Hi [[ session.user.profile.firstName ]]

IT Security Guru

  • Date
  • Rating
  • Views
  • Inside the paradigm-shift underway in risk mitigation Inside the paradigm-shift underway in risk mitigation Josh Goldfarb – CTO Emerging Technologies at FireEye Recorded: Jan 28 2016 44 mins
    Over the years, risk mitigation efforts have been focused primarily on preventive measures. Although prevention is a necessary component of a mature security program, it is no longer sufficient. The modern attacker is persistent, motivated, well-funded and adept at findings ways into an organization and taking that organization's most sought-after data. To counter this new threat landscape, a paradigm shift is underway in the security realm — one that focuses on the right mix of prevention and detection/response to round out an organization’s risk mitigation picture.

    Josh is an experienced information security analyst with over a decade of experience building, operating, and running Security Operations Centers (SOCs). Josh currently serves as VP and CTO - Emerging Technologies at FireEye. Until its acquisition by FireEye, Josh served as Chief Security Officer for nPulse Technologies. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. He has consulted and advised numerous clients in both the public and private sectors at strategic and tactical levels. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team (US-CERT) where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT.
  • You’re the Weakest Link, Goodbye! You’re the Weakest Link, Goodbye! Darren Argyle, Global Chief Information Security Officer (CISO) for Markit Recorded: Nov 24 2015 41 mins
    The use of third parties is unavoidable in today’s global economy. The growing use of third party suppliers and business partners, whilst bringing significant business advantages, also exposes organisations to substantial risk, such as financial loss, reputational damage, regulatory prosecution and fines from major breaches of security. In the last few years we’ve witnessed many of these risks being realised; examples have included major breaches of security and costs to recover escalating into millions of dollars, as a result of the third party supplier being comprised. Changes in regulation, the evolving threat landscape and policy changes globally further complicate matters, generating further risk and expense for business.

    Despite considerable efforts from many industries to address these issues, it remains difficult to manage. As well as the risks described, companies perceived as the ‘weakest link’ in the supply chain could end up not having third party contracts renewed. These challenges are discussed in more detail, and some suggestions put forward to help tackle the increasing burden on teams and risk mitigation strategies.
  • Keeping Compromises from Becoming Breaches Keeping Compromises from Becoming Breaches Christopher Kissel, Industry Analyst at Frost & Sullivan & Seth Goldhammer, Sr. Product Management Director at LogRhythm Recorded: Nov 18 2015 62 mins
    The stakes have never been higher as businesses attempt to protect their assets from a barrage of threats that continue to grow in frequency and sophistication. These efforts have traditionally centered on perimeter-based cyber defenses. Intrusion detection and prevention systems (IDS/IPS), antivirus (AV), firewalls, next generation firewalls (NGFW), unified threat management (UTM) platforms, and vulnerability management (VM) are among the technologies used (and needed) to stop miscreants from entering the network.

    However, even the most advanced cyber security teams acknowledge that user accounts, systems and networks WILL be compromised, regardless of the prevention measure in place. It’s amidst this reality that organizations are exploring new, more effective ways to detect and respond when the inevitable occurs.

    In this webinar we will explore how unified security intelligence is empowering organizations to accelerate their mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) to compromises and avoid material breaches. Chris Kissel, industry analyst from Frost & Sullivan will start with a quick update on the state of SIEM and how next-gen SIEM has evolved to deliver true security intelligence through a number of new capabilities including behavioral analytics, network and endpoint monitoring and analytics, as well as advanced search capabilities.

    Attend this webinar if you:

    -Are seeking to reduce your organizations meantime-to-detect (MTTR) and meantime-to-respond (MTTR) to cyber threats

    -Struggle to find the needle in the haystack of security events

    -Believe your current incident response process lacks adequate automation and efficiency

    -You have a first-gen SIEM platform deployed and are frustrated by its complexity or feel that you still have significant blind spots
  • The Known and Unknown Costs of DDoS The Known and Unknown Costs of DDoS Martin McKeay, Senior Security Advocate, Akamai in Europe Recorded: Nov 4 2015 32 mins
    Criminals are increasingly turning to cyber-crime as their method of choice, thanks to the increased accessibility provided by numerous automated attack tools and ‘for hire’ subscription services. The number of Distributed Denial of Service (DDoS) attacks against organisation’s websites, for example, are increasing rapidly and the true business costs are often unknown. In addition to the more obvious impacts associated with the lost web transactions associated with downtime, there are also reputational and other ephemeral costs that are harder to quantify.

    We’ll be examining both the monetary and reputational costs of an attack on your infrastructure, as well some of the measures you can take to combat these attacks. With data drawn from Akamai’s State of the Internet Report, we’ll be talking about real world examples of attacks and how these could affect your business.
  • Securing the Smart City: Key issues in interconnected infrastructure Securing the Smart City: Key issues in interconnected infrastructure Rob Miller, MWR InfoSecurity Recorded: Oct 30 2015 40 mins
    Smart City technology is an attractive prospect to councils and utilities for reducing waste and improving profits. The global smart city market is projected to be worth $400 billion per annum by 2020 but what exactly makes up a smart city?

    The concept behind all smart cities is an attractively simple one: with more information about problems we can deal with them more effectively. For instance if we can track the traffic on our roads, not only can we update the timings of our traffic lights to manage it, we can respond intelligently to traffic incidents by giving directions to the drivers affected. Smart cities involve large distributed networks with unique technologies and processes. So how do we apply lessons from IT security in this new world?
  • The One-Man SOC: Habits of Highly Effective Security Practitioners The One-Man SOC: Habits of Highly Effective Security Practitioners Javvad Malik, AlienVault Recorded: Oct 29 2015 32 mins
    Do you feel alone? No resources? No help? If you are like many security practitioners faced with a mountain of tasks each day and a small (or non-existent) team to help, prioritization and efficiency are key. Get the most out of your limited resources, develop routines to efficiently manage your environment, avoid time-sucks, and determine what you can do by yourself and where you need help.

    * How to work around the limitations of a small (or one person) team
    * Tips for establishing a daily routine
    * Strategies to effectively prioritize daily tasks
    * Benefits of threat intelligence sharing
    * Critical investigation & response steps when the inevitable incident occurs
  • The Evolution of Ransomware The Evolution of Ransomware Mark James, ESET Recorded: Oct 29 2015 30 mins
    Ransomware is one of the nastiest threats on the Internet. Cybercriminals will infect a user’s machine, encrypting their documents or restricting access to applications, and then demand a monetary ransom in order to “unlock” the infected computer. Over the last year ransomware has wreaked havoc on many organisations and consumers, and security experts believe it will continue to do so. This presentation will discuss the evolution of ransomware throughout the last year and discuss how security experts believe ransomware will evolve in the future.

    Participants to this webinar will learn:

    The dangers posed by ransomware and how it affects businesses and consumers
    The different types of ransomware on the threat landscape today
    How ransomware has evolved over time
    How to defend against ransomware and the dos and don’ts when you do get hit
  • Understanding 'Man in the Cloud' Attacks Understanding 'Man in the Cloud' Attacks Amichai Schulman, Imperva Recorded: Oct 29 2015 59 mins
    Already widely adopted by enterprises, use of cloud file sharing services such as Office 365, OneDrive, Dropbox, Box and Google Drive is on the rise. As adoption increases, so does the motivation for attack. The Imperva Application Defense Center (ADC) recently announced new research on a new type of attack we call "Man in the Cloud" (MITC). These attacks rely on common file synchronization services as their infrastructure for command and control, data exfiltration and remote access. Without using any exploits, a bad actor can turn them into a devastating attack tool undetected by traditional security measures.

    Join Imperva CTO Amichai Shulman and Frank Cabri, Vice President of Marketing for Imperva Skyfence, to learn about:

    * Cloud file sharing application trends, adoption and risk
    * The anatomy of a MITC attack and how to identify it
    * How traditional endpoint and perimeter security measures are insufficient to protect against these threats
    * Recommendations for securing and protecting cloud apps and data
  • Getting to Grips with Cyber-Security Getting to Grips with Cyber-Security Bob Tarzey, Analyst and Director, Quocirca Ltd Recorded: Oct 29 2015 29 mins
    The majority of organisations across Europe and UK now accept that targeted attacks are a serious problem. Quocirca’s presentation reviews recent research into the perception of cyber-threats, the impact they can have and the before, during and after measures organisations are putting in place to protect themselves against them. The presentation includes a preview of new research to be published in December 2015.
  • Making staff part of the solution, not the problem Making staff part of the solution, not the problem Ian Grey, Wadiff Consulting Recorded: Oct 29 2015 38 mins
    The security policies are in place, defences have been tightened, audits and reviews are being done. Now you need to get the staff on board. The webinar looks at ways to raise staff awareness of security issues and encouraging them to suggest improvements.

Embed in website or blog