Supply Chain Security Summit

Supply Chain Cybersecurity Summit

Supply Chain Security Summit

In the wake of the Log4j, SolarWinds and Kaseya mega-hacks that continue to unravel, software supply chain security and fragility is again on the front-burner for enterprise security decision makers.  The complexity and opaqueness of the software supply chain has led to nation-state compromises and major worries that we’re only seeing the tip of the iceberg.

Watch Sessions on Demand

This virtual summit will examine the current state of supply chain attacks, the weakest links along the way, the biggest supply chain hacks in history, and best practices for managing this massive attack surface. (Login to watch videos on demand)

Platinum Sponsors

Recorded Future

Apiiro

Gold Sponsors

RiskRecon

Synopsys

Process Unity

GitGuardian

Argon - an Aqua Company

Abnormal Security

Eclypsium

Cyvode

Click Here to Login and Watch

Attend the session to understand the challenges that vendor managers have to deal with today and learn how threat intelligence can be applied to improve the security of not only your organization, but the security of your third party suppliers.

Key points include:

  • What challenges do we deal with with third party suppliers today
  • What insights can threat intelligence provide to improve your decision making
  • When can I use threat intelligence in the supplier lifecycle?
  • What questions could/should I be adding to my third party supplier questionnaire?

Click Here to Login and Watch

While Software Supply Chain attacks have gained attention, defensive frameworks are solely focused on code to deployment and cloud systems.

The software life cycle begins with conception and design. Although agile methodologies have been merging code writing with design, there is a blind spot that is all too often ignored by the security industry: the design stage.

Learn how we can shift our approach to software supply chain security by implementing Security at the Design principles and addressing risks earlier in the SDLC.

In this highly anticipated discussion, CISA's SBOM champion Allan Friedman and YL Ventures’ Andy Ellis joins JupiterOne’s CISO Sounil Yu to dig deeper into the U.S. government's response to supply chain attacks, the push for mandatory software bill of materials (SBOMs), the value and limits of ingredient lists for modern software stacks, whether or not they should be exposed publicly, and how defenders should prepare for the inevitable mandates.

Click Here to Login and Watch

Click Here to Login and Watch

Supply chain issues are no longer only centered on material goods, digital supply chains are under attack by cybercriminals every day, with cyber events such as ransomware attacks or third-party data breaches threatening to shut down operations at any moment.

To gain complete visibility into threats facing your digital supply chain, you need a full view of your vendor ecosystem that can provide you with real-time, actionable intelligence allowing you to focus on the risk that matters most to your business.

During this session, we will discuss how to:

  • Utilize inherent risk practices to build prioritization
  • Automate your vendor assessment process for faster and more secure onboarding
  • Produce actionable risk remediation plans custom-tuned for each of your vendors

When approaching software supply chain security, managing the risk related to open source usage has always been the very first consideration for builders of applications. Several notable vulnerabilities, such as Apache Struts and Log4j justify that consideration, demonstrating just how widespread the downstream impacts can be. However, managing open source risk gets increasingly difficult the more ubiquitous it becomes, and organizations become more complacent as they focus on hardening other nodes of their software supply chain.

Join us as we elevate the conversation beyond tool implementation, and discuss the importance of installing an open source risk management program in order to protect your organizations, and your consumers, from supply chain threats. We will discuss:

  • Implications of open source risk
  • Obstacles to effectively managing open source risk
  • The necessary people, processes, and tools to overcome those obstacles
  • Click Here to Login and Watch

Click Here to Login and Watch

What's the root cause behind the spike in supply chain attacks? Join Eran Orzel, co-founder of Argon Security (an Aqua Security company) as he breaks down the most dangerous supply chain attacks, their entry points within the software supply chain, and how security leaders are rethinking this critical part of the development infrastructure to improve their security posture.

Each day organizations face new threats that jeopardize their critical networks, and many of these originate from breaches on third party suppliers or partners. Therefore, gaining visibility into the security risks across the supply chain is a growing priority among cybersecurity leaders. This requires a radical overhaul of existing third party risk management strategies. Next-generation cybersecurity practices will require organizations to align both internal and external cybersecurity risk processes to create a standardized process to facilitate effective third-party cyber-risk mitigation. Join us for a 30-minute session as we explore the intersection of third-party risk management and internal cybersecurity practices, and discuss how to build a risk-based security program that protects against supply chain risks.

Click Here to Login and Watch

Click Here to Login and Watch

How do you know when that invoice from your vendor is legitimate, and when it could be a $183,000 mistake? With a rise in invoice fraud, phony billing account updates, and RFQ scams, your vendors could be the biggest threat to your security.

Join us for a session with Mike Britton, CISO at Abnormal Security, where he’ll discuss:

  • What supply chain compromise is, and why it should be your largest email concern
  • How these attacks use social engineering and hijacked accounts to trick your employees
  • Why traditional security solutions cannot block these costly attacks
  • What you can do to prevent them before they reach user inboxes
  • With 30% of organizations receiving a supply chain compromise attack each week, this is not a threat to be taken lightly. Join us for the session to learn how you can stop the threat before it impacts you.

How leaked credentials from organizations gifted adversaries the keys to the supply chains

In this presentation, we are going to examine how adversaries exploit leaked secrets to launch or elevate supply chain attacks. The issue of leaked secrets such as API keys, credential pairs and security certificates, is one that has created an overwhelming security weakness in many organizations. We will use examples of successful supply chain attacks to show how adversaries were able to leverage secrets to both, gain initial access to the supply chain and how they can use them to exploit end victims.

We will also examine how the economics of supply chain attacks have completely changed not just the amount of resources adversaries invest into an attack but also how it has changed the type of end victims that can be affected. Finally, we will review security measures we can take as organizations, individual developers and the community at large to harden our supply chains and avoid simply being a passenger.

Click Here to Login and Watch

Click Here to Login and Watch

Supply chains contain a myriad of single points of failure. In this presentation, we will explore the alarming trend of attackers targeting the obscure layer known as firmware and observe how this impacts the entire supply chain of common devices. We will ask uncomfortable questions about how end-users actually know anything about the supply chain that brought the device they see before them. Finally, we will answer those questions by introducing a realistic path to identify, verify, and fortify the hidden firmware and hardware attack surface inside your devices.

This talk will include free resources to help you continue to understand and manage the growing firmware attack surface.

GitHub Actions is an increasingly popular DevOps tool mainly due to its rich marketplace and simple integration.

As part of our research of the GitHub Actions security landscape, we discovered that in writing a perfectly secure GitHub Actions workflow, several pitfalls could cause severe security consequences. For example, many developers would use event input data to improve their workflow process. However, this data could be controlled by an attacker, and potentially compromise the build process. Unless the developers are proficient in the depths of GitHub best-practices documents, these workflows would have mistakes. Such mistakes are costly - and could cause a potential supply-chain risk to the product.

During the talk, we'll walk you through our journey on how we found and disclosed vulnerable workflows in several popular open-source tools, delved into GitHub Actions architecture to understand the possible consequences of these vulnerabilities, and present what could be the mitigations for such issues.

Click Here to Login and Watch

At the very highest levels, the U.S. government has called urgent attention to major security gaps in software supply chains, especially around open-source software dependencies, firmware development, and technologies powering CI/CD pipelines. From executive orders to mandates around security patches and zero-trust network implementation, supply chain security is a front-burner issue for everyone.

In this session, high-powered cybersecurity leaders from Mastercard and McDonald's will examine the challenges facing software supply chains, the value of SBOMs (software bill of materials), navigating open-source software dependencies and dangerous blind spots in modern computing.

Click Here to Login and Watch

Watch this new video that discusses how the RiskRecon platform allows organizations to take a data-driven approach to third-party risk management. During this product demonstration, we will take you through asset discovery, issue prioritization, and the risk priority matrix within the RiskRecon portal.

Click Here to Login and Watch

Ransomware is the dominant topic in cybersecurity over the last few months. Just one ransomware attack on a third-party supplier is all it takes to set off a devastating ripple effect—and a public frenzy. Defenders need full, continuous visibility across their supply chain to disrupt third-party extortion attempts and worst-case leapfrog scenarios.

Join us for this live product demonstration to find out how you can use third-party intelligence to instantly gain visibility into the risks your third-parties face.

You’ll learn how to:
• Use intelligence to instantly assess your third-parties across nine key risk categories
• Identify ransomware attacks on your third parties in real-time
• Respond quickly to new risks with detailed evidence and context
• Align third-party risks to the NIST Cybersecurity Framework
• Complete risk assessments 50% faster

Click Here to Login and Watch

Secrets including API tokens, passwords and other authentication credentials are the crown jewels of your organization granting access to most protected systems. Yet storing secrets inside git repositories happens more often than security teams would like to admit. Many organizations have tried to solve this issue by investing in centralized secret management solutions and policies but the detection component has been overlooked and exposure remains a problem. In this session from GitGuardian, you will learn how a solid automated detection solution can help you secure your organization by reducing your level of exposure to secret sprawl. Empowering both your development and security teams to identify these policy breaks in real-time and drastically facilitating their remediation efforts.

Click Here to Login and Watch

Join Argon Security, an Aqua Security company and the market leader in Software Supply Chain security, as they demonstrate how to bridge the gap between supply chain security theory and practice, how they’re helping top enterprises prevent supply chain attacks, and what you should look for when evaluating solutions.

Click Here to Login and Watch

SecurityWeek's highly acclaimed Supply Chain Security Summit is a must-attend event for CISOs, security directors, software developers, threat hunters and vendor relationship management specialists.

Event Details
  • Start Date
    March 23, 2022 10:30 am

    EST

  • End Date
    March 23, 2022 4:00 pm

    EST