Despite the hype of malicious hackers, APT, etc, the insider threat is the most costly to organizations. Insiders can cause loss either through malicious or malignant actions, and again, the losses from malignant actions far outweigh the losses from malicious actions. The panel will address the most common underlying vulnerabilities that enable the losses incurred due to insider actions, both malignant and malicious, as well as discuss lessons learned and best practices in attempting to mitigate such losses.
EC-Council CISO Summit Panel Session
￼Ira Winkler, CISSP, Chief Security Strategist for Codenomicon, and President of the Internet Security Advisors Group
-Eric McKim, Senior Vice President of Cybersecurity and Chief Information Security Officer (CISO) for Business Integra
-Steven Fox, Security Architecture & Engineering Advisor at U.S. Department of the Treasury
-Rick Moy, President & CEO at NSS Labs, Inc.
-Anthony Meholic, Chief Information Security Officer – Republic Bank
-Joe McCray, Founder & CEO at Strategic Security, LLC
RecordedMar 14 201260 mins
Your place is confirmed, we'll send you email reminders
Danielle Kriz, Sr Director, Global Policy at Palo Alto Networks and Aravind Swaminathan Global Co-Chair, Orrick
Doing business in the European Union is changing. By May 2018, companies must comply with the new General Data Protection Regulation’s (GDPR) data breach notification requirements and the Network and Information Security (NIS) Directive’s security incident notification requirements.
Notification requirements make it imperative to prevent incidents before they happen. To help you prepare for these new requirements, Palo Alto Networks is hosting a webinar with cybersecurity and data privacy lawyers from Orrick Herrington & Sutcliffe to discuss:
· What are the requirements and the deadlines under each law?
· What are the thresholds for notification, and who needs to be notified?
· How should companies prepare for their oncoming obligations? What strategies should be in place? What have other international companies done to prepare and communicate?
· What might be the legal consequences of non-compliance?
Gregory Albertyn, Sr Director Cybersecurity & Privacy at PwC, Simon Mullis, Global Technical Lead GSIs at Palo Alto Networks
Traditional approaches of detecting and remediating threats are becoming increasingly inadequate to effectively manage risk in today’s increasingly regulated, cyber threat landscape.
Join a live webinar and Q&A to learn how PwC and Palo Alto Networks have formed a strategic partnership to help more customers achieve cyber resilience.
The webinar will introduce
•The emerging regulatory landscape that is driving the need for organizations to redesign their incident response and data compliance programs
•A state-of-the-art security framework that serves as a guide for organizations to assess, develop, and implement a breach prevention security posture.
•Recommended security architectures, organizational structures, and computing processes that enable breach prevention.
•Live Q&A with cybersecurity experts from PwC and Palo Alto Networks, for practical insights and real world experiences.
Fred Streefland, Leaseweb Global and Dharminder Debisarun, Palo Alto Networks
The cynical would suggest that cyber insurance is growing as some look for a cheaper route to manage risk. However many see the cyber insurance industry as potentially the new enforcer of good security practices.
Palo Alto Networks customer Leaseweb is an organization that recently purchased cyber insurance. We invite you to join us on Thursday September 22 for an interview with Fred Streefland, IT Security Manager at Leaseweb Global. Palo Alto Network’s Dharminder Debisarun interviews him to learn more their decision to purchase cyberinsurance. You will hear what is generally covered and how it can be part of a prevention strategy. There will also be a chance to answer questions at the end of the session.
A cloud-based community-driven approach for advanced threat detection and prevention is paramount to successfully combatting attackers. The scale, speed of enhancements, community leverage, and automated prevention that WildFire provides is unparalleled. At the same time, some organizations are concerned about data privacy and protection when dealing with cloud-based threat analysis.
Palo Alto Networks is proud to introduce the WildFire EU cloud. Customers now have the option to submit unknown files and e-links to the WildFire EU cloud for analysis, where data is fully analyzed without ever leaving European borders. This is of particular interest to companies within the European Union and international organizations looking for localized clouds combined with the power of global cloud threat analytics.
At this valuable and information webinar we will explore how WildFire EU cloud helps you:
1. Address data privacy needs – Data analyzed by WildFire EU cloud remains within the boundaries of the EU. This alleviates data transfer concerns shared by some of our customers and addresses the needs of many international organizations.
2. Leverage global threat intelligence – WildFire EU cloud leverages access to the largest threat analysis tool in the World used by more than 10,000 customers as part of the Palo Alto Networks next generation security platform, providing complete prevention capabilities.
3. Take advantage of groundbreaking Threat Analytics and Correlation – Security teams can accelerate threat hunting, analytics and response efforts with globally correlated intelligence from the entire WildFire community, made directly accessible through the AutoFocus service.
While cloud apps offer many benefits over premises-based apps, data security and compliance remain challenges. Unmanaged devices, unauthorized access, and unsanctioned apps are all significant threats that increase the risk of data leakage. To mitigate these threats, IT leaders have turned to Cloud Access Security Brokers (CASBs) to protect data across apps.
In this webinar, we explore the core capabilities of CASBs, from contextual access controls to mobile data protection. We will also discuss real-world CASB deployments and how major organizations are leveraging these solutions to protect data end to end, from cloud to device.
Greg Day, Chief Security Officer EMEA at Palo Alto Network
Digital Transformation is the primary driver of business innovation for the rest of this decade. But security is in danger of being left behind, as mobile, big data and cloud solutions go mainstream. Security is often seen as the blocker to innovation, so businesses avoid talking to security professionals until it’s too late. A disregard for security exposes the business to risk at a time when data protection compliance regimes are tightening. This session shows how organizations can deploy next generation security approaches to accelerate digital transformation while increasing security and reducing risk.
Jonathan Armstrong: (Cordery Compliance), Florian Malecki; (Dell) & Luke Shutler (Absolute Software)
The webinar will enable you to hear from an independent Legal Specialists on the real challenges and impacts of the EU GDPR and then the webinar will demonstrate how Dell & Absolute can support your business in overcoming these challenges.
The webinar will focus on:
• Implement a seamless, connected security strategy that works across the organisation, from device to data centre to cloud
• Prove that a lost device is inoperable or has had its data completely wiped
• Gain visibility of data breaches and contain and eradicate threats
• Eliminate the blind spots between networks, identity and access management, data encryption, endpoint security and security managed services
• Enable security decisions based on intelligence that takes into account user, content, location and context
The majority of security breaches are due to attackers getting a hold of compromised credentials. Join this talk and learn the security risks associated with human errors, and how to minimize your organization's risk exposure.
This presentation will cover:
- Why it's crucial to train employees to recognize and defend against cyber threats
- What many training initiatives get wrong
- How you can leverage the science of learning to create engaging training that changes behavior
Paolo Passeri, Consulting Systems Engineer Security at OpenDNS
Ransomware has become a common and dramatic problem and the recent waves of attacks are demonstrating that new variants emerge each day in what seems an endless arms race where the attackers seem to prevail.
However, even if the attack vectors are increasingly complex, the attackers cannot conceal themselves as the infrastructures used to launch these campaigns, despite extremely volatile, exploit elements of the internet, such as IP and domains, that cannot be hidden.
Monitoring large scale data allows to identify these infrastructures, where attacks are staged, and to enforce a new predictive security model particularly effective against Ransomware.
Peter Smith, Regional Sales Manager - Europe & Russell McDermott, Sales Engineer, Netwrix
With a recent increase in high-profile security breaches and compliance violations, traditional security mechanisms, such as firewalls, IDS, and antivirus are no longer enough to defend against external attackers, and insider threats. By having increased visibility into internal changes, configurations, access events, and permissions across the IT infrastructure, organizations can far more effectively defend against such attacks.
So, please join our local auditing and compliance team from Netwrix, Pete Smith (Regional Sales Manager Europe) and Russell McDermott (Pre-Sales Engineer) and see how Netwrix Auditor can unlock the door into possible breaches in your IT environment.
From our brief session you will learn:
• How deeply security breaches and data leaks are really effecting organizations
• How to protect your data from the insider threats
• How to have “peace of mind”, and achieve complete visibility of your IT infrastructure
Dan McWhorter, Chief Intelligence Strategist at FireEye
Russia has a long history of utilising cyber actions to accomplish their information operations and national security goals. Organisations in Europe – in the private and public sector – are a top target of Russia-based cyber activity for espionage and crime. This talk will cover how some of Russia’s recent cyber actions were conducted, and it will highlight how well Russia has embraced the opportunities cyber provides when it comes to national security and foreign policy objectives. Dan McWhorter, Chief Intelligence Strategist at FireEye, will also discuss why organisations need to take note of these activities in Russia and steps to ensure your organisation is able to defend against these threats.
Sunil Choudrie, Global Solutions Marketing Manager
When it comes to your sensitive data, how can you be sure that it is protected and none of it is leaving your environment?
Organizations today face the following challenges:
•Identifying the type of data that needs to be protected
•Controlling access to data & ensuring identities aren’t exposed, especially in the face of significant regulatory fines
•Prevent sensitive data from leaving the organization, mega-breaches & data loss is increasing year on year. Over half a billion personal records were stolen or lost in 2015, spear phishing campaigns targeting company employees increased by 55% in 2015
Answer: Firstly allow the right people to access the right data, anywhere, by controlling access, monitoring its flow, and keeping it out of the wrong hands. Secondly Easily apply policies to control access and usage―in the cloud, on mobile devices, or on the network.
Join Symantec for a webinar on the lessons learned regarding data protection across the many applications in your environment.
The results of all the network penetration tests conducted by the First Base team over the past year have been analysed by Peter Wood. The annual review covers clients in a variety of sectors including banking, insurance and retail. This presentation identifies the most common vulnerabilities, how they can be exploited and the consequences for each business. Learn in detail how criminals can take advantage of these weaknesses and how you can secure your networks using straightforward techniques.
Leon Brown - Product Marketing, Symantec Website Security & Avishay Zawoznik - Security Researcher, Imperva Incapsula
After a brief introduction to the world of SEO, we will dive into the different types of web application attacks and manipulations that are made to either degrade your competitor’s ranking or raise your own.
Matt Webster, CTU Security Researcher, SecureWorks
SecureWorks® incident responders assist hundreds of organisations annually with the containment and remediation of threats during suspected security incidents.
Visibility of these incidents provides the SecureWorks Counter Threat Unit™ (CTU) research team with a unique view of emerging threats and developing trends. This Threat Intelligence is then continuously provided to clients, arming them with the information they need to stay one step ahead of adversaries trying to compromise their networks.
In this webcast Matt Webster, CTU Security Researcher, will discuss developments in the threat landscape observed through SecureWorks’ Incident Response engagements from April to June of 2016, including;
- Key developments of the APT threat
- Criminal cyber threat trends
- Developments in Ransomware
Matt will also discuss observations of how the affected organisations could have better prepared for the threats they encountered.
Social Engineering has been around for as long as the crooks have but in a modern online world, running a con game has never been easier. And that’s why we need to be savvy.
A social engineer can research you on Facebook and LinkedIn; read up about your company on its website; and then target you via email, instant messaging, online surveys…and even by phone, for that personal touch. Worse still, many of the aspects of a so-called “targeted attack” like this can be automated, and repeated on colleague after colleague until someone crumbles.
Greg Iddon will take you into the murky world of targeted attacks, and show you how to build defences that will prevent one well-meaning employee from giving away the keys to the castle.
Michael Suby, Vice President of Research at Frost & Sullivan
Unfortunately many organizations today are losing the race against the hacker community by a large margin. As noted in the Verizon 2016 Data Breach Investigation Report, the percent of compromises that transpired in “days or less” has risen from 67% to 84% over the last 10 years. Over this same time period, the percent of compromise discoveries that occurred in “days or less” also improved, but not enough to narrow the time gap between compromise and discovery. In other words, the bad guys are accelerating their exploits faster than the good guys are accelerating their ability to discover.
The path to narrowing the time gap between compromise and discovery, and then neutralising business-impacting incidents, is through a comprehensive and mission-oriented Security Information and Event Management (SIEM). A well-designed SIEM not only advances security objectives, but it also works to direct personnel and process for maximum impact. With limited resources and a rising number of attacks, not all solutions are created equal. You need to ensure they are getting the best bang for your buck.
In this webinar, Michael Suby, vice president of research at the global research and consulting organization Frost & Sullivan, will discuss the factors that contribute to SIEM’s total cost of ownership.
• How to calculate the total cost of ownership of a SIEM
• The basic functionality that every SIEM should have to confidently breeze through preliminary activities
• The SIEM attributes that will have a lasting impact on your organization’s cost efficiency in effectively managing risk
Join us to learn the features that should be on the top of your scorecard when evaluating a SIEM for either first-time deployment or replacement.
Your Resource for Information Security Trends & Education
With over 280,000 members, the Information Security Community is the largest community of cybersecurity professionals in the industry. Let's build a network that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, marketing ... or using information security solutions - this group is for you. Covered topics include compliance, encryption, anti-virus, malware, cloud security, data protection, hacking, network security, virtualization, and more.
Today’s new generation of mobile-centric users and the sheer number of authentications due to mobility is driving the need for better visibility into who and what is on the network.
Join Neela Sambandam, ClearPass Product Manager, to learn how the Insight reporting package within the ClearPass solution gives you:
•Unsurpassed views into the users, devices and connections on your network
•An easy-to-use dashboard and analytics engine
•Triggered alerts based on pre-defined metrics
•Improved reporting with pre-configured templates
Learn how ClearPass Insights can improve network performance and user experience, as well as about future enhancements.
Enterprises, both large and small, all have vulnerability management solutions. However, security teams are overwhelmed by the mountain of vulnerabilities uncovered by these solutions. Once they determine which endpoints, systems and applications are vulnerable to an attack, they do not know which steps to take next and in what order. As a result, they spend countless hours manually determining who owns the vulnerable asset, the value of that asset, if it was compromised and if there is an active threat to that asset.
Join us for a live webinar on Wednesday, August 31, 2016 at 10am PT as Humphrey Christian, Vice President, Product Management, Bay Dynamics, discusses why organizations and business stakeholders, need an asset-centric approach to provide a fully integrated view of threats, vulnerabilities, asset value and business context. He will also give a live demonstration of the Bay Dynamics Risk Fabric cyber risk platform and provide examples of how our customers have used it to build asset-centric risk management programs that allow security teams, line-of-business leaders, C-level executives and boards of directors to determine which threats and associated vulnerabilities could lead to a compromise of their most valued assets and what steps need to be taken in order to reduce that risk.
Register for the live webinar to learn more about:
• Understanding your Assets at Risk by protecting your high value assets that can be exploited by threats and vulnerabilities
• Why it is important to take an asset-centric approach to effectively manage cyber risk
• How Risk Fabric cyber risk analytics platform servers as a centerpiece for this asset-centric approach through a live demonstration
Public cloud apps like Office 365 are being widely adopted in every major industry, with security & compliance at the top of the list of concerns. In this webinar, Greg Schaffer, CISO at FirstBank and Rich Campagna, VP of Products at Bitglass, will provide practical cloud security advice that you can apply immediately in your organization. Focusing on O365 but offering a broad view, Greg and Rich will cover top concerns, mitigating controls and will give examples of how your peers have responded to the cloud security challenge.
By 2020, Gartner predicts 60% of digital businesses will suffer major service failures due to the inability of the IT security team to manage digital risk in new technology and use cases. With Target, Apple, Nissan, and Twitter all making the news recently for their security failures, CIOs and CISOs are under tremendous pressure to keep the business secure -- without slowing the business down.
In this session, Uri Sarid, MuleSoft CTO and Kevin Paige, MuleSoft Head of Security, discuss the application networks and an emerging approach that CIOs and CISOs are driving together to deliver both security and business agility.
Attendees will learn:
– How to deal with security no longer resting in the hands of the security team due to shadow IT and other factors
– How a well-defined API strategy can reduce risk
– How application networks have emerged as an approach to deliver security and agility
– How CISOs can drive agility and promote security by shifting mindsets
If you’re an IT professional, you probably know at least the basics of ransomware. Instead of using malware or an exploit to exfiltrate PII from an enterprise, bad actors instead find valuable data and encrypt it. Unless you happen to have an NSA-caliber data center at your disposal to break the encryption, you must pay your attacker in cold, hard bitcoins—or else wave goodbye to your PII.
Those assumptions aren’t wrong, but they also don’t tell the whole picture. Hear from Jeremiah Grossman, SentinelOne’s Chief of Security Strategy and a 20-year cybersecurity veteran, in this on-demand webinar that will explore the foundations of ransomware, and why you truly need to worry.
Regulatory compliance is one of the biggest immediate challenges affecting the financial services industry today. Many market participants are unsure how to meet constantly evolving reporting requirements or how to move to an open API framework in a secure and compliant way.
This month’s webinar will feature information from our 2016 mid-year security roundup report where we detail out the latest trends within the threat landscape affecting the world. From Ransomware and Business Email Compromise to Data Breaches we’ll cover the most important threats that are targeting our customers and businesses. We will also cover the threat statistics we gather from our Trend Micro™ Smart Protection Network™ and the top threats observed.
Tune in for the latest in our Ask the Experts Series! This session is all-about-Azure: cloud computing and PaaS for the enterprise. During this session we will show you how and why to use the benefit/credit that comes with your Visual Studio Subscription.
In this webcast, you will learn:
- About other available Azure programs
- Application development tests on Azure
- What other customers are doing on Azure and how it is paying large dividends