Welcome to sababa [talks]!
In Sababa Security we conduct regular sababa [talks] webinars, dedicated to various aspects of cybersecurity. We invite guest speakers working for various security vendors, internal colleagues, partners and just community friends to look at how diverse companies and their security needs are, and therefore, how challenging it can be to find the right security solution.
During every session we pick up a security technology, training, or service, and learn why it is useful and how it works, as well as explain how your business can benefit from it. Live demos and giveaways to guests are included.
Pick up the topic, register now, and see you soon!
16/11/2022 16.00-17.00 GMT+1
Bienvenido Virtual CISO – Conexión de competencias en Ciberseguridad [SPANISH]
30/11/2022 16.00-17.00 GMT+1
Minimizando el estrés en la Seguridad ICS – a Través de un Enfoque Estructurado y Buenas Prácticas [SPANISH]
13/12/2022 16.00-17.00 GMT+1
MDR-XDR-SOC: Desmitificando la Seguridad Gestionada [ITALIAN]
Sababa MDR 2.0 – Protezione Avanzata Gestita da Professionisti Italiani della Sicurezza
with Andrea Salvaterra and Alessandro Stobbia (Sababa Security)
Anche se sei alla guida dell'ultimo modello di auto, devi comunque guardare la strada per evitare incidenti. Lo stesso vale per la protezione degli endpoint: anche la tecnologia EDR più avanzata non può garantire un rilevamento e una risposta ottimali se non c'è nessuno che controlla costantemente il suo operato e prende decisioni tempestive.
Guerra por el DNS: Controle el Tráfico para Burlar el Ransomware
con Hedi Marcassoli and Pedro García Villacañas (Sababa Security)
¿Sabía que el 91% de las aplicaciones, los documentos y los sitios web maliciosos se comunican con los servidores DNS corporativos para robar datos o redirigir el tráfico a sitios maliciosos? WannaCry, NotPetya, SolarWinds son solo algunos de los ejemplos más famosos, pero hay
Concienciación en Seguridad para equipos no técnicos
with Hedi Marcassoli and Perdo García-Villacañas (Sababa Security)
Una investigación reciente de Sababa Security da como resultado que 21 usuarios de cada 100 realizan acciones inseguras al recibir un correo electrónico de phishing. Estas acciones incluyen hacer clic en los enlaces, descargar archivos adjuntos y compartir datos confidenciales con estafadores. Aumentar la resiliencia de su empresa al phishing es posible una vez que forme a sus equipos internos para que reconozcan las técnicas de ingeniería social y comuniquen adecuadamente cualquier actividad sospechosa.
The Power of Cyber Intelligence: Make Your Business Benefit from Practical Threat Intelligence
with Alessandro Anselmi (Sababa Security)
Cyber intelligence is fundamental and still one of the most mysterious elements of the security scenario in the newly digitized information world. It allows knowledge of threat scenarios and criminal contexts to be translated into a better understanding of security risks to determine the best defence strategy and tactics for a company. During the webinar you will learn what is cyber intelligence, how to classify online crime, and how to use cyber intelligence in practice to prevent cyber-attacks.
Dispositivi IoT: Come Gestirli in Sicurezza con Sababa e Phosphorus
con Alessio Aceti (Sababa Security)
Sababa Security è lieta di invitarti ad un webinar esclusivo dedicato ad un’innovativa soluzione di Phosphorus per la gestione dei dispositivi IoT – dai Display della Digital Signage allo Smart Meeting Display, dalle stampanti alle telecamere, dagli Access Point ai telefoni VoIP, e non solo. Molto spesso, infatti, questi device hanno firmware obsoleti e password di default che espongono la tua azienda ad elevati rischi cyber, rappresentando una vulnerabilità facilmente sfruttabile dagli attaccanti.
Cyber Due Diligence: La Sicurezza e la Software Governance Necessarie Per Prendere Decisioni Importanti
with Augusto Fedriani, Alessandro Anselmi (Sababa Security), Alexandro Regoli, Sabrina Di Cristofaro (SoftwareONE)La cybersecurity, così come la software governance, possono essere tanto importanti quanto complesse per le imprese, soprattutto quando un'azienda deve acquisirne un’altra o quando un'organizzazione si deve preparare per un audit di verifica. In queste situazioni, ciascuna parte coinvolta vuole essere a conoscenza di qualsiasi vulnerabilità esistente o potenziale rischio in anticipo, così da poter prendere decisioni sagge – basate su fatti – per il futuro delle proprie imprese.
Play and Learn: Practical Tips for Successful Security Awareness Training
with Virginia Puleo (Sababa Security)When you have a clear objective of spreading awareness among teams inside your organisation, you can easily come across different levels of technical skills and understanding of cybersecurity challenges. Moreover, you have to deal with users engaged in many diverse daily activities. Training people in cybersecurity is not just a matter of providing a ton of information and hoping that they will digest it, it is about behavioural changes too. And one of the most efficient ways of doing that is by actively engaging users. Within this perspective, findings show that gamification positively impacts on learners’ ability to recall, retain and make practical use of the training content, leading to faster and more notable results.
Is the Era of SIEM Over? - New Extended Detection & Response (XDR) Tools
with Anrea Salvaterra (Sababa Security), Leonardo Antichi (Sababa Security) and Antonio Pusceddu (Secureworks)XDR (Extended Detection and Response) solutions represent the next generation of tools for detecting and responding to targeted cyber-attacks of all kinds. But how do these new generation solutions differ from traditional security services? And what impact can an XDR solution have on business productivity and efficiency? During the webinar to find out: • How to protect your company’s attack surface at 360 degrees • How to reduce your IT resource’s workload: no more " false positives " and "background noise" • That “SOC as a service” is a team of specialists supporting you for during the security management and incident response cycle - with one click • Why it is important to have a localised first line of SOC and how to leverage from additional managed services provided by local suppliers
Cybersecurity Fundamentals: Quick Start Kit to Protect Your Business
24/11/2021with Leonardo Antichi (Sababa Security) Whether a company only starts thinking of its cybersecurity strategy or needs to identify the next security investment, it should be careful. The market generously offers any kind of technology, service, and training, that can make anyone overwhelmed. In order to make the right choice, decision makers need to know what the company’s needs are. Therefore, we made Sababa Cybersecurity Fundamentals – a package of 3 short services, that combine general and technical assessments with hardening of Active Directory. As a result, businesses gain crystal-clear understanding of their risk vectors as well as next step guidelines with respect to their maturity level, industrial compliance standards, business plans and budgets.
Sababa Security Portfolio: Tailored Approach to Cybersecurity
10/11/2021with Alessio Aceti (Sababa Security) When it comes to defining the next cybersecurity investment or building up a long-term security strategy for an organization, details matter. Does the company have a connected OT infrastructure and IoT devices to be protected alongside its IT network? Are there any specific compliance standards to consider? How mature are the company’s security processes and internal IT teams? What are its business objectives? Answers to the above and a bunch of other questions are vital to define the blend and consequence of security technologies, services, and training most efficient for the organization. Sababa Security comes up with a portfolio of security solutions that meets the unique combination of security requirements for each client. During the session Alessio Aceti, the CEO at Sababa Security, will guide you through the portfolio and reply to your questions.
Virtual CISO and the Real Problems He Handles
30/06/2021with Riccardo Sepe (Sababa Security) Why does a company need a Virtual CISO? Good cybersecurity execution requires strategic vision and proper planning, based on the insights on modern attacks used by cyber criminals and benchmarking with the reference industry. It also needs the latest best cybersecurity practices to set up right protection mechanisms to improve your security posture and resilience. Learn how a Virtual CISO can help your team from this webinar.
Security Is Nothing Without Control
23/06/2021with Olga Orlova, Alfonso Danese and Marco Pasetto (Sababa Security) While companies grow, their infrastructures get more and more complex. As a result, an average company may gain a few security technologies, including firewall, endpoint protection, proxy, network security and more. While the technologies can be properly configured, up and running, and the security policies, passwords, and user administration rights properly managed, the IT and OT networks can still be exposed to security breaches, if nobody is monitoring their security systems.
During the session you will learn, what is a “yellow zone” and why it is a perfect place for a cyber-attack to incubate. You will discover, that the security technologies you are already using, can be enough to protect your company, and find out how you can boost their effectiveness with 24x7x365 security monitoring.
Automotive Cybersecurity: Hacking IoT Systems from Remote
09/06/2021with Omar Morando (Sababa Security) and Giuseppe Faranda (Drivesec) Cyber security, and therefore the resilience to digital attacks, of IoT systems and in general of connected systems, is the enabling element for any network-based and digital ecosystem. The European legislator has started working on regulations for the certification of the security requirements of IoT systems. The automotive sector is the first one to adopt legislation (UN regulation 155) which establishes safety requirements valid for the approval of cars.
The best way to check the level of resilience is the use of penetration tests carried out by specialized personnel. The system that will be described aims to make the penetration tests of IoT systems more agile, monitorable and effective thanks to the "remote control of the testbed", that is, through a platform that brings together supply and demand, supporting the execution of tests without the need for physical access to devices.
MFA: Protect and Simplify Access to Remote Applications
26/05/2021with Leonardo Antichi (Sababa Security) Manuel Minzoni and Romain Breysse (inWebo) Now more than ever, Software-as-a-Service (SaaS) applications not only enable communication and collaboration, but are also a lifeline for remote workers and help organizations efficiently manage internal operations and innovate quickly to keep up with the competition and provide value for consumers.
Proper security and management of the SaaS applications is an essential part of a comprehensive cybersecurity strategy, therefore, using Multi-Factor Authentication (MFA) becomes an excellent way to promote employee mobility and productivity. Find out how inWebo MFA helps companies around the world to face the challenge of a digital transformation: increasingly sophisticated cyber-attacks, smartworking, and data protection in the Cloud.
When It Comes to Cybersecurity, Education is Critical
12/05/2021with Olga Orlova (Sababa Security) and Dasha Diaz (itrainsec) If you understand that knowledge on cybersecurity is important for your company’s human resource resilience, you are on the right track. Security awareness platforms address most of the topics and introduce common security skills and daily habits to non-IT teams. But how do you train your CEO and C-level management, who are attacked 4 times more often and ingeniously? Or how do you upgrade your IT professionals, that may need additional knowledge and practice in Threat Intelligence, or OT security for industrial environments?
Learn from the live streaming with the CEO of itrainsec - our partners that brings advanced cybersecurity training programs to Italian enterprises and security partners. Delivered by recognized trainers from Google, VirusTotal, Skyscanner, DeNexus and others, they can practically upskill and inspire your key cybersecurity stakeholders.
Zero Trust: "If you hit this sign, you will hit that bridge"
14/04/2021with Hedi Marcassoli (Sababa Security) and Dr. Chase Cunningham (Ericom Software) Cybersecurity is at an inflection point. For over 3 decades we have watched as trillions of dollars and billions of man hours have been spent trying to solve an "unsolvable" problem. A problem where the bad guy is the winner and where the adversary is always one step ahead of the defender. It's time to change that. In this session Dr. Chase Cunningham (AKA Dr Zero Trust) will break down the reality of the issues that we face in cybersecurity and provide key insights into not only how but why we should work more effectively to adapt our approach to one of strategy over technology to win. We have a choice, change direction, and go beyond the problem, or continue and face calamity, there is no other alternative.
Sababa Awareness: MSSP-readiness and other news
07/04/2021with Giovanni Bertella and Virginia Puleo (Sababa Security) and Riccardo Fona (Fragma Security) Every day managed service providers (MSPs/MSSPs) support multiple companies in their cybersecurity activities. These include upskilling of the non-IT users of small and midsize organizations in security awareness and healthly cybersecurity behaviour. Learn about Sababa Awareness platform and its training modules and watch the solution demo, including the centralized MSSP dashboard to manage multiple clients. Hear about the solution usage experience from the first hands, as we invite our partner from Fragma Security to share his success story of working with us.
Managed Endpoint Detection and Response with Sababa MDR
31/03/2021with Alessio Aceti and Matteo Oliveri (Sababa Security) and Giuseppe Coppola (Sangfor) Sababa MDR provides managed detection and response to SMB organizations, thanks to the EDR technologies by Sangfor combined with our own SOC expertise and threat management capabilities. During the session you will learn about the Sababa MDR use case scenarios and see how to manage the solution on the client side as well as on the behalf of an MSSP.
The State of Industrial Cybersecurity In Italy
24/03/2021with Alessio Aceti (Sababa Security) and Paola Girdinio (Start 4.0 Competence Center) During the session you will learn what drives industrial cybersecurity in Italy today and what are the current and upcoming strategic projects of the Start 4.0 Competence Center. You will also hear an expert opinion on the state of resilience of critical infrastructures.
Dissecting SolarFlare and How to Detect Future Supply Chain Compromises
17/03/2021with Hedi Marcassoli (Sababa Security), Vittorio Veronesi and Claire Loffler (Vectra) In December 2020 it was revealed that SolarWinds Orion, a popular network management platform, suffered a supply chain compromise. In the weeks that followed 18,000 organizations learned that they were infected by the malicious update, and numerous other vendors had been compromised. In this webinar, we will dissect the supply chain attack, discuss the progression of SolarFlare and how it evaded detection for so long and review strategies to detect future supply chain infections.
Digital risks 2021: how to identify and mitigate new types of scam
10/03/2021with Olga Orlova (Sababa Security), Giulio Vada and Dmitriy Tiunkin (Group-IB) Fraudulent schemes targeting brands online are constantly evolving, both in terms of social engineering tactics and technology. Nowadays, targeted advertising, traffic generation, and personalized content are not just tools for digital marketing but also weapons that fraudsters use to profit off your brand. Join webinar to learn about fake accounts and payment pages, malicious emails and data leaks, and how to properly protect yourself against them.
Extending Security into the Airspace
03/03/2021with Hedi Marcassoli (Sababa Security) and Markus Trostel (Dedrone) Drones are widely used and not always for good. Attacks on critical infrastructures, spying on private objects, unauthorized video recording at public events can harm enterprises, brands, individuals, and environment. Join the webinar on cyber-physical security, that extends into the airspace. During the session you will learn why no site is immune to drone attacks and why traditional security is helpless against drones, how to assess your perimeter for cyber-physical threats, and how to protect against drone intrusion.
10 years of SOC - live interview with Enrico Orlandi
24/02/2021with Olga Orlova (Sababa Security) and Enrico Orlandi (HWG) Join the exclusive interview with the CEO of one of the biggest Italian SOCs Enrico Orlandi. During the session you will learn how an Italian company managed to become the SOC of 15+ central banks around the globe, what are the SOC competences and why it is so difficult to keep SOC internally. You will also earn how to differentiate a mature SOC from a young one.
Active Directory Hardening - Time to Clean Up the Mess
17/02/2021with Olga Orlova and Riccardo Sepe (Sababa Security) Active Directory (AD) is used by over 90% of companies worldwide. Therefore, it is one of the most common targets during cyber-attacks. For example, NotPetya malware, which spread through Active Directory in 2017, caused approximately $10 billion damage globally. During the webinar you will learn what are the indicators to understand it is time for AD hardening, and what you can do to prevent cyber-attacks through AD.
Penetration Testing: How Strong Is Your Cyber Defense?
10/02/2021with Alessio Aceti and Riccardo Sepe (Sababa Security) You do not have to wait for a real cyber-attack to check how strong your security is. Instead, you can be proactive and evaluate the existing security mechanisms of your IT and OT networks, applications, and other areas. During the webinar you will learn what is the best time to evaluate the existing security measures, what areas can be subject to pentest, and what is the process.
Is Your Company Cyber Safe? - Find Out with Security Assessment
27/01/2021with Alessio Aceti and Riccardo Sepe (Sababa Security) Whether your company is going to extend its IT network, revamp its OT infrastructure, or improve in any other way, Security Assessment should be the first step on the way of change. During the webinar you will find out what is Security Assessment and what companies need it, learn about the methodology and some practical aspects of the process, and understand how it helps to find the vulnerabilities unique for your organization and define the associated security risks.
Incident Response - Start the New Year with the Cybersecurity Emergency Plan
20/01/2021with Alessio Aceti (Sababa Security) Security incidents happen anyway. However, the severity of the security incident disruption depends on how well prepared the attacked company is. Sababa Incident Response is a complex set of measures aimed to prepare the company for a security emergency scenario and restore its normal operation disrupted by a cyber security incident as quickly as possible. To make it possible, ideally companies need to act in advance and have their cyber security emergency plan all set before any critical situation happens.
ICS Security - Where to Start?
16/12/2020with Riccardo Sepe (Sababa Security), Omar Morando, and Vladimir Dashchenko (Denexus/itrainsec) Industrial objects are neither isolated, nor air gapped anymore. Instead they are a part of a bigger infrastructure, where OT and IT networks, public areas, and even home offices can be interconnected. As a result, OT networks are vulnerable to the same threats, including cyber, physical, and cyber-physical. During the webinar you will get a deeper understanding of those threats and learn the difference between security approaches applied for IT and OT environments. You will also get the vision on the steps required to ensure cyber safety of the industrial objects across Energy, Transportation, Water Utility, Manufacturing, and other industrial domains facing the challenges introduced by the 4th Industrial Revolution.
You are almost there!
Fill out the form and subscribe to our [talks]