Eastern-January

With 37% of breaches in 2019 using compromised credentials and 30% involving internal actors, privileged accounts are one of the biggest attack vectors in almost every organization. Access management is a demonstrably critical issue, and yet most companies struggle to do it right. By manually granting and revoking permissions, teams end up with security policies scattered across documents, tickets, and configuration files. This is how most organizations become incapable of deriving a holistic view of their security status.

We discuss how recent shifts in the development process can be applied in a security context to address these challenges. Strategies such as Policy as Code and ChatOps make access management granular, auditable, and agile, thus enabling teams to establish proper security posture without all the headache.

Key Takeaways

• Ideal access control systems enable granular access control and effective auditing without obstructing day to day operations.

• Policy as Code leverages version control and code generation to encourage minimum privileges and enable teams to review the who, what, when, and why of access control changes.

• ChatOps tools remove bottlenecks by empowering individuals to interact with their organization’s systems in a familiar way while leveraging messaging interfaces for auditability.

The Enterprise Content Firewall

To do their jobs, employees must share IP, PII, PHI, and all means of sensitive content with customers, suppliers, partners and a broad ecosystem of trusted 3^rd parties. However, they put the organization at risk when they communicate across untrusted devices, networks, applications and identities. How can you prevent beaches and compliance violations from everyday 3^rd party communications when you can’t even see what’s going on? This session explores the need for a next-generation “content firewall” that rises above packets and traffic to inspect content and communication, and thereby ensure confidentiality, compliance and control of risky 3^rd party business processes.

Many security teams are overwhelmed by the sheer volume of security alerts with no clear path to resolution. Security analysts, working in small teams and with smaller budgets, are often presented with more alerts than are humanly possible to triage and investigate, granting adversaries more time to evade detection because of the time required analyze and respond to threats. In this presentation, our COO, Jerry Mancini, discusses using integrated and automated platforms like eXtended Detection and Response (XDR) solutions to increase ROI, reduce alert fatigue, and automate response to detected threats.

This year has seen nearly everything change to some degree—including within the Security Operations Center (SOC). Not only are we seeing a fast-evolving and surging threat landscape with which we must keep up, but we’re also contending with the business’s shifting priorities, budgets, and headcounts—all of which impact how the SOC can operate. To ensure we can continue to stave off threats in this new world, we must make sure the foundational elements of our SOC are in place:

• Threat intelligence
• Threat research
• Detection engineering
• Investigation
• Incident handling

This session will cover considerations for CISOs and infosec leaders within each of these five critical pillars. We’ll explore how organizations can make the most of limited resources and close skills gaps by carefully balancing their internal team’s competencies with outside expertise. Learn the steps you can take to establish a modern, efficient, and ultimately successful SOC of the future.