Cyber Defense Magazine Special Annual Edition for RSA Conference 2021

More documents

Recommendations

Info

• Cyber Defense Forensics Analyst: Analyzes digital evidence and investigates computer security incidents to derive useful information in support of system and network vulnerability mitigation. While this is just a snapshot, each role requires extensive experience in cyber security and a combination of hard and soft skills — from software engineering and programming, computer and network forensics, network infrastructure management, and threat analysis to critical thinking, problem-solving, fast and strategic reaction, attention to detail, and the desire to learn — it’s a long list, driven by the complexity of cyber security. If you need more convincing of the human intelligence required to defend IT infrastructures, applications, devices, and users, look back at December 2020’s massive SolarWinds supply chain attack, or the Exchange vulnerabilities patched by Microsoft in March. In the case of SolarWinds, threat actors introduced a backdoor to Orion customers by modifying binaries supplied by SolarWinds in a supply chain attack that impacted more than 33,000 global customers. Following the installation of this backdoor, the attackers were able to gain access to networks of interest and leverage additional capabilities, such as compromising code signing certificates and forging authentication tokens — notoriously difficult to detect by even the most skilled security practitioners. The attack went undetected for months, enabling the threat actors to collect valuable intelligence from private companies, as well as U.S. agencies that included the Department of Homeland Security and the Treasury Department. In the Microsoft Exchange incident, attackers actively exploited four zero-day vulnerabilities in Exchange Server. This left IT teams scrambling to patch systems and required incident response experts to develop tools and techniques to assess the impact and verify integrity following the compromise. During the event, security teams had to stay on top of the advice and guidance continuously updated from Microsoft and government agencies, while racing against malicious actors who were working to weaponize the exploits for ransomware. These are both examples of security events that required deep expertise in cyber security forensics and incident response in order to act quickly and accurately to assess the impact to businesses. The reality is, your immediate, or outsourced team, should have the cyber security training and expertise to understand attack techniques, threat behavior, the scope and severity of each new threat as it arises, the potential impact to your organization, and how to react quickly and effectively to mitigate active threats or risks. Teams should also bring the skills to evaluate and manage the technologies powering an organization’s threat defense — whether that is hands-on engineering and software development or hiring outsourced experts that add this value. 76
The cyber skills gap Every aspect of an effective cyber defense requires multiple and distinct roles, yet few small and midsize businesses have the budget or cyber security knowledge and skills to build, manage, and invest in a team of in-house cyber security experts. And that often results in job requisitions for security analysts or infosec professionals that don’t fully capture all the responsibilities of the function. Or worse, a long list of IT and security requirements for just one position. Talent to fill cyber security roles is also tough to find. As an industry, we’re still facing a monumental skills gap — with research projecting that this year, there may be as many as 3.5 million unfilled cyber security jobs globally. For just a few in-demand roles, the salaries and benefits alone could translate to multiple six figure positions — but more critically, it may be hard to source skills for even one of these. Rethink your security defense When applying the right skills and technologies for a strong cyber defense, it’s key to look for the innovative solution providers that have the cyber expertise under their belt or have hired experienced cyber professionals and have continual training in place — or the service providers with security knowledge that are working with market innovators. So if your cyber security strategy isn’t giving you time back and improving your security, or you’ve outsourced your threat defense and are still overwhelmed with your ‘to do’ list, it’s time to rethink your cyber security defense. 77
Page 1 and 2:
1
Page 3 and 4:
Contents Welcome to CDM’s RSAC 20
Page 5 and 6:
CYBER DEFENSE MAGAZINE is a Cyber D
Page 7 and 8:
7
Page 9 and 10:
Regula Delivers Remote Identity Ver
Page 11 and 12:
technology. Regula Document reader
Page 13 and 14:
13
Page 15 and 16:
approach to analyzing network activ
Page 17 and 18:
What’s the architecture for a suc
Page 19 and 20:
How Cobwebs Technologies' Webint Pl
Page 21 and 22:
About the Author Udi Levy is the CE
Page 23 and 24:
23
Page 25 and 26: Over the last few months, cybersecu
Page 27 and 28: Anomalous Value” alert. This will
Page 29 and 30: 5. This incident at Oldsmar, highli
Page 31 and 32: The best part is that these solutio
Page 33 and 34: 33
Page 35 and 36: Modern IT infrastructure is a méla
Page 37 and 38: A New Era of Malware Analysis By St
Page 39 and 40: A new way to get results faster and
Page 41 and 42: 41
Page 43 and 44: ERP applications have historically
Page 45 and 46: About the Author My Name is Piyush
Page 47 and 48: Here at Axiad, we speak with custom
Page 49 and 50: Final thoughts In the age of digita
Page 51 and 52: 51
Page 53 and 54: CIEM? Looks a lot like SIEM. CIEM m
Page 55 and 56: The Cloud Permissions Gap across an
Page 57 and 58: Transformation happens fast in toda
Page 59 and 60: 59
Page 61 and 62: The Rise of Ransomware Understandin
Page 63 and 64: Consider the impact an attack like
Page 65 and 66: No other platform has ever been abl
Page 67 and 68: 67
Page 69 and 70: The cybersecurity industry was a di
Page 71 and 72: Difenda Shield: A New Approach to a
Page 73 and 74: 73
Page 75: priority — enabling remote workfo
Page 79 and 80: 79
Page 81 and 82: For decades, security companies and
Page 83 and 84: 83
Page 85 and 86: The Security Challenge of Democrati
Page 87 and 88: We also asked if they are worried a
Page 89 and 90: 89
Page 91 and 92: The downside of this approach is th
Page 93 and 94: Organizations can also pair Attivo
Page 95 and 96: Evitoken Technology A New Way to Ke
Page 97 and 98: physically located at the location
Page 99 and 100: How to Become Unattractive for Cybe
Page 101 and 102: 4. Shadow IT Shadow IT refers to th
Page 103 and 104: Why XDR is Not Enough By Guy Rosefe
Page 105 and 106: • XDR response is not granular No
Page 107 and 108: Sangfor’s Award Winning XDDR Secu
Page 109 and 110: 109
Page 111 and 112: 111
Page 113 and 114: Award Winners Welcome to the Cyber
Page 115 and 116: Cyber Defense InfoSec Awards for 20
Page 127 and 128:
Cyber Defense InfoSec Awards for 20
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
165
Page 167 and 168:
167
show all

Cyber Defense Magazine Special Annual Edition for RSA Conference 2021

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?