About Speaker
Rajiv Nandwani (Moderator), Dr. Yusuf Hashmi and Kuldeep Kaushal
(PPT) Presentation From The Discussion
About Speaker
Rajiv Nandwani (Moderator), Dr. Yusuf Hashmi and Kuldeep Kaushal
(PPT) Presentation From The Discussion
About Speaker
Gowdhaman Jothilingam (Moderator), Yudhisthira Sahoo, Basil Dange, Jagannath Sahoo, Prabhakar Ramakrishnan, Koushik Nath, Balram Choudhary, M.Sathish Kumar, Sathish Eathuraj, Ramkumar Dilli, Srinivasulu Thayam, Suprakash Guha
(PPT) Presentation From The Discussion
About Speaker
Gowdhaman Jothilingam, Global CISO and Head IT, Latent View
(PPT) Presentation From The Discussion
About Speaker
Arnab Chattopadhayay, CTO, FireCompass
Bikash Barai, CEO, Firecompass
(PPT) Presentation From The Discussion
About Speaker
Nikhil Fogat, Regional Sales Director- North Enterprise, SentinelOne
Shanker Sareen, Head Marketing - SentinelOne India and SAARC
(PPT) Presentation From The Discussion
About Speaker
Tushar Haralkar, Principal Technical Sales Leader, Security Software, IBM India South Asia
(PPT) Presentation From The Discussion
About Speaker
Chandrashekhar Basavanna, CEO, Secpod
(PPT) Presentation From The Discussion
About Speaker
Advocate Dr. Prashant Mali, Cyber Law and Data Protection Lawyer, Bombay High Court
(PPT) Presentation From The Discussion
About Speaker
Bikash Barai, Co-founder & Advisor, CISO Platform
(PPT) Presentation From The Discussion
As technology continues to evolve, so too the threats to the security of enterprises. As we enter 2023, the threat landscape for enterprises is becoming increasingly complex, fast-moving, with cyber threats growing in both volume and sophistication. The threat actors are using technology and knowledge from multiple domains to weaponize and create layers of techniques forming complex advanced attacks. From lone actor hacking for fun and some profit, cyber attack has turned into a full fledged underground industry. To protect against these threats, enterprises must adopt a comprehensive cybersecurity strategy.
Some of the key elements that ideally be included in any security strategy relevant for 2023 are:
External Attack Surface Management
The external attack surface of an enterprise refers to all the potential entry points. It involves discovering an enterprise’s assets exposed over the internet, critical ports remaining open due to misconfiguration, exposed sensitive data, shadow IT by means of Cloud and other virtual environment, dangling domain records, leaked credential, leaked code and more. In 2023, external attack surface management should include monitoring of cloud environments, third-party vendors, and supply chain partners. Also, the capability to filter, validate, prioritize and integrate with enterprise security management systems are also essential.
Continuous Automated Pen Testing
Traditional manual penetration testing is no longer sufficient in keeping up with the pace of technological advancements and the evolving threat landscape. Continuous automated pen testing provides businesses with a comprehensive view of their security posture and enables them to detect vulnerabilities quickly and respond promptly. It also allows businesses to conduct more frequent testing without impacting their day-to-day Advt Get App Leaders Speak Events Webinars More bilities ts Ransomware Cybercrime & Fraud Identity & Access Management GRC OT Security News Newsletters operations. Remember, the attackers are testing all the systems all the time whereas enterprise using traditional methods test some of the systems some of the time.
Identifying Day 1 Vulnerabilities
Day 1 vulnerabilities refer to zero-day vulnerabilities or vulnerabilities found very recently and the existing hunting and defense systems yet to identify and implement controls. The threat actors today are very fast to exploit those before a patch or update is available. In 2023, identifying day 1 vulnerabilities should be a priority for businesses. Enterprises should focus on identifying Day 1 vulnerabilities on their attack surface, preferable in 24 hours of its publishing. Proactive vulnerability management, including vulnerability scanning and assessment, to identify vulnerabilities before they are exploited by attackers is becoming extremely crucial.
Incident response plans should also be in place to address any Day 1 vulnerabilities that are discovered. This will help businesses respond quickly and minimize the damage caused by any potential attacks.
Supplier Chain Compromise
In recent years, threat actors have increasingly targeted third-party vendors and supply chain partners to gain access to an enterprise's network infrastructure. In the recent past, utilities, manufacturing and health care has seen APT actors attacking critical systems using supplier chain weaknesses. The impact has been very serious. In 2023, supplier chain compromise should be a focus for businesses as they are responsible for ensuring that their partners have adequate cybersecurity measures in place. Enterprises must establish a security vetting process for third-party vendors and suppliers and ensure that they adhere to their cybersecurity policies and standards. This will help prevent supply chain attacks, which can have devastating consequences for businesses.
Defense against Generative AI based threats
Generative AI is an emerging technology that is transforming the way businesses operate. However, it is also presenting new challenges to cybersecurity. In 2023, businesses must address the new class of threat arising due to generative AI. Generative AI can be used to create convincing phishing emails and other social engineering attacks that can bypass traditional security defenses. Therefore, businesses must invest in AI-powered security tools that can detect and respond to these new types of threats.
Continuous Monitoring of Ransomware Susceptibility
Ransomware attacks have been on the rise over the past few years, with cybercriminals using increasingly sophisticated methods to target businesses. A recent data breach report from Verizon mentioned Ransomware attacks as a key threat to enterprises. It also mentions phishing emails, malicious downloads, and through compromised supply chain partners as key attack vectors commonly used by ransomwares. The consequences of a successful ransomware attack can be devastating. In addition to the financial impact of paying the ransom, businesses may also face lost productivity, data loss, and reputational damage. Furthermore, some threat actors may not honor their promise to restore the encrypted data, even if the ransom is paid. Apart from internal preparation it may be worthwhile for large operations to arrange Insurance cover. Business Interruption insurance or standard Errors and Omissions (E&O) may not be sufficient. There are specialized Insurers and Lloyds of London market may be tapped. Some of these Insurers have specialized units who can also help in audit of preparations and cover financial re-mediation to customers
Cybersecurity is a critical issue for enterprises in 2023, and they must focus on implementing a robust cybersecurity strategy to protect themselves from the increasing number of cyber threats. This includes External attack surface management, Continuous automated pen testing, Continuous monitoring, Identifying Day 1 vulnerabilities in near real-time, Protecting against supplier chain compromise threat, Create mitigation plans against new classes of threat arising due to generative AI, Continuously monitor against Ransomware susceptibility. By taking the approach mentioned above, an enterprise will be able to reduce the Get App Leaders Speak Events Webinars More bilities ts Ransomware Cybercrime & Fraud Identity & Access Management GRC OT Security News Newsletters gap in cybersecurity controls, mitigate risks at a speed that matches the current day's attackers.
Posted from CISOPlatform member Arnab Chattopadhyay (Member of the CybersecurityWorking Group, IET Future Tech Panel)
Blog also here : https://ciso.economictimes.indiatimes.com/news/ot-security/cybersecurity-strategies-for-enterprise-in-2023/103046315
According to latest Threat Intelligence, 80% of the times, Ransomware gets initial access using Top 3 Attack Vectors:
1. Exploiting Vulnerabilities
2. Shadow IT & Stolen Credentials
3. Various Variants Of Phishing Attacks
This webinar covers 6 most critical and ransomware weaponized CVEs published in the last 3 months and how CISOs can identify them and immediately decrease the chance of Ransomware by 26%.
Key Discussion Points :
About Speaker
Jitendra Chauhan, Head of Research at FireCompass. Jitendra holds multiple patents in Information Security and has 18+ years of experience in key areas such as Building and Managing Highly Scalable Platforms, Red Teaming, Penetration Testing and SIEM.
(Webinar) Recorded
Discussion Highlights
1. 3 Weaknesses leads to 80% Ransomewares
2. Attackers Capability to scan internet in few days
One of the typical automation, without any human intervention is following
3. Ransomewares runs on Global Attack Surface
4. CVE Prioritized in April by Firecompass
5. Possible Recommendations
6. Ransomewares targetted CVEs
Incident Lifecycle Management : Threat Management - NIST Aligned Process
Incident Lifecycle Management (ILM) refers to the systematic process of handling and managing security incidents within an organization. It involves the entire lifecycle of an incident, from detection and response to resolution and learning. The goal of ILM is to minimize the impact of incidents on the organization's operations, systems, and data, while also improving incident response capabilities.. Threat Management, specifically NIST Aligned Process, refers to the approach of managing threats to an organization's information and technology systems in accordance with the guidelines and best practices outlined by the National Institute of Standards and Technology (NIST). NIST provides a comprehensive framework and resources for managing cybersecurity risks and protecting critical infrastructure.
Detection & Analysis
Identification
• Analyze logs and information security events
• Identify potential information security incidents.
• Categorize incident
Validation
• Validate incident scale and consequence.
• Assign
consequence, seventy and priority ratings.
• Review and confirm ratings
• Endorse ratings.
Declaration & Escalation
• Based on priority, assemble ISIRT and notify appropriate parties and escalate incidents. (e.g. cntical & high pronty crisis and emergency incidents escalated to Country Emergency Manager).
Response & Recovery
Containment, Investigation & Forensics
• Direct ISIRT, develop incident response plan, activate rapid response team if needed, and communicate incident to internal and external stakeholders.
• Perform incident containment, investigation and root cause analysis, forensics and evidence management.
Eradication
• Eradicate technical vulnerabilities and incident root causes.
Recovery
• Recover affected information systems and business operations.
Post Incident
Post Incident Activities
• Document lessons
learnt.
• Close incident.
• Create incident review report.
• Develop and implement IS-IM improvement recommendations.
Presentation For Reference
We are excited for the next ‘Best Of The World’ Session On "What's Hot For State CISOs In 2023?" by Dan Lohrmann (Field CISO, Presidio), Danielle Cox (CISO, West Virginia) & Michael Gregg (CISO, North Dakota)
The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. It has featured great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).
Key Discussion Points :
You can join us here: https://attendee.gotowebinar.com/register/7309533942335246687
Please Note : Since the speakers are across the globe (best of the world in security), the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.
This webinar covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Key Discussion Points
About Speaker
Moshe Ferber (Cloud Security Expert, Frequent Speaker at Defcon, Blackhat, RSAC APJ). Moshe served as high ranking manager in large corporations, founder of innovative startups, frequent lecturer at cyber conferences and major contributor to various cloud education programs and certifications.
(Webinar) Recorded
Discussion Highlights
1. CSA relevant publications
2. IaaS/PaaS
3. Exploitable workloads
4. Workloads with excessive permissions
5. Unsecured keys, credentials, and application secrets
6. Exploitable authentication or authorization
7. Unauthorized access to object storage
8. Third party cross environment/account access leading to privilege escalation
(PPT) Presentation From The Discussion
Overview of Incident Response
Incident response is a critical aspect of any organization's cybersecurity strategy. When a security incident occurs, it is crucial to have a well-defined plan in place to handle the situation effectively. This blog post delves into the key components of incident response, focusing on the validation of incidents, containment measures, and the role of forensics in investigating and understanding security breaches.
1.Incident Validation
The first step in incident response is validating whether an incident has indeed occurred. This involves assessing the nature and severity of the event to determine its validity. The validation process typically includes gathering evidence, analyzing logs, and employing various detection tools and techniques to confirm the incident.
1.1 Evidence Collection
To validate an incident, it is essential to collect relevant evidence. This includes system logs, network traffic data, user reports, and any other artifacts that can provide insight into the incident. Proper evidence collection is crucial for a thorough investigation and ensures that critical information is not overlooked or compromised.
1.2 Analysis and Detection
Once the evidence is collected, it undergoes detailed analysis to detect any signs of compromise or malicious activity. Security analysts employ various tools and techniques, such as intrusion detection systems (IDS), security information and event management (SIEM) systems, and behavioral analytics, to identify anomalies and indicators of compromise.
2.Incident Containment
Once an incident is validated, the next step is containment. The primary objective of containment is to limit the impact of the incident and prevent further damage to the organization's systems, data, and reputation. Prompt and effective containment measures are crucial to minimizing the potential harm caused by the incident.
2.1 Isolation and Segmentation
Isolating the affected systems or networks is a critical step in containment. By disconnecting compromised systems from the network, organizations can prevent lateral movement and limit the spread of the incident. Network segmentation techniques, such as virtual LANs (VLANs) and firewalls, are employed to restrict unauthorized access and contain the incident within a specific area.
2.2 Access Control and Privilege Management
Implementing stringent access controls and privilege management measures helps limit the impact of an incident. This involves revoking unnecessary privileges, enforcing strong authentication mechanisms, and implementing the principle of least privilege. By controlling access to sensitive resources, organizations can mitigate the risk of further compromise and maintain the integrity of their systems.
3.Forensics and Investigation
Once the incident is contained, the focus shifts towards conducting a thorough forensic investigation. Forensics play a vital role in understanding the scope and nature of the incident, identifying the root cause, and gathering evidence for potential legal proceedings. The following steps are typically involved in a forensic investigation:
3.1 Preservation of Evidence
Preserving the integrity of evidence is of utmost importance in forensic investigations. This includes creating forensic copies of compromised systems, preserving logs, and maintaining a chain of custody to ensure the admissibility of evidence in legal proceedings.
3.2 Analysis and Reconstruction
During the analysis phase, forensic experts examine the collected evidence to reconstruct the sequence of events leading up to the incident. This involves examining log files, system artifacts, and memory dumps to identify the tactics, techniques, and procedures (TTPs) employed by the attackers.
3.3 Attribution and Lessons Learned
In some cases, it may be possible to attribute the incident to a specific threat actor or group. Forensic analysis, in conjunction with threat intelligence, can aid in determining the motives and tactics employed by the attackers. Additionally, the lessons learned from the incident can be used to improve security practices and enhance future incident response capabilities.
An effective incident response strategy is crucial for organizations to detect, validate, and respond to security incidents promptly and effectively. The process of incident response involves validating incidents, implementing containment measures, and conducting thorough forensic investigations. By following a well-defined incident response plan and leveraging the right tools and techniques, organizations can minimize the impact of security incidents and enhance their overall cybersecurity posture.
P.S. I plan to add in more details from the slide, since it's a gold mine with so much relevant and interesting details
Presentation For Reference
We are excited for the next ‘Best Of The World’ Session On "Understanding Cloud Attack Vectors" by Moshe Ferber (Cloud Security Expert, Frequent Speaker at Defcon, Blackhat, RSAC APJ)
The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. It has featured great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).
Key Discussion Points :
You can join us here: https://info.cisoplatform.com/understanding-cloud-attack-vectors?utm_src=CPblog
Please Note : Since the speakers are across the globe (best of the world in security), the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.
This webinar covers various aspects, including the rise in cyber security incidents, identification of vulnerabilities and loopholes, effective prevention strategies, mitigation techniques, and more. It aims to provide a comprehensive understanding of the evolving cybersecurity landscape in the context of Web3 technologies.
Key Discussion Points
About Speaker
Gregory Pickett is a Blackhat USA Speaker, CISSP, GCIA, GPEN. He is the founder and Head of Cybersecurity Operations for Hellfire Security. He has presented research at over seventeen international conferences. He is a Six-time speaker at Defcon and three-time speaker at Blackhat.
(Webinar) Recorded
Discussion Highlights
1. Common Attacks
2. NUWA Hack
3. Important Events/States To Emit
4. Important Operational Capabilities
5. TenderFi Hack
6. AquaDAO Hack
7. Exchange Hack
8. Fintech Hack
9. Buying Products (or Services) to Solve Problems
10. Hope Is Not A Strategy
(PPT) Presentation From The Discussion