This webinar focuses on Access Control Management, Physical Security Management, Network Security Management, Endpoint Security Management, Application Security Management, Encryption Technologies, Cloud Computing Security.

About Speaker

Suprakash works as General Manager in Lumina Datamatics Limited. He takes care of Information Security Management Systems for the PAN India Locations. He is a Certified CISO from EC Council. He is actively taking part in the Security Awareness Program, among the School Children. He has received many awards in recent past as a Infosec Leaders, like : Defenders 100 Awards from CIO AXIS, Infosec Maestros Award CIO CISO, CISO 100 Awards from CISO Platform.

Webinar (Recorded)

This webinar focuses on - Challenges with Risk Heatmap, Risk Scoping, Risk Model, Baby Steps toward Risk Quant.

About Speaker

Venkat provides thought Leadership in strategy and management of Cyber Defense, Cyber Risk, Cloud, IOT/Industrial Security for a national critical infrastructure projects like Defence, Smart Cities, Power, and Utilities. Develop cybersecurity service offerings & “Go to Market” strategy to drive the global cybersecurity business. Area of Interest AI/ML, Causal Modelling, and Cyber Risk Quantification.

Webinar (Recorded)

Reference Download Kit

Risk Quantification Beta Distribution Download Here

Risk Quantification Sample Risk Model Download Here

Definition
Penetration testing and red teaming activities have traditionally been heavily dependent on human testers and their toolkits of commercial and proprietary tools. A new market of solutions is emerging that can fully or semiautomate continuous or ad hoc network and infrastructure penetration test, and red team activities.

Why This Is Important
Security testing, like network penetration testing and red teaming, plays an important role in an organizations’ capabilities to identify exposures, vulnerabilities and weaknesses in their defenses. Many organizations only test on an annual or ad hoc basis, rarely testing more frequently or even continuously in their environments due to the cost and lack of internal expertise.

Business Impact

• More frequent testing of infrastructure and the cybersecurity defenses of an organization helps find and mitigate weaknesses, gaps and operational deficiencies faster.
• More organizations can take advantage of penetration testing and red teaming capabilities without having to hire expensive experts when building an internal testing capability.
• Time to schedule and execute tests is shorter when an organization is not reliant on the schedule of a testing firm.

>> Download Full Report

Drivers

• Vendors are adding more automation in their tools that can aid security operations teams
• Penetration testing tends to be an annual activity for many organizations due to the lack of budget and available resources, and to meet regulatory mandates or internal policy requirements
• Red teaming is still the purview of mature organizations that are prepared to benefit from these activities to validate and test the defenses and the “blue team.” However, human-led red teaming requires a specific set of expertise, processes and tools that can be expensive to develop.

Obstacles

• As an emerging market, adoption is low and there is little feedback from buyers to validate the efficacy and value of these solutions.
• Acceptance of the test results from these solutions by auditors, assessors and third-party risk teams is still unknown. Organizations using automated testing solutions should confirm whether test results would be acceptable to applicable parties.
• Solutions still need people to operate them. This means managing the tools along with doing the work. This is done to determine scope, gather the necessary information (such as IP address ranges or excluded assets), configure the parameters of the test in the tool, and monitor the execution of the test until completion.
• Current tools cannot address all variations of penetration tests that buyers may require, especially those that require people to be on site, like wireless and physical intrusion tests.

User Recommendations

• Do POCs and other due diligence to confirm that the solutions being considered are fit for purpose and will meet the buyer’s requirements. This is because the market is nascent and there is limited end-user experience with these tools.
• Confirm that the tools will be considered equivalent to the activities performed, and findings and results provided, by testing services providers. It is important in case you are planning to use these tools to address any audit or regulatory compliance requirements.
• Work with vendors in this space to help them refine and improve their solutions, and identify and prioritize new features and functionality, which benefit both parties

Courtesy : The above excerpt has been taken from a Gartner Report

>> Download Full Report

About The Report

In the Hype Cycle for Security Operations 2021, Gartner points out, organizations that can easily identify the event types that will impact their business in terms of brand damage or reduced operational capacity, stand a much greater chance of having an effective and measurable security operations capability.

Security operations technologies and services defend IT systems from attack by identifying threats and exposure to vulnerability — enabling effective response and remediation. The innovations included in this Hype Cycle aim to help security and risk management leaders strategize effectively.

Architectural complexity in corporate infrastructure is widening as organizations try to navigate their way through traditional IT infrastructure deployments, cloud-based deployments and hybrid approaches. Security operations technologies are designed to meet the diverse needs of modern organizations across these architectural challenges — providing greater visibility of threats and exposures, greater control, and faster response capabilities that work universally and cohesively. The demands of security are still heavily weighted in favor of effective processes and skilled individuals, with technologies becoming an enabler or efficiency-driver for an already effective SecOps team. The desire for a single platform to consolidate security capability continues to be prevalent in the market

>> Download Full Report

New Entrants to the Gartner Hype Cycle Security Operations 2021 : 

• Autonomous Penetration Testing and Red Teaming : Security testing like network penetration testing and red teaming, plays an important role in an organizations’ capabilities to identify exposures, vulnerabilities and weaknesses in their defenses.
• External Attack Surface Management (EASM) : EASM supports organizations in identifying risks from known and unknown internet facing assets and systems. Security leaders can use EASM capabilities to understand and manage risks from their digital businesses, as it provides valuable context and actionable information

>> Download Full Report

CISO Contributors

• Igors Konovalovs, Director Global Solution Specialist, Mandiant
• Bikash Barai, Co-founder CISO Platform; FireCompass
• Pradipta Kumar Patro, GM, Adani Group
• Mohd Imran, Group - Head Information Security, L&T Financial Services
• Manoj Kumar Shrivastava, CISO, Future Generali Insurance
• Vijay Kumar Verma, VP & Head Cyber Security Operations Center, Reliance Industries
• Sachchidanand M, Director, J.M. Financial Services Limited
• Pravin Desai, AVP Technology Cloud & Security Operation, Fullerton Credit India
• Nithin R, CISO, Bajaj Finserv Limited
  
  

Key Pointers

• Gaps in testing and validation
• What is BAS (Combining Intelligence with BAS)
• Reference Architecture (BAS & Control Validation)
• Critical capabilities
• Success and failure factors

(Fireside Chat) Recorded

Discussion Highlights

• So whenever you do a testing so the first portion that we need to see is the triangle completion that what is the time available for testing what is the scope of testing and how much the costs or the bandwidth in terms of manpower is available with you. You need to fill in this information and always there has to be a priorities assigned and before that you can have both blind testing as well as a intelligence led testing where you have a knowledge of a internal network so you always have to prioritize what are the internal internet exposed assets and out of those internet exposure sets how many are critical to your function
• Once you do a testing you also need to define on the objective of testing what is the objective of my testing. Is it just limited to finding vulnerabilities which could be exploited or can you define some kind of a success criteria that can be many things either getting a shell access to a system or getting a parameter manipulation where you have one credential to one system and whether you can manipulate your parameter and get access to other systems so these kind of success parameters on different applications of your targets could be designed and with these things in your mind you can actually then do that bridge attacks and then you can carry out your simulations.
• Mature organizations have a vulnerability management process in their organization, that scans, finds vulnerabilities and fixes them. The challenge which we face is identifying the vulnerabilities and fixing it and rescanning it. Between 2 resecans the gap is huge - gaps of 1 month or more. In these times this can be easily exploited by the adversaries. Major solution can be a continuous scanning on monitoring of these threads that will help or fill the gap of these months. So this is a major challenge which is kind of unsolved as an industry.
• The major breaches which has happened, the most important thing missed was asset management. What to protect is a major challenge and it's a practical challenge everywhere. There should be some solution with client-based solution and continuous assessment and a certain layer may be virtual patching etc. A lot of organizations work in silos and that intelligence is not being passed on to each others. There's not a single unified view. Setting up this process is very important. This is the automation part (Proactive vs Reactive Process)
• A lot of attacks target through systems not on payload. Threat Intel visibility or detection point view for SOC may not cover 100% of the organization. The attack surface is further increased with remote work from home. Autonomous SOC (level 1 alert triage) is about the volume, virtual analyst, machine leraning application. So ideally you want to automate detection and you also want to automate kind of attack or red team so if you can automate blue and red team and consistently and continuously do that then you actually can come to a place in your soc and your security where you only need to decide what do you want to test, no longer need to worry how you're going to test it who is going to detect it when you automate the basic part of detection and to a degree response and the attack part which breach and attack simulation is actually all about. 
  Then you start getting to that what we call autonomous soc and intelligence. This is kind of that component that you can use to direct your validation efforts by simply saying if we can use an attack a malware binary or a payload from an existing instance response investigation load it into a breach and attack simulation tool and then blast it against my autonomous soc which will automatically triage and detect it. That's how i know whether my security technologies are working or not so that is what we've seen actually being fairly powerful combination.
  
  
• The threat landscape is growing at an exponential rate while the regulatory bodies and security team talents grow at a slower pace. Combat is a huge issue. We need to have some kind of a platform or tool which will integrate all these pain points and give one dashboard. This dashboard will enable the CISO to efficiently track and monitor. External penetration testing is more rigorous while it's less rigorous for user segments and shared services. So that actually strengthens your complete zones and complete environments rather than just testing from your perimeters. So this kind of a scenario once we take an assumed breach and then we can have realistic targets also and then we can see whether you are secure when we start moving from those zones and in addition suppose you have certain controls which are placed to detect lateral movement it may be like you are doing some traffic monitoring from span ports which originates from cross zones.
• One interesting thing about intelligence-led bass is it focuses on the most important areas (bass) rather than a complicated view.
  
  If you have two sets of data and when you do the intersection you have that narrow set which tells that these are big threats from our threat actor perspective from our industry perspective etc. I can effectively prioritize better. One of the very interesting use case is that when you have this intelligence-led, you can actually do much better prioritization so that you can focus on only few things which you need to fix today rather than thousands of things which needs to be passed.

Gartner Hype Cycle is the most important analyst document which helps to find out the key trends in our Industry. The acceleration in digital transformation has brought about new threats. In the 2021 Hype Cycle for Security Operations, Gartner analyzes 21 profiles and points out that alongside a focus on detection and response, a continuous assessment and exposure-based approach is emerging in the Industry.

Key Points Of Discussion

• Which are the new technologies/trends in Gartner Hype Cycle - 2021?
• How to use insights from Gartner Hype Cycle for your security strategy
• Understating the future and emerging new shifts in security landscape

About Speaker

Ryan Benson, Ex Gartner Analyst, Director @ Stratascale

Bikash Barai, Co-founder FireCompass & CISO Platform

Podcast (Recorded)