The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.
Through integration with AWS services, like Auto Scaling and AWS Elastic Load Balancing (AWS ELB), you can now build a next-generation security infrastructure that will dynamically, yet independently, scale to protect your AWS workloads as their traffic patterns fluctuate. This architecture will allow you to reduce costs by utilizing the firewall capacities intelligently and efficiently based on user-defined metrics. By scaling the security separately from the application workloads, this solution allows each firewall to be identically configured and managed centrally, resulting in lower administrative costs.
Join us for an educational webinar to learn how you can scale next-generation security using AWS Auto Scaling and ELB. Using native AWS Services and VM-Series automation features, you can now dynamically, yet independently scale the VM-Series next-generation firewalls on AWS.
This webinar will cover
• Auto Scaling the VM-Series architecture
• Auto Scaling and ELB integration details
• Alternative architectures for protecting many VPCs
Privacy vs. security, security vs. privacy… the debate is ongoing. Why can’t we have both? Good news: by leveraging the appropriate mix of policies, procedures and enabling technologies, it is possible to secure data AND control access to it in a way that ensures proper application of privacy policies.
The challenges of SaaS applications such as Office 365 or Box are already here whether they are enabled by IT or end users themselves. With the adoption of SaaS, your data is now outside your traditional network perimeter and any changes to how the data is shared, who it is shared with and if it is free of malware is no longer known by your organization. History has shown that when a significant risk arises, a point solution is applied to address it. Defenses made up of multiple point products that do not integrate leave gaps that may expose your organization to attack.
Join us for this live webinar where we will examine the various stages of a real-world attack targeting your SaaS applications. You will learn how to prevent these attacks at every single point in the security kill chain with a natively integrated Next Generation Security Platform and learn how to:
* Gain visibility and granular, context-based control of SaaS applications
* Protect corporate data from malicious and inadvertent exposure after it has left the traditional corporate perimeter.
*Satisfy compliance requirements while still maintaining the benefits of SaaS based application services
InSpec is an open-source testing framework with a human-readable language for specifying compliance, security and other policy requirements. Just as Chef treats infrastructure as code, InSpec treats compliance as code. The shift away from having people act directly on machines to having people act on code means that compliance testing becomes automated, repeatable, and versionable.
Traditionally, compliance policies are stored in a spreadsheet, PDF, or Word document. Those policies are then translated into manual processes and tests that often occur only after a product is developed or deployed. With InSpec, you replace abstract policy descriptions with tangible tests that have a clear intent, and can catch any issues early in the development process. You can apply those tests to every environment across your organization to make sure that they all adhere to policy and are consistent with compliance requirements.
Inspec applies DevOps principles to security and risk management. It provides a single collaborative testing framework allowing you to create a code base that is accessible to everyone on your team. Compliance tests can become part of an automated deployment pipeline and be continuously applied. InSpec can be integrated into your software development process starting from day zero and should be applied continuously as a part of any CI/CD lifecycle.
In this webinar, we’ll explore how InSpec can improve compliance across your applications and infrastructure.
Join us to learn about:
- What’s new in InSpec 1.0
- InSpec enhancements for Microsoft Windows systems
- Integration between InSpec and Chef Automate
Who should attend:
Security experts, system administrators, software developers, or anyone striving to improve and harden their systems one test at a time.
Both Presidential candidates agree on the need for increased spending on our nation’s infrastructure. While we tend to think first of bridges, roads, and other physical features, cyber is also an area impossible to ignore given the pervasiveness of technology in our lives.
Without question, the speed, sophistication, and volume of cyber security attacks is constantly changing. In the case of nation states, the motives are also shifting from spying and surveillance to using offensive capabilities to attack critical infrastructure, national security assets, and even the political system itself. It’s no longer just about the money; safety and even lives may be at stake.
Adversaries are attacking us at an unmanageable scale. For instance, research sponsored by Department of Homeland Security and NSA showed environments with security event traffic of more than 1 billion alerts per day. Even after reducing the load to 1 million alerts per day with correlation and other tools, more than 20,000 human analysts would be needed to respond.
State-backed adversaries are using automation against us. It’s time we do the same, and projects like Integrated Adaptive Cyber Defense at Johns Hopkins Applied Physics Lab are leading us there.
Join our webcast to learn how public and private organizations are progressing on the security automation continuum from simple security lifecycle management to predictive response strategies.
Many PCI-compliant organizations continue to deploy traditional AV -- not because of its superior security capabilities, but because they wrongly assume it’s required to remain PCI compliant. Join us for this webinar to learn how to achieve and maintain PCI compliance while replacing traditional AV with superior security capabilities, specifically:
•Which PCI requirements prescribe the use of traditional AV
•How auditors and Qualified Security Assessors (QSA) interpret those requirements today
•How Palo Alto Networks customers replace traditional AV with real prevention -- while maintaining PCI compliance
Read CoalFire PCI DSS Validation of Traps
Learn More About Traps
Yes, it’s possible to automate open source security and license compliance processes and maintain DevOps agility. In this webinar, Product Manager Utsav Sanghani will demonstrate how Black Duck Hub plugs into Jenkins to address open source license compliance and security risks as part of an overall release process. He will cover:
- Automating and managing open source security as part of the SDLC
- Defining and implementing custom policies that prevent potential open source risks
- Issue management and remediation workflow, with ideas on how going left translates into greater savings
Do you know if your workloads are secure? Do you have the same security and compliance coverage across all of the cloud platforms and datacenters running your critical applications? Are you having to design your security framework each time you deploy to a new region or datacentre?
Whether you’re working with multiple cloud environments or exclusively on Azure, there are certain things you should consider when moving assets to Azure. As with any cloud deployment, security is a top priority, and moving your workloads to the cloud doesn’t mean you’re not responsible for the security of your operating system, applications and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your Azure environment is secure.
Register for this impactful webinar as we discuss step-by-step what you need to do to secure access at the administrative, application and network layers.
In this webinar, we will take a look at:
• The Shared Security Model: What security you are responsible for to protect your content, application, systems and networks
• Best practices for how to protect your environment from the latest threats
• Learn how traditional security approaches may have limitations in the cloud
• How to build a scalable secure cloud infrastructure on Azure
Flying spiders, snakes, and ghosts are long gone. Ransomware is now the stuff of nightmares and it’s easy to see why.
Ransomware has become one of the most widespread and damaging threats internet users now face. Since the infamous CryptoLocker first appeared in 2013, we’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike.
Join Sophos ransomware pro, Peter Mackenzie, as he shows us how ransomware attacks work, explains why so many new infections keep surfacing, and what practical precautions you can take to protect your organisation.
If this webinar doesn’t help an IT Hero sleep at night, we don’t know what will.
EM360° spoke to Nick Burrows, Proposition Development Director at Alternative Networks, who identifies some of the most common challenges that organisations face today, including low resistance to cybercrime; the inability to change; and a lack of resilience to disasters.
Empowering agencies to improve lives through more agile and efficient government services.
Government Empowered brings together government leaders, industry experts and analysts with the goal to improve government service while reducing costs through modernization. You will leave the conference with valuable tools and practical insights on:
· Approaching mission and modernization objectives
· Achieving constituent-centric government
· Understanding best practices and lessons learned from other government leaders
Learn firsthand from presentations and live demonstrations from the U.S. Department of Veterans Affairs, U.S. Department of Agriculture, New Jersey Courts, U.S. Department of Justice, U.S. Department of the Treasury and other state and federal agencies.
Are you ready to handle a security breach? In the age of relentless cyber crimes and nation state sponsored cyber attacks, companies need to be breach-ready, and be proactive in their incident preparedness. This could essentially save organisations from devastating cost.
Incident preparedness is more than having an incident response plan, it’s more than having skilled personnel on staff. Come join us for a discussion on key elements that every company should consider. Major security breaches have become part of everyone’s daily news feed—from the front page of the newspaper to the top of every security blog—you can’t miss the steady flood of new breaches impacting the world today. In today’s ever-changing world of business and technology, breaches are inevitable: you must be prepared and know how to respond before they happen
For many organisations, investments in new processes and technologies is on top of the priorities list. From behavioral analytics, big data solutions, and "one touch" processes that require no manual intervention, companies are always on the lookout for technology innovations that can achieve a considerable return on investment. When companies consider cybersecurity in such a technology dependent world, most ask, "How can we secure our business and comply with the changing legal and regulatory standards?" instead of, "How do we make business focused, intelligent investments given the cyber security risks we face?"
In this webcast, Dr. Pierre Tagle, Head of Governance and Risk for SecureWorks for Asia South, will discuss the risk-based cybersecurity operating model to help companies identify and protect their most critical information assets and business processes. Dr. Tagle will focus on the most critical actions for any organisation building a risk-based security program.
Key topics covered include:
- Prioritising information assets based on value to the organisation
- Identifying and prioritisng risks to the assets
- Reduce risks with quick wins
- Build and deliver a security plan that aligns business and technology
- Ensure continuous business engagement on the topic of cyber security
Political elections shape our society for the years to come. While the foreign hackers are no longer watching our politics out of interest, they are electronically directly interfering with our politics. The Sony Pictures breach was more of a political statement, than a data loss event. With US elections around the corner, we are more of a cyber breach target than ever. Wikileaks is releasing documents, Russian hackers allegedly breaching DNC, and there is more to come. We will examine the current trends, look at the history of the worst manifestations of hackers influencing politics. Then we will draw conclusions on how the politics are changing under a threat of a constant privacy breach.
Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter. The solutions are anchored on patented innovations in Deception and Data Science. This enables a DevOps approach to ATD, enabling ease of deployment, monitoring and management. Acalvio enriches its threat intelligence by data obtained from internal and partner eco-systems, enabling customers to benefit from defense in depth, reduce false positives, and derive actionable intelligence for remediation.
Security leaders understand that there's no catching up to the volume of attacks that threat actors can throw at them. They also know they can't solve problems with technology alone. In 2016 and onward they look to blend technology, people, and process together and create an Adaptive Response framework that allows them to integrate detect, protect, and respond so that each one augments the other. Join us for a webinar with guest Forrester Principal Analyst, Jeff Pollard, as we discuss the current barriers that exist before an organization can build Adaptive Response capabilities. Cyphort will discuss and demonstrate how their technology helps transforms enterprises by becoming an adaptive response fabric that enhances workflows across the domains of detect, protect, and respond.
The financial sector is highly regulated, and as a result, often focuses on compliance. However, compliance rarely results in excellence, and thus financial institutions continue to suffer security-related breaches and losses, particularly by insiders according to the 2015 SANS survey on security spending and preparedness in the financial services sector.
Today's webcast will focus on the relationship between compliance and security, and the best practices organizations can use to secure their financial environments. Specifically, attendees will learn about:
The relationship between compliance and security
The effectiveness of tools, skills and controls
Ways to improve security effectiveness and reduce risk
How to align security, risk and compliance programs with business goals
Simply Business is their name because it reflects their motto. “Protection should be simple.” That practice has earned Simple Business the position as UK’s favourite business insurance broker, with over 300,000 businesses and landlords protected. They’re proud of the award-winning claims service, which is, after all, the proof of the pudding. Their Head of Information Security, Wayne Moore, is also proud of is the security posture they have achieved with Alert Logic while leveraging the most agile cloud infrastructure for their business, Amazon Web Services. Watch the Simply Business video where you’ll learn how they made it happen.
View highlights from our recent Cloud Security Summit in NYC.
The Summit focused on security and compliance challenges in a cloud environment and how organizations can close security gaps to de-risk greater cloud adoption, including how security can enable each stage of their cloud journey.
Learn more best practices for AWS and security at one of our upcoming Summits: https://www.alertlogic.com/summit/
Most businesses prefer to control the day-to-day operations of their networks using their own resources. The increasing complexity of modern networks means that the overall acquisition, control and deployment for network security projects is far more challenging than before. With decreasing IT budgets and limited resources within high growth businesses; how are network teams expected to improve operational efficiency without sacrificing quality of service and service level agreements?
In a world that is fraught with new security exploits, maintaining operational efficiency with a low impact on resource and cost can be very difficult.
What are the best practices for maintaining an operationally efficient network security deployment? How do network teams stay on-top of daily routine tasks, such as policy configuration, upgrades and network security monitoring? How can network teams be enabled to focus on mission critical projects through automation?
Learn from case studies about network security and firewalls which enable the deployment of firewalls within highly distributed networks without sacrificing time or security.
Join Forcepoint and (ISC)² on Oct 26 (Wed) at 1:00p.m. (Singapore time) in learning the best practices on operational efficiency in network security.
Presenter: Michael Ferguson, Strategic Security Solutions Consultant, Forcepoint
There is no such thing as a "secure" system - we do our level best to design them as well as we can, to put controls and measures in place - but, at the end of the day, things can and do go awry. Today we are going to talk about Forensics, and how it is the opposite side of the coin from security. What can we do in advance to aid in forensic investigation? What do we do at the point of a compromise to allow us to preserve as much evidence as is possible? And, ultimately, how to we take a forensic analysis and learn from it to create a better system the next time?
Phishing and Spear Phishing attacks are the number one starting point for most large data breaches. However, no traditional security technology is currently able to mitigate the risks associated with these type of threats. Join this webinar to learn why phishing attacks are so successful, what capabilities organizations need to carry out a forensic investigation and what questions you need to be able to answer following an attack to respond effectively.
Dr Gareth Owenson is the course leader for the Forensic Computing programme at the University of Portsmouth. He teaches extensively in forensics, cryptography and malware analysis. His research expertise is in darknets, where he is presenting working on alternative approaches that may lead to novel applications of the blockchain. Gareth also has a strong interest in Memory Forensics, and undertakes work into application-agnostic extraction of evidence by using program analysis.
Gareth has a PhD in Computer Science (2007) and has taught at several Universities throughout the UK.
The European Cybersecurity policy - the Network Information Security (NIS) Directive - is about to become the new law that sets security standards for many organisations across Europe.
Recent research carried out by FireEye shows that many organisations are not fully prepared to implement the legislation, which comes into effect in less than two years' time, and it is critical these organisations begin preparing now to be in compliance and not be caught unprepared.
In this webinar, Mandiant’s Nathan Martz, Principal Strategic Consultant for Central Europe, will cover:
-The basics of the European Cybersecurity policy - the Network Information Security (NIS) Directive
-Timeline, key components and possible penalties for noncompliance
-Practical recommendations on compliance and security standards to keep your company prepared
Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you are able to highlight trends, find flaws and resolve issues.
This webcast will cover the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.
- Why endpoints are the new perimeter
- How employees can strengthen your security operations strategy
- Techniques to test and validate security awareness program
- How to take the data that Carbon Black collects, correlate it against thousands of endpoints, and dynamically neutralize threats using the LogRhythm security intelligence and analytics platform
Register now to learn how LogRhythm and Carbon Black can help you strengthen your overall security operations strategy—all within a single interface.
As threats evolve, so must application security. HPE Security Fortify continues to create and pioneer new features and functionality to further automate and streamline your app security testing program. Learn about new static scanning advances that align with DevOps requirements. Hear how scan analytics can further enhance and refine advanced auditing processes to increase the relevancy of security scan results.
Open source has been adopted by organizations across all industries, including software, systems, and cloud services. How much open source is used, along with the license, security, and operational risks posed by unmanaged use of open source, is a question M&A professionals need to consider in every transaction.
This webinar will provide insight from real world data abstracted from Black Duck M&A audits. The data covers hundreds of systems and commercial applications, the code assets of recent acquisition targets, and will illuminate why acquirers should understand exactly what is in the code base before closing the deal. Data will include:
- The composition of open source v. proprietary code in the average code base
- The gap between the number of open source components used vs. what was known by the target
- The prevalence of components using licenses that could put IP at risk
- Number and age of security vulnerabilities in the open source components
- An understanding of which components have underactive support communities
Criminal groups use exploit kits as one of the main distribution methods to infect Windows hosts with malware. Exploit kits are designed to work behind the scenes while you are browsing the web. During the past year, the most common malware distributed by exploit kits has been ransomware.
In most cases, a potential victim visits a compromised website as the first step in an infection chain. Behind the scenes, the victim is redirected to an exploit kit. The exploit kit gathers information about the victim's system, determines the appropriate exploit, and infects any vulnerable hosts.
In this presentation, Brad Duncan reviews fundamental concepts of exploit kit activity for the SLED vertical and demonstrates how ransomware infections happen through this method. Brad also discusses preventative measures people and organizations can take to combat this very real threat.
Organizations across all industries are facing increased pressure from customers, vendors, and employees to offer Wi-Fi access. While offering this service provides significant gains, businesses cannot forget about the critical security measures needed to defend against wireless threats.
Join Ryan Orsi, Director of Strategic Alliances, as he delves into the top challenges of deploying enterprise-grade, secure Wi-Fi, and the key solutions within reach of all organizations.
Data security is not a one-size-fits-all solution. Data-at-rest should be secured in a variety of ways, depending on the use case, security policy, and regulation surrounding it. Modern enterprises need flexibility in how they apply data security, yet also need ease of management. Vormetric is a leader in data security, with a large global footprint of securing data in cloud and on-prem environments.
In this webinar, you will learn critical aspects to securing data in a variety of ways:
1) Three approaches to securing data-at-rest
2) How software-defined policies can ease security management
3) The role that key management plays in securing data-at-rest
4) How real-time alerting can take your security posture to the next level
Phishing has long been one on the most successful ways of compromising users and also organizations’ networks. This webinar looks at the state of Phishing today, recommends what people, processes and technology can do to minimize the risks. And discusses a new Real-Time Anti-Phishing solution that is defeating this highly effective compromise.
Guided walk-through of the newest features of Hortonworks DataFlow 2.0. Highlighting productivity enhancements via Apache Ambari for streamlined deployment and configuration management, and Apache Ranger for centralized authorization and policy management; collaboration capabilities in Apache NiFi for enterprise data sharing and visibility across teams – specifically, multi-tenancy flow editing similar to how google docs supports multiple simultaneous collaborators with differing degrees of view/edit rights; framework enhancement of Apache NiFi, including control plane high availability via zero master clustering; and edge intelligence powered by Apache MiNiFi.
Join us to learn how HDF 2.0 can reshape data flow management in your enterprise environment.
IoT devices are on your network. Do you know how what to do with them?
View this webinar to dive into the NTT i3 Global Threat Intelligence Report, and how to combat new IoT concerns and security gaps. Learn more about:
Misconceptions in the security model for wired vs. wireless networks
Managing policies for IoT in the enterprise using contextual data
The value of device roles and real-time enforcement for IoT
Rich Boyer, CISO at NTT Innovation Institute Inc. (NTT i3), and Jon Garside, Product and Solutions Marketing Manager at Aruba will lead this technical discussion – don’t miss it!
If your Akamai cloud-based platform is no longer meeting your company’s need for security and application delivery, consider a switch to Imperva Incapsula.
The Incapsula cloud service helps you deliver applications securely and efficiently. With a single interface that integrates content delivery, website security, DDoS protection, and load balancing, you can accelerate the delivery of your web content and protect your site from external threats.
Here's just some of what you'll learn during this webinar:
•The differences in functionality between the two platforms
•Operational advantages and cost savings from a switch to Incapsula
•How to plan and execute a successful migration from Akamai to Incapsula
And just for attending this live webinar, you’ll get a free migration guide to help you transition easily from Akamai to Incapsula.
With PCI compliance, a robust engine with customizable security rule setting, 24/7 support, and significant cost savings, why wouldn’t you consider a switch to Incapsula? Find out if the Incapsula cloud security platform is right for you.
An aging workforce, political turnover, budget constraints, and the ever-present need to balance resources with agency missions, all compounded by outdated talent software, make it difficult to adapt to the changing needs of today's government workforce. Talent management tools can help with assessing your talent's potential, strengthening your talent pipeline, recruiting in new ways, creating leaders at all levels, developing employees, and continuously planning your succession. This session will discuss the key reasons Talent Management is critical to mission accomplishment. We will discuss how agencies are focusing on their employees' needs and ensuring that talent management strategies remain despite budget cuts and reduction in resources.
Join us October 26 to learn:
- how government agencies are utilizing talent management to maximize the capabilities of their workforce
- the challenges, lessons learned, and best practices involved with keeping talent management efforts above budget costs
- key tips for ensuring agency leadership grasp the importance of talent management strategies for mission accomplishment
Cybersecurity awareness is growing as more organizations learn they are vulnerable to an attack. While compliance with regulatory and security audit requirements provides a starting point, it alone will not keep the organization safe. An effective security program needs to be multifaceted, integrating people, processes and technologies across all layers of the organization. The specifics vary due to industry, size and geographic presence, as well the level of risk the organization is willing to accept.
Mandiant Sr. Manager Tim Appleby will discuss the benefits of proactive preparedness and 10 key areas that should be considered in order to form a holistic security program, and discuss how priorities can vary based on industry, size and geography.
Sponsored by Code42 - More than 45% of businesses were hit with ransomware attacks in the past year. Cybercriminals are rapidly evolving attack methodologies and issuing increasingly higher demands. With no end in sight, organizations are at significant risk for data loss. At the same time, IT security policies, anti-malware protection and end users that lack the ability to recognize sophisticated scams make ransomware inevitable.
Join this live webcast and learn about the prevalence of ransomware in the enterprise and best practices for safeguarding your data against attackers.
Viewers will learn:
- Why ransomware is a burgeoning business and who is being targeted
- Best practices & recommendations to reduce risk and assure continuous data protection and recovery
- How modern endpoint backup protects your end-user data and enables rapid recovery without paying the ransom
Traditional antivirus (AV) is not the solution to breach prevention on the endpoint – it is the problem. At best, traditional AV gives organizations a false sense of security.
To prevent security breaches, you must protect yourself not only from known and unknown cyberthreats but also from the failures of traditional antivirus solutions deployed in your environment.
In this webinar, you will learn:
· How to determine the true value of your endpoint security solutions
· What hidden costs traditional AV imposes on your organization
· Which five capabilities are critical to effective endpoint protection
· How the new Traps v3.4 prevents security breaches in your organization