8 ‘Don’t Miss’ Sessions at RSAC 2024
As you get ready to pack your bags and head to RSA next week, we at Beyond Identity thought we would offer our picks for must-attend talks that stand out for their insightful, forward-thinking content. From exploring the practical applications of the CISA Zero Trust Maturity Model to the cutting-edge realm of passwordless authentication, these sessions are set to spark conversation and inspire action. Whether you're looking to enhance your detection engineering toolkit, understand the nuances of modern authentication threats, or discover cost-effective security solutions, these sessions are the ones we think you can’t miss.
Beyond the Pillars: The CISA Zero Trust Maturity Model in Practice
Session description: The CISA Zero Trust Maturity Model, with its five security pillars, is the de facto way to measure Zero Trust status and progress. However, real-world projects must take a cross-functional view, and deliver both business and security value. Join us for an open discussion of how to use and adapt this model in practice. We’ll discuss real-world examples of challenges, benefits, and approaches.
Why we think it is noteworthy: Zero Trust Maturity Model is often overlooked. Private sector security teams often don’t realize the value of CISA resources, but they are broadly applicable now.
A Blueprint for Detection Engineering: Tools, Processes, and Metrics
Session description: In the evolving landscape of cyber threats, effective detection engineering is key to safeguarding digital assets. This session will zero in on the blend of open-source tools and methodologies that define state-of-the-art detection engineering. Delve into ideation to action, measuring success through critical metrics, threat actor coverage, emerging threats, and MITRE ATT&CK coverage.
Why we care about it: We love thoughtful talks on systematic ways of looking at threats and risks based on data.
Going Passwordless for Employees: Secure Modern Authentication at Work
Session Description: Passwords are the main cause of security breaches and are just a hassle to manage. Everyone would like to get rid of them. But how? This session will discuss how Accenture transitioned to passwordless and the story of their journey. Learn how passwordless technologies work, the reasons for moving to this game-changing level of security, and key learnings from our experience.
Why we’re going: No offense to Accenture, but if they can do it, so can you…and anyone. In all seriousness, passwordless is a trend, not a fad, and Global 2000 organizations are rapidly adopting the tech, and so should everyone else.
Beginner’s Guide to Bypassing Modern Authentication Methods to SSO
Session description: This session will explore the strengths and weaknesses of passwordless authentication, WebAuthn protocol fundamentals, and utilize famous attack tactics such as MITM and session hijacking to bypass different authentication mechanisms. Watch how to steal credentials from known federation providers such as Azure AD and Pingfed and get current mitigation suggestions for both application managers and developers.
Why we like it: We see informing people about the risks of MFA Bypass as God’s work and we’ll even compliment competitors if they do it.
Yubico: Unlocking the Future: Navigating Passkeys to Passwordless Security at Scale
Session description: Passkeys offer a more secure alternative to passwords and a road to modern passwordless authentication. While there are many roads to a passwordless state including Smart Card/PIV and FIDO-based approaches, one size may not fit all. Learn about the benefits of passkeys in the landscape of passwordless options and life cycle considerations for achieving a successful passwordless rollout at scale.
Why it's on our radar: Security keys from the likes of Yubico began the conversation on phishing-resistant approaches to authentication. We want to hear more.
How to Take Cookies from the Cookie Monster: Genesis Market Takedown
Session description: In April 2023, a global law enforcement task force disrupted the infamous Genesis Market, the largest browser cookie marketplace. This session analyzes how cybercriminals used the marketplace to bypass multi-factor authentication and fake victims' identities. Attendees will gain insight into the work Trellix did to assist Law Enforcement in the global takedown.
Why we think it is a 'must see': While WebAuthn and soft client that use local hardware like TPMs and TEEs can now provide equal or better protection, it is still worthwhile for security professionals to understand use cases where security keys are of use.
The State of Authentication 2024: The Global Progress Past Passwords
Session description: Join the FIDO Alliance and its industry stakeholders to learn about the latest developments in the global movement to passwordless technology for better security and user experiences. Attendees of this seminar will learn about the latest with FIDO and passkeys, hear case studies and achieved benefits from orgs offering passwordless sign-ins, and get best practices for their own implementations.
Why we think it's important: We love FIDO Alliance, and you should too. Passwordless is finally taking off with passkeys, and everyone needs to pay attention to these technologies.
Surf Security: Enterprise Zero Trust Browser™ - Better Security, Simple, Quick, & Lower Spend
Session description: Surf Security: Enterprise Zero Trust Browser™ - Better Security, Simple, Quick, & Lower Spend
Why we think it is a ‘don’t miss’: Beyond Identity loves new technologies and approaches that support a post-perimeter security model, and Surf with Enterprise Browsing is just that. VDI, browser isolation, and enterprise browsers are viable approaches for some specific use cases, and people should be aware of when and why to use them.
Find the full RSA agenda here.
%20(2).png)
