The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.
In this high stakes world of cyber security, no vertical has more at risk data than federal agencies. Business hacks can certainly be devastating to the bottom line, but an attack on federal data can be a matter of national security. Fortinet continues to grow its reach by not only securing networks but using its valuable threat intelligence to stop cyber attacks in their tracks. Fortinet recently announced a partnership with the Department of Homeland Security which helps the company improve access to the latest cyber threat intelligence and helps strengthen customers worldwide from increasingly sophisticated and potentially damaging threats. Digital Strategist, Jonas Tichenor has more from Washington D.C.
Software developers often struggle with two competing priorities: delivering code within aggressive timelines and incorporating security into the development lifecycle. This webinar helps developers learn how to code securely without killing productivity. Join Adrian Lane, CTO & Analyst at Securosis, and Maria Loughlin, VP of Engineering at Veracode, as they discuss practical steps developers can take to start incorporating security into day-to-day planning, processes and culture. You will learn how to leverage best practices from both the Agile methodology and DevOps in order to automate security and integrate it into the SDLC.
We are giving you the keys to run your own Ultimate Test Drive (UTD) events.
Have an engineer who holds a current CNSE certification with Palo Alto Networks? Your company is now eligible to run a UTD event whenever and wherever you want. Just schedule the class, invite users, and get driving!
Not familiar with the Ultimate Test Drive? A UTD is a half-day workshop, developed to move prospects to an evaluation by providing them with hands-on experience to help them overcome any fear of switching from a legacy firewall. Palo Alto Networks has created scenarios with step-by-step instructions for this workshop, based on some of the most common problems that prospects need solved, but can’t do with any legacy firewall.
Join this 60 minute webinar to learn how to schedule, coordinate, instruct and follow up on the Ultimate Test Drive Program.
This webinar will describe the challenges faced by cloud and web service providers when attempting to monitor, manage, and troubleshoot across large data centers and networks, whether fully owned or hosted. It will describe the benefits of using a unified visibility plane as the solution to address these challenges, in a cost-effective and streamlined manner, whether it is for security, performance, and/or troubleshooting purposes.
This webinar will go through 10 proven ways to assure your business can be resilient to any sort of downtime event including disaster recovery as a service, instant recovery, recovery assurance, archiving, and other best practices.
With the rapidly accelerating nature of attacks on network infrastructure and software systems approaches such as static block lists, manual policy configurations and other current prevention techniques have become outdated. Through the use of distributed computing, contextualization and machine learning it is possible to build tools that analyze data across multiple threat vectors allowing for the development of predictive algorithms and a greater understanding of an organizations threat landscape. We will walk through common machine learning techniques, discuss contextualization, how predictive logic works and see a demonstration of contextualized threat intelligence.
Electronic Healthcare Records (EHRs) and the information they contain have become the top target of cybercriminals around the world. Several high profile healthcare-related data breaches have made the headlines in recent months and more are sure to come. What is it about the information contained in EHRs that is so enticing and how can it be better secured? Join (ISC)2 and Sophos on May 21, 2015 at 1:00PM Eastern for a discussion of the security of healthcare data and approaches on how to better protect this type of information.
Cloud computing has broken down traditional geographic borders, and defining data ‘location’ has become more complex. Global enterprises embracing the cloud must deal with the compliance and risk challenges that arise when information is distributed across multiple physical, logical, and legal locations.
Join our guest Holger Mueller, Vice President and Principal Analyst, Constellation Research, and Todd Partridge, Product Marketing Director, as they explore the challenges of information governance in the cloud:
- The critical emerging topic of data sovereignty and jurisdiction
- How governments are responding in different ways to the questions of data privacy and ownership
- What organizations must do to address the varying requirements and regulatory environments
This webinar will explore the methods criminals use to perpetrate fraud and steal identities and what you can do to secure your business without taking a hit on transaction completion and revenue.
1. The common approaches used in identity theft and how they apply to e-commerce.
- the coffee shop wifi hack
- the local government census
- social media techniques
- the offer you can't refuse
- the catchers supermarkets
2. Firsthand research from the Jumio team and what they uncovered when they interviewed convicted ex-fraudsters, professional criminologists, law enforcement practitioners and fraud managers to uncover some of the exploits that fraudsters use.
The purpose of our study was to better understand the cyber-security challenges facing financial services enterprises as well as both conventional and Internet retail companies.
Attend this webinar to learn:
- The state of ATs and DDoS attacks in the two verticals
- How companies deal with advanced threats and denial of service attacks
-Industry differences: financial services vs. retail companies
Organizations need to be more business-centric in their approach if data loss prevention is to be successful. By supplying McAfee Data Loss Prevention (DLP) with reliable insight into the meaning and value of data, Classifier complements the detection methods based on keywords and regular expressions alone, helping reduce the risk of data- loss.
The combination of Boldon James Classifier and McAfee DLP reduces the likelihood of data loss by providing the DLP solution with predictable, meaningful classification metadata that greatly improves the reliability of DLP decision making, improves system effectiveness and reduces false positives.
In this webinar we will explore:
- The role of user-driven classification
- How user-driven classification benefits DLP
- When to introduce user-driven classification into a DLP project
- How to measure and monitor the benefits of user-driven classification
In this webinar we focus on a strategic view of risk mitigation:
Software vulnerabilities remain one of the most common attack vectors for security incidents and data breaches, either as the entry point for hackers or the enabler of privileges escalation inside networks.
Despite awareness of the risk, and the fact that most software vulnerabilities have a fix the day they are made public, organizations continue to fail to execute mitigation actions. The consequence is that we continue to see costly breaches affecting businesses around the globe.
In this webinar, Marcelo will talk about how the use of vulnerability intelligence can be a game changer to help organizations become better at mitigating the risk of software vulnerabilities.
-Fresh data related to software vulnerabilities
-The challenge of prioritizing mitigation
-How the use of vulnerability intelligence can help support consistent risk reduction
Willbros, a leading infrastructure contractor serving the oil and gas industry, leverages Amazon Web Services (AWS) and Trend Micro Deep Security to quickly design and deploy agile, secure cloud solutions to protect their vital data. Moving to AWS allows organizations to leave their infrastructure behind and start fresh – architecting for flexibility and scalability. However, bottlenecks are created when traditional on-premises security approaches and tools are used. Learn how Willbros unleashed innovation in the energy industry by taking a greenfield approach to security in AWS. Attend this practical webinar by AWS, Trend Micro and Willbros to learn how you can design a flexible, agile architecture that meets compliance requirements and protects your most valuable asset – your data. Jason Cradit from Willbros will share their experience on how they achieved building robust and secure pipeline management systems in the cloud.
In this webinar you’ll learn how to:
- Architect a secure application using a combination of AWS services, Trend Micro services, and configurations
- Understand how host-based protection improves application security, as well as agility and flexibility
- How to protect workloads from attack, without hampering performance
End-point data protection is fundamentally changing. End-points have moved from desktop to mobile with BYOD, and the data protection envelope is extending beyond simple backup and recovery solutions to include continuous data availability, security, and compliance.
During this webinar to learn how Syncplicity’s enterprise file sync and share solution helps extend the data protection envelope across your enterprise.
There seems to be news of a major data breach in the headlines almost every week. Conventional wisdom suggests that securing the network and perimeter of an IT environment should be enough to protect a company from a breach – but what if that breach originates internally? How can a situation like this be averted? Today companies need to protect themselves from the inside out by first recognizing which of their data is sensitive and then ensuring that it’s properly secured.
Join us and learn how Chris Berube, Director of IT at Law Offices of Joe Bornstein, has rethought information security in order to protect his company from the inside out.
We’ll discuss how to:
1.Identify files which contain sensitive information
2.Audit user files to track suspicious activities
3.Monitor proactively when secured data has been moved to public shares
Microsoft Ignite will be the largest, most comprehensive Microsoft technology event of 2015 – filled with exciting new announcements about SharePoint and Office 365 from Microsoft and its partner ecosystem.
In case you can’t make it, we’ll be recapping lessons learned and bringing clarity to the news that comes out of Chicago to help you navigate a post-Ignite world. Join current and former Microsoft MVPs as well as AvePoint subject matter experts to learn about the following:
* A recap of the new announcements around SharePoint and Office 365
* Benefits, concerns, and predictions for the future of SharePoint and Office 365, and what it all means for you
* AvePoint solutions that will help you continue to stay ahead of the ongoing changes in the collaboration landscape
Join us at 1pm ET on Wednesday, May 20, for an interactive question-and-answer session where our panelists will help you craft a playbook to thrive throughout the next generation of SharePoint and Office 365.
2014 brought significant change for the internet security industry. According to IBM's latest X-Force report:
- Over 1 billion records of PII were leaked in 2014
- Vulnerability disclosures rocketed to a record high in 2014, and designer vulns like Heartbleed and Shellshock revealed cracks in the foundation of underlying libraries on nearly every common web platform
- Crowd-sourced malware continues to mutate, resulting in new variants with expanding targets
- App designer apathy is negatively impacting security on mobile devices.
Join (ISC)2 and IBM to learn more about the findings of the latest IBM X-Force report and X-Force Interactive Security Incident website, designed to help users gain in-depth understanding of security breaches publicly disclosed over time.
For enterprises, the top mobile security priority is protecting corporate data. InformationWeek noted in the 2014 Mobile Security Survey that 72% of organizations are concerned about data loss. This is especially pertinent in light of the rapid adoption of BYOD policies, and the formidable advances in mobile threats.
In this session, we discuss the changing threat landscape for mobile platforms, and the corresponding set of new requirements for security. Instead of being shackled to past principles, learn about approaches to security that enable and extend (rather than restrict) access to mobile computing.
You will learn:
Trends in mobile adoption
The evolution in mobile threats – exploits against vulnerabilities, malware and advanced persistent threat techniques
Recommendations to address the need for both device management and network security
The fun with IDS doesn't stop after installation, in fact, that's really where the fun starts. Join our panel of IDS experts for an educational discussion that will help you make sense of your IDS data, starting from Day 1. We will discuss signature manipulation, event output, and the three "P's" - policy, procedure and process. We won't stop there either! You'll find out the meaning behind the terms all the cool kids are using like "False Positives" and "Baselining". We'll round it out with more information about how IDS interacts with the rest of your IT applications and infrastructure. If you installed an IDS and are wondering what to do next then signup now!Asset Discovery - creating an inventory of running instances
Vulnerability Assessment - conducting scans to assess exposure to attack, and prioritize risks
Change Management - detect changes in your AWS environment and insecure network access control configurations
S3 & ELB Access Log Monitoring - Monitor access logs of hosted content and data directed at your instance
CloudTrail Monitoring and Alerting - Monitor the CloudTrail service for abnormal behavior
Windows Event Monitoring - Analyze system level behavior to detect advanced threats
We'll finish up with a demo of AlienVault USM for AWS, which delivers all of the above capabilities, plus log management & event correlation to help you detect threats quickly and comply with regulatory requirements.
If there is one thing that can be said about the threat landscape, and cybersecurity as a whole, it is that the only constant is change. This can clearly be seen in 2014: a year with far-reaching vulnerabilities, faster attacks, files held for ransom, and far more malicious code than in previous years.
Join us on 26th May, at 10:00 - 10:45 to understand the growing threat landscape and how this affects your business.
On this webcast we will cover;
•The main security challenges and trends in 2014
•Highlight how threats operate to allow you to better informed
•Key takeaways for executive / functional leaders
ISO 31000 was published as a standard on the 13th of November 2009, and provides a standard on the implementation of risk management. A revised and harmonised ISO/IEC Guide 73 was published at the same time. The purpose of ISO 31000:2009 is to be applicable and adaptable for "any public, private or community enterprise, association, group or individual." Accordingly, the general scope of ISO 31000 - as a family of risk management standards - is not developed for a particular industry group, management system or subject matter field in mind, rather to provide best practice structure and guidance to all operations concerned with risk management.
This presentation provides key findings from the 2015 Cyberthreat Defense Report from the analyst firm CyberEdge. Based on a survey of IT security decision makers and practitioners across North America and Europe, the report examines the current and planned deployment of security measures, including the use of threat intelligence. It also provides developers of IT security technologies and products with answers they need to better align their solutions with the concerns and requirements of end users.
With companies adopting SaaS applications more rapidly than ever before, the risk of cloud data loss has also risen. As many as 40% of companies that use cloud based applications have reported data loss since 2013, according to reports from the Aberdeen group and Symantec – but until cloud data disasters hit home, businesses tend not to prioritize cloud data backup.
In this BrightTALK-exclusive webinar, you’ll learn about the biggest cloud data losses of the year, and how to make sure they don’t happen in your organization.
2014 was a year pack with hacker attacks on payment card infrastructures but we’re not out of the woods yet. Dell’s threat research team have regularly observed new active pieces of advanced Point-of-Sales (POS) malware in 2015. Why so many retailers still soft targets? For cyber criminals, retail is where the money is. The possibility of spiriting away and selling thousands or millions of credit card details and chunks of consumer information is powerful incentive.
With the increased regulation and scrutiny of the past decade, it is important for organizations to implement best practices in order to maintain control and achieve compliance with evolving regulatory requirements.
Compliance teams of the brave new world are set up to discuss risks with the key business leaders, and have sufficient resources to ensure company compliance programs are implemented effectively. Their software applications for managing enterprise governance, risk management, and compliance (eGRC) continue to mature with impressive features and functions, and they are making notable strategic advances by linking these three business functions for more informed decision-making, to reduce risk exposure, lower audit costs, and demonstrate compliance.
To replicate similar success in your eGRC program, you will need to focus on selling GRC value, practicing good GRC project management, and embedding GRC into corporate culture. Join this educational panel webinar as our experts delve deeper into this, and identify the best practices for implementing an eGRC program in 2015.
Are you still running Windows Server 2003? In July 2015, Microsoft will end support for Windows Server 2003, leaving more than 12 Million machines publically vulnerable. If your organization must remain on the Windows Server 2003 platform after support ends, an advanced solution needs to be employed to protect the unpatchable.
Join Palo Alto Networks to learn how organizations can employ an effective compensating control to protect against software vulnerabilities after Windows Server 2003 end of support.
Data center security is being reshaped by virtualisation, consolidation, and promising new technologies such as Software Defined Networking (SDN).
The adoption of the SDDC brings new challenges such as inspecting East-West traffic without the need to compromise on all the benefits of today's physical appliances.
After reviewing the diverging data protection legislation in the EU member states, the European Commission (EC) decided that this situation would impede the free flow of data within the EU zone. The EC response was to undertake an effort to "harmonize" the data protection regulations and it started the process by proposing a new data protection framework. This proposal includes some significant changes like defining a data breach to include data destruction, adding the right to be forgotten, adopting the U.S. practice of breach notifications, and many other new elements. Another major change is a shift from a directive to a rule, which means the protections are the same for all 27 countries and includes significant financial penalties for infractions. This tutorial explores the new EU data protection legislation and highlights the elements that could have significant impacts on data handling practices.
-This tutorial will highlight the major changes to the previous data protection directive
-Participants will understand the differences between these key terms
-Participants will learn the nature of the Reforms as well as the specific proposed change
Security event management continues to evolve as data breaches put more pressure on detective defenses providing continuous monitoring. Many companies have invested strongly in preventive defenses to stop attacks before they infect. Now the game changes to detecting the unknown and this requires scale and performance of SIEM solutions with increasing context for depth and visibility in the hands of security experts with an analytics mindset. Not everyone can play on this field, learn your options.
Attendees will learn:
- SIEM architecture changes for visibility
- Increasing complexity of data analytics to explore
- SIEM taxonomy and trade-offs between generations
- Analyst recommendations & best practices
- Why resources are key to SIEM success
Server virtualization is a mature technology. More than 70% of all x86 architecture workloads are running in VMs on top of hypervisors. With the increase in virtualization of mission critical workloads plus clustering and high availability, it’s more challenging than ever to get the visibility and dynamic rule settings for North-South and East-West traffic. In this session, no future hype, learn what is happened today with FortiGate-VMX use cases to secure all of your hypervisors and provide a real-world agility traffic testing using Ixia Breakingpoint for the proof.
The importance of protecting sensitive data is gaining visibility at the C-level and the Boardroom. It’s a difficult task, made even more so by the shortage of security experts. One option that more and more companies are pursuing is the use of managed security services. This can enable them to employ sophisticated technologies and processes to detect security incidents in a cost-effective manner. Should managed security be a component of your security mix?
In this webinar, Ed Ferrara of Forrester and Mark Stevens of Digital Guardian will discuss:
When does it make sense to utilize managed security services
How to the scope the services your company contracts out
Questions to ask when evaluating managed security services providers
The key criteria for selecting managed security providers
Information technology brings many benefits to a business, but it also brings risks. Knowing how to assess and manage those cyber risks is essential for success, a powerful hedge against many of the threats that your business faces, whether you are an established firm or pioneering startup. ESET security researcher Stephen Cobb explains how cyber risk assessment and management can work for you.
Are you giving the adversary unintended access through vulnerabilities in your system?
By only having one method of finding vulnerabilities or one way of mitigating them, the chances of the adversary getting through are increasingly high. This webinar will walk you through the current threat landscape, how vulnerabilities can be found, and how to mitigate control.
In this webinar you'll learn:
- What types of assessments work at which points in the software development lifecycle.
- What is the most popular way to deploy a WAF and why that's not a good idea as a single method of defense.
- Why finding and fixing your vulnerability isn't actually good enough.