Understanding Cloud Security: Finding the Boundaries
With more than 20 years Financial Services experience, I have successfully directed many large change programmes, & been instrumental in the launch of new products/ services (e.g. Mortgages, Debit and Credit Cards, Investments, General Insurance, Business Banking) as well as managing Process Reengineering consultancy teams.
Currently Head of Payment Security at Barclaycard, I am responsible for security compliance of circa 100,000 customers and their third parties. Our sustained dedication resulted in my team scooping up two awards at the Feb. 2012 Merchant Payments Ecosystem conference (MPE, formerly ECAF) for "Data Security" & "Merchants". In April 2011, my team won the Information Security Team of the Year award from SC Magazine & I was inducted to the Infosecurity Europe Hall of Fame. Other awards include the 2010 European Card Acquiring Forum (ECAF) award for Data Security (PCI DSS) and in October 2010, I was voted number 4 of the top 10 most influential people in infosec in the UK by SC Magazine and ISC2. In addition, I have been on the PCI Security Standards Council Board of Advisors since 2009.
Past achievements included:
•Managed the programme to launch of streamlined straight through Mortgage Process Platform for Abbey for Intermediaries. Achieved in 10 months.
•Managed the programme to centralise Mortgage Underwriting from a network of 700 branches to one centralised area. Achieved in 9 months.
•Managed the programme to support the insourcing of the Abbey credit card from MBNA and implementation of the new Santander platform. Also managed the migration of the existing debit card to the new Santander platform.
•Other programmes in my portfolio included all people/ process & technology aspects of the following: Investments, Business Banking, General Insurance, International & Domestic Payments.
RecordedMay 23 201246 mins
Your place is confirmed, we'll send you email reminders
Social Engineering has been around for as long as the crooks have but in a modern online world, running a con game has never been easier. And that’s why we need to be savvy.
A social engineer can research you on Facebook and LinkedIn; read up about your company on its website; and then target you via email, instant messaging, online surveys…and even by phone, for that personal touch. Worse still, many of the aspects of a so-called “targeted attack” like this can be automated, and repeated on colleague after colleague until someone crumbles.
Greg Iddon will take you into the murky world of targeted attacks, and show you how to build defences that will prevent one well-meaning employee from giving away the keys to the castle.
Colin Whittaker, Informed Risk Decisions; Yo Delmar, MetricStream; Chris McClean, Forrester; Sanjay Agrawal, CIMCON Software
Cybersecurity has jumped to the top of companies’ risk agenda after a number of high profile data breaches, and other hacks. In an increasingly digitized world, where data resides in the cloud, on mobiles and Internet of Things enabling multitude of connected devices, the threat vectors are multiplying, threatening the firms’ operations and future financial stability.
Organizations with the ability to view cybersecurity breaches as a risk, with associated probabilities and impacts, can strike the right balance between resilience and protection. By bringing together leadership and capabilities across fraud, IT, cybersecurity and operational risk, organizations can connect the dots and manage their GRC program more effectively. Organizations need to employ a proactive approach to review their existing risk management processes, roles and responsibilities with respect to cybersecurity to re-align them into an overall ERM strategy with boardroom backing.
Attend this panel webinar, as we discuss these issues and address ways to develop an evolving GRC program to cope with the growing threat landscape.
Michael Suby, Vice President of Research at Frost & Sullivan
Unfortunately many organizations today are losing the race against the hacker community by a large margin. As noted in the Verizon 2016 Data Breach Investigation Report, the percent of compromises that transpired in “days or less” has risen from 67% to 84% over the last 10 years. Over this same time period, the percent of compromise discoveries that occurred in “days or less” also improved, but not enough to narrow the time gap between compromise and discovery. In other words, the bad guys are accelerating their exploits faster than the good guys are accelerating their ability to discover.
The path to narrowing the time gap between compromise and discovery, and then neutralising business-impacting incidents, is through a comprehensive and mission-oriented Security Information and Event Management (SIEM). A well-designed SIEM not only advances security objectives, but it also works to direct personnel and process for maximum impact. With limited resources and a rising number of attacks, not all solutions are created equal. You need to ensure they are getting the best bang for your buck.
In this webinar, Michael Suby, vice president of research at the global research and consulting organization Frost & Sullivan, will discuss the factors that contribute to SIEM’s total cost of ownership.
• How to calculate the total cost of ownership of a SIEM
• The basic functionality that every SIEM should have to confidently breeze through preliminary activities
• The SIEM attributes that will have a lasting impact on your organization’s cost efficiency in effectively managing risk
Join us to learn the features that should be on the top of your scorecard when evaluating a SIEM for either first-time deployment or replacement.
Google Apps for Work is a preferred solution for productivity and collaboration in the modern enterprise. But with a large suite of tools, proper provisioning and maintenance is anything but easy. Attempting to roll out Google Apps to the right users with the right access often results in over-extended IT resources, delayed employee on- and off-boarding, and misallocated access to key documents and data.
It doesn’t have to be this way. Hundreds of organizations are using OneLogin’s best-in-class directory integrations to achieve faster Google Apps time-to-value and on-going application security and automation.
Join OneLogin for an informative webinar designed to get you through the most complex of Google Apps deployments.
· The sophistication of today’s threat landscape
· Lessons learnt in government intelligence on defending against fast- moving adversaries
· Using machine learning for automatic threat detection and efficient resource allocation
· Gaining visibility into 100% network activity and mitigate problems early
The OWASP Top 10 Vulnerabilities, last published in 2013, has been a valuable list of criteria by which any Web Application Firewall (WAF) is evaluated, but has a glaring flaw, it only focuses on vulnerabilities in the code, and ignores automated threats. In late 2015, this flaw was addressed and OWASP released the first Automated Threat Handbook specifically to help organizations better understand and respond to the notable worldwide increase of automated threats from bots. This presentation discusses these new bot threats, bot evolution, and how to fight back.
- How malicious bots attack and cause problems
- Why homegrown IT solutions have troubles keeping up with bots, threats
- See Distil Networks in action finding, fighting bots
Paul Kurtz, Co-Founder & CEO of TruSTAR Technology
Despite the growing conversation around incident exchanges, few companies share broadly today. Join Paul Kurtz, Co-Founder and CEO of TruSTAR Technology to discuss:
· Why it’s time for ‘good guys’ to embrace timely incident exchange,
· The challenges of building effective intelligence exchange, and
· How to design an intelligence exchange with broad participation and actionable reports.
High-profile breaches are on the rise. Insurance companies, government organizations, power utilities, even online gaming and dating sites are increasingly becoming targets of sophisticated cyber attacks.
With the ever-changing landscape of threats and advanced cyber-attacks showing no sign of slowing down, organizations need to be prepared. As the breadth of corporate information expands, IT security teams face the daunting task of effectively protecting intellectual property, PII data, and PHI data from internal and external threats.
Enter machine learning and user behavior analytics. Can this technology detect and help stop cyber-attacks? Stephan Jou, CTO at Interset, will discuss the current threatscape and how user behavior analytics plays in the fight to stop cyber-attacks.
Cyber attacks are on the rise, and financial institutions are increasingly becoming targets of sophisticated attackers. Join this presentation and learn about the current cyber-attacks affecting the industry.
David Swan, EVP of the Defense Intelligence Group will discuss current attacks, attack trends and forecasts what banks and other financial institutions can expect in the near to middle term.
Distributed, automated detection and protection accelerates breach response.
Sadly more than 90% of breaches start with a “click”: Attachments, downloads, malvertising, Java, the web, media, USB and executables all punch holes in the perimeter. Conventional “detect to protect” tools fail – because 99% of malware morphs in under a minute, making signatures useless. And the thousand-fold increase in crypto-malware signals a shift to machine-timescale breaches that can bring an organization to its knees before the first alert. CISOs find themselves in the awful position of having to detect a breach once an attacker has succeeded – without knowing what to look for or how to respond.
In an era of targeted and machine-timescale attacks, luck and hope are not enough. This talk will present a way to use the endpoints themselves to accelerate enterprise detection, threat analysis and response. The approach relies on the use of virtualization based security on endpoints to isolate threat vectors, protecting the endpoint but more importantly providing an isolated environment in which malware will execute, with the advantage of tamper-proof monitoring. Insights from each endpoint are correlated to accelerate enterprise-wide response.
As part of our research work focused on identifying automated network traffic that we can relate with malicious behavior and botnet communications, we often come across with traffic not necessarily related to malicious intent, but that represents a high risk for the companies allowing it to occur on their networks.
Often associated with abandoned ware, policy control failures, or miss configurations, these traffic patterns end up exposing company information and assets to multiple risk levels.
On this webinar, we are going to explore this byproduct of our botnet research, how widespread this problem is, how we can use this to relay risk information to companies, and the several degrees of exposure and impact that this type of traffic can represent.
Dr. Matthew Williamson, Chief Threat Defense Scientist at vArmour
The problem of detecting attackers in today’s enterprises and data centers is harder than ever. Well-funded adversaries with time and patience use techniques that blend in with enterprise activities, making accurate detection difficult. Security analytics promises to address this situation by throwing advanced math at available data sources in the enterprise, with the goal of finding the proverbial threat needle in the data haystack.
This presentation will enable attendees to evaluate security analytic solutions, cutting through the buzzwords and hype, and providing both a deep understanding of the detection problem and a framework to evaluate solution efficacy, based on three axes: breadth, depth and control.
Jens Monrad, Global Threat Intelligence Liaison, FireEye; Al Maslowski-Yerges Manager, Americas Systems Engineering
The ongoing battle with cybercrime is asymmetric. You’ve invested millions in protection technology but unknown attackers still find a way in. So how do you stay ahead of the curve?
"The core problem is that most cyber security tools do not make a distinction between everyday malware and advanced targeted attacks. If security tools cannot tell the difference, security teams have no way of prioritizing the alerts that matter the most."
Join Jens Monrad, Global Threat Intelligence Liaison from FireEye in this webinar that will discuss:
•How to ensure you are responding to the alert that matters
•Benefits of Alerts with threat Intelligence
•Using threat intelligence to think like your attacker
•How to apply threat intelligence, expert rules and advanced security data analytics in order to shut down threats before they cause damage
•How security teams can prioritize and optimize their response efforts.
Laurence Pitt, Solution Marketing - Symantec & Robert Westervelt, Research Manager - IDC Security
Endpoint security is a critical component in an organisation's security program and is needed to gain the visibility necessary to rapidly detect threats and contain them before criminals gain access to critical resources. But identifying custom malware and sophisticated attacker techniques requires an approach that combines existing security investments with modern defenses to protect critical corporate assets.
In this webinar you'll learn about:
•Why organisations of all sizes are increasingly targeted by criminals using advanced tactics and zero-day attacks designed to bypass traditional antivirus and remain stealthy on systems.
•What technologies typically make up modern threat protection solutions, from sandboxes, advanced machine-learning, to behavioral analytics systems to quickly identify infected endpoints and determine the scope of an attack
•Why endpoint visibility must be combined with network, web, and messaging security solutions
Enterprises spend millions of dollars on cyber security tools and services, but still many of them cannot distinguish the legitimate users from the attackers with legitimate, but stolen credentials.
Stolen credentials leak at the Dark Web. Hackers take advantage of users who reuse their passwords. This fact allows attackers to hack an organization using the "front door" instead of using vulnerabilities or direct attacks to compromise the IT infrastructure. The account security of an organization is heavily dependent on the security of the other organizations where its employees or customers have accounts.
In this talk, you will learn how attackers are able to compromise accounts of secure organizations which do not have vulnerabilities; and as an admin, what you can do to protect your organizations from Leaked Passwords attacks. We will look at case studies of organizations whose passwords have leaked and those that took proactive measures to keep their employees’ and customers’ accounts safe.
Matthew Cook, Co-Founder of Panopticon Laboratories
The activities of cheaters, hackers, and fraudsters are killing virtual worlds for online game players, publishers, and developers. This presentation outlines the tools and techniques that bad guys have adapted from other industries to attack online games, why they're so financially motivated to do so, and what the consequences of allowing them to continue to operate were for a large, international Facebook and mobile game publisher.
As today’s technology becomes more and more sophisticated, human error remains the weak point. The most state of the art security technology is still hampered by human error and lack of awareness.
In this insightful and action-oriented session, Wes Stillman, CEO of RightSize Solutions and a leading industry thought-leader on cybersecurity will offer actionable tips that firms can implement right away to drastically improve security including:
· Survey Your Technology Infrastructure
· Set Up Awareness Training
· Run a Mock Disaster Recovery
· What is BYOD and why it’s so important
As one of the premiere providers of IT Outsourcing to RIA Firms and the Wealth Management community, this presentation ideal for COOs, CTOs or anyone interested in understanding how effective policies and procedures can be your best line of defense for the security of your firm and clients.
OneLogin Solutions Engineer Nathan and Chan Mustafa Ebadi, VP of IT & Services at SOTI
Whether you’ve just purchased Office 365 or have been using it for a while, deploying and managing safe access to Office 365 is not simple, fast, or pleasant. It’s your job to get the most value from your application investments, and while Microsoft has tools to assist like ADFS and DirSync, they are not only cumbersome and costly to maintain, but do not meet industry standards that can be scaled across your organization. And let’s face it, you’re not just implementing Microsoft products. Can you extend ADFS beyond Office 365 in a timely matter?
Join OneLogin and customer SOTI, a proven product innovator and EMM Industry leader in mobile consulting, for an informative webinar about deployment best practices for Office 365 integrated with Active Directory.
John Bambenek, Threat Systems Manager at Fidelis Cybersecurity
Nearly 1 million new malware threats are released every day. The sheer deluge of unique malware samples makes it difficult for incident responders to keep up to protect their networks. Even more difficult is the task for investigators and law enforcement to keep up with the size and number of command-and-control networks and criminal operations.
Join this presentation to learn about the solutions and tools you can employ to monitor criminal infrastructure and make it easy for incident handlers to identify problems on their network, for security analysts to protect their networks and for law enforcement to have reliable near-time information for their operations.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.
Find out about how organizations can dramatically lower storage infrastructure costs by deploying a cloud-based object storage solution.
Led by Google executives, Brian Stevens and Carl Schachter, this webcast will discuss:
●The benefits of using cloud as another storage tier?
●When to consider Cloud Storage (GCS) for secondary storage
●How to potentially use Cloud (Google Compute Engine) for Disaster Recovery
●Potential issues with bandwidth, recovery time, cost, security and usability
Google Cloud Storage Nearline is a low-cost, highly-durable and highly available storage service for infrequently accessed data, data archiving, online backup and disaster recovery. Data is available instantly, not within hours or days. With sub-second average response times and 1 cent per GB/month pricing, Cloud Storage Nearline gives you terrific performance at a low cost.
Tune in for the latest in our Ask the Experts Series! This session is all-about-Azure: cloud computing and PaaS for the enterprise. During this session we will show you how and why to use the benefit/credit that comes with your Visual Studio Subscription.
In this webcast, you will learn:
- About other available Azure programs
- Application development tests on Azure
- What other customers are doing on Azure and how it is paying large dividends
What every organization needs to know before, during, and after a ransomware attack.
Ransomware has one goal: to get your money. It locks away files until payment is made. Ransomware attackers collected more than $US 209 million from victims during the first three months of 2016 alone, with the volume of attacks 10 times higher than all of 2015.
Ransomware makes headlines when hospitals are taken offline or police departments pay cybercriminals to decrypt their files. Proofpoint has unparalleled visibility into the advanced threats, including ransomware, that are aimed at organizations today. Proofpoint can dynamically analyze and block in real-time the malicious URLs and attachments that can evade antivirus and reputation filters to deliver ransomware.
Join Jennifer Cheng, Director, Product Marketing, Proofpoint for this webinar to learn how to defend against ransomware with our anti-evasion technology.
•Why ransomware is surging.
•Where it comes from.
•What to do before, during, and after an attack.
•Should you pay or not? What to consider.
Exploit kits don’t stop. Neither should your business.
What’s the best way to enhance the sales and customer experience? Not quite sure what the answer is – don’t worry, every company finds themselves dwelling on how to accomplish this.
Join Kelly Ann Jourdain, Manager Technical Support at Global DMS and Carl Rio, Strategic Account Manager at NewVoiceMedia as they discuss how Global DMS tackled transforming their customer and sales engagement by increasing their speed of call resolution, eliminating their back-up call center, utilizing omni-channel and analytics to drive efficiency gains.
Become a cloud-first company on your terms with hybrid cloud data management. Join us to learn how you can use Informatica Cloud or leverage your existing PowerCenter investment to redirect workloads and run on Microsoft Azure public cloud eco-system. You will learn how your organization can benefit from cloud economics and improved agility, while continuing to leverage existing PowerCenter resources, skills and work-products. Gain insight into the products and connectors available to run Informatica on Azure. Hear how Life Time Fitness is using Informatica Cloud and PowerCenter running on Microsoft Azure to drive customer intimacy and improve operational efficiency.
If you are a security integrator then this webinar is for you!
Challenges created by more cameras, higher resolutions, and increasingly complex analytics are creating an influx in data, and managing this infrastructure takes an intelligent, scalable storage platform.
Join us on Tuesday, August 30 at 9:00 AM PST for The Cost Shift Model
for Video Storage and Data Management to learn how Quantum is taking a different approach to revolutionize storage solutions within the surveillance and security industry.
Attend this webinar and learn:
- How a multi-tier storage approach is shifting the budget spent in the surveillance market
- How to extend your customers’ surveillance budget
- How you can offer a scalable storage solution without compromising video quality, retention time, or camera streams
Quantum can help you design and implement a scalable storage foundation that will enable you to differentiate your offerings in the market.
Register for this webinar today!
In this webinar Andrew Shoemaker, a DDoS simulation expert from NimbusDDOS, gives you a rare glimpse into how hackers find the weak points in your defenses and exploit them to level devastating DDoS attacks. You'll see real world examples of the tactics and methods used to create tailored DDoS attacks that can bring down a targeted network or application, and learn how best to defend against them.
Recently the president of the American Medical Association referred to healthcare IT as the “snake oil” of the 21st century. He referenced ineffective electronic health records, an explosion of direct-to-consumer digital health products, and apps of mixed quality.
In this webinar, leading healthcare expert, Marion Jenkins, will cover the major causes of this sorry state of affairs, and discuss how healthcare technologies can actually help medical practices deliver better patient care.
Major areas to be covered:
1.Who is to blame? There is plenty to go around. Physicians? Healthcare IT vendors? The government? The solution must get past blame and address solutions.
2.How can clinical users and executives “break through” the logjam of sub-optimal IT systems, poor implementation, and ineffective workflows?
3.Is it possible to utilize new technologies to improve patient care, without breaking the bank and further hurting the clinician/patient experience?
4.What are the necessary changes that enable technology to actually provide benefit in a healthcare setting?
Join this webinar to be certain of making the right decisions on moving resources to the cloud. You’ll see how to evaluate which workloads are candidates for cloud migration PLUS measure how efficiently you’re utilizing your own resources.
The CloudPhysics Cost Calculator for Private Cloud lets you apply basic costing models to determine your actual costs per virtual machine (VM) in terms of power, compute resources, memory, storage, licensing, and more to generate a cost baseline.
Now you can apply CloudPhysics rightsizing intelligence to your VMs. See your “as is” costs beside your rightsized costs at peak, 99th percentile, and 95th percentile. Capture savings by reducing workloads to match actual demands and reduce overprovisioning.
When mapping your VMs to their public cloud instances, apply the same peak, 99th percentile, and 95th percentile data to reveal cost difference for private versus public cloud.
Attend this webinar to be sure you’ve optimized decision-making before you move.