Browse communities
Browse communities
Presenting a webinar?

Understanding Vulnerabilities to Better Mitigate Threats

Steve Povolny, Senior Security Researcher, HP DVLabs
Vulnerabilities that exist in today’s commercial and custom software are the primary target for attackers. The most severe of these vulnerabilities are those that can result in remote code execution – that is an attacker can take complete control of another system for the purposes of stealing information, defacing property or just causing trouble. In this session, Brian Gorenc, will demonstrate how to analyze a vulnerability and the steps required to weaponize it. Centering on a vulnerability in a Microsoft application, the demo will show you how an attacker can quickly move from proof-of-concept to remote code execution. The discussion will also include thoughts on mitigation strategies for reducing risk.
Jun 21 2012
45 mins
Understanding Vulnerabilities to Better Mitigate Threats
More from this community:

IT Governance, Risk and Compliance

  • Live and recorded (3390)
  • Upcoming (81)
  • Date
  • Rating
  • Views
  • Risk management is an increasingly important
    business driver and stakeholders have become
    much more concerned about risk. Risk may be a
    driver of strategic decisions, it may be a cause of
    uncertainty in the organisation or it may simply be
    embedded in the activities of the organisation. An
    enterprise-wide approach to risk management
    enables an organisation to consider the potential
    impact of all types of risks on all processes,
    activities, stakeholders, products and services.
    Implementing a comprehensive approach will
    result in an organisation benefiting from what is
    often referred to as the ‘upside of risk’.
    The global financial crisis in 2008 demonstrated
    the importance of adequate risk management.
    Since that time, new risk management standards
    have been published, including the international
    standard, ISO 31000 ‘Risk management –
    Principles and guidelines’. This guide draws
    together these developments to provide a
    structured approach to implementing enterprise
    risk management (ERM)
  • L’ambiente dei tuoi clienti è sempre più complesso, Backup Exec 15 permette loro di esguire backup e recovery in modo semplice ed efficace, sempre e ovunque.
    Segui questo webinar e scopri come Backup Exec 15 può semplificare e rispondere alle esigenze delle diverse infrastrutture.
  • If your organization is reliant on a rapidly aging version of SQL Server, you need to join SQL Server experts Michael McCracken from HOSTING and Rodney Landrum, a Microsoft SQL Server MVP, from Ntirety for this in-depth discussion of the hows, whys and whats of upgrading from Microsoft SQL Server 200X to SQL Server 2014. The interactive webinar will cover:
    •The benefits of upgrading
    •Considerations to understand
    •How to smooth the transition
    •Q & A
  • Ingesting raw data into Hadoop is easy, but extracting business value leveraging exploration tools is not. Hadoop is a file system without a data model, data quality, or data governance, making it difficult to find, understand and govern data.

    In this webinar, Tony Baer, Principal Analyst of Ovum Research, will address the gaps and offer best practices in the end-to-end process of discovering, wrangling, and governing data in a data lake. Tony Baer will be followed by Oliver Claude who will explain how Waterline Data Inventory automates the discovery of technical, business, and compliance metadata, and provides a solution to find, understand, and govern data.

    Attend this webinar if you are:
    --A big data architect who wants to inventory all data assets at the field level automatically while providing secure self-service to business users
    --A data engineer or data scientist who wants to accelerate data prep by finding and understanding the best suited and most trusted data
    --A Chief Data Officer or data steward who wants to be able to audit data lineage, protect sensitive data, and identify compliance issues
  • Targeted malware, zero-day vulnerabilities and advanced persistent threats are increasingly responsible for data breaches. Why? Because they work. Most security products have a hard time protecting from advanced malware. This problem is compounded because attackers can easily mass produce new malware variants. What’s an IT person to do?

    Join us to learn key techniques to stop modern malware the first time. We will discuss:
    •What tactics work
    •Where to apply them
    •How to optimize cost, staffing and security.
  • Software defined architectures are all the buzz, helping to start conversations about transforming customer data centers from cost centers into competitive advantages. But in today’s economy, no business can afford to stand still. And a business is only as agile as its IT organization allows. An agile data center and IT department can:

    •Protect the infrastructure and easily recover if faults are found or predicted
    •Control access to data while meeting compliance and regulatory requirements
    •Deliver services quickly, resiliently, and cost-effectively

    Join us on at 10am GMT on 16th April 2015 and learn how Symantec’s view of the “Agile Data Center” covers delivering the right resources in the right way to the users. Whilst bringing a broader view on how you can introduce critical solutions and new revenues around disruptive customer events.
  • For years ClearCase was the standard for enterprise SCM. If you had a large number of developers and lots of projects ClearCase was a great choice, while ClearCase MultiSite provided basic support for distributed teams. Now industry trends are converging toward a new generation of development tools and processes. Today, continuous delivery brings agile development and DevOps together, promising much shorter development cycles and higher quality.

    Learn how moving from ClearCase to Subversion can improve your development processes and significantly reduce deployment cost and complexity. You'll also learn practical ClearCase to Subversion migration techniques.

    Topics Covered:
    • Differences and similarities between Subversion and ClearCase
    • How to merge in Subversion
    • Continuous delivery using Subversion: bringing agile and DevOps together for faster delivery and higher quality
    • ClearCase vs. Subversion in a distributed development environment
    • Migrating from ClearCase to Subversion
  • Recently cyber attacks against Industrial Control Systems (ICS) used by
    utilities and other Critical Infrastructure organizations have hit the
    newlines worldwide. Stuxnet is the best known cyber attack against an
    industrial installation, but it's not the only one.

    But what if cyber attacks were not the biggest threat to industrial
    networks and systems? Although malware is still a major point of
    interest, the sword of Damocles for critical industrial networks is
    represented by system misuse performed by disgruntled employees,
    contractors and vendors, as well as unintentional mistakes,
    network and system misconfiguration; all this could lead to the
    divergence or failure of critical processes.

    In this talk we will reshape the concept of ICS cyber security and will present our vision for a comprehensive approach to cyber security for ICS.
  • Adhering to international maritime sanctions requirements can be challenging in today’s regulatory landscape. Join Dow Jones Risk & Compliance and experts from HFW and Pole Star for a discussion on best practice in shipping compliance. Learn about regulatory developments -- including the latest UN Security Council communiques on "Sanctions compliance for the maritime transportation sector" -- and leverage case studies on the use of enhanced sanctions data and monitoring tools to mitigate sanctions risk.
  • As superfast connectivity becomes widely available, it will increase both data volume and velocity as well as new business opportunities. However, this dramatic leap forward will also result in new and potentially destructive activity online, which can affect an organisation’s defences both internally and within their supply chain. It has never been more important for businesses to assess and understand their critical infrastructure in an increasingly connected environment.

    During this webinar Steve Durbin, Managing Director of ISF Ltd, will discuss how businesses can update their resilience along with examining the role in securing the network boundary that investments in technology and third party provider programmes can play. This will necessarily include an assessment of cloud-based systems and the use of robust risk assessment methodologies.
  • Channel
  • Channel profile
  • The Dark Side of Anonymizers: Protect Your Network from the Unknown Recorded: Apr 14 2015 44 mins
    Joanna Burkey, DVLabs Manager, HP TippingPoint
    While anonymizers can serve a positive purpose by protecting a user’s personal information by hiding their computer’s identifying information, their use in your network environment can be dangerous. Anonymizers can evade enterprise security devices, and their misuse can make your organization susceptible to malware and unwanted intrusions. Attend this session to learn how you can detect and block elusive anonymizers from wreaking havoc on your network.
  • Anatomy of a Cyber Attack Recorded: Mar 17 2015 45 mins
    Bob Corson, Director, Solutions Marketing, TrendMicro & Patrick Hill, Sr Product Line Manager, DVLabs
    Victims of targeted attacks, or advanced persistent threats (APTs), make the headlines. Attend this webinar to learn how APTs work and how to defend your business from them. Pat Hill, HP TippingPoint Product Manager, and Bob Corson, Director, Solutions Marketing, discuss the anatomy of an attack and why it's critical to detect and isolate the attack at "patient zero," the initial point of infection.

    Attend this webinar to learn:
    · How the bad guys evade your security
    · The counter measures you need to detect and block them
    · How HP TippingPoint and Trend Micro have partnered to neutralize patient zero
  • Targeted Attacks - Six Keys for Fighting Back Recorded: Mar 6 2015 65 mins
    Bob Corson, Director, Solutions Marketing, Trend Micro & Patrick Hill, Senior Product Line Manager for HP Enterprise Security
    Target, Sony, Anthem - the biggest recent breaches have taught us all big lessons. Namely, that traditional security solutions are ineffective against advanced threats. And today's targeted attacks not only can rob your organization of sensitive data, customers, reputation - they can cost senior leaders their jobs.

    Register for this session to learn the 6 Keys to Success in Fighting Advanced Threats. Hear first-hand from security leaders at HP and Trend Micro how to:
    - Monitor all attack phases;
    - Mind security gaps;
    - Defeat anti-evasion features & more.
  • Outthinking the Bad Guys Recorded: Feb 6 2015 22 mins
    Art Gilliland, General Manager of HP Enterprise Security Products
    Businesses are spending so much money on security -- almost $47 billion in 2013 -- and yet the number of breaches continues to increase. To mitigate the risks of increasingly sophisticated, innovative and persistent threats, we need to change the way we think about our security programs. In this webcast, Art Gilliland, General Manager of HP Enterprise Security Products, talks about the challenges all enterprises face from the bad guys -- and the critical steps businesses must take to defend against today's most advanced threats.
  • HP TippingPoint—every second matters Recorded: Jan 12 2015 3 mins
    HP TippingPoint
    A next-generation intrusion prevention system (IPS) shouldn't just keep your company safe, it should be quick to implement and easy to manage. HP TippingPoint is the simple, effective, and reliable solution for network security that protects you faster—when every second matters.
    This video explains how TippingPoint stops threats faster. Watch it to learn:
    •How HP TippingPoint provides 80% threat coverage out of the box
    •How most companies install TippingPoint in less than two hours
    •How TippingPoint filters key on vulnerabilities rather than exploits to keep you safer and reduce false positives
  • Protecting your company in a changing threat environment Recorded: Jan 9 2015 4 mins
    John Kindervag, Vice President and Principal Analyst, Forrester Research
    Hackers don't have change management, so they can change and deploy threats faster than companies can respond to them. That's the message of Forrester Principal Analyst John Kindervag in this short but important video. He explores the impact of a changing threat environment and new zero-day threats on cyber defenses.

    View it to learn:
    •Why it's important for security professionals to change their mindset when dealing with the changed threat landscape
    •Why conventional defenses based on exploit signatures no longer work
    •Why context-aware defenses that correlate incoming attacks to outgoing data exfiltration are required for enhanced security
  • Top 5 Security Threats of 2014: How to Protect Yourself for the New Year! Recorded: Dec 11 2014 41 mins
    Joanna Burkey, HP TippingPoint DVLabs Manager
    2014 has been an explosive year riddled with nasty security threats. Some of these you may have heard about like Heartbleed and Shellshock, but others like Sandworm, may have gone unnoticed or worse unprotected on your network. This webcast will offer an explanation of the top vulnerabilities, how they could have infected your network and security precautions to protect your organization. Don’t miss it.
  • Challenges and Solutions for Securing Today's Enterprise Network Recorded: Nov 18 2014 39 mins
    Julian Palmer, Senior Product Manager, HP SW HPN Security - TippingPoint
    As enterprise network design changes and evolves to incorporate mobile devices, BYOD and cloud solutions, the traditional network perimeter is breaking down. All this, while attacks are getting ever more sophisticated. This session will discuss the challenges facing the modern enterprise network, and show how HP TippingPoint network security products offer solutions that can help.
  • Defending the Network in the Battle Against Malware Recorded: Oct 22 2014 49 mins
    Joanna Burkey, HP TippingPoint DVLabs Manager & Russell Meyers, Global Product Line Manager, HP TippingPoint
    With malware and botnets wreaking havoc worldwide, stopping network infiltration and protecting confidential data is proving increasingly difficult. This session introduces you to a triple-threat triple ally against attackers: HP TippingPoint with ThreatDV. Join us and learn how HP TippingPoint and the power combo of ThreatDV, weekly Digital Vaccine package, and reputation feed help networks stay ahead of attacks by blocking infiltration, phone-home, command-and-control, and data exfiltration.
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: APJ Recorded: Oct 10 2014 56 mins
    Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
    Explore cyber crime in Asia Pacific and Japan

    The cost of cyber crime is on the rise in the APJ region, according to the 2014 Cost of Cyber Crime study from the Ponemon Institute. Among 30 companies surveyed in Australia, the reported per-company cost for Internet-driven crime was $4 million, up 8.4% from 2013. In Japan, the per-company average hit $6.9 million in the study, up 5.7% from 2013.

    On the more optimistic side, companies in the region are achieving notable ROI for their investments in cyber security solutions. The average ROI for seven security technologies was 16% in Australia and 17% in Japan. For a close-up view of these and other findings from the institute’s research in Australia and Japan, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our APJ Security webinar.
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: Americas Recorded: Oct 9 2014 60 mins
    Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
    Explore cyber crime in the Americas

    In the 2014 Cost of Cyber Crime study, U.S. companies reported an average of $12.7 million in losses to cyber crime. That was the highest national average in the study by the Ponemon Institute. Among the 59 U.S. companies in the survey, the average cost of cyber crime climbed by more than 9% over the course of the year.

    Among other findings, the study noted that the most costly cyber crimes are those caused by denial of services, malicious insiders, and malicious code. These threats account for more than 55 percent of all cyber crime costs. For a fuller look at these and other findings from the institute’s study of U.S. companies, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our AMS Security webinar
  • 5th Annual Ponemon Cost of Cyber Crime Study Results: EMEA Recorded: Oct 8 2014 59 mins
    Sponsored by HP Enterprise Security, Independently conducted by Ponemon Institute LLC
    Explore cyber crime in Europe

    For its 2014 Cost of Cyber Crime study, the Ponemon Institute expanded its focus in Europe to encompass the Russian Federation, as well as France, Germany, and the United Kingdom. Collectively, the institute surveyed 137 companies in Europe in a study that found broad differences in the reported costs of cyber crime across the region. The per-company average ranged from $3.3 million in the Russian Federation to $8.1 million in Germany.

    The study results indicate that over the course of the year, cyber crime rose 20.5% in France, 17.4% in the U.K., and 7.2% in Germany. For a closer look at these and other findings from the institute’ European research, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, for our EMEA Security webinar.
  • HP TippingPoint is On Your Side When Every Second Matters Recorded: Sep 25 2014 28 mins
    Russell Meyers, Global Product Line Manager, HP TippingPoint
    Security defenses are only effective when you can easily deploy and manage them. HP TippingPoint Next-Generation Intrusion Prevention System and Next-Generation Firewall make it easy. And the TippingPoint Security Management System provides a dashboard to show you the state of your defenses and instantly see attacks that are blocked.

    Every second matters. Watch this interactive demo to learn how:

    · Easy it is to automatically download the latest Digital Vaccine packages to stay up-to-date with the latest security intelligence

    · Simple it is to share security configurations and policies across devices

    · The at-a-glance dashboard effortlessly shows your protection status

    · To automatically create protection, status and network behavior reports
  • Blocking Advanced Threats with a Layered Security Approach Recorded: Sep 18 2014 42 mins
    Joanna Burkey, HP TippingPoint DVLabs Manager & Russell Meyers, Global Product Line Manager, HP TippingPoint
    Threats to the network continually evolve, which makes isolating the victimized “patient zero” machine nearly impossible. Today’s advanced threats require an advanced approach to security. This session explores how HP TippingPoint stops these attacks in their tracks by neutralizing patient zero through behavior, static, and dynamic detection. Join us to learn how this layered security approach is the most effective way to minimize the threat of network infiltration and, when it does occur, protect your infrastructure from further damage.
  • Incident Response Techniques and Processes: Where We Are in the Six-Step Process Recorded: Aug 26 2014 62 mins
    Russ Meyers, Global Product Line Manager for the HP TippingPoint Enterprise Security Management System
    Incident response weighs heavily on the minds of security practitioners today. Prompted by the recent data breaches and attacks plaguing enterprises large and small, a new SANS survey project asked IT professionals to explain what steps they take immediately following a breach and to share how successful those steps really are.

    Tune into Part 1 of the Incident Response Techniques webcast to hear highlights from the survey results and discussion concerning where we are as an industry in a typical six-step incident response process.
  • Odd Todd Deploys TippingPoint Recorded: Jul 24 2014 3 mins
    HP TippingPoint
    View this video to see how easy it is for Odd Todd to deploy TippingPoint.
  • HP Cyber Risk Report Recorded: Jul 23 2014 4 mins
    HP Enterprise Security
    In application vulnerability testing performed by HP, 52 percent of total vulnerabilities found are on the client side, and 48 percent are on the server. That is one of the real-world statistics uncovered by the HP 2013 Cyber Risk Report and summarized in this informative four-minute video.

    The Cyber Risk Report video presents the data you need to separate the hype from the real threats and better plan how to spend your security dollars. View it to learn the most common kinds of attacks and to hear the one lesson learned from the in-depth study of the 2013 attack that took down South Korean Banks.
  • Role of Research in Stopping Security Threats Recorded: Jul 1 2014 22 mins
    Jennifer Ellard, HP, Patrick Sweeney, Dell, Robin Layland
    Jennifer Ellard from HP, Patrick Sweeney from Dell and Robin explore what role research by security vendors plays in stopping threats. Issues examined include the definition and importance of good research and how vendors shine and fall short. The discussion then moves on to selecting a security solution that is backed by world-class research.
  • Preparing for Zero-Days and Emerging Threats - Where Effective Security Counts Recorded: Jun 24 2014 35 mins
    Joanna Burkey,HP TippingPoint DVLabs Manager
    Staying ahead of the bad guys requires two things: a good plan and a good partner. Your security plan must be robust, flexible, and responsive. Your partner must do the heavy lifting, so your team can concentrate to what matters most to your business. HP Security Research Zero-Day Initiative has more than 3000 security researchers looking for vulnerabilities in the software you rely on. Once they are found, HP TippingPoint DVLabs pushes out weekly digital vaccine packages to proactively protect customers from emerging threats.
    But staying protected isn’t just a numbers game.

    Attend this webinar to learn:
    • How we develop “virtual patches” that block any attempt to exploit the vulnerability rather than simple filters to block individual exploits
    • How our approach reduces false positives
    • How the HP Security Research and DVLabs team keeps them out to let you rest easier
  • Integrating Network Security with Threat Intelligence to Stop Advanced Malware Recorded: May 22 2014 48 mins
    Brian Laing, Vice President of Business Development, Lastline & Russell Meyers, Global Product Line Manager, HP TippingPoint
    Cyber criminals have become more sophisticated and more determined than ever. Protecting your business from advanced malware requires new techniques tuned to these emerging threats. Now, HP TippingPoint Security Management System works with Lastline to provide an advanced layer of protection against the most sophisticated attacks.

    Attend the webinar to learn:
    • How Lastline uses the HP TippingPoint Advanced Threat application programming interface (API) to integrate their global threat intelligence and advanced malware detection capabilities with HP TippingPoint
    • How the industry-leading security intelligence of HP TippingPoint and Lastline’s innovative products combine to help you stay ahead of the bad guys
Delivering Advanced Network Defense to the Enterprise
This channel covers the latest topics in network security, virtualization security, and threat research from HP TippingPoint and HP DVLabs to help security professionals protect their network against ever-evolving threats

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Understanding Vulnerabilities to Better Mitigate Threats
  • Live at: Jun 21 2012 9:00 pm
  • Presented by: Steve Povolny, Senior Security Researcher, HP DVLabs
  • From:
Your email has been sent.
or close
You must be logged in to email this