About Speaker

Rajiv Nandwani (Moderator), Dr. Yusuf Hashmi and Kuldeep Kaushal

(PPT) Presentation From The Discussion

About Speaker

Gowdhaman Jothilingam (Moderator), Yudhisthira Sahoo, Basil Dange, Jagannath Sahoo, Prabhakar Ramakrishnan, Koushik Nath, Balram Choudhary, M.Sathish Kumar, Sathish Eathuraj, Ramkumar Dilli, Srinivasulu Thayam, Suprakash Guha

(PPT) Presentation From The Discussion

About Speaker

Gowdhaman Jothilingam, Global CISO and Head IT, Latent View

(PPT) Presentation From The Discussion

About Speaker

Arnab Chattopadhayay, CTO, FireCompass

Bikash Barai, CEO, Firecompass

(PPT) Presentation From The Discussion

About Speaker

Nikhil Fogat, Regional Sales Director- North Enterprise, SentinelOne

Shanker Sareen, Head Marketing - SentinelOne India and SAARC

(PPT) Presentation From The Discussion

About Speaker

Tushar Haralkar, Principal Technical Sales Leader, Security Software, IBM India South Asia

(PPT) Presentation From The Discussion

About Speaker

Chandrashekhar Basavanna, CEO, Secpod

(PPT) Presentation From The Discussion

About Speaker

Advocate Dr. Prashant Mali, Cyber Law and Data Protection Lawyer, Bombay High Court

(PPT) Presentation From The Discussion

About Speaker

Bikash Barai, Co-founder & Advisor, CISO Platform

(PPT) Presentation From The Discussion

As technology continues to evolve, so too the threats to the security of enterprises. As we enter 2023, the threat landscape for enterprises is becoming increasingly complex, fast-moving, with cyber threats growing in both volume and sophistication. The threat actors are using technology and knowledge from multiple domains to weaponize and create layers of techniques forming complex advanced attacks. From lone actor hacking for fun and some profit, cyber attack has turned into a full fledged underground industry. To protect against these threats, enterprises must adopt a comprehensive cybersecurity strategy.

Some of the key elements that ideally be included in any security strategy relevant for 2023 are:

• External attack surface management
• Continuous automated pen testing
• Identifying day 1 vulnerabilities at the earliest
• Protecting against supplier chain compromise threat
• Create mitigation plans against new classes of threat arising due to generative AI
• Continuously monitor against Ransomware susceptibility

External Attack Surface Management 

The external attack surface of an enterprise refers to all the potential entry points. It involves discovering an enterprise’s assets exposed over the internet, critical ports remaining open due to misconfiguration, exposed sensitive data, shadow IT by means of Cloud and other virtual environment, dangling domain records, leaked credential, leaked code and more. In 2023, external attack surface management should include monitoring of cloud environments, third-party vendors, and supply chain partners. Also, the capability to filter, validate, prioritize and integrate with enterprise security management systems are also essential.

Continuous Automated Pen Testing 

Traditional manual penetration testing is no longer sufficient in keeping up with the pace of technological advancements and the evolving threat landscape. Continuous automated pen testing provides businesses with a comprehensive view of their security posture and enables them to detect vulnerabilities quickly and respond promptly. It also allows businesses to conduct more frequent testing without impacting their day-to-day Advt Get App Leaders Speak Events Webinars More bilities ts Ransomware Cybercrime & Fraud Identity & Access Management GRC OT Security News Newsletters operations. Remember, the attackers are testing all the systems all the time whereas enterprise using traditional methods test some of the systems some of the time.

Identifying Day 1 Vulnerabilities 

Day 1 vulnerabilities refer to zero-day vulnerabilities or vulnerabilities found very recently and the existing hunting and defense systems yet to identify and implement controls. The threat actors today are very fast to exploit those before a patch or update is available. In 2023, identifying day 1 vulnerabilities should be a priority for businesses. Enterprises should focus on identifying Day 1 vulnerabilities on their attack surface, preferable in 24 hours of its publishing. Proactive vulnerability management, including vulnerability scanning and assessment, to identify vulnerabilities before they are exploited by attackers is becoming extremely crucial.

Incident response plans should also be in place to address any Day 1 vulnerabilities that are discovered. This will help businesses respond quickly and minimize the damage caused by any potential attacks.

Supplier Chain Compromise 

In recent years, threat actors have increasingly targeted third-party vendors and supply chain partners to gain access to an enterprise's network infrastructure. In the recent past, utilities, manufacturing and health care has seen APT actors attacking critical systems using supplier chain weaknesses. The impact has been very serious. In 2023, supplier chain compromise should be a focus for businesses as they are responsible for ensuring that their partners have adequate cybersecurity measures in place. Enterprises must establish a security vetting process for third-party vendors and suppliers and ensure that they adhere to their cybersecurity policies and standards. This will help prevent supply chain attacks, which can have devastating consequences for businesses.

Defense against Generative AI based threats 

Generative AI is an emerging technology that is transforming the way businesses operate. However, it is also presenting new challenges to cybersecurity. In 2023, businesses must address the new class of threat arising due to generative AI. Generative AI can be used to create convincing phishing emails and other social engineering attacks that can bypass traditional security defenses. Therefore, businesses must invest in AI-powered security tools that can detect and respond to these new types of threats. 

Continuous Monitoring of Ransomware Susceptibility 

Ransomware attacks have been on the rise over the past few years, with cybercriminals using increasingly sophisticated methods to target businesses. A recent data breach report from Verizon mentioned Ransomware attacks as a key threat to enterprises. It also mentions phishing emails, malicious downloads, and through compromised supply chain partners as key attack vectors commonly used by ransomwares. The consequences of a successful ransomware attack can be devastating. In addition to the financial impact of paying the ransom, businesses may also face lost productivity, data loss, and reputational damage. Furthermore, some threat actors may not honor their promise to restore the encrypted data, even if the ransom is paid. Apart from internal preparation it may be worthwhile for large operations to arrange Insurance cover. Business Interruption insurance or standard Errors and Omissions (E&O) may not be sufficient. There are specialized Insurers and Lloyds of London market may be tapped. Some of these Insurers have specialized units who can also help in audit of preparations and cover financial re-mediation to customers

Cybersecurity is a critical issue for enterprises in 2023, and they must focus on implementing a robust cybersecurity strategy to protect themselves from the increasing number of cyber threats. This includes External attack surface management, Continuous automated pen testing, Continuous monitoring, Identifying Day 1 vulnerabilities in near real-time, Protecting against supplier chain compromise threat, Create mitigation plans against new classes of threat arising due to generative AI, Continuously monitor against Ransomware susceptibility. By taking the approach mentioned above, an enterprise will be able to reduce the Get App Leaders Speak Events Webinars More bilities ts Ransomware Cybercrime & Fraud Identity & Access Management GRC OT Security News Newsletters gap in cybersecurity controls, mitigate risks at a speed that matches the current day's attackers.

Posted from CISOPlatform member Arnab Chattopadhyay (Member of the CybersecurityWorking Group, IET Future Tech Panel) 

Blog also here : https://ciso.economictimes.indiatimes.com/news/ot-security/cybersecurity-strategies-for-enterprise-in-2023/103046315

According to latest Threat Intelligence, 80% of the times, Ransomware gets initial access using Top 3 Attack Vectors:
1. Exploiting Vulnerabilities
2. Shadow IT & Stolen Credentials
3. Various Variants Of Phishing Attacks
This webinar covers 6 most critical and ransomware weaponized CVEs published in the last 3 months and how CISOs can identify them and immediately decrease the chance of Ransomware by 26%.

Key Discussion Points : 

• Key Insights on Reducing Ransomware Risk by 26% 
• Top 6 CVEs in last 3 months tracked by FireCompass Research Team
• Key Recommendations and Best Practices
• Know the 3 Weaknesses which leads to 80% Ransomwares

About Speaker

Jitendra Chauhan, Head of Research at FireCompass. Jitendra holds multiple patents in Information Security and has 18+ years of experience in key areas such as Building and Managing Highly Scalable Platforms, Red Teaming, Penetration Testing and SIEM.

(Webinar) Recorded

Discussion Highlights

1. 3 Weaknesses leads to 80% Ransomewares

2. Attackers Capability to scan internet in few days

One of the typical automation, without any human intervention is following

• Scan for targets on mass scale
• Profile the targets using custom crawlers or fingerprinting techniques
• Detect CVEs based on technology, or banner
• Attempt exploitation
• Attempt persistence

3. Ransomewares runs on Global Attack Surface

4.  CVE Prioritized in April by Firecompass

5. Possible Recommendations

• Threat Intel + Pentesting on Daily Basis.
• Combine ASM + Threat Intel + Vulnerability Management.
• Firecompass Day 1 CVE + Threat Exposure Alerts

6. Ransomewares targetted CVEs 

Incident Lifecycle Management : Threat Management - NIST Aligned Process

Incident Lifecycle Management (ILM) refers to the systematic process of handling and managing security incidents within an organization. It involves the entire lifecycle of an incident, from detection and response to resolution and learning. The goal of ILM is to minimize the impact of incidents on the organization's operations, systems, and data, while also improving incident response capabilities.. Threat Management, specifically NIST Aligned Process, refers to the approach of managing threats to an organization's information and technology systems in accordance with the guidelines and best practices outlined by the National Institute of Standards and Technology (NIST). NIST provides a comprehensive framework and resources for managing cybersecurity risks and protecting critical infrastructure.

Detection & Analysis

Identification
• Analyze logs and information security events
• Identify potential information security incidents.
• Categorize incident

Validation
• Validate incident scale and consequence.
• Assign
consequence, seventy and priority ratings.
• Review and confirm ratings
• Endorse ratings.

Declaration & Escalation
• Based on priority, assemble ISIRT and notify appropriate parties and escalate incidents. (e.g. cntical & high pronty crisis and emergency incidents escalated to Country Emergency Manager).

Response & Recovery

Containment, Investigation & Forensics
• Direct ISIRT, develop incident response plan, activate rapid response team if needed, and communicate incident to internal and external stakeholders.
• Perform incident containment, investigation and root cause analysis, forensics and evidence management.

Eradication
• Eradicate technical vulnerabilities and incident root causes.

Recovery
• Recover affected information systems and business operations.

Post Incident

Post Incident Activities
• Document lessons
learnt.
• Close incident.
• Create incident review report.
• Develop and implement IS-IM improvement recommendations.

(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)

Presentation For Reference

We are excited for the next ‘Best Of The World’ Session On "What's Hot For State CISOs In 2023?" by Dan Lohrmann (Field CISO, Presidio), Danielle Cox (CISO, West Virginia) & Michael Gregg (CISO, North Dakota)

The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. It has featured great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).

Key Discussion Points :

• What are top cyber threats that state and local governments face?
• What solutions are you implementing to address these cyber risks?
• Thoughts & projects on new technologies and applications like ChatGPT and other GenAI apps?
• How will they impact cybersecurity in your view?

You can join us here: https://attendee.gotowebinar.com/register/7309533942335246687

Please Note : Since the speakers are across the globe (best of the world in security), the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.

This webinar covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.

Key Discussion Points

• Understanding current cloud threats landscape
• Reviewing cloud attack vectors
• Recent examples of cloud security incidents
• Prioritize cloud security efforts

About Speaker

Moshe Ferber (Cloud Security Expert, Frequent Speaker at Defcon, Blackhat, RSAC APJ). Moshe served as high ranking manager in large corporations, founder of innovative startups, frequent lecturer at cyber conferences and major contributor to various cloud education programs and certifications.

(Webinar) Recorded

Discussion Highlights

1. CSA relevant publications

2.  IaaS/PaaS

• SaaS - Evaluate our providers correctly
• PaaS - Very hard to provide best practices
• IaaS - Gain the expertise for building secure applications

3. Exploitable workloads

• Atlassian Confluence servers hacked via Zero-Day Vulnerability
• Hildegard new team TNT Cryptojacking Malware targeting Kubernetes

4. Workloads with excessive permissions

• A hacker gained access to 100 million capital one credit card applications and accounts
• The attack on ONUS - areal life case of the Log4shell vulnerability

5. Unsecured keys, credentials, and application secrets

• Samsung spilled smart things app source code and secret keys
• CIrcle CI says hackers stole encryption keys and customers secrets

6. Exploitable authentication or authorization

7. Unauthorized access to object storage

8. Third party cross environment/account access leading to privilege escalation

(PPT) Presentation From The Discussion

Overview of Incident Response

Incident response is a critical aspect of any organization's cybersecurity strategy. When a security incident occurs, it is crucial to have a well-defined plan in place to handle the situation effectively. This blog post delves into the key components of incident response, focusing on the validation of incidents, containment measures, and the role of forensics in investigating and understanding security breaches.

1.Incident Validation

The first step in incident response is validating whether an incident has indeed occurred. This involves assessing the nature and severity of the event to determine its validity. The validation process typically includes gathering evidence, analyzing logs, and employing various detection tools and techniques to confirm the incident.

1.1 Evidence Collection
To validate an incident, it is essential to collect relevant evidence. This includes system logs, network traffic data, user reports, and any other artifacts that can provide insight into the incident. Proper evidence collection is crucial for a thorough investigation and ensures that critical information is not overlooked or compromised.

1.2 Analysis and Detection
Once the evidence is collected, it undergoes detailed analysis to detect any signs of compromise or malicious activity. Security analysts employ various tools and techniques, such as intrusion detection systems (IDS), security information and event management (SIEM) systems, and behavioral analytics, to identify anomalies and indicators of compromise.

(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)

2.Incident Containment 

Once an incident is validated, the next step is containment. The primary objective of containment is to limit the impact of the incident and prevent further damage to the organization's systems, data, and reputation. Prompt and effective containment measures are crucial to minimizing the potential harm caused by the incident.

2.1 Isolation and Segmentation
Isolating the affected systems or networks is a critical step in containment. By disconnecting compromised systems from the network, organizations can prevent lateral movement and limit the spread of the incident. Network segmentation techniques, such as virtual LANs (VLANs) and firewalls, are employed to restrict unauthorized access and contain the incident within a specific area.

2.2 Access Control and Privilege Management
Implementing stringent access controls and privilege management measures helps limit the impact of an incident. This involves revoking unnecessary privileges, enforcing strong authentication mechanisms, and implementing the principle of least privilege. By controlling access to sensitive resources, organizations can mitigate the risk of further compromise and maintain the integrity of their systems.

(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)

3.Forensics and Investigation

Once the incident is contained, the focus shifts towards conducting a thorough forensic investigation. Forensics play a vital role in understanding the scope and nature of the incident, identifying the root cause, and gathering evidence for potential legal proceedings. The following steps are typically involved in a forensic investigation:

3.1 Preservation of Evidence 
Preserving the integrity of evidence is of utmost importance in forensic investigations. This includes creating forensic copies of compromised systems, preserving logs, and maintaining a chain of custody to ensure the admissibility of evidence in legal proceedings.

3.2 Analysis and Reconstruction 
During the analysis phase, forensic experts examine the collected evidence to reconstruct the sequence of events leading up to the incident. This involves examining log files, system artifacts, and memory dumps to identify the tactics, techniques, and procedures (TTPs) employed by the attackers.

3.3 Attribution and Lessons Learned 
In some cases, it may be possible to attribute the incident to a specific threat actor or group. Forensic analysis, in conjunction with threat intelligence, can aid in determining the motives and tactics employed by the attackers. Additionally, the lessons learned from the incident can be used to improve security practices and enhance future incident response capabilities.

An effective incident response strategy is crucial for organizations to detect, validate, and respond to security incidents promptly and effectively. The process of incident response involves validating incidents, implementing containment measures, and conducting thorough forensic investigations. By following a well-defined incident response plan and leveraging the right tools and techniques, organizations can minimize the impact of security incidents and enhance their overall cybersecurity posture. 

P.S. I plan to add in more details from the slide, since it's a gold mine with so much relevant and interesting details

(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)

Presentation For Reference

We are excited for the next ‘Best Of The World’ Session On "Understanding Cloud Attack Vectors" by Moshe Ferber (Cloud Security Expert, Frequent Speaker at Defcon, Blackhat, RSAC APJ)

The 'Best Of The World' Series features the world's best security minds (researchers, inventors, subject experts, analysts). It covers security content and Q&A that is often hard to comprehend and you simply cannot ‘Google it’. It has featured great minds like Paul Raines (Nobel prize winner), Jacob Torrey (DARPA), Dr. Phil Polstra (Renowned Forensic Expert, BlackHat).

Key Discussion Points :

• Understanding current cloud threats landscape
• Reviewing cloud attack vectors
• Recent examples of cloud security incidents
• Prioritize cloud security efforts

You can join us here: https://info.cisoplatform.com/understanding-cloud-attack-vectors?utm_src=CPblog

Please Note : Since the speakers are across the globe (best of the world in security), the timings might be odd. In case the time does not suit your timezone, kindly register yourself, so you can get access to the recording post-session.

This webinar covers various aspects, including the rise in cyber security incidents, identification of vulnerabilities and loopholes, effective prevention strategies, mitigation techniques, and more. It aims to provide a comprehensive understanding of the evolving cybersecurity landscape in the context of Web3 technologies.

Key Discussion Points

• Discuss Security Incidents & Business Use Case
• Understanding Web 3 Pros
• Understanding Web 3 Cons. Prevention mechanism
• How to make sure that it doesn’t happen to you?

About Speaker

Gregory Pickett is a Blackhat USA Speaker, CISSP, GCIA, GPEN. He is the founder and Head of Cybersecurity Operations for Hellfire Security. He has presented research at over seventeen international conferences. He is a Six-time speaker at Defcon and three-time speaker at Blackhat.

(Webinar) Recorded

Discussion Highlights

1. Common Attacks

• Price Oracle Manipulation
• Improper Access Control
• Improper Validation and Logic Errors
• MEV Attacks (Front Running, Sandwiches)
• Traditional Methods :
  SIM Swapping, Phishing Attacks, Vulnerable Nodes, Abused Permissions, Abused Network

2. NUWA Hack

• ERC-20 Token
• Price Oracle Manipulation
• Publicly Known
• Liquidity Pool Imbalance
• Distorted Exchange Rate
• Used to Exchange At A Favorable Rate

3. Important Events/States To Emit

• Low Balances
• Liquidity Pool Ratios (Or Exchange Rates)
• Change in Ownership
• Funds Distributions
• Attributes Generated
• Wins/Losses

4. Important Operational Capabilities

• Blacklist Wallets
• Transfer Pools
• Pause Contract
• Kill Contract

5. TenderFi Hack

• DeFi Platform
• Price Oracle Misconfiguration
• Publicly Known
• Implicit Decimal Point
• Overvalued Token
• Produced a very favorable loan (larger than total value of all Bitcoin)

6. AquaDAO Hack

• Decentralized Autonomous Organization
• Governance Attack
• Insufficient Stake
• Malicious Proposal
• Destroyed Value

7. Exchange Hack

• Hot Wallet
• Abused Privileges
• Not Public
• No Privileged Access Management
• No Compensating Controls
• Transferred Funds Out of Hot Wallet
• Drained Hot Wallet
• No Privileged Access Management
• No Log Aggregation
• No Monitoring of Login/Logout Events
• No Access Attestation
• Enterprise Network
• Abused Network
• Not Public
• No Zoning, No Hardening, and No Governance
• No Compensating Controls
• All Customer Data include OTP Seeds
• Wouldn’t you like to know

8. Fintech Hack

• Key Engineer
• Phishing Attack
• Not Public
• Lacking Cybersecurity Fundamentals
• Buying Products to Solve Problems
• Who Knows
• No Security Awareness Training
• No SIEM Tuning
• No Flow Monitoring
• No Privileged Access Management

9. Buying Products (or Services) to Solve Problems

• Protecting Users (EDR)
• Protecting Network (SASE)
• Monitoring Activity (SIEM)
• Secure Software (SSDLC) (Audit Services)

10. Hope Is Not A Strategy

• They Are Looking for the Perfect Products
• If we have the right X/Y/Z, we will never have to worry about threats
• Web3 Itself Is Seen In A Similar Fashion
• Just Perform More Audits

(PPT) Presentation From The Discussion