17
• Delegate to restricted views so people only see what they have rights to perform
• Managed Units
• Version Control Root within GPOADmin
Mitigate
29. Confidential29 Confidential29
• Workflows
• ARS Workflow for service account approval and de-provisioning (discuss only)
• Dynamic Groups
• Rollback and incorporate changes from GPOADmin
• Report on differencessimilarities and refine your GPO’s
Remediate
37. Confidential37 Confidential37
• Active Roles is used
globally to manage and
secure more than 60
million AD user accounts
• Active Roles is in use at
more than 2,500
companies worldwide
• Product has been in
existence since 2003
• Deployments range in size
from 250 to 800K+ users
Active Roles
A single tool for both on-prem
and Azure AD management
and security
38. Confidential38 Confidential38
Automate manual, time-consuming
GPO management tasks
Ensure regulatory compliance with
advanced GPO auditing and tracking
Enhance internal change control
processes
Enjoy peace of mind when deploying
GPO changes
Integrates and extends native tools
Simplified Group Policy Management and Administration
GPOADmin
40. Confidential40 Confidential40
Next Steps: Attend next week or watch on-demand!
Part 1: Identifying Hybrid AD
Security Risks with Continuous
Assessment
• May 3rd at 11est
Part 2: Sounding the Alarm with
Real-Time AD Detection and Alerting
• May 10th at 11est
Part 3: Who’s Watching the
Watchers? Fixing and Preventing
Inappropriate Privileged Access
• May 17th at 11est
Part 4: Investigating and Recovering
from a Potential Hybrid AD Security
Breach
• May 24th at 11est
Quest.com/StopHankNow