Big Data, Big Risk, Big Opportunity

Synopsis:
In this webinar we will discuss how an organization can take the requirements of their infrastructure around operational controls, compliance and security to extend and expand them into a Security Intelligence solution.

Using a use case approach, organizations can look to extend and build upon their existing systems and controls to provide real-time warnings and feedback that allows them to make informed decisions focused around their business needs. Rather than just having a "top 10 attacker" report and dashboard, how about a system that focuses around application lines and how this impacts business?

About the speaker:
For the past 5 years Paul has been working for the market leading Security Information and Event Management (SIEM) solution, HP ArcSight. Spending considerable time assisting organizations across the EMEA region to define their needs, understand their threats and risks and architect SIEM solutions to address this.

Focusing on: Risk management, threat intelligence, SIEM solutions and architecture, log management, correlation and vulnerability management.

Your VP just resigned and took a position at your biggest competitor. Did you remember to examine the Salesforce logs to see if he downloaded your entire customer database and history of purchases? Do you even have access to those logs? And if you did, and found the obvious, how would it help now? Catching Bradley Manning who stole sensitive government information, Ross Klein who took with him an entire hotel brand concept and Gary Min that copied chemical formulas was too late for the US government, DuPont and Starwood hotels respectively.

In this presentation we look into how to proactively monitor user activity to detect potential threats from employees before the damage occurs. Focusing on how to effectively collect activity logs and analyze them against user, role and entitlement information, to detect abnormal activity, predict which employees may pose more threat if not loyal and to reduce the associated risk.

As the urgency of mobile application security increases, you may be finding it increasingly challenging to find the time, resource and expertise to adequately test your mobile applications for security vulnerabilities.

Learn how to extend your team of mobile security experts by performing Mobile Application Security Assessments. These assessments are designed to pinpoint and prioritize risks that threaten the integrity of the confidential data you store and process. Equipping you with detailed reports containing the information you need to demonstrate the vulnerabilities uncovered, with in-depth explanations about how best to remediate them.

About the speaker:
David's IT career spans over 25 years working in a wide range of roles including mainframe operating systems development for ICL, designing and writing Unix based medical software, managing Y2k compliance for an EAI company and then in 2000 joining a start-up web performance testing vendor.
Before joining Fortify in 2007 David had already worked with 100's of companies running tests on their critical web facing applications, so was familiar with apps not working as expected. Back then, a 'fail' was an app that didn't scale. Now a fail is an app that leaks personal data, allows attackers to tamper with sensitive information, or commit fraud on a vast scale. The stakes have never been higher.
As part of the Fortify division of HP Enterprise Security Products, David's role as a Software Security Solution Architect involves working with enterprise customers across EMEA to help them find critical vulnerabilities, remediate their applications and Fortify their development processes.

Regulation, mobility, cloud, consumerisation and aggressive attacks have combined to elevate data security to a board-level concern. A breach carries significant implications to reputation, shareholder value, competitiveness and compliance. IT leaders are now responsible for maintaining data security, while embracing new technology, and meeting the growing demands for access to information.

In this session Dr. Jeremy Ward will evaluate the growing variety of sources that breaches are now coming from, the resultant impact this can have to the business and how HP can provide an integrated and flexible solution set to protect what matters.

In particular, Dr. Ward will discuss how you can prepare for a data breach with the HP Forensic Readiness Service. With a good understanding of your environment and creating and implementing policies to deal with a post-breach investigation, you can ensure your organization is doing everything it can to protect its reputation, employees, and customers.

Gaining visibility and understanding the potential threats from within is very important to every organisation. Your ability to detect abuses and anomalies in the behavior of high-risk, high-profile, or high-privilege users will help your organisation to reduce insider threat and espionage risk. But how can this be best achieved?

This webinar will demonstrate how you can analyse your users, their roles and your network activity as a very effective approach for you to manage and address the insider risks.

Organizations often approach regulatory compliance with one-off projects, deploying a set of controls for each regulation. This approach to enterprise-wide management of compliance can become expensive and difficult to sustain, let alone develop and expand to meet growing demands. This presentation will address how a centralized system coupled with an IT governance framework may be used to achieve multiple compliance regulations and manage them efficiently with a consolidated view across an entire organization.

For all of its appeal – reduced costs, greater agility, flexibility and scalability – there’s an equal amount of uncertainty around cloud. And the number one worry is security. Enterprises are looking for assurance that leveraging the cloud won’t add risk to their business. Hint: be sure you’re looking in the right place.

Security in the cloud is not so much about securing the cloud as it is about securing the enterprise and its use of cloud-based services. Gone are the “safe harbor” of mainframes, servers, and storage and data networks. Instead, engineering security from the ground up in the beginning is necessary to provide secure services for cloud-based platforms.

In this session of Innovation INSIGHT, HP Fellow and cloud security expert Ed Reynolds will discuss considerations for securing your enterprise’s use of cloud-based services.

This presentation looks at the issues faced by organizations in their management of information security risk. It considers how risk can be better managed by bringing together key stakeholders in a proactive and integrated approach; and it shows how HP can help with our end-to-end services.

Technology is evolving at a faster pace than ever in history. Fundamental business models are changing due to the opportunities presented by the rich mix of mobile, social, cloud-based information, service and delivery technologies available at our fingertips.

For organizations like yours the problem isn’t solely the need to improve your capacity to support these new computing models, you must also ensure that security risks are managed and customer data, corporate intellectual property and company reputation are protected. You need the confidence to be flexible enough to exploit those new technologies while protecting your critical information.

You can’t stop threats if you can’t see them.

HP Enterprise Security’s proven solutions allow you to quickly “identify” and ”prioritize” potential areas of risk to the business based on the importance of the information, the varying level of protection in place and the mitigation options that each security layer is providing.

Join us to find out how together we can protect your IT environment from sophisticated threats with integrated correlation, application protection, and network defenses.

How can you maximise value and minimise risk in the biggest reservoirs of data you have - the unstructured and semi structured data stores? Organizations are beginning to realize that they need to harness the power of metadata in order to better manage, protect, and get the most out their valuable and voluminous user generated content. Metadata framework technology provides a platform to answer fundamental questions such as: who has and is accessing, who should and shouldn’t have access, what's in use and what isn't, what's sensitive, who owns it, who’s abusing it? Learn how Big Data Analytics and automation can transform the way in which your organization collaborates and governs its data.

HTML5 offers clear benefits in terms of easier development and consistency across web browsers, allowing developers to provide a richer internet experience. However, as with any new advancement it also introduces new opportunities for cyber hackers.

Therefore it is critical that developers understand the security implications of using HTML5 and how to identify and remediate potential vulnerabilities resulting from its use.

In this webinar we’ll discuss the security considerations when using HTML5 and offer advice for minimizing application vulnerabilities during the coding process. We'll also describe how HP Fortify's Software Security Assurance (SSA) tools can be used as part of a secure development process to deliver the benefits of HTML5 without the risks.

Join us to find out more.

In a recent study from HP and the Ponemon Institute, 82% of large enterprises experienced botnet attacks in 2011 and experts predict a further rise in 2012. It is thought that 88% of all spam is sent out through botnets with the world’s largest, Rustock, sending out an estimated 13.8 billion spam emails per day. But what does this mean to businesses? This webinar will discuss the following:

-An overview of the increasing botnet threat and predictions for 2012.
-What this increasing threat means to business.
-How to approach the botnet threat and mitigate risk.
-Overview of anti-bot software solution from Check Point.

Senior executives are now demanding access to corporate e-mail and other business applications from iPads, iPhones and Android phones.
This can cause a significant risk to the business through loss of corporate data, malicious applications and viruses – earlier this year Google identified 58 malicious applications on Android Market.
This webinar on Enterprise Mobile Security will include:

•overview of risks arising from the use of mobile devices
•methods of mitigating mobile device risks and ensuring regulatory compliance
•case study of mobile security implementation, and lessons learnt
•demonstration of technical approaches to securing mobile devices and corporate data

Paul Schwarzenberger:
After graduation from Oxford University, Paul developed laser technology for NASA satellites, before moving into IT Security at Cable & Wireless in 2000, where he led the development of Internet Security Services. In 2005, Paul joined Vistorm, now HP Enterprise Security Services, as a Security Architect, where he is technical lead for mobile device and endpoint security solutions.

Paul is CISSP and ITPC certified, is a CLAS consultant and M.Inst.ISP. He has recently completed the MSc Information Security at Royal Holloway, University of London.

Mobile security has become a top security concern fueled by the proliferation of mobile devices and a "bring your own device" culture. With much of the device and back-end infrastructure outside of direct corporate control, it is imperative that mobile application vulnerabilities are identified and locked down before mobile applications are deployed.

In this webinar we'll look at the issues concerning securing mobile applications and how and where they differ from traditional web applications. We'll also explain how HP can help by:

• Pinpointing and prioritising risks that threaten the integrity of the confidential data you store and process.

• Delivering a holistic assessment covering client, server and network.

• Providing detailed reports that give you the information you need to demonstrate the vulnerabilities in your mobile applications with in-depth explanations about the discovered vulnerabilities and how to remediate them.

Application security vulnerabilities have become a target of choice for cyber-criminals, resulting in many of the high profile hacks we read about in the press. According to the HP DVLabs Top Cyber-security Risks 2011 mid-year report;

- Application vulnerabilities now represent one third of all disclosed vulnerabilities
- The number of cyber-attacks targeting application vulnerabilities has doubled in the past year, today representing 37% of all attacks.
- Web application vulnerabilities are relatively easy to exploit with a variety of attack techniques and tools

It is more important than ever to ensure that application security exposures are uncovered and remediated as part of an overall information security programme.

In this webinar we will evaluate the benefits of choosing an "As a Service" application testing solution to augment current in-house development and QA resources. We will also highlight the capabilities of HP Fortify on Demand, a Security-as-a Service testing solution that allows organisations to test the security of software quickly, accurately, affordably, and without any software to install or manage.

This webinar will discuss how effective management of the risk to business information will enable your organization to achieve the right balance between information security and operational efficiency. It will look at the sources of information risk and how these affect business; and will consider the issues that many organizations face as a result of taking a tactical, rather than strategic approach to dealing with them. It will look at how resources are currently allocated and at the consequences of this for information risk management. It will show how an approach can be taken to establish a direct link between critical information assets and business objectives and thus gain Board-level understanding of business information risk. Finally, it will show the importance of communicating this understanding and of the controls that flow from it throughout the organization; to create a "community of purpose" in the management of business information risk.