Hi [[ session.user.profile.firstName ]]

(ISC)2 APAC Secure Webinars

  • Date
  • Rating
  • Views
  • A Dissection of Recent High Profile特権アカウント乗っ取り事件の事例とその真相 A Dissection of Recent High Profile特権アカウント乗っ取り事件の事例とその真相 Naohiko Yamanouchi 山之内 真彦, マーケティングマネージャー、APJ, CyberArk Software Recorded: Nov 30 2016 62 mins
    ~ ウクライナの電力会社とバングラデッシュ中央銀行はどのように攻撃されたか ~

    22万5千人の顧客の停電を起こしたウクライナの電力会社への攻撃と、8100万ドルが盗まれたバングラディッシュ中央銀行への攻撃は、特権アカウントを乗っ取られたハッキング事件でした。これらの事件がどのように起きたのか、特権アカウントがどのように悪用されたのか、そして、これらの事件を防ぐためには何ができたのか、をご紹介します。

    大企業、大きな組織であれば、既にハッカーが侵入している可能性が低くありません。これらの攻撃から学べることは、侵入が発見されるタイミングより大分前に攻撃者は既にネットワークに入り込んでおり、どのようにネットワークの中で自由に動けるか、その方法を探していたということではないでしょうか。これがどのように行われたかを把握することによって、リスクを削減することが可能となります。

    また、攻撃者の目的は、内部の人間になりすますことではありません。本当の目的は、攻撃者が狙っているものを「入手」すること。それは、お金、データ、または組織の運用を中断することかもしれません。今回のセッションでは、これらのリスクからどのように組織を守ることが出来るか、そして事例から何を学ぶ事が出来るかをご紹介します。
  • Best Practices on Operational Efficiency in Network Security Best Practices on Operational Efficiency in Network Security Presenter: Michael Ferguson, Strategic Security Solutions Consultant, Forcepoint Recorded: Oct 26 2016 63 mins
    Most businesses prefer to control the day-to-day operations of their networks using their own resources. The increasing complexity of modern networks means that the overall acquisition, control and deployment for network security projects is far more challenging than before. With decreasing IT budgets and limited resources within high growth businesses; how are network teams expected to improve operational efficiency without sacrificing quality of service and service level agreements?

    In a world that is fraught with new security exploits, maintaining operational efficiency with a low impact on resource and cost can be very difficult.

    What are the best practices for maintaining an operationally efficient network security deployment? How do network teams stay on-top of daily routine tasks, such as policy configuration, upgrades and network security monitoring? How can network teams be enabled to focus on mission critical projects through automation?

    Learn from case studies about network security and firewalls which enable the deployment of firewalls within highly distributed networks without sacrificing time or security.

    Join Forcepoint and (ISC)² on Oct 26 (Wed) at 1:00p.m. (Singapore time) in learning the best practices on operational efficiency in network security.

    Presenter: Michael Ferguson, Strategic Security Solutions Consultant, Forcepoint

    Moderator: Clayton Jones, Managing Director, Asia-Pacific, (ISC)²
  • Top 3 Critical Factors to Consider for Network Protection Top 3 Critical Factors to Consider for Network Protection Michael Ferguson, Strategic Security Solutions Consultant, Forcepoint Recorded: Sep 28 2016 61 mins
    Next Generation Firewalls are Next Generation Firewalls…or maybe NOT.

    In the light of new advanced attacks and the demands to lower security infrastructure costs, just how can one get the most out of the Next Generation Firewall (NGFW) solutions? Are all NGFW solutions the same?

    What criteria should one consider for a NGFW solution that is best for your distributed enterprise environment? Join Forcepoint™’s Michael Ferguson and find out key value points when selecting a network security solution catered to your environment:

    • Latest trends in NGFW
    • Addressing total cost of ownership
    • Security effectiveness in increasingly complex threat landscape
    • Challenges in policy management

    Also, find out why Forcepoint Stonesoft NGFW has won NSS Labs' coveted highest rating of “Recommended” for the 4th year in a row. Learn how it can provide the scalability, protection and visibility needed to effectively manage your distributed networks. Plus, rapidly and easily deploy, monitor and manage thousands of firewalls from a single pane of glass.
  • Phishing Awareness and Response: Can Technology Alone Make a Difference? Phishing Awareness and Response: Can Technology Alone Make a Difference? Jim Hansen, Chief Operating Officer, PhishMe Recorded: Sep 21 2016 63 mins
    Phishing has been well established as the top entry method for hackers trying to access corporate networks. Yet, in spite of record spending on security technology, data breach reports continue to highlight the substantial lag between incident occurrence and detection.
    That technology- those investments are failing while organizations continue to neglect their final and best line of defense – their employees. Employees hold the key to fortifying the last line of defense and providing IT and Security teams with critical real-time attack intelligence.
    In this presentation, PhishMe’s COO, Jim Hansen, will draw on his 25 years in law enforcement and IT security to discuss:
    •The current state of phishing
    •The success and failure of technology systems and how human systems can protect the last mile
    •How conditioning – not training - activates employees to identify and report phishing attacks
    •The critical attack intelligence generated from employees and how it can be used to detect attacks-in progress and aid phishing incident response

    Join PhishMe and (ISC)² on Sept 21 (Wed) at 2:00p.m. (Singapore time) for a security briefing on phishing awareness and response.

    Presenter: Jim Hansen, Chief Operating Officer, PhishMe
    Bios:
    Jim has over twenty-two years’ experience in sales, operations and
    executive management in the information security industry,
    including co-founding and serving as COO of Mandiant. He has also
    held numerous executive and management positions in both sales
    and consulting organizations, and regularly speaks and publishes
    articles on information security topics.
  • Overwhelmed by Security Vulnerabilities? Learn How to Prioritize Remediation Overwhelmed by Security Vulnerabilities? Learn How to Prioritize Remediation Deb J, SME & Solution Architect – APAC & Middle East, Qualys Inc. Recorded: Sep 14 2016 63 mins
    One of the biggest challenges faced by information security teams today is how to effectively prioritize their vulnerability remediation work. Burdened with this overload of vulnerability disclosures, Infosec teams often get overwhelmed by the task at hand and throw up their hands in frustration. After all, no IT department has enough staff and resources to promptly patch every single vulnerability within their environment.

    Join Qualys and (ISC)² on Sept 14 (Wednesday) at 2:00p.m. (Singapore time) for a Security Briefing on how to prioritize remediation.

    Presenter: Deb J, SME & Solution Architect – APAC & Middle east, Qualys
    Bios:
    Deb J (DJ) works with Qualys as a Subject Matter Expert for all products and platforms at Qualys. He is also a Field Solution architect responsible for customer success in the region. Deb has over 12 years of experience of which a large amount of time was spent on security. Started his career as a Code Quality Governance Specialist, so attention to details comes naturally. In the past he has worked with Compuware, NetIQ, LogLogic & ArcSight that adds a lot of experience for him to understand customer problems and identify solutions that work for them.
  • Using Behavior Analysis to Prevent Data Leakage 프로파일링의 기반의 이상 행위 분석을 통한 보안 전략 Using Behavior Analysis to Prevent Data Leakage 프로파일링의 기반의 이상 행위 분석을 통한 보안 전략 홍세진, 부장, HPE 소프트웨어 보안사업부, 휴렛팩커드 엔터프라이즈(HPE) Recorded: Sep 7 2016 63 mins
    공격자들은 지하 시장에서 점점 전문화 , 조직화하고 있으며, 공격 기법도 무서운 속도로 고도화하고 있습니다.
    정보 보호 업체인 “Websense Security Labs”이 미국, 영국, 캐나다, 호주의 IT관리자 1,000명 을 대상으로 조사한 결과 보고서에 따르면 대부분의 데이터 유출 사고는 “인가된 사용자”에 의해 이루어지고 있다고 합니다.
    또한 그 동안 국내/외 많은 보안 사고 사례를 통해 알 수 있듯이 대부분의 정보 유출 사고는 탈취된 정상 사용자 계정 권한을 이용해서 이루졌다는 사례를 언론 등을 통해서 접할 수 있었습니다.

    정보 유출 사고 예방을 위해 대부분의 보안 담당자는 이러한 알려진/알려지지 않은 다양한 보안 위협과 고도화된 내/외부에서 발생되는 위협을 식별 및 대응을 위한 위협 관리 체계의 필요성을 느끼고 있으며, 가트너에서는 향후 내/외부 다양한 보안 위협 예측 그리고 예방을 위해User Behavior Analytics (UBA) 사용은 필수이며, 2018년까지 최소 25%이상의 보안사고가 UBA 기술에 의해 탐지될 것이라고 리포트를 통해 예측하고 있습니다.

    프로파일링 기반 이상행위 분석은 정상적인 사용자 및 시스템의 행동과 적절한 연관성의 정상 기준선을 설정하고 사용자 및 동료 그룹 간 이상 현상을 실시간으로 분석을 통해 권한 보유 사용자의 비정상 행위를 시각화 및 위협 예측 그리고 예방합니다.

    또한 전체 IT 환경에 대한 보안을 더욱 민첩하고 지능적으로 변모하도록 요구하고 있으며, SIEM 보안 플랫폼과 연계 가능하며 UBA 기술은 알려진 위협과 알려지지 않은 위협에 관한 조치 가능한 정보를 생성하여, 사용자 및 시스템에 대한 세부적인 가시성을 제공함으로써 위협을 선제적으로 대응할 수 있는 보안 인텔리전스와 내부 위협를 보다 신속하게 해결할 수 있습니다.
  • 利用大数据实现积极且具有高度关联性的安全防御Using Big Data For Active And Contextual Security 利用大数据实现积极且具有高度关联性的安全防御Using Big Data For Active And Contextual Security 周德振(Adam), 高级解决方案顾问, Akamai Technologies Recorded: Aug 24 2016 59 mins
    *This webinar will be conducted in Mandarin
    Organizations are turning to leverage big data and analytics to ‘look’ for indicators of intent or indicators of compromise, thus helping organizations focus their security resources on the threats at hand. The challenge though is how to process the vast amount of data, and furthermore, keep it relevant, timely, actionable – contextual. The challenge becomes harder when threat actors utilize a variety of techniques to maintain anonymity, reduce their ‘fingerprint’ and mask their intent.

    In this webinar, Adam will share how Akamai leverages the vast amount of data that it sees daily to help its customers improve their security decisions, when the threat would otherwise be unclear. John will showcase how Akamai’s big data and analytics platform, Cloud Security Intelligence, powers its Client Reputation service. A service that provides the ability to forecast intent and protect applications against Distributed Denial of Service (DDoS) and application layer attacks, and how active defence can be applied to a variety of response mechanisms, delivering an intelligent contextually aware defence.

    各家机构正越来越倾向于使用大数据资源来“查找”各种恶意行为的迹象、甚至是破坏的先兆,来帮助机构把有限的安全资源集中在关注现有的威胁之上。但是,挑战在于如何处理这样大量的数据,而且保证数据的相关性、及时性和可用性不会受到影响。而且,随着安全威胁使用了更多样的技术来保证其匿名性、减少留痕并掩盖其意图,机构所面临的安全挑战也越来越严峻。

    在本次的网络研讨会中,Akamai 高级解决方案顾问-周德振先生(Adam),将会向您展示Akamai是如何在威胁尙不明确的情况下,使用每日承载的海量数据来帮助客户做出更加明智的网络安全决策的。Adam将会展示Akamai的大数据及分析平台、云安全智能是如何强化其客户端信誉(Client Reputation)服务。这种服务能够提前预告各种行为的迹象,并保护应用程序不会受到DDoS和应用层攻击。此外,您还将看到这种积极的安全防御是如何帮助各种响应机制,是如何交付智能化、高度关联的防御。

    8月24日(周三)| 时长60分钟 | 北京时间 14:00
    演讲人: 周德振(Adam), 高级解决方案顾问, Akamai Technologies
    主持人: 毛宇, CISSP, AMBCI, CCNP, PRINCE2, (ISC)²官方授权讲师


    预留席位,就在此刻!

    *This webinar will be conducted in Mandarin
  • Using Big Data For Active And Contextual Security Using Big Data For Active And Contextual Security John Ellis, Chief Strategist, Cyber Security (APJ), Akamai Technologies; Moderator: Chuan-Wei Hoo, Technical Advisor, (ISC)² Recorded: Aug 17 2016 62 mins
    Organizations are turning to leverage big data and analytics to ‘look’ for indicators of intent or indicators of compromise, thus helping organizations focus their security resources on the threats at hand. The challenge though is how to process the vast amount of data, and furthermore, keep it relevant, timely, actionable – contextual. The challenge becomes harder when threat actors utilize a variety of techniques to maintain anonymity, reduce their ‘fingerprint’ and mask their intent.

    In this webinar, John Ellis, Akamai’s Chief Strategist for Cyber Security (APJ) will share how Akamai leverages the vast amount of data that it sees daily to help its customers improve their security decisions, when the threat would otherwise be unclear. John will showcase how Akamai’s big data and analytics platform, Cloud Security Intelligence, powers its Client Reputation service. A service that provides the ability to forecast intent and protect applications against Distributed Denial of Service (DDoS) and application layer attacks, and how active defence can be applied to a variety of response mechanisms, delivering an intelligent contextually aware defence.

    Join Akamai and (ISC)² on Aug 17 (Wednesday) at 2:00p.m. (Singapore time) for a Security Briefing on how to use Big Data for active and contextual security.
  • A New Approach to Data Security A New Approach to Data Security Ted Hendriks, Data Security Pre-Sales Architect, APJ, HP Enterprise Security Recorded: Aug 3 2016 59 mins
    With the phenomenal growth of data and the IT trends toward cloud and mobility adoption, enterprises are facing rising threats to sensitive data from both inside and outside the organization. They need to be able to protect data end to end without introducing complexities to users, while lowering the implementation and management costs of security solutions.

    Join Hewlett Packard Enterprise and (ISC)2 on Aug 03 (Wednesday) at 2:00p.m. (Singapore time) for a Security Briefing on how to protect data from end to end.
  • Protecting Privileged Accounts in the Cloud Protecting Privileged Accounts in the Cloud Troy Cunningham, CISSP, Sales Engineer, ANZ, APAC Professional Services, CyberArk Recorded: Jul 13 2016 59 mins
    Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide to organizations of all sizes. Whether organizations are using private, public or hybrid cloud environments for infrastructure or software-as-a-service, the common goal is to achieve operational and cost benefits without giving up full control over infrastructure and data.

    Introducing a real challenge, privileged accounts in cloud environments are at a critical juncture of control and management because once an unauthorized user has access to privileged account credentials, control over the entire infrastructure is in the hands of the attacker. This is where securing privileged accounts plays a critical role in securing cloud environments and meeting audit and compliance requirements.

    Join CyberArk and (ISC)2 on July 13 (Wednesday) at 2:00p.m. (Singapore time) for a Security Briefings to learn how to protect your privileged accounts in the Cloud.

    Presenter:Troy Cunningham, CISSP, Sales Engineer, ANZ, APAC Professional Services, CyberArk
    Moderator: Chuan-Wei Hoo, CISSP, CISA, CFE, BCCE, Technical Advisor, Asia-Pacific, (ISC)²