Browse communities
Presenting a webinar?
Share this content

This Cloud is a Smoke Screen

Dave Chronister, Managing Partner of Parameter Security
The cloud is the big thing these days. In the security world, we are concern about possible security issues, but what real world issues are we most likely to face? Parameter Security’s managing Partner Dave Chronister will discuss real world issues he has encountered over the past year. He will also discuss a 0-Day exploit that his firm discovered in a production environment which allowed them to lock out all users and gain access to all systems housed in the cloud. Dave will discuss security issues you should consider while performing due diligence on your cloud-based solutions.
Jun 11 2012
51 mins
This Cloud is a Smoke Screen
Information Security hacking cloud security
More from this community:

Cloud Computing

Webinars and videos

  • Live and recorded (2605)
  • Upcoming (71)
  • Date
  • Rating
  • Views
  • 70% of the success of an IT project relies on the effective user adoption of the new tool or solution implemented. Let us introduce HP ART - a solution which changes the way users adopt and learn enterprise software. The webinar includes analyst observations, HP customer use-cases and a highly visual tool demonstration.
    Read more >
  • On Premise? Outsourced? Dedicated? Cloud? Harness the Power of "Hybrid" for a True "All-of-the-Above" Approach to IT Infrastructure.

    With so much focus on – and hype around – the cloud, we seem to have forgotten that for most businesses IT infrastructure remains a mix of on-premise, outsourced, physical and virtual components that must be optimized into a seamless hybrid environment. Featuring IaaS experts from Latisys and HP, we'll look at how CIOs and CTOs are allocating workloads, applications and data across a diverse infrastructure today – using every tool in their arsenal in an effort to maximize legacy assets, optimize limited IT budgets and leverage technology advancements to make their business more effective and responsive.
    Read more >
  • On Premise? Outsourced? Dedicated? Cloud? Harness the Power of "Hybrid" for a True "All-of-the-Above" Approach to IT Infrastructure.

    With so much focus on – and hype around – the cloud, we seem to have forgotten that for most businesses IT infrastructure remains a mix of on-premise, outsourced, physical and virtual components that must be optimized into a seamless hybrid environment. Featuring IaaS experts from Latisys and HP, we'll look at how CIOs and CTOs are allocating workloads, applications and data across a diverse infrastructure today – using every tool in their arsenal in an effort to maximize legacy assets, optimize limited IT budgets and leverage technology advancements to make their business more effective and responsive.
    Read more >
  • With easy access to public cloud resources like Amazon EC2, end users are completely sidestepping corporate IT and spinning up their own mini-datacenters with only a credit card in hand. This grass roots migration is gaining speed, and industry experts predict 35% of enterprise IT expenditures will go to shadow IT services like AWS in under 3 years.

    If you are in Corporate IT, join this webinar to learn more about:
    - Strategies other IT teams are pursuing regarding public cloud services, both pro and con
    - Management options for IT shops who want to embrace AWS, whether a little or a lot
    - Easy ways for corporate IT to add value to the business units and engineering teams already using Amazon EC2
    - Practical techniques for assuming a public cloud leadership role, even when resources are non-existent

    About the Presenters:
    Lynn LeBlanc, CEO and founder of HotLink Corporation, has over 25 years of enterprise software and technology experience at both Fortune 500 companies and Silicon Valley start-ups. Prior to founding HotLink, Ms. LeBlanc was founder and CEO of FastScale Technology, an enterprise software company acquired by VMware, Inc.

    Oded Haner, CTO at HotLink Corporation, is an accomplished, strategic, collaborative technology leader with extensive experience in developing and implementing innovative IT technologies. Most recently, Mr. Haner was CIO at Monster Cable where he developed and deployed a multi-year roadmap to overhaul corporate architecture towards virtualization, private cloud and SaaS based technologies. As a direct result of his vision, Monster Cable became an early adopter and internal service provider using both on-premise and cloud-based infrastructure.
    Read more >
  • Companies are eager to adopt infrastructure-as-a-service services in both public providers and private datacenters because of the business agility that IaaS enables. Full IT automation, self-service provisioning, and metered usage billing helps companies accelerate the development of their products and services, and improves organizational efficiency. Unfortunately, many companies are struggling to accelerate the most important parts of their business due to the challenges of securing these highly dynamic environments. In this talk Rand Wacker, VP of Products for CloudPassage will describe the challenges of security and compliance in a truly automated cloud and critical topics that you need to be aware of when planning to adopt cloud services in either public or private environments.
    Read more >
  • During this 60 minute webinar we will go over how the BHOLD Suite and the Analytics module can create rules and manage the authorization process. We'll discuss how rule-based testing of access data can be used if organizational policies are being followed, as well as the automated "what if" impact analysis.
    Read more >
  • Automating your data center is the easiest way to free up your IT department's time to work on more strategic projects. Tune in to this webinar as Jeff Hart from M2 Technology discusses how automation can be the key to increase efficiency while reducing your IT costs.
    Read more >
  • Join us as top security experts look at some of the latest security challenges and provide strategies for defense, including how to quickly implement a robust solution that provides the protection you need without impacting your network performance or reducing employee productivity. You will learn how to better protect your networks from the inside as well as the outside, with solutions that reduce work for IT and security teams.

    You will learn about:
    •The malware menace – latest stats and facts
    •Third party industry firewall comparison results: which firewall is best for you?
    •Best and easiest practices for securing end points
    •How a customer implemented a solution—step-by-step
    •And much more…
    Read more >
  • The data center is changing in an era of applications and automation, but how do you get there? OST, an expert in crafting automation for large-scale public clouds and developing new provisioning models for enterprise technology and in-application development, has experience in bringing data centers into the 21st century.

    Register for this webinar to learn:
    •How to develop core disciplines of application development and automation in the IT department
    •How to provide business-responsive services without compromising quality
    •How to prepare your data center for the future
    Read more >
  • Cloud, virtualization, mobility, and consumerization have greatly changed how IT assets are owned and operated. Rather than focusing on loss of security control, the path forward is cultural change that finds serenity and harnesses the control we’ve kept. The Control Quotient is a model based on control and trust, allowing proper application of security controls, even in challenging environments.
    Read more >
  • Channel
  • Channel profile

EC-Council | Security Channel

Up Down
  • Full Security Visibility For Effective Incident Response Jun 5 2013 4:00 pm UTC 45 mins
    Despite significant time and effort deploying multiple security solutions, incident responders know more than anyone that existing signature-based, “set it and forget it” security technologies have not stopped the advanced persistent threat. Signature- and rule-based technologies are easily evaded with today’s advanced targeted attacks, morphing malware and zero-day threats. Tools like FireEye’s Malware Analysis System are effective in dealing with zero-day malware, but being able to detect this threat does not mean complete resolution.

    In addition, sophisticated attackers employ social engineering or take advantage of misconfigurations in security technologies to breach networks – without using any malware at all. Incident responders need full visibility of everything that is going through the network to understand the nature of how a threat originated, see what attackers actually did to take control over the network, and to answer the questions of what they did after they compromised systems. This session will provide an overview of Big Data Security Intelligence and Analytics and how full security visibility can answer the toughest post-breach questions so you can quickly determine the full source, scope and material impact of an incident.
  • Top 10 Mistakes Incident Response Teams Make Jun 5 2013 3:00 pm UTC 45 mins
    When it comes to organizations experiencing some form of cyber-attack, the adage still rings true: it’s not a question of if but when. Advanced malware, zero-day exploits, and targeted advanced persistent threats (APTs) have kept organizations on their heels and searching for ways to protect themselves. Incident Response teams are being forced to re-examine their existing IT security defenses and attempt to stay ahead of the attack curve. Surprisingly, many incident response teams aren’t doing themselves any favors with practices they have implemented.

    Attend this webinar to learn the top 10 mistakes that Incident Response teams make and what you can do to make sure you aren’t making them yourselves.
  • Don’t Ask, Don’t Tell: The (In)Security of Vendor-Supplied Software May 30 2013 4:00 pm UTC 45 mins
    What vulnerabilities threaten the integrity of your software supply chain and data? Can your enterprise really influence software vendors to meet your most important security policies and remediate insecure software?

    Action is needed, and urgently. An alarming 62 percent of all applications fail to reach compliance on their first submission, according to a study recently conducted by Veracode, Enterprise Testing of the Software Supply Chain. While few enterprises now have formal third-party testing programs, those that do find they dramatically improve vendor compliance while meeting industry standards.

    Join this webcast with Chris Eng, Veracode's Vice President of Research, and you will learn:

    •How leading enterprises now test their software supply chains.
    •Analytics drawn from code-level analyses of thousands of third-party applications that support global enterprises.
  • 5 Essential Steps for SMB's to Build a Layered Security Solution. May 22 2013 5:00 pm UTC 60 mins
    Most SMB's use a single point product for each of the different perceived security threats. This has worked in the past, but a far better approach is layering multiple products in a stouter defense.
  • Today's Advanced Threats Require Next-Generation Protection May 22 2013 5:00 pm UTC 45 mins
    Are you using or considering a next-generation threat protection solution? Join this webcast and learn how you can multiply the value of your investment by integrating network and endpoint security.

    During this session you’ll learn best practices for protecting your network and your endpoints and servers from today's new breed of cyber attacks. You’ll also see firsthand how the integration of network and endpoint security solutions will help you:

    ・ Automatically confirm and prioritize alerts
    ・ Provide enterprise-wide visibility of infections to speed investigation
    ・ Drive remediation
    ・ Automatically analyze files from endpoints and servers
  • How To Simplify Your Data Center With Network Automation and Orchestration May 21 2013 3:00 pm UTC 47 mins
    Join 3 network specialists as they cover:

    - the need for networks to evolve
    - reducing human latency
    - simplifying the network
    - simplifying operations
  • The Life Cycle of a Security Audit from Start to Finish Recorded: May 16 2013 49 mins
    The webinar will cover the life cycle of a security audit from start to finish. Several areas will be discussed to include auditing of software. There will be tips on how to reduce the number of audit findings from a security and privacy perspective from the start of the SDLC (Software development life cycle). This presentation will focus on FISMA audits, but the tips can be applied to all security and privacy audits.
  • Securing the Agile Cloud: Automating Security and Compliance for IaaS Recorded: May 16 2013 45 mins
    Companies are eager to adopt infrastructure-as-a-service services in both public providers and private datacenters because of the business agility that IaaS enables. Full IT automation, self-service provisioning, and metered usage billing helps companies accelerate the development of their products and services, and improves organizational efficiency. Unfortunately, many companies are struggling to accelerate the most important parts of their business due to the challenges of securing these highly dynamic environments. In this talk Rand Wacker, VP of Products for CloudPassage will describe the challenges of security and compliance in a truly automated cloud and critical topics that you need to be aware of when planning to adopt cloud services in either public or private environments.
  • Testing Online Systems - What Are We Missing? Recorded: May 16 2013 1 min
    In this session, we look at the issues with testing and audit. This is the base causes of why we fail to secure systems and how we can more effectively create methodologies that actually find flaws. Penetration tests and audit each have major failings, but when done correctly and with the right incentives, they can help make us more secure. When done poorly, we all suffer.
  • Why Your Cloud Provider Security Logo Doesn’t Mean a Thing Recorded: May 16 2013 49 mins
    As more applications have moved to the cloud, the industry has seen a proliferation of application security issues. In 2012, several cloud service providers were breached as a direct result of application security vulnerabilities. Before you choose a cloud service provider, make sure that it answers the series of security questions created by the Cloud Security Alliance (CSA). CSA has created a checklist of industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings – creating more transparency for enterprises. The speakers will walk attendees through this blueprint, helping them to become more adept at identifying service provider security readiness. They'll also discuss some of the most common application vulnerabilities, including unencrypted passwords, SQL Injection, and those that impact poorly architected mobile apps.
  • Panel: In the Face of New Technology - Your Business and the Internal Audit Recorded: May 16 2013 59 mins
    New and disruptive technology is changing how we live and work. It is no longer just the infrastructure of our organization, providing tools and information with which to run our business, it has become integral to many of our products and services. The deployment of technology is the #1 way in which CEOs look to gain advantage and market share, and the CIO must be a visionary leader of the organization.

    The panel will discuss how this affects IT Governance. Is it still appropriate to focus on the enterprise governance of IT as a separate but important issue? Or, should the focus shift to governance of the enterprise as a whole and whether it is taking sufficient advantage of technology? Panelists will address the issue from the perspective of an IT Governance Evangelist, an advisor to boards and CFOs, and a leading internal auditor.
  • Panel: Securing Your Enterprise Cloud Recorded: May 16 2013 59 mins
    As the cloud model continues to disrupt and enhance the modern enterprise IT teams are facing new challenges retaining security and control in these new environments. This panel will explore a multifaceted approach to the cloud that looks at the importance of integrating the right tech solutions and deployments while negotiating and understanding your relationship with cloud providers.

    Panel:

    Bill Brenner, Managing Editor, CSO Magazine (moderator)
    Nataraj Nagaratnam, Ph.D., IBM Distinguished Engineer, IBM Master Inventor
    Chris Farrow, Information Security Specialist, Compassion International
    Jason Mendenhall, EVP Cloud, Switch
  • End Point to Perimeter: Network protection that’s inside out and outside in Recorded: May 16 2013 55 mins
    Join us as top security experts look at some of the latest security challenges and provide strategies for defense, including how to quickly implement a robust solution that provides the protection you need without impacting your network performance or reducing employee productivity. You will learn how to better protect your networks from the inside as well as the outside, with solutions that reduce work for IT and security teams.

    You will learn about:
    •The malware menace – latest stats and facts
    •Third party industry firewall comparison results: which firewall is best for you?
    •Best and easiest practices for securing end points
    •How a customer implemented a solution—step-by-step
    •And much more…
  • Not Going Quietly; Gracefully Losing Control & Adapting to Cloud and Mobility Recorded: May 16 2013 48 mins
    Cloud, virtualization, mobility, and consumerization have greatly changed how IT assets are owned and operated. Rather than focusing on loss of security control, the path forward is cultural change that finds serenity and harnesses the control we’ve kept. The Control Quotient is a model based on control and trust, allowing proper application of security controls, even in challenging environments.
  • Active Defense: How to Think Outside the Box Recorded: May 16 2013 48 mins
    Synopsis:
    This webinar will define the concept of active defense or "hack back”. During his talk, David will explore the legal issues, reveal how it can be accomplished without breaching any laws, and show you how active defense will actually improve your security posture.

    About the speaker:
    David is a leading authority in cyber security and the law. He is a licensed attorney in NY, CT, and CO, and owner of Titan Info Security Group, a Risk Management and Cyber Security law firm. David is a retired Army JAG officer. During his 20 years in the Army he provided legal advice in computer network operations, information security and international law to the DoD and NSA and was the legal advisor for what is now CYBERCOM. He holds the CISSP & Security + certifications and has two LLM’s in International Law and in Intellectual Property law. He is a VP of his local ISSA chapter and a member of InfraGard.
  • Next Generation Access and Identity Management For a Multi-Perimeter World Recorded: May 15 2013 47 mins
    In today's open and interconnected enterprise, traditional perimeters are being extended to adopt mobile, cloud, social access and information interactions. To make matters worse, many organizations face the growing risk and burden of managing multiple identity and access controls without the required security intelligence to address those challenges. They need the ability to secure identity and access across the wide variety of enterprise and internet resources from any device, any service and any source. In this session, join IBM to review the emerging needs, the next generation access and identity management solutions available today to enable secure and rapid adoption of mobile, cloud, and social transformation.
  • 12 Steps to a Successful & Secure Cloud Recorded: May 15 2013 39 mins
    Some would like to have you believe that everything should be moved to the Cloud. How do you know if you should move to the Cloud? To move it safely and successfully takes insight and planning. To move it to a Secure Cloud takes investigation beyond “is the cloud vendor secure”. As so many others have learned, it can be done in 12 steps.
  • Panel: Virtual World with Virtual Risks. Can it be Cloudy and Clearly Secure? Recorded: May 15 2013 64 mins
    As companies migrate to the virtual datacenter, executives must deal with security, audit, and visibility of their environment which has grown beyond their physical datacenter. Because of this, hesitancy remains and many questions are still being asked. What is a next-gen datacenter? What changes as businesses take steps toward a hybrid datacenter? When they move to a virtualized environment, how does their data remain secured and in their control? Will encrypting data in this environment achieve visibility and control of who is accessing it? Plus despite more knowledge on virtual risks, cloud services are still being purchased without authentication, adopting cloud first and then thinking about security second. So how can organisations win the struggle with authentication in the cloud?

    Join your fellow professionals for this lively and insightful discussion providing a complete vision on virtual risks in a virtual world. Then understand a way to manage risk, maintain compliance, accelerate and protect business from evolving security threats.
  • Protecting Your Cloud With the Right Architecture: A Critical Evaluation Recorded: May 15 2013 47 mins
    In 2013 the cloud continues to be crucial business enabler for organisations. Unfortunately, the risk to data stored in the cloud continues to increase as attackers focus their efforts on cloud repositories. Even with an industry wide emphasis on cloud security, industry surveys indicate that security is the primary restraint to moving data and processing to the cloud. The answer to cloud security is multifaceted, and requires a wide array of solutions – not a single product. This presentation will critically evaluate the many choices of cloud architectures that can be deployed and the security implications associated with each.
  • Stop Chasing Clouds: You Can Securely Adapt Recorded: May 15 2013 39 mins
    Enterprise is adapting to embrace new technologies and capture new opportunities. Cloud capabilities are attractive, but concerns for information security remain. In this webinar, Dr. Jeremy Ward will discuss how you can adapt and embrace change, while maintaining the security of your infrastructure and information. The key points discussed will include choosing a security service that helps you form better cloud security strategies that manage data risk, reduce complexity, identify vulnerabilities, and ease user access; resulting in improved security governance, enhanced visibility, increased cost control, and reduced risk exposure.
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.
  • Upcoming webinars (26)
  • Recorded webinars (339)
  • Subscribers (10,496)
Channel RSS feed
Up Down

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: This Cloud is a Smoke Screen
  • Live at: Jun 11 2012 8:00 pm
  • Presented by: Dave Chronister, Managing Partner of Parameter Security
  • From:
Your email has been sent.
or close
You must be logged in to email this
OK