The OMB 21-31 requirement directs federal agencies to adopt a set of standards concerning event log management by August 27th, 2023. Specifically, event logging tier 3 requires federal agencies to invest in automation and user behavior monitoring — two critical components in any zero trust architecture. Legacy systems weren’t built for today’s perimeter-less environment, which is why having a solution that is cloud-native wil...

Join Blackboard on September 21, at 11:00am, EST for an engaging conversation where David Casaceli, Railroad Safety Specialist-Technical Training at the Federal Railroad Administration discusses how the FRA approaches training and utilizes Blackboard Learn to deliver education and training.

First defined over two decades ago, zero trust has substantially picked up steam in recent years. President Biden’s Executive Order on Improving the Nation’s Cybersecurity has taken it a step further by codifying zero trust as the Federal Government’s security architecture of choice. Nearly every agency desires to achieve zero trust, but the gap between their existing environments and the ideals they read about leave most st...

Join CrowdStrike for a deep dive into the nation-state threat landscape of Iran. Jason Rivera, Global Director - Strategic Threat Advisory Group at CrowdStrike, will give a brief on the broader geopolitical context for the latest Iranian cyber activities, an overview of the primary threat actors responsible for Iranian offensive cyber operations, and these actors’ TTPs (tactics, techniques, and procedures). He will also share mitigation...

Join CrowdStrike for a Join CrowdStrike for a deep dive into the nation-state threat landscape of China. Joshua Shapiro, CrowdStrike’s public sector threat intel SME, will give a brief on the broader geopolitical context for the latest Chinese cyber activities, an overview of the primary threat actors responsible for Chinese offensive cyber operations, and these actors’ TTPs (tactics, techniques, and procedures). He will also share...

Today, agencies are striving to improve their application security programs, while at the same time, not slowing down the development, delivery, and deployment of their software applications. Can a balance be achieved between security and an organization’s (or agency’s) daily business requirements? We know it’s possible. Application Security (AppSec) Awareness Programs that are specifically focused on the development communit...

The recent shift towards DevOps makes it clear that Federal agencies are moving forward with adopting this operational model to facilitate the practice of automating development, delivery, and deployment of mission-critical software. While the traditional idea of a software release dissolves into a continuous cycle of service and delivery improvements, agencies find that their conventional approaches to software security are having a difficult...

One of the biggest threats to maintaining Continuity of Operations is a DDoS attack. Tom will discuss: (1) the evolution of modern DDoS attacks; (2) technical vulnerabilities of on-premise devices such as VPN gateways, firewalls and application servers to DDoS attacks; and (3) demonstrate the technical features of Arbor Edge Defense that enable it to be the first and last line of an automated perimeter defense

The flexibility and ease of deployment of SD-WAN has accelerated its deployment as new network edges emerge for large enterprise and government entities as MPLS continues to be prevalent within the Federal ecosystem. Tory will discuss: (1) Remote site monitoring solutions for MPLS; (2) Utilizing vSTREAM Family of Virtual Appliances for maintaining visibility in SD-WAN environments; (3) Deployment options for vSTREAM within uCPE of SD-WAN or Pu...

Today, even the largest purpose-built security appliances can't decrypt all SSL/TLS traffic without impacting network performance. And with encrypted traffic increasing significantly, you have an inspection gap that limits the effectiveness of many security features. If you virtualize the security stack, you create an architecture that is completely flexible to the features and inspection you need. But, it must be turnkey so you can streamline...