Information Security

Enterprise Mobility Management is evolving as quickly as the devices and apps it means to control. Mobile security is constantly having to adapt to innovations in mobility. Organizations need to approach mobility management as an integral part of their mobile strategy. Security should be intrinsic but not inhibitive. Come learn where mobility is going, mobility management questions your organization should be asking, and what you can do to assure that your end-users and data are protected.

"You look at how you're going to let this operate within your network. So you start with the policy, then you look at the technology that you need to deploy on these devices. Then you actually look at who has access to what." Jeffrey Vinson, Director and CISO of SecureNet Payment Systems, discusses the steps to progress through when preparing for BYOD in your business.

In the last 10 years, hacking has become big business with a well organised infrastructure, defined roles and responsibilities, and sophisticated attack vector automation that generates large-scale attacks of unprecedented size, speed and devastation. Advanced protection is needed in order to successfully stand up to the ‘industrialisation of hacking’. In this webinar, Andy will talk about:

- How to prevent web attacks like SQL injection, cross-site scripting, app DDoS or site scraping.

- The limitations and vulnerabilities associated with IPS solutions and other traditional security solutions.

- Attack-mitigation techniques for combating malware including bots and other automated attacks common in industrialised hacking.

- How to protect networks from the ‘compromised insider’ threat.

About the speaker:
Mark has 18 years’ experience in the IT industry, and has specialised in Internet security systems for more than 16 years. Mark is a passionate evangelist for technology and is multi-skilled across a broad range of security solutions including Firewalls, VPNs, IPS, WAF, web and email content filtering, SIM/SIEM, load balancing, DLP, risk assessment, monitoring tools, DB security and consultancy. Mark joined Imperva in 2007 and held previous technical roles at Nokia and contracted as a security specialist where he has held senior roles designing and implementing firewall, IDP and VPN solutions in mission critical environments.

Don't be caught off guard when your auditors show up and start asking internal control questions that you can't answer. In this roundtable session, listen, learn, and share your experiences around managing your internal control system with your ERP system and what to be prepared for BEFORE the auditors show up. There are always tips to learn from others in the compliance area and this session traditionally has lively dialogue, so don't miss this opportunity to prepare for your next audit.

Mobile devices and applications are redefining business, revolutionizing productivity and driving competitive advantage. But as the volume of mobile applications increases, so too are mobile exploits. In the rush to enter the mobile software market, are we taking shortcuts that force us to repeat sins of the past? Like caching sensitive data, incomplete encryption and simple mistakes in coding? Don't let old-school vulnerabilities allow hackers to resurrect previously obsolete malware and exploits. With the experience of more than 1,400 incident response investigations, thousands of penetration tests and hundreds of application security tests, Trustwave SpiderLabs' Charles Henderson will show IT, security and development teams how to make sure they're not leaving sound security practices and due diligence behind as they develop new mobile applications.

While a key driver for adapting security technologies, compliance is still a huge burden for most organizations. In the presentation we will discuss novel approaches to both lower the cost of compliance and derive relevant business value from the process. Changing the compliance process from a periodical manual process into a continuous automated process ensures real time visibility into your compliance posture as well as the ability to react in real time to compliance issues rather than just after the fact. By overlaying the information collected with your enterprise IT asset model, the real time compliance information can also contribute to business driven risk management and help in making the right investment decisions in information security.

Cyber attacks are reaching pandemic levels. State-sponsored groups and organized crime are successfully stealing valuable intellectual property—including critical infrastructure and operational readiness information, businesses’ and consumers’ financial data—often without anyone realizing the attack has occurred. But preparedness cannot be delegated solely to the IT department. The involvement of the entire enterprise, armed with an understanding of the highly dynamic landscape, is vital for warding off potential threats.

Join your fellow professionals to discuss these trends, and, more importantly, some new perspectives on how to address them:

Risks:

Impacts on risk from evolving adversaries
Risks driven by changes in the changing technology landscape
(including cloud, virtualization, consumerization and mobile)
The ever empowered privileged user

Solutions

Adversary centric security models
Applying security without infrastructure control
Designing for the secure breach

Establishing PCI DSS compliance can be extremely resource intensive. For medium to large organizations, the many tasks involved in documenting, tracking and auditing network security procedures manually can take days. With an automated firewall operations, auditing and compliance solution, companies can substantially reduce the time and cost of PCI DSS compliance as it applies to the management of firewalls, routers and related network security infrastructure. Learn how to reduce the amount of time required for audit preparation by more than 50%, while enabling continuous compliance with the PCI standard.

Automation is key when it comes to production. The same is true for malware. Malware production has moved on from the traditional manual method to a more efficient automated assembly line. In this talk, I will take the audience on an over-the-shoulder look at how attackers automate malware production. Discussion will focus on the tools and methodologies the attackers use to produce thousands of malware on a daily basis. The talk will then conclude with a live demonstration of how malware is produced in an automated fashion.

The HP Security Research team (HPSR) is hard at work monitoring the threat landscape for new campaigns, profiling actors to understand their motivations, identifying the tools they use and determining how credible certain threats might be. It’s part of a long-term strategy for developing a new threat intelligence-sharing model. Why is that important? It will provide real-time info from the larger security community-- enterprises like yours, industry security organizations and security vendors-- that can be used to automate and catch these breaches immediately.

Learn about HP’s findings, including these culprits: injection flaws, DDoS, various phishing techniques and zero day vulnerabilities. How can you address the inevitable breaches that will occur?