This presentation looks at the issues faced by organizations in their management of information security risk. It considers how risk can be better managed by bringing together key stakeholders in a proactive and integrated approach; and it shows how HP can help with our end-to-end services.
RecordedAug 17 201247 mins
Your place is confirmed, we'll send you email reminders
David Harper, Fortify on Demand Practice Principal, EMEA
Static analysis vs. Binary analysis, binary vs. bytecode, debug vs. obfuscation… Confused about Static Application Security Testing? In this webinar, David Harper, Fortify on Demand Practice Principal will explain all these terms, dispel some of the rumors and clear up any confusion. Afterwards, you will be able to authoritatively select the best approach for your Static Application Security Testing needs that will address your requirements for both comprehensive vulnerability detection and actionable remediation advice.
David Anumudu, Software Security Solution Architect, HP Enterprise Security
While users are more mobile than ever, that flexibility has also come with increased risk. As business managers push for more mobile apps, faster development, newer features and broader distribution of these apps, the businesses’ risk exposure grows exponentially. Organizations are at risk of exposing their corporate data, losing brand equity, and ultimately suffering financial loss through breaches of their mobile applications. IT must ensure these apps are secure, even if they are developed by a third party, so understanding the mobile vulnerability landscape is critical and its tough to keep this expertise in-house.
HP Security Research leveraged HP Fortify on Demand (FoD) Mobile to scan more than 2,000 mobile applications from more than 600 companies, revealing alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
The presentation will discuss both the promises and challenges presented by big data analytics to information security. To help take advantage of the former without the penalty of the latter, we will learn about the building blocks of a big data security solution and explore the most cost-effective uses of big data analytics to enhance security.
While threat intelligence promises to help with the effective detection of advanced threats, it usually achieves the opposite: detecting the most predictable attackers. To be included as part of a vendor provided threat intelligence feed, an attacker must have tried attacking several potential victims before, and must have used the exact same method to be captured in the threat intelligence feed.
In this presentation we will see how to make threat intelligence valuable for detecting advanced targeted threats directly aimed at your organization. We will see how to create a threat intelligence feed close to the target, as a shared effort between departments, subsidiaries or organizations working closely together to ensure identification of targeted threats. In addition we will see how to extend the term intelligence into additional detection mechanisms such as behavioral patterns.
Web applications continue to represent a major source of risk to organizations. Not only is the number of web application growing but the associated risk is increasing as they are evolving from informational web-sites to interactive sites that capture customer data. The IT security teams are aware of the problem but all too often do not have then bandwidth to effectively assess these application or the budget to engage expensive penetration testers to do the work on their behalf. The problem is compounded as now it’s not only web-sites that need to be secured but Facebook and mobile applications too.
In this webinar, you will learn how Fortify on Demand, HP’s cloud based application security testing service, can provide a cost effective solution to all your application security testing requirements. With Fortify on Demand you can start testing within a day, scale rapidly to test all your applications, whether they are developed in-house or produced by third-parties, and importantly support the developers to fix any vulnerabilities that we find.
In today’s ever evolving threat landscape and with the increasing requirements by the business users for access to business information from various locations and from a multitude devices, the Information Security Professional is required to understand the threats and the mitigation techniques available to them. During this presentation we will explore the attackers motivation and understand their eco-system and then we will look at how users are being leveraged to gain access to our business information. Lastly we will look at ways we can mitigate the kill chain at various stages and provide better reporting to the business stake holders.
Rick Dunnam, Principal Consultant, HP Fortify EMEA
The rapid adoption of mobile devices has created significant security risks and challenges for IT organizations. In a recent study by HP of 120 mobile applications for a single enterprise customer found that 66% of applications contained vulnerabilities that could have led to the disclosure of personal data or the compromise of a back-end system.
In this webinar you will learn more about these vulnerabilities and how you can identify and remediate these risks.
Philippe Jouvellier - HP Enterprise Security Products
Depuis de nombreuses années déjà, le système d’information est devenu un support indispensable à la stratégie et aux activités des Entreprises et des Organisations. L’essor du Big Data confirme l’évolution du SI avec l’accès à des données hétérogènes et en grand nombre. Malheureusement, l’apparition de nouvelles menaces, ainsi que la pression règlementaire démontrent le caractère indispensable de la gouvernance du SI et de la gestion opérationnelle de la sécurité et impliquent l’adoption d’une posture de sécurité dynamique.
Face à ces enjeux,les entreprises doivent non seulement trouver les meilleurs experts et savoir les garder, mais elles doivent aussi s’organiser avec des équipes et des processus adaptés à leurs exigences et enfin, elles doivent s’appuyer sur technologies éprouvées qui leur permettent d’anticiper et de détecter les menaces.
Dans ce contexte d’enjeux toujours plus important, les technologies de SIEM sont devenues essentielles. La technologie HP ArcSight, solution leader dans le marché du SIEM, a contribué à améliorer de manière significative la posture de sécurité de milliers de clients à travers le monde. Ces clients sont des acteurs de secteurs industriels de l’aéronautique et de la défense, l’énergie, les services, la finance, la santé, les hautes technologies, l’assurance, la distribution et les technologies de communications.
Paul Brettle, Manager, HP ArcSight Specialist Team EMEA
With the modern and emerging threat landscape, it is clear that adding more and more layers isn’t going to provide the answers that it once did. Using a joined-up approach, it is possible to start to build a true solution that helps manage the risks and threats, and to provide visibility that wasn’t previously possible. Addressing security at the network and application layers and proving a real-time view of the risks and threats as they happen, it’s now possible to start to address these new emerging threats.
Importantly though, by using this approach, it is possible to be prepared today and tomorrow to provide pro-active identification and resolution to the threats.
David Anumudu, Solution Architect, HP Fortify EMEA
The business is demanding more apps and more channels for customer engagement. In turn you know this means more risk. The app development team is swamped just trying to keep up, and your security team is stuck in the middle, trying to secure what you already have - let alone all this new stuff. Sound familiar?
Join us for 45 minutes where you will learn:
- Why the developers are struggling to deliver secure applications
- Why the business doesn't seem to 'get' application security
- How you can start managing your application risk, today, for free
Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
2013 Cost of Cyber Crime Study: UK, Germany & France
Join us for the 2013 results presentation of the second annual Cost of Cyber Crime study for the United Kingdom and Germany. For the first time, the research was conducted in France. Conducted by Ponemon Institute and sponsored by HP Enterprise Security, a total of 110 UK, German and French organizations participated. According to the findings, cyber attacks increased 16 percent in the UK and 21 percent in Germany. The costs associated with this increase in the UK and Germany were £904,886 and €830,169, respectively. For the first time, it was determined that the average cost of a cyber attack in France was €3.89 million. Findings from the report also show that each week UK and German organizations experienced on average 1.3 successful attacks per company. French organizations experienced an average of 1 cyber attack per company.
Dr. Jeremy Ward, HP Enterprise Security Consulting Services
Evidence is mounting that current IT security models are simply no longer sufficient to support the hybrid enterprise. The extensive flow of enterprise information, well beyond the traditional purview of IT, necessitates an expansion of security scope to identify and control vulnerabilities. Lack of focus can be putting your information at risk.
This session reviews findings from the HP Enterprise Security Services Security Assessment Report. The report utilizes data and survey responses on customer security maturity assessments.
While organizations continue to battle cyber criminals, it seems that security professions are always fighting a losing war. However, a new weapon has been building up within the domain of most organizations, one that can help tip the balance in favor of the good guys. Find out how we can take the massive amounts of information we are generating and turn it to help bring valuable intelligence that can stop cyber-attacks from compromising your enterprise
Rich Agar CISSP MSc, Senior Solutions Architect, HP Enterprise Security
The Enterprise Security Kill Chain concept describes the five steps of a security breach. This session will describe the steps that attackers use and suggestions that organisation can use to identify and mitigate these attempts and reduce risk.
About your speaker:
Rich Agar CISSP has been working in the IT industry since the late 1990’s. He has worked as a freelance consultant, at systems integrators and vendors with various customers across the UK and Europe. Rich holds a Master’s degree in Information Security from Royal Holloway, University of London, and is currently working as a Solutions Architect for Enterprise Security at Hewlett Packard.
Enterprises today have become highly extended environments with multiple users inside the network at any given time. That extended enterprise also includes multiple vendors and suppliers, but nearly half of reported breach incidents are the result of a mistake by a trusted supplier. Protecting the enterprise from both inadvertent and malicious errors requires extension of enterprise compliance requirements across the supply chain.
In this webinar, we will cover security compliance services that enhance budgeting and spending effectiveness, expand visibility, reduce complexity, and improve compliance reporting; resulting in better cost control, faster incident reaction, reduced risk exposure, and better audit response.
Distributed denial-of-service (DDoS) and web application attacks can be critical threats to your enterprise. Defending against them takes a comprehensive cloud-based managed service coupled with on-premise DDoS appliance solutions. Learn how to effectively maintain availability and defend your enterprise from denial-of-service attacks using HP’s new Distributed Denial of Service Protection Services.
Michi Kossowsky, Director of Product Management, HP Enterprise Security EMEA
In this webinar, Michi will discuss how an organization can take the requirements of their infrastructure around operational controls, compliance and security to extend and expand them into a Security Intelligence solution.
Using a use case approach, organizations can look to extend and build upon their existing systems and controls to provide real-time warnings and feedback that allows them to make informed decisions focused around their business needs. Rather than just having a "top 10 attacker" reports and dashboards, how about a system that focuses around application lines and how this impacts business is more useful.
Paul Brettle, EMEA HP Security Specialist Manager, HP Enterprise Security
Cybercriminals are increasingly banding together, organizing more sophisticated attacks that are more predatory in nature. Cybercrooks’ rapid adoption of new technologies and efficacy in information sharing has trumped traditional static enterprise defenses. In order for organizations to stay protected, they must learn from their adversaries.
What lessons can we learn from cybercriminals that can be applied to boost an organization’s overall security strategy?
Paul Brettle, HP’s EMEA Security Specialist Manager, will examine the means and motivations driving cybercriminal behavior and how improvements such as benchmarking can persuade criminals to look elsewhere for targets while helping security professionals develop stronger defenses.
Ofer Shezaf - HP Enterprise Security & Andreas Mertz, Founder & Managing Director of iT-CUBE SYSTEMS
“The new information security frontier is applications, and for many this means SAP, which is the backbone of IT in many organizations but is little understood by most. While the number of security notes and patches for SAP increases exponentially, solutions still focus on authorization and entitlement management, leaving a security gap in areas such as misconfiguration, patch management and application security and abuse of trust.
In the Webinar we will discuss AgileSI, an innovative solution which utilizes an approved SAP add-on and HP ArcSight to help protect your SAP systems.
iT-CUBE SYSTEMS is a privately held company headquartered at Munich, Germany. The company was awarded in December 2012 with the Deloitte Technology Fast 50 Award Germany.
Dr. Jeremy Ward, Security Consulting Offering Manager, HP
Enterprise is adapting to embrace new technologies and capture new opportunities. Cloud capabilities are attractive, but concerns for information security remain. In this webinar, Dr. Jeremy Ward will discuss how you can adapt and embrace change, while maintaining the security of your infrastructure and information. The key points discussed will include choosing a security service that helps you form better cloud security strategies that manage data risk, reduce complexity, identify vulnerabilities, and ease user access; resulting in improved security governance, enhanced visibility, increased cost control, and reduced risk exposure.
The days of locked down security are over. Today’s enterprise must be as fluid as the clients they serve, sharing information whenever, wherever and on whichever device they choose. This new fluidity requires a comprehensive approach to security to enable interaction while driving operational effectiveness and reducing business risk.
Getting to your secure enterprise is a journey and we have designed capabilities to help you get there.
Are you ready to begin the journey to your secure enterprise?
Avec le degré de maturité et le niveau de menace atteint par les ransomwares au cours de l’an dernier, comment pouvez-vous être sûrs que votre infrastructure IT est réellement protégée et que vous êtes prêt à parer à une attaque ?
Aujourd’hui, les responsables sécurité sont confrontés à :
•un manque de renseignements exploitables sur les menaces, qui leur permettraient de mieux cerner les acteurs et les campagnes susceptibles de viser leurs entreprises
•une carence en analystes de sécurité qualifiés, capables d’identifier le nombre croissant de menaces pénétrant leurs organisations. Par exemple, les cryptoransomwares sont en augmentation constante (+35 % en 2015 ) et il faut encore en moyenne plus de 200 jours à une entreprise pour découvrir qu’elle victime d’une attaque.
•peu d’expertise spécialisée dans les techniques requises pour réagir à des menaces et les neutraliser une fois que celles-ci ont pénétré leur environnement IT
Les gangs de rançonneurs ne cessant d’affiner leurs tactiques, les entreprises ont besoin d’être parfaitement au courant des menaces et des risques qu’elles encourent. Symantec vous donne rendez-vous pour un webcast consacré aux attaques par ransomware. Vous y découvrirez ce qui est arrivé à une société et les mesures qu’elle a prises pour remédier à la menace.
The cyber threat landscape has never been more dynamic, than what we are seeing today. With an expanding surface area for attacks and a cybercriminal ecosystem worth billion of dollars on a global scale, cybercriminals are constantly pursuing new methods to obtain financial funds.
It is no different in the Nordics – a region that is well known for its natural resources, innovations in renewable energy and healthcare, proximity to the Arctic, and emphasis on transparency in government is also a prime target for cybercriminals. These unique attributes make the region a prime target for cyber threat groups looking to capitalize on Nordic countries’ robust economies and distinct geopolitical concerns.
Join Jens Monrad, Senior Intelligence Account Analyst at FireEye, who will discuss:
* The Threat Landscape in the Nordics
* Trends and Insights in Malware detections across the Nordics
* Geopolitical situations which can influence the threat landscape in the Nordics
* How having accurate and enriched threat intelligence can enable organisations to make tactical, operation and strategic decisions.
Register today and learn what tools, processes and information organisations need in order to allow them to fully reconstruct the attack scenario and help make the right decisions based on the attack, as well as prepare for the next one.
El año pasado, el ransomware alcanzó un nivel de peligrosidad y profesionalidad nunca visto hasta ahora: ¿cómo puede estar seguro de que su infraestructura informática está protegida y de que está preparado para gestionar un ataque?
En la actualidad, los líderes de los equipos de seguridad se enfrentan a los siguientes desafíos:
•Una falta de inteligencia procesable sobre amenazas para mejorar su comprensión sobre los ciberdelincuentes y campañas que podrían tener como objetivo a su empresa.
•Muy pocos analistas de seguridad cualificados que puedan identificar el creciente número de amenazas que se infiltran en su organización. Por ejemplo, el uso del ransomware de cifrado como herramienta de ataque por parte de los ciberdelincuentes continuó aumentando en 2015, con un crecimiento del 35 %. Sin embargo, las empresas que sufren un ataque siguen tardando más de 200 días en conocerlo.
•Pocos conocimientos especializados en las técnicas necesarias para responder a las amenazas y repararlas una vez han invadido su entorno informático.
Los grupos de cibercriminales especializados en ransomware continúan evolucionando sus tácticas, por lo que las organizaciones deben ser plenamente conscientes de las amenazas que estos representan. Únase a Symantec en un webinar que se centrará en un ataque de ransomware para conocer más detalles sobre el incidente y sobre las medidas que tomó la empresa para reparar la amenaza.
Lo scorso anno il ransomware ha raggiunto un nuovo livello di evoluzione e pericolosità: come essere certi che l'infrastruttura IT sia protetta e in grado di affrontare un attacco?
Oggi i leader della sicurezza hanno importanti sfide da risolvere:
•Un’intelligence sulle minacce insufficiente a individuare gli aggressori e le campagne che potrebbero attaccare la loro azienda.
•La penuria di analisti di sicurezza competenti in grado di identificare il numero crescente di minacce che penetrano all’interno delle aziende. Nel 2015, ad esempio, l’uso del crypto-ransomware come strumento di aggressione è aumentato del 35%, ma le aziende aggredite impiegano ancora più di 200 giorni per accorgersi del problema.
•Scarsa conoscenza specializzata delle tecniche di incident response e remediation per gli ambienti IT colpiti.
Gli autori dei ransomware continuano ad affinare le proprie tattiche, e le aziende devono imparare a conoscere bene le nuove minacce. Partecipa al webinar Symantec che descrive un attacco di ransomware, le sue conseguenze e la strategia di remediation adottata dall’azienda colpita.
Next Generation Firewalls are Next Generation Firewalls…or maybe NOT.
In the light of new advanced attacks and the demands to lower security infrastructure costs, just how can one get the most out of the Next Generation Firewall (NGFW) solutions? Are all NGFW solutions the same?
What criteria should one consider for a NGFW solution that is best for your distributed enterprise environment? Join Forcepoint™’s Michael Ferguson and find out key value points when selecting a network security solution catered to your environment:
• Latest trends in NGFW
• Addressing total cost of ownership
• Security effectiveness in increasingly complex threat landscape
• Challenges in policy management
Also, find out why Forcepoint Stonesoft NGFW has won NSS Labs' coveted highest rating of “Recommended” for the 4th year in a row. Learn how it can provide the scalability, protection and visibility needed to effectively manage your distributed networks. Plus, rapidly and easily deploy, monitor and manage thousands of firewalls from a single pane of glass.
Learn how all employees can work and collaborate securely! The new world of work demands that people collaborate faster and more seamlessly than ever before.
Your employees have access to cloud-based apps, personal devices, and pervasive internet connectivity. All these things are great for getting work done, but your company is still held to high standards around security, and auditing, and you can't afford to make a wrong move.
Join this webcast to explore some common security scenarios such as:
•How do you provide access when you can't always control the endpoint?
•How do you know where all your company's files are right now?
•If you terminate an employee, how would you know what files they had in their possession.?
•Could you wipe a terminated employee's corporate data while leaving their personal content alone?
This webcast is part of our Digital security in the modern world webcast series. Sign up for this session, or the entire series today!
Is your BI platform enterprise-ready? Give your IT team a supercharge!
IT oversees, facilitates, and orchestrates all BI solutions to make sure they integrate with existing systems and maximize resources. When you choose a comprehensive, enterprise-ready BI platform, IT is empowered to leverage data more effectively for your business.
Join this webcast to learn how, with the right BI solution, IT can:
•Control and monitor access to data and assets
•Help ensure security and compliance
•Partner with the business to help drive strategic projects
This webcast is part of our Building a Data Culture Leveraging Power BI webcast series. Sign up for this session, or the entire series today!
Join us as we discuss how Trend Micro and VMware have partnered to deliver an optimized hybrid cloud security solution architected for VMware virtualized data centers, virtual desktops, and multi-cloud deployments that include AWS and Microsoft Azure.
In this webinar you will learn how to….
-Optimize data center resources with virtualization-aware security
-Deliver automated security across environments
-Manage and deploy security efficiently
-Achieve cost effective compliance
l est temps de protéger vos utilisateurs contre les menaces qui contournent facilement les antivirus.
Assistez à notre webinar en direct sur la sécurité des terminaux
•Les coûts cachés d'un antivirus classique pour votre entreprise
•Comment déterminer la véritable valeur d'une solution de sécurité des terminaux
•Les cinq fonctions indispensables à la protection de vos utilisateurs, systèmes et terminaux
•Comment Traps v3.4 prévient les failles de sécurité dans votre entreprise sans antivirus classique
Many companies experimenting with agile development methods in their engineering and IT groups are having only mixed success.
Unless you’re implementing agile both upstream (through your portfolio) and downstream (through testing and operations,) you’re not harnessing agile’s full power through Digital Transformation. Being faster to market doesn’t help your bottom line if you deliver the wrong things, and failing to get the right things into production fast means you’re leaving money on the table.
Join this web seminar to gain insight into the benefits of a digital transformation. You’ll discover a strategic, collaborative approach to channel the power of agile and deliver more value to your customers.