The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.
- Broadcast LIVE from Las Vegas during Black Hat 2017 -
As a society, we continue to focus on the capabilities that new technological products and services bring to bear, leaving the security - or rather, the safety - conversation for a later date and time… if at all.
Why is this? Perhaps it’s because we don’t care. Or, perhaps it’s because we don’t understand how things work. Or, maybe it’s because we don’t know all the technical mumbo jumbo. Or, it could just be that we expect “someone else” to take care of it for us. For example, every car has a seat belt, right? We don’t have to ask for the car dealer to add seat belts for us and there really aren’t different types of seat belts available in the commercial car arena. Cars just come with seat belts - period. We expect them to be there - even if some people choose to not wear them.
Regardless of the reason(s) behind the lack of conversation surrounding cybersecurity, we should all be able to agree on one simple fact: we use these new gadgets and services completely unfettered - with little to no regard to the risks we face for our privacy and even our safety.
Attend this session to gain the initial knowledge necessary by:
- Learning to ask is this thing secure?
- Understanding how or why it is or isn’t safe to use.
- Identifying your role in your own cyber safety and that of those around you.
It’s time to open our eyes and become aware of our surroundings. Join us to become aware.
- Debra Farber, Host of The Privacy Pact, ITSPmagazine
- Chris Roberts, Chief Security Architect, Acalvio Technologies
- Dr. Christopher Pierson, CISO, Viewpost
- Arun Vishwanath, Associate Professor at SUNY Buffalo & Black Hat Presenter
Network engineers and system administrators can spend a great deal of time responding to user complaints and troubleshooting slow performance issues that are difficult to diagnose or replicate. Resolving those issues can be especially problematic if those applications are provided by a third-party vendor or hosted by third parties, such as SaaS EMR applications, claims processing applications, and practice management applications. Often, IT teams do not have enough visibility to determine root causes or to counter claims from third-party vendors and managed service providers that host applications. With real-time insight into end-user experience for these hosted applications, including application-level transaction details, IT teams can hold vendors accountable and identify root causes faster.
Learn how ExtraHop helps you identify the root cause of your IT problems, avoiding unnecessary friction among your IT teams and ransomware by providing full, real-time visibility into which devices are accessing network share and what type of behavior they are exhibiting, backed by machine learning for immediate anomaly detection.
Learn how to use the Palo Alto Networks next-generation security platform to disrupt the unique attack lifecycle used in credential-based attacks. In this session, get details about the strategies and key technologies for preventing both the theft and abuse of credentials.
In this session, get details on:
* Why the platform plays a critical role towards disrupting credential-based attacks
* Preventing the theft of credentials, using new PAN-OS 8.0 technologies
* Stopping the use of stolen credentials, through new multi-factor authentication capabilities in PAN-OS 8.0
Containers are exponentially growing as an agile and efficient way to deploy applications on the cloud. This opens new security challenges for cloud environments. In this session, learn about how Imperva SecureSphere can protect applications leveraging Amazon’s EC2 Container Service (ECS) and walk through a brief demonstration on configuring SecureSphere alongside applications using ECS.
Traditional Endpoint Protection (EPP) products have failed to detect advanced malware that easily evade signature-based antivirus solutions. To counteract this problem, Gartner reports that 100% of EPP solutions will incorporate Endpoint Detection and Response (EDR) capabilities, focused heavily on security analytics and incident response.
Even so, customers are realizing that protecting endpoints alone is not enough to prevent security breaches. That’s where a managed detection and response (MDR) service comes into play. MDR provides 360-degree visibility into endpoints and security devices, and offers 24/7 network monitoring.
In this webinar, you will learn:
- What EDR vendors offer beyond EPP solutions
- Why Endpoint Detection and Response alone is not enough
- How Managed Detection and Response (MDR) makes up for EDR shortcomings
The Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network. The team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet.
What types of malware do we catch most often in the wild? Which network services do attackers commonly target? What are the most popular attacks in different regions of the world? Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.
- Broadcast LIVE on Wednesday 7/26 @ 9:00 am PDT from Las Vegas during Black Hat 2017 -
Cybersecurity investment has gone through the roof in recent years. Yet, there is a global shortage of qualified professionals to fill a growing number of open cybersecurity roles. According to a recent study by Frost & Sullivan, the global cybersecurity workforce will be short by around 1.8 million people by 2022.
How do organizations cope with the growing demand for security professionals, especially in an age of ever-expanding attack surface and more frequent and sophisticated cyber attacks?
Join this live video panel of experts as they discuss the current trends shaping the cybersecurity industry, the need for diversity and inclusion, and strategies enterprises can employ to stay ahead of the game.
- Joyce Brocaglia, Founder/CEO of Alta Associates & Founder of the Executive Women's Forum
- Angela Messer, Senior Partner, Cyber Business and Talent Lead, Booz Allen Hamilton
- Jason Painter, Co-Founder & President of Queercon, the largest social network of LGBT hackers in the world
- Suzanne Hall, Managing Director, Advisory Services, PwC
Throughout 2017 organisations will continue to be confronted by increasingly frequent and complex cyber threats. It’s not a matter of if your organisation will be compromised, but when.
A traditional prevention-centric strategy naively assumes all threats can be blocked at the perimeter, which leaves you blind to the threats that do get in. Many organisations are shifting to a more balanced strategy including detection and response. Enter Threat Lifecycle Management (TLM) - your playbook for rapidly detecting and responding to cyber-attacks.
In this webcast, Seth Goldhammer, senior director of product management at LogRhythm, explains what TLM is, and demonstrates how the end-to-end security workflow helps reduce your mean time to detect and respond to cyber threats.
SSL/TLS Industry requirements are changing at an unprecedented pace. Over the last couple of years, new requirements have been passed down by the CA and browser community to help further solidify the security practices around obtaining and using SSL/TLS and other types of publicly trusted certificates. Over the next 12 months, more important changes are being introduced to continue that trend. Join Dathan Demone, Product Manager at Entrust Datacard, who will discuss both past and future changes that will have a major impact on all certificate subscribers. In this Webinar, we will discuss topics such as:
• New changes coming to browsers and how they notify end users about the proper use of SSL/TLS on all web pages
• Changes to certificate lifetime policies and verification rules that are being introduced in 2017
• New requirements around Certificate Transparency that are being introduced in October, 2017
• Updates to recommended security best practices and new vulnerabilities in the world of SSL/TLS
• Certificate Authority Authorization and how this can be used to protect your organization against fraud
GOV.UK Verify is a new simple way for UK citizens to access an increasing range of UK government services online. This is the first government service in the world to make support for the new open authentication standard FIDO U2F.
UK citizens can easily purchase a FIDO U2F authenticator online and register it with Digidentity, one of the UK government’s certified identity service providers. Yubico’s durable FIDO U2F-certified YubiKeys work with a single touch, and need no drivers or client software. YubiKeys are used by millions of people in over 160 countries.
FIDO Universal 2nd Factor (U2F) is an open authentication standard that enables internet users to securely access any number of online services, with one single YubiKey device, instantly and with no drivers or client software needed.
U2F leverages public key cryptography, protecting against modern hacker techniques used in the current breach-filled world. Major online services -- such as GitHub, Google, and Dropbox -- are leading the way to protect their employees and global users with U2F.
This technical webinar provides an introduction to concepts on how to implement U2F, including code examples using Python.
- Broadcast LIVE from Las Vegas during Black Hat 2017 -
Innovation is moving so fast. Each day there's a new device or technological service to hit the market designed to make our lives easier, more convenient, and perhaps even healthier. They listen to us, watch us, learn about us. They help us make decisions. They “guess” our next move - our pending desire. They make decisions - even take action on our behalf. As a society we snatch up these new devices as quickly as they hit the shelves and use them with open arms, unknowingly putting our privacy and safety at risk.
How many devices are there? What are they used for? In this session, we’ll focus on the side effects associated with devices used to run our countries, our cities, our homes, our lives - even our physical being.
Ultimately, it’s about the lack of cybersecurity - because there is a lack of cybersecurity, there’s no conversation about it, and therefore there is no understanding (awareness) of what’s at risk for using these devices. It’s not necessarily a bad thing - but the fact we are making uninformed decisions as a society means we could be putting ourselves and our loved ones at risk without even knowing it.
This panel is part 1 of 2 parts - it’s all about the lack of security and the side effects it has on us as individuals and as a society. What are we trading in exchange for using these devices to make our lives “better”? Bottom line... are you (we) surrendering to the technology?
- Ted Harrington, Executive Partner at Independent Security Evaluators
- Gary Hayslip, Vice President & CISO, Webroot
- Mike Ahmadi, Director of Critical Systems Security, Synopsys Software Integrity Group
- Chenxi Wang, Host of The New Factor on ITSPmagazine
- Broadcast LIVE from Las Vegas during Black Hat 2017 -
Small and medium businesses face countless threats, most of which have a human at their origin. These criminals, driven by financial gain, are essentially business owners – not unlike yourself – who are looking to spend as little money and as few resources as necessary to generate as much revenue as possible. Therefore, most cybercriminals target businesses that have a false sense of security.
Why would a cybercriminal spend a fortune going after a Fortune 1,000 when they can spend a few bucks to crack a small business? Exactly!
During this live webinar, we’ll explore the types of threats that small and medium businesses face and the business risk associated with these threats. It’s easier to get hacked than you think and it’s only a matter of time before it happens. Will your business be prepared? Are you doing everything you can to protect yourself beforehand?
Knowing that perfection is not possible, our panel of experts will look at 4 key steps that small and medium businesses should take to reach a reasonable level of cybersecurity:
- How to conduct an analysis to determine risk and the need to focus on cybersecurity within your business
- How to assess the cost of a breach, a loss of information and the impact that a cybersecurity event can have on your customers and partners
- How to create a plan to protect your systems, information, revenue and customers’ data
- Best practices for guiding your implementation, from segmentation to employee access control policies to information protection controls
Join us for an extremely informative session geared towards small and medium business owners and their IT staff.
Sean Martin, CISSP, Editor-in-Chief, ITSPmagazine
Rusty Sailors, President / CTO at LP3 and Chairman, Protecting Tomorrow
Russell Mosley, Director, Infrastructure & Security, Dynaxys
Tom Caldwell, Senior Director of Engineering at Webroot
The effects of a credential-based attack differs by organization and by job function. In this session, we will cover a look at how these attacks affect different types of organizations, along with the analysis and demonstration of how an attack is done.
In this session, hear about:
* Credential theft industry research coverage
* Industry analysis of the problem space
* Application of the credential theft lifecycle in light of recent attacks
More than 90% of targeted attacks start with email fraud. Learn how to gain insight into, and effectively defend against, these attacks.
Join us for a Proofpoint technical webinar, brought to you by engineers, for engineers. This session will focus on effectively defending your domains from impostors and fraudsters attacking your organization, your customers and your partners.
Topics will include:
• The Threat Landscape
• SMTP Standards and Evolution
• Stop Attacks with Visibility & Authentication
• Configuring Email Protection to help block imposter threat
• Creating DMARC reporting in less than 10 minutes
SQL injection attacks enable attackers to tamper with, delete or steal sensitive data from corporate databases. In this webinar, Zach Jones, senior manager for static code analysis from WhiteHat Security’s Threat Research Center, will discuss SQL injection attacks and how to best defend against them.
In this webinar, we will:
- Provide examples of vulnerable code
- Discuss data boundary concepts between input and target interpreters
- Explain the differences and advantages of using parameterized queries versus custom stored procedures
- Discuss the pitfalls of using selective parameterization or trying to sanitize inputs by escaping or encoding them manually
WhiteHat Security has extensive experience working with customers to identify and fix the latest web application vulnerabilities. Join us to gain a deeper understanding of common web application vulnerabilities, get expert technical advice on defensive tactics, and learn best practices to safeguard your apps from being exploited.
Interconnected networks are critical to the operation of a broad and growing range of devices and services, from computers and phones to industrial systems and critical infrastructure.
The integrity and security of routers, switches, and firewalls is essential to network reliability, as well as to the integrity and privacy of data on these networks. As increasingly sophisticated attacks are launched on network equipment, strong protection mechanisms for network equipment, both on the device and service level, is required.
TCG recently has issued its Guidance for Securing Network Equipment with use-cases and implementation approaches to solve these problems, designed to help system designers and network architects get the best security possible from this powerful technology.
Join TCG experts to learn about using device identity, securing secrets, protecting configuration data, inventorying software, conducting health checks, using licensed feature authorization and more.
Steve Hanna, Senior Principal at Infineon Technologies, currently chairs TCG’s Embedded Systems and IoT groups and driving the effort for a new industrial IoT group within the organization. He has been active in the Industrial Internet Consortium and its security efforts as well. He is the author of several IETF and TCG standards and published papers, an inventor or co-inventor on 41 issued U.S. patents; and holds a Bachelor’s degree in Computer Science from Harvard University.
Michael Eckel is a Security Technologist at Huawei Technologies. Previously, he was a researcher and software developer at Fraunhofer SIT; mobile software developer at boostix and a web and software developer for a number of other companies. He holds a masters degree in computer science. Eckel currently participates in the Trusted Computing Group’s NetEQ subgroup, working to secure vulnerable network equipment.
Technology is improving retail operations and enhancing the customer experience. The “Smart Store” has come to life with the rise of the Internet of Things, inspiring stores to adopt applications such as digital signage and IoT sensors.
Sign up for this webcast with Ken Hosac, Vice President at Cradlepoint, to learn more about how Smart Stores concepts are changing the dynamics of the shopping experience, creating new retail store standards, and how it’s all dependent upon a foolproof network connection.
- Broadcast LIVE from Las Vegas during Black Hat 2017 -
As cyber threats are evolving at a rapid pace, and firewalls and antiviruses are considered antiquated solutions, companies are constantly looking for the most advanced ways to protect their critical data.
Artificial intelligence and machine learning are now an integral part of cybersecurity. With cyber attacks becoming more serious, and in some cases endangering human lives, artificial intelligence could be the key to security.
Join this panel of top security experts as they discuss the role of AI and machine learning in cyber attacks, cyber protection and what the future of security looks like.
- The impact of AI/ML on security
- Trends in cyber attacks
- How to best protect against them and secure our critical assets
- Demetrios "Laz" Lazarikos, Three Time CISO, Founder of Blue Lava
- Sven Krasser, Chief Scientist, CrowdStrike
- Alex Pinto, Co-Founder & Chief Data Scientist, Niddel
- Jisheng Wang, Senior Director of Data Science, CTO Office - Aruba, a Hewlett Packard Enterprise company
Application delivery infrastructure resources are increasingly strained. The new features in modern Application Delivery Controllers along with the demands for SSL to comply with search engine ranking algorithms are major contributors to the problem. It means organizations have to find ways to scale their ADCs. But do they scale up? Or scale out? And how?.
Join us for this live webinar to discover:
oThe drivers for the requirement of scalable application delivery infrastructure like SSL adoption and expanding ADC feature sets
oThe pitfalls and limits of vertically scaling your ADC
oHow you can use equal-cost multi-path (ECMP) routing to horizontally (and nearly infinitely) scale your ADC
oHow to use Route Health Injection (RHI) to ensure availability of your ADC cluster
oExamples of organizations who have accomplished this with HAProxy
IT planners have far more options as to where to run their workloads than ever before. On-premises data centers, co-location facilities and managed services providers are now joined by hybrid multi-clouds – a combination of Software-, Infrastructure- and Platform-as-a-Service (SaaS, IaaS, and PaaS) execution venues. All have unique operational, performance and economic characteristics that need to be considered when deploying workloads.
In this Webinar Carl Lehmann, Principal Analyst with 451 Research, and Don Davis, Technology Director for Iron Mountain’s Data Center business will discuss how industry leading enterprises determine the best execution venues for their workloads by addressing:
•The market and technology trends that influence workload, data center and cloud strategy
•How to evaluate the characteristics of various workloads and execution venues
•How to manage workloads across on-premises and off-premises ecosystems
Attendees will learn how to formulate an IT strategy that can be used to guide the decision criteria needed for placing workloads on their best execution venues, and enable the migration and ongoing management of workloads across a hybrid multi-cloud enterprise architecture.
- Broadcast LIVE from Las Vegas during Black Hat 2017 -
Disruptors and visionaries across the globe are pushing the boundaries of science and technology, economics and industry, healthcare, policy, communications, and governance. From these advances emerge new career paths, educational disciplines, and opportunities for creation and discovery.
But things don't always work the way we expect them to, and the consequences of disruption are impossible to predict. What is sacrificed for the sake of efficiency or convenience? Who gets to make that call? Whose fault is it when pre-teens get radicalized online, or health records get misused for unauthorized research? And whose job is it to prevent that from happening? Is prevention even possible?
Individuals, enterprises, and society writ large have the right and responsibility to proactively shape and secure the future, but our ability to do so is at risk. As technology continues to proliferate without being well understood, people who fall victim to its failure or misuse feel more and more disempowered to prevent future damage. This is The Tech Effect: the complacency driven by the complexity of the technology ecosystem, and a rejection of responsibility for individual and collective safety, security, and ethics.
It’s time to take charge of our digital future.
Join us for this lively conversation as the experts explore the following:
- What is a technology ecosystem?
- Who are the players?
- What are their roles?
- What are the challenges with security and privacy?
- What are the challenges with ethics? How do they compete with capability, capitalism, security, and privacy?
- What might the long-term impact on humanity be?
With the recent global attacks of WannaCry and NotPetya, ransomware has taken the headlines in a massive way. But this is nothing new, the 2014 Crypto locker attacks still in the back of the minds of many organisations. In order to help organisations understand ways to cope with ransomware attacks SecureWorks very own CTU e-crimes lead, Alex Tilley, and senior incident responder, Dan Eden will discuss a brief history of ransomware. Discussing where ransomware originated, some examples of attacks from times gone by and discuss the what, the how, the why, and the who of some of these attacks. Alex and Dan will also provide some tips and tricks to give your organisation the ability to reduce the risk of ransomware affecting your organisation.
Policy? We have a policy? Have you read the policy? Thats right...who actually reads company policies?
Risk and compliance managers globally have lost the fight against user policy acceptance leading to increasing organisational risk and the decreased ability to stand up and demonstrate effective compliance to regulatory bodies.
Does it have to be this way? In this webinar, we
* Demo what we use to transform and make mainstream what is often boring and ignored.
* Show how you can effectively measure (yes measure and report) on how effective your policy implementation is.
* Better engage and enforce your policies with third parties.
As business success grows more reliant on data, technology, and third parties, CISOs and security leaders are finding themselves more often in the spotlight. They're being asked to brief board members, respond to third party requests, guide critical decisions, and make tough strategic calls. These increasing expectations are creating great opportunities for CISOs to shine, but to do so, they need to rise to the occasion. This webinar takes best practices and lessons learned from "superstar" CISOs, explaining what top security leaders are doing to lead their companies successfully through some of today's most complex business and technology challenges.
Traditionally Security was viewed as necessary cost center or an insurance policy you hoped you’d never have to cash in. Yet by automating security policy management you can actually save your organization both time and money and even enable and support the revenue generation processes.
Presented by Joe DiPietro, SE Director, this technical webinar will provide an overview of how automated security policy management goes beyond providing ROI and cost savings, to directly impacting business productivity and agility.
This webinar will:
* Highlight the security policy processes that can be automated, including challenges, benefits, planning and prioritization considerations.
* Provide an overview of the security management maturity model and highlight opportunities for automation and optimization for each stage of the model.
* Dissect and assess cost saving and revenue generation opportunities for specific key challenges including security change management, risk management, application migration, and auditing and compliance.
CSPs need to engage turnaround strategies to transform customer and employee experience issues across the sector. This will turn current challenges into positives for 2018 and beyond! The latest CX benchmarking report provides insightful findings about the top issues and how to address them through innovative solutions and services.
According to Joe Manuele, Dimension Data’s Group Executive, CX and Collaboration said: “The world has formed a digital skin and business, service, technology and commercial models have changed forever. However, organisations are strategically challenged to keep pace with customer behaviour.” Join us for this webinar where we’ll be discussing the CSP specific findings from the report.
Over the course of the past year, cyber-attacks have frequently made headlines. In 2017 alone, global ransomware damage costs are expected to exceed $5 billion, with the total cost of cyber-crime expected to reach trillions of dollars.
Darktrace has detected over 30,000 in-progress cyber-threats, and has firsthand experience with modern, never-before-seen attacks, including fast moving ransomware, new strains of malware, compromised IoT devices, malicious insiders, attacks on cloud environments, and more.
Join our Director of Cyber Analysis, Andrew Tsonchev, and our Lead Research Analyst, Bethany Edgoose, as they present Darktrace's 2017 Threat Report, review novel cyber-attacks, and break down how they were detected by the Enterprise Immune System.
A study by McKinsey suggests the increased operational risk of digital innovation threatens 6% of the net profit for a retail bank. Renowned hactivist group Anonymous’ OpIcarus; a Distributed Denial of Service (DDoS) attack siege on the world’s banking infrastructure and other well publicized successful attacks have exposed just how vulnerable banks are to such threats. The reality is modern day DDoS attacks are getting more frequent, more sophisticated, and are commonly used as a distraction during the data exfiltration stage of advanced threat campaigns. The unfortunately reality is that in many cases, these attacks succeed because the targets were simply inadequately prepared to stop them.
Join this webcast to learn:
•The latest trends in DDoS attacks.
•Commonly overlooked costs due to DDoS attacks.
•And best practices in DDoS attack defense.
Traditional methods for vulnerability discovery are failing us. With rapidly expanding attack surfaces, motivated adversaries, and the growing shortage of full-time infosec professionals, organizations are fighting a losing battle. One thing is clear: We need a new approach.
Enter the Bug Bounty model. Bug bounties have quickly evolved from a “nice to have” to a “must have” for most application security teams.
What’s behind this trend? Why are bug bounties growing, and why now?
Join our expert panel as we discuss the key findings from The 2017 State of Bug Bounty Report.
- Casey Ellis, Founder & CEO of Bugcrowd
- Jeremiah Grossman, Chief of Security Strategy at SentinelOne
- HD Moore, Founder of The Metasploit Project
Prevent, detect, respond and assess, all through a single agent
Did you know McAfee is no longer a leader in industries Magic Quadrant? While your endpoint security is at risk, how many agents/modules do they require you to install? How many servers? And with all that, are you getting the right level of endpoint protection against advanced threats?
Symantec provides the most complete endpoint security in the world - from threat prevention, detection, response and assessment with the highest efficacy and performance.
In this webinar, you’ll learn how to:
· Drastically improve your protection and security posture with various next-gen capabilities like Advanced Machine Learning and Exploit Prevention
· Perform incident investigation and response using the same agent using the integrated Endpoint Detection and Response solution
- Obtain automated security risk assessment and track effectiveness against security policy changes via a cloud console
· Lower your IT burden and reduce complexity with everything built into a single agent
· Facilitate a painless migration and get your IT staff up-to-speed
Finally, see a demo that showcases how Symantec stops ransomware and unknown threats with Next-gen technologies built into a single light weight agent.
This 201 level course builds on the introductory material of Phishing & Credential Theft 101 and takes it deeper. After this course, you’ll understand better how phishers and credential theft attackers ply their trade and how attacks actually work. The course will go into detail on two selected, publicly known breaches which involved credential theft and abuse.
In this presentation, our Unit 42 Threat Intelligence team will show you:
• How credential theft and abuse were used in real world attacks
• Demonstration of tools attackers use to capture credentials.
• How attackers buy and sell credentials on the dark web to further their criminal operations.
Just how dangerous, inefficient, and ineffective are the endpoint security solutions used in most organizations today? Ponemon Institute independently surveyed hundreds of IT security professionals to find out — and are ready to share the surprising results in this important webinar.
On July 27th, join founder and chairman, Dr. Larry Ponemon, and Richard Henderson, global security strategist at Absolute, for an interactive webinar on the results, including:
• Exposing the largest dangers and greatest inefficiencies with endpoint security management today
• Average financial and productivity costs associated with insecure systems – and how to mitigate in your organization
• Steps you can take now to prevent attacks and stay compliant
Right now, email is the #1 vector of choice for cyber criminals. To protect your organization, you need technology and information. This event focuses on both.
Join us Thursday, July 27, 10 AM PT for a live demo that will explore Proofpoint Email Protection and Targeted Attack Protection.
-- Today’s threat landscape and to how to build your defense against spam, malware, and non-malware threats
-- Approaches for identifying suspicious messages
-- The latest in security software to fight against advanced threats
Cloud services have emerged as the preferred attack vector of some of the most dangerous and innovative cloud malware exploits of the past six months. Why? Because many organizations don't inspect their cloud SSL traffic for malware and the same functionalities of the cloud dramatically increase productivity (sync, share, collaborate, etc) also provide ransomware developers with a perfect medium for faster delivery of malware payloads to more targets.
Join Netskope chief evangelist, Bob Gilbert, and Threat Detection Engineer, Sean Hittel, for a fascinating look at how malicious actors now design ransomware to make best use of popular cloud services to hide in plain sight, and do more damage in less time.
Bob and Sean will provide technical analyses of recent malware campaigns discovered or documented by Netskope Threat Research Labs and how to defend against them. These include:
• Virlock, which encrypts files and also infects them, making it a polymorphic file infector
• CloudFanta, which uses the SugarSync cloud storage app to deliver malware capable of stealing user credentials and monitoring online banking activities
• CloudSquirrel, which takes advantage of multiple cloud apps throughout the ransomware kill chain with the intent to steal and exfiltrate user data
• The Zepto variant of Locky ransomware, now distributed both by popular cloud storage apps and via DLL
This is part 3 in our demo series focused on GDPR. One of the key requirements of GDPR relates to cross-border data transfers. Our security experts demonstrate how SecureSphere can help address this regulation with monitoring and access control of personal data.
There are many ways to approach securing corporate data. Most tactics for securing data are tied to identity, mobility requirements, cybersecurity concerns or any combination of the three. Data leaks can occur in even the most secure systems if the right precautions are not taken to mitigate the risk.
Considering employees share corporate files and documents every day, the challenge organizations are now looking to address is how to control data that escapes “into the wild”.
What can we do once the data leaves the secure walls of the organization?
What is the risk when sharing corporate data?
What is the effect on the organization if the data gets out?
In this webinar, Avaleris will show you how to use AIP to classify and label data and how your organization can control access to it.
Cloud transformation has been a top priority for enterprises, but the adoption is plagued with complex workflows and poor user experience. Even though enterprises onboard AWS or Azure, the workflows to establish connectivity, security and segmentation across VPC (and VNET) are fairly complex. On the other hand, for SaaS, the issue is primarily around user experience. Enterprises deploying Office365 are realizing that performance with Skype for Business and Sharepoint is not reliable. In this webinar we will take a further look at the wide-ranging capabilities the Viptela Cloud onRamp solution offers, and deploying it for AWS, Azure, and Office365.
U.S. consumers rate national security in relation to war or terrorism as their top security concern, though fears over viruses/malware and hacking are rising dramatically, according to the new Unisys Security Index™ that surveyed more than 13,000 consumers in April 2017 in 13 countries. This study, the only recurring snapshot of security concerns conducted globally, gauges the attitudes of consumers on a wide range of security-related issues.
About the speaker:
Bill Searcy is the Vice President for Global Justice, Law Enforcement, and Border Security Solutions. As a recognized law enforcement solutions expert, he is responsible for developing market strategies, overseeing delivery, ensuring customer satisfaction, and driving business performance to meet goals.
During his 21-year career as a Special Agent with the Federal Bureau of Investigation, Bill was recognized as an innovator who regularly sought new ways to use technology to solve complex problems. He is credited with leading numerous award winning IT initiatives, among them the FBI’s Grid Computing Initiative (Attorney General’s Award for Innovation) and the Next Generation Workstation (FBI Director’s Award).
Prior to joining Unisys, Bill served as the Deputy Assistant Director of the FBI’s IT Infrastructure Division, where he was responsible for the engineering, development, deployment, and support of the FBI’s worldwide IT enterprise.
A graduate of the United States Military Academy at West Point, Bill was commissioned as an officer in the U.S. Army where he commanded a Field Artillery battery. He went on to earn a Master of Science in Information Assurance from Norwich University and he is a Certified Information Systems Security Professional (CISSP).
Migrating to the cloud poses challenges for any organization, but there are particular concerns for the public sector. Government regulations like FedRAMP and the upcoming DFARS must be met, but security in the cloud is different than in the data center. Cloud providers use a Shared Responsibility Model, where they secure the physical infrastructure and the rest is up to the customer. In the public sector, budgets have to be justified... and used, at the risk of decreasing in the next year. Given the potential for Cloud Sprawl, without a Cloud Management Platform, expenses can get out of control.
This webinar serves as a guide for public sector organizations looking to embrace the cloud. We will discuss the specific requirements of public sector organizations and explain the choices that will need to be made during such a migration. Topics covered include:
- What terms do I need to know?
- What questions do I need to ask?
- What are some common pitfalls?
- What tools are available to help?