Hi [[ session.user.profile.firstName ]]

IT Security

  • Challenges with Fintech Compliance, and Cybersecurity to the Rescue
    Challenges with Fintech Compliance, and Cybersecurity to the Rescue Angelo Purugganan, Chief Information Security Officer at Arctic Wolf Networks Recorded: Jul 20 2017 26 mins
    In this webinar we are going to:
    - explore top cyber threats that fintech companies face
    - identify the monitoring and detection compliance requirements common to Federal and State Regulations

    We will be talking to Angelo Purugganan, Chief Information Security Officer, at Arctic Wolf Networks, to get his perspective on the how security analytics and continuous monitoring can simplify compliance using a SOC-as-a-Service provider.

    Most fintech transactions today happen at a fast pace, served through web applications using a combination of mobile devices and legacy systems, with some level of protection. While beneficial to small and medium fintech companies, consumers and regulatory agencies are apprehensive about protecting customers personal data and detecting cyber attacks over the internet which impact the integrity of financial transactions.
  • Get Ready for DFARS - A CloudCheckr Workshop
    Get Ready for DFARS - A CloudCheckr Workshop Patrick Gartlan, CloudCheckr CTO Jeff Bennett, Allgress President/COO Tim Sandage, AWS Sr. Security Partner Strategist Recorded: Jul 20 2017 40 mins
    The clock is ticking on the latest cloud compliance mandate: NIST Special Publication 800-171, otherwise known as DFARS (Defense Federal Acquisition Regulation Supplement). Any organization or contractor that holds or processes unclassified Department of Defense (DoD) data must ensure that they comply with the new DFARS clause.

    December 31, 2017 is the ultimate deadline by which to prove compliance, so action is recommended as soon as possible.

    In this webinar, Patrick Gartlan (CloudCheckr CTO), Jeff Bennett (Allgress President/COO), and Tim Sandage (AWS Sr. Security Partner Strategist) will lead an interactive workshop on what DFARS regulation means for your business, specifically:

    ✔ Specific requirements of the DFARS regulation

    ✔ Key controls that CloudCheckr provides to help you meet DFARS requirements

    ✔ Tools from Allgress that map DFARS requirements to CloudCheckr features
  • Ensuring Data Protection with NIST Cybersecurity Framework
    Ensuring Data Protection with NIST Cybersecurity Framework Renault Ross, Chief Cybersecurity Business Strategist North America, Symantec Recorded: Jul 20 2017 32 mins
    When it comes to your data, regardless of your country or industry, you likely have compliance regulations to adhere to. We understand the challenges this can bring to your IT and compliance teams.

    Adopting the NIST Cybersecurity Framework (CSF) is one way that can help you achieve compliance with the many regulations you may be affected by. Developed in the United States, the CSF has been adopted by many organizations, including those in the international community with one example being the government of Italy, who has incorporated the Framework into its own National Framework for Cyber Security.

    Join us for a webcast hosted by Symantec Chief Cybersecurity Business Strategist, Renault Ross CISSP, MCSE, CHSS, CCSK, CISM as he dives into the CSF to:

    • Identify sensitive data, where it is and who is accessing it

    • Protect that data by establishing policies which prevent exposure

    • Detect threats to which could extrapolate data by several means

    • Respond to threats with automated actions

    • Recover after a threat to produce reports to prove compliance

    Register Today
  • Inside a Carbanak Phishing Attack
    Inside a Carbanak Phishing Attack Mike Zeberlein, Director of Threat Intelligence. Zeberlein has over 20 years supporting military and intelligence communities Recorded: Jul 20 2017 39 mins
    The sophisticated Eastern European cybercrime group implicated in the Chipotle hack is known for its financial targets. Learn how Carbanak launches a phishing campaign, from Michael Zeberlein, an expert in cyber-counterintelligence, advanced adversary hunting, malware analysis and digital forensics.
    The talk will go over:
    —The verticals being targeted
    —Payloads and planning
    —Specific campaigns and victims
  • The State of Cloud Security
    The State of Cloud Security Eric Hibbard, Hitachi Data Systems, Mark Carlson, Co-Chair SNIA Tech Council, Toshiba Recorded: Jul 20 2017 63 mins
    Standards organizations like SNIA are in the vanguard of describing cloud concepts and usage, and (as you might expect) are leading on how and where security fits in this new world of dispersed and publicly stored and managed data. In this webcast, SNIA experts Eric Hibbard and Mark Carlson will take us through a discussion of existing cloud and emerging technologies (such as the Internet of Things (IoT), Analytics & Big Data, and so on) – and explain how we’re describing and solving the significant security concerns these technologies are creating. They will discuss emerging ISO/IEC standards, SLA frameworks and security and privacy certifications. This webcast will be of interest to managers and acquirers of cloud storage (whether internal or external), and developers of private and public cloud solutions who want to know more about security and privacy in the cloud.

    Topics covered will include:

    Summary of the standards developing organization (SDO) activities:
    - Work on cloud concepts, CDMI, an SLA framework, and cloud security & privacy
    Securing the Cloud Supply Chain:
    - Outsourcing and cloud security; Cloud Certifications (FedRAMP, CSA STAR)
    Emerging & Related Technologies:
    - Virtualization/Containers, Federation, Big Data/Analytics in the Cloud, IoT and the Cloud
  • A New Frontier in Cloud Security: The Secure Internet Gateway
    A New Frontier in Cloud Security: The Secure Internet Gateway Dan Cummins - 451 Research & Meghan Diaz - Cisco Umbrella Recorded: Jul 20 2017 56 mins
    Your employees are using more cloud apps than ever, and mobile workers frequently work without turning on their VPN. You need new ways to extend protection anywhere your employees work — and you need it to be simple, yet incredibly effective.

    Exciting innovations in network security-as-a-service offer distributed organizations the potential to extend and meaningfully increase security effectiveness. Join this 451 Research webinar with Cisco Security to hear a discussion about new cloud-delivered protection for mobile workers, lean branch offices, and cloud applications.

    In the webinar we will discuss:

    - The changing cloud security landscape
    - The emergence of the Secure Internet Gateway
    - Important buying considerations for companies looking to add these capabilities
  • How To Delete a Lot of Emails and Files Quickly and Defensibly
    How To Delete a Lot of Emails and Files Quickly and Defensibly Dan Elam, VP and Consultant, Contoural Recorded: Jul 20 2017 60 mins
    Sometimes there is a mandate to delete large quantities of emails and files very quickly, either after litigation or simply because senior management gets fed up with too much electronic junk. When needing to delete a lot quickly, traditional “manage and let expire over time” approaches don’t work. On the other hand, blanket, delete-everything approaches can run afoul of record retention and legal requirements. What’s an organization to do?


    About the Speaker:
    Dan Elam is one of the nation’s best known consultants for information governance. As an early industry pioneer, he created the first needs analysis methodology and early cost justification models. Dan’s involvement has been in the design and procurement of some of the largest systems in the world. Today Dan helps Contoural clients develop business cases and establish strategic road maps for information governance. He is the former US Technical Expert to ISO and an AIIM Fellow.
  • Securing Your Public Cloud Infrastructure
    Securing Your Public Cloud Infrastructure Mark Butler Chief Information Security Officer, Qualys and Hari Srinivasan Director, Product Management, Cloud and Virtualiza Recorded: Jul 20 2017 54 mins
    Public cloud providers operate on a shared responsibility model, which places the onus on the customer to define and secure the data and applications that are hosted within cloud infrastructure. To that end, it is critical that organizations accurately and selectively pinpoint which cloud workloads and virtual IT assets must be monitored, updated and patched based on developing threats to customer data and applications.

    In this webcast, Mark Butler, Chief Information Security Officer at Qualys, and Hari Srinivasan, Director of Product Management for Qualys Cloud and Virtualization Security will detail how you can gain complete visibility of your organization’s entire cloud asset inventory and security posture to help you keep up with shared security responsibility models across public cloud infrastructure.

    The presentation will cover:

    > Challenges surrounding increased migration to public clouds
    > Using automation for secure DevOps
    > How to ensure effective and efficient operations

    This webcast will include a Q&A session, as well as a live demonstration of how to deploy Qualys seamlessly and deeply into public cloud environments with new features.
  • Law Enforcement Data On the Move: Don’t make CJI a Crime
    Law Enforcement Data On the Move: Don’t make CJI a Crime Stan Mesceda, Encryption Expert at Gemalto Recorded: Jul 20 2017 60 mins
    Law enforcement and defense organizations need secure access to sensitive data, and to provide services and to collaborate with others, while protecting the public, and any confidential information. Faced with these challenges, meeting compliance regulations such as Criminal Justice Information Services Security Policy (CJIS-SP) , is a priority for most organizations, especially as audits draw near.
    Did you know that the Criminal Justice Information Services Security Policy (CJIS-SP) requires that data be encrypted when it is transmitted outside a secure facility, even within the same agency
    “When CJI is transmitted outside the boundary of the physically secure location, the data shall be immediately protected via cryptographic mechanisms (encryption)”

    Join us for an informative webinar where you will learn how to secure your data in transit as it moves across your internal and external network, to help ensure compliance with the FBI mandate.
    Attendee takeaways:
    •Overview of CJIS-SP mandate
    Network vulnerabilities and how Ethernet encryption can help secure data in motion
    •Use cases – hear how various agencies have successfully deployed network encryption to secure their data and meet audit requirements
    •Mapping solutions to the needs of your organization

    For more information on dealing with multi-factor authentication in the CJIS audit, check our part one in the series: https://www.brighttalk.com/webcast/2037/258091
  • Are You Ready to Respond?
    Are You Ready to Respond? Troy Scavella, FireEye Principal Consultant and Ahmet Rifki, Sr. Consultant Recorded: Jul 20 2017 59 mins
    “In our current state of cyber security, security breaches are inevitable.” -- Kevin Mandia, CEO, FireEye

    In 2016 there were 1,093 publicized cyber security breaches. That’s a 40% increase from 2015. Given this era’s up surge in breach activity, it’s no longer about whether you’ll be breached. It’s how you’ll respond when you are breached. Organizations with a well-designed response capability are better off.

    Join Troy Scavella, FireEye Principal Consultant and Ahmet Rifki, Sr. Consultant, for our webinar on July 20. They will cover several topics including:

    •Six primary areas of focus for an effective response plan
    •Best practices for each of those areas
    •Examples of how deficiencies in any area reduce an organization’s ability to effectively detect and respond to a cyber security incident, whether targeted or opportunistic
  • Broadcast under attack: Protecting content and defending infrastructure
    Broadcast under attack: Protecting content and defending infrastructure IBC365 | Channel 4 | Sundog Media Toolkit | EY Recorded: Jul 20 2017 63 mins
    Cyber attacks are on everyone’s agenda but with so much at stake just how should Broadcast, Media and Entertainment players protect themselves in an increasingly hostile world?

    High profile attacks on broadcast and media players are on the increase. But what does the threat landscape look like? What are the new attack surfaces and how should broadcasters and media companies approach cybersecurity?

    Speakers:

    Brian Brackenborough, CISO, Channel 4
    Richard Welsh, CEO, Sundog Media Toolkit & VP of Education, SMPTE
    Cameron Brown, Information Security Strategist & Cyber Defence, EY
  • Digital Business is Here - Is your Trust Infrastructure Ready?
    Digital Business is Here - Is your Trust Infrastructure Ready? Mike Hathaway, Aaron Davis Recorded: Jul 20 2017 57 mins
    The move to digital business is exposing the limits of existing trust infrastructures. Rapid growth in the number of deployed certificate authorities (CAs). Increased burden on multiple PKI point solutions deployed to address specific problems. And while IT grapples to support tactical implementations of PKI, the demands of digital business overwhelmingly require a more strategic and holistic approach.

    What's required is a centralized yet agile overarching trust framework that can easily accommodate multiple use cases today and in the future.

    This webinar looks at the steps you can take to build an agile trust infrastructure with a centralized PKI deployment.

    * Digital Trust at Scale Learn how to build a PKI that supports endpoint diversity, evolving and multiple use cases and integration with complimentary solutions.
    * Streamline PKI Deployment Discover how a trust infrastructure can be deployed and managed across your organization to mete the requirements of today's dynamic and distributed business models
    * Simplify 3rd Party CA Key Migration Find out how you can migrate certificates from other vendor systems without having to distribute a new trust anchor and without the need to generate new keys and certificates.
  • SANS 2017 Security Operations Center Survey Results: Part 1
    SANS 2017 Security Operations Center Survey Results: Part 1 Christopher Crowley (SANS Analyst & Instructor) and James Carder (LogRhythm CISO and VP of LogRhythm Labs) Recorded: Jul 20 2017 62 mins
    Security operations center (SOC) functions are increasingly converging with intelligence, threat hunting, and other emerging processes to aid in threat prevention and response.

    In this webcast, James Carder, LogRhythm CISO and VP of LogRhythm Labs, joins the SANS team to discuss the results of the SANS survey on SOCs.

    Here you’ll learn:

    - Popular SOC architectures
    - SOC functionality and activities
    - The SOC’s relationship with IT operations
    - Trends in staffing a SOC

    Watch now to learn the state of today’s SOC, along with advice and best practices from fellow security practitioners.
  • Keeping Enterprise Data Safe from Mobile Travel Risks
    Keeping Enterprise Data Safe from Mobile Travel Risks Domingo Guerra, Co-Founder and President at Appthority Recorded: Jul 19 2017 23 mins
    Over 459 million business trips and 1.7 billion US leisure trips will be booked in 2017. Mobile threats can increase significantly when employees travel with their mobile phones and devices and their guard is down.

    Domingo Guerra provides tips for keeping data safe while employees travel and reducing risks when they return.
  • [Demo] CloudShell Cloud Sandboxing Overview
    [Demo] CloudShell Cloud Sandboxing Overview Hans Ashlock, Director of Technical Marketing, Quali Recorded: Jul 19 2017 4 mins
    Quali’s Cloud Sandbox Software allows you to create and publish sandboxes that are replicas of infrastructure and application configurations and use them for development, testing, demos, training and support. Model, orchestrate, and deploy on-prem, cloud, and hybrid environments and accelerate DevOps Automation.
  • Lessons from the Trenches: In-House Practitioners Talk Information Governance
    Lessons from the Trenches: In-House Practitioners Talk Information Governance Jo Goldstein (Whirlpool), Patricia Oliveira (MUFG Union Bank), Mark Diamond (Contoural) Recorded: Jul 19 2017 60 mins
    Information Governance (IG) programs are full of both promise and pitfalls. Many organizations are asking what they can and should do to incorporate IG programs that help their employees be more productive while also reducing risk and costs. Join expert practitioners Jo Goldstein (Whirlpool), Patricia Oliveira (MUFG Americas), and Mark Diamond (Contoural) as they discuss:

    -How they got their organization to care about Information Governance
    -Lessons learned while executing their Information Governance programs
    -Why it's important to obtain consensus from across different groups
    -Building the right-sized program for your organization

    Join us for a lively discussion!

    About the Speakers:

    Jo Kathryn Goldstein, CRM is currently Senior Manager, Information Governance for Whirlpool. Her career in Information Management has included the pharmaceutical and banking industry. In the past Jo has served as Vice-Chair for PRIMO- the Pharmaceutical Records and Information Management Organization, President of the Indianapolis ARMA Chapter, and the former ARMA Standards Development Committee.

    Patricia Oliveira leads the Records & Information Management program for MUFG Americas, part of a global financial institution. As such, her focus is to support and develop an enterprise-wide, compliance based RIM program focused on risk mitigation. She has over two decades of experience in planning, designing, and executing complex integrated programs, building strategic organizations, and leading change in multiple disciplines and diverse industries. 

    Mark Diamond is founder & CEO of Contoural. He is an industry thought leader in proactive records & information management, litigation readiness and risk & compliance strategies. As a trusted adviser he and his company help bridge legal, compliance, security and business needs and policies with effective processes, technology and change management.
  • How to Prevent Data Walking Out the Front Door
    How to Prevent Data Walking Out the Front Door Nancy Patton, Esq. (Sr. Solutions Consultant Exterro), Dave Packer (VP, Product & Alliances Marketing, Druva) Recorded: Jul 19 2017 64 mins
    With all the news surrounding data breaches and information leaks, it’s often forgotten that the number one way sensitive/confidential information illegally enters the public domain is when employees leave their organization.

    In this webcast, learn about how technology can help prevent data from walking out your front door and proactively safeguard employee data required for e‑discovery/compliance.

    Register for this webcast and learn how:

    - Data archiving software can automatically lock down and ensure data is not removed from the org
    - E-Discovery technology can automatically track employee movements and notify legal teams when key custodians leave the org
    - Leading organizations are leveraging these types of technology to be more efficient and strengthen data protection efforts
  • Success Factors in Threat Intelligence: Part 3 - Key Elements
    Success Factors in Threat Intelligence: Part 3 - Key Elements Allan Thomson, Chief Technical Officer Recorded: Jul 19 2017 49 mins
    This series describes a comprehensive “business technical approach” to the justification, definition, design and execution of Threat Intelligence Programs.

    What do we mean by “business technical approach’ to Threat Intelligence?

    Much in the industry is focused solely on one technical aspect or another of threat intelligence data that indicates information about a specific malware family, a set of indicators that can be used to block malicious sites, campaign information that highlights a threat actors profile, their tactic, techniques and procedures. But much of the technically focused content do not discuss how organizations can gather or construct that information themselves, and even more so, how an organization would organize themselves to respond to such data. Much of the output of the industry is providing the fish to organizations rather than teaching the organizations how to fish themselves.

    A ‘business technical approach’ is one where we define an approach focused on the business needs, the organization personnel, organizational roles & responsibilities, team structure and those elements’ interaction with technology to address the challenge of successful threat intelligence operations. Our goal is to help organizations build effective Threat Intelligence programs.

    With Part 2, we introduced the overall vision of a successful TI Program. In this webinar, we dig into the key elements of the TI program with concrete examples, and key components of the program that must exist including the right team, process, tools, metrics and connections.
  • Building Consensus Between Legal, Records and IT on What to Save and Not Save
    Building Consensus Between Legal, Records and IT on What to Save and Not Save Ed Rawson (PNC), Michele Hanrahan (Sound Transit), Shawn Cheadle (LMCO), Mark Diamond (Contoural) Jul 20 2017 9:00 pm UTC 60 mins
    Business units want a policy that allows them to save everything. Legal wants the minimum saved. IT just wants something easy to execute. What should we do? A committee is formed, with legal, IT, records management, HR, and others. The committee meets. Discussions ensue: Which are business records? How long should we save them? Do we allow exceptions?

    The committee meets again. And again. We’re stuck.

    Join Ed Rawson , Michelle Hanrahan, Shawn Cheadle and Mark Diamond as they discuss strategies for building consensus across your organization and making sure your initiative doesn't get stuck!

    About the speakers:
    Ed Rawson is a strategic, results-oriented thought leader who has dedicated over 30 years of his career to helping organizations manage their paper and digital content lowering cost and increasing productivity. Ed has helped organizations to align information with business value and operational direction to maximize the return on investments, lowering risk and maintaining compliance.

    Michele Hanranhan is Records Manager at Sound Transit since January 2015 and is leading a RIM group to implement ECM solution organization wide. She previously worked at Federal Home Loan Bank of Seattle, PATH, and Washington State Department of Transportation and has over 16 years of experience in Records and Information (RIM) with a variety of business, government and non-profit organizations. 

    Shawn Cheadle is General Counsel to the Military Space line of business at Lockheed Martin Space Systems. He supports government and international contracts negotiations, drafting and dispute resolution. He also supports information governance, eDiscovery, records management, counterfeit parts investigations, and other functional organizations at Lockheed Martin. He is an ACC Global Board Member, current Information Governance Committee Chair and former Law Department Management Chair, and former Board member and President of ACC Colorado.
  • Retailers:Evolve Customer Experience Strategies to adapt to Consumer Behaviour
    Retailers:Evolve Customer Experience Strategies to adapt to Consumer Behaviour Raj Mistry,Group Vertical Sales Director and Rob Allman,Group General Manager, Customer Experience, Dimension Data Jul 24 2017 3:30 pm UTC 45 mins
    Retailers are faced with the challenge of fast evolving consumer buying processes. Today and in the future consumers have greater choice in terms of how when and where they buy. Consumers expect an omnichannel experience across all available touch points with retailers.

    According to the 2017 Customer Experience Benchmarking Report, 85% of retail and consumer goods organisations recognise CX as a competitive differentiator. Join us for this webinar where we’ll be discussing the retail specific findings from the report.
  • [Breach Prevention] Phishing & Credential Abuse 101: Exposing the Ecosystem
    [Breach Prevention] Phishing & Credential Abuse 101: Exposing the Ecosystem Jen Miller-Osborn, Unit 42 Threat Intelligence Analyst, Palo Alto Networks Jul 24 2017 5:00 pm UTC 60 mins
    Even the most sophisticated adversaries know it’s far easier to steal credentials and use them for covert activities than it is to locate a zero-day vulnerability in an external-facing system. Plus, since attackers will take the easiest path, most breaches still rely on stolen credentials.

    Join our Unit 42 threat intelligence analyst for an insightful perspective on credential-based attacks and phishing. In addition to presenting its unique attack life-cycle, she will:

    • Identify trends and techniques in methods used for credential theft and abuse.
    • Review how cyber criminals have changed their tactics to compromise networks.
    • Examine who is being targeted, and why.
    • Discuss techniques to stop credential leakage.
  • Take Your AWS Cloud Investment to the Next Level
    Take Your AWS Cloud Investment to the Next Level Todd Bernhard, CloudCheckr Product Marketing Manager Jul 24 2017 6:00 pm UTC 60 mins
    AWS cloud is one of the leading cloud providers in the market—and Amazon solutions like Trusted Advisor, Cost Explorer, CloudTrail, CloudWatch, and Inspector can help organizations begin to manage their IaaS infrastructure more efficiently. However, the valuable data provided by these services can be more efficiently leveraged with tools that offer deeper visibility and control.

    Join us to learn tools and tips to take your AWS investment to the next level, including:

    - Forecasting and tagging tips to predict and optimize cloud spend
    - A comprehensive approach to monitoring to ensure secure and compliant infrastructure
    - Proactive risk detection and automated remediation tactics
  • Mega Breaches: How to mitigate your risks using Data-Centric Security?
    Mega Breaches: How to mitigate your risks using Data-Centric Security? Heidi Shey, Senior Analyst, Forrester and Nico Popp, Senior Vice President, Information Protection, Symantec Jul 25 2017 5:00 am UTC 60 mins
    What steps are you taking to minimise your risk of becoming a data breach victim? In this webinar, Symantec and a guest speaker from Forrester share best practices to proactively protect your critical data with data-centric security.

    Get advice on preventing data breaches from these industry experts:

    • Guest Speaker Heidi Shey, Senior Analyst, Forrester. Heidi serves Security & Risk Professionals with solutions for data security and privacy. She also researches sensitive data discovery, data loss prevention, cybersecurity, customer-facing breach response and more.

    • Nico Popp, Senior Vice President, Information Protection, Symantec. Nico is the former CTO of VeriSign Security Services where he led efforts to develop new products and services for Trust Services and Identity Protection.

    Join these authorities as they explain how a holistic approach to data security and identity puts you back in control.
  • The Human Factor 2017
    The Human Factor 2017 Adenike Cosgrove, Cybersecurity Strategist at Proofpoint , Davide Canali - Senior Threat Analyst Proofpoint Jul 25 2017 9:00 am UTC 45 mins
    Ransomware. Business email compromise (BEC). Social media phishing. Counterfeit mobile apps. Today’s advanced attacks use different tactics and vectors, but they all have one thing in common: they target people, not just infrastructure.

    In this webinar, we use original research and data collected from real-world Proofpoint deployments around the world to explore who is being targeted, how attackers are getting people to click, and what you can do about it.

    Register now to learn about:
    •The latest social engineering targeting trends and techniques
    •Top email fraud tactics, including business email compromise (BEC) and social media account phishing
    •The rise of fraudulent mobile apps and how criminals target users on the go
  • Does your data security create more pain than it solves? 5 steps to get it right
    Does your data security create more pain than it solves? 5 steps to get it right Raju Verranna, Pre Sales Engineer Jul 25 2017 9:30 am UTC 45 mins
    Protecting sensitive client and corporate data is one of the most important responsibilities in any organization. So if your current solution isn’t working for all stakeholders, is it really working at all?

    Key learning:
    1. Increase security and compliance, while maintaining user-friendliness
    2. Deploy encryption without interrupting normal business processes
    3. Ease the daily burden of your data security administration
  • The Top 4 Ways Vulnerabilities Get Into Your Software
    The Top 4 Ways Vulnerabilities Get Into Your Software Colin Domoney, Consultant Solutions Architect - Veracode Jul 25 2017 10:00 am UTC 30 mins
    Why is software so riddled with security defects? Are developers to blame? Is it just the nature of software? We’ve found that there are four primary ways that vulnerabilities end up in your software. Understanding these sources and how to prevent them is a good first step in making your apps less like a red carpet for cyberattackers, and more like a moat.

    Benefits of attending:
    1.Learn how vulnerabilities are getting in your code and how to keep them out from a VP of Engineering
    2.Gain actionable tips and advice on application security– from a development manager who lives it day to day
    3.Move beyond the buzz about the insecurity of open source components – what is the solution?
    4.Identify the best ways to help developers learn to code more securely
    5.Gain insight from the latest research into which languages are introducing what vulnerabilities
  • GDPR and Open Source: Best Practices for Security and Data Protection
    GDPR and Open Source: Best Practices for Security and Data Protection Daniel Hedley, Partner, Irwin Mitchell; Matt Jacobs, VP and General Counsel, Black Duck Software Jul 25 2017 2:00 pm UTC 60 mins
    Legislators in Europe continue to expand the scope of the laws governing information security and personal data protection. As a result, organizations serving consumers and businesses in the region need to understand the implications these laws will have on their use of open source to build software applications.

    During this educational webinar led by Dan Hedley, Partner, IT and Commercial from Irwin Mitchell, we’ll provide guidance on the General Data Protection Regulation (GDPR) and why a comprehensive approach to open source security management is essential for GDPR observance. In addition, we’ll review open source management best practices in context of other industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation.
  • How Data Governance Holds the Key to GDPR Compliance
    How Data Governance Holds the Key to GDPR Compliance Srikanth Venkat & Ana Gillan, Hortonworks Jul 25 2017 2:00 pm UTC 60 mins
    The upcoming GDPR legislation represents a sea change for organisations that store or process data relating to EU residents. With penalties for violations up to 4% of annual global turnover, organisations are scrambling to comply with GDPR provisions. Effective data governance and access control helps enterprises manage risk effectively, comply with regulations and gain competitive advantage through agile decision.
    Join Srikanth Venkat, Sr. Director Product Management and Ana Gillan, Solutions Engineer as they discuss effective data governance and its role in complying with regulations such as GDPR. They will also cover Atlas and Ranger, the governance and security components of Hortonworks Data Platform and their role in effective data governance.

    This webinar is not intended to constitute legal advice. Viewers should consult with their own legal counsel regarding compliance with GDPR and other laws and regulations applicable to their particular situation and intended use of any Hortonworks products and services. Hortonworks makes no warranties, express, implied, or statutory, as to the information in this webinar.
  • Building Highly Scalable ADC Clusters with Equal-cost Multi-Path Routing
    Building Highly Scalable ADC Clusters with Equal-cost Multi-Path Routing Nenad Merdanovic, Product Manager, HAProxy Technologies Jul 25 2017 3:00 pm UTC 60 mins
    Application delivery infrastructure resources are increasingly strained. The new features in modern Application Delivery Controllers along with the demands for SSL to comply with search engine ranking algorithms are major contributors to the problem. It means organizations have to find ways to scale their ADCs. But do they scale up? Or scale out? And how?.
     
    Join us for this live webinar to discover:
    oThe drivers for the requirement of scalable application delivery infrastructure like SSL adoption and expanding ADC feature sets
    oThe pitfalls and limits of vertically scaling your ADC
    oHow you can use equal-cost multi-path (ECMP) routing to horizontally (and nearly infinitely) scale your ADC
    oHow to use Route Health Injection (RHI) to ensure availability of your ADC cluster
    oExamples of organizations who have accomplished this with HAProxy
  • Workloads, Data Centers & Cloud Strategy: Market & Technology Trends
    Workloads, Data Centers & Cloud Strategy: Market & Technology Trends Carl Lehmann, Principal Analyst with 451 Research, and Don Davis, Technology Director for Iron Mountain’s Data Center busines Jul 25 2017 3:00 pm UTC 60 mins
    IT planners have far more options as to where to run their workloads than ever before. On-premises data centers, co-location facilities and managed services providers are now joined by hybrid multi-clouds – a combination of Software-, Infrastructure- and Platform-as-a-Service (SaaS, IaaS, and PaaS) execution venues. All have unique operational, performance and economic characteristics that need to be considered when deploying workloads.

    In this Webinar Carl Lehmann, Principal Analyst with 451 Research, and Don Davis, Technology Director for Iron Mountain’s Data Center business will discuss how industry leading enterprises determine the best execution venues for their workloads by addressing:

    •The market and technology trends that influence workload, data center and cloud strategy
    •How to evaluate the characteristics of various workloads and execution venues
    •How to manage workloads across on-premises and off-premises ecosystems
    Attendees will learn how to formulate an IT strategy that can be used to guide the decision criteria needed for placing workloads on their best execution venues, and enable the migration and ongoing management of workloads across a hybrid multi-cloud enterprise architecture.
  • Smart Stores
    Smart Stores Ken Hosac, VP, Cradlepoint Jul 25 2017 4:00 pm UTC 60 mins
    Technology is improving retail operations and enhancing the customer experience. The “Smart Store” has come to life with the rise of the Internet of Things, inspiring stores to adopt applications such as digital signage and IoT sensors.  

    Sign up for this webcast with Ken Hosac, Vice President at Cradlepoint, to learn more about how Smart Stores concepts are changing the dynamics of the shopping experience, creating new retail store standards, and how it’s all dependent upon a foolproof network connection. 
  • AI, Machine Learning and the Future of Cybersecurity
    AI, Machine Learning and the Future of Cybersecurity Demetrios "Laz" Lazarikos (Blue Lava) | Sven Krasser (CrowdStrike) | Alex Pinto (Niddel) | Jisheng Wang (Aruba/HPE) Jul 25 2017 4:00 pm UTC 60 mins
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -
    As cyber threats are evolving at a rapid pace, and firewalls and antiviruses are considered antiquated solutions, companies are constantly looking for the most advanced ways to protect their critical data.

    Artificial intelligence and machine learning are now an integral part of cybersecurity. With cyber attacks becoming more serious, and in some cases endangering human lives, artificial intelligence could be the key to security.

    Join this panel of top security experts as they discuss the role of AI and machine learning in cyber attacks, cyber protection and what the future of security looks like.
    - The impact of AI/ML on security
    - Trends in cyber attacks
    - How to best protect against them and secure our critical assets

    Moderator:
    - Demetrios "Laz" Lazarikos, Three Time CISO, Founder of Blue Lava

    Panelists:
    - Sven Krasser, Chief Scientist, CrowdStrike
    - Alex Pinto, Co-Founder & Chief Data Scientist, Niddel
    - Jisheng Wang, ‎Senior Director of Data Science, CTO Office - Aruba, a Hewlett Packard Enterprise company
  • Secure Coding Practices: Avoiding SQL Injection Attacks
    Secure Coding Practices: Avoiding SQL Injection Attacks Zach Jones, Sr. Manager - TRC Static Code Analysis, WhiteHat Security Jul 25 2017 5:00 pm UTC 60 mins
    SQL injection attacks enable attackers to tamper with, delete or steal sensitive data from corporate databases. In this webinar, Zach Jones, senior manager for static code analysis from WhiteHat Security’s Threat Research Center, will discuss SQL injection attacks and how to best defend against them.

    In this webinar, we will:
    - Provide examples of vulnerable code
    - Discuss data boundary concepts between input and target interpreters
    - Explain the differences and advantages of using parameterized queries versus custom stored procedures
    - Discuss the pitfalls of using selective parameterization or trying to sanitize inputs by escaping or encoding them manually

    WhiteHat Security has extensive experience working with customers to identify and fix the latest web application vulnerabilities. Join us to gain a deeper understanding of common web application vulnerabilities, get expert technical advice on defensive tactics, and learn best practices to safeguard your apps from being exploited.
  • Proofpoint Customer Technical Webinar: Imposter Emails & BEC Attacks
    Proofpoint Customer Technical Webinar: Imposter Emails & BEC Attacks Nathan Chessin - Director Field Sales Engineering, Jason Ford - Sr. Systems Engineer, Nick Sullivan - Sr. Systems Engineer Jul 25 2017 5:00 pm UTC 60 mins
    More than 90% of targeted attacks start with email fraud. Learn how to gain insight into, and effectively defend against, these attacks.

    Join us for a Proofpoint technical webinar, brought to you by engineers, for engineers.  This session will focus on effectively defending your domains from impostors and fraudsters attacking your organization, your customers and your partners.
     
    Topics will include:
    • The Threat Landscape
    • SMTP Standards and Evolution
    • Stop Attacks with Visibility & Authentication
    • Configuring Email Protection to help block imposter threat
    • Creating DMARC reporting in less than 10 minutes
  • Securing Network Equipment with Trust and Integrity
    Securing Network Equipment with Trust and Integrity Steve Hanna, Senior Principal at Infineon Technologies and Michael Eckel, Security Technologist at Huawei Technologies Jul 25 2017 5:00 pm UTC 60 mins
    Interconnected networks are critical to the operation of a broad and growing range of devices and services, from computers and phones to industrial systems and critical infrastructure.

    The integrity and security of routers, switches, and firewalls is essential to network reliability, as well as to the integrity and privacy of data on these networks. As increasingly sophisticated attacks are launched on network equipment, strong protection mechanisms for network equipment, both on the device and service level, is required.

    TCG recently has issued its Guidance for Securing Network Equipment with use-cases and implementation approaches to solve these problems, designed to help system designers and network architects get the best security possible from this powerful technology.
    Join TCG experts to learn about using device identity, securing secrets, protecting configuration data, inventorying software, conducting health checks, using licensed feature authorization and more.

    Speakers:

    Steve Hanna, Senior Principal at Infineon Technologies, currently chairs TCG’s Embedded Systems and IoT groups and driving the effort for a new industrial IoT group within the organization. He has been active in the Industrial Internet Consortium and its security efforts as well. He is the author of several IETF and TCG standards and published papers, an inventor or co-inventor on 41 issued U.S. patents; and holds a Bachelor’s degree in Computer Science from Harvard University.

    Michael Eckel is a Security Technologist at Huawei Technologies. Previously, he was a researcher and software developer at Fraunhofer SIT; mobile software developer at boostix and a web and software developer for a number of other companies. He holds a masters degree in computer science. Eckel currently participates in the Trusted Computing Group’s NetEQ subgroup, working to secure vulnerable network equipment.
  • [Breach Prevention] How does Credential Theft Affect Your Organization?
    [Breach Prevention] How does Credential Theft Affect Your Organization? Brian Tokuyoshi, Sr Product Marketing Manager, Palo Alto Networks Jul 25 2017 5:00 pm UTC 60 mins
    The effects of a credential-based attack differs by organization and by job function. In this session, we will cover a look at how these attacks affect different types of organizations, along with the analysis and demonstration of how an attack is done.

    In this session, hear about:
    * Credential theft industry research coverage
    * Industry analysis of the problem space
    * Application of the credential theft lifecycle in light of recent attacks
  • Mitigate Threats with Context-aware Vulnerability Assessment and Risk Analysis
    Mitigate Threats with Context-aware Vulnerability Assessment and Risk Analysis Anand Visvanathan, Principal Product Manager, Symantec Jul 25 2017 5:00 pm UTC 60 mins
    Most vulnerability management solutions do little to help security leaders put vulnerability and risk information in the context of business.

    Attend this webcast to learn about the newly released Symantec Control Compliance Suite Vulnerability Manager and how it can help you:

    • proactively identify security exposures

    • analyze business impact

    • plan and conduct remediation

    Register today!
  • Your Small Business Will Be Hacked - Because It Is Easy
    Your Small Business Will Be Hacked - Because It Is Easy Sean Martin, ITSPmagazine | Rusty Sailors, LP3 | Russell Mosley, Dynaxys | Tom Caldwell, Webroot Jul 25 2017 6:00 pm UTC 60 mins
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -

    Small and medium businesses face countless threats, most of which have a human at their origin. These criminals, driven by financial gain, are essentially business owners – not unlike yourself – who are looking to spend as little money and as few resources as necessary to generate as much revenue as possible. Therefore, most cybercriminals target businesses that have a false sense of security.

    Why would a cybercriminal spend a fortune going after a Fortune 1,000 when they can spend a few bucks to crack a small business? Exactly!

    During this live webinar, we’ll explore the types of threats that small and medium businesses face and the business risk associated with these threats. It’s easier to get hacked than you think and it’s only a matter of time before it happens. Will your business be prepared? Are you doing everything you can to protect yourself beforehand?

    Knowing that perfection is not possible, our panel of experts will look at 4 key steps that small and medium businesses should take to reach a reasonable level of cybersecurity:

    - How to conduct an analysis to determine risk and the need to focus on cybersecurity within your business
    - How to assess the cost of a breach, a loss of information and the impact that a cybersecurity event can have on your customers and partners
    - How to create a plan to protect your systems, information, revenue and customers’ data
    - Best practices for guiding your implementation, from segmentation to employee access control policies to information protection controls

    Join us for an extremely informative session geared towards small and medium business owners and their IT staff.

    Moderator:
    Sean Martin, CISSP, Editor-in-Chief, ITSPmagazine

    Panelists:
    Rusty Sailors, President / CTO at LP3 and Chairman, Protecting Tomorrow
    Russell Mosley, Director, Infrastructure & Security, Dynaxys
    Tom Caldwell, Senior Director of Engineering at Webroot
  • The Side Effects of the Internet of Things
    The Side Effects of the Internet of Things Chenxi Wang, ITSPmagazine | Ted Harrington, ISE | Gary Hayslip, Webroot | Mike Ahmadi, Synopsis Jul 25 2017 9:00 pm UTC 60 mins
    - Broadcast LIVE from Las Vegas during Black Hat 2017 -
    Innovation is moving so fast. Each day there's a new device or technological service to hit the market designed to make our lives easier, more convenient, and perhaps even healthier. They listen to us, watch us, learn about us. They help us make decisions. They “guess” our next move - our pending desire. They make decisions - even take action on our behalf. As a society we snatch up these new devices as quickly as they hit the shelves and use them with open arms, unknowingly putting our privacy and safety at risk.

    How many devices are there? What are they used for? In this session, we’ll focus on the side effects associated with devices used to run our countries, our cities, our homes, our lives - even our physical being.

    Ultimately, it’s about the lack of cybersecurity - because there is a lack of cybersecurity, there’s no conversation about it, and therefore there is no understanding (awareness) of what’s at risk for using these devices. It’s not necessarily a bad thing - but the fact we are making uninformed decisions as a society means we could be putting ourselves and our loved ones at risk without even knowing it.

    This panel is part 1 of 2 parts - it’s all about the lack of security and the side effects it has on us as individuals and as a society. What are we trading in exchange for using these devices to make our lives “better”? Bottom line... are you (we) surrendering to the technology?

    PANELISTS
    - Ted Harrington, Executive Partner at Independent Security Evaluators
    - Gary Hayslip, Vice President & CISO, Webroot
    - Mike Ahmadi, Director of Critical Systems Security, Synopsys Software Integrity Group

    MODERATOR
    - Chenxi Wang, Host of The New Factor on ITSPmagazine
  • The Evolution of SSL/TLS and Browser Compliance Requirements in 2017
    The Evolution of SSL/TLS and Browser Compliance Requirements in 2017 Dathan Demone, Entrust Datacard Jul 25 2017 11:00 pm UTC 60 mins
    SSL/TLS Industry requirements are changing at an unprecedented pace. Over the last couple of years, new requirements have been passed down by the CA and browser community to help further solidify the security practices around obtaining and using SSL/TLS and other types of publicly trusted certificates. Over the next 12 months, more important changes are being introduced to continue that trend. Join Dathan Demone, Product Manager at Entrust Datacard, who will discuss both past and future changes that will have a major impact on all certificate subscribers. In this Webinar, we will discuss topics such as:

    • New changes coming to browsers and how they notify end users about the proper use of SSL/TLS on all web pages
    • Changes to certificate lifetime policies and verification rules that are being introduced in 2017
    • New requirements around Certificate Transparency that are being introduced in October, 2017
    • Updates to recommended security best practices and new vulnerabilities in the world of SSL/TLS
    • Certificate Authority Authorization and how this can be used to protect your organization against fraud
  • Prevent Major Data Breaches with Threat Lifecycle Management
    Prevent Major Data Breaches with Threat Lifecycle Management Seth Goldhammer, Senior Director of Product Management Jul 26 2017 12:00 am UTC 60 mins
    Throughout 2017 organisations will continue to be confronted by increasingly frequent and complex cyber threats. It’s not a matter of if your organisation will be compromised, but when.

    A traditional prevention-centric strategy naively assumes all threats can be blocked at the perimeter, which leaves you blind to the threats that do get in. Many organisations are shifting to a more balanced strategy including detection and response. Enter Threat Lifecycle Management (TLM) - your playbook for rapidly detecting and responding to cyber-attacks.

    In this webcast, Seth Goldhammer, senior director of product management at LogRhythm, explains what TLM is, and demonstrates how the end-to-end security workflow helps reduce your mean time to detect and respond to cyber threats.