This Cloud is a Smoke Screen

Dave Chronister, Managing Partner of Parameter Security
The cloud is the big thing these days. In the security world, we are concern about possible security issues, but what real world issues are we most likely to face? Parameter Security’s managing Partner Dave Chronister will discuss real world issues he has encountered over the past year. He will also discuss a 0-Day exploit that his firm discovered in a production environment which allowed them to lock out all users and gain access to all systems housed in the cloud. Dave will discuss security issues you should consider while performing due diligence on your cloud-based solutions.
Jun 11 2012
51 mins
This Cloud is a Smoke Screen
More from this community:

IT Security

  • Live and recorded (5246)
  • Upcoming (134)
  • Date
  • Rating
  • Views
  • This webinar will outline methods of deploying Fortinet Sandbox solution as a hardware inclusive service and creating a compelling offering that will help build value in your portfolio and lead to high margin revenue. We will discuss the reasons for the renewed demand for Sandboxing, the deliverables of FortiSandbox, compare it to competitive solutions and discuss sizing, productizing and pricing models.
  • Most IT providers have offers related to big data, cloud, mobility and security, and companies are looking at IT as the way to reduce costs and be competitive during an economic crisis. Investments in IT trends such as cloud computing and big data will rise thanks to a new player in the game: the business departments. This analyst briefing will show why companies are investing in IT, and what will change in 2015.

    Why you should attend:

    - Discover how many companies will adopt big data, cloud, mobility and security in 2015
    - Understand the current scenario of these trends in Latin America
    - Learn what will be different in 2015 regarding each trend
  • Providing a seamless user experience from browsing to purchase requires consistent uptime and performance, and seasonal traffic spikes require elastic scalability. In this webinar, we'll explore these and other big data challenges faced by e-commerce businesses and how the cloud can provide a winning solution. We’ll review mobile shops login data analysis, dynamic content, affiliate programs, infrastructure reference architecture, mobile plate- form integration with social media, and network integration and built-in instant messaging uses cases.
  • For any developer, choosing the right compute infrastructure and back-end database is a critically important decision. In this webinar, we'll explore specific challenges that mobile app and game developers face and how the cloud can provide a winning solution. We’ll also explore cloud solutions for big data challenges for MMOG, built-in analytics, online and offline MOG online modes, infrastructure reference architecture, and social network and cross-platform game use cases.
  • The risks and opportunities which digital technologies, devices and media bring us are manifest. Cyber risk is never a matter purely for the IT team, although they clearly play a vital role. An organisation's risk management function need a thorough understanding of the constantly evolving risks as well as the practical tools and techniques available to address them
  • Who has earned the bragging rights as the most secure college athletic conference?

    Colleges have rivals both on the football field and in the classrooms, but how do they fare in security performance? Watch this webinar featuring Stephen Boyer, CTO and Co-Founder of BitSight Technologies, and Rebecca Sandlin, CIO of Roanoke College, to learn how the major athletic conferences compared in key security performance metrics. There is also a discussion about why security benchmarking is so significant in education.

    Watch this webinar to discover:

    - The unique challenges higher education faces in securing their networks and how benchmarking can help
    - Why performance varies across the industry, and how that translates into actionable intelligence for security teams
    - How Security Ratings are enabling Roanoke College to gain tremendous insights about security strategy and performance issues that they can share with their board.
  • Who has earned the bragging rights as the most secure college athletic conference?

    Colleges have rivals both on the football field and in the classrooms, but how do they fare in security performance? Watch this webinar featuring Stephen Boyer, CTO and Co-Founder of BitSight Technologies, and Rebecca Sandlin, CIO of Roanoke College, to learn how the major athletic conferences compared in key security performance metrics. There is also a discussion about why security benchmarking is so significant in education.

    Watch this webinar to discover:

    - The unique challenges higher education faces in securing their networks and how benchmarking can help
    - Why performance varies across the industry, and how that translates into actionable intelligence for security teams
    - How Security Ratings are enabling Roanoke College to gain tremendous insights about security strategy and performance issues that they can share with their board.
  • Today’s threat actors are more sophisticated than ever, and organizations need live attack intelligence that alerts them to emerging threats long before they become full-blown attacks that lead to sensitive data loss. Furthermore, organizations need the most current threat data available in order to protect their networks from incursions – they need real-time actionable intelligence.

    Join us for the upcoming webinar, “Actionable Intelligence: A Threat Intelligence Buyer’s Guide” featuring Rick Holland, Principal Analyst at Forrester Research, and Jeff Harrell, Senior Director, Product Marketing at Norse, to learn how to evaluate the various threat intelligence offerings in the marketplace, and how to utilize them to prevent today’s advanced attacks.

    In this webinar you will learn about:
    * The criteria needed to effectively evaluate threat intelligence solutions that meet your organization's needs
    * The value of the different types and sources of internal and external threat intelligence
    * How best to utilize threat intelligence to realize a greater return on security investments and better protect your organization
  • Today’s threat actors are more sophisticated than ever, and organizations need live attack intelligence that alerts them to emerging threats long before they become full-blown attacks that lead to sensitive data loss. Furthermore, organizations need the most current threat data available in order to protect their networks from incursions – they need real-time actionable intelligence.

    Join us for the upcoming webinar, “Actionable Intelligence: A Threat Intelligence Buyer’s Guide” featuring Rick Holland, Principal Analyst at Forrester Research, and Jeff Harrell, Senior Director, Product Marketing at Norse, to learn how to evaluate the various threat intelligence offerings in the marketplace, and how to utilize them to prevent today’s advanced attacks.

    In this webinar you will learn about:
    * The criteria needed to effectively evaluate threat intelligence solutions that meet your organization's needs
    * The value of the different types and sources of internal and external threat intelligence
    * How best to utilize threat intelligence to realize a greater return on security investments and better protect your organization
  • Social engineering targets our most challenging assets - people! We'll share a case study on how a regulated, mid-sized company prioritized risks, developed a mitigation strategy, and delivered an innovative awareness campaign.

    What's unique about this example is the program we helped build to incorporate active control testing, user feedback, and metrics to improve employee training alongside traditional technical controls.
  • Channel
  • Channel profile
  • Securing Office 365 Mar 11 2015 5:00 pm UTC 45 mins
    As much as Silicon Valley startup execs love to portray Microsoft as a dinosaur, the fact is that Office 365 adoption is accelerating in the enterprise. Office 365 offers a promising compromise for enterprises deciding, “to cloud or not to cloud": Bring cloud-based productivity tools under the company’s security umbrella so that people can work the way they want to, without sending sensitive company data astray. The idea that you can simply shift responsibility for your company’s data security to Microsoft, however, couldn’t be further from the truth. You can achieve Office 365 data security... but only through a partnership that involves, at its core, a comprehensive in-house security plan, together with Office 365’s built-in security functionality.

    In this webinar, Rich Campagna, VP Products at Bitglass, and Chris Hines, Product Marketing Manager, will help you understand where Microsoft’s security responsibility ends, and where yours begins, highlighting key gaps to keep in mind as you make the move to Office 365, and how to solve them.
  • Get Complete IT Compliance: Reduce Risk and Cost Mar 10 2015 3:00 pm UTC 60 mins
    Reacting to threats and remediating breaches can’t wait. Your compliance plan may be in place – but can you execute fast?

    Join BMC Software and Qualys to see how to get complete IT compliance and reduce the risk and cost in your organization. In this webinar, you will learn to:

    ·Easily detect security issues with new automated, online technology
    ·Quickly analyze operational dependencies and the potential impact of proposed fixes
    ·Enforce governance policies and change approval requirements
    ·Execute validated remediation actions rapidly
    ·Document actions and results in real time


    Plus, learn how to improve communications between security and operations to ensure a speedy resolution to compliance issues.
  • Avoiding the Headlines: 5 Critical Security Practices to Implement Now Mar 5 2015 6:00 pm UTC 45 mins
    2014 could have easily been called, “The year of the biggest security breaches since the beginning of forever.” But given current security practices and technologies, many of the breaches could have been prevented. So why weren’t they?

    Many of the affected companies fell into a very common trap, thinking that if a company goes to the trouble to be legally compliant then it will be effectively “secure.” Unfortunately, as with many kinds of regulations, legal compliance really represents the absolute least amount of effort required. If companies want to give themselves the best chance to avoid the very severe consequences that come with a major breach, there are five practices they need to put in place now.

    Join Adrian Sanabria, Senior Security Analyst at 451 Research, and Amrit Williams, CTO of CloudPassage, on this webinar to learn
    · Possible gaps left by the compliance-first approach to security
    · How to limit vulnerabilities across traditional, virtual and cloud infrastructures
    · Five best practices to avoid a major security breach in 2015
  • The coming Cyber-Storm and The Internet of Things Mar 5 2015 5:00 pm UTC 45 mins
    The Internet of Things (the new buzzword for the tech industry) is increasing the connectedness of people and things on a scale that was once beyond imagination. Connected devices outnumber the world's population by 1.5 to 1.It is expected to eventually touch some 200 billion cars, appliances, machinery and devices globally, handling things like remote operation, monitoring and interaction among Internet-connected products.

    In combination with the fact that there are almost as many cell-phone subscriptions (6.8 billion) as there are people on this earth (seven billion), we have all the ingredients for a Perfect Cyber Storm.

    Join me for an informal discussion of the challenges for our profession, and some possible solutions.
  • The One-Man SOC: Habits of Highly Effective Security Practitioners Mar 5 2015 5:00 pm UTC 60 mins
    Do you feel alone? No resources? No help? If you are like many security practitioners faced with a mountain of tasks each day and a small (or non-existent) team to help, prioritization and efficiency are key. Join Joe Schreiber, Solutions Architect for AlienVault for this practical session outlining habits to get the most out of your limited resources.

    In this session, you'll learn how to develop routines to efficiently manage your environment, avoid time-sucks, and determine what you can do by yourself and where you need help.

    In this practical session, Joe will cover:
    - How to work around the limitations of a small (or one person) team
    - Tips for establishing a daily routine
    - Strategies to effectively prioritize daily tasks
    - Benefits of threat intelligence sharing
    - Critical investigation & response steps when the inevitable incident occurs
  • Endpoint Security Just Got Simpler Mar 4 2015 6:00 pm UTC 60 mins
    From unobtrusive advanced malware detection technologies to automated threat response and actionable mobile-friendly dashboard – manage security from any device, any time, ESET will present new solutions for securing your endpoints and new ways to manage them.
  • Maintaining Security in a Mobile World Mar 4 2015 6:00 pm UTC 45 mins
    The game has changed. Due to cost savings, and the privacy and mobility needs of employees, in just a few short years companies have loosened the mobile device leash. Enterprises are now shifting from traditional “company owned” devices, to allowing “Bring Your Own Device” in the workplace. According to Gartner, by 2017 fifty percent of companies will actually force employee to bring their own device to work.

    But if you’re tasked with securing devices, how do you accommodate BYOD? Where do you start and what kinds of security solutions should you be looking for?

    In this webinar, Chris Hines, Product Manager at Bitglass will teach you how to balance the needs of IT admins and employees when it comes to securing your mobile world.
  • The Profitable MSSP Series –Sandbox-as-a-Service for MSSPs Recorded: Mar 3 2015 49 mins
    This webinar will outline methods of deploying Fortinet Sandbox solution as a hardware inclusive service and creating a compelling offering that will help build value in your portfolio and lead to high margin revenue. We will discuss the reasons for the renewed demand for Sandboxing, the deliverables of FortiSandbox, compare it to competitive solutions and discuss sizing, productizing and pricing models.
  • Security Rivals? The Value of Measuring & Comparing Network Security Performance Recorded: Feb 27 2015 50 mins
    Who has earned the bragging rights as the most secure college athletic conference?

    Colleges have rivals both on the football field and in the classrooms, but how do they fare in security performance? Watch this webinar featuring Stephen Boyer, CTO and Co-Founder of BitSight Technologies, and Rebecca Sandlin, CIO of Roanoke College, to learn how the major athletic conferences compared in key security performance metrics. There is also a discussion about why security benchmarking is so significant in education.

    Watch this webinar to discover:

    - The unique challenges higher education faces in securing their networks and how benchmarking can help
    - Why performance varies across the industry, and how that translates into actionable intelligence for security teams
    - How Security Ratings are enabling Roanoke College to gain tremendous insights about security strategy and performance issues that they can share with their board.
  • Actionable Intelligence: A Threat Intelligence Buyer’s Guide Recorded: Feb 26 2015 48 mins
    Today’s threat actors are more sophisticated than ever, and organizations need live attack intelligence that alerts them to emerging threats long before they become full-blown attacks that lead to sensitive data loss. Furthermore, organizations need the most current threat data available in order to protect their networks from incursions – they need real-time actionable intelligence.

    Join us for the upcoming webinar, “Actionable Intelligence: A Threat Intelligence Buyer’s Guide” featuring Rick Holland, Principal Analyst at Forrester Research, and Jeff Harrell, Senior Director, Product Marketing at Norse, to learn how to evaluate the various threat intelligence offerings in the marketplace, and how to utilize them to prevent today’s advanced attacks.

    In this webinar you will learn about:
    * The criteria needed to effectively evaluate threat intelligence solutions that meet your organization's needs
    * The value of the different types and sources of internal and external threat intelligence
    * How best to utilize threat intelligence to realize a greater return on security investments and better protect your organization
  • Assessing Risks & Solutions for Social Engineering Recorded: Feb 26 2015 32 mins
    Social engineering targets our most challenging assets - people! We'll share a case study on how a regulated, mid-sized company prioritized risks, developed a mitigation strategy, and delivered an innovative awareness campaign.

    What's unique about this example is the program we helped build to incorporate active control testing, user feedback, and metrics to improve employee training alongside traditional technical controls.
  • Attack Intelligence: The More You Know, The Less Damage They Can Do Recorded: Feb 26 2015 48 mins
    Attack Intelligence to Power Tomorrow’s Cyber Response.

    Preparing to combat every threat and vulnerability is a war that no cybersecurity professional can win today. Speed, accuracy and visibility of threats and active attacks is critical to defending against APTs and other sophisticated attacks responsible for today’s headline-grabbing data breaches. The next generation of advanced threat prevention solutions will require a significant shift in how we incorporate threat and attack visibility into everyday security operations, enabling incident responders to identify and stop campaigns as they happen.

    Join us as IDC’s Research Vice President for Security Products Services Charles Kolodgy shares his view of the threat landscape, including how threats are evolving, how cybercriminals are becoming more sophisticated and what new solutions are necessary to combat APTs.
  • Six Steps To a High-Performing IT Department Recorded: Feb 26 2015 53 mins
    What sets high-functioning IT organizations apart from the rest? That’s something every IT leader wants to know. After all, we live in a highly competitive business climate and IT performance can be the difference between success and failure. To conquer the challenge, we need to be informed and collaborative and we need to do this in a cost-effective manner.

    In this webcast, you will hear from two experts on some of the technology that’s driving today’s high-functioning IT organizations. Find out how your company can be aligned, agile and ready to respond to ever-changing business requirements and competitive pressures.
  • Applied Security Analytics Recorded: Feb 26 2015 45 mins
    Many organizations are looking at using big data to detect more advanced adversaries. We are collecting more information than ever before, but what are we doing with it? In this talk, we will look at some ways you can use data science and visualization tools to get more out of the data you collect. Visualizations will let you see what is happening at a high level: A picture is worth a thousand log entries. There are data science techniques that other industries, such as advertising, have used successfully. We can apply these techniques to find patterns of behavior that are out of the ordinary, and ultimately catch more bad guys.
  • Continuous Third Party Monitoring Powers Business Objectives Recorded: Feb 26 2015 48 mins
    While many companies focus their effort on reducing cybersecurity risk, more threats are being discovered daily. Point-in-time, subjective questionnaires are not in line with the new regulations requiring continuous monitoring of vendors, partners and other third parties.

    In “Continuous Third Party Monitoring Powers Business Objectives,” BitSight CTO and Co-founder Stephen Boyer and guest speaker, Forrester Research Senior Analyst Renee Murphy will discuss the value businesses are finding in using a solution that has a constant eye on third party cyber threats.

    Boyer and Murphy will also discuss:

    - The results of the study BitSight commissioned Forrester Consulting to undertake, examining how IT decision-makers feel about objective, reliable and continuous monitoring.
    - What can be done beyond compliance to increase security performance.
    - Which industries stand to benefit most from using automated, objective information security data.
    - Specific use cases for continuous monitoring and how they help companies improve information security performance.
  • Key Research Findings: How to Optimize Business Processes Recorded: Feb 26 2015 53 mins
    Based on recent research by analyst Bob Larrivee of AIIM, this webinar will address how organizations can leverage technology to identify, evaluate and optimize business processes to increase operational efficiency.

    Join us as we explore:
    - Drivers for problem-solving, tracking KPIs, process failures and workflow management
    - How technology can reduce errors and exceptions that lead to lost business and non-compliance
    - Increasing visibility to optimize processes, reduce costs and deliver a superior customer experience
  • Cost-effective Disaster Recovery Without a DR Site Recorded: Feb 25 2015 58 mins
    Achieving cost-effective disaster recovery (DR) services without a physical DR site — or having to extend your DR footprint — is possible. In this live webcast with Microsoft, see how you can use AppAssure software in combination with Microsoft® Azure® and disaster recovery as a service (DRaaS) from Dell partner, eFolder.

    The first half of the webcast will showcase how you can store AppAssure backup archives directly on Azure and perform item-level recovery from the archive without having to download the archive from the cloud. Then we’ll showcase ways to replicate AppAssure backup images to the eFolder® Storage Cloud® and enable multiple disaster recovery options.

    Join our webcast partnered with Microsoft® and see how easy it is to:
    • Manage the growth of your backup archives
    • Establish cost-effective disaster recovery without a DR site
    • Avoid extending your DR footprint

    What you will learn:
    • How to leverage Azure to directly store AppAssure backup archives
    • How to perform item-level recovery from the archive without downloading the archive from the cloud
    • How to replicate AppAssure backup images to the eFolder Storage Cloud
    • How to enable multiple disaster recovery options, including image download, overnight drive shipment or recovery in the eFolder® Continuity Cloud®
  • When Prevention Fails... Recorded: Feb 25 2015 13 mins
    When prevention fails, your only hope is detection. Security defense plans are relying on detection and response knowing preventive defenses are declining in effectiveness. The balance between preventive and detective defenses is the big security shift for 2015, and knowing the process cycles, skills and technologies is vital for success. Detection and response is more than a point solution, learn the four phases for detection on your network in this webcast.

    - Four detection phases for your network
    - Integrating key technologies required for detection
    - Processes to mine big data for actionable intelligence
    - Detection skills sets, costs and resource requirements
    - Analyzing all the data all the time, options for success
  • Protect Your Network From Today's Advanced Attack Methods Recorded: Feb 25 2015 42 mins
    Attackers have been employing a few very popular attack methods recently in their quest for profit: spear phishing, malvertising, ransomware, to name a few. Learn about these methods and others through real examples, and the tactics you can employ to reduce your risk and protect your network from advanced threats like these.
  • Clear and Present Danger Recorded: Feb 25 2015 50 mins
    Criminal activity is being reported before our eyes in the news and it could be infiltrating your organization -threatening your brands trust and even your job.

    There is clear and present danger - whether you know it or not.

    Hear from Kevin Kennedy, VP of Product at Agari, as he examines a real life phishing attack, what impact it had on the person and company who was phished, and what strategies CISOs need to know in order to protect their own organization.
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: This Cloud is a Smoke Screen
  • Live at: Jun 11 2012 8:00 pm
  • Presented by: Dave Chronister, Managing Partner of Parameter Security
  • From:
Your email has been sent.
or close
You must be logged in to email this