Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Make onsite appointment

Forums it-sa Expo Knowledge Forum E

Busting cybersecurity myths!

You hear these myths at security conferences, in the news, and from every point solution security vendor. “The attacker needs to be right just once”, “more security products means better security”, “threat actors are using more sophisticated tools” – but when examining todays cyber-attacks and defenses, are these true? In this session we are going to bust cybersecurity myths using examples from recent attacks and incidents, understand why these myths got popular, and suggest ways to counter the actual threats that are out there.

Buy trade fair ticket

You can register for this action soon.

You can register for the digital action soon.

Please come back at the scheduled date and time.

The action is currently live. Please scroll down to watch.

This action is only available onsite: Forums it-sa Expo

Add action to bookmarks and download as iCal

Join now

Note: If you continue, the contact data you provided during registration may be transmitted to the respective provider in accordance with our General Terms and Conditions.

Please log in or register in advance so that you can take part in actions or watch the action videos!

This action has already taken place. This action will soon be available as a video.

This action has already taken place. Please scroll down to watch the video.

This action has already taken place. Please login or register to watch the video.

This action has already taken place. It's not available any more.

You are in!

Your ticket / access to the action was sent to you by email.

There is a problem with the action at the moment. Please come back later or contact support.

calendar_today Tue, 25.10.2022, 10:15 - 10:30

event_available On site

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Data security / DLP / Know-how protection

Event

This action is part of the event Forums it-sa Expo

Action Video

Action description

In this session I will discuss three cyber security myths that you hear at almost every security conference. Not only are these myths misleading but they actually cause harm when it comes to how organizations can protect their networks. For each myth I will provide background and how the myth was adopted/accepted as something true. I will then go into a case study or example of such cases and finally show how SASE and ZTNA help solve these issues.

The first The attacker needs to be right only once, the defenders must be right all the time. This one is the one I probably heard the most times. This myth not only portrays an attack lifecycle as something simplistic – it is also completely wrong and misleading! I will show several examples of how attacks I have investigated actually were conducted and the steps threat actors take. To do this I will show the MITRE ATT&CK framework and paint a clear picture of an attack timeline. We will reach the conclusion that the truth is opposite – the attacker needs to be right all the time and we have many chances to detect them!

Second – The more security products – the better security. This myth originated from the “layered security” approach. The problem is that today organizations have an average of 50-80 security products and the poor SOC analysts have to sit and try and integrate products, correlate data from different systems, learn and manage many point solutions… instead of doing actual security work! What happened over the years is that instead of adding muscle – we added fat! All these products don’t help the security teams, they burden them! I will show examples of attacks that specifically targeted point solutions and went undetected. I will also show how the right architecture helps security teams as today with all the threats it’s not like finding the needle in the haystack – its finding a needle in the needle stack.

Last but not least – Sophisticated threat actors use sophisticated tools. Take a look at all the major breaches – RSA, Sony, AP, DNC, Colonial and more – the attacks were initiated with relatively simple measures! What they did is abuse privileges once passwords were collected and whether it was a supply chain vector, a direct phishing or even social engineering, the attackers were able to freely discover and move across the target’s network. We will see how attackers overcome security solutions like 2FA, Device ID and sandboxes and how the move to the cloud provides defenders the paradigm shift they need to change the way they do security ... read more