This page is fully or partially automatically translated.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Make onsite appointment

Forums it-sa Expo Knowledge Forum A

Protecting enterprises and KRITIS from business disruption caused by cyberattacks

Skills shortage in IT security: coManaged SOC/SIEM

Buy trade fair ticket

You can register for this action soon.

You can register for the digital action soon.

Please come back at the scheduled date and time.

The action is currently live. Please scroll down to watch.

This action is only available onsite: Forums it-sa Expo

Add action to bookmarks and download as iCal

Join now

Note: If you continue, the contact data you provided during registration may be transmitted to the respective provider in accordance with our General Terms and Conditions.

Please log in or register in advance so that you can take part in actions or watch the action videos!

This action has already taken place. This action will soon be available as a video.

This action has already taken place. Please scroll down to watch the video.

This action has already taken place. Please login or register to watch the video.

This action has already taken place. It's not available any more.

You are in!

Your ticket / access to the action was sent to you by email.

There is a problem with the action at the moment. Please come back later or contact support.

calendar_today Tue, 25.10.2022, 15:00 - 15:15

event_available On site

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Cloud Security Endpoint Protection Managed Security Services / Hosting Network Security / Patch Management Secure Homeoffice SIEM / Threat Analytics / SOC

Organizer

Trustwave

Event

This action is part of the event Forums it-sa Expo

Action Video

Action description

What do CIOs see as the biggest threat to positive business performance in 2022 and how should it be addressed?

According to a survey of 2650 professionals in 89 countries by risk insurer Allianz AGCS, managers and security professionals see business interruption from cyber attacks as the biggest threat

Even the best IT security precautions do not protect 100% against successful attacks
The question has long ceased to be whether an attack is successful, but rather when and, more importantly, how quickly to stop it!

Which scenarios most often lead to successful cyberattacks?

-Unsecure emails are still the number one vulnerability for cyberattacks:
The most common attack vectors against often insufficiently trained users are business email compromise, phising, or contaminated attachments
-Comprised, mostly unpatched systems continue to be a serious problem
-lack of security in the supply chain - the door is then wide open for attackers, as in the case of SOLARWINDS.

What are specific measures that an MSSP like Trustwave recommends their customers take against business interruptions caused by cyberattacks?

The basics:
A secure email GW, ideal as a managed service with a high protection factor!!! No Ransomware
Daily backups, network segmentation of important systems and of course patch management.
Supporting you should regularly test with vulnerability scanning if patches are rolled out
Least Priviledge IAM! Who needs access and is he also the right user????

Further steps:
Implementation of a framework like NIST ->Definition and monitoring of security policies, plus regular pentests.
Regular risk assessment of the supply chain, etc.
Sign a DFIR retainer with a provider early on (Digital Forensics and Incident Response), this is the only way to have direct access to forensic experts within a few hours who can detect malware, secure forensic evidence and defend against attacks in real time.
To complement this, disaster recovery planning workshops, table top exercises and purple teaming should be conducted on a regular basis.
And finally: rolling out an EDR platform as a managed service, combined with threat hunting.
Only after that: Red Teaming (White Hacking) for ultimate verification of all measures.

What distinguishes a pure MDR provider from an MSSP?
Pure MDR providers do not have a holistic view on all assets of the customer, or vulnerabilities beyond the endpoints and usually do not offer DFIR, Red Teaming, etc. An MSSP can provide everything from consulting to vulnerability scanning to managed SOC.
A managed SOC can flexibly include services such as Tier 1-2-3.
This also includes the setup and operation of a SIEM solution like Splunk, or MS Sentinel. If alerts are reported here, the MSSP can then "respond" on the customer's EDR platform depending on defined use cases and playbooks and, for example, isolate a compromised host in real time. ... read more