Security Metrics That Matter: Improving Visibility and Effectiveness

Dr. Mike Lloyd, CTO, RedSeal Networks
Security metrics for improving management have long been an issue of discussion and debate across the industry. Some experts and practitioners contend that we need these key indicators if we’re ever going to drive down real-world risk, while others think that the concept can’t be applied practically. Some experts feel that we just haven’t found the right numbers to measure security effectiveness yet.

Count RedSeal Networks among the final group… although we think that we’ve made some important headway in helping organizations unearth those figures that will actually allow them to better trend and improve their rates of success.

Expanding on his sold-out keynote at Security BSidesSD, join RedSeal CTO Dr. Mike Lloyd for a webcast: Security Metrics that Matter
As part of his presentation Dr. Mike will outline:

•Why previous metrics efforts have under-delivered
•The need to tie measurement to underlying business value
•How you can build metrics that truly measure effectiveness

As an added bonus, we’ll also release the results of our in-booth RSA survey: “Panning for Gold in the Avalanche: Security Pros Still Searching for Metrics”

Don’t miss this chance to hear this compelling new research that surfaces the opinions that you and your colleagues at RSA shared with us.

Hear about your peers’ current level of visibility into network access and risk exposure, the desire for new security metrics, and how RedSeal can help.
Apr 26 2012
56 mins
Security Metrics That Matter: Improving Visibility and Effectiveness
Join us for this summit:
More from this community:

IT Governance, Risk and Compliance

Webinars and videos

  • Live and recorded (2855)
  • Upcoming (88)
  • Date
  • Rating
  • Views
  • You are invited to register for our upcoming COSO webinar, COSO 2013: Mapping Controls to Principles. Transitioning to the New COSO Framework is top of mind for many organizations. How do you get started? How do you map controls to principles or vice versa? What are some of the preliminary findings organizations are seeing as they head down the path to implement the framework?

    Please submit top-of-mind questions during the webinar registration process.

    CPE credits will be provided to qualifying attendees.
  • *On this webcast we're giving away a pass to our partner event: the Chicago Cyber Incident Response Summit, between June 21-23, 2014*

    Let’s face it, there’s unrelenting pressure on IT to enable competitive advantage through new technology and use of data assets‒-but the business is driving initiatives that can push sensitive production data into more and more exposed areas. The key question is ‘How can you enable the business to be agile AND take a more proactive, programmatic approach to security at the same time?’ With the advanced threats that are pervasive today, it’s becoming increasingly dangerous for organizations to deploy new technologies and processes, and then reactively address the implications for data security in the ecosystem. You need a blueprint to reverse this trend in your organization.

    In this webinar, William Stewart, Senior Vice President of Booz Allen Hamilton and Jeff Lunglhofer, Principal of Booz Allen Hamilton–a leading management technology and consulting firm driving strategic innovation for clients–will discuss the top trends in cyber threat mitigation, data privacy, data governance, and data security, with Mark Bower, VP Product Management and Solutions Architecture at Voltage Security.

    Attend this webinar to learn more about how to:
    •Increase responsiveness and security in your IT environment and architecture
    •Fight pervasive threats from inside and outside attack with data-centric technologies
    •Raise your organization’s overall data privacy, compliance, and security profile
    •Implement a new data de-identification framework across production, test & dev, and analytics use cases
    •Proactively enable critical business initiatives
    --Can't attend live? Register below to receive a link to the recorded webcast.
  • This webinar is presented by McAfee and Intel to help customers understand their Data Protection solution from McAfee and to get the most business value out of their Intel based endpoints. Products that apply to this webcast include McAfee Complete Data Protection Suites, featuring Endpoint Encryption, and EPO Deep Command to extend the reach of your IT department to lower your total cost of ownership. The webinar will include a special highlight on Intel® Core™ vPro™ Processors and associated technologies that increase productivity and hardware-assisted security in the enterprise. This webcast is provided as a 35-40 minute overview and includes 5-10 minutes of Q & A.

    Join this webinar on Data Protection and learn about:
    • The key features of Data Protection and how it can provide you with the security you need
    • Use cases on utilizing the synergy between Intel® vPro™ and McAfee Data Protection technologies to reduce your overall TCO
    • How you can extend the reach of your IT team with the ability to remotely wake up or even power on PC’s, remediate “disabled” endpoints and remotely reset pre-boot passwords
    • How to securely manage your endpoints from a single console while simultaneously providing self-service features for your end-users
  • Modulo Director of Technical Services John Ambra walks Risk Manager users through the latest version 8.4, and answers user questions at the end.
  • Mobile workers are increasingly demanding access to mission-critical data and apps from personal smart phones, tablets and laptops. However, co-mingling of personal and business data and apps on mobile devices creates risk of business data loss and introduction of malware. What are the risks and what technologies can businesses deploy to enable productivity while protecting from these threats ?

    •Learn about the risks introduced when personal and business data and apps co-mingle on mobile devices
    •Learn about available technologies and technology trends to address these risks.

    Join Dell to understand the risks introduced when personal and business data co-mingle on mobile devices and technologies to consider to protect corporate data.
  • Forty-four states, DC and four territories have adopted the Common Core State Standards (CCSS). This means that school districts across the country are planning for 100% online assessments during the 2014-2015 school year. One of the most important conditions needed for being able to administer online assessments is network infrastructure readiness.
    Attend this 30-minute webinar and join Gavin Lee, Senior K-12 Business Development Manager at Juniper Networks, to discuss the critical network must-haves that all school districts should consider when looking to deploy a robust and supportable network. You will also receive practical guidance on how to get the most out of your network infrastructure and how to best prepare for the CCCSS assessments:
    • Consortia network infrastructure
    • Wired and wireless network capabilities
    • Robust network security
    • Network support readiness
    • Juniper Networks network infrastructure readiness resources
  • Jack Madden converses with James Rendell to get the CA perspective on Enterprise Mobility Management’s (EMM) future potential. EMM must not for get BYOD but also go beyond it into Mobile App Management (MAM) and find ways to keep users personal information and employers information separated and find a way to embrace the Internet of Things.
  • Jack Madden discusses Enterprise Mobility with Arun Bhattacharya to get the CA perspective on the way it should be. This means going beyond BYOD and MDM, and embracing MAM, MEM, MCM, and IoT. For many companies, finding the balance between employers and users privacy and security has been a problematic issues.
  • Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and requires not only that you patch OpenSSL for each of the services using the OpenSSL library, but also that you replace the private keys and certificates so that attackers won’t be able to use any of the data compromised by the vulnerability. The simplicity of the exploit makes it powerful. It appears that over a half million websites are vulnerable.
    In this session we'll cover:
    What you need to know about the Heartbleed vulvnerability
    How to detect it using AlienVault USM
    How to investigate successful Heartbleed exploits
  • In this webcast we will show:
    1. The Heartbleed vulnerability in detail, how it occurred with examples of how it can be used against your organization
    2. How you can identify your business exposure and what systems are vulnerable
    3. How Tripwire’s solutions work together to help you close the detection, remediation and prevention gaps around Heartbleed
  • Channel
  • Channel profile
Up Down
  • Manage Network Complexity and Control Access Risk Recorded: Mar 11 2013 63 mins
    Financial institutions spend billions of dollars on firewalls, proxies, routers and other devices to prevent unauthorized access to their network, but security breaches continue to plague the industry.

    While faced with a barrage of attacks, CISOs are dealing with increasingly complex networks due to the cumulative demands of users as well as connectivity requirements, business operations and regulatory compliance mandates. As a result of this increased complexity, financial organizations' IT resources are struggling to meet today's required security standards.

    Join Wall Street & Technology senior editor Melanie Rodier and RedSeal Networks for this webcast, and learn how to:

    - Effectively pinpoint weaknesses and risk through complete end to end network visibility.
    - Proactively protect your network against security breaches and prioritize vulnerabilities for more effective remediation.
    - Gain the ability to comply with internal and external compliance requirements while cutting compliance costs.
  • Complete Vulnerability Management from McAfee and RedSeal Recorded: Nov 6 2012 45 mins
    Most large enterprises identify thousands of vulnerabilities every time they conduct a vulnerability assessment. But scanning for vulnerabilities is only the first step—figuring out which vulnerabilities truly matter is the subsequent challenge.

    • Is critical financial information at risk because a vulnerability is exposed to the Internet or extranet?
    • Has a vulnerability already been effectively mitigated with network-level controls?
    • Do vulnerabilities in minor systems allow a hacker to leapfrog to more critical systems?

    Join McAfee and RedSeal for an informative webcast to learn why prioritizing remediation efforts according to risk is essential to effective vulnerability management and how the RedSeal Vulnerability Advisor software integrates and analyzes the vulnerability information collected by McAfee’s Vulnerability Manager to give organizations true insight into their vulnerability risk.
  • Jumpstart to RedSeal Demo - LIVE Recorded: Aug 21 2012 30 mins
    The “Jumpstart to RedSeal” demo provides you with a 20 minute overview of the company, what the product does, customer challenges, and how the RedSeal 5 Platform can address them. The highlight - a 15 minute demonstration of the RedSeal UI and reporting features - details how networks can improve their attack defenses, prioritize vulnerabilities based on exposure, evaluate for compliance, and enhance firewall change management processes.
  • How To Use Predictive Network Threat Modeling To Eliminate Internal and External Recorded: Aug 13 2012 49 mins
    A Wall Street & Technology Webcast: With cyber espionage currently responsible for $13 billion in losses to the U.S. economy, according to the FBI, finding ways to predict and prevent future cyber attacks is vital for businesses. On Wall Street, as the number of devices on enterprise networks continues to grow, cyber espionage perpetrators are capitalizing on the increased complexity of network access to compromise critical data assets. A proactive approach that includes predictive security using visualized network modeling can help you identify access pathways and the associated vulnerabilities and quickly pinpoint the specific systems and devices most susceptible to attack.
  • Jumpstart to RedSeal Demo - LIVE Recorded: Aug 9 2012 33 mins
    The “Jumpstart to RedSeal” demo provides you with a 20 minute overview of the company, what the product does, customer challenges, and how the RedSeal 5 Platform can address them. The highlight - a 15 minute demonstration of the RedSeal UI and reporting features - details how networks can improve their attack defenses, prioritize vulnerabilities based on exposure, evaluate for compliance, and enhance firewall change management processes.
  • Jumpstart to RedSeal Demo Recorded: Jun 7 2012 33 mins
    The “Jumpstart to RedSeal” demo provides you with a 20 minute overview of the company, what the product does, customer challenges, and how the RedSeal 5 Platform can address them. The highlight - a 15 minute demonstration of the RedSeal UI and reporting features - details how networks can improve their attack defenses, prioritize vulnerabilities based on exposure, evaluate for compliance, and enhance firewall change management.
  • Tips to Avoid the Mortal Sins That Undermine Network Security Recorded: May 30 2012 63 mins
    Prevent the hellish mistakes that undermine security effectiveness.

    Join network security experts Eric Hanselman, Research Director at 451 Research, and Dr. Mike Lloyd, CTO at RedSeal, for this fact-filled webcast where they’ll share their list of the most egregious errors found in network security management, based on hands-on analysis and observation of some of the most complex network environments in the world.

    This session will include details on how and why these painful mistakes manifest themselves, and tips on what you can do to prevent them, followed by open Q&A.

    Don’t miss this unique learning opportunity!

    Register now.
  • Security Metrics That Matter: Improving Visibility and Effectiveness Recorded: Apr 26 2012 56 mins
    Security metrics for improving management have long been an issue of discussion and debate across the industry. Some experts and practitioners contend that we need these key indicators if we’re ever going to drive down real-world risk, while others think that the concept can’t be applied practically. Some experts feel that we just haven’t found the right numbers to measure security effectiveness yet.

    Count RedSeal Networks among the final group… although we think that we’ve made some important headway in helping organizations unearth those figures that will actually allow them to better trend and improve their rates of success.

    Expanding on his sold-out keynote at Security BSidesSD, join RedSeal CTO Dr. Mike Lloyd for a webcast: Security Metrics that Matter
    As part of his presentation Dr. Mike will outline:

    •Why previous metrics efforts have under-delivered
    •The need to tie measurement to underlying business value
    •How you can build metrics that truly measure effectiveness

    As an added bonus, we’ll also release the results of our in-booth RSA survey: “Panning for Gold in the Avalanche: Security Pros Still Searching for Metrics”

    Don’t miss this chance to hear this compelling new research that surfaces the opinions that you and your colleagues at RSA shared with us.

    Hear about your peers’ current level of visibility into network access and risk exposure, the desire for new security metrics, and how RedSeal can help.
  • What's the ROI on RedSeal? Applying the IANS "Return on Security" Model Recorded: Feb 7 2012 60 mins
    Every organization wants to know the answer but few have even attempted to quantify it: What's my ROI, or return, on IT security?

    Until now.

    Using its proprietary (yet public) methodology, research and best practices specialists IANS has begun helping CSOs and other security officials deduce and measure precisely what they're getting in exchange for all the money they spend. In late 2011, IANS conducted such a study on automotive market experts Polk, specifically related to the company's use of RedSeal solutions.

    Please join us for this highly informative webcast during which IANS Faculty Member and industry analyst Diana Kelley outlines the ROS process and guidelines, and then hosts a discussion with Ethan Steiger, Chief Security Officer, Polk about his experiences and milestones using RedSeal. Joining the call will be RedSeal CTO Dr. Mike Lloyd, to provide color commentary and yes, that cool, smart-sounding foreign accent.

    In addition to a general overview of the Polk use case, hear more about how the company leveraged RedSeal's proactive security intelligence solution to save time and money, lower real-world risk, automate and simplify regulatory compliance, and garner an ROI figure of¦ yes, $30 million!

    How did IANS arrive at such a massive number? Let's face it, you can spend a lot of money responding to a breach. Though, while that's true, it's truly just a small piece of the larger story.
  • Network Security – Measuring the Immeasurable Recorded: Dec 15 2011 64 mins
    Security is inherently intangible, so answering questions such as "Is my network secure?” are considerably complex. The ultimate goal is the absence of a breach – how do you measure and show improvement to your internal and external audience?

    The traditional approach has been to measure activity – all of the processes that can be recorded: How many times did you change the firewall? How many patches did you deploy? How many times did you update your antivirus signatures? While collecting this data may pacify the auditors, the problem is that you’re measuring busyness, not your business.

    In this webinar featuring Securosis analyst and president Mike Rothman, we will explore:
    •Today’s security metrics – what most organizations are collecting today vs actionable and useable metrics for decision support
    •What and how to communicate network security metrics – internal vs external audiences
    •Practical measurement of risk – technology to assess how well your work is preventing problems
Monitor network security effectiveness and prioritize risk, today.
Enterprise organizations and government agencies have spent countless years and millions of dollars attempting to segment infrastructure and protect critical assets, but most have no idea how well layered defenses actually work.

Security, networking and audit staff have no centralized means of visualizing the state of protection or current attack surface, end-to-end, or communicating that intelligence.

Management cannot determine the ROI of security spend; risk is prioritized using static ranking; circumvention of simple controls still enables most breaches.

Enter RedSeal Networks, the only provider of proactive security management solutions that offer a continuous method of assessing IT protection and risk exposure. Pinpoint the precise level of access permitted across security infrastructure, informed by the business value of underlying host assets and data. Prioritize risk, validate compliance and manage security using quantitative analysis.

Try RedSeal solutions today.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Security Metrics That Matter: Improving Visibility and Effectiveness
  • Live at: Apr 26 2012 10:00 pm
  • Presented by: Dr. Mike Lloyd, CTO, RedSeal Networks
  • From:
Your email has been sent.
or close
You must be logged in to email this