Managing third-party risk is a big undertaking. Most financial institutions have tens of thousands of supplier relationships, and many data breaches originate though IT Vendors within the supply chain. Not only are the risks associated with third-party vendors increasing, but regulators are turning their attention to the need for organizations to manage IT vendor risk more effectively.
Organizations should start by compiling a comprehensive inventory of all partnering third-parties and their associated risks, which will enable management to segment IT vendor risk accordingly and focus efforts by priority. They should also designate a business owner for managing third-party relationships, and provide them with the right decision-making powers to establish a disciplined governance and escalation framework for dealing with incidents that occur.
By implementing such best practice organizations can streamline, automate and integrate IT Vendor governance, risk management, compliance, and audit programs, to build a new, more effective paradigm of supply chain performance. Join this education session as we address these key concepts and challenges for managing third-party risk to strengthen IT vendor governance.
Advanced Persistent Threats (APTs) are in every network. They rely on you being overwhelmed by alerts and unable to follow up and respond to attacks - it typically takes days, weeks, sometimes months to resolve a cyberattack (the Ponemon Institute found it takes 32 days, on average, to close out a cyberattack). This is time you don't have. Attend this webinar to see how to change this paradigm and mature your incident response so you can quickly uncover, contain and remediate attacks in your network.
See how other companies have used modern automation technologies to take their Incident Response to the next level:
· Investigating everything – no more prioritization or alerts going unhandled
· Quickly mitigating threats – including large scale cyber events – to close the window of opportunity for attackers
· Applying IR best practices – through codified logic and intelligent decision-making algorithms that take the complexity out of IR
Araldo Menegon, Global Managing Director, Financial Services, Fortinet
Fortinet protects the most valuable assets of the largest financial services institutions across the globe. Learn how they provide high-performance protection against cyber-threats by hearing from security experts and key customers.
Richio Aikawa - Senior Marketing Manager, Partner & Solutions | Adam Darby - International Technical Sales Manager
MIFID II requires a company to keep electronic transaction logs with greater resolution/accuracy than previously. This webinar examines how Solarflare helps fulfill these requirements with PTP, Hardware time stamping and Capture.
Mark Allen, Technical Sales Engineer and Bjorn Hovd, Technical Sales Engineer
They may be the oldest tricks in the book, but SQL injection and cross-site scripting (XSS) attacks still put a hurt on thousands of web applications every year, impacting millions of users—your users and customers. SIEM solutions are essential in finding these exposures quickly, by collecting and correlating data to spot patterns and alert you of an attack. Join us for this demo to learn more about how these attacks work and how AlienVault USM gives you the built-in intelligence you need to spot trouble quickly.
How these attacks work and what you can do to protect your network
What data you need to collect to identify the warning signs of an attack
How to identify impacted assets so you can quickly limit the damage
How AlienVault USM simplifies detection with built-in correlation rules & threat intelligence
Mike Woodward, Program Director of Data, BitSight Technologies
Some cyber security analysts called 2014 “the year of the retail breach” due to major breaches affecting major American retailers and leading to millions of compromised customer records. Cyber security has continued to grab the headlines over the past year, as major breaches have affected companies across all industry sectors, from healthcare to finance.
Join this webinar to learn more about the security performance of six major industry sectors: finance, government, retail, utilities/energy, healthcare and education. Mike Woodward, Program Director of Data will reveal interesting insights into the performance of each industry based on BitSight’s proprietary Security Ratings data.
Attendees will learn:
- What are Security Ratings and how are they developed
- How and why does security performance vary across different industries
- Which industry sectors are still vulnerable to Heartbleed, POODLE and FREAK
- What botnets are trending across different industry segments
Matt Johansen, Director of Security Services & Research, WhiteHat and Jonathan Kuskos, Manager TRC Europe Ltd, WhiteHat Secur
Every year, our adversaries gain more intelligence and the number of attacks on our applications increase. The damage of these attacks are costly to organizations, reaching millions of dollars a year. The Top 10 Web Hacks Webinar, now in its ninth year, represents exhaustive research conducted by a panel of experienced security industry professionals.
In this webinar, you will learn:
•The top web hacks, ranked by your peers and a panel of industry experts
•How to protect your organization against these attacks
•Industry wide research on new advanced attack techniques
John Kindervag, Forrester Research and Seth Goldhammer, LogRhythm
60% of breached organizations included in the 2015 Verizon DBIR were initially compromised within minutes, and yet for most of those organizations it took hundreds of days to detect the intruders.
Fortunately, an intrusion does not equal a breach. In fact, there are usually several steps that typically follow an initial compromise before the bad guys get away with the goods or disrupt a critical service.
Detecting early warning signs such as an initial system compromise, command and control activity or suspicious lateral movement of intruders can provide the necessary lead time to respond and neutralize a threat before the intrusion leads to a material breach.
In this webinar, our guest speaker John Kindervag, Vice President, Principal Analyst at Forrester Research, and Seth Goldhammer, Director of Product Management at LogRhythm, will discuss how pervasive visibility and big data security analytics, when coupled with intelligent automated response, can substantially reduce an organization’s risk of experiencing a material breach or cyber incident.
Attend this webinar if you:
1. Are seeking to reduce your organizations meantime-to-detect (MTTR) and meantime-to-respond (MTTR) to cyber threats
2. Struggle to find the needle in the haystack of security events
3. Believe your current incident response process lacks adequate automation and efficiency
4. You have a first-gen SIEM platform deployed and are frustrated by its complexity or feel that you still have significant blind spots
You can’t defend against something you don’t understand. Most network attacks are actually easy to understand if you have the right background. Join SolarWinds’ Mav Turner to review the basics of network security. He will discuss key concepts and core networking technology necessary for a solid foundation to secure your infrastructure.
Stephen Jones, Director of Managed Services, GuidePoint; Justin Harvey, Chief Security Officer, Fidelus Cybersecurity
Advanced cyber attacks are occurring at an astounding rate, with more industries and government entities becoming victims of massive data thefts, damaged brands, public trust issues, as well as billions in lost revenues. The primary problem is a lack of refined, and in some cases defined, policies and procedures. Other issues adding to that are security teams being short staffed, quality security analysts are hard to find, and there is an uncertainty over which products to purchase, implement, or integrate, for the best coverage. There are ways, however, for commercial and government entities to reduce their risks and improve their incident detection. Join Fidelis CyberSecurity and GuidePoint Security to learn about:
- Proactive approach to enterprise security
- Refining policy and processes
- Augment resources where gaps exist
- How to implement a managed security solution (remote or local)
- How Advanced Threat Defense Platform solutions, coupled with would aid in monitoring customer environments augmented resources, will provide a superior monitoring and alerting system, and provide a substantial amount of coverage for incident detection and proactive defense.
- Streamlined security stack – maximum capability with minimal implementations
- Deploying and integrating streamlined security stack
- Increase the visibility at the network and host-layers
- Provide defense-in-depth by implementing layered security models
- Partnering with a Managed Security Service Provider
- Obtain 3rd party assessment of security posture
- vSOC monitoring and alerting for network incidents
“I just write the code and throw it over the wall. It’s up to Ops to make it work” -- when Devs care only about coding, Ops and customers suffer.
“It’s not my job to test code. If there’s a problem, talk to QA.” -- when Ops care only about stability, innovation and customers suffer.
DevOps represents cultural change. Whether it’s the change of resistant engineers that don’t want to be on-call or the change of Operations teams to have more empathy towards their counterparts writing code, to the willingness of executives to embrace a culture of automation, measurement and sharing. Organizations must overcome the culture war to be able to approach the agility and productivity that organizations following a DevOps model gain. The faster they can get there, the faster these organizations can take the competitive edge away from traditional enterprises.
In this webinar, featuring guest Forrester Research principal analyst Kurt Bittner, we will look at:
- The current state of organizations - a separation of Devs and Ops
- The how of DevOps - DevOps is a culture, not a product
- The benefits of DevOps - happier customers
As part of our panel discussion, we will answer the following questions to help you get started building a DevOps culture within your organization:
- Why change the status quo?
- How do I align two disparate groups?
- How do I remove the obstacles that separate Dev and Ops teams?
- Will customers see a difference if devs are on call?
- Can IT start to think differently?
Stephen Boyer, CTO & Co-Founder, BitSight Technologies; Featuring Renee Murphy, Senior Analyst, Forrester Research
While many companies focus their effort on reducing cybersecurity risk, more threats are being discovered daily. Point-in-time, subjective questionnaires are not in line with the new regulations requiring continuous monitoring of vendors, partners and other third parties.
In “Continuous Third Party Monitoring Powers Business Objectives,” BitSight CTO and Co-founder Stephen Boyer and guest speaker, Forrester Research Senior Analyst Renee Murphy will discuss the value businesses are finding in using a solution that has a constant eye on third party cyber threats.
Boyer and Murphy will also discuss:
- The results of the study BitSight commissioned Forrester Consulting to undertake, examining how IT decision-makers feel about objective, reliable and continuous monitoring.
- What can be done beyond compliance to increase security performance.
- Which industries stand to benefit most from using automated, objective information security data.
- Specific use cases for continuous monitoring and how they help companies improve information security performance.
Dr Branden Williams (Moderator); Terence Spies, HP Security Voltage; Chris White, Booz Allen Hamilton; Erez Schwarz, Imperva
Inadequate security and dedicated cyber attackers have led enterprise data breaches to increase at an alarming pace. Staggering numbers of affected customers - and financial losses - are sending shock waves through the business world, and creating a sense of urgency around identifying solutions. Finding a way to ward off cyber intruders has become a critical challenge.
There is a need to create value around company data. One way to do this is to ensure that the workforce knows and understands the threats that are out there and the measures that are in place to protect against them. Data security is not one size fits all, nor is a data security communication plan. Finding the ideal fit for any company may take trial and error, but an educated and mindful workforce will serve to support the mission of IT security teams tasked with keeping confidential information secure. Join this educational panel webinar to hear experts discuss how to realize data security potential across an enterprise.
Angela Bazigos, Chief Compliance Officer of Morf Media
Any data breach is costly and disruptive, but for pharmaceutical businesses, medical device companies, and others in the life sciences field, the need to protect and manage sensitive data (PHI, PII, and IP) make these challenges even more complex. The real world costs of compromised data can be staggering, not just in fines, but in employment and business reputation loss as well.
Join FDA IT compliance expert Angela Bazigos, Chief Compliance Officer of Morf Media, and Performance Works on this deep-dive to learn how life sciences companies are managing their sensitive data in an environment of increasing risk and regulation. You’ll discover how to protect and manage this data to meet compliance regulations and significantly decrease the risk of data exposure, including that of highly-regulated HIPAA data.
Register for this webinar to learn about the:
* Increasing risk to PII, PHI, and IP data in an age of breaches and growing data dispersion
* Changing regulatory landscape that adds greater complexity to corporate workflow
* Best practices to monitor and respond to compliance and legal requirements for dispersed sensitive data, including mobile technologies and cloud services
* Proactive approach to compliance to help your business avoid data risks and better address compliance and legal requirements
Angela Bazigos, is the Chief Compliance Officer of Morf Media. She has 40 years of experience in Life Sciences spanning GLP, GCP, GMP, Medical Devices & 21 CFR 11 and has a patent aimed at speeding up Software Compliance.
Ken Rosen, Co-Founder of Performance Works
Ron Weismann, CMO of Performance Works
Grady Boggs, Principal Security Specialist, Microsoft
The consumerization of IT, bring your own device (BYOD), and software-as-a-service (SaaS) provide organizations with impressive productivity gains, but bring with them the challenge of secure management. Grady Boggs, Principal Security Specialist, illustrates the Microsoft comprehensive cloud solution, the Enterprise Mobility Suite (EMS), and details how users can stay productive while keeping corporate information safe and secure.
Identity Access Management is a complex matrix of requirements meant to assure that only the right people have access to your data. This requires the creation of a rules, roles, and a method for preserving information about access rights. In other words, we create 'big data' that then must be mined to find the most risky individuals and risky behaviors. By starting with a risk-based approach, finding those behaviors and individuals is easier. Explore with us as we examine how risk values can be assigned as you build the database so that analyzing and reporting become easier.
Debbie Umbach, Director of Product Marketing at BitSight
As mitigating third party risk becomes an essential business function across many industries, business relationships will be tested. Organizations must now subscribe to a “trust, but verify” philosophy to ensure their third parties are secure. To verify vendor security, organizations now use BitSight Security Ratings, which are gathered externally and don’t rely on any vendor input.
On August 27 at 1:00 pm EST join Debbie Umbach, Director of Product Marketing at BitSight as she discusses the best practices for implementing vendor security ratings. Viewers will learn:
- different approaches for incorporating BitSight Security Ratings into vendor risk management (VRM) programs, whether your program is just getting started or is well underway
- how companies have used BitSight Security Ratings to notify key vendors of security incidents
- how vendor ratings can allow for more effective communication and thus greater transparency
Wade Woolwine, Manager of Strategic Services at Rapid7 | Mike Scutt, Senior Consultant, Strategic Services at Rapid7
Non-targeted, opportunistic, targeted, and insider are 4 threat types, or groupings, that have been understood by the security community at large for years. These groupings of threats are largely based on motivation, prevention, detectability, cost, and impact to those affected. On the defensive side, the concept of defense in depth where you secure the outer perimeter to prevent threats, monitor the interior perimeter for anomalous behavior, and apply tight restrictions to the most sensitive data and system has also been a proven approach to minimizing the impact of threats.
Join Wade Woolwine and Mike Scutt from Rapid7’s threat detection and incident response team to discuss how making threat groupings, the attack lifecycle, and defense in depth part of your overall security program planning can help you apply your resources in a way to maximize prevention, detection, and response for a more effective ROI.
When did we forget that old saying, “prevention is the best medicine”, when it comes to cybersecurity? The current focus on mitigating real-time attacks and creating stronger defensive networks has overshadowed the many ways to prevent attacks right at the source – where security management has the biggest impact. Source code is where it all begins and where attack mitigation is the most effective.
In this webinar we’ll discuss methods of proactive threat assessment and mitigation that organizations use to advance cybersecurity goals today. From using static analysis to detect vulnerabilities as early as possible, to managing supply chain security through standards compliance, to scanning for and understanding potential risks in open source, these methods shift attack mitigation efforts left to simplify fixes and enable more cost-effective solutions.
Increasing expectations for good governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance. Their thought leadership will provide you with practical advice on how to implement successful GRC strategies and processes for your organization.