Hi [[ session.user.profile.firstName ]]

Information Security

  • Date
  • Rating
  • Views
  • The cyber security challenges faced by businesses adopting a BYOD strategy
    The cyber security challenges faced by businesses adopting a BYOD strategy Martin Cook, LogRhythm Recorded: Aug 16 2017 46 mins
    This webinar will focus on the cultural shift from tightly controlled business networks of yesterday to the converged fabric adopted by businesses today. BYOD is becoming a normality for most organisations and it doesn't have to be a heavy burden for security teams with the right policies, people and technology in place. We'll dive into some of the options available for these challenges in this webinar and how having the right BYOD strategy can play an integral role in an organisation's preparation for EU GDPR compliance.

    We’ll address:
    - The security options available today to enable an efficient and safe BYOD strategy
    - How implementing a strong BYOD strategy can help compliance
    - How you can reduce the risk of suffering a damaging cyber-breach
  • Hybrid Mobile Apps: From Security Challenges to Secure Development
    Hybrid Mobile Apps: From Security Challenges to Secure Development Dr. Achim D. Brucker, Security Consultant & Senior Lecturer, University of Sheffield Recorded: Aug 16 2017 35 mins
    Cross-platform frameworks, such as Apache Cordova, Adobe PhoneGap, or SAP Kapsel are becoming increasingly popular. They promote the development of hybrid apps that combine native, i.e., system specific, code and system independent code, e.g., HTML5/JavaScript. Combining native with platform independent code opens Pandora's box: all the security risks for native development are multiplied with the security risk of web applications.

    In this talk, we will give a short introduction into hybrid app development, present specific attacks and discuss how Android developers are using Apache Cordova. In the second half of the talk, we will focus on the secure development of hybrid apps: both with hands-on guidelines for defensive programming as well as recommendations for hybrid app specific security testing strategies.

    Speaker bio:

    Dr. Achim D. Brucker (https://www.brucker.ch) leads the Software Assurance & Security Research Team (https://logicalhacking.com) at the University of Sheffield, UK. Until December 2015, he was a Security Testing Strategist in the Global Security Team of SAP SE, where, among others, he defined the risk-based security testing strategy of SAP. He is a frequent speaker at security conferences.
  • The Imminent Smart Device Mutiny
    The Imminent Smart Device Mutiny Amar Singh & Chris Payne Recorded: Aug 16 2017 59 mins
    Are we filling our homes and carrying around in our pockets, our biggest cybersecurity vulnerabilities? Join us in a lively debate where we will discuss the increase in IoT and smart devices, some of the lesser talked about threats and what steps are being taken to reduce the risk to the imminent smart device mutiny of future.
  • The Worst Privacy and Security Risks and How To Defend Against Them
    The Worst Privacy and Security Risks and How To Defend Against Them Dr. Christopher Pierson (CSO of Viewpost), Sarah Squire (Founder & Principal Consultant, Engage Identity) Recorded: Aug 15 2017 61 mins
    We live in the age of high-profile breaches and cyber attacks. Every organization is a target, especially in the financial, healthcare and government space. With so much at stake in the event of a breach, what are the biggest cybersecurity risks for organizations? How should we defend against them?

    This live panel will discuss:
    - The relationship between identity, security and privacy
    - The role of data security regulation
    - Why investing in cybersecurity is key
    - The few basic things organizations should be doing today to better secure their customer data
  • The State of Identity in the Age of Breaches & Cyber Attacks
    The State of Identity in the Age of Breaches & Cyber Attacks Mark Weatherford (vArmour), Paul Rosenzweig (Red Branch Consulting), Brett McDowell (FIDO) Recorded: Aug 15 2017 61 mins
    Enterprises, businesses, government agencies, transportation systems, hospitals, and in some cases, even power plants worldwide have been affected by the high-profile cyber attacks of 2017. What is the current state of digital identity, cyber security and privacy in an age of increased cyber attacks. With the EU General Data Protection Regulation (GDPR), going into effect in May 2018, how are global enterprises and businesses preparing for it?

    Join this panel of expert identity and cybersecurity leaders as they discuss the pressing issues concerning identity and security, especially in the context of ransomware attacks, rise in cybercrime and instances of cyber warfare.

    Moderator:
    - Mark Weatherford, Chief Cybersecurity Strategist at vArmour

    Panelists:
    - Paul Rosenzweig, Principal at Red Branch Consulting
    - Brett McDowell, Executive Director of the FIDO Alliance
  • Catch Me If You Can - Red vs. Blue
    Catch Me If You Can - Red vs. Blue Will Schroeder and Jared Atkinson Recorded: Aug 10 2017 58 mins
    Attackers’ love for PowerShell is now no longer a secret, with 2016 producing an explosion in offensive PowerShell toolsets. PowerShell is gaining respect in offensive circles as “Microsoft’s Post-Exploitation Language” and being integrated into many offensive toolkits. Unfortunately, the offensive community often fails to research or share relevant mitigations with their defensive counterparts. This leaves many defenders without the information they need to protect themselves and their networks from these attacks. In a quest to combat the perceived threat, many defenders attempt to disable PowerShell rather than realizing its defensive potential.

    In this webinar, Will Schroeder (@harmj0y) and Jared Atkinson (@jaredcatkinson) will cover offensive and defensive PowerShell tools and techniques, including PowerPick, subversive PowerShell profiles, PowerForensics, and Get-InjectedThread. They will also cover mitigations and detections for popular offensive tools and techniques, demonstrating how to best handle the new offensive reality of widespread offensive PowerShell usage.
  • Orchestrating Effective IT Risk Management Across the Lines of Defense
    Orchestrating Effective IT Risk Management Across the Lines of Defense Kelley Vick, IT GRC Forum; Cameron Jackson, Riskonnect; Weston Nelson, Moss Adams Advisory Services Recorded: Aug 8 2017 65 mins
    Today’s IT risk environment is more threatened than ever thanks to the growth in sophisticated cyber attacks and security vulnerabilities. Now, complex, hard-to-detect attacks could bring down not just a single institution but also large parts of the internet and the financial markets. Organizations need an intelligent approach when it comes to assessing IT risk and managing compliance.

    Staying safe is no longer just about deflecting attackers. It’s about staying ahead of attackers who are already inside the organization, and banks are doing this through structured lines of defense that enhance security capabilities, involve IT risk managers in operations, and expand internal audits mandate so they can cover business disruption. On this webinar presentation we will address some ways how organizations can as a part of an Integrated Risk Management initiative orchestrate effective IT risk management across the lines of defense.
  • The Not So Same-Origin Policy & Web Security
    The Not So Same-Origin Policy & Web Security David Petty, Network Security Analyst at Independent Security Evaluators Recorded: Aug 8 2017 32 mins
    The same-origin policy (SOP) remains one of the most important security mechanisms of the web, protecting servers from malicious pages interacting with their APIs through cross-site requests. However, the subtle details of the policy can be overlooked, so our talk aims to show how limitations in the application of the same-origin policy can undermine security.

    Join this talk in the "Threat Hunting" series as David Petty, Network Security Analyst at Independent Security Evaluators, explains in depth how the same-origin policy works and how it can be bypassed to exploit cross-site vulnerabilities, including examples of Java, Flash, Silverlight, and Cross-Origin Resource Sharing (CORS) misconfigurations.

    As the same-origin policy and cross-site request forgery (CSRF) are inherently connected, we will also show both simple and complex cross-site request forgery attacks and how CSRF functions within the context of the same-origin policy. This will include classic CSRF attacks that work within the confines of the same-origin policy and more complicated attacks that utilize server misconfigurations to bypass the same-origin restrictions altogether.

    About the Threat Hunter:
    David Petty is an Associate Security Analyst at Independent Security Evaluators (ISE), a security consulting company in Baltimore, MD. He has recently graduated from Northwestern University with a B.S. in Computer Science, and discovered his interest in security while working for ISE during college. He specializes in breaking web and native applications and uses these skills to conduct custom security assessments of software products. His interests also include reverse engineering and digital forensics.
  • Threat Hunting Tool: Sweet Security Supercharged [Hunter Spotlight]
    Threat Hunting Tool: Sweet Security Supercharged [Hunter Spotlight] Travis Smith, Principal Security Researcher at Tripwire Recorded: Aug 1 2017 43 mins
    In this episode of the Threat Hunting series we will feature a network security tool developed and used by real-life threat hunters. Sweet Security is a network security monitoring and defensive tool which can be deployed on hardware as small as a Raspberry Pi.

    Using the power of Bro IDS and threat intelligence feeds, malicious network traffic can be exposed. This data is gathered and visualized with the ELK stack (Elasticsearch, Logstash, and Kiban). Going beyond detection, the device can implement blocking for specific devices on a granular level. Sweet Security can monitor all network traffic with no infrastructure change and block unwanted traffic. It ships with Kibana dashboards, as well as a new web administration UI. Even better, the installation can be separated between web administration and sensor.

    Want to deploy the web administration to AWS and install a dozen sensors? No problem! With the ability to intercept all network traffic combined with the power of Bro and ELK, you can unlock the ability to hunt for threats across any environment.

    Travis Smith will go through how the tool works, as well as some interesting findings he has discovered on his own home network.
  • Securing Critical Infrastructure with Advanced Cybersecurity Controls
    Securing Critical Infrastructure with Advanced Cybersecurity Controls Keao Caindec, VP of Marketing and Dean Weber, CTO, Mocana Recorded: Aug 1 2017 46 mins
    The US Department of Homeland Security has defined 16 critical infrastructure sectors, including: chemical, communications, critical manufacturing, dams, defense, energy, financial, food and agriculture, healthcare, IT, nuclear, transportation and water and waste management.

    Securing the industrial control systems (ICS) and SCADA networks requires a different approach that goes beyond threat detection, perimeter-based security, firewalls and physical security protections.

    In this webinar, you’ll learn about how to architect and embed strong cybersecurity controls such as: secure boot, multi-factor authentication, secure software updates, secure communications between industrial devices (PLCs, sensors, IEDs, RTUs and controllers), gateways and industrial clouds. You’ll also learn about how to enable applications to call cryptographic functions that leverage hardware secure elements such as TPM, SGX, TrustZone as well as HSMs and SIMs.

Embed in website or blog