Security is in the Eye of the Beholder

Big data has the potential to unlock data analytics to a whole new level. With more data comes more targeted predictive analytics, marketing, security measure and more. However, as you collect more data, especially about people, privacy becomes an issue. How much data about one person is too much data? Where do we draw the line between good business practices and invasion of privacy?

Attend this webinar as this panel of experts discover where that line lands and which questions should you and should you not be asking from big data.

In order to properly understand the mobile malware threat, it is not sufficient to understand platform particulars (such as limitations of battery power and computing power) or to understand software, hardware and firmware approaches designed to complicate corruption of devices. It is also important to understand the motivations of the malware authors.

At the same time as we benefit from understanding attackers, we also benefit from seeing the problem from the perspective of the potential victim. Since mobile devices are commonly always on and many types of malware depend on a user action (such as accessing an email), we can conclude that this change of access patterns has the potential of substantially increasing the propagation rate, including during the normally very slow ramp-up phase.

Having created a clear understanding of the threat, and its likely future trends, we are ready to consider what features need protection. By breaking free from the traditional expectation of defending against malware and instead considering the rational motivations of typical fraudsters, we can identify what routines and information repositories are most likely to be targeted by malware and focus our attention on how to improve our protection of these.

Another objective of relevance is to consider ways to align control to the access of such critical resources with liability -- in other words, to allow relying parties to make security assessments of devices before granting access to resources they control. If done successfully, it will reduce the need for typical consumers to take control of the security of their devices -- a very important goal to reach given that typical consumers are not good judges of what constitutes safe behavior.

In this post-PC era, people work from outside the office on smart phones, tablets and laptops. They use unsecured Wi-Fi at airports, coffee shops and hotels. And the rise of cloud-based applications has enabled employees to access critical data without connecting back to headquarters through a VPN. As the lines between when, where and how work gets done continue to blur, and IT continues to lose visibility and control, security risks increase. Yet, despite the rapidly shifting technological landscape, exploding device diversity, and the rising work-anywhere culture, security solutions still focus on how to secure corporate networks. This session will discuss how businesses can leverage the cloud to seamlessly deliver security to users, wherever they choose to work.

Today’s MDM solutions are effective at lost device and malicious app protection, ensuring passwords are used and separating and securing both personal and corporate information on the same device – but what about protecting against apps with shady privacy practices? For instance, apps whose developers monetize through imbedded advertising engines which pay based on the amount of user data collected. Or, apps which insecurely store, access and/or transmit user data. How can IT admins protect against the choices users are making when installing 3rd party apps? From a security perspective, this area needs to be addressed before corporate and personal data is compromised. As a result, a mobile application reputation service for Android and iOS platforms is required to specifically address the issues of shady apps. By analyzing dozens of key metrics, app reputation analysis greatly assists in the decision making process when it comes to a user installing a new app. By being able to immediately alert the user to the potential security risks, or poor security practices, it provides an informed opportunity for them to compare the app against other similar, yet more secure, apps.

Smart phones and portable devices are overtaking PCs and laptops
as the primary gateway for users accessing the Internet and web-based
applications. However, this fragmented ecosystem poses treacherous
challenges to app developers like banks and financial institutions, even as it provides extremely lucrative hunting grounds for hackers.

This talk examines current market trends for mobile apps, explains major classes of threats and hacks faced by mobile apps, and suggests mitigation strategies.

For twenty years Peter Wood and his team at First Base Technologies have conducted network penetration tests for some of the largest organisations in the UK. These tests have revealed that most networks suffer the same vulnerabilities, most of which could be negated by understanding how and why attacks take place. In this presentation he discusses these vulnerabilities, illustrated by real-world examples, and suggests ways in which your exposure to attack can be minimised

From increasing productivity to reducing operational costs, it's time for companies to look at how they be more effective with BYOD. Join Marco Nielsen, VP of Services at Enterprise Mobile, as he shares how to optimize your BYOD strategy and execution, how to make the most of your existing management solutions and how to address security challenges that have arisen from a much more diverse mobile device and application landscape.

Bring Your Own Device (BYOD) policies have led to the consumerization of IT in the enterprise that delights business users, but creates security challenges for IT departments.
This panel discussion will discuss the security challenges that personal smartphones and tablets can bring to organizations. It will also examine what can be done to strengthen the security posture of a company with a BYOD policy. Topics that will be discussed include:

Malware, rooted devices, & remediation
Policies & policy enforcement
Mobile Device Management (MDM)
Digital containers for enterprise data
BYOD security best practices

The widespread cloud adoption and the DevOps movement are unifying parts of the organization that has never worked together before: Development, IT Operations, Infosec and Service Management. Together, they’re achieving outcomes that we’ve never seen before: hundreds or even thousands of deploys per day, with unparalleled uptime and security. This panel will discuss how DevOps discuss how all these various stakeholders are required to help the business win.

Panel:

Gene Kim, Author, "The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win” (Moderator);
Nick Galbreath, VP Engineering IPONWEB;
Jez Humble, Author, “Continuous Delivery,” ThoughtWorks Studios;
John Willis, Chief Security Architect, enStratius

Employees are bringing their own tablets, smartphones, personal computing devices – and their expectations of how they want to perform their jobs, to work. But, whether the employee or enterprise bought the phone, with shared-use devices the fundamental requirements are the same – keep business data secure, and personal data private.

This webinar will present an application architecture for mobile that’s built around the identity of the employee. The architecture will consider the employee’s role and authorization rights to access business apps and data, while also ensuring personal data is not accessible by the enterprise. Questions covered include:

Why is BYOD an identity problem?
What BYOD factors must be balanced?
What identity standards can help address BYOD?

A 2012 global survey reported that 88% of consumers use a personal mobile device for work. This year, Gartner has gone further, predicting that 50% of employers will stop providing devices by 2017, requiring employees to bring their own. If a bring your own device (BYOD) programme doesn’t already exist in your organisation, you need to start thinking now of the risks and if and how they can be managed. This webinar will discuss the continuing BYOD and mobile device in the workplace trend and offer an information-centric approach to assessing and managing the associated risks. It will provide insight and guidance on the implementation of BYOD programmes and in particular, discuss how to:

· Take a risk-based approach to implementing BYOD projects

· Identify the risks and threats posed by employee-owned devices connecting to the organisation’s systems

- Conduct analysis of the business impacts that BYOD incidents could present

· Assess the organisation’s vulnerabilities to those threats

· Adopt and learn from BYOD leading practices

The audience for this webinar is Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), executives responsible for BYOD programmes, their direct reports, and all others participating in committees or working groups responsible for managing BYOD programmes.

Synopsis:
Cool technologies show up for the consumer market before they're available to the business market. Employees are either going to figure out ways around the corporate security rules, or they're going to take another job with a more trendy company. Either way, senior management is going to tell security to get out of the way. It might even be the CEO, who wants to get to the company's databases from his brand new iPad, driving the change. It's going to be harder and harder to say no. Peter Wood looks at what firms are doing to answer this challenge and offers some pragmatic advice

About the speaker:
Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio and written many articles on a variety of security topics.

Peter has worked in the electronics and computer industries since 1969. He has extensive experience of communications and networking, with hands-on knowledge of many large-scale systems. He founded First Base Technologies in 1989, providing information security consultancy and security testing to commercial and government clients. Peter has hands-on technical involvement in the firm on a daily basis, working in penetration testing, social engineering and awareness.

Synopsis:
The hot topics for 2013 are still cloud security, social networking and ‘bring your own device’ (BYOD). Peter Wood explores what happens when these three trends collide and the effect on the security of a typical large organisation. Pete believes that conventional security thinking has failed to address these challenges – so how do we deal with this brave new world and what can you do to manage the risks?

About the speaker:
Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio and written many articles on a variety of security topics.

Peter has worked in the electronics and computer industries since 1969. He has extensive experience of communications and networking, with hands-on knowledge of many large-scale systems. He founded First Base Technologies in 1989, providing information security consultancy and security testing to commercial and government clients. Peter has hands-on technical involvement in the firm on a daily basis, working in penetration testing, social engineering and awareness.

Before you choose an antivirus solution it's important to understand how it goes about detecting malware in the first place. Join us as we discuss:
- Security in the News
- Modern threat categoreis and attack vectors
- Endpoint risks, infection methods, payloads
- Detection with signatures and hueristics
- Zero Day Risk
- Technologies that protect removeable storage devices
- Best Practices

Join guest speaker Chris Sherman, researcher at Forrester Research, Inc., serving security & risk professionals, and learn why a new approach is needed to protect your enterprise against advanced threats.

Attend this webcast and learn:

-Why traditional security solutions-such as antivirus-are increasingly ineffective against the relentless tide of today's advanced threats and targeted attacks
-How real-time visibility, forensics and signature-less detection on endpoints and servers are the keys to reducing your organization's threat surface
-The benefits of integrating endpoint/server security with network security for comprehensive protection

There are always new threats in Social Media out there. What are the newest social media platforms and threats associated with them?

Enterprise Mobility Management is evolving as quickly as the devices and apps it means to control. Mobile security is constantly having to adapt to innovations in mobility. Organizations need to approach mobility management as an integral part of their mobile strategy. Security should be intrinsic but not inhibitive. Come learn where mobility is going, mobility management questions your organization should be asking, and what you can do to assure that your end-users and data are protected.

In the last 10 years, hacking has become big business with a well organised infrastructure, defined roles and responsibilities, and sophisticated attack vector automation that generates large-scale attacks of unprecedented size, speed and devastation. Advanced protection is needed in order to successfully stand up to the ‘industrialisation of hacking’. In this webinar, Andy will talk about:

- How to prevent web attacks like SQL injection, cross-site scripting, app DDoS or site scraping.

- The limitations and vulnerabilities associated with IPS solutions and other traditional security solutions.

- Attack-mitigation techniques for combating malware including bots and other automated attacks common in industrialised hacking.

- How to protect networks from the ‘compromised insider’ threat.

About the speaker:
Mark has 18 years’ experience in the IT industry, and has specialised in Internet security systems for more than 16 years. Mark is a passionate evangelist for technology and is multi-skilled across a broad range of security solutions including Firewalls, VPNs, IPS, WAF, web and email content filtering, SIM/SIEM, load balancing, DLP, risk assessment, monitoring tools, DB security and consultancy. Mark joined Imperva in 2007 and held previous technical roles at Nokia and contracted as a security specialist where he has held senior roles designing and implementing firewall, IDP and VPN solutions in mission critical environments.