Leveraging Security Intelligence to Win the Information Security Arms Race

John Kindervag, Sr. Security Analyst, Forrester Consulting and Dan Holden, Director HP DVLabs
In today's security environment, threats can evolve more quickly than the ability to protect against them creating a security gap for most organizations. In this webcast, Forrester Analyst John Kindervag and HP DVLabs Director Dan Holden will discuss the importance of leveraging security research and threat intelligence to help close this gap. Through ongoing relationships with dedicated security and vulnerability research organizations, security professionals can gain proactive intelligence into potential future threats and how to better protect critical networks, applications and information against them.
Mar 28 2012
53 mins
Leveraging Security Intelligence to Win the Information Security Arms Race
Join us for this summit:
More from this community:

IT Governance, Risk and Compliance

Webinars and videos

  • Live 1 and recorded (2837)
  • Upcoming (87)
  • Date
  • Rating
  • Views
  • Now that NIST has published Version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity, the long awaited CSF, what are the implications for companies? How can the CSF help your business improve its defenses? Cameron camp investigates.
  • Are attacks on your network and users still occurring, despite continuing efforts to stay on top of security? What impact would malware have on your business if it was able to gain internal access and steal sensitive information?

    Without solutions that can disrupt the chain of events that occur during an advanced attack, many businesses are still being infiltrated and losing data every day. This webinar will cover the best practices in disrupting attacks with content security solutions - connected to optimize protection.
    Join this webinar as:
    •You will learn the tactics used by attackers today to infiltrate businesses
    •You will hear about the leading technologies available to disrupt advanced attacks
    •You will walk away with the knowledge to assess your own environment, and optimize your security
    Businesses today face more advanced attacks than we’ve ever seen in the past – and defending against them takes a connected approach which can disrupt the multiple points of infiltration and exfiltration used in the process of a breach. With most attacks seen in the wild using phishing emails to reach their target, a web link or malicious file to deliver a payload, and an outbound stream of communication to exfiltrate data – implementing a Secure Email Gateway, Secure Web Gateway, and Data Loss Prevention technology together will provide a barrier difficult for even the most advanced attacks to overcome.

    Don’t miss this webinar if you have a stake in the security of your most valuable information, or are directly responsible for the implementation of security solutions to protect it. Register now for this 30 minute webinar.
  • As most IT Pros are aware, as of April 8th, 2014, Microsoft will stop releasing security patches for Windows XP. Unfortunately, most folks will not be able to migrate all Windows XP machines by that deadline. How will you limit the security risks posed by these now vulnerable assets? Join us for this webinar outlining practical strategies to help you cover your assets.
    In this session we'll cover:
    The primary attack vectors you need to consider
    Immediate actions you can take to limit the exposure of your XP assets
    Warning signs to watch out for that could signal an attack
    How to closely monitor your vulnerable assets with AlienVault USM
  • MDM implementations begin by solving the most pressing business problem in a single hub, mostly on-premise. They then expand to another use case, domain, or region, and might evolve to another MDM hub on cloud or in a different country. Whatever the journey might be, how do you tie the different hubs together in a hybrid or federated hub-of-hubs MDM architecture? Come to this session to learn how certain leading companies are solving this conundrum!

    In this webinar, you will learn:
    -What are the initial use cases that dictate MDM
    -How to determine if you should use the same MDM instance or a different one when expanding your use case
    -When to use on-premise versus cloud MDM

    In addition, we will explore examples of companies using hybrid MDM to manage multiple MDM hubs as well as evolving to the holy-grail of MDM architecture: Hub-of-hubs or federated MDM.
  • Cyberspace is typically the prime mechanism for conducting business. It also plays a key role in the socio-cultural lives of staff, customers and suppliers. By the end of 2013, revelations about how governments had been surrendering commercial and personal privacy in the name of national security left trust very badly shaken. And the timing couldn’t be much worse: many CEOs are ramping up their demands to take even greater advantage of cyberspace. So if this is where things are now, how will all of this look by 2016? How will new threats hurtling over the horizon complicate matters even further? Just what will organisations be able to rely on? And most importantly, are they powerless or can they do something now? This webcast spotlights the threats we'll be dealing with over the coming 24 months along with advice on the best ways of handling them.
  • As more and more companies look to take advantage of all of the benefits afforded with cloud-based infrastructures, the discussion often quickly turns to “How do we get there?” For some companies, this single migration question can create an insurmountable roadblock that either keeps them from moving to the cloud or severely delays their migration. Join Michael McCracken, HOSTING’s Director of Professional Services, as he explores different cloud migration strategies along with the benefits and risks associated with each of those strategies.
  • Anti-virus is not enough. McAfee Complete Endpoint Protection add defense in depth against the full threat spectrum from zero-day exploits to hacker attacks, as well as mobile devices such and tablets.
  • Protiviti has conducted the second-annual Executive Perspectives on Top Risks Survey. We obtained the views of more than 370 board members and C-suite executives about risks that are likely to affect their organisation in 2014.

    Join Managing Director, Mike Purvis and Director, Dirk Verwohlt for a discussion of the report findings.
  • With the release of PCI-DSS version 3.0 many organizations that are already PCI compliant or are working towards becoming PCI compliant are wondering what these changes will mean to their organization. In this webinar we will take a look at what has changed (and what hasn’t) and the impact this will have on how organizations approach PCI compliance.
  • As we continue to explore the ERP implementation process, we’re going to dive deeper into one technology solution you might consider for a successful ERP implementation. Join us as we discuss Oracle eBusiness Suite Release 12. You’ll want to join us if you’re:
    • Thinking about upgrading to release 12
    • On R12.1 and considering moving to R12.2
    • Just looking for a little ‘positive sell’ to add to that budget request so you can fund your upgrade

    Oracle eBusiness Suite Release 12 was defined as “The Global Business Release”. This doesn’t encompass just its geographic reach…the Suite is a comprehensive tool whose breadth and depth across industries and business functions is compelling for customers around the world.

    During this session, participants will learn about:
    • The changes to R12.2 including the foundational architecture improvements and financial enhancements
    • How the strength of Financials Release 12 allows businesses to work globally - across applications, divisions and regions and the tools necessary to achieve that.
    • Integration, data management and reporting

    Oracle eBusiness Suite Release 12 makes it easier and less expensive for customers to implement, manage and scale global applications - ultimately improving the overall ownership experience.
  • Channel
  • Channel profile
Up Down
  • Cybercrime video Recorded: Mar 13 2014 3 mins
    Cyber criminals continue to steal data and interrupt business at alarming rates. The average annualized cost of cyber crime is $7.2 million per company per year, with a range of $375K to a staggering $58 million, according to a global study by the Ponemon Institute. That’s an increase in cost of 30 percent over last year’s global results. The most costly criminal activities come from malicious insiders, denial-of-service and web-based attacks – and no industry is immune. Fortunately, there are ways to fight back.

    In this short video you’ll learn:
    *How proactive security measures can save millions of dollars
    *What seven security technologies are key to winning the cyber crime war
    *Where to get more information and guidance
  • Stay out of the headlines for breaches / non-compliance with security analytics Recorded: Jan 23 2014 62 mins
    Tight alignment between compliance and security capabilities can make each component stronger than it would be by itself. Organizations that blend the two not only more effectively combat targeted attacks and data breaches, but also more easily meet compliance requirements and avoid expensive fines. Learn how leading organizations are leveraging continuous monitoring and incident response management to achieve a more secure and compliant enterprise.
  • 2013 4th Annual Cost of Cyber Crime Study Results Recorded: Nov 20 2013 61 mins
    Join us for the 2013 results presentation of the 4th Annual Cost of Cyber Crime Study, conducted by Ponemon Institute and sponsored by HP Enterprise Security. This study, based on a benchmark sample of U.S. organizations, shows that cyber attacks not only increased 12 percent last year, the costs associated with those attacks increased by an average of 26 percent or $2.6 million per organization. Findings from the report also show that each week, an organization can expect two of the many cyber attacks launched against it to succeed.

    Join us for this important webinar and learn how:
    • All industries and all sizes of organizations fall victim to cyber crime, but to different degrees.
    • Denial of service, malicious insiders and web-based attacks comprise the most costly crimes.
    • Attacks can be mitigated by SIEM, enterprise governance, application security testing and other prevention-focused strategies and technologies.
  • 2013 4th Annual Cost of Cyber Crime Study Results: Asia Recorded: Oct 31 2013 60 mins
    2013 Cost of Cyber Crime Study: Australia & Japan

    Join us for the 2013 results presentation of the second annual Cost of Cyber Crime study for Australia and Japan. Conducted by Ponemon Institute and sponsored by HP Enterprise Security, a total of 64 Australian and Japanese organizations participated. According to the findings, cyber attacks increased 12 percent in Australia and 32 percent in Japan. The costs associated with this increase in Australia were $772,903 and ¥265 million in Japan. “Findings from the report also show that each week Australian and Japanese organizations experienced on average 1.4 successful attacks per company”
  • 2013 4th Annual Cost of Cyber Crime Study Results: Europe Recorded: Oct 30 2013 62 mins
    2013 Cost of Cyber Crime Study: UK, Germany & France

    Join us for the 2013 results presentation of the second annual Cost of Cyber Crime study for the United Kingdom and Germany. For the first time, the research was conducted in France. Conducted by Ponemon Institute and sponsored by HP Enterprise Security, a total of 110 UK, German and French organizations participated. According to the findings, cyber attacks increased 16 percent in the UK and 21 percent in Germany. The costs associated with this increase in the UK and Germany were £904,886 and €830,169, respectively. For the first time, it was determined that the average cost of a cyber attack in France was €3.89 million. Findings from the report also show that each week UK and German organizations experienced on average 1.3 successful attacks per company. French organizations experienced an average of 1 cyber attack per company.
  • 2013 4th Annual Cost of Cyber Crime Study Results: Americas Recorded: Oct 29 2013 61 mins
    Join us for the 2013 results presentation of the 4th Annual Cost of Cyber Crime Study, conducted by Ponemon Institute and sponsored by HP Enterprise Security. This study, based on a benchmark sample of U.S. organizations, shows that cyber attacks not only increased 12 percent last year, the costs associated with those attacks increased by an average of 26 percent or $2.6 million per organization. Findings from the report also show that each week, an organization can expect two of the many cyber attacks launched against it to succeed.

    Join us for this important webinar and learn how:
    • All industries and all sizes of organizations fall victim to cyber crime, but to different degrees.
    • Denial of service, malicious insiders and web-based attacks comprise the most costly crimes.
    • Attacks can be mitigated by SIEM, enterprise governance, application security testing and other prevention-focused strategies and technologies.
  • Threat Central – Cloud based Threat Intelligence Sharing Recorded: Oct 9 2013 24 mins
    In the new generation of cyber defense, security intelligence becomes a key element. Recent technology advances provide the foundation for a new type of threat intelligence sharing platform to organize, collaborate, and manage risk more effectively. This sharing platform makes your security program more effective with actionable protection.
  • The lost art of vulnerability research Recorded: Oct 2 2013 51 mins
    What grade would you give your company on using vulnerability research to protect your organization from new security threats?
    If not an A+, learn best practices from Frost and Sullivan’s Chris Rodriguez, senior industry analyst on network security.

    In this webinar, we’ll discuss current threats that have been mitigated by leading vulnerability research and share how timely vulnerability research can help your organization prepare.
  • Insiders, Outsiders and Big Data Recorded: Sep 11 2013 46 mins
    The challenges you face today in protecting your organization from insiders, outsiders, and hacktivists include incomplete threat intelligence, minimal visibility into unstructured data, and insufficient context. In addition, modern network security systems generate such an enormous volume of events that it is hard to take action on all of them. Learn about techniques and technologies that you can use to handle high volumes of structured and unstructured data to derive true intelligence from today’s modern security systems.
  • Top 5 myths of SIEM Recorded: Jul 9 2013 24 mins
    While security threats continue to mount, many organizations have deployed or have considered deploying security information and event management (SIEM) solutions in order to combat data theft and cyber-attacks across the enterprise. SIEM solutions are essential for helping security analysts perform forensic analysis and detect threats, as well as meet industry compliance requirements.

    In this presentation, we will review some common misperceptions surrounding SIEM technology to help IT Security Professionals separate truth from fiction behind common myths about SIEM. Without proper information, Security Executives sometimes have a hard time justifying SIEM investments to their management. Worse yet, a SIEM solution that is not deployed properly may not produce the desired results. Prevent this from happening by learning the top 5 myths of SIEM.
  • Mobile Malfeasance - Exploring Trends in Dangerous Mobile Code Recorded: Jun 18 2013 61 mins
    Please join us as we explore the OWASP Mobile Top 10 classification system and metrics from a large case study of a real enterprise facing the deployment and assessment of a large number of mobile applications. Developers, Managers, and team leads will leave with resources and guidelines to start mobile security both at the process level and code level, including how to handle external mobile development teams they might contract.
  • Business Driven Continuous Compliance Recorded: Jun 13 2013 40 mins
    While a key driver for adapting security technologies, compliance is still a huge burden for most organizations. In the presentation we will discuss novel approaches to both lower the cost of compliance and derive relevant business value from the process. Changing the compliance process from a periodical manual process into a continuous automated process ensures real time visibility into your compliance posture as well as the ability to react in real time to compliance issues rather than just after the fact. By overlaying the information collected with your enterprise IT asset model, the real time compliance information can also contribute to business driven risk management and help in making the right investment decisions in information security.
  • Gaining Threat Intelligence and Combating the Four Most Common Attack Vectors Recorded: Jun 12 2013 36 mins
    The HP Security Research team (HPSR) is hard at work monitoring the threat landscape for new campaigns, profiling actors to understand their motivations, identifying the tools they use and determining how credible certain threats might be. It’s part of a long-term strategy for developing a new threat intelligence-sharing model. Why is that important? It will provide real-time info from the larger security community-- enterprises like yours, industry security organizations and security vendors-- that can be used to automate and catch these breaches immediately.

    Learn about HP’s findings, including these culprits: injection flaws, DDoS, various phishing techniques and zero day vulnerabilities. How can you address the inevitable breaches that will occur?
  • Why Your Cloud Provider Security Logo Doesn’t Mean a Thing Recorded: May 16 2013 49 mins
    As more applications have moved to the cloud, the industry has seen a proliferation of application security issues. In 2012, several cloud service providers were breached as a direct result of application security vulnerabilities. Before you choose a cloud service provider, make sure that it answers the series of security questions created by the Cloud Security Alliance (CSA). CSA has created a checklist of industry-accepted ways to document what security controls exist in IaaS, PaaS, and SaaS offerings – creating more transparency for enterprises. The speakers will walk attendees through this blueprint, helping them to become more adept at identifying service provider security readiness. They'll also discuss some of the most common application vulnerabilities, including unencrypted passwords, SQL Injection, and those that impact poorly architected mobile apps.
  • PCI DSS 2.0 - Section 10: Creating a successful logging and monitoring program Recorded: May 1 2013 37 mins
    PCI is an ongoing process in which each year should build upon the previous. Too many organizations treat PCI compliance as a box that must be checked, but not the ongoing maturity process it was designed to be. PCI has 12 requirements; we will focus on building a foundation to support Section 10: the requirement to track and monitor all access to cardholder data. This session will provide an overview of the proper way to institute a PCI logging and monitoring program. The topics covered will include policy and standards, proper organizational and team alignment, as well as real world examples of successful PCI logging programs. The intended audience for this session is anyone in charge of or working in a PCI regulated organization. The session will be led by Colin Henderson, Principal Security Consultant with HP.
  • Your VP Just Resigned, What Did He Take With Him? Recorded: Apr 17 2013 49 mins
    Your VP just resigned and took a position at your biggest competitor. Did you remember to examine the Salesforce logs to see if he downloaded your entire customer database and history of purchases? Do you even have access to those logs? And if you did, and found the obvious, how would it help now? Catching Bradley Manning who stole sensitive government information, Ross Klein who took with him an entire hotel brand concept and Gary Min that copied chemical formulas was too late for the US government, DuPont and Starwood hotels respectively.

    In this presentation we look into how to proactively monitor user activity to detect potential threats from employees before the damage occurs. Focusing on how to effectively collect activity logs and analyze them against user, role and entitlement information, to detect abnormal activity, predict which employees may pose more threat if not loyal and to reduce the associated risk.
  • Enhance Your Security Operations with Big Data Recorded: Mar 13 2013 37 mins
    More and more security operations centers are transforming their operations from being reactive, to proactive and even predictive. Hear how big data technologies like Autonomy IDOL can be leveraged with traditional security monitoring tools for Social Network Monitoring and Data Loss Prevention (data in motion) to drive value and empower a “next generation SOC.”
  • Mobile Application Integrity: Being Good When No One is Watching (Your Security) Recorded: Feb 14 2013 49 mins
    Mobile devices are a hot trend amongst security topics this year. While most cover the angle of the device management, only few go into testing the applications. Since the mobile application vulnerability landscape is still young, there is a need to classify these vulnerabilities so that development teams can focus and root them out of their codebases. Join us as we explore the OWASP Mobile Top 10 classification system and metrics from a large case study of a real enterprise facing the deployment and assessment of a large number of mobile applications. Developers, Managers, and team leads will leave with resources and guidelines to start mobile security both at the process level and code level, including how to handle external mobile development teams they might contract. Get ahead of upcoming PCI compliance by addressing your mobile software early!
  • Top 10 Tips to be Compliant and Secure Together Recorded: Jan 17 2013 45 mins
    Compliance and security are better together and there are tools and resources that can be combined to achieve both. Learn the top 10 tips - such as continuous monitoring, assessing the controls, and cost-effective audit logs - to understand and implement best practices of compliance and security together.
  • Modular Security For Today’s Cyber Threats and Cloud-Based Data Centers Recorded: Jan 17 2013 49 mins
    Network security is not just about eliminating bad traffic, it is also about making sure applications and critical data are always available to the right audience at the right time. The right network security architecture can provide security for physical assets, but also extend protection for virtual and cloud computing infrastructures without impacting performance. In fact, unlike in the past, a network security product should never be considered a bottleneck due to deep packet inspection, but should actually be capable of improving bandwidth and performance.

    About the Presenter:
    Sanjay Raja, Director of Product Marketing for HP TippingPoint, is responsible for marketing of HP TippingPoint’s Network and Cloud Security solutions. He has over 12 years of experience in various Product Marketing, Product Management, and Alliances roles primarily in IT Security. He has been in the IT industry for the last 18 years with experience in Security, Networking, Servers and Storage and Network and Application Performance Testing. In addition he has authored several papers and presented at various industry events on security, compliance and testing. Prior to HP he has worked at Cabletron Systems, 3Com, Nexsi Systems, Spirent Communications, Top Layer Networks, Symantec and most recently Crossbeam Systems. Sanjay currently holds a B.S.EE and MBA from Worcester Polytechnic Institute.
Leading Security Intelligence & Risk Management Enterprise Platform
HP is a leading provider of security and compliance solutions for modern enterprises that want to mitigate risk in their hybrid environments and defend against advanced threats. Based on market leading products from ArcSight, Fortify, and TippingPoint, the HP Security Intelligence and Risk Management (SIRM) Platform uniquely delivers the advanced correlation, application protection, and network defense technology to protect today’s applications and IT infrastructures from sophisticated cyber threats. Visit HP Enterprise Security at: www.hpenterprisesecurity.com.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Leveraging Security Intelligence to Win the Information Security Arms Race
  • Live at: Mar 28 2012 4:00 pm
  • Presented by: John Kindervag, Sr. Security Analyst, Forrester Consulting and Dan Holden, Director HP DVLabs
  • From:
Your email has been sent.
or close
You must be logged in to email this