Managing Vulnerabilities in Mobile Applications

How prepared are you for a data breach? With the threat environment growing more complex, and the rise in advanced and targeted attacks, how does your response plan hold up? Threat actors have have changed their tactics; so must you.

This webcast will examine how to develop a robust incident response plan, which takes into account the changes in the threat landscape. Lee Lawson, Solution Architect at Dell SecureWorks, will discuss new approaches to identify advanced threats earlier, and how to go beyond responding to the most obvious symptoms of an attack, to understanding the full extent of the breach and what has been compromised.

This webcast will address the following key themes:

•Security breaches Dell SecureWorks has seen across its global customer base, from advanced and targeted threats
•Developing an incident response plan which takes into account the complex threat landscape
•Getting the necessary visibility into your network to enable you to spot advanced threats early and understand the true scale of the attack.

Advanced Persistent Threats are more than media hype. Dell SecureWorks has seen a significant increase in stealthy activity targeting specific intellectual assets.

Rafe Pilling, Counter Threat Unit EMEA, will provide the latest intelligence on Advanced Persistent Threats, using real-world examples; and provide pragmatic advice on what you should be doing now to protect your organisation.

Security strategies and tactics must evolve in light of the growth in APT attacks; how do you find and stop advanced threats before they become serious breaches?

This webcast will address the following key themes:

•The latest tools and techniques that advanced threat actors are using
•Real-world examples of successful APT attacks
•Best practice for preventing and responding to APTs

Rafe Pilling is a leading information security expert who works as a Researcher in the Dell SecureWorks Counter Threat Unit (CTU). Leveraging Dell SecureWorks' global threat visibility across thousands of customer networks, proprietary toolsets and unmatched expertise, the Dell SecureWorks CTU security research team performs in-depth analysis of emerging threats, including Advanced Persistent Threats.

Merchants are now required to have a process in place to identify and risk rank newly-discovered vulnerabilities in order to be PCI compliant. The intent is to ensure that businesses proactively seek information on new vulnerabilities that might affect their systems, and not simply wait for vendor updates and patch announcements that could come weeks, months or even years after vulnerabilities are discovered.

During this webcast, Ron Kiss, Principal Consultant at Dell SecureWorks, will address the following key themes:

•Integrating requirements introduced this year on ranking identified vulnerabilities that can compromise your cardholder data
•Risk ranking frameworks and what processes to put in place for categorising threats and working within your risk assessment process
•Using threat intelligence to increase protection of the business and provide real value

Ron Kiss is a Principal Consultant within the Security, Risk and Compliance team at Dell SecureWorks. In his current and past roles, Ron has conducted both PCI-DSS and PA-DSS assessments in Europe and overseas. He brings a wealth of experience in assessing Merchants, Service Providers and Payment Applications from a range of industries such as Retail, Airlines, and Finance. 

The rise in targeted threats means that IT security teams must move beyond a general understanding of the threat landscape, to a detailed understanding of their own context and the ability to spot threats targeted at their specific organisation.

What different techniques should you use as a threat evolves from malicious talk in public forums and social media sites, through to more formulated threats, planning stages, and attack stages? In a world of information-overload and an explosion in communication channels, how do you sift through the noise and identify true threats to your business?

During this webcast, Lee Lawson, Solutions Architect at Dell SecureWorks, will address the following key themes:

•The challenges faced by organisations from the rise in targeted threats
•Limitations of security processes in protecting from targeted threats
•How to gain early visibility into the threats targeting your particular organisation

Lee Lawson is the Solutions Architect for Security and Risk Consulting Services at Dell SecureWorks EMEA. In this role he is in charge of envisioning and creating combinations of new and existing services to solve the most unique and difficult customer problems. His past experience was as a Principal Consultant managing the EMEA Security Testing and Response team responsible for all adversarial-testing services such as penetration testing, social engineering and physical intrusions, and all responsive services such as digital forensics and security incident response/handling. This background has provided him with a deep knowledge of the subject having led complex and challenging projects for customers in all industries.

First instalment of security Q&A sessions on whether organisations are operating under a false sense of security with the current measures they have in place.

Don Smith, Dell SecureWorks Technology Directors, discusses Advanced Persistent Threats (APT) and provides fascinating inisght into the topic, including:

•Who are the APT threat actors and what are their objectives?
•What tools and techniques are the hacker groups and cyber-criminals are utilising
•Common attributes of the Advanced Persistent Threat
•Trends and patters of APT gleaned from the Dell SecureWorks coalface
•Who is being targeted by APT and why?
•What measures and controls should organisations be implementing to combat APT
•The importance of a robust Incident Response Plan

Advanced Persistent Threats are more than media hype. Dell SecureWorks has seen a significant increase in stealthy activity targeting specific intellectual assets, and has been involved in investigating and responding to attacks from APT threat actors.

During this webcast, Don Smith, Technology Director at Dell SecureWorks, will discuss real-world examples of APT attacks and how to best protect your organisation.

What do you feel are the three most important elements of your incident response plan for your organization? Do you respond differently if it is an advanced threat?

What steps have you taken to get more visibility into threat actors that might be targeting your organization?

What do you think the security community should do better to defend against advanced threats?

How do you see the security of your organization changing in terms of technology, people and resources in the coming years to address increasingly sophisticated threats?

What distinctions do you make between different types of threats ranging from highly advanced attacks to common malware? How do these distinctions influence your approach to security?

How do you present the risk of advanced threats to senior leaders and business leaders?

Mobile applications can give organisations innovative and compelling ways to interact with their customers, employees and partners. However, mobile apps can increase security and compliance risks by increasing the attack surface for hackers or by inadvertently creating a risk of unauthorised access and data loss.

This webcast will examine the mobile application threat landscape and emerging trends. Rafe Pilling, Head of Security Testing at Dell SecureWorks, will discuss how to build a secure mobile application development lifecycle and present best practice for mobile application security testing.

Mobility is here to stay, so ensure that you are ahead in managing the risks so you can say “yes” to your organisation’s wants .

The Dell SecureWorks Counter Threat Unit has monitored and responded to hundreds of APT attacks across our 3,000+ customer base in the last 12 months. The information gathered from this activity – and information shared with intelligence agencies around the world - includes advanced knowledge of the adversary, their tools and techniques. Most importantly the Counter Threat Unit has perfected how to identify, protect against and respond to APT attacks.

This webcast will examine the threat posed by Advanced Persistent Threats and look at the lifecycle of an attack. Lee Lawson, Security Architecht at Dell SecureWorks, will walk through a genuine APT attack and look at the different phases of attack that were encountered. Considering the motivation behind these attacks, and the range of tactics which are used, how concerned should you really be?

Lee will give insight into best practice for protecting your organisation from APTs, and how you should respond once an incident does occur.

Key topics covered in the webcast include:

•understanding the threat posed by APTs
•understand best practice for defending your organisation from APT attacks
•how to outwit an attacker that anticipates all your defensive moves

Lee Lawson is the Solutions Architect for Security and Risk Consulting Services at Dell SecureWorks EMEA. In this role he is in charge of envisioning and creating combinations of new and existing services to solve the most unique and difficult customer problems. His past experience was as a Principal Consultant managing the EMEA Security Testing and Response team responsible for all adversarial-testing services such as penetration testing, social engineering and physical intrusions, and all responsive services such as digital forensics and security incident response/handling. This background has provided him with a deep knowledge of the subject having led complex and challenging projects for customers in all industries.

The webcast will take the attendee on a journey through the threat landscape taking in sights such as the latest activity on Trojans and viruses, how the bad guys are stealing intellectual property through the use of malware, the future of cyber warfare and how hacktivism has changed the threat landscape for the foreseeable future.

Key themes covered in the session:

• Gain insight into the threats facing your organisation

• An analysis of threat intelligence gathered from the coalface that will illustrate evolutions and revolutions in the cyber landscape

• What has Dell SecureWorks observed across its client base in 2012, and what 'new' behaviours have been identified?

• Inferences, conclusions, and the road ahead: what are the qualitative outcomes of our findings and how can these help inform your strategy for 2012.

Dell SecureWorks processes more than 20 billion security events across thousands of networks around the globe on a daily basis, leveraging the Counter Threat Unit (CTU) research team who perform in-depth analysis of emerging threats and vulnerabilities.

This global visibility and unmatched expertise enables early warnings and actionable security intelligence to customers to protect against threats and vulnerabilities before they impact their organisation.

Lee Lawson is the Solutions Architect for Security and Risk Consulting Services at Dell SecureWorks EMEA. In this role he is in charge of envisioning and creating combinations of new and existing services to solve the most unique and difficult customer problems. with a deep knowledge of the subject having led complex and challenging projects for customers in all industries. Lee often speaks at information security related events for the public and industry insiders and is considered a thought leader in threat landscape.

There were a number of high profile security breaches amongst large organisations that hit the headlines in 2011, leading to brand damage and financial fallout for the companies in question. Why did this happen and how can organisation’s help better protect themselves from security breaches in 2012?

During this Dell SecureWorks webcast, Rafe Pilling, Head of Security Testing, discusses the weaknesses and exposures that often lead to the high-profile breaches and how building effective security testing programmes can help organisations stay out of the headlines.

Key topics included in the webcast:

•Pitfalls of sticking with the old "commodity" penetration test model

•Common examples of where the traditional "vulnerability scan and report" combo is no longer effective

•The new threats and penetration testing methods required to discover weaknesses in an organisations security posture

•The model of intelligence driven security testing and why you need this approach to protect your business.

“I know that half my budget is wasted but I don’t know which half.”

While this often-quoted statement, attributed to early 20th century American merchant and politician John Wanamaker, was originally about advertising, it applies to security too.

Despite significant spend from organisations on security technology, security breaches are still a daily occurrence and all too often the result of a known threat and vulnerability that should have been fixed.

Don Smith, VP of Engineering and Technology at Dell SecureWorks, will describe why new threat actors have changed this landscape adding significant complexity and entropy to the life of the security professional.

Don will then present a bold view of the current state of information security and propose a refreshing, pragmatic approach for improving the security stance of your organisation.

Congratulations, you have received your Report on Compliance (ROC). Now what? Many organisations struggle with this question. While they may have had a dedicated team to get them through the initial ROC, they often lack the resources needed to make compliance a day-to-day reality instead of an annual exercise. They may lack the expertise to develop a long-term plan or struggle to find funding for it, or be faced with pressures to incorporate new technology into their environment - such as virtualisation and cloud computing - while remaining compliant.

This session will explore the strategic and tactical issues that merchants face in remaining compliant as well as practical advice on how to address them.

Key themes covered in the webcast:

Advice for developing a long-term plan while minding day-to-day needs and demands

How to embrace transformational change in IT, such as virtualisation and cloud computing, while staying compliant

How a strong security policy can help merchants to achieve on-going compliance