Integrating Software Supply Chain Security into Security Operations

Sophisticated threat actors are turning to Software Supply Chain attacks to evade today’s defenses. Tactics include inserting malicious code into open-source repositories like npm and PyPi, developing attacks leveraging new software vulnerabilities, and infiltrating vendor development environments to insert malicious packages into their software solutions. In the last year, ReversingLabs observed a 289% increase in threats involving open-source repositories. Gartner goes on to predict that 45% of all organizations will experience a Software Supply Chain attack by 2025. In this webinar, We’ll talk about how Security Teams are adopting new purpose-built tools and tactics, techniques and procedures to protect and respond to Software Supply Chain attacks. We’ll cover how the roles, decisions and actions facing software verification, triage, investigation, detection engineering, and threat hunting operations need to adapt to this new and growing attack vector.

    1. AppSec vs. DevSecOps (East Coast CISO vs. West Coast CISO) What's the difference?

    2. How did the SolarWinds Software Supply Attack Change the Threat Landscape?

    3. What Type of IR & Hunt exercises can the SOC Implement ? (YARA, RHA) 

    4. Will the SOC Shift Left? (SBOMs / PBOMs - & Innovation sprawl)

    5. Software Supply Chain Adversary Emulation (WAF, DAST, SAST.. . but no STATS!)

    6. What's on the horizon in the year 2025? What will be the state of Software Supply Chain Security? Who will OWN open-source software and its security / accountability?