Evolving Security Monitoring: Bringing Context Into SIEM

Big data has the potential to unlock data analytics to a whole new level. With more data comes more targeted predictive analytics, marketing, security measure and more. However, as you collect more data, especially about people, privacy becomes an issue. How much data about one person is too much data? Where do we draw the line between good business practices and invasion of privacy?

Attend this webinar as this panel of experts discover where that line lands and which questions should you and should you not be asking from big data.

In this post-PC era, people work from outside the office on smart phones, tablets and laptops. They use unsecured Wi-Fi at airports, coffee shops and hotels. And the rise of cloud-based applications has enabled employees to access critical data without connecting back to headquarters through a VPN. As the lines between when, where and how work gets done continue to blur, and IT continues to lose visibility and control, security risks increase. Yet, despite the rapidly shifting technological landscape, exploding device diversity, and the rising work-anywhere culture, security solutions still focus on how to secure corporate networks. This session will discuss how businesses can leverage the cloud to seamlessly deliver security to users, wherever they choose to work.

Today’s MDM solutions are effective at lost device and malicious app protection, ensuring passwords are used and separating and securing both personal and corporate information on the same device – but what about protecting against apps with shady privacy practices? For instance, apps whose developers monetize through imbedded advertising engines which pay based on the amount of user data collected. Or, apps which insecurely store, access and/or transmit user data. How can IT admins protect against the choices users are making when installing 3rd party apps? From a security perspective, this area needs to be addressed before corporate and personal data is compromised. As a result, a mobile application reputation service for Android and iOS platforms is required to specifically address the issues of shady apps. By analyzing dozens of key metrics, app reputation analysis greatly assists in the decision making process when it comes to a user installing a new app. By being able to immediately alert the user to the potential security risks, or poor security practices, it provides an informed opportunity for them to compare the app against other similar, yet more secure, apps.

BYOD has several implications on protecting your corporate data, whether the device is managed, unmanaged, owned, controlled, or trusted. Many have been conditioned to believe that you cannot protect data on devices that you do not control, manage or own. Learn about the common misconceptions about BYOD security and what you can do to regain control over your corporate data on ANY mobile device, even without managing it.

From increasing productivity to reducing operational costs, it's time for companies to look at how they be more effective with BYOD. Join Marco Nielsen, VP of Services at Enterprise Mobile, as he shares how to optimize your BYOD strategy and execution, how to make the most of your existing management solutions and how to address security challenges that have arisen from a much more diverse mobile device and application landscape.

Bring Your Own Device (BYOD) policies have led to the consumerization of IT in the enterprise that delights business users, but creates security challenges for IT departments.
This panel discussion will discuss the security challenges that personal smartphones and tablets can bring to organizations. It will also examine what can be done to strengthen the security posture of a company with a BYOD policy. Topics that will be discussed include:

Malware, rooted devices, & remediation
Policies & policy enforcement
Mobile Device Management (MDM)
Digital containers for enterprise data
BYOD security best practices

Businesses around the world are observing a constant increase in the amount of employees bringing their own devices to work. The trend has become significant that the term "BYOD" can no longer be ignored by corporations.

Up until now, businesses debating their BYOD policy have focused on three key aspects: flexibility, convenience and productivity. However, new research goes much further than these simple needs. As we live in a constantly connected world, scientists are discovering distinctive addiction patterns in the brains of device users. There is now evidence that preventing someone from using their device can increase levels of stress and nervousness.

With such strong connections between people and devices, it is impossible to try and resist the BYOD trend. If you can't fight it, how will you secure it?

Employees are bringing their own tablets, smartphones, personal computing devices – and their expectations of how they want to perform their jobs, to work. But, whether the employee or enterprise bought the phone, with shared-use devices the fundamental requirements are the same – keep business data secure, and personal data private.

This webinar will present an application architecture for mobile that’s built around the identity of the employee. The architecture will consider the employee’s role and authorization rights to access business apps and data, while also ensuring personal data is not accessible by the enterprise. Questions covered include:

Why is BYOD an identity problem?
What BYOD factors must be balanced?
What identity standards can help address BYOD?

A 2012 global survey reported that 88% of consumers use a personal mobile device for work. This year, Gartner has gone further, predicting that 50% of employers will stop providing devices by 2017, requiring employees to bring their own. If a bring your own device (BYOD) programme doesn’t already exist in your organisation, you need to start thinking now of the risks and if and how they can be managed. This webinar will discuss the continuing BYOD and mobile device in the workplace trend and offer an information-centric approach to assessing and managing the associated risks. It will provide insight and guidance on the implementation of BYOD programmes and in particular, discuss how to:

· Take a risk-based approach to implementing BYOD projects

· Identify the risks and threats posed by employee-owned devices connecting to the organisation’s systems

- Conduct analysis of the business impacts that BYOD incidents could present

· Assess the organisation’s vulnerabilities to those threats

· Adopt and learn from BYOD leading practices

The audience for this webinar is Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), executives responsible for BYOD programmes, their direct reports, and all others participating in committees or working groups responsible for managing BYOD programmes.

Synopsis:
Cool technologies show up for the consumer market before they're available to the business market. Employees are either going to figure out ways around the corporate security rules, or they're going to take another job with a more trendy company. Either way, senior management is going to tell security to get out of the way. It might even be the CEO, who wants to get to the company's databases from his brand new iPad, driving the change. It's going to be harder and harder to say no. Peter Wood looks at what firms are doing to answer this challenge and offers some pragmatic advice

About the speaker:
Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio and written many articles on a variety of security topics.

Peter has worked in the electronics and computer industries since 1969. He has extensive experience of communications and networking, with hands-on knowledge of many large-scale systems. He founded First Base Technologies in 1989, providing information security consultancy and security testing to commercial and government clients. Peter has hands-on technical involvement in the firm on a daily basis, working in penetration testing, social engineering and awareness.

This presentation addresses how various services offered by Google can become a threat to your companies’ privacy and confidentiality policies.

It deals with Google’s capabilities to capture and aggregate information with or without user knowledge. Special attention is given to Google’s key offerings such as:

* Google Searches
* GMail
* Orkut
* Google Toolbar
* Google Desktop
* Android
* Chrome Browser
* Case Studies from around the world

While information security risk management is a relatively mature discipline; its tenets are almost never applied to the deployment of devices or apps in the enterprise.The technology is simply moving too fast for a formally considered “identification, assessment, and prioritization of risks, followed by a coordinated and economical application of resources.”

Even in the absence of a formal ISO 31000 risk management program,however, there’s a lot we can do to minimize app security problems and mobile risk to the enterprise. In this webinar we’ll discuss technologies that can eliminate the need to penetration test, audit, and certify individual apps for security and safety. Instead we propose a method by which enterprises can certify a single app security approach—expediting industry compliance and audit requirements, such as HIPAA and PCI.

When is the very worst time to make a commitment? When we know the very least. How can we make sensible commitments while also reducing risks? By using Proactive Risk Management. Niel Nickolaisen developed Proactive Risk Management in order to do two things – properly and concisely profile and mitigate risk and align commitments as to what and when with risk mitigation. This method encourages iterative risk management while also satisfying stakeholders as to what must be true before the team can make a concrete commitment.

Synopsis:
Whether or not your business is at high risk of an attack, appropriate action must be taken in the event of a data breach. The procedure must ensure that the business is not compromised while still preserving necessary forensic evidence.
There are currently no data breach notification regulations in force - but if there were, how would your business fair with them? Is your business using best practices before it has to comply?
This session will explore some of the best practices to follow in dealing with breaches before EU Data Protection Regulations require data breach notification and response to data subjects in the event of a breach.

About the speaker:
Sarb Sembhi is a Principal Security Consultant with “Incoming Thought”, a security consultancy. Sarb is a regular speaker at Information Security Conferences around the world, including at CxO Summits, Gartner Summits, InfoSec Europe, RSA Europe, HITB, BCS, ISACA, IIPSec, IT Directors Forum.
Sarb is also the immediate past President of ISACA (London Chapter), Chair of the ISACA Region 3 Government and Regulatory Agencies Sub-committee, a member of ISSA Advisory Board, Eurim, Infosecurity Magazine Editorial Board, Infosecurity Advisory Council 2009, and an individual member of the Parliamentary IT Committee.

In this webinar, Michi will discuss how an organization can take the requirements of their infrastructure around operational controls, compliance and security to extend and expand them into a Security Intelligence solution.

Using a use case approach, organizations can look to extend and build upon their existing systems and controls to provide real-time warnings and feedback that allows them to make informed decisions focused around their business needs. Rather than just having a "top 10 attacker" reports and dashboards, how about a system that focuses around application lines and how this impacts business is more useful.

Synopsis:
The hot topics for 2013 are still cloud security, social networking and ‘bring your own device’ (BYOD). Peter Wood explores what happens when these three trends collide and the effect on the security of a typical large organisation. Pete believes that conventional security thinking has failed to address these challenges – so how do we deal with this brave new world and what can you do to manage the risks?

About the speaker:
Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio and written many articles on a variety of security topics.

Peter has worked in the electronics and computer industries since 1969. He has extensive experience of communications and networking, with hands-on knowledge of many large-scale systems. He founded First Base Technologies in 1989, providing information security consultancy and security testing to commercial and government clients. Peter has hands-on technical involvement in the firm on a daily basis, working in penetration testing, social engineering and awareness.

Before you choose an antivirus solution it's important to understand how it goes about detecting malware in the first place. Join us as we discuss:
- Security in the News
- Modern threat categoreis and attack vectors
- Endpoint risks, infection methods, payloads
- Detection with signatures and hueristics
- Zero Day Risk
- Technologies that protect removeable storage devices
- Best Practices

Fires, tornadoes, and hurricanes. Viruses, malicious attacks, and human error. Today's CTO must be part strategist, part superhero in his effort to achieve an always on infrastructure.

Join guest speaker Chris Sherman, researcher at Forrester Research, Inc., serving security & risk professionals, and learn why a new approach is needed to protect your enterprise against advanced threats.

Attend this webcast and learn:

-Why traditional security solutions-such as antivirus-are increasingly ineffective against the relentless tide of today's advanced threats and targeted attacks
-How real-time visibility, forensics and signature-less detection on endpoints and servers are the keys to reducing your organization's threat surface
-The benefits of integrating endpoint/server security with network security for comprehensive protection