Many thanks to all our presenters and attendees who made this Content Week a success!
Use the recaps below to revisit a compelling discussion or experience a session you weren’t able to attend live. And be sure to join us for our upcoming close-door Virtual Roundtables for peer-led discussions.
June 14th, Day One
Evolve Beyond Traditional ERP Vendor Security Patching to Proactively Reducing Exposure
Rimini Street’s Anne Plese (Senior Director, Product Marketing) and Gabe Dimeglio (VP, Global Security Services) kicked off the week. Anne and Gabe shared their own market observations as well as top-of-mind concerns from their client base, and outlined the economics of traditional vendor patching. They then offered line-of-sight to specific deployment innovations resulting in more proactive protection of back end systems, which prompted a robust Q&A session.
- From the Q&A:
“Obviously, database workloads are very heavy, that’s why they’re typically on-prem. Then, you’ve got workloads like dev-and-test that maybe lend themselves to cloud. When you have an ERP workload it’s latency-senstitive…you’re going to have to look at the latency costs and the compute costs too.” (Anne Plese)
“It’s important to understand what all the options are–the shared responsibility model is fantastic–but you have to understand very clearly what you have control over versus what they do, and then you have to account for that through your ISMS.” (Gabe Dimeglio)
Getting Offensive: Continuous Security Validation’s Role in Protecting against APT and FIN Attackers
Dave Klein (Director, Cyber Evangelist at Cymulate) continued the proactive message of our kickoff session with his call for an offensive approach to security validation. Dave addressed crucial business and technical CISO pain points: vendor crawl, value for spend, optimization, and risk conveyance, as well as the ways in which traditional security validation falls short. Dave then provided a deep-dive analysis of recent attack scenarios and customer use cases as a framework for understanding the rationale for continuous validation.
“When you look at the terrain, both from an enterprise perspective and from an attacker’s perspective, both parties are being driven by digital innovation.”
June 15th, Day Two
Closing the Gap Between Endpoint and Identity Protection
Tony Cole (CTO, Attivo) led off Day Two with an insightful discussion about attacks involving active directory compromise and the significance of this type of threat in light of the massive perimeter changes precipitated by WFH. Tony addressed the connection between AD vulnerabilities and poor cyber hygiene–entitlement creep, overprovisioning, orphaned credentials–and shared several key pillars of AD protection.
“Ransomware today is targeted–not like in previous years when it was opportunistic: going after specific vectors simply looking for any vulnerable system. Instead, today they’re picking companies, they’re picking individuals, and then going after specific information.”
How Moving to the Cloud has Changed Security Strategy Forever
Nathan Wenzler (Technical Security Director, Tenable) closed out this Content Week with a compelling argument: that many best practices from the last 20 years are still inherently sound, and can and should be repurposed for modern environments. Nathan led us through the effect of such adaptations on the project triad and the necessity of metrics to a mature and accurate process.
“The practices are still sound but we need to evolve because, frankly, the environments we’re managing today demand it. This is the time to really rethink what we’re doing with security.”