Hi [[ session.user.profile.firstName ]]


  • Date
  • Rating
  • Views
  • Managing Risks in your Attack Surface
    Managing Risks in your Attack Surface
    Terry Bishop, EMEA Technical Director, RiskIQ Recorded: Nov 8 2018 45 mins
    According to latest Verizon research, 73% of all breaches originate outside the corporate firewall on the Internet and your organisation's presence on the Internet has become the new cyber battlefield.. Forgotten, unmanaged and un-patched web infrastructure have long been targets of choice for cyber criminals but recently we’ve seen new and effective tactics designed to compromise organisations, employees and customers while avoiding detection with traditional security methods and tooling. In this webinar we’ll look at how the cyber battlefield is changing in favour of the adversary and we’ll outline the steps organisations need to take to regain control and reduce their Internet exposure.
  • Inside and beyond BA and Ticketmaster - the many breaches of Magecart
    Inside and beyond BA and Ticketmaster - the many breaches of Magecart
    Yonathan Klijnsma, RiskIQ Recorded: Oct 12 2018 54 mins
    In 2015 a digital credit card skimming group that injected code into the online shopping software provided by Magento, dubbed ‘Magecart’ was first discovered by RiskIQ in 2015. In October of 2017 RiskIQ exposed the group’s offline operations, which monetizes its credit card theft and mitigates risk to its members by recruiting unwitting mules in the US via Russian-language job postings to ship stolen goods to Eastern Europe.

    RiskIQ then discovered the July breach of Ticketmaster was not an isolated incident as initially reported, but rather part of a worldwide campaign affecting potentially thousands of sites by hacking third-party components used by e-commerce brands. The latest chapter in the Magecart saga reveals the group’s role in the targeted breach of British Airways, which used malicious code meant to mimic the functionality of the site to intercept the payment information of 380,000 customers.

    Join RiskIQ Researcher, Yonathan Klijnsma, to learn:

    How Magecart has continued to evolve
    What happened during the Ticketmaster breach, and what it means for hundreds of other e-commerce sites
    How British Airways was successfully targeted
    The newest research that will better define the scope of Magecart’s influence
  • Understanding the ROI of Implementing Digital Threat Management
    Understanding the ROI of Implementing Digital Threat Management
    Jarad Carleton Industry Principal, Cybersecurity Practice – Frost & Sullivan, Sam Curcuruto Head of Product Marketing – RiskI Recorded: May 17 2018 59 mins
    The digital threat landscape moves too quickly for security teams to rely on disparate tools that slow down investigations and complicate protecting the organization. The time has come to embrace the power of a digital defense platform strategy to simultaneously reduce cost and business risk.

    In this webinar featuring Frost & Sullivan Cyber Security Industry Principal, Jarad Carleton, we’ll cover:

    How organizations should be leveraging “force multiplier’ platform technologies that provide unified insight and protection against threats across the Web, social media and mobile apps.
    Why a platform approach is the best way for resource-constrained information security departments to reduce both mean time to detection (MTTD) and mean time to resolution (MTTR) of digital threats.
    Customer mini-case studies that demonstrate the platform capabilities and ROI achieved.
    How the RiskIQ platform maps to the Frost & Sullivan Cyber Resilience Framework.
  • Mitigating Risk Outside the Firewall Needs a Strategy: Start with Risk Reporting
    Mitigating Risk Outside the Firewall Needs a Strategy: Start with Risk Reporting
    Edward Amoroso – TAG Cyber Founder & CEO, Vamsi Gullapalli – RiskIQ Product Manager, Sam Curcuruto – RiskIQ Product Marketing Recorded: Mar 16 2018 45 mins
    For most security professionals, fixing vulnerabilities and security gaps can feel like a game of Whack-a-Mole. New threats come online; new weaknesses are exploited, old gaps are exploited, new vulnerabilities are disclosed. The process is challenging to manage and prioritise. But a strategy that includes automated, up-to-date analysis of your security posture, especially as it relates to internet-exposed assets can help calm the storm.

    In this webinar, we cover how a CISO professional looks at risk as it relates to your digital footprint, and how RiskIQ’s Risk Reporting is different from other Risk Scoring and Risk Reporting solutions. We also cover essential perspectives, methods, and capabilities that are important for any digital threat management programme.

    Join us for our webinar to learn more from Edward Amoroso, former CISO of AT&T and current CEO of TAG Cyber as he offers his advice on a comprehensive Outside the Firewall strategy.
  • Understanding and Taking Action on Risk Associated with your Digital Footprint
    Understanding and Taking Action on Risk Associated with your Digital Footprint
    Dustin Wilcox, 360Velocity | Vamsi Gullapalli, RiskIQ Recorded: Mar 9 2018 28 mins
    Visualising your organisation’s complete attack surface—all the known, unknown, and rogue and phoney digital assets across digital channels—is central to a robust and effective digital threat management (DTM) program. Having this complete picture also provides an understanding of vulnerabilities associated with those assets, and which should be prioritized highest (e.g., old vulnerabilities, which are the most often exploited, and new vulnerabilities like zero-days).

    During its discovery process, RiskIQ’s Digital Footprint surveys the entire internet, looking for digital assets that belong to or are connected to you, across the web, social, and mobile channels. Register for our upcoming webinar with RiskIQ’s Digital Footprint Product Manager, Vamsi Gullapalli, where he discusses:

    - What is RiskIQ Digital Footprint?
    - Where it fits in your security stack
    - How it can improve your vulnerability and asset management processes by making them more complete and up-to-date
    - Real life uses cases from customers who have improved their security posture and digital threat management programs with RiskIQ

    Also, you’ll hear from a RiskIQ customer and security chief on how he used Digital Footprint to improve his organisation’s risk posture.
  • Understanding your Attack Surface - Research into FT30 organisations
    Understanding your Attack Surface - Research into FT30 organisations
    Terry Bishop, EMEA Technical Director, RiskIQ Recorded: Nov 21 2017 37 mins
    Businesses are accelerating their digital transformation, expanding their online presence to enrich products, deepen customer relationships, and boost their brand ecosystems. However, with this rapid growth comes security challenges as web assets get created outside of corporate controls and the overall Internet presence expands to unmanageable proportions. Cyber adversaries are taking advantage of this sprawling digital attack surface, looking forweaknesses to exploit. The attack surface has become the battle line between malicious actors and an organisation’s external threat defenders and its compromise is behind many of the breaches that get reported with alarming frequency.

    In an effort to highlight and quantify the risks which organisations have in their attack surface, we conducted research on the top 30 UK organisations (FT30) to highlight the issues we believe all companies face. We will present the various types of risk we uncovered and offer practical advice on ways to mitigate them and harden your attack surface.
  • Collecting Personal Information Securely? If not time is running out.
    Collecting Personal Information Securely? If not time is running out.
    Jay Huff, Hiten Sharma Recorded: Oct 19 2017 32 mins
    The care and handling of personal information is a top concern for consumers and governments alike. Unlike many issues which gain public attention and struggle to keep it, an endless stream of publicised data breaches serves to keep data privacy in the public eye. As a result we’re seeing increasingly onerous regulation coming into effect in an effort to improve the data management practices of organisations and protect the confidential information of citizens. Major Internet players are also weighing in in an effort to make the user experience more secure.

    For organisations with a large digital presence, identifying all the places that personal information, or in the case of GDPR, personally identifiable information, is collected can be a daunting task. Are those forms collecting data securely? Are they accompanied by compliant statements and controls? Research carried out by RiskIQ suggests that there is much more to do in this area.

    Join us for a closer look at the security and compliance issues surrounding the collection of personal information on the Internet and learn how you can automatically discover and assess all forms and persistent cookies across your web presence.
  • SANS & RiskIQ – Putting Digital Threat Investigation & Response into Hyperdrive
    SANS & RiskIQ – Putting Digital Threat Investigation & Response into Hyperdrive
    Dave Shackleford, SANS analyst and principal consultant, Voodoo Security and Beckie Neumann, RiskIQ Recorded: Aug 24 2017 61 mins
    Given the innovation and dynamics of web, social and mobile attacks targeting consumers and employees alike, progressive organizations are adopting machine learning and workflow orchestration to accelerate external exploit, adversary and exposure investigation and response. Beyond threat intelligence, where can security teams further automate, integrate and coordinate resources? Join SANS expert Dave Shackleford and Beckie Neumann, technical product manager at RiskIQ, as they share techniques and technology to empower security analysts and advance digital defenses.

    Through practical use cases and real-world examples, webinar attendees will explore how to:

    Apply predictive analytics to thwart threats
    Identify complex attack surface gaps
    Expedite external to internal event triage
    Construct workflows to take down external threats
    Integrate derived threat data with SOC and GRC tools
  • NoTrove: A Deep Dive into a Scam Empire
    NoTrove: A Deep Dive into a Scam Empire
    Ian Cowger, Threat Researcher, RiskIQ Recorded: Aug 24 2017 37 mins
    Earlier this year, RiskIQ reported an eightfold increase in internet scam incidents, which deny the $83 billion digital advertising industry millions of dollars. Since then, we’ve identified a particularly prolific threat actor that’s built out wide swaths of infrastructure to deliver millions of scam ads, threatening consumers and undermining the digital advertising industry.

    Based on the RiskIQ report released in April, NoTrove: The Threat Actor Ruling a Scam Empire, report author and RiskIQ Threat Researcher Ian Cowger and Technical Marketing Manager Benjamin Powell will walk you through how “NoTrove,” a scam actor named after its URI pattern and penchant for denying victims “troves” of rewards, uses its scam empire and advanced automation techniques to stay ahead of detection and takedown efforts.

    Watch the Threatcast™ for a deep dive on:

    How scams are becoming a lucrative and increasingly popular method for threat actors and why they’re bad news for the digital advertising ecosystem
    What the different variants of NoTrove campaigns look like—software downloads, PUP redirections, and fake rewards downloads—and what the redirection sequence looks like when victims click and are redirected to unwanted places across the internet
    How NoTrove domains are able to command so much traffic, many shoot well up into the Alexa top 10,000
    How RiskIQ’s unique machine learning technology is able to detect scams, even as threat actor tactics evolve, to enable ad networks and publishers to block NoTrove infrastructure, even as it changes, evolves, and rotates
  • What you don’t know CAN hurt you.  Are you GDPR PII compliant?
    What you don’t know CAN hurt you. Are you GDPR PII compliant?
    Bob Tarzey, Quocirca analyst and director, Fabian Libeau, RiskIQ technical director Recorded: Jul 11 2017 46 mins
    With GDPR fast approaching, do you know everywhere you’re collecting PII?

    The EU General Data Protection Regulation (GDPR) includes new requirements and controls on the online processing of personally identifiable information (PII) and large fines if poor practice leads to short comings in processing controls or lead to a data breach. RiskIQ’s recent research into leading UK organisations shows that there is still much to be done to comply with the regulation.

    Join us for this webinar with Bob Tarzey, Quocirca analyst and director, and Fabian Libeau, RiskIQ EMEA Technical Director. Topics covered include:

    - What are the changes to online information processing introduced by GDPR and how do they differ from current data privacy legislation?
    - What are the common issues organisations face to comply?
    - How can RiskIQ help?
    - Case Study example

Embed in website or blog