ModernSecTools

Cyber Defense program is paramount for an organization’s healthy security posture for timely detection of security events and by responding to them in an appropriate and swift manner. The program requires adequate support from top management, each and every employee of the organization and support from other cyber security functions and for it to succeed. Also, the program will succeed when the three pillars of Cyber Security i.e., People, Process and Technology collaborate well and deliver their cybersecurity responsibilities to the fullest potential.

We shall do a deep dive analysis on each of these pillars, what are their Strengths, Weaknesses, and Opportunities for Improvement with respect to Cyber Defense.

The technology pillar is mostly comprehended with Defense in Depth strategy which is widely adopted by many organizations. When a wide array of security technology controls are deployed into the environment, they will come up with their own set of challenges. One such kind of a challenge is alert fatigues and false positives. Fine tuning the technology platform to filter out all the noises, unwanted alerts and generate only high-fidelity alerts is a daunting task for the organization and its Cyber Defense team. Which tools can help here and what are the best practices to be employed by organizations.
Cyber Crisis Management Process: Another example of combining the people and processes where many organizations lack that coordination.
Threat modelling and Threat profiling: Another good example which combines the technology and process. The organizations must identify what their priorities are and how they can protect its crown jewel resources from cyber threats.
Tools to Highlight: DNS Security, EDR, NDR, Proxy and Web Filtering, Threat Intelligence, Threat Hunting tools, Incident Response and Forensic Tools & SIEM.

As datacentre become more complex, world is slowing moving away from Perimeter Centric model, where we define the boundaries between trusted and untrusted to Data Centric Security Model with distributed Architecture. Malicious Hackers always find ways and opportunities to exploit the environments to deliver destructive attacks at Workloads and applications. Organisations must stay aware of trends and challenges within their Datacenter Security and cloud applications to make sure they understand how modern applications are being exploited. With more complex applications, Kubernetes usage and public cloud dependencies, the traditional “trusted perimeter” and “secure Boundaries” has been dissolved. The Session will provide an insight on:

How Zero Trust Model is evolving the Security Space away from Traditional Perimeter centric approach.
Role of App-Centric Multi-Cloud Network Visibility and AI based Analytics.
VMware offering with its NSX SDFW and Advance Threat Protect Model to achieve it all.

All Chapter Members to actively participate in open discussion.

Organisations are embracing the clouds for agility and cost benefits. Since have a long-established IT infrastructure and they prefer cloud migration as a means to gradually adopt the cloud.

Consequently, the security tooling too are expected to be extended to cover the cloud landscape. However, this represents unique problems as most of the enterprise security tooling needs additional engineering to support hybrid cloud usages.

For example, Vulnerability Management (VM) is best achieved by agent-based scanning and in the cloud world installing agents in cloud VMs is a unexpectedly winding path. With VM images being updated by cloud providers and new images created by cloud consuming teams, it is difficult to enforce the concept of “golden image”.

Furthermore, cloud usage necessities introduction of new tooling/processes to address cloud security. A prime example being that of cloud posture management.

In this talk we want to summarize the work done in NXP Semiconductors on how we have embraced enterprise security tooling for VM and Endpoint Protection for the clouds while integrating cloud native security tooling to enterprise systems for unified oversight and security.

Tools to Highlight: Rapid7 InsightVM, Symantec endpoint protection, CSPM, LZ

Outlining the implementation of Zero-Trust within the global corporate network of VMware, emphasizing the efficacy of this security model in combatting threats from any source. This compelling piece highlights steps taken to ensure a safe and measurable transition to Managed devices, Blast chambers, segmented pods and untrusted office environments.

Also, on how VMware IT Security team implemented and operationalized CarbonBlack EDR solution across our enterprise of 80,000 devices, and the valuable lessons we learned from this global deployment at scale. Join us and gain insights on strategy for operationalization of Zero Trust and how to rapidly deploy and drive adoption of VMware Carbon Black Cloud within your own security operations framework, and effectively protect your organization from dynamic threat landscapes

In an ever-evolving world of cybersecurity, staying clear of potential threats is crucial for any organization. With the growing complexity and frequency of cyber-attacks, organizations of all sizes are facing an unparalleled challenge in safeguarding their data and systems from malicious actors. Security assessments are typically focused on an organization’s internal environment for identifying security vulnerabilities and measuring the effectiveness of existing security measures. However, it is equally important to adopt ingenious methods to carry out these assessments. One such approach is by incorporating OSINT analysis into the existing assessment approach to allow security professionals to understand their organization’s exposed attack surface better and prioritize their security investments accordingly to protect the most critical assets and reduce the risks associated with them. Mapping the OSINT techniques against the cyber kill chain would help security professionals get a holistic perspective in understanding the organization’s potential vulnerabilities and devise targeted mitigation strategies. Through the cyber kill chain methodology, security professionals are informed of the attacker’s perspective and tactics used across the phases of performing a cyber-attack, from initial reconnaissance to final exfiltration. Several examples will be highlighted of how OSINT could be used in different stages of the cyber kill chain, including reconnaissance, weaponization, and exploitation, emphasizing the importance of integrating OSINT into security assessments to stay ahead of potential threats and protect against cyber-attacks.

Tools to highlight: Shodan, Censys, Wappalyzer, Google Dorks, Maltego