Website security management & compliance challenges

Mike Smart, Senior Manager, Products and Solutions, Symantec
Website Security Series Part 2
Jun 14 2012
37 mins
Website security management & compliance challenges
More from this community:

IT Governance, Risk and Compliance

  • Live and recorded (3304)
  • Upcoming (60)
  • Date
  • Rating
  • Views
  • A new category of threat is emerging – a threat designed to evade traditional signature-based technologies such as Anti-Virus and Intrusion Detection. Attempting to meet the challenge is a new class of technology, “Advanced Malware Protection” or “AMP,” which is an industry term for technology designed to continuously monitor for, offload and detonate files in a sandbox - safely away from the main environment - to observe and detect malicious objects.

    If a security device produces an alert in the forest, who’s there to hear it?

    The challenge is these next generation advanced malware detection solutions produce so much detail about the suspicious activity that most organizations do not have the resources to thoroughly investigate/analyze. The best technology means nothing if you don’t have the right expertise to react to the alert, quickly decipher complex reports, investigate the threat, and determine the right response. And meanwhile, the threat actors aren’t standing still – they’re developing measures to circumvent controls in some traditional sandbox environments.

    You will learn:
    1.How the threat is evolving and how actors are employing evasive practices to overcome traditional and even some more sophisticated security defenses
    2.Why next generation sandboxing and full-system emulation are the keys to combatting evasive malware threats
    3.The expertise needed to accurately identify and diagnose the threat once the alert is received
    4.How to ensure your organization has the ability to respond effectively to the incident and close all the backdoors a threat actor may have opened
  • 2014 could have easily been called, “The year of the biggest security breaches since the beginning of forever.” But given current security practices and technologies, many of the breaches could have been prevented. So why weren’t they?

    Many of the affected companies fell into a very common trap, thinking that if a company goes to the trouble to be legally compliant then it will be effectively “secure.” Unfortunately, as with many kinds of regulations, legal compliance really represents the absolute least amount of effort required. If companies want to give themselves the best chance to avoid the very severe consequences that come with a major breach, there are five practices they need to put in place now.

    Join Adrian Sanabria, Senior Security Analyst at 451 Research, and Amrit Williams, CTO of CloudPassage, on this webinar to learn
    · Possible gaps left by the compliance-first approach to security
    · How to limit vulnerabilities across traditional, virtual and cloud infrastructures
    · Five best practices to avoid a major security breach in 2015
  • The bring-your-own-device (BYOD) movement has been a huge boon for businesses that put a premium on productivity. File sync and share solutions have emerged to help employees work from anywhere, at any time, on any device. In this BrightTALK exclusive, eFolder explores the top seven features that business should consider when adopting a file sync and share solution. Learn what is required for a file sync and share solution to improve collaboration, maximize productivity, and ensure security.
  • Join Tom Kellermann, Chief Cyber Security Officer for Trend Micro, in an informative webinar specifically tailored for corporate executives and directors who are ready to take the reins of a real and effective plan to secure their organization, their data, and their careers against targeted attacks.

    During this live webinar, you’ll learn:
    • How to identify, classify, and protect your valuable data assets
    • How to assess your organization’s vulnerability to attack
    • How to measure and mitigate cyber risks cost-effectively
  • Cutting down on the time taken to complete complex document review cycles allows the modern lawyer to operate at the pace required by their industry.

    Join our webinar to learn top tips for shortening these review cycles without losing document integrity and risking corruption. We’ll also cover what technologies are available to provide a quick and accurate way to improve document review efficiency.
  • FireEye recently released a new report that documents how and why governments around the world are turning to the cyber domain as a cost-effective way to spy on other countries, steal technology, and even wage war.

    Whether it’s sensitive military, diplomatic, or economic information, governments depend on the integrity of their data. If that data falls into the wrong hands, the consequences could be severe.

    In the wake of two apparent state- and government-sponsored attacks, APT1 and APT28, government agencies must understand why they are in attackers’ crosshairs, what attackers might be seeking, and how they can protect themselves.

    Join us for a dynamic discussion with subject matter experts where you will learn:

    •What makes your government-related organization an appealing target – whether you’re a political opponent, business, agency or vendor
    •Why it’s important to determine who could be planning an attack, their motives, and how they might carry out their goals
    •How to assess your level of preparedness and how to protect yourself if you are not ready for this new era of cyber warfare
  • From unobtrusive advanced malware detection technologies to automated threat response and actionable mobile-friendly dashboard – manage security from any device, any time, ESET will present new solutions for securing your endpoints and new ways to manage them.
  • Organizations are having to cover more ground than ever when it comes to security. Yet businesses often lack the in-house skills and resources, so security leaders are turning to MSSPs to help bear the burden to ensure every area of risk is adequately attended to.

    Join us for an interactive discussion with guest speaker, Forrester Research VP and Principal Analyst, Ed Ferrara, to learn how MSS is changing the conversation for businesses to achieve security goals. Help drive the conversation by submitting a question for Ed in advance so we can tackle your biggest security concerns such as:

    • Overcoming the skills shortage
    • Where to focus the budget – spending trends across industries
    • The value of security – pitching it as an investment not a cost to business leaders
    • Improving business outcomes – leveraging MSSPs as a tactical arm to optimize IT security, efficiency and value
  • A recent analyst study found that 88% of organizations are “doing Project and Portfolio Management (PPM).” This finding could lead many to believe all is well with this critical business process so essential to strategic success. This is hardly the case as studies also show PPM is still generally immature in enterprises today. The lack of maturity is largely due to the fact that most organizations are addressing only a subset of PPM capabilities. So though almost every organization can lay claim to doing PPM, few are actually doing PPM for all its worth. Many of these organizations will continue to miss out on the incredible possibility and promise of this essential business capability until they grasp and appreciate the full scope and potential of PPM.

    One of the greatest barriers to realizing the full potential of PPM is an enterprise-wide awareness of the span of PPM and the likely gap that must be overcome to achieve it. There is a plethora of great PPM insight contained in the numerous books, methodologies, and frameworks available today, but using this volume of information to get everyone on the same page is a daunting challenge. The key is to use a simple approach and model to quickly establish a common understanding of this critical business discipline and to easily foster the conversations and discussions to drive the endeavor to raise PPM proficiency.

    This brief webcast will present a PPM model that is easy to remember, easy to communicate, and proven to quickly illuminate the gap between existing immature PPM processes and the full scope and potential of comprehensive Project and Portfolio Management.
  • Portfolio planning activities have struggled to gain respect in most businesses. Lack of enterprise-wide orchestration arises from a lack of effective involvement and intimate business knowledge – not simply of operations and processes, but of business imperatives, obstacles and desired outcomes. And the information systems aspects continue to be planned in splendid isolation from the business, causing IT people to mistakenly celebrate victory when a new IT system goes live. However a project only really starts when the IT goes live, and so the planning needs to be fully integrated. This can only be accomplished first by building strong relationships with business peers that will result in measurable value creation. The next step is to implement a sophisticated PPM system that can handle the extreme complexity of orchestrating all the business and related technology portfolio of initiatives, capable of optimizing the plans (and the outcomes) as the business environment changes.

    To achieve this, a new PPM model needs to be created to look at portfolio management in a holistic way, enterprise-wide. Planners need a capability that will generate multiple scenarios and real-time decision support. This dimensionality and complexity is well beyond the capacity of the human brain. By implementing such a tool, IT would be positioned as a critical partner with the business – not just in implementing mainstream information systems, but also in helping the business with a much better way to plan and manage all of its key initiatives effectively

    This session focuses on how enterprise leaders and divisional leaders and IT leaders should be working in harmony to orchestrate great business outcomes, rather than looking after their parochial interests.
  • Channel
  • Channel profile
  • Protecting Your Business Against Common Attacks Mar 18 2015 12:00 pm UTC 45 mins
    Learn about some of the most common attacks launched against networks and their resources and how to easily overcome them. Learn how to mitigate the risks that result from vulnerabilities, like Heartbleed and POODLE, and how you can future-proof your environment from exploitation. With the growth of attack outsourcing and hacktivism, look for 2015 to be a year fill with InfoSec headlines.
  • Symantec Monthly Threat Webinar - February update Recorded: Feb 19 2015 34 mins
    Hear the latest on the current website security threats for February 2015 from Symantec.
  • Symantec Monthly Threat Webinar - January update Recorded: Jan 22 2015 27 mins
    Hear the latest on the current website security threats for January 2015 from Symantec.
  • Securing Your Site, Server & Data – The value of Always On SSL Recorded: Jan 21 2015 47 mins
    Craig Spiezle will talk about the foundation of online trust and the benefits of having the entire online user experience protected with a best practice security measure for websites, called Always on SSL. We will also touch on other best practices.
  • Reducing Risk Through Effective Certificate Management Recorded: Jan 20 2015 34 mins
    In this webcast, we will cover some common risks found in an SSL environment, discuss their impact and how to resolve them. We will also present a simple risk management methodology and show how this can be used in conjunction with Symantec’s SSL management tools to effectively manage and reduce SSL risk.
  • Symantec Monthly Threat Webinar - November update Recorded: Nov 27 2014 28 mins
    Hear the latest on the current website security threats for November 2014 from Symantec.
  • Implementing Forward Secrecy Webinar Recorded: Nov 11 2014 32 mins
    Recent new stories have revealed that government agencies may have the ability to decode SSL- encrypted communications. Forward Secrecy is a security feature which can be used to thwart such attacks and is being deployed by several large Internet information providers including Google, Yahoo and Twitter.
    In this webinar, we will discuss:
    • What is Forward Secrecy?
    • Why is it important?
    • How you can implement it today?
  • Symantec Monthly Threat Webinar - October update Recorded: Oct 30 2014 31 mins
    Hear the latest on the current website security threats for October 2014 from Symantec.
  • Symantec Monthly Threat Webinar - September update Recorded: Sep 26 2014 20 mins
    Hear the latest on the current website security threats for September 2014 from Symantec.
  • Symantec Private Certificate Authority Webinar Recorded: Sep 18 2014 24 mins
    Today’s enterprises are challenged to maintain and secure large intranet networks and to keep them compliant with changing regulations. Securing communications within these environments presents any number of security, financial, and personnel concerns. Solutions range from single-domain intranet SSL certificates, Wildcard certificates to Self-Signed Certificate Authorities (CA). Symantec™ Private Certification Authority (CA) provides a hosted private SSL certificate hierarchy and end-entity certificates specifically built to secure your internal communications. Consolidate your public and private SSL certificates onto one management console, Symantec™ Managed PKI (MPKI) for SSL.
  • Symantec Secure App Service Webinar Recorded: Sep 2 2014 34 mins
    Join us to learn about Symantec Secure App Service - a better way to sign code and secure applications.

    Traditional code signing provides a way for software publishers to assure their customers that the apps and files they have downloaded are, indeed, from them and have not been tampered with. Unfortunately, inadequate controls around this process can lead to malware propagation.

    Compromised certificates make news headlines and can lead to poor reputation for your company, and revoking these certificates could result in your distributed applications to suddenly appear as untrusted.

    Symantec Secure App Service is a cloud-based code signing and management solution with a complete range of services to help enterprises control and secure their code signing activities and keys easily. Services include vetting and approval of software publishers, code signing, key protection and revocation, administrative controls, reporting and audit logs.
  • Symantec Monthly Threat Webinar - August update Recorded: Aug 28 2014 22 mins
    Hear the latest on the current website security threats for August 2014 from Symantec.
  • Symantec Monthly Threat Webinar - July update Recorded: Jul 24 2014 24 mins
    Hear the latest on the current website security threats for July 2014
  • Symantec monthly Threats Webinar - June Update Recorded: Jun 26 2014 28 mins
    Listen to the latest updates from Symantec on website security threats for June 2014.
  • Website Security Threats: May Update Recorded: May 29 2014 25 mins
    Join us for this short monthly webinar, in which we will provide you with the latest updates and insights into the constantly evolving online threat landscape. Using information sources such as the Symantec Global Intelligence Network, we will help you understand how you can continue to protect your company and your infrastructure.

    The goal is simple: to make the Internet safer to transact business – for you, your customers and everyone else with whom you interact online.
  • Website Security Threats: Spotlight on the Netherlands Recorded: May 2 2014 27 mins
    The topic of security has grabbed headlines over the last few years and indeed the last few weeks, but most of this attention has focused on a small percentage of large enterprises. However, security is not an issue for them alone, as mid-market companies increasingly deal with the same threats.
    Join Symantec Website Security Solutions to understand how you can take a proactive website security stance.

    During this webinar we will look at the size of Ecommerce market opportunity in the Netherlands, and the threat landscape in general and website security solutions that can help your protect your company.
    We look forward to your participation.
  • The Cybercrime Survival Guide Recorded: Apr 25 2014 6 mins
    Watch the Cybercrime Survival Guide and arm yourself with the knowledge you need to defend against online attack and how to mitigate the risks for your business.

    Covering everything from the dangers of attack and the true cost of infection, to how to defend your organisation and customers, it’s your complete guide to today’s cybercrime threat
  • Website Security Threats: April Update Recorded: Apr 17 2014 29 mins
    Join us for this short monthly webinar, in which we will provide you with the latest updates and insights into the constantly evolving online threat landscape. Using information sources such as the Symantec Global Intelligence Network, we will help you understand how you can continue to protect your company and your infrastructure.

    The goal is simple: to make the Internet safer to transact business – for you, your customers and everyone else with whom you interact online.
  • Website Security Threats: March Update Recorded: Mar 13 2014 30 mins
    Join us for this short monthly webinar, in which we will provide you with the latest updates and insights into the constantly evolving online threat landscape. Using information sources such as the Symantec Global Intelligence Network, we will help you understand how you can continue to protect your company and your infrastructure.

    The goal is simple: to make the Internet safer to transact business – for you, your customers and everyone else with whom you interact online.
  • Is Your Website the Soft Underbelly of Your Organisation? Recorded: Mar 11 2014 44 mins
    Whilst not every organisation may be a target of an APT or targeted attack, it’s important that all companies large or small understand these attacks as a way to help build stronger defences against the constantly changing threat landscape.
    · Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010.
    · In 2012 the number of Web based attacks increased by 1/3 with approximately 247,350 Web-based attacks were blocked each day.
    · 5291 New Vulnerabilities were discovered in 2012
    · Spam accounts for 69% of all email and one in 414 emails are from phishers

    All security and IT professional need to understand the new reality classic textbook protections may well not be enough. Join Symantec Website Security solutions to understand how you can protect your websites from vulnerabilities and malware and how SSL can prevent your company and your customers.
Everything you need to know about website security and online threats
Symantec Website Security Solutions take SSL protection and trust to a whole new level. Secure your website, increase customers' confidence, and reach the full online potential of your business. You can learn about the threat landscape and Symantec product updates by subscribing to this channel.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Website security management & compliance challenges
  • Live at: Jun 14 2012 1:00 pm
  • Presented by: Mike Smart, Senior Manager, Products and Solutions, Symantec
  • From:
Your email has been sent.
or close
You must be logged in to email this