The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.
An aging workforce, political turnover, budget constraints, and the ever-present need to balance resources with agency missions, all compounded by outdated talent software, make it difficult to adapt to the changing needs of today's government workforce. Talent management tools can help with assessing your talent's potential, strengthening your talent pipeline, recruiting in new ways, creating leaders at all levels, developing employees, and continuously planning your succession. This session will discuss the key reasons Talent Management is critical to mission accomplishment. We will discuss how agencies are focusing on their employees' needs and ensuring that talent management strategies remain despite budget cuts and reduction in resources.
Join us October 26 to learn:
- how government agencies are utilizing talent management to maximize the capabilities of their workforce
- the challenges, lessons learned, and best practices involved with keeping talent management efforts above budget costs
- key tips for ensuring agency leadership grasp the importance of talent management strategies for mission accomplishment
Cybersecurity awareness is growing as more organizations learn they are vulnerable to an attack. While compliance with regulatory and security audit requirements provides a starting point, it alone will not keep the organization safe. An effective security program needs to be multifaceted, integrating people, processes and technologies across all layers of the organization. The specifics vary due to industry, size and geographic presence, as well the level of risk the organization is willing to accept.
Mandiant Sr. Manager Tim Appleby will discuss the benefits of proactive preparedness and 10 key areas that should be considered in order to form a holistic security program, and discuss how priorities can vary based on industry, size and geography.
Phishing has long been one on the most successful ways of compromising users and also organizations’ networks. This webinar looks at the state of Phishing today, recommends what people, processes and technology can do to minimize the risks. And discusses a new Real-Time Anti-Phishing solution that is defeating this highly effective compromise.
IoT devices are on your network. Do you know how what to do with them?
View this webinar to dive into the NTT i3 Global Threat Intelligence Report, and how to combat new IoT concerns and security gaps. Learn more about:
Misconceptions in the security model for wired vs. wireless networks
Managing policies for IoT in the enterprise using contextual data
The value of device roles and real-time enforcement for IoT
Rich Boyer, CISO at NTT Innovation Institute Inc. (NTT i3), and Jon Garside, Product and Solutions Marketing Manager at Aruba will lead this technical discussion – don’t miss it!
Guided walk-through of the newest features of Hortonworks DataFlow 2.0. Highlighting productivity enhancements via Apache Ambari for streamlined deployment and configuration management, and Apache Ranger for centralized authorization and policy management; collaboration capabilities in Apache NiFi for enterprise data sharing and visibility across teams – specifically, multi-tenancy flow editing similar to how google docs supports multiple simultaneous collaborators with differing degrees of view/edit rights; framework enhancement of Apache NiFi, including control plane high availability via zero master clustering; and edge intelligence powered by Apache MiNiFi.
Join us to learn how HDF 2.0 can reshape data flow management in your enterprise environment.
If your Akamai cloud-based platform is no longer meeting your company’s need for security and application delivery, consider a switch to Imperva Incapsula.
The Incapsula cloud service helps you deliver applications securely and efficiently. With a single interface that integrates content delivery, website security, DDoS protection, and load balancing, you can accelerate the delivery of your web content and protect your site from external threats.
Here's just some of what you'll learn during this webinar:
•The differences in functionality between the two platforms
•Operational advantages and cost savings from a switch to Incapsula
•How to plan and execute a successful migration from Akamai to Incapsula
And just for attending this live webinar, you’ll get a free migration guide to help you transition easily from Akamai to Incapsula.
With PCI compliance, a robust engine with customizable security rule setting, 24/7 support, and significant cost savings, why wouldn’t you consider a switch to Incapsula? Find out if the Incapsula cloud security platform is right for you.
Data security is not a one-size-fits-all solution. Data-at-rest should be secured in a variety of ways, depending on the use case, security policy, and regulation surrounding it. Modern enterprises need flexibility in how they apply data security, yet also need ease of management. Vormetric is a leader in data security, with a large global footprint of securing data in cloud and on-prem environments.
In this webinar, you will learn critical aspects to securing data in a variety of ways:
1) Three approaches to securing data-at-rest
2) How software-defined policies can ease security management
3) The role that key management plays in securing data-at-rest
4) How real-time alerting can take your security posture to the next level
Organizations across all industries are facing increased pressure from customers, vendors, and employees to offer Wi-Fi access. While offering this service provides significant gains, businesses cannot forget about the critical security measures needed to defend against wireless threats.
Join Ryan Orsi, Director of Strategic Alliances, as he delves into the top challenges of deploying enterprise-grade, secure Wi-Fi, and the key solutions within reach of all organizations.
Criminal groups use exploit kits as one of the main distribution methods to infect Windows hosts with malware. Exploit kits are designed to work behind the scenes while you are browsing the web. During the past year, the most common malware distributed by exploit kits has been ransomware.
In most cases, a potential victim visits a compromised website as the first step in an infection chain. Behind the scenes, the victim is redirected to an exploit kit. The exploit kit gathers information about the victim's system, determines the appropriate exploit, and infects any vulnerable hosts.
In this presentation, Brad Duncan reviews fundamental concepts of exploit kit activity for the SLED vertical and demonstrates how ransomware infections happen through this method. Brad also discusses preventative measures people and organizations can take to combat this very real threat.
As threats evolve, so must application security. HPE Security Fortify continues to create and pioneer new features and functionality to further automate and streamline your app security testing program. Learn about new static scanning advances that align with DevOps requirements. Hear how scan analytics can further enhance and refine advanced auditing processes to increase the relevancy of security scan results.
Open source has been adopted by organizations across all industries, including software, systems, and cloud services. How much open source is used, along with the license, security, and operational risks posed by unmanaged use of open source, is a question M&A professionals need to consider in every transaction.
This webinar will provide insight from real world data abstracted from Black Duck M&A audits. The data covers hundreds of systems and commercial applications, the code assets of recent acquisition targets, and will illuminate why acquirers should understand exactly what is in the code base before closing the deal. Data will include:
- The composition of open source v. proprietary code in the average code base
- The gap between the number of open source components used vs. what was known by the target
- The prevalence of components using licenses that could put IP at risk
- Number and age of security vulnerabilities in the open source components
- An understanding of which components have underactive support communities
Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you are able to highlight trends, find flaws and resolve issues.
This webcast will cover the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.
- Why endpoints are the new perimeter
- How employees can strengthen your security operations strategy
- Techniques to test and validate security awareness program
- How to take the data that Carbon Black collects, correlate it against thousands of endpoints, and dynamically neutralize threats using the LogRhythm security intelligence and analytics platform
Register now to learn how LogRhythm and Carbon Black can help you strengthen your overall security operations strategy—all within a single interface.
The European Cybersecurity policy - the Network Information Security (NIS) Directive - is about to become the new law that sets security standards for many organisations across Europe.
Recent research carried out by FireEye shows that many organisations are not fully prepared to implement the legislation, which comes into effect in less than two years' time, and it is critical these organisations begin preparing now to be in compliance and not be caught unprepared.
In this webinar, Mandiant’s Nathan Martz, Principal Strategic Consultant for Central Europe, will cover:
-The basics of the European Cybersecurity policy - the Network Information Security (NIS) Directive
-Timeline, key components and possible penalties for noncompliance
-Practical recommendations on compliance and security standards to keep your company prepared
Dr Gareth Owenson is the course leader for the Forensic Computing programme at the University of Portsmouth. He teaches extensively in forensics, cryptography and malware analysis. His research expertise is in darknets, where he is presenting working on alternative approaches that may lead to novel applications of the blockchain. Gareth also has a strong interest in Memory Forensics, and undertakes work into application-agnostic extraction of evidence by using program analysis.
Gareth has a PhD in Computer Science (2007) and has taught at several Universities throughout the UK.
Phishing and Spear Phishing attacks are the number one starting point for most large data breaches. However, no traditional security technology is currently able to mitigate the risks associated with these type of threats. Join this webinar to learn why phishing attacks are so successful, what capabilities organizations need to carry out a forensic investigation and what questions you need to be able to answer following an attack to respond effectively.
There is no such thing as a "secure" system - we do our level best to design them as well as we can, to put controls and measures in place - but, at the end of the day, things can and do go awry. Today we are going to talk about Forensics, and how it is the opposite side of the coin from security. What can we do in advance to aid in forensic investigation? What do we do at the point of a compromise to allow us to preserve as much evidence as is possible? And, ultimately, how to we take a forensic analysis and learn from it to create a better system the next time?
Most businesses prefer to control the day-to-day operations of their networks using their own resources. The increasing complexity of modern networks means that the overall acquisition, control and deployment for network security projects is far more challenging than before. With decreasing IT budgets and limited resources within high growth businesses; how are network teams expected to improve operational efficiency without sacrificing quality of service and service level agreements?
In a world that is fraught with new security exploits, maintaining operational efficiency with a low impact on resource and cost can be very difficult.
What are the best practices for maintaining an operationally efficient network security deployment? How do network teams stay on-top of daily routine tasks, such as policy configuration, upgrades and network security monitoring? How can network teams be enabled to focus on mission critical projects through automation?
Learn from case studies about network security and firewalls which enable the deployment of firewalls within highly distributed networks without sacrificing time or security.
Join Forcepoint and (ISC)² on Oct 26 (Wed) at 1:00p.m. (Singapore time) in learning the best practices on operational efficiency in network security.
Presenter: Michael Ferguson, Strategic Security Solutions Consultant, Forcepoint
Through integration with AWS services, like Auto Scaling and AWS Elastic Load Balancing (AWS ELB), you can now build a next-generation security infrastructure that will dynamically, yet independently, scale to protect your AWS workloads as their traffic patterns fluctuate. This architecture will allow you to reduce costs by utilizing the firewall capacities intelligently and efficiently based on user-defined metrics. By scaling the security separately from the application workloads, this solution allows each firewall to be identically configured and managed centrally, resulting in lower administrative costs.
Join us for an educational webinar to learn how you can scale next-generation security using AWS Auto Scaling and ELB. Using native AWS Services and VM-Series automation features, you can now dynamically, yet independently scale the VM-Series next-generation firewalls on AWS.
This webinar will cover
• Auto Scaling the VM-Series architecture
• Auto Scaling and ELB integration details
• Alternative architectures for protecting many VPCs
Privacy vs. security, security vs. privacy… the debate is ongoing. Why can’t we have both? Good news: by leveraging the appropriate mix of policies, procedures and enabling technologies, it is possible to secure data AND control access to it in a way that ensures proper application of privacy policies.
InSpec is an open-source testing framework with a human-readable language for specifying compliance, security and other policy requirements. Just as Chef treats infrastructure as code, InSpec treats compliance as code. The shift away from having people act directly on machines to having people act on code means that compliance testing becomes automated, repeatable, and versionable.
Traditionally, compliance policies are stored in a spreadsheet, PDF, or Word document. Those policies are then translated into manual processes and tests that often occur only after a product is developed or deployed. With InSpec, you replace abstract policy descriptions with tangible tests that have a clear intent, and can catch any issues early in the development process. You can apply those tests to every environment across your organization to make sure that they all adhere to policy and are consistent with compliance requirements.
Inspec applies DevOps principles to security and risk management. It provides a single collaborative testing framework allowing you to create a code base that is accessible to everyone on your team. Compliance tests can become part of an automated deployment pipeline and be continuously applied. InSpec can be integrated into your software development process starting from day zero and should be applied continuously as a part of any CI/CD lifecycle.
In this webinar, we’ll explore how InSpec can improve compliance across your applications and infrastructure.
Join us to learn about:
- What’s new in InSpec 1.0
- InSpec enhancements for Microsoft Windows systems
- Integration between InSpec and Chef Automate
Who should attend:
Security experts, system administrators, software developers, or anyone striving to improve and harden their systems one test at a time.
Sponsored by Code42 - More than 45% of businesses were hit with ransomware attacks in the past year. Cybercriminals are rapidly evolving attack methodologies and issuing increasingly higher demands. With no end in sight, organizations are at significant risk for data loss. At the same time, IT security policies, anti-malware protection and end users that lack the ability to recognize sophisticated scams make ransomware inevitable.
Join this live webcast and learn about the prevalence of ransomware in the enterprise and best practices for safeguarding your data against attackers.
Viewers will learn:
- Why ransomware is a burgeoning business and who is being targeted
- Best practices & recommendations to reduce risk and assure continuous data protection and recovery
- How modern endpoint backup protects your end-user data and enables rapid recovery without paying the ransom
Traditional antivirus (AV) is not the solution to breach prevention on the endpoint – it is the problem. At best, traditional AV gives organizations a false sense of security.
To prevent security breaches, you must protect yourself not only from known and unknown cyberthreats but also from the failures of traditional antivirus solutions deployed in your environment.
In this webinar, you will learn:
· How to determine the true value of your endpoint security solutions
· What hidden costs traditional AV imposes on your organization
· Which five capabilities are critical to effective endpoint protection
· How the new Traps v3.4 prevents security breaches in your organization
Social Engineering has been around for as long as the crooks have but in a modern online world, running a con game has never been easier. And that’s why we need to be savvy.
A social engineer can research you on Facebook and LinkedIn; read up about your company on its website; and then target you via email, instant messaging, online surveys…and even by phone, for that personal touch. Worse still, many of the aspects of a so-called “targeted attack” like this can be automated, and repeated on colleague after colleague until someone crumbles.
Greg Iddon will take you into the murky world of targeted attacks, and show you how to build defences that will prevent one well-meaning employee from giving away the keys to the castle.
Adoption of a modern data platform is a journey. Every step requires different levels of technology, people and process capabilities. A reliable services partner with deep expertise is key for your success at each step of the way. Hortonworks service model is designed to provide expertise needed at each step of your adoption journey. We defined our offerings to address unique needs at each level.
Hortonworks IAM Services (Implementation, Advisory, and Managed Services) are delivered by our global professional services consultants, to help you succeed with the adoption of connected data platforms. Hortonworks IAM services are based on proven methodologies that are developed by our experts in collaboration with product management, and committers from our R&D teams
Container usage in production environments is becoming commonplace, increasing the need to design for security and develop security response processes. Doing so starts with a clear understanding of what software is running in the datacenter.
This Container Security Master Class looks at how datacenter operations trends are combining to promote secure container deployments. Although these trends have the potential to abate risk, without a clear understanding of the applications and their dependencies, if a successful attack does occur, the scope of compromise can inadvertently increase.
A long-held assumption about mobile technology in general is that endpoint security technologies are unnecessary since mobile operating systems (OSs) are inherently more secure than PC OSs. For policy enforcement and security on mobile devices, IT organizations have looked to enterprise mobility management (EMM) platforms for additional security and device control. However, there is a detection and enforcement gap between devices and back-end EMM, which does not provide real-time monitoring of app activity, network traffic, and overall endpoint health.
Mobile endpoint protection is critical and BYO complicates the issue since enterprises may or may not own the mobile endpoint. Employee owned devices introduce many more risks and variables than enterprises account for and we wish to inform you on this webinar. Join Phil and John to learn how to privately secure your BYO devices and measure the risks these devices bring into your network.
- How to privately secure BYOD mobile endpoints
- How to classify risky devices by examining installed applications
- How to create a plan to reduce risks introduced by mobile devices
Enterprises around the world are embracing cloud, mobile, and Internet of Things (IoT) technologies to decrease complexity while increasing business agility, empowering their distributed workforces, and gaining operational insights. A growing amount of critical enterprise network traffic is moving off private IP networks and on to the public Internet via wired and wireless broadband. At the same time, workforces are becoming more and more geographically distributed.
The effect is that the LAN is being replaced by the WAN—people, places, and things require secure, fast and reliable connectivity no matter their location—and businesses face challenges meeting these increasingly complex demands using legacy solutions.
Cradlepoint’s NetCloud platform combines our Edge software and cloud services (Enterprise Cloud Manager) with SDN, NFV, SD-WAN and a host of other technologies to provide a converged, next-generation WAN with an embedded security perimeter that addresses this new era of “Interprise” broadband networks.
Join us for a webinar to learn more about Cradlepoint NetCloud and NetCloud Engine to improve productivity, reduce costs, and enhance the intelligence of your network and business operations.
The sad truth is that Invaders are trying to breach your defenses every day. With five out of every six large organizations being targeted by advanced attackers, protecting your data is a smart way to keep you from becoming tomorrow’s headline.
So what does data protection mean? A comprehensive approach allows the right people to access the right data, anywhere, by controlling access, monitoring its flow, and keeping it out of the wrong hands.
We will explain how Symantec technology addresses this approach and how you will benefit from:
•Grant and ensure access only for authorized users with strong, multi-factor authentication, on any device, including BYOD.
•Watching over data wherever it lives—in the cloud, on premise, in motion, and at rest.
•Preventing data loss with unified policy controls to encrypt or block vulnerable information before it leaves the gate.
Legacy security architectures and traditional security platforms are ineffective at securing modern data centers. Modern data centers need a security solution that is software-based, distributed, and simple: making security better, faster, and cheaper. vArmour is the leader in software-based segmentation and micro-segmentation that protects critical applications and workloads in the data centers and cloud.
Join this webinar to learn more about the simple steps to securing the modern data center with vArmour.
Step 1: Understand the behaviors of applications and workloads (with deep visibility) for more informed decisions
Step 2: Streamline segmentation policy creation and management
Step 3: Flatten and secure your infrastructure without a network redesign
Step 4: Utilize proper control placement for better security and more efficient resource utilization
Step 5: Scale out independent controls with automation
Runtime Application Self-Protection (RASP) is one of the newest technologies coined by Gartner and it is in early stages of adoption in the industry. It promises dynamic defense and automatic mitigation of vulnerabilities in web applications.
This webinar will provide an overview of buying criteria and evaluation requirements across different industries and some typical pitfalls that can slow down adoption.
After the introduction and a brief overview on the technology the audience will be invited to participate in discussion about organizational requirements for adoption and operationalization of RASP. Questions for discussion:
• My application is under attack. What actions should I take? Who owns the response?
• Which attacks should I respond to and which ones can I ignore?
• How to get started with mitigation provided by technology?
• Does RASP fit with DevOps?
• Does RASP help with remediation?
This is an objective discussion about RASP. Evaluation criteria, comparison of RASP with IAST and other security technologies, personal experiences and examples discussed in this talk are generally applicable to all RASP solutions.
Key takeaways: At the end of the presentation you will:
• Get a better understanding of requirements for evaluation of RASP and its use cases,
• If you can pull a successful evaluation alone, or if you will need participation of other groups / teams
• Learn about critical criteria for success of RASP in production
• How this criteria different relative to appsec testing tools.
Web gateways and proxies are losing to malware and other advanced threats and are generating troubling operational overhead. Join us to learn the top 5 reasons why gateways are falling behind and experience a live demo of web isolation which prevents malware from ever reaching the corporate network.
The healthcare industry is one of the top targets for ransomware attacks, and the US Dept. of Health and Human Services Office for Civil Rights (OCR) has now stated that ransomware incidents should be treated the same way as other data breaches under the Health Insurance Portability and Accountability Act (HIPAA) unless there is substantial evidence to the contrary.
In this webinar, we'll discuss:
-Why the OCR guidelines are important
-Why attackers are going after healthcare firms
-How to detect a ransomware attack
-Steps you can take to protect your organization
For enterprises looking to protect cloud app data, Cloud Access Security Brokers (CASBs) have quickly emerged as the go-to solution. But how have CASBs matured and encompassed critical pieces of the security puzzle, from identity management to data leakage prevention? Join Bitglass and (ISC)2 on October 27, 2016 at 1:00PM Eastern for Episode 1 of the CASB Wars webinar trilogy for a discussion about the evolution of CASBs from app discovery to complete cloud security suites and basic API-based controls to more capable multi-protocol proxies.
Whether you are in the beginning stages of implementing a vendor risk management (VRM) program, or you have a robust program, there are always scenarios that can blindside your organization. Compounding this uncertainty is the dynamic environment of cyber risk. Yet, there are tools and techniques organizations can leverage in order to reduce uncertainty about the security of their third parties and vendors.
Join Matt Cherian, Director of Products at BitSight as he discusses how to grapple with common vendor risk scenarios. In this webinar, viewers will learn:
- How to gain full visibility into the security of your critical third parties to avoid being caught off guard
- How to understand and communicate potential threats occurring on the networks of your third parties
- What to do when an infection- or breach occurs
Get significant security protection with Windows 10! As the most secure Windows ever, Windows 10 offers significant security protection.
With more than 250 million threats online in any given day, security for your business has never been more critical. These threats can cause loss of data and personal information with increased risk of identity theft. Windows 10 includes built-in protection to help keep you more secure with all new features in the Anniversary update.
Join this webcast to learn more about the two major new security features that launched with the Anniversary update:
•Windows Defender Advanced Threat Protection (WDATP) detects, investigates, and responds to advanced malicious attacks on networks by providing a more comprehensive threat intelligence and attack detection
•Windows Information Protection enables businesses to separate personal and organizational data and helps protect corporate data from accidental data leaks.
What happens when you combine increasingly effective adversaries, data dispersing to the clouds, and a significant lack of skilled security practitioners? You get the future of incident response.
Despite having a bigger budget and better tools than ever before, the underlying way incident response happens within enterprises must evolve with the times.
Join Mike Rothman, an analyst at Securosis & Faizel Lakhani, COO at SS8 as they discuss trends in cyber attacks and incident response. Learn what you can do today to ensure your organization is ready for the changes already in motion, and how network visibility plays a crucial role in accelerating breach and incident response.
"Cyberhunting" actively looks for signs of compromise within an organization and seeks to control and minimize the overall damage. These rare, but essential, breed of enterprise cyber defenders give proactive security a whole new meaning.
Join me, Mike McCracken, Director of Professional Services at HOSTING, and Chris Dodunski, CTO of Phirelight Security Solutions on October 27th at 3 PM EST for the live webinar, Cyber Threat Hunting: A New Dimension of Cyber Intelligence.
During the live webinar, we will be going over:
-The technology behind "cyberhunting"
-What threats your organization is at the most risk for, both internally and externally
-A 20 min live demo of Phirelight's security solution.
Be sure to bring your questions, there will be a live Q&A during the event. See you there!
Companies have struggled to find their feet when it comes to combining technology, people and workflow in their mobile application development strategies. All too often fragmented technologies have impeded progress. As technologies mature however and mobile (as distinct from pure web development) becomes better understood, there is light at the end of the tunnel. In particular integration across the lifecycle is delivering significant productivity gains for developers and business stakeholders that makes moving from handfuls of apps to a scaled mobile app strategy more of a reality.