rsa - All Articles - CISO Platform2024-03-29T00:59:55Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/rsaDemystifying Security Analytics: Data, Methods, Use Cases (RSA Conference 2016)https://www.cisoplatform.com/profiles/blogs/demystifying-security-analytics-data-methods-use-cases-rsa-confer2016-04-04T07:00:00.000Z2016-04-04T07:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p></p>
<p><span class="font-size-5">Demystifying Security Analytics: Data, Methods, Use Cases</span></p>
<p><span><span>Many vendors sell “security analytics” tools. Also, some organizations built their own security analytics toolsets and capabilities using Big Data technologies and approaches. How do you find the right approach for your organization and benefit from this analytics boom? How to start your security analytics project and how to mature the capabilities?</span></span></p>
<p></p>
<p></p>
<p></p>
<p><span class="font-size-5">Speakers</span></p>
<p><strong><span>Anton Chuvakin</span></strong> <span>(</span><strong><span> <span><a href="http://twitter.com/anton_chuvakin"></a><a class="in-cell-link" href="http://twitter.com/anton_chuvakin" target="_blank">@anton_chuvakin</a> </span></span></strong><span><span>)</span></span></p>
<p><span><span><a href="http://twitter.com/anton_chuvakin"></a><span>Research Vice President, Gartner<br /> <br /> Anton Chuvakin is a Research Vice President in Gartner for Technical Professionals (GTP) Security and Risk Management group. Before Chuvakin joined Gartner, his job responsibilities included security product management, evangelist, research, competitive analysis, PCI DSS compliance, and SIEM development and implementation. He is an author of the books “Security Warrior” and “PCI Compliance” and a contributor to “Know Your Enemy II,” “Information Security Management Handbook” and other books. He has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS and security management. His blog “Security Warrior” was one of the most popular in the industry.</span></span></span></p>
<p></p>
<p></p>
<p><span class="font-size-5">Detailed Presentation:</span></p>
<p><span class="font-size-6"> </span></p>
<p><iframe width="595" height="485" src="//www.slideshare.net/slideshow/embed_code/key/DmLD8jjjvcdyy8" frameborder="0"></iframe>
</p>
<div style="margin-bottom:5px;"><strong><a href="//www.slideshare.net/cisoplatform7/demystifying-security-analytics-data-methods-use-cases" title="Demystifying Security Analytics: Data, Methods, Use Cases" target="_blank">Demystifying Security Analytics: Data, Methods, Use Cases</a></strong> from <strong><a target="_blank" href="//www.slideshare.net/cisoplatform7">Priyanka Aash</a></strong></div>
<div style="margin-bottom:5px;"></div>
<div style="margin-bottom:5px;"><strong>(Source: RSA USA 2016, San Francisco)</strong></div>
<p></p>
<p><span class="font-size-4"><a href="http://event.cisoplatform.com/quick-member-sign-up-content/" target="_blank"><img width="750" src="{{#staticFileLink}}8669803085,original{{/staticFileLink}}" class="align-center" alt="8669803085?profile=original" /></a></span></p>
<p></p>
<p></p>
<p></p>
<p></p>
<p></p></div>Top 10 talks on Cloud Security & Virtualization from RSA Conference USA 2018https://www.cisoplatform.com/profiles/blogs/top-10-talks-on-cloud-security-amp-virtualization-from-rsa2018-06-08T06:00:00.000Z2018-06-08T06:00:00.000ZY R Chandra Sekhar Varmahttps://www.cisoplatform.com/members/YRChandraSekharVarma<div><p><span style="font-size:12pt;">We have handpicked the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top talks on Cloud Security & Virtualization at RSA Conference USA 2018.</span></p><p><span style="font-size:12pt;">RSA Conference held its event in San Francisco, CA at the Moscone Center & Marriott Marquis and brought together a record number of 50,000 attendees.Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars. Keynotes, sessions and debates focused on New Attack Technique, Encryption, Artificial Intelligence, Machine Learning, Internet Of Things, Cloud Security & Virtualization & many more.</span></p><p><span style="font-size:12pt;">(Source: RSA Conference USA 2018)</span></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/building-and-adopting-a-cloud-native-security-program" target="_blank"><img width="750" src="{{#staticFileLink}}8669820688,original{{/staticFileLink}}" class="align-full" alt="8669820688?profile=original" /></a></p><p><span style="font-size:18pt;"><strong>1. <a href="http://www.cisoplatform.com/profiles/blogs/building-and-adopting-a-cloud-native-security-program" target="_blank">Building and Adopting a Cloud-Native Security Program</a></strong></span></p><p><span style="font-size:14pt;"><strong>Speakers: </strong>Rich Mogull, Bill Burns</span></p><p><span style="font-size:12pt;"><span>Cloud is a new frontier that requires new architectures, higher velocity processes and crisper business-level metrics—all of which smacks security programs square in the face. This session will leverage the nearly 20 years of the speakers’ combined cloud experience to lay out a complete strategy for building out a cloud-first security program that covers infrastructure and application development.</span></span></p><p><span style="font-size:14pt;"><strong><a href="http://www.cisoplatform.com/profiles/blogs/building-and-adopting-a-cloud-native-security-program" target="_blank">>> Go To Presentation</a></strong></span></p><p></p><p></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/chaoslingr-introducing-security-based-chaos-testing" target="_blank"><img width="750" src="{{#staticFileLink}}8669820096,original{{/staticFileLink}}" class="align-center" alt="8669820096?profile=original" /></a></p><p><span style="font-size:18pt;"><b>2. <a href="http://www.cisoplatform.com/profiles/blogs/chaoslingr-introducing-security-based-chaos-testing" target="_blank">ChaoSlingr: Introducing Security-Based Chaos Testing</a></b></span></p><p><span style="font-size:18.6667px;"><b>Speakers: </b></span><span style="font-size:18.6667px;">Grayson Brewer, Aaron Rinehart</span></p><p><span style="font-size:12pt;">ChaoSlingr introduces the discipline of security testing into chaos engineering with the focus on driving failure out of the model and going beyond the reactive processes that currently dominate traditional security testing methodology.</span></p><p><span style="font-size:14pt;"><strong><a href="http://www.cisoplatform.com/profiles/blogs/chaoslingr-introducing-security-based-chaos-testing" target="_blank">>> Go To Presentation</a></strong></span></p><p></p><p><span style="font-weight:400;">( Read More:</span> <a href="http://www.cisoplatform.com/profiles/blogs/top-6-cloud-security-talks-from-rsa-usa-2016"><span style="font-weight:400;">Top 6 'Cloud Security' talks from RSA Conference 2016 (USA) </span></a>)</p><p></p><p></p><p></p><p></p><p></p><p><span style="font-size:14pt;"><strong><a href="http://www.cisoplatform.com/profiles/blogs/corpsec-what-happened-to-corpses-a-and-b" target="_blank"><img width="750" src="{{#staticFileLink}}8669821055,original{{/staticFileLink}}" class="align-center" alt="8669821055?profile=original" /></a></strong></span></p><p><span style="font-size:18pt;"><strong>3. <a href="http://www.cisoplatform.com/profiles/blogs/corpsec-what-happened-to-corpses-a-and-b" target="_blank">Corpsec: “What Happened to Corpses A and B?”</a></strong></span></p><p><span style="font-size:14pt;"><strong>Speaker: </strong>Chris Czub</span></p><p><span style="font-size:12pt;">Living BeyondCorp comes with its own challenges. This talk will dive into how Duo gets our hands around difficult problems regarding the security and management of cloud services and endpoints internally. This session will cover technical details of our security orchestration and automation approach, cloud service monitoring, and chatops-driven endpoint application whitelisting strategies.</span></p><p><span style="font-size:14pt;"><strong><a href="http://www.cisoplatform.com/profiles/blogs/corpsec-what-happened-to-corpses-a-and-b" target="_blank">>> Go To Presentation</a></strong></span></p><p></p><p></p><p></p><p></p><p></p><p><span style="font-size:14pt;"><strong><a href="http://www.cisoplatform.com/profiles/blogs/ephemeral-devops-adventures-in-managing-short-lived-systems" target="_blank"><img width="750" src="{{#staticFileLink}}8669821267,original{{/staticFileLink}}" class="align-full" alt="8669821267?profile=original" /></a></strong></span></p><p><span style="font-size:18pt;"><strong>4. <a href="http://www.cisoplatform.com/profiles/blogs/ephemeral-devops-adventures-in-managing-short-lived-systems" target="_blank">Ephemeral DevOps: Adventures in Managing Short-Lived Systems</a></strong></span></p><p><span style="font-size:14pt;"><strong>Speaker: </strong>Todd Carr</span></p><p><span style="font-size:12pt;">This talk will explore the concepts and experiences of using configuration management in a highly disposable environment of ephemeral virtual machines. It will cover why an operations team may desire such an environment, the tools the presenter used to build one, and most importantly, the sorts of failures, accomplishments and considerations encountered during the journey.</span></p><p><span style="font-size:14pt;"><strong><a href="http://www.cisoplatform.com/profiles/blogs/ephemeral-devops-adventures-in-managing-short-lived-systems" target="_blank">>> Go To Presentation</a></strong></span></p><p></p><p></p><p></p><p></p><p></p><p><span style="font-size:14pt;"><strong><a href="http://www.cisoplatform.com/profiles/blogs/fim-and-system-call-auditing-at-scale-in-a-large-container" target="_blank"><img width="750" src="{{#staticFileLink}}8669821284,original{{/staticFileLink}}" class="align-center" alt="8669821284?profile=original" /></a></strong></span></p><p><span style="font-size:18pt;"><strong>5. <a href="http://www.cisoplatform.com/profiles/blogs/fim-and-system-call-auditing-at-scale-in-a-large-container" target="_blank">FIM and System Call Auditing at Scale in a Large Container Deployment</a></strong></span></p><p><span style="font-size:14pt;"><strong>Speaker: </strong>Ravi Honnavalli</span></p><p><span style="font-size:12pt;">This will show how, on a large container deployment, the speaker achieved insight into security events like file events on sensitive files, system call auditing, user level activity trail, network activity, etc., by customizing and plumbing a stack of open source tools that use the underlying Linux’s inotify and kernel audit components and by aggregating these events centrally in Elasticsearch.</span></p><p><span style="font-size:14pt;"><strong><a href="http://www.cisoplatform.com/profiles/blogs/fim-and-system-call-auditing-at-scale-in-a-large-container" target="_blank">>> Go To Presentation</a></strong></span></p><p></p><p></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/humans-and-data-don-t-mix-best-practices-to-secure-your-cloud" target="_blank"><img width="708" src="{{#staticFileLink}}8669821468,original{{/staticFileLink}}" class="align-center" alt="8669821468?profile=original" /></a></p><p><span style="font-size:18pt;"><strong>6. <a href="http://www.cisoplatform.com/profiles/blogs/humans-and-data-don-t-mix-best-practices-to-secure-your-cloud" target="_blank">Humans and Data Don’t Mix: Best Practices to Secure Your Cloud</a></strong></span></p><p><span style="font-size:14pt;"><strong><span>Speaker: </span></strong>Stephen Schmidt</span></p><p><span style="font-size:12pt;"><span>While the causes of outages are varied, human error far outpaces all hardware failures. The risk of humans touching sensitive data is clear, but the tools, techniques and risk-mitigation strategies lag behind current realities. Stephen Schmidt, AWS CISO, will share hard-earned lessons around potential gaps in your security plan, along with steps to lessen potential angles of attack.</span></span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/humans-and-data-don-t-mix-best-practices-to-secure-your-cloud" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/office-365-security-top-priorities-for-30-days-90-days-and-beyond" target="_blank"><img width="604" src="{{#staticFileLink}}8669821489,original{{/staticFileLink}}" class="align-center" alt="8669821489?profile=original" /></a></p><p><span style="font-size:18pt;"><strong>7. <a href="http://www.cisoplatform.com/profiles/blogs/office-365-security-top-priorities-for-30-days-90-days-and-beyond" target="_blank">Office 365 Security: Top Priorities for 30 Days, 90 Days and Beyond</a></strong></span></p><p><span style="font-size:14pt;"><strong><span>Speakers: </span></strong>Matt Kemelhar, Mark Simos</span></p><p><span style="font-size:12pt;"><span>Based on investigations of real-world attacks, Microsoft Office 365 cybersecurity experts provide a prescriptive approach to identifying and implementing the most critical security controls to protect your Office 365 tenant. You will learn threats and defenses change from on-premises attacks and what Microsoft recommends for quickly protecting against the most likely and impactful risks.</span></span></p><p><span style="font-size:14pt;"><strong><span><a href="http://www.cisoplatform.com/profiles/blogs/office-365-security-top-priorities-for-30-days-90-days-and-beyond" target="_blank">>> Go To Presentation</a><a href="http://www.cisoplatform.com/profiles/blogs/office-365-security-top-priorities-for-30-days-90-days-and-beyond" target="_blank"></a></span></strong></span></p><p></p><p></p><p></p><p></p><p><span style="font-size:14pt;"><strong> </strong></span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/pragmatic-security-automation-for-cloud" target="_blank"><img width="750" src="{{#staticFileLink}}8669822056,original{{/staticFileLink}}" class="align-full" alt="8669822056?profile=original" /></a></p><p><span style="font-size:18pt;"><strong>8. <a href="http://www.cisoplatform.com/profiles/blogs/pragmatic-security-automation-for-cloud" target="_blank">Pragmatic Security Automation for Cloud</a></strong></span></p><p><span style="font-size:14pt;"><strong><span>Speaker: </span></strong>Rich Mogull</span></p><p><span style="font-size:12pt;">Everything in cloud computing is automated and API-enabled, giving security teams a big opportunity to build and embed security into infrastructures. From continuous guardrails to automated "afterburners" to speed up complex processes, this advanced session leverages the latest software-defined security techniques and shows how to integrate automation. Be prepared for demos, design patterns and a little code.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/pragmatic-security-automation-for-cloud" target="_blank">>> Go To Presentation</a></span></p><p></p><p>( <span style="font-weight:400;">Read More:</span> <span style="font-weight:400;"><a href="http://www.cisoplatform.com/profiles/blogs/ciso-platform-top-it-security-influencers">CISO Platform Top IT Security Influencers (Part 1)</a> )</span></p><p></p><p></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/red-team-vs-blue-team-on-aws" target="_blank"><img width="750" src="{{#staticFileLink}}8669822077,original{{/staticFileLink}}" class="align-center" alt="8669822077?profile=original" /></a></p><p><span style="font-size:18pt;"><strong>9. <a href="http://www.cisoplatform.com/profiles/blogs/red-team-vs-blue-team-on-aws" target="_blank">Red Team vs. Blue Team on AWS</a></strong></span></p><p><span style="font-size:14pt;"><strong><span>Speakers: </span></strong>Kolby Allen, Teri Radichel</span></p><p><span style="font-size:12pt;">Cloud attack vectors and security controls are different. Many companies breached on AWS moved sensitive data to AWS following best practices or implementing cloud security controls correctly. Reports indicate that hybrid cloud implementations have weaknesses and research finds that devs are the new security target. See Kolby Allen and Teri Radichel duke it out as Teri attacks an AWS account and Kolby defends it.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/red-team-vs-blue-team-on-aws" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/transfer-learning-repurposing-ml-algorithms-from-different" target="_blank"><img width="750" src="{{#staticFileLink}}8669822098,original{{/staticFileLink}}" class="align-center" alt="8669822098?profile=original" /></a></p><p><span style="font-size:18pt;"><b>10. <a href="http://www.cisoplatform.com/profiles/blogs/transfer-learning-repurposing-ml-algorithms-from-different" target="_blank">Transfer Learning: Re-purposing ML Algorithms from Different Domains to Cloud Defense</a></b></span></p><p><span style="font-size:18.6667px;"><b><span><strong>Speaker: </strong></span></b>Mark Russinovich</span></p><p><span style="font-size:12pt;"><span>Machine learning algorithms are key to modern at-scale cyberdefense. Transfer learning is a state of the art ML paradigm that enables applying knowledge and algorithms developed from one field to another, resulting in innovative solutions. This talk presents transfer learning in action wherein techniques created from other areas are successfully re-purposed and applied to cybersecurity.</span></span></p><p><span style="font-size:18.6667px;"><b><span><a href="http://www.cisoplatform.com/profiles/blogs/transfer-learning-repurposing-ml-algorithms-from-different" target="_blank">>> Go To Presentation</a></span></b></span></p><p></p><p></p><p><span style="font-size:10pt;"><b><a href="https://goo.gl/TjBE3W" target="_blank"><img src="http://i67.tinypic.com/1445we9.png?width=750" width="750" class="align-full" alt="1445we9.png?width=750" /></a></b></span></p><p><a href="https://goo.gl/TjBE3W" target="_blank"><span style="font-size:18pt;">Your Complete Guide To Top Talks @RSA Conference 2018 (USA)</span></a></p><p>Get your FREE Guide on Top Talks @ RSA Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.</p><p><a href="https://goo.gl/TjBE3W" target="_blank"><span style="font-size:14pt;">>>Click Here To Get Your FREE Guide</span></a></p><p> </p><p> </p></div>Top 10 Talks on Application Security from RSA Conference USA 2018https://www.cisoplatform.com/profiles/blogs/top-10-talks-on-application-security-from-rsa-conference-usa-20182018-06-19T09:00:00.000Z2018-06-19T09:00:00.000ZKuladeep Tummalahttps://www.cisoplatform.com/members/KuladeepTummala<div><p><span>Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top talks on Application Security at RSA Conference USA 2018.</span></p><p><span>RSA Conference held its event in San Francisco, CA at the Moscone Center & Marriott Marquis and brought together a record number of 50,000 attendees.Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars. Keynotes, sessions and debates focused on New Attack Technique, Encryption, Artificial Intelligence, Machine Learning, Internet Of Things, Cloud Security & Virtualization & many more.</span></p><p><span>(Source: RSA Conference USA 2018)</span></p><p></p><p></p><p></p><p></p><p><span style="font-size:18pt;">1. <a href="http://www.cisoplatform.com/profiles/blogs/efficacy-of-layered-application-security-through-the-lens-of" target="_blank">Efficacy of Layered Application Security through the Lens of Hacker</a></span></p><p><span style="font-size:14pt;"><strong>Speakers:</strong> Dr. Bill Chen, Gyan Prakash</span></p><p><span>Discussion will start on web app threat model, sharing the effectiveness analysis of common app sec tools including SAST, DAST, IAST, RASP, WAF, bot detection, DB monitoring, open source scan and bin composition analysis. The discussion will cover the strategy to build cost-effective SDLC stack to minimize the appsec exposure and emerging risks from AI-assisted hacking tools with actionable recommendations.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/efficacy-of-layered-application-security-through-the-lens-of" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p><span style="font-size:14pt;"><span style="font-size:18pt;">2.</span> <a href="http://www.cisoplatform.com/profiles/blogs/realizing-software-security-maturity-the-growing-pains-and-gains" target="_blank"><span style="font-size:18pt;">Realizing Software Security Maturity: The Growing Pains and Gains</span></a></span></p><p><span style="font-size:14pt;"><strong>Speakers:</strong> Kelby Ludwig, Mark Stanislav</span></p><p><span>Software security is often boiled down to the “OWASP Top 10,” resulting in an ineffective sense of what maturity-focused, comprehensive application security could be like. How then should an organization consider building a holistic program that seeks to grow in maturity over time? Come hear how one team has taken on this challenge and learn what has, and has not, worked on their own journey.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/realizing-software-security-maturity-the-growing-pains-and-gains" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p><span style="font-size:18pt;">3. <a href="http://www.cisoplatform.com/profiles/blogs/lost-in-the-ether-how-ethereum-hacks-are-shaping-the-blockchain" target="_blank">Lost in the Ether: How Ethereum Hacks Are Shaping the Blockchain Future</a></span></p><p><span style="font-size:14pt;"><strong>Speaker:</strong> Marc Laliberte</span></p><p><span>Valued at over $24 billion in total, Ether is the second largest crypto currency, only behind Bitcoin. In the last two years, cybercriminals have exploited code flaws, web app vulnerabilities and social engineering to steal over $100 million in Ether crypto currency. This session will cover smart contracts and the Ethereum Virtual Machine as well as a history of how these heists have shaped Ethereum.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/lost-in-the-ether-how-ethereum-hacks-are-shaping-the-blockchain" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p><span style="font-size:14pt;"><span style="font-size:18pt;">4.</span> <a href="http://www.cisoplatform.com/profiles/blogs/order-vs-mad-science-analyzing-black-hat-swarm-intelligence" target="_blank"><span style="font-size:18pt;">Order vs. Mad Science: Analyzing Black Hat Swarm Intelligence</span></a></span></p><p><span style="font-size:14pt;"><strong>Speaker:</strong> Derek Manky</span></p><p><span>White hat defense systems continue to improve on supervised learning sets using machine and deep learning neural networks to defend against an exploding attack surface. Zombies that require commands from botnet herders are becoming intelligent, capable of their own decisions as we saw with Hajime in 2017. Swarm intelligence can be used to enhance these networks. What can we do to defend?</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/order-vs-mad-science-analyzing-black-hat-swarm-intelligence" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p><span style="font-size:18pt;">5. <a href="http://www.cisoplatform.com/profiles/blogs/the-unexpected-attack-vector-software-updaters" target="_blank">The Unexpected Attack Vector: Software Updaters</a></span></p><p><span style="font-size:14pt;"><strong>Speaker:</strong> Elia Florio</span></p><p><span>Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.Every day millions of computers perform silently a simple task with great risk exposure: download and execute code through a software updater. An updater introduces a dangerous attack surface represented by unsafe code practice, unsecure protocols or server infrastructure not adequately protected. This talk will dive into incidents like CCleaner, ShadowPad and Medoc, and tools used to hijack updaters.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/the-unexpected-attack-vector-software-updaters" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p><span style="font-size:18pt;">6. <a href="http://www.cisoplatform.com/profiles/blogs/ccleaner-apt-attack-a-technical-look-inside" target="_blank">CCleaner APT Attack: A Technical Look Inside</a></span></p><p><span style="font-size:14pt;"><strong>Speaker:</strong> Ondrej Vlcek</span></p><p><span>Avast CTO Ondrej Vlček breaks down the sophisticated CCleaner supply-chain malware attack, providing new unpublished findings about the unique stealth, steganography and exfiltration techniques used by the attackers. Avast will dissect the malicious payload, inner workings of the CnC server environment, and analyze how the attack went unnoticed by the global security industry—for almost a month.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/ccleaner-apt-attack-a-technical-look-inside" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p><span style="font-size:18pt;">7. <a href="http://www.cisoplatform.com/profiles/blogs/common-infrastructure-exploits-in-aws-gcp-azure-servers-and" target="_blank">Common Infrastructure Exploits in AWS/GCP/Azure Servers and Containers</a></span></p><p><span style="font-size:14pt;"><strong>Speaker:</strong> Alexi Papaleonardos</span></p><p><span>IaaS clouds transformed datacenter security architecture by enabling programmatic detection of flaws, making the cloud more transparently secure than any legacy architecture. But security practitioners who assume congruence to legacy designs miss where attack surface and visibility has changed. With concrete examples, this talk will explore the practical risks posed by misunderstanding VPC DNS and more.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/common-infrastructure-exploits-in-aws-gcp-azure-servers-and" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p><span style="font-size:18pt;">8. <a href="http://www.cisoplatform.com/profiles/blogs/early-detection-of-malicious-activity-how-well-do-you-know-your" target="_blank">Early Detection of Malicious Activity—How Well Do You Know Your DNS?</a></span></p><p><span style="font-size:14pt;"><strong>Speaker:</strong> Merike Kaeo</span></p><p><span>The Domain Name System is deceptively simple and often underutilized as a security tool. Once you start looking under the cover there is a wealth of detail that can be used as an early warning system to predict new targeted attacks. In this session Farsight Security CTO Merike Kaeo will provide a detailed look at how DNS information can be used to indicate suspicious activity and prevent attacks.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/early-detection-of-malicious-activity-how-well-do-you-know-your" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p><span style="font-size:18pt;">9. <a href="http://www.cisoplatform.com/profiles/blogs/exfiltrating-data-through-iot" target="_blank">Exfiltrating Data through IoT</a></span></p><p><span style="font-size:14pt;"><strong>Speakers:</strong> Chet Hosmer, Michael Raggo</span></p><p><span>IoT offers a plethora of new protocols and frequencies over which communication travels. Protocols and services such as SSDP, P25, Zigbee, Z-Wave, WiFi and more provide countless ways to exfiltrate data or infiltrate the network. Through real-world examples, sample code and demos, presenters will bring to light these threats and new methods for detecting aberrant behavior emanating to/from these devices.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/exfiltrating-data-through-iot" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p></p><p></p><p><span style="font-size:18pt;">10. <a href="http://www.cisoplatform.com/profiles/blogs/poison-pixels-combatting-image-steganography-in-cybercrime" target="_blank">Poison Pixels—Combatting Image Steganography in Cybercrime</a></span></p><p><span style="font-size:14pt;"><strong>Speaker:</strong> Simon Wiseman</span></p><p><span>Image steganography is becoming the attack vector of choice for cyber criminals. This session explains what Stegware is, how it is being used (anti-virus evasion, covert command & control channels, data exfiltration), how it works (redundant data, LSB injection, ordering), why detection strategies will continue to fail to tackle the problem and how transformation can annihilate it.</span></p><p><span style="font-size:14pt;"><a href="http://www.cisoplatform.com/profiles/blogs/poison-pixels-combatting-image-steganography-in-cybercrime" target="_blank">>> Go To Presentation</a></span></p><p></p><p></p><p><a href="https://goo.gl/JD9QzR" target="_blank"><span style="font-size:18pt;">Your Complete Guide To Top Talks @RSA Conference 2018 (USA)</span></a></p><p>Get your FREE Guide on Top Talks @ RSA Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.</p><p><span style="font-size:14pt;"><a href="https://goo.gl/JD9QzR" target="_blank">>>Click Here To Get Your FREE Guide</a></span></p><p><span style="font-size:10pt;"> </span></p><p><span style="font-size:10pt;"> </span></p></div>Top 7 Talks On Identity Amp Access Management From Rsa Conferencehttps://www.cisoplatform.com/profiles/blogs/top-7-talks-on-identity-amp-access-management-from-rsa-conference2018-06-20T09:30:00.000Z2018-06-20T09:30:00.000ZKuladeep Tummalahttps://www.cisoplatform.com/members/KuladeepTummala<div><p><span>Our editorial team has handpicked the best of the best talks at RSA Conference - one of the largest IT Security Conference in the world. Following is the list of top talks on Identity & Access Management at RSA Conference USA 2018.<br /> <br /> RSA Conference held its event in San Francisco, CA at the Moscone Center & Marriott Marquis and brought together a record number of 50,000 attendees.Attendees experienced keynotes, peer-to-peer sessions, top notch track sessions, tutorials and seminars. Keynotes, sessions and debates focused on New Attack Technique, Encryption, Artificial Intelligence, Machine Learning, Internet Of Things, Cloud Security & Virtualization & many more.<br /> <br /> (Source: RSA Conference USA 2018)</span></p><p></p><p></p><p></p><p><span><a href="http://www.cisoplatform.com/profiles/blogs/adventures-in-open-banking-understanding-oauth-and-openid-client" target="_blank"><img src="http://i68.tinypic.com/2jbp5wm.jpg?width=750" width="750" class="align-full" alt="2jbp5wm.jpg?width=750" /></a></span></p><p><span>1. <a href="http://www.cisoplatform.com/profiles/blogs/adventures-in-open-banking-understanding-oauth-and-openid-client" target="_blank">Adventures in Open Banking: Understanding OAuth and OpenID Client Ecosystems</a></span></p><p><span>Speaker: Pamela Dingle</span></p><p><span>What happens when you need to create an open API ecosystem with robust security requirements, in a short period of time, implemented by conservative entities and mandated across the entire EU? Enter the complex world of Open Banking. In this talk, Pam Dingle will unpack the thrills and chills of the standards profiles and security measures that form the OpenID Foundation’s UK Open Banking profile.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/adventures-in-open-banking-understanding-oauth-and-openid-client" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><span><a href="http://www.cisoplatform.com/profiles/blogs/can-blockchain-enable-identity-management" target="_blank"><img src="http://i64.tinypic.com/vhx1zc.jpg?width=750" width="750" class="align-full" alt="vhx1zc.jpg?width=750" /></a></span></p><p><span>2. <a href="http://www.cisoplatform.com/profiles/blogs/can-blockchain-enable-identity-management" target="_blank">Can Blockchain Enable Identity Management?</a></span></p><p><span>Speakers: Kurt Lieber, Prakash Sundaresan</span></p><p><span>Blockchain continues to gain traction in the market place as a compelling solution for making identity and access management (IAM) more cost effective by harnessing the power of distributed members in order to “crowdsource” identity services. This session will review an attempt to prove this hypothesis through a proof-of-concept (POC) built for a not-for-profit healthcare consortium.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/can-blockchain-enable-identity-management" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/fool-proof-protecting-digital-identity-in-the-age-of-the-data" target="_blank"><img src="http://i67.tinypic.com/10yjqzq.jpg?width=750" width="750" class="align-full" alt="10yjqzq.jpg?width=750" /></a></p><p><span>3. <a href="http://www.cisoplatform.com/profiles/blogs/fool-proof-protecting-digital-identity-in-the-age-of-the-data" target="_blank">Fool Proof: Protecting Digital Identity in the Age of the Data Breach</a></span></p><p><span>Speakers: Gregory Crabb, Paul Grassi</span></p><p><span>In the age of the data breach there are no more secrets. Name, address, date of birth and Social Security number have been the de facto identity attributes for years. But as this information has become more exposed it’s time for organizations to rethink identity proofing and take a more holistic approach to knowing who they are doing business with online.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/fool-proof-protecting-digital-identity-in-the-age-of-the-data" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/identity-based-security-and-privacy-for-the-internet-of-things" target="_blank"><img src="http://i67.tinypic.com/11kcwtl.png?width=750" width="750" class="align-full" alt="11kcwtl.png?width=750" /></a></p><p><span>4. <a href="http://www.cisoplatform.com/profiles/blogs/identity-based-security-and-privacy-for-the-internet-of-things" target="_blank">Identity-Based Security and Privacy for the Internet of Things</a></span></p><p><span>Speaker: Robert Brown</span></p><p><span>The Internet of Things presents both a challenge and opportunity for identity management - a challenge because existing mechanisms for authentication & authorization must be extended and adapted for the particular constraints of devices (both legacy and new) and an opportunity because the devices that users more and more carry with them offer new abilities to enable a more seamless authentication experience for those users. Both of these aspects demand a consistent, cohesive and interoperable identity layer across IoT verticals, platforms, and protocols. Critically, we need an identity layer that acknowledges the full continuum of risk (and so appropriate security measures) that the IoT presents. Good security means knowing who entities (both device & user) are and what they should or should not be allowed to do. Good privacy requires that users will be able to control how their devices collect, store and share data. This talk will examine how existing & new tools (like OAuth, UMA, FIDO, and DLTs) may help meet these fundamental requirements for securing the IoT.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/identity-based-security-and-privacy-for-the-internet-of-things" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/oauth-2-0-threat-landscapes" target="_blank"><img src="http://i66.tinypic.com/316kmlg.png?width=750" width="750" class="align-full" alt="316kmlg.png?width=750" /></a></p><p><span>5. <a href="http://www.cisoplatform.com/profiles/blogs/oauth-2-0-threat-landscapes" target="_blank">OAuth 2.0 Threat Landscapes</a></span></p><p><span>Speaker: Prabath Siriwardena</span></p><p><span>OAuth 2.0 is at the heart of OpenID Connect, Mobile Connect, UMA and many other popular standards. Understanding the threat landscapes in OAuth 2.0 is essential in building a secured identity infrastructure. This talk will guide you through multiple attacks that took place over last couple of years, their root causes and how to mitigate any future security exploits by following best practices.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/oauth-2-0-threat-landscapes" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/passwords-and-fingerprints-and-faces-oh-my-comparing-old-and-new" target="_blank"><img src="http://i68.tinypic.com/2vi2drr.jpg?width=750" width="750" class="align-full" alt="2vi2drr.jpg?width=750" /></a></p><p><span>6. <a href="http://www.cisoplatform.com/profiles/blogs/passwords-and-fingerprints-and-faces-oh-my-comparing-old-and-new" target="_blank">Passwords and Fingerprints and Faces—Oh My! Comparing Old and New Authentication</a></span></p><p><span>Speaker: Jackson Shaw</span></p><p><span>People use more passwords today than ever before. But with the advent of Apple’s latest iPhone releases and its TouchID and FaceID technologies, we’ll begin to see a wider acceptance of some biometrics methods like fingerprint and facial scanning. This session will assess the security of these methods compared to the tried and true password.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/passwords-and-fingerprints-and-faces-oh-my-comparing-old-and-new" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/risk-based-approach-to-deployment-of-omnichannel-biometrics-in" target="_blank"><img src="http://i65.tinypic.com/2rx72ad.jpg?width=750" width="750" class="align-full" alt="2rx72ad.jpg?width=750" /></a></p><p><span>7. <a href="http://www.cisoplatform.com/profiles/blogs/risk-based-approach-to-deployment-of-omnichannel-biometrics-in" target="_blank">Risk-Based Approach to Deployment of Omnichannel Biometrics in Sberbank</a></span></p><p><span>Speakers: Leyla Goncharenko, Anton Mitrofanov</span></p><p><span>This session will present a case study about the innovative approach that Sberbank has taken to implement biometrics in the bank with over 100M customers. Speakers will share best practices in designing an omnichannel user experience for customers, and how risk-based approach and machine learning helped them to build an intelligent system that is soft to legitimate users and hard to fraudsters.</span></p><p><a href="http://www.cisoplatform.com/profiles/blogs/risk-based-approach-to-deployment-of-omnichannel-biometrics-in" target="_blank">>>Go To Presentation</a></p><p></p><p></p><p><a href="https://goo.gl/GXFXoZ" target="_blank"><img src="http://i67.tinypic.com/1445we9.png?width=750" width="750" class="align-full" alt="1445we9.png?width=750" /></a></p><p><a href="https://goo.gl/GXFXoZ" target="_blank"><span style="font-size:18pt;">Your Complete Guide To Top Talks @RSA Conference 2018 (USA)</span></a></p><p>Get your FREE Guide on Top Talks @ RSA Conference 2018 (USA) . Our editorial team has gone through all the talks and handpicked the best of the best talks at RSA Conference into a single guide. Get your Free copy today.</p><p><span style="font-size:14pt;"><a href="https://goo.gl/GXFXoZ" target="_blank">>>Click Here To Get Your FREE Guide</a></span></p><p> </p><p> </p></div>