Tech Resources: Everything you need to get ahead

Hi {NAME}, The Register: Tech Resources - 27 December 2018 ### Putting the Sec into DevSecOps DevOps, the clue’s in the name: if you can get software development and infrastructure operations talking to, and working with each other, then you have resolved one of the most fundamental challenges of modern technological life. With DevOps working, you can deliver faster, become more innovative, gain market share and all end of wonderful benefits. At least, that’s the principle. Opening this line of communication is a start, but (as many organisations are finding out) the path to nirvana requires a few more stakeholders on the team. Not least security professionals, whose expertise often sits out on a limb, to be brought in only if pushed. It’s a challenge: bring security into the development cycle and progress slows; leave it out and risk increases. So, what to do? In recognition of the need to bring security into DevOps, someone somewhere has coined the clunky, yet appropriate term DevSecOps: no, we don’t like it either, but it does what it says on the tin. In this webinar we look at how to deliver on this need, covering: * Why security needs to shift left, a.k.a. the relationship between timeliness and risk * Challenges of delivering on the DevSecOps (ahem) dream * A road map for delivering security-enabled innovation * Tools, technologies and practices to help along the way So, if you’ve got burning questions about how to do DevSecOps, if you have it all sussed and want to share the goodness, or if you simply have a better name for the thing, join our panel and let’s see how far down this rabbit hole goes. Signup Now ### Five steps to dealing with the insider threat The traditional ‘defence in depth’ approach to cybersecurity is under threat — from within. Organisations can put in place all the layers of security they like, but all it takes is one rogue operator, poorly vetted subcontractor or individual looking for a shortcut, for the lot to be thrown out of the window. Of course, this is not a new problem. Areas such as data leakage protection, access management, incident response or behavioural analysis each look to identify problems before they happen. But how can organisations deal with the insider threat in a holistic fashion, and take away the risk of things falling between the cracks? And, while the fact that 99.99% of individuals are trustworthy can be of scant comfort if a breach has already happened, but how can you balance the need for pre-emptive action with intrusiveness, particularly in compliance-based environments? In this webinar, ObserveIT’s VP of International, Simon Sharp presents the five steps required for dealing effectively with the insider threat, from preparation and assessment to visibility and enforcement. On hand is our very own Jon Collins, to ask your questions and keep things real. You only know what you know, so if you feel you are out on a limb when it comes to internally motivated threats, join us at this webinar to find out the whole story. View Now ### The seven deadly sins of multi-cloud If you weren’t one of the organisations lucky enough to be shifting all of your IT onto a single cloud provider (which means, just about everybody), the chances are that you are tussling with which workloads to put where, and which to leave as they are. The idea of hybrid cloud - suggesting a single architecture across in-house and hosted resources - is proving equally elusive: the reality for many is multi-cloud, in which a number of providers are being used, each according to their merits for a particular job. While multi-cloud has emerged as a common cloud strategy, as enterprises seek to avoid lock-in and match workloads with the best provider, many implementations are struggling. Specialist DevOps consultancy Automation Logic, who have delivered over 60 major enterprise cloud and DevOps engagements to date, are well versed in the issues, from delivery challenges to unmet expectations, and are therefore in a prime position to run through the dos, don’ts and other dangers of multi-cloud delivery. In the course of their work, Automation Logic have identified seven common pitfalls which can hamstring multi-cloud adoption initiatives. In this webinar we take these from the top, as company founder Kris Saxton talks to the Reg’s Jon Collins about what makes multi-cloud adoption so hard, drilling into what can go (very) wrong, and how to get it right. So, if you are currently struggling with your multi-cloud implementation, or if you are still at the planning stages, if you have it all sewn up or if it looks like you have more questions than answers, tune in. View Now ### Mis-behaving: the Evolution of the Insider Threat Even the best organisations can suffer from occasional bouts of ‘bad employee syndrome’, in which a single bad apple can damage several barrels. Further complicating the matter, the “bad employee” may not even be deliberately mis-behaving, it could be their credentials and/or systems have been compromised. Like it or not, business as usual means dealing with the undesirable emergence of rogue behaviours, with the potential of negative impacts on both other employees, and the business as a whole. This challenge is not going to go away: as more and more companies are developing modern workforces that are mobile, offsite, and comprised of contracts. In turn, the ability to spot bad practices and actors has become more difficult than ever. The consequences can be range from general inefficiency, to financial loss, reputational, compliance and security risk across all kinds of data, including sensitive customer information. In this webinar, we speak to experts from LogRhythm, a security intelligence company that produces SIEM and UEBA products, and a security industry analyst firm Freeform Dynamics, to determine: * What is the new face of the insider threat — how do bad apples manifest themselves in today’s organisations? * What are the costs of doing nothing — how much damage is being done, day on day, and why is nothing being done? * What does a solution look like — how do best practices, tools and roles combine to mitigate the insider threat? * Where to start — what is the best approach to take an organisation from a denial state to a clear view? If you are familiar with the challenge and want to do something about it, or if you lack a clear picture of the insider threat and how to address it, tune in. View Now ### Putting the privilege back into access management Passwords. Everyone hates them, right? If you think that strings of upper and lower case characters, numerals and punctuation marks are annoying, spare a thought for the security and systems engineers who spend their days dealing with password-related breaches. So often, these can start off as relatively innocuous and straightforward password hacks, such as an email password breach. But outside attackers or malicious insiders can exploit serial vulnerabilities, taking compromised email accounts into a full-blown breach of network security. In this context, privileged accounts can be the difference between a simple network breach and a cyber catastrophe. When a single system is compromised, it is usually easier to mitigate, isolate, and eradicate the risk and restore control. When a privileged account is breached, it can lead to a major disaster, not least because it allows the attacker to impersonate a trusted employee or system and carry out malicious activity, without being detected as an intruder. Once attackers compromise a privileged account, they can roam at will through the IT environment. In this webinar, we speak to privileged access management vendor Thycotic about new research, showing how much of a challenge privileged account management is for enterprises of all shapes and sizes. We look at the anatomy of a privileged account hack, showing how cybercriminals target their victims. Most importantly, we look at what’s driving the challenges, and alongside potential tools and technologies, we consider what you can do to reduce your risk and prevent abuse of your critical information. So, if you’re looking at how to manage accounts on a by-privilege basis, or you simply want to get your head around how to slay your access management demons and don’t know where to start, tune in. View Now ### Using Open Source Libraries to Speed Development Whilst Minimising Risk Better, faster, cheaper… these are the promises of DevOps. The future of software development and operations is all about speeding up development and deployment, aided and abetted by cloud-based infrastructure, RESTful APIs and indeed, open source software. But then comes security, which requires a level of assurance. With the bad guys increasingly turning to automated efforts to hack into your systems, it’s not enough to hope that they will overlook your application or dataset (even if GDPR didn’t say you had to do something about it, which it does). There’s a general assumption around open source, which goes something like this: if anyone can see the code, then the chances are somebody has spotted any vulnerabilities, and indeed, fixed them. This is true, to an extent: the forums are full of recently discovered exploits and indeed, patches. But what if your software is still reliant on an older version? How do you know which packages are involved, and their licensing terms? The result is a blind spot/bottleneck combo, where organisations either don’t know if they are at risk, or they are slowing down their DevOps cycles trying to find out. In this webinar, we address this dilemma head on. We’ll be speaking to experts from application security specialist CA Veracode, as well as industry analyst firm Freeform Dynamics, about the state of open source security in DevOps. We review at the scale of the issue, both in terms of threat levels and potential consequences, and we consider the tools and technologies, processes and practices to assure better, faster, cheaper and secure software comes out of the DevOps cycle. We’ll look at examples of where things have gone wrong, and how they can be made right. So if you are dependent on open source for your DevOps-based delivery and you want to head off the risks before they become threats, tune in. View Now ------------------------------------------------------------------------ This email was sent to {EMAIL} You can update your preferences here: or unsubscribe from this list: Situation Publishing, The Cursitor, 38 Chancery Lane, London, WC2A 1EN, UK The Register and its contents are Copyright © 2018 Situation Publishing. All rights reserved. Find our Privacy Policy here: