Today’s most advanced nation-state adversaries, to include groups originating from within Russia, China, Iran, and North Korea, are engaged in cyber operations that blur the lines between nation-state objectives and organized crime. Whereas many nations have difficulty controlling cyber-crime originating from within their borders, the above-aforementioned nations are complicit with several major organized crime groups. Accordingly, the p...

STIG & CIS compliance is tiresome and tedious work adding weeks and months to any ATO or RMF accreditation timeline. This crucial IA obligation is often underestimated and will cause program cost overruns which can hurt fixed price engagements. Automation allows System Integrators to claw back costs and accelerate deliverables – ConfigOS allows to rapidly gain compliance across low and high-side infrastructure, including air-gapped a...

The threat of supply chain compromise represents a particularly nefarious issue for defenders, as it involves the compromise of a trusted third party through which the threat actor then subsequently compromises additional victims. To complicate things even more, the subsequent victims of these supply chain attacks are often unaware that they have been attacked in the first place due to the trusted nature of the relationship between the 3rd par...

Join CrowdStrike for a deep dive into the nation-state threat landscape of Iran. Jason Rivera, Global Director - Strategic Threat Advisory Group at CrowdStrike, will give a brief on the broader geopolitical context for the latest Iranian cyber activities, an overview of the primary threat actors responsible for Iranian offensive cyber operations, and these actors’ TTPs (tactics, techniques, and procedures). He will also share mitigation...

Join CrowdStrike for a Join CrowdStrike for a deep dive into the nation-state threat landscape of China. Joshua Shapiro, CrowdStrike’s public sector threat intel SME, will give a brief on the broader geopolitical context for the latest Chinese cyber activities, an overview of the primary threat actors responsible for Chinese offensive cyber operations, and these actors’ TTPs (tactics, techniques, and procedures). He will also share...

Financially motivated transnational criminal groups, primarily operating out of eastern Europe, Russia, and Iran have found ransomware to be a powerful tool for profit generation. The targeting of U.S. state and municipal governments, healthcare institutions, critical infrastructure providers, and our nation’s universities coupled with the rise of big game hunting, ransomware as a service, and increased collaboration between adversarial...

Across the globe, elections are under threat of manipulation and interference. Adversaries increasingly attempt to use offensive cyber operations to directly affect political outcomes. From intelligence collection and “hack and leak” campaigns to election infrastructure targeting, nation-state adversaries around the globe see election interference as a means to advance their national security and political interests. Although diffe...

In the upcoming months, the Cybersecurity Maturity Model Certification (CMMC) ecosystem will go live, turning the CMMC into a contractual reality for thousands of companies comprising the Defense Industrial Base. Are organizations ready? What should commercial assessors expect to find during their reviews? How is the sector performing when it comes to cybersecurity? This session spotlights new BitSight research into Defense sector cybersecurit...

This brief will provide broader geopolitical context for the latest DPRK cyber activities, an overview of the primary threat actors responsible for DPRK offensive cyber operations, and these actors’ TTPs (tactics, techniques, and procedures). We will also share mitigation strategies that can be leveraged for cybersecurity and defensive operations.

Today, agencies are striving to improve their application security programs, while at the same time, not slowing down the development, delivery, and deployment of their software applications. Can a balance be achieved between security and an organization’s (or agency’s) daily business requirements? We know it’s possible. Application Security (AppSec) Awareness Programs that are specifically focused on the development communit...