Hi [[ session.user.profile.firstName ]]

Don't Bloat The Hypervisor! What to Know About Introspection

"Don't bloat the hypervisor" is the rallying cry for some security professionals worried about system virtualization security. Worried that access to APIs for security needs could end up making the same mistake with hypervisors that was made earlier with operating systems - bloat. And the larger a system is, whether it is the code base for a hypervisor or an operating system, the more difficult it is to secure. Other security professionals say that the lack of security capabilities inherent in hypervisors limits necessary tasks, such as forensics. This group argues that introspection capabilities are critical for actually securing virtualization.

This presentation will examine both sides of the introspection debate, and what the possible implications of it are for information security practitioners trying to secure virtualized environments.
Recorded Feb 23 2011 33 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Tim Mather, Consultant & Board Member of Cloud Security Alliance (CSA)
Presentation preview: Don't Bloat The Hypervisor!  What to Know About Introspection

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • The Three Axes of Evaluating Security Analytics Solutions Aug 10 2016 3:00 pm UTC 45 mins
    Dr. Matthew Williamson, Chief Threat Defense Scientist at vArmour
    The problem of detecting attackers in today’s enterprises and data centers is harder than ever. Well-funded adversaries with time and patience use techniques that blend in with enterprise activities, making accurate detection difficult. Security analytics promises to address this situation by throwing advanced math at available data sources in the enterprise, with the goal of finding the proverbial threat needle in the data haystack.

    This presentation will enable attendees to evaluate security analytic solutions, cutting through the buzzwords and hype, and providing both a deep understanding of the detection problem and a framework to evaluate solution efficacy, based on three axes: breadth, depth and control.
  • Intel & Threat Analysis – The Defensive Duo Aug 10 2016 1:00 pm UTC 45 mins
    Jens Monrad, Global Threat Intelligence Liaison, FireEye
    The ongoing battle with cybercrime is asymmetric. You’ve invested millions in protection technology but unknown attackers still find a way in. So how do you stay ahead of the curve?

    "The core problem is that most cyber security tools do not make a distinction between everyday malware and advanced targeted attacks. If security tools cannot tell the difference, security teams have no way of prioritizing the alerts that matter the most."

    Join Jens Monrad, Global Threat Intelligence Liaison from FireEye in this webinar that will discuss:

    •How to ensure you are responding to the alert that matters

    •Benefits of Alerts with threat Intelligence

    •Using threat intelligence to think like your attacker

    •How to apply threat intelligence, expert rules and advanced security data analytics in order to shut down threats before they cause damage

    •How security teams can prioritize and optimize their response efforts.
  • How Secure Organizations Have Their Accounts Compromised Aug 9 2016 8:00 pm UTC 45 mins
    Stan Bounev, Chief Product Officer, VeriClouds
    Enterprises spend millions of dollars on cyber security tools and services, but still many of them cannot distinguish the legitimate users from the attackers with legitimate, but stolen credentials. This fact and the fact the users reuse their passwords across multiple services, allows attackers to easily get into an organization using the front door instead of using vulnerabilities to compromise the IT infrastructure. The security of an organization is heavily dependent on the security of the other organizations where its employees or customers have accounts.
    In this talk, you will learn how attackers are able to compromise accounts of secure organizations which do not have vulnerabilities; and as an admin, what you can do to protect your organizations from those attacks. We will look at case studies of organizations whose accounts have been breached and those that took proactive measures to keep their employees’ and customers’ accounts safe.
  • Protecting Online Games from In-Game Threats Aug 9 2016 7:00 pm UTC 45 mins
    Matthew Cook, Co-Founder of Panopticon Laboratories
    The activities of cheaters, hackers, and fraudsters are killing virtual worlds for online game players, publishers, and developers. This presentation outlines the tools and techniques that bad guys have adapted from other industries to attack online games, why they're so financially motivated to do so, and what the consequences of allowing them to continue to operate were for a large, international Facebook and mobile game publisher.
  • Managing Your Security Policy: 10 Actionable Tips to Help Improve Your Firm Aug 9 2016 6:00 pm UTC 45 mins
    Wes Stillman, CEO of RightSize Solutions
    As today’s technology becomes more and more sophisticated, human error remains the weak point. The most state of the art security technology is still hampered by human error and lack of awareness.

    In this insightful and action-oriented session, Wes Stillman, CEO of RightSize Solutions and a leading industry thought-leader on cybersecurity will offer actionable tips that firms can implement right away to drastically improve security including:
    · Survey Your Technology Infrastructure
    · Set Up Awareness Training
    · Run a Mock Disaster Recovery
    · What is BYOD and why it’s so important

    As one of the premiere providers of IT Outsourcing to RIA Firms and the Wealth Management community, this presentation ideal for COOs, CTOs or anyone interested in understanding how effective policies and procedures can be your best line of defense for the security of your firm and clients.
  • Top Tools and Solutions to Fight Data Mining Malware Aug 9 2016 4:00 pm UTC 45 mins
    John Bambenek, Threat Systems Manager at Fidelis Cybersecurity
    Nearly 1 million new malware threats are released every day. The sheer deluge of unique malware samples makes it difficult for incident responders to keep up to protect their networks. Even more difficult is the task for investigators and law enforcement to keep up with the size and number of command-and-control networks and criminal operations.
    Join this presentation to learn about the solutions and tools you can employ to monitor criminal infrastructure and make it easy for incident handlers to identify problems on their network, for security analysts to protect their networks and for law enforcement to have reliable near-time information for their operations.
  • Understand and Manage Your Cyber Risk Exposure with ALE Aug 9 2016 3:00 pm UTC 45 mins
    Roderick Flores, Founder & CEO of Sikernes Risk Management, Inc.
    What are your security risk assessments really telling you? Do you know how much a change in security or business operations will change your exposure? Do you know how changes in threat activity affect your risk over the long term?

    Chances are you will not be able to answer these questions unless you have quantitatively calculated your Annualized Loss Expectancy (ALE). Join this presentation and learn about the factors that drive the determination of ALE and how this approach will allow you to better understand and manage your exposure to cybersecurity risks.
  • The Next Generation of Cyber Crime is here Aug 9 2016 1:00 pm UTC 45 mins
    Rob Coderre
    Evolving tactics, techniques and procedures (TTPs) of online criminal actors have left a number of notable victim organizations in their wake and raised the bar for the security teams and law enforcement agencies that have sworn to protect them. From the migration of online criminal markets to an even deeper underground, to online extortion making a big comeback in novel ways, to increasingly effective malware crafted to steal more money and private information, if you are a potential target for online criminals, you are up against a greater cyber criminal threat than in years past.
  • Smartphone Security Analysis and Security Flaws Aug 9 2016 11:00 am UTC 45 mins
    Ayaz Hussain Abro, Information Security & GRC Consultant
    The main areas covered in this webinar will be the latest smartphone threats and malicious back doors. How Hackers are gaining access into user's mobile phone and reach into financial information just by deceiving user just with one application.

    We all make transactions through smartphone apps, and these need to be safe and alert. The audience will learn about how to defeat hackers by using smartphone smartly.
  • How Biometric authentication is redefining financial security Jul 29 2016 2:00 pm UTC 60 mins
    Blair Cohen (AuthenticID)
    Join this panel where we'll tackle the following questions:

    What is the biggest authentication challenge?

    What new techniques seem most promising?

    Why has new account fraud spiked 134% in the US since we began implementation of EMV?

    Are biometrics the future of authentication?

    Why isn’t use of biometrics more ubiquitous now?
  • Fighting Claim Fraud with InsurTech Jul 28 2016 2:00 pm UTC 60 mins
    Ina Yulo (BrightTALK), John Erik Setsaas (Signicat), John Egan (Anthemis Group), Jason Peto (360global net)
    When it comes to analysing and managing insurance claims, the market still runs in a very old school manner — human intervention, lots of paperwork and phone calls. This unfortunately also poses a real threat when it comes to fraudulent claims and applications. With digital advances and the rise of InsurTech, these risks can be minimised and fraudulent applications detected way before they can do any harm.

    Join this panel where we’ll discuss:
    -How predictive analytics can help spot fraudulent applications before they can do proper damage
    -How new technologies can help investigate and monitor specific claims
    -The need for more transparency throughout the claiming process and the importance of identity validation
    -Improving the customer journey by empowering the individual to report and settle claims online or through mobile devices
  • Ransomware: The Darker Side of Bitcoin Jul 27 2016 4:00 pm UTC 60 mins
    JP Vergne (Scotiabank Lab, Ivey B-School), Alexander Hinchliffe (Palo Alto), Samee Zafar (Edgar Dunn) Mark Lavender (BT)
    Bitcoin has been making remarkable breakthroughs in the currency world. Its ability to allow users to be fully in control of their transactions along with its no-borders transfer policy have made it attractive to both investors and consumers alike.

    However, recent reports have revealed a darker side to Bitcoin. The cryptocurrency is being hoarded by financial institutions as ransom money to pay off potential cyber attackers. Has Bitcoin officially crossed the line and now become a black market currency? Has its untraceable nature inspired the new generation of cyber criminals to initiate unprecedented levels of targeted Ransomware attacks?
    Join this panel of industry-leading speakers, who'll be discussing the following:

    -Why has Bitcoin-related ransomware become more popular in recent years?

    -How can you prevent a Ransomware outbreak in your organisation?

    -Is it possible to catch and subsequently prosecute blockchain criminals?

    -How can authorities and financial institutions adopt and adapt in the face of rising levels of Ransomware threats?
  • Up and Running in AWS, Now What About Security? Recorded: Jul 21 2016 54 mins
    Oliver Pinson-Roxburgh, EMEA Director of Solutions Architecture
    For many businesses, security, compliance and data protection in the cloud have been a major challenge due to the shared responsibility model and automation of public cloud infrastructure. Trying to force fit traditional security tools into an agile infrastructure like AWS can be time consuming and clumsy, and ensuring consistent security controls requires new practices for security and auditing teams.

    Register for this impactful webinar presented by Oliver Pinson-Roxburgh, EMEA Director of Solutions Architecture at Alert Logic, as he walks through the vital AWS security best practices you need to know about and how to design your application security strategy so that it integrates with AWS.

    Securing AWS Tried and Tested Continuous Security Strategy:
    • Tradition is out: where traditional security does and doesn’t fit
    • Where to start: what to do within the first 5 minutes of setting up your AWS account
    • Visibility into your AWS infrastructure where to go to get security value
    • Top AWS Security Best Practices
  • How Blockchain Technology is Improving Compliance and Security Recorded: Jul 21 2016 56 mins
    Rob Laurence, Michael Gronager (Chainalysis), Lory Kehoe (Deloitte), John Erik Setsaas (Signicat), Leda Glyptis (Sapient)
    It goes without saying that compliance and security have the highest of priorities within an organisation. In the digital world, however, effective compliance and security comes at a high cost. In this session we consider the value of Blockchain technology in ensuring compliance and security in digital transactions.

    Join the panel where the following points will be discussed:
    · Where is Blockchain being used to deliver compliance and security?

    · Does Blockchain actually improve compliance and security?

    · What case studies exist to actually demonstrate this?

    · What role does Blockchain have with device-to-device communications and the IOT?

    · Can Blockchain improve the customer experience in user-centric digital services or is it just an underlying technology?

    · Is Blockchain better than existing technologies and approaches or is it really just hyped up by the tech industry?
  • Security practices for safe mobile money transfers Recorded: Jul 20 2016 62 mins
    Tom Meredith (SmartToken Chain), Ali Raza (CCG Catalyst)
    Every person on the planet has a mobile phone, but 2 Billion people are “Un-banked”.
    Banks and telecoms are in a Gold Rush to bank the unbanked, but many obstacles remain. Money transfers are some of the most popular transactions made by both the banked and the unbanked. However, building trust in this new service is definitely a challenge.

    Join this panel where discussion points will include:

    -Who has the upper hand: Banks or Carriers?
    -How can Fintech companies ensure trust and security when it comes to mobile money transfers?
    -Global ISO Standards Authenticate ID and Asset Verification
    -ISO Reduces Fraud and Speeds up Asset Transfers
    -What are some of the security challenges new payment services are able to overcome?
    -Are “Standards” emerging to reduce implementation and compliance costs?
    -How do you create cross-border and Inter-bank/carrier transactions?
    -How can banks and telecoms successfully bank the unbanked?
  • Bigger Bang for the Buck: Agility with Security for Financial Services Recorded: Jul 19 2016 43 mins
    Maya Malevich - Director, Product Marketing Tufin and John Parmley- Area Vice President - US West, Tufin
    For many financial services organizations, security and risk management is a necessary evil that slows down IT's ability to keep up with business needs. The conflict between security and agility becomes even greater with adoption of hybrid cloud platforms. While agility should be maintained, security and compliance become even more challenging.

    By automating and orchestrating network security policies across physical and hybrid cloud platforms, it is possible to maximize both agility and security simultaneously.

    Join us for this session to understand how network security change automation with inherent policy controls can help you stop the balancing act between agility and security and maximize both for your business.
  • Best Practices to Protect Your Organization from a Cyber Attack Recorded: Jul 14 2016 64 mins
    Mac McMillan, CEO and Co-Founder of CynergisTek
    As data breaches are becoming more prevalent, and more organizations are becoming targets for malicious attacks, the stakes are especially high for the healthcare industry.
    Join this presentation to learn about the current cybersecurity threats and the tactics for defense organizations need to deploy for early detection and incident response. Mac McMillan, CEO and co-founder of CynergisTek will illustrate what an attack looks like, the phases of the hack, and how to use technology as well as policy to aid in detection, and then how to construct a disciplined incident response process. Lastly, learn how all of this should be integrated into a comprehensive information security strategy.
  • Applying Web Isolation to Prevent Advanced Threats Recorded: Jul 14 2016 43 mins
    Dan Amiga, CTO and Co-Founder, Fireglass
    Conventional security solutions have been failing in preventing advanced threats. Join to learn how web isolation is revolutionizing cyber-security by indisputably eliminating critical attack vectors including browsers, emails and documents
  • Cloud Object Storage 101 Recorded: Jul 14 2016 63 mins
    Nancy Bennis, Director of Alliances, Cleversafe an IBM Company, Alex McDonald, Chair, SNIA Cloud Storage Initiative, NetApp
    Object storage is a secure, simple, scalable, and cost-effective means of embracing the explosive growth of unstructured data enterprises generate every day.
    Many organizations, like large service providers, have already begun to leverage software-defined object storage to support new application development and DevOps projects. Meanwhile, legacy enterprise companies are in the early stages of exploring the benefits of object storage for their particular business and are searching for how they can use cloud object storage to modernize their IT strategies, store and protect data while dramatically reducing the costs associated with legacy storage sprawl.
    This Webcast will highlight the market trends towards the adoption of object storage , the definition and benefits of object storage, and the use cases that are best suited to leverage an underlying object storage infrastructure.
    In this webcast you will learn:
    •How to accelerate the transition from legacy storage to a cloud object architecture
    •Understand the benefits of object storage
    •Primary use cases
    •How an object storage can enable your private, public or hybrid cloud strategy without compromising security, privacy or data governance
  • Office 365 Security and Compliance – Enforcing the 4 Layers of Trust Recorded: Jul 13 2016 50 mins
    Brandon Cook and Srini Gurrapu of Skyhigh Networks
    Office 365 usage has tripled in the last 9 months as more and more companies enable anytime, anywhere access to Microsoft’s suite of cloud services. But security and compliance require a new level of granularity when users access cloud-based systems of record from a variety of networks, locations, and devices.

    In today’s cloud-first, mobile-first world, IT Security teams are creating variable trust models based on user, device, activity, and data sensitivity. In this session, we’ll share the proven 4-layer trust model for security and compliance in O365.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Don't Bloat The Hypervisor! What to Know About Introspection
  • Live at: Feb 23 2011 5:00 pm
  • Presented by: Tim Mather, Consultant & Board Member of Cloud Security Alliance (CSA)
  • From:
Your email has been sent.
or close