Advanced Persistent Threats (APTs) are typically considered the pinnacle of the most dangerous attack types. APT actors are thought to deploy well-funded and purposeful multi-phased strategic cyber attacks against very specific targets. In other words, these threat actors launch a “stop at nothing” attack methodology to find a way into victims’ networks, and then use sophisticated techniques to remain undetected for extended periods of time.
Attend MISTI’s Advanced Persistent Threat eSummit to learn leading practices on readying your organization for an APT—as well as some of the other, more common attack types you’ve surely identified in your network.
Network security is a set of policies and procedures which guide the security management of a company’s hardware and software. The aim of a network security program is to prevent misuse, abuse, unauthorized access, denial of services, etc., of the company’s network or network resources. While all of this looks simple on paper, managing a network isn’t so straight forward; complications can arise from legacy systems, improper configuration, kludgy integration, time management issues, understaffed organizations, the pace of technology change, and much more. During MISTI’s Network Security eSummit, sponsored by ForcePoint, our speakers will share guiding principles for how organizations can get a better handle on managing the security of their company’s networks.
Applications have become the technological underpinnings which enable employees to do their jobs faster, more accurately, and with greater ease. Applications have become so ubiquitous within organizations that most employees don’t even consider the tools with which they are working “applications” at all, rather, that spreadsheet, that portal, that project tracking system is just a part of getting things done. The average organization uses 1,175 applications, and 33% of those applications are considered “mission critical” yet injection flaws have remained on the OWASP Top 10 guide for years. The fact is, in today’s fast-paced business environment, developers are rewarded for building cutting-edge, user-friendly applications that can be rolled out quickly. Security takes a backseat to deployment. Attend MISTI’s Application Security eSummit to hear from experts how security teams can work more closely with development teams—whether you want to start a DevSecOps program or just build better relationships through which security can become “baked in” to the development lifecycle.
Cloud security is re-emerging as a critical area of concern. For a time, security teams scrambled to bolt on security to third-party software, worrying that the data was outside owners’ control. Now, a new architecture is emerging, one in which companies have the opportunity to bake security into critical apps and cloud storage from inception. With automation and Cloud Access Security Brokers leading the way, there is an opportunity to make our systems and data more secure than ever before. We had this chance with virtualization and missed the boat; this time, will you hop on board or let cloud security float on by?
Security pros know that “compliance” doesn’t equal “security.” But we also know that compliance drives many security decisions (and investments), and provides the foundation upon which excellent security processes and controls are built. When auditors come knocking, no management team wants to hear that security didn’t meet compliance requirements.
Register for MISTI’s March 2nd Audit & Compliance eSummit to learn how you can leverage compliance mandates to reduce risk and keep pace with the ever-changing threat landscape.
Increased employee mobility continues to drive enterprise concerns about mobile security. Analysts predict that more than 12 billion mobile devices will be in use by 2018, and the security of those devices is largely in the hands of users, carriers, and manufacturers. Historically, carriers and manufacturers are slow to push updates to end users; end users, for their part, neglect to update devices, don’t configure the most secure settings and are more prone to downloading malicious apps or clicking on malicious links from a mobile device than on a laptop or desktop.
Attend MISTI’s Mobile Security eSummit to hear from industry leading experts about the best tools and techniques to help you overcome your mobile security challenges.
It's not enough to aggregate log data and hope for the best; threat intelligence is about collecting, analyzing, and contextualizing threat data from across the web, between like organizations, and from internal sources. MISTI's Threat Intelligence eSummit features insight from leading organizations and threat practitioners that share their tactics when it comes to harnessing the power of threat intel to identify true threats and indicators of compromise before a cyber attack cripples the organization.
Identity governance was born out of necessity for compliance and audit, helping to answer the questions: How can we verify who has access to what, and understand if this is access that they actually need? However, identity governance has become so much more than that. It has become a security control, a way to help prevent insider threats, and a way to help the business, IT and audit communicate.
- Web Apps Security eSummit | June 29
Applications have become the technological underpinnings which enable employees to do their jobs faster, more accurately, and with greater ease. Applications have become so ubiquitous within organizations that most employees don’t even consider the tools with which they are working “applications” at all, rather, that spreadsheet, that portal, that project tracking system is just a part of getting things done. The average organization uses 1,175 applications, and 33% of those applications are considered “mission critical,” yet injection flaws have remained on the OWASP Top 10 guide for years. The fact is, in today’s fast-paced business environment, developers are rewarded for building cutting-edge, user-friendly applications that can be rolled out quickly. Security takes a backseat to deployment. Attend MISTI’s Application Security eSummit to hear from experts how security teams can work more closely with development teams—whether you want to start a DevSecOps program or just build better relationships through which security can become “baked in” to the development lifecycle.
- SIEM eSummit | July 13
Security information and event management (SIEM) technology is vital for detecting and managing threats. SIEMs provide centralized, real-time monitoring and historical analysis of the company’s network and applications, but the technology doesn’t work “out of the box.” For a SIEM to provide real value, it must be initially configured with attention paid to the organization’s specific requirements and threat landscape, then continually tuned to reflect the company’s evolving needs. Businesses truly need a SIEM author who can create rules, hunt for interesting data/correlations/deltas, and script responses.
Attend MISTI’s SIEM eSummit to hear best practices for choosing a SIEM, implementing and maintaining it, and how automation can play a big role in getting your log management and analysis right.
- Data Security eSummit | Aug. 3
The business world runs on data. And for many companies, the more data they can collect, the better off they feel they are. Companies use data to understand their target market, current customers’ needs and desires, potential new products and partnerships, expansion opportunities, and more. Today’s computing capabilities make it easier than ever to collect, sort, analyze, share, and use data, and so businesses forge ahead, consuming as much data as is possible.
For the security practitioner, though, more data means more opportunity for loss and misuse. Not only is security charged with protecting data inside the company’s systems (and the systems themselves), but with cloud and mobile, sensitive data is traveling in and out of devices and networks outside the security practitioner’s control.
During this Data Security eSummit, you will hear strategies for discovering, classifying, organizing, and protecting data both in- an outside of your company’s domain. Experts will share leading practices on tools, techniques, and procedures for ensuring data security at every level of the data lifecycle.
- Threat Intelligence eSummit | Aug. 24
Keeping up with cyber threats is a continual and time-intensive process. To allow the organization to operate with as little friction as possible, security, operations, and IT teams need to understand what data and systems they need to protect, who might be attempting unauthorized access, how adversaries might be approaching an attack, what tactics and techniques might be employed, and when (or if) that attack might hit. It’s a big problem, to say the least.
Cyber threat intelligence helps organizations gain a grasp on their threat landscape and respond to emerging threats more quickly and effectively. But threat intelligence is only useful if it’s real intelligence and not just data. True threat intelligence isn’t a tool, an RSS feed, or even a bunch of correlated data. Threat intelligence is product—a deliverable—which helps the entire organization understand the relevance of data found, the likelihood of an attack (based on the intelligence), and allows the security and/or ops team to take action. Attend MISTI’s eSummit on Threat Intelligence to learn how to turn your threat data process into a true threat intelligence program.
- Ransomware eSummit | Sept. 7
WannaCry, Locky, TeslaCrypt, CryptoWall—the biggest names in Ransomware have become mainstream media. Ransomware attacks have become so common, and so successful, that even your grandmother has seen or heard news about this popular attack type. With all of this attention, why hasn’t the security industry figured out how to manage Ransomware? All recommended advice seems simple enough, right? Encrypt your data. Tune your firewalls and malware protection. Back up your data. Test your backups. Patch systems. Train users. In a large, complex organization, though, while the conventional guidance is simple, implementation and integration isn’t. Attend MISTI’s Ransomware eSummit to learn how to affect real change in your organization. This isn’t about one dedicated tool or one easy technique; you’ll walk away with actionable strategies for hardening your network and creating (or refining) backup continuity and disaster recovery plans that will ensure your company is not crippled if Ransomware makes its way to a network near you.
- Identity Management eSummit | Sept. 14
A staggering amount of cybercrime is committed through credential theft followed by privilege escalation. The fact is, most user IDs aren’t very hard to intuit and passwords aren’t far behind. As a result, even if malicious actors had to brute force user credentials, they would find relatively easy exploits. But the fact is, phishing is an even easier—and more effective—way for threat actors to obtain legitimate credentials and use them to pivot through the network until they find the juicy data they want to steal, modify, or corrupt.
Many companies let identity management lapse because task lists are long and managing user credentials isn’t the most interesting part of a security practitioner’s job. That said, identity is a critical security control that must be at the top of security’s priority list. Identity and access management doesn’t have to be onerous, though, and during MISTI’s Identity and Access Management eSummit, you will hear from practitioners how to keep your IDAM on track with just a little attention and effort.
- Cloud Security eSummit | Oct. 12
Cloud security is re-emerging as a critical area of concern. For a time, security teams scrambled to bolt on security to third-party software, worrying that the data was outside owners’ control. Now, a new architecture is emerging, one in which companies have the opportunity to bake security into critical apps and cloud storage from inception. With automation and Cloud Access Security Brokers leading the way, there is an opportunity to make our systems and data more secure than ever before. We had this chance with virtualization and missed the boat; this time, will you hop on board before cloud security floats on by.
- End Point Security eSummit | Nov. 16
How many times have you heard: “The perimeter has disappeared,” as a means to explain why today’s corporate systems are so much harder to secure? Though it’s true that endpoints aren’t where they were in the 1990s, managing today’s endpoint security means organizations must have a complete understanding of all remote wireless devices—including laptops, mobile phones, and IoT devices—which connect to the network. Managing endpoints isn’t impossible (despite conventional grumbling), but it starts with a clear understanding of all assets connecting to your network, limitations and vulnerabilities inherent in different device types, and maintaining visibility into anomalies from endpoint protection tools, logs and other security monitoring solutions. During MISTI’s Endpoint Security eSummit, you will hear how leading organizations are managing endpoint security and learn what to look for when starting—or improving—your own program.
- Vulnerability Assessment eSummit |Dec. 7
Continuous vulnerability assessments are a top 5 CIS Control, yet many organizations fail to complete assessments regularly or in a systematic manner. Vulnerability assessments include scanning, monitoring, and penetration testing (and more). It’s not an either/or choice based on whether or not the organization has enough time or money. To understand your organization’s cybersecurity weaknesses (and where to improve), you must know the vulnerabilities in your tools, techniques and people; understanding just part of the triad isn’t enough. Executing regular vulnerability assessments, though, is a challenge. Many security teams do not have adequate time or budget to complete everything on the security “task list.” Attend MISTI’s Vulnerability Assessment eSummit to learn how to move these critical assessments up your priority list, what resources you’ll truly have to dedicate to make them happen and how to ensure assessments deliver the results you need to take appropriate actions that will make your organization more secure.