Hi [[ session.user.profile.firstName ]]

IT Security

  • Activated Charcoal: Making sense of endpoint data Activated Charcoal: Making sense of endpoint data Greg Foss, Head of Global Security Operations, LogRhythm and Sarah Miller Threat Intelligence Analyst, Carbon Black Live 60 mins
    Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you are able to highlight trends, find flaws and resolve issues.

    This webcast will cover the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.

    You’ll discover:

    - Why endpoints are the new perimeter
    - How employees can strengthen your security operations strategy
    - Techniques to test and validate security awareness program
    - How to take the data that Carbon Black collects, correlate it against thousands of endpoints, and dynamically neutralize threats using the LogRhythm security intelligence and analytics platform

    Register now to learn how LogRhythm and Carbon Black can help you strengthen your overall security operations strategy—all within a single interface.
  • Understanding the European NIS Directive Understanding the European NIS Directive Nathan Martz, Principal Strategic Consultant, Central Europe, Mandiant Recorded: Oct 26 2016 25 mins
    The European Cybersecurity policy - the Network Information Security (NIS) Directive - is about to become the new law that sets security standards for many organisations across Europe.

    Recent research carried out by FireEye shows that many organisations are not fully prepared to implement the legislation, which comes into effect in less than two years' time, and it is critical these organisations begin preparing now to be in compliance and not be caught unprepared.

    In this webinar, Mandiant’s Nathan Martz, Principal Strategic Consultant for Central Europe, will cover:
    -The basics of the European Cybersecurity policy - the Network Information Security (NIS) Directive
    -Timeline, key components and possible penalties for noncompliance
    -Practical recommendations on compliance and security standards to keep your company prepared

    We look forward to welcoming you to the webinar.
  • eSummit 3 Cyber-Forensics - an Overview of Intrusion Investigations eSummit 3 Cyber-Forensics - an Overview of Intrusion Investigations Dr. Gareth Owenson, Senior Lecturer, University of Portsmouth, Christopher Laing,(ISC)2 EMEA Advisory Board Member Recorded: Oct 26 2016 41 mins
    Dr Gareth Owenson is the course leader for the Forensic Computing programme at the University of Portsmouth. He teaches extensively in forensics, cryptography and malware analysis. His research expertise is in darknets, where he is presenting working on alternative approaches that may lead to novel applications of the blockchain. Gareth also has a strong interest in Memory Forensics, and undertakes work into application-agnostic extraction of evidence by using program analysis.

    Gareth has a PhD in Computer Science (2007) and has taught at several Universities throughout the UK.
  • eSummit 2 - Phishing attacks and Forensics – Where did it all go wrong? eSummit 2 - Phishing attacks and Forensics – Where did it all go wrong? Matthias Maier, Security Evangelist EMEA, Splunk, Christopher Laing, (ISC)2 EMEA Advisory Board Member Recorded: Oct 26 2016 46 mins
    Phishing and Spear Phishing attacks are the number one starting point for most large data breaches. However, no traditional security technology is currently able to mitigate the risks associated with these type of threats. Join this webinar to learn why phishing attacks are so successful, what capabilities organizations need to carry out a forensic investigation and what questions you need to be able to answer following an attack to respond effectively.
  • eSummit 1 - How I learned to stop worrying and love forensics eSummit 1 - How I learned to stop worrying and love forensics Simon Biles, Digital Forensic Analyst, Forensic Equity Limited, Christopher Laing, (ISC)2 EMEA Advisory Board Member Recorded: Oct 26 2016 49 mins
    There is no such thing as a "secure" system - we do our level best to design them as well as we can, to put controls and measures in place - but, at the end of the day, things can and do go awry. Today we are going to talk about Forensics, and how it is the opposite side of the coin from security. What can we do in advance to aid in forensic investigation? What do we do at the point of a compromise to allow us to preserve as much evidence as is possible? And, ultimately, how to we take a forensic analysis and learn from it to create a better system the next time?
  • Best Practices on Operational Efficiency in Network Security Best Practices on Operational Efficiency in Network Security Presenter: Michael Ferguson, Strategic Security Solutions Consultant, Forcepoint Recorded: Oct 26 2016 63 mins
    Most businesses prefer to control the day-to-day operations of their networks using their own resources. The increasing complexity of modern networks means that the overall acquisition, control and deployment for network security projects is far more challenging than before. With decreasing IT budgets and limited resources within high growth businesses; how are network teams expected to improve operational efficiency without sacrificing quality of service and service level agreements?

    In a world that is fraught with new security exploits, maintaining operational efficiency with a low impact on resource and cost can be very difficult.

    What are the best practices for maintaining an operationally efficient network security deployment? How do network teams stay on-top of daily routine tasks, such as policy configuration, upgrades and network security monitoring? How can network teams be enabled to focus on mission critical projects through automation?

    Learn from case studies about network security and firewalls which enable the deployment of firewalls within highly distributed networks without sacrificing time or security.

    Join Forcepoint and (ISC)² on Oct 26 (Wed) at 1:00p.m. (Singapore time) in learning the best practices on operational efficiency in network security.

    Presenter: Michael Ferguson, Strategic Security Solutions Consultant, Forcepoint

    Moderator: Clayton Jones, Managing Director, Asia-Pacific, (ISC)²
  • Auto Scaling Next-Gen Firewalls on AWS Auto Scaling Next-Gen Firewalls on AWS Matt Keil, Director of Product Marketing, Data Center and Warby Warburton, Manager, Technical Marketing Engineering Recorded: Oct 25 2016 46 mins
    Through integration with AWS services, like Auto Scaling and AWS Elastic Load Balancing (AWS ELB), you can now build a next-generation security infrastructure that will dynamically, yet independently, scale to protect your AWS workloads as their traffic patterns fluctuate. This architecture will allow you to reduce costs by utilizing the firewall capacities intelligently and efficiently based on user-defined metrics. By scaling the security separately from the application workloads, this solution allows each firewall to be identically configured and managed centrally, resulting in lower administrative costs.

    Join us for an educational webinar to learn how you can scale next-generation security using AWS Auto Scaling and ELB. Using native AWS Services and VM-Series automation features, you can now dynamically, yet independently scale the VM-Series next-generation firewalls on AWS.

    This webinar will cover
    • Auto Scaling the VM-Series architecture
    • Auto Scaling and ELB integration details
    • Alternative architectures for protecting many VPCs
  • Finding the Holy Grail: Data Security AND Privacy Finding the Holy Grail: Data Security AND Privacy Robert Ball, Global Privacy Officer and Chief Legal Officer at Ionic Security, Inc. Recorded: Oct 25 2016 43 mins
    Privacy vs. security, security vs. privacy… the debate is ongoing. Why can’t we have both? Good news: by leveraging the appropriate mix of policies, procedures and enabling technologies, it is possible to secure data AND control access to it in a way that ensures proper application of privacy policies.
  • Compliance as Code with InSpec 1.0 Compliance as Code with InSpec 1.0 Christoph Hartmann, InSpec core contributor & George Miranda, Global Partner Evangelist Recorded: Oct 25 2016 60 mins
    InSpec is an open-source testing framework with a human-readable language for specifying compliance, security and other policy requirements. Just as Chef treats infrastructure as code, InSpec treats compliance as code. The shift away from having people act directly on machines to having people act on code means that compliance testing becomes automated, repeatable, and versionable.

    Traditionally, compliance policies are stored in a spreadsheet, PDF, or Word document. Those policies are then translated into manual processes and tests that often occur only after a product is developed or deployed. With InSpec, you replace abstract policy descriptions with tangible tests that have a clear intent, and can catch any issues early in the development process. You can apply those tests to every environment across your organization to make sure that they all adhere to policy and are consistent with compliance requirements.

    Inspec applies DevOps principles to security and risk management. It provides a single collaborative testing framework allowing you to create a code base that is accessible to everyone on your team. Compliance tests can become part of an automated deployment pipeline and be continuously applied. InSpec can be integrated into your software development process starting from day zero and should be applied continuously as a part of any CI/CD lifecycle.

    In this webinar, we’ll explore how InSpec can improve compliance across your applications and infrastructure.

    Join us to learn about:
    - What’s new in InSpec 1.0
    - InSpec enhancements for Microsoft Windows systems
    - Integration between InSpec and Chef Automate

    Who should attend:
    Security experts, system administrators, software developers, or anyone striving to improve and harden their systems one test at a time.
  • Racing Against Nation States on the Automation Continuum Racing Against Nation States on the Automation Continuum CP Morey, VP Products & Marketing at Phantom Cyber Recorded: Oct 25 2016 34 mins
    Both Presidential candidates agree on the need for increased spending on our nation’s infrastructure. While we tend to think first of bridges, roads, and other physical features, cyber is also an area impossible to ignore given the pervasiveness of technology in our lives.

    Without question, the speed, sophistication, and volume of cyber security attacks is constantly changing. In the case of nation states, the motives are also shifting from spying and surveillance to using offensive capabilities to attack critical infrastructure, national security assets, and even the political system itself. It’s no longer just about the money; safety and even lives may be at stake.

    Adversaries are attacking us at an unmanageable scale. For instance, research sponsored by Department of Homeland Security and NSA showed environments with security event traffic of more than 1 billion alerts per day. Even after reducing the load to 1 million alerts per day with correlation and other tools, more than 20,000 human analysts would be needed to respond.

    State-backed adversaries are using automation against us. It’s time we do the same, and projects like Integrated Adaptive Cyber Defense at Johns Hopkins Applied Physics Lab are leading us there.

    Join our webcast to learn how public and private organizations are progressing on the security automation continuum from simple security lifecycle management to predictive response strategies.
  • Rethink Security for SaaS: Power of the Platform Rethink Security for SaaS: Power of the Platform Anuj Sawani, Product Marketing Manager, Navneet Singh, Product Marketing Director Recorded: Oct 25 2016 60 mins
    The challenges of SaaS applications such as Office 365 or Box are already here whether they are enabled by IT or end users themselves. With the adoption of SaaS, your data is now outside your traditional network perimeter and any changes to how the data is shared, who it is shared with and if it is free of malware is no longer known by your organization. History has shown that when a significant risk arises, a point solution is applied to address it. Defenses made up of multiple point products that do not integrate leave gaps that may expose your organization to attack.

    Join us for this live webinar where we will examine the various stages of a real-world attack targeting your SaaS applications. You will learn how to prevent these attacks at every single point in the security kill chain with a natively integrated Next Generation Security Platform and learn how to:

    * Gain visibility and granular, context-based control of SaaS applications

    * Protect corporate data from malicious and inadvertent exposure after it has left the traditional corporate perimeter.

    *Satisfy compliance requirements while still maintaining the benefits of SaaS based application services
  • The Why and How of Monitoring DICOM Performance The Why and How of Monitoring DICOM Performance ExtraHop Networks Recorded: Oct 25 2016 19 mins
    Radiology departments and medical imaging units are among the fastest-growing, most profitable services provided by healthcare organizations. DICOM (Digital Imaging and Communications in Medicine), is a binary, upper-level protocol used to store and transmit medical images. When DICOM deployments malfunction, or work slowly, patient experience suffers, and cashflow drops.

    Monitoring DICOM with an eye for performance optimization is increasingly critical for successful healthcare providers. This webinar discusses how ExtraHop can provide the visibility needed to maintain peak DICOM performance in deployments of any size.
  • Attain PCI Compliance without AV Attain PCI Compliance without AV Michael Moshiri Director, Advanced Endpoint Protection Recorded: Oct 25 2016 51 mins
    Many PCI-compliant organizations continue to deploy traditional AV -- not because of its superior security capabilities, but because they wrongly assume it’s required to remain PCI compliant. Join us for this webinar to learn how to achieve and maintain PCI compliance while replacing traditional AV with superior security capabilities, specifically:

    •Which PCI requirements prescribe the use of traditional AV
    •How auditors and Qualified Security Assessors (QSA) interpret those requirements today
    •How Palo Alto Networks customers replace traditional AV with real prevention -- while maintaining PCI compliance

    Read CoalFire PCI DSS Validation of Traps

    Learn More About Traps
  • Automating Security and License Compliance in Agile DevOps Environments Automating Security and License Compliance in Agile DevOps Environments Utsav Sanghani Product Manager Integrations, Partnerships & On-Demand, Black Duck Recorded: Oct 25 2016 41 mins
    Yes, it’s possible to automate open source security and license compliance processes and maintain DevOps agility. In this webinar, Product Manager Utsav Sanghani will demonstrate how Black Duck Hub plugs into Jenkins to address open source license compliance and security risks as part of an overall release process. He will cover:
    - Automating and managing open source security as part of the SDLC
    - Defining and implementing custom policies that prevent potential open source risks
    - Issue management and remediation workflow, with ideas on how going left translates into greater savings
  • Best Practices: Architecting Security for Microsoft Azure VMs Best Practices: Architecting Security for Microsoft Azure VMs Oliver Pinson-Roxburgh, EMEA Director of Solutions Architecture Recorded: Oct 25 2016 61 mins
    Do you know if your workloads are secure? Do you have the same security and compliance coverage across all of the cloud platforms and datacenters running your critical applications? Are you having to design your security framework each time you deploy to a new region or datacentre?

    Whether you’re working with multiple cloud environments or exclusively on Azure, there are certain things you should consider when moving assets to Azure. As with any cloud deployment, security is a top priority, and moving your workloads to the cloud doesn’t mean you’re not responsible for the security of your operating system, applications and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your Azure environment is secure.

    Register for this impactful webinar as we discuss step-by-step what you need to do to secure access at the administrative, application and network layers.

    In this webinar, we will take a look at:
    • The Shared Security Model: What security you are responsible for to protect your content, application, systems and networks
    • Best practices for how to protect your environment from the latest threats
    • Learn how traditional security approaches may have limitations in the cloud
    • How to build a scalable secure cloud infrastructure on Azure
  • Tips on Anyalyzing and Modeling Complex Data Sets Tips on Anyalyzing and Modeling Complex Data Sets Scott Dallon, BrainStorm, Inc. Recorded: Oct 25 2016 20 mins
    Discover how businesses turn big data into meaningful insights to help make organizations work smarter, and make better decisions faster.

    Join Scott Dallon to learn tips on analyzing and modeling complex data sets!
  • Ransomware - To pay or not to pay? Ransomware - To pay or not to pay? Peter Mackenzie, Malware Escalations Manager, Sophos Recorded: Oct 25 2016 60 mins
    Flying spiders, snakes, and ghosts are long gone. Ransomware is now the stuff of nightmares and it’s easy to see why.

    Ransomware has become one of the most widespread and damaging threats internet users now face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike.

    Join Sophos ransomware pro, Peter Mackenzie, as he shows us how ransomware attacks work, explains why so many new infections keep surfacing, and what practical precautions you can take to protect your organisation.

    If this webinar doesn’t help an IT Hero sleep at night, we don’t know what will.