Micro Focus - Security Social Media and Communications Manager
Cynthia Leonard is the security social media and communications manager at Micro Focus. Special help for this article provided by Brent Jenkins, Charles Clawson, Kent Purdy, Rob MacDonald, and Gil Cattelain, all of Micro Focus.
Now that Micro Focus has successfully completed the spin-merge with HPE Software, we wanted to highlight our expanded security portfolio via our first annual Micro Focus Cybersecurity Summit 2018, which took place in Washington, DC, on September 25-27, 2018. This unique Summit allowed face-to-face interaction with our product managers and security leaders such as Micro Focus CMO John Delk and Former FBI Cybersecurity Special Agent, Chris Tarbell. Many like-minded customers heard best practices, solution roadmaps and cybersecurity topics critical to their organization/agency.
Secure development, security testing, and continuous monitoring and protection of apps
Micro Focus’ Lucas von Stockhausen shared the stage with Fortify customers for “Shifting security left: bringing security into continuous integration and delivery.” While discussing what shifting security left means, the team pointed out that it’s NOT about moving current activities left, changing the location of the stop, or controlling development, but more about changing how you do security, compromising in order to reduce risk, and finally, becoming a part of development. Application Security teams not only feel frustrated, ignored and left out, but are looked at as roadblocks, and being anti-business. During this presentation, however, the team discusses how shifting left correctly can change all of that.
Detecting known and unknown threats through correlation, data ingestion and analytics
Marius Iversen, a platform engineer for a major telecommunications company located in the Netherlands, presented “ArcSight is an open architecture for SecOps.” He discussed the need for his organization to abstract event data related to their customers into a custom web driven portal. In order to accomplish this, they use APIs (Application Programming Interfaces) extensively, which allowed them to present visualizations based on data pulled from many different security tools into a single customer dashboard.
Discovering an integrated approach to Identity and Access Management
Today CISOs place IAM concerns on top of the list because continuously connected users need swift access to business processes at a reduced risk. In the session “Access management: The glue between business value and security,” Micro Focus’ Kent Purdy and Chan Yoon talked mostly about these three access management trends: organizations are looking for more than just passwords; risk-based access is on the rise; and one size authentication no longer applies. They also pointed out some deployment gotcha’s, as well as some unique approaches that Micro Focus takes on solving these and other IAM-related problems.
Ensure all devices follow standards and compliance to secure your
A significant part of any IT department’s day includes managing and maintaining security and compliance standards across a wide array of endpoints while enabling access to corporate applications and resources. The ZENworks portfolio includes a host of UEM products that consolidate management into a single solution. The session, “Automating IT management processes across device lifecycles with ZENworks: present and future,” with Micro Focus’ Jason Blackett and Gil Cattelain, looked at endpoint management needs and how ZENworks helps address them.
The “Securing your devices and data with ZENworks” session hosted by Micro Focus’ Darrin VandenBos considered what happens when security incidents happen, such as a stolen corporate laptop or smart phone, and how IT teams can best tackle security through their ZENworks implementation. Specific topics included patch management, containerization, data encryption, VPN enforcement, and other specifics that are critical to secure an enterprise’s IT assets.
Exploring data-centric security solutions that safeguard data throughout its entire lifecycle
In the session, “Voltage data-centric security innovations to expand protection—in use, motion and at rest,” Micro Focus’s Reiner Kappenberger shared how his team is growing the data security portfolio, adding key capabilities to make it the most comprehensive data-centric security portfolio in the industry. He detailed how they recently added transparent protection for cloud, commercial and in-house applications without critical application changes or integration required. Micro Focus is investing heavily in the protection of data of all types, he added, for structured and unstructured data, whether in use, in transit or at rest, for persistent protection and management of sensitive data across the enterprise.
Enterprises are adopting cloud services whole heartedly. In the panel discussion, “Cloud-based data privacy and protection: protecting data and privacy across hybrid IT,” challenges for enterprises to govern data security and privacy across hybrid IT were outlined. Concerns about control over platforms, multi-tenancy, data residency, identity and access, collaboration and data flowing into and between clouds were discussed.
Lastly, you can’t have an InfoSec conference without addressing GDPR, and the Cybersecurity Summit had a panel discussion on “Regulatory changes in GDPR and the United States.” GDPR raises the stakes for enterprises around the world to improve data governance and protection through its lifecycle. The panel discussed strategies for risk mitigation, including an interlock of tools and techniques to improve governance, manage identity and protect data. The biggest take away was that GDPR has hidden opportunities to create value and dramatically change the ROI of calculation and compliance.