Browse communities
Browse communities
Presenting a webinar?

Identity and Access Management: Strong Authentication and Compromises

Salvatore D’Agostino, CEO, IDmachines LLC
Identity and Access Management (IAM) are critical enterprise services which require policy and technical execution. Employee performance and enterprise governance, risk management and compliance depend on this. Threats exists to IAM services throughout their lifecycle from registration through transaction authentication. Surprisingly many organizations continue to employ identity, credentialing and access control solutions which are broken.

This webcast will look at:

· Requirements for personal and device identity registration

· Strong authentication compromises

Broken crypto

Access tokens

XML

· Secret compromises

· Infrastructure compromises

· Best practice for robust identity and access management and strong authentication

· Evolving standards
Jun 21 2012
44 mins
Identity and Access Management:  Strong Authentication and Compromises
More from this community:

IT Security

  • Live and recorded (5370)
  • Upcoming (108)
  • Date
  • Rating
  • Views
  • With data breaches and data leakage incidents becoming front page news, cyber investigations are taking on more importance within organizations. This calls for a new set of skills to be developed such as the ability to work with all levels of law enforcement, lawyers and attorneys and within the judicial system. Many of these investigations will call for the cybersecurity practitioner to be a witness and give testimony. What's the best way to do this to protect yourself and the organization, while also providing the information that will help law enforcement and the justice system to get the information they need? Join (ISC)2 on March 26, 2015 at 1:00PM Eastern for our next "From the Trenches" webcast where we'll talk about what it means to be an expert witness and the best practices for serving as one.
  • As a security professional, you are on constant alert for external threats. But many breaches are caused internally by incorrect configuration of IT resources, including SSL. To help improve how encryption is used, Qualys created a research project called SSL Labs to address two major problems of the ecosystem: lack of tools and documentation.
  • As organizations work hard to ensure complete anti-malware coverage on desktops, servers, and at the perimeter, attackers are already moving on to techniques completely outside those detected by traditional security tools. Enterprises must consider alternative approaches to defending their infrastructure and turn their focus to tools, products and techniques that approach security in new and different ways.

    In this webinar, Eric and Dave will discuss:

    • How the volume of system alerts from Network Security solutions are creating lots of noise but lack context to focus on the real threats facing your data
    • How to stop advanced threats – with no advance knowledge of the tools or malware – by following the attack sequence
    • Why bridging the gap between system security and data protection is the key to stopping ever increasing sophisticated attackers from stealing your data
  • This webinar draws on Bradford Networks’ extensive BYOD experience to help organizations avoid the landmines that plague BYOD initiatives.

    Attend this webinar and you will learn how to avoid:
    • Organizational Resistance - Establish and manage a cross-functional committee of stakeholders to build consensus
    • Support Burden - Leverage proven techniques to educate end users and minimize help desk calls
    • User Frustration - Implement ultra flexible BYOD policies without compromising security
    • Onboarding Latency - Maximize the end users’ ability to self-administer new and lost/stolen devices
    • Vulnerable Endpoints – Guided remediation for user devices that are under-protected and non-compliant
  • Attackers always have a goal in mind and it’s up to you to understand how they will get there. But how is that possible when there is simply too much data to sort through and act upon?

    The upcoming release of Core Insight 4.5 adds new attack intelligence features to consolidate, normalize, and prioritize vulnerability management initiatives enterprise-wide. These features allow users to reduce the noise from scanners by more than 90%, so that you can focus on the most critical threats.

    Join us on March 26, 2015 at 1pm ET to get a sneak peek and live demo of Core Insight 4.5. Hear about new features such as:

    - User customizable and flexible reporting
    - Centralized asset store for extended scalability
    - Enhanced exploit matching and filtering
    - Interactive and adaptive attack paths
  • Attackers always have a goal in mind and it’s up to you to understand how they will get there. But how is that possible when there is simply too much data to sort through and act upon?

    The upcoming release of Core Insight 4.5 adds new attack intelligence features to consolidate, normalize, and prioritize vulnerability management initiatives enterprise-wide. These features allow users to reduce the noise from scanners by more than 90%, so that you can focus on the most critical threats.

    Join us on March 26, 2015 at 1pm ET to get a sneak peek and live demo of Core Insight 4.5. Hear about new features such as:

    - User customizable and flexible reporting
    - Centralized asset store for extended scalability
    - Enhanced exploit matching and filtering
    - Interactive and adaptive attack paths
  • Attackers are constantly trying to find new exploits to penetrate network defenses and bypass security controls. In 2014, Mandiant’s M-Trends report indicated that it takes an average of 229 days to detect the presence of a threat actor on an enterprise network. Organizations are starting to realize that the evolution in technologies alone cannot stop such incidents, as the actors continue to change their tactics.

    Organizations need to consider supplementing their security technologies and processes with their people. By leveraging employees as human sensors, we not only adopt “see something, say something”, but we are able to add an extra layer of defense and exponentially reduce detection time as well.

    In this webinar, PhishMe’s Senior Researchers Ronnie Tokazowski and Shyaam Sundhar will discuss:

    • Engaging human sensors as a layer of defense
    • Utilizing user reports to detect malware
    • Real use cases of user detection within our enterprise
  • Sutter Health is a not-for-profit health system serving more than 100 communities in Northern California. Each year its 5,000 physicians care for more than 10 million outpatient visits and discharge more than 200,000 in-patients.

    As healthcare systems transition from “fee for service” to “fee for value” reimbursement models, there is an increasing focus to drive down 30-day re-admission rates, particularly for high risk patients. To this end, Sutter Health is piloting Project RED (Re-engineered Discharge) which leverages predictive analytics to identify high-risk patients and then prescribes alternative discharge workflows aimed at lowering the risk of re-admission.

    Join us as Kristen Wilson-Jones, Sutter RD&D CTO, shares how Sutter Health has leveraged MuleSoft’s Anypoint Platform in an orchestrated plecosystem of technologies to power Project RED by enabling real-time patient risk scoring, clinical workflow management and bi-directional integration with Epic.

    Topics covered
    -------------------
    + How Sutter Health is lowering 30-day re-admission rates by re-engineeing clinical workflows
    + The need for connectivity to enable workflow re-design
    + Best practice in moving from an application-centric to a data object-centric connectivity approach
  • Software vulnerabilities remain one of the most common attack vectors for security incidents and data breaches, either as the entry point for hackers or the enabler of privileges escalation inside networks.
    Despite awareness of the risk, and the fact that most software vulnerabilities have a fix the day they are made public, organizations continue to fail to execute mitigation actions. The consequence is that we continue to see costly breaches affecting businesses around the globe.
    In this webinar, Marcelo will talk about how the use of vulnerability intelligence can be a game changer to help organizations become better at mitigating the risk of software vulnerabilities.
    Key takeaways:
    -Data related to software vulnerabilities
    -The challenge of prioritizing mitigation
    -How the use of vulnerability intelligence can help support consistent risk reduction
  • Web applications are a favourite target for hackers, so their safety must be a priority. Using an application firewall can enable active protection from known and zero-day threats. Join us to find out how Qualys Web Application Firewall combines scalability and simplicity delivered in the cloud to block attacks fast—without the substantial cost of traditional solutions.
  • Channel
  • Channel profile
  • The Dark Side of Anonymizers: Protect Your Network from the Unknown Apr 14 2015 5:00 pm UTC 45 mins
    Joanna Burkey, DVLabs Manager, HPSW HPN Security - Tipping Point
    While anonymizers can serve a positive purpose by protecting a user’s personal information by hiding their computer’s identifying information, their use in your network environment can be dangerous. Anonymizers can evade enterprise security devices, and their misuse can make your organization susceptible to malware and unwanted intrusions. Attend this session to learn how you can detect and block elusive anonymizers from wreaking havoc on your network.
  • Industrial Control Systems Cyber Security: It’s Not All About Stuxnet Apr 14 2015 3:00 pm UTC 45 mins
    Dr Damiano Bolzoni, CEO & co-founder, SecurityMatters
    Recently cyber attacks against Industrial Control Systems (ICS) used by
    utilities and other Critical Infrastructure organizations have hit the
    newlines worldwide. Stuxnet is the best known cyber attack against an
    industrial installation, but it's not the only one.

    But what if cyber attacks were not the biggest threat to industrial
    networks and systems? Although malware is still a major point of
    interest, the sword of Damocles for critical industrial networks is
    represented by system misuse performed by disgruntled employees,
    contractors and vendors, as well as unintentional mistakes,
    network and system misconfiguration; all this could lead to the
    divergence or failure of critical processes.

    In this talk we will reshape the concept of ICS cyber security and will present our vision for a comprehensive approach to cyber security for ICS.
  • All About the Thousands of 2014 Vulnerabilities - From Secunia Research Apr 14 2015 3:00 pm UTC 45 mins
    Kasper Lindgaard, Director of Research and Security, Secunia
    Every year, Secunia Research releases a review of the global vulnerability landscape, based on their large vulnerability database and data from the Secunia Personal Software Inspector (PSI) user base.

    The data in this research provides security professionals around the world with perspective on the impact and evolution of the threat landscape and what has trended throughout the year.

    In this webinar, Secunia’s Director of Research and Security Kasper Lindgaard will discuss the data presented in the Secunia Vulnerability Review 2015 and answer questions.

    The review itself is released on March 25.

    Before March 25, you can pre-register to receive a copy of the review as soon as it is released:

    www.secunia.com/VR2015

    Key takeaways:

    - The number of vulnerabilities and zero-days detected in 2014

    - How quick vendors are to respond to vulnerabilities

    - Which programs are more vulnerable

    - How products bundled with open source applications and libraries affect security
  • It Wasn't Me, It Was Bennett Arron Apr 14 2015 10:00 am UTC 45 mins
    Bennett Arron, Comedian, Author & Identity Theft Speaker
    Several years ago, award-winning writer and stand-up comedian Bennett Arron was in serious debt. He owed thousands of pounds to mobile phone companies, catalogues and department stores. Only it wasn’t him. Bennett was a victim of Identity Theft, the fastest growing crime in the UK. This theft resulted in Bennett and his pregnant wife becoming penniless and homeless.

    Years later, Bennett wrote a comedy show about his experience. The show was critically acclaimed at the Edinburgh Festival and led to Bennett being asked to direct and present a Documentary for Channel 4. The Documentary, How To Steal An Identity, was Pick of The Week in The Guardian and The Telegraph and was called ‘Fascinating and Disturbing’ by the TV Times. It went on to be shortlisted for a BAFTA.

    In the Documentary, Bennett proved the ease of ID theft, by first stealing the identities of the general public and then stealing the identity of the then Home Secretary, Charles Clarke.This action resulted in Bennett being arrested in a dawn raid by Scotland Yard and given the code-name Operation Hydrogen.

    Bennett has recently written a memoir on the subject. This book, which has received several 5 star reviews, is not only a disturbingly true yet funny account of what it's like to have your identity stolen and but also reveals the devastating consequences of making a documentary ‘in the public interest’.

    He has performed as a speaker at many corporate events around the world and he was the Guest Speaker at the International Fraud Convention in Italy, the International Congress On Anti-Fraud & Anti-Corruption in Poland (twice) and the opening keynote speaker at Auscert in Australia.

    Bennett has been called... 'A Welsh Seinfeld' by The Guardian, 'Genuinely Original and Funny' by The Times and ‘Case Number 2477419’ by The Metropolitan Police.
  • From the Front Lines: The Top 10 DNS Attacks Apr 9 2015 5:00 pm UTC 45 mins
    Srikrupa Srivatsan, Sr. Product Marketing Manager, Infoblox
    More than 75% of organizations in the U.S. and U.K. have experienced at least one DNS attack according to SC Magazine. DNS Attacks are increasing in frequency and evolving constantly. They range from common amplification, reflection, and flood attacks to more sophisticated and stealthier types. These might have fancy names like random subdomain, phantom domain, and domain lock-up, but their effects on DNS are far from pretty. Join this webinar as we reveal the top 10 attacks on external and internal DNS servers; and the impact they have on your operations.
  • Optimize Customer Signup Flows Online and in Your Mobile App Apr 9 2015 4:00 pm UTC 45 mins
    Chris Morton, President, Block Score; Lisa Aguilar, Marketing Manager, Jumio; James Bickers, Senior Editor,Networld Medi
    In today’s online and mobile environment, financial service organizations are struggling to comply with a multitude of regulatory requirements that impede online and mobile customer signups. What is the best way to signup customers while still complying with regulations and mitigating fraud?

    Join us for a live webinar, “Optimizing customer signup flows in your mobile and web channels” and listen in as experts in ID authentication and identity verification discuss various strategies that will help you:

    · Quickly and safely signup customers through your mobile and online channels
    · Remain compliant with regulatory requirements without adding additional operational overhead
    · Reduce customer sign-up abandonment

    Don’t loose another customer because you can’t offer a real-time sign-up process through your online and mobile channels. Join us and learn how to optimize your sign-up flows, and enable anytime, anywhere through any digital channel customer account opening.
  • Looking Forward to HIMSS 2015: What are the latest trends? Apr 8 2015 5:00 pm UTC 60 mins
    Lysa Myers, Security Researcher III, ESET North America
    ESET security researcher Lysa Myers discusses developments in healthcare IT system security that you may see at the HIMSS conference in Chicago next week. Find out what is being done to better protect patient data privacy and more.
  • How Mobile Data Protection Can Accelerate Top CIO Initiatives Apr 8 2015 4:00 pm UTC 60 mins
    Dave Packer, Director of Product Marketing & Seyi Verma, Sr. Product Marketing Manager
    The proliferation of data on mobile devices has created huge headaches for CIOs as they attempt to protect data, stay in compliance and move workloads to the cloud. How IT approaches data protection for mobile devices can support or hinder these high level efforts. Endpoint backup, traditionally viewed as a functional requirement below the radar of CIOs, is evolving to offer not just data backup and restore, but also a modern way to address costly data governance challenges such as compliance and eDiscovery. This webcast will cover real-world case studies of Fortune 1000 companies leveraging endpoint backup solutions to gain significant business advantages including cost control, compliance and embracing the cloud.
  • ISA 62443 Patch Management Overview and Methods for Zero-Day Threat Protection Apr 8 2015 4:00 pm UTC 75 mins
    Joe Weiss, Managing Director for ISA99; William Cotter, Systems Engineering Specialist; Delfin Rodillas, Sr. Manager of SCADA
    The growing presence of widely known and used Commercial Off-the-Shelf (COTS) systems in Industrial Control Systems (ICS) provides an increased opportunity for cyber attacks against ICS equipment. Such attacks, if successful, could have severe impact to not only process availability but also safety. Patch management is one particular area of cybersecurity which requires special attention when applied to ICS. It is part of a comprehensive cybersecurity strategy that increases cybersecurity through the installation of patches that resolve bugs, operability, reliability, and cyber security vulnerabilities. The ISA-TR62443‑2‑3 technical report, developed by the ISA 99 Working Group 6, addresses the patch management aspect of ICS cyber security. Also part of an effective strategy is the use of compensating cybersecurity controls to protect ICS systems from exploits and malware in between often long patching cycles. Novel network and host based technologies have recently become available to address even zero-day threats which bypass conventional signature-based approaches.

    Attendees of this webinar will leave with a better understanding of:
    -The unique aspects of ICS that entail a different and more rigorous approach to patch management than that used in business networks
    - An overview of the ISA 99 standards efforts with detail review of the main aspects of the ISA-TR62443-2-3 Technical Report on Patch Management in IACS
    - Advancements in compensating cybersecurity controls for protecting systems from zero-day threats
  • Why DDoS Makes for Risky Business – And What You Can Do About It Apr 8 2015 3:00 pm UTC 60 mins
    Dave Shackleford, IANS Lead Faculty and Tom Bienkowski, Director of Product Marketing
    Despite years of headlines, and countless examples, many organizations are still under the impression that DDoS attacks are a problem for somebody else (i.e. their ISP), or that it’s a problem that can be defended using an existing on-premise security solution, such as their firewall or IPS. In a risk obsessed world, these organizations are ignoring the very real likelihood of becoming a target for DDoS attacks, along with the severe operational and business consequences of falling victim to an attack.

    It’s time to debunk some misconceptions about DDoS.

    Attend this webinar to learn:

    - Why a single layer of DDoS protection isn’t enough
    - How the impact of a DDoS attack is significantly more costly than protection options
    - The correlation between DDoS attacks and advanced threats revealed in our latest research and how both are used during multiple phases of an advanced threat campaign.
  • Your organization has been breached, now what? Mar 31 2015 5:00 pm UTC 45 mins
    Dal Gemmell, Director of Product Management and Steve LaBarbera, Director of Security Solutions, SentinelOne
    Unfortunately, there is a high likelihood that organizations will suffer a breach by advanced malware. Learn how to minimize response time through real-time forensics to understand the scope of compromise including:

    - Identifying attacked endpoints
    - Finding indicators of compromise
    - Analyzing malicious activity
    - Tracing outbound communication, and more
  • UTM + USM: All you need for complete Threat Management Mar 31 2015 4:00 pm UTC 45 mins
    Patrick Bedwell, AlienVault; Neil Matz, Fortinet
    Did you know the average breach goes undetected for 229 days? The earlier you can detect and respond to a breach, the faster you lower the risk and potential damage. Traditionally, companies have implemented a number of point solutions to for each new threat, an expensive and cumbersome approach. However, by combining threat protection from Fortinet with threat detection and response from AlienVault, companies now have an affordable way to significantly reduce the cost and complexity of complete threat management.

    Join threat experts from AlienVault and Fortinet for this webcast to learn how this integrated solution will provide:

    · Continuous threat prevention, detection and remediation in an easy-to-use solution

    · The ability to identify all critical assets and the potential attack surfaces in your network

    · Advanced analysis of FortiGate logs for threat identification and response through AlienVault USM

    · Simplified protection of your network with ONLY two products, at a price you can afford

    · Continual improvement of your security posture through frequent assessment.

    · Integrated threat intelligence that maximizes the efficiency of your security monitoring program
  • Bridging the Trust Gap for Identity Services Based Market Growth Mar 30 2015 4:00 pm UTC 45 mins
    Joni Brennan, Executive Director, Kantara Initiative
    In the age of digital transformation trust is key to the growth of services in both the public and private sectors. With more and more services evolving and innovating around digital identity there is a universal need to bridge and balance business incentives with government requirements. At Kantara Initiative we see the transformation cycle as a 4 stage process: strategy setting, innovation, deployment, and assurance. Few, if any, organizations can succeed at all of the strategic stages of change and innovation in isolation. We invite you to join us to discuss how trust frameworks will evolve to bridge the digital transformation of identity assurance.
  • Insights From CyberEdge’s 2015 Cyberthreat Defense Report Mar 27 2015 5:00 pm UTC 45 mins
    Steve, CEO, CyberEdge Group
    CyberEdge Group, a premier information security research firm, recently announced the results of its 2015 Cyberthreat Defense Report. Designed to complement Verizon’s annual Data Breach Investigations Report, this report provides a 360-degree view of organizations’ security threats, current defenses, and planned investments. Over 800 security decision makers and practitioners from across North America and Europe were surveyed in December 2014. Attend this insightful webinar to learn:

     How many were affected by a successful data breach in 2014
     How many think they’ll be victimized in 2015
     What portion of IT spending is dedicated to security
     Which cyberthreats concern security professionals the most
     Which security defenses are present or planned for acquisition
     Plus two dozen additional insights from security professionals just like you
  • A Zero-Day Agnostic Approach to Defending Against Advanced Threats Recorded: Mar 26 2015 51 mins
    Eric Hanselman, Chief Analyst, 451 Research & Dave Karp, VP Technical Enablement, Digital Guardian
    As organizations work hard to ensure complete anti-malware coverage on desktops, servers, and at the perimeter, attackers are already moving on to techniques completely outside those detected by traditional security tools. Enterprises must consider alternative approaches to defending their infrastructure and turn their focus to tools, products and techniques that approach security in new and different ways.

    In this webinar, Eric and Dave will discuss:

    • How the volume of system alerts from Network Security solutions are creating lots of noise but lack context to focus on the real threats facing your data
    • How to stop advanced threats – with no advance knowledge of the tools or malware – by following the attack sequence
    • Why bridging the gap between system security and data protection is the key to stopping ever increasing sophisticated attackers from stealing your data
  • New Attack Intelligence Capabilities Coming Soon - Get a Sneak Peek! Recorded: Mar 26 2015 48 mins
    Todd Harris, Director of Product Marketing; Ray Suarez, Director of Product Management, Core Security
    Attackers always have a goal in mind and it’s up to you to understand how they will get there. But how is that possible when there is simply too much data to sort through and act upon?

    The upcoming release of Core Insight 4.5 adds new attack intelligence features to consolidate, normalize, and prioritize vulnerability management initiatives enterprise-wide. These features allow users to reduce the noise from scanners by more than 90%, so that you can focus on the most critical threats.

    Join us on March 26, 2015 at 1pm ET to get a sneak peek and live demo of Core Insight 4.5. Hear about new features such as:

    - User customizable and flexible reporting
    - Centralized asset store for extended scalability
    - Enhanced exploit matching and filtering
    - Interactive and adaptive attack paths
  • See something say something: A humanistic approach to security intelligence Recorded: Mar 26 2015 25 mins
    Ronnie Tokazowski, Senior Researcher and Shyaam Sundhar, Senior Researcher, PhishMe
    Attackers are constantly trying to find new exploits to penetrate network defenses and bypass security controls. In 2014, Mandiant’s M-Trends report indicated that it takes an average of 229 days to detect the presence of a threat actor on an enterprise network. Organizations are starting to realize that the evolution in technologies alone cannot stop such incidents, as the actors continue to change their tactics.

    Organizations need to consider supplementing their security technologies and processes with their people. By leveraging employees as human sensors, we not only adopt “see something, say something”, but we are able to add an extra layer of defense and exponentially reduce detection time as well.

    In this webinar, PhishMe’s Senior Researchers Ronnie Tokazowski and Shyaam Sundhar will discuss:

    • Engaging human sensors as a layer of defense
    • Utilizing user reports to detect malware
    • Real use cases of user detection within our enterprise
  • From the SOC to the BOD: The Board’s Role in Cyber Security Recorded: Mar 26 2015 48 mins
    Donna Dabney, Executive Director of The Conference Board Governance Center; Bill Ide, Partner at McKenna Long & Aldridge
    As major breaches cause financial and reputational damage to businesses across all industries, there is a push for cyber security to become a board level issue. A recent survey from BDO International found 59% of board directors have become more involved in cyber security within the past twelve months. But how can board members unfamiliar with the ins and outs of network security effectively manage these risks?

    Join BitSight’s VP of Business Development, Jacob Olcott, Partner at McKenna Long & Aldridge, Bill Ide and the Executive Director of The Conference Board Governance Center, Donna Dabney on Thursday, March 26 at 11:00am EDT for an online roundtable discussion on board involvement in cyber security. The panelists will discuss how both security leaders and board members should approach the communication and management of cyber risks in the enterprise.

    Attendees will also learn:

    - What cyber security metrics are most important for the board
    - Methods for security leaders to communicate cyber issues across the enterprise
    - How BitSight’s platform enables communication on security performance throughout the enterprise
  • Cloud-based Computing Survey Results: Adoption Trends and Security Concerns Recorded: Mar 25 2015 7 mins
    Kris Bondi, VP of Marketing, Moka5
    Earlier this year, Moka5 conducted a survey about how enterprises are currently using cloud-based services and how they would prefer to use them. The results are in and the findings are eye opening. Join Moka5 VP of Marketing Kris Bondi for an overview of the adoption and usage trends as well top-of-mind security concerns for IT decision makers.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Identity and Access Management: Strong Authentication and Compromises
  • Live at: Jun 21 2012 6:00 pm
  • Presented by: Salvatore D’Agostino, CEO, IDmachines LLC
  • From:
Your email has been sent.
or close
You must be logged in to email this