The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.
New research from CyberEdge’s 2018 Cyberthreat Defense Report shows that in spite of increasing their security budgets, companies are finding that there is too much data even for new tools to analyze, not enough skilled IT security professionals and little confidence in current investments. Sign up for this webinar to gain key insights into the cyberthreat landscape and how to protect your organization.
Attendees will learn how to:
- Deal with cyberthreat headaches such as increased breaches, vulnerabilities and encrypted traffic.
- Reduce incident response and remediation time with automation.
- Find products that use automation to minimize their dependency on skilled security personnel.
Now in its fifth year, this report provides a comprehensive review of the perceptions of 1,200 IT security professionals representing 17 countries and 19 industries. Register now to learn how your colleagues plan to defend against cyberthreats!
The Equifax data breach, Cambridge Analytics and GDPR are all recent examples of the risks which today’s organisations face around the personal information they store. Come for a journey as we explore how Micro Focus can help you discover, secure, pseudonymize and control personally identifiable information within your organisation using the SCM suite. Learn how Structured Data Manager can target structured data, ControlPoint can target unstructured data, and Content Manager can secure both.
How do you manage the explosive growth and diversity of devices connecting to your network? How do you handle those devices when the vast majority are IoT devices and operational technologies (OT), most of which cannot be managed via traditional agent-based security systems? Accurate device visibility is paramount for solving security use cases such as network access control, device compliance, asset management, network segmentation and incident response.
Join us to learn how the ForeScout platform solves the device visibility problem across the extended enterprise. Get insight into the new capabilities of CounterACT 8, including:
• Passive-only discovery and profiling in sensitive OT and industrial network zones without requiring agents
• Support for cloud-based network management systems
• A customizable web dashboard for device intelligence across campus, data center, cloud and OT networks
Thousands of Pulse administrators are using the new Pulse Secure Appliance (PSA) to solve the latest access challenges for the data center, cloud and mobile. The new PSA delivers the same reliability and best-of-breed security that you know and love from your SA or IC appliance, but with greater operational scale, deployment flexibility and use case support.
With hundreds of different requirements, the various Payment Card Industry (PCI) standards can be overwhelming. While the PCI Security Standards Council has provided lots of answers, the devil is often in the details. Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.
Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jeff Hall for an interactive Q&A session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.
- Ben Rothke, Principal Security Consultant at Nettitude
- David Mundhenk, Senior Security Consultant at Herjavec Group
- Jeff Hall, Principal Security Consultant at Optiv Security
- Arthur Cooper "Coop", Senior Security Consultant at NuArx
It’s not everyday you get the inside story on how a group of cybersecurity researchers stumbled upon an APT, an advanced persistent threat, when they were examining the intelligence data from their security kit.
It appeared harmless and boring but of advanced attributes. But Fleming Shi and Jonathan Tanner suspected something was amiss.
Facilitated by Amar Singh, practising CISO, on this exclusive webinar as he unpicks what Fleming and Jonathan did next. Their curiosity got the better of them and they set about tinkering to discover the true intentions of this benign malware.
Risk management in the age of DevOps and public clouds requires organizations to automate real-time visibility and tracking of their SSL certificate deployments. However, doing this is a challenge amidst the scale, speed and elasticity of assets and certificates in today's enterprise.
Learn how Qualys CertView helps customers extend DevSecOps to prevent downtime and disruption, audit and compliance failures, and mitigate risks associated with expired or weak certificates and vulnerable TLS configurations.
Real-time change detection has become a critical element of maintaining operational hygiene across rapidly changing assets typical of DevOps infrastructure.
This talk will introduce how Qualys File Integrity Monitoring identifies and tracks change incidents across global IT environments. Learn how customers are using FIM to efficiently correlate events, quickly identify and filter out noise, and track review of incidents to meet compliance requirements."
The need to test web applications and APIs for vulnerabilities in an automated fashion is greater than ever. Testing resources are scarce and new code is being written at breakneck speed while the business wants it deployed to production immediately.
Learn about new tools and capabilities in Qualys Web Application Scanning (WAS) that are being introduced to help you integrate application security testing into this fast-paced, DevOps environment.
Containers are changing the IT landscape, empowering developers and operations with agility and scale that match the speed of business. Security teams must adapt to this transformation with new tailored methods to prevent threats and vulnerabilities in the Container environment.
Learn how, with Qualys Container Security, you can gain total visibility and incorporate security into the DevOps cycle to harden and remove vulnerabilities before a container environment is operational.
Understand how to secure the build environments using Jenkins vulnerability analysis plug-ins, and track runtime to identify containers not conforming to the immutable behavior.
While the crowdsourced security economy is growing across all industries, many still wonder if bug bounties and vulnerability disclosure programs put white hat hackers at legal risk rather than authorizing access and creating legal safe harbors. Who dictates the rules of the crowdsourced security economy? Who safeguards the legal interests of the individual hacker, the Crowd?
Join Amit Elazari, doctoral law candidate, CLTC Grantee, UC Berkeley School of Law, and Casey Ellis, founder and CTO of Bugcrowd, on Thursday, June 14 at 1 p.m. PST (4 p.m. EST) for a live video discussion on:
- Minimizing legal risks of hackers participating in crowdsourced security
- What can be done to foster safe harbor adoption in bug bounties
- The importance of standardizing legal terms, in light of the recent DOJ framework
Qualys provides comprehensive security coverage across workloads and resources in your public clouds. This session covers information on the available solution, deployment methodology and new features being released.
Also, learn from three case studies from customers, including Capital One, on how you can automate securing DevOps for your public cloud workloads.
Qualys introduces CloudView, a new app that helps security teams gain visibility of complete public cloud infrastructure and continuously monitor and secure it against misconfigurations, malicious behavior, and non-standard deployments.
IoT devices are increasingly connected to conventional IT infrastructures, to improve operational efficiencies and ease of remote management. IT leaders are now responsible for connecting doctors, nurses, patients, and medical devices, or enabling financial advisors on the road, to deliver services to their clients. From enabling services via remote mobile devices, to managing IP-connected cameras on-premises at the same time, running this new converged IT ecosystem, that includes Operational Technology (OT), can be a daunting task. Especially when your attack surface has now dramatically expanded.
According to Verizon's 2017 Data Breach Investigations Report, a total of 51% of data breaches affected either financial services businesses (24%), healthcare organizations (15%), or public sector entities (12%). With the rise in data breaches in these industries, and the responsibility to manage this connected ecosystem, how do you protect your business from attacks targeting connected devices? Furthermore, how do you do this without the budget to build and staff a full-fledged Security Operations Center (SOC)?
Join us to discover:
- The top 5 best practices you can adopt to improve your overall security posture
- How you can equip your business with the security capabilities of a large enterprise at a fraction of their costs
This talk focuses on how to use Qualys Asset Inventory to enable instant, global visibility of IT assets across all environments – with comprehensive, up-to-date and normalized inventory.
Attendees will learn how Asset Inventory provides a cohesive structure with automatic classification of technology, powered by our continuously curated product catalog. Qualys customers can now rationalize hardware and software to make strategic decisions across IT and Security.
The scalable and centrally managed Qualys Sensors provide a wide range of asset data collection capabilities, including agentless, agent based and the latest addition, passive discovery.
Weak practices around protecting SSH keys expose businesses to costly risk, impacting the most sensitive systems and data. Then incomplete auditing practices allow that risk to go unaddressed.
SSH keys are often used for routine administrative tasks by system administrators, and privileged access management (PAM) systems ensure proper oversight. However, SSH keys are also used for secure machine-to-machine automation of critical business functions. PAM solutions don’t help secure these machine identities, and most audit programs overlook this important risk.
This session discusses the common mistakes that almost all enterprises make around security, policy and auditing practices when managing SSH keys, including current survey results.
Email Fraud is one of the oldest yet most successful threats against your organisations. Proofpoint Email Fraud Defense (EFD) can help you protect your organisation and your customers, leveraging the power of email authentication.
Join this product demo to discover how you can protect your organisation and people by leveraging the power of EFD.
•Block malicious emails spoofing your domains before they reach your employees and customers
•Monitor all emails (inbound and outbound) from your domains and those of third parties
•Accurately distinguish between legitimate emails and fraudulent emails
GDPR is an EU regulation that comes into effect on the 25th of May 2018.
GDPR is designed to uphold the rights of the individual in terms of how their personal data is handled, stored and secured.
It also places greater responsibility on businesses to observe data security and related processes and practices.
Kaspersky Lab solutions help companies process personal data by offering effective measures to reduce the risks of a data breach, prevent security incidents and enhance visibility of the monitored infrastructure.
During the webinar, we’ll look at the following topics:
•What GDPR is - and isn’t - when it comes to cybersecurity.
•How cybersecurity fits into GDPR-aligned processes.
•The endpoint: a good starting point for the cybersecurity aspect of a data protection strategy.
•The role of storage and the impact of storage security.
•Guarding the bottlenecks: perimeter defenses to reduce the risks of human influence.
•Why data in the cloud requires special security.
•Forewarned is forearmed: the importance of cybersecurity essentials training.
•Understanding the risks: get more from your Data Protection Impact Assessments.
•Kaspersky Lab’s GDPR readiness.
Inline security tools operate by actively preventing threats in your network, but deploying and optimising these tools presents several challenges to both network and security engineers. The downsides can include a potential point of failure, degradation of network and application performance, difficulty to scale and upgrade.
The use of a next-generation packet broker and its inline bypass functionality can mitigate these challenges.
Join Gigamon and (ISC)² EMEA in this webinar where we aim to examine how inline bypass can overcome physical deployment obstacles, maximise network availability, increase the scale of inspection and reduce the impact to network performance.
GDPR is live. Whether you are deep into your compliance initiatives or playing catchup, you should know how your SIEM plays a key role in supporting your compliance efforts.
Join LogRhythm’s compliance experts to learn how we, as a cyber-security vendor, are not only working through our own compliance needs, but also finding ways to make it easier to achieve compliance.
•How GDPR is playing out in the real world
•What LogRhythm is doing for our own GDPR compliance
•How to leverage LogRhythm’s experience and GDPR Compliance Module to simplify your own compliance efforts
Register today to see how other organisations are handling compliance with GDPR and learn how a SIEM solution like LogRhythm can streamline your compliance with the regulation.
Securing a portfolio of applications can be a practice in extremes. On one hand, you have a small team of security experts trying to help a multitude of developers, testers, and other engineers meet security requirements. At the same time, you have to support all the microservices that the Agile and DevOps teams are building and pushing to production anywhere from once a month to several times a day. Even if you have a fully staffed security team, there still are not enough experts in this area to go around, which means creating a guild of Security Champions is more important than ever.
Join Ryan O’Boyle, Manager of Product Security at CA Veracode and Ronda Kiser Oakes, Director DevOps Consulting at Perficient, who will examine the value of the Security Champion role within the development team. They will discuss which groups need to commit for the program to succeed, how to find good champions, and the benefits for all stakeholders. Based on lessons learned from building a successful Security Champion program over the past five years, you will come away with detail actionable steps to bootstrap, monitor, and maintain a customized program that fosters these champions in your organization and scales your security program.
Authentication and MFA is no longer a one-mode-fits-all experience. Customer-centric companies need flexible intelligence models and simple, consistent login journeys across channels—web, call center, mobile—without being forced to bolt MFA on top of usernames and passwords.
ForgeRock’s VP, Global Strategy and Innovation, Ben Goodman, and Trusona’s Chief Design Officer, Kevin Goldman, explain how ForgeRock combined with Trusona creates a broad range of multi-factor authentication modalities all with a consistent user experience, including primary MFA without usernames, passwords or typing whatsoever.
Bonus: Trusona will reveal findings from the first-ever passwordless MFA behavioral research.
Learn how to easily configure, measure, and adjust login journeys using digital signals including device, contextual, behavioral, user choice, and risk-based factors
Learn how Trusona’s range of identity authentication experiences dovetail with ForgeRock’s decision tree authentication approach
See behavioral research findings that show end-user preference for primary MFA over the comfort of the familiar username and password mode
*By registering for this webcast you agree ForgeRock will maintain and process your personal information for communicating with you. (https://www.forgerock.com/privacy-policy)
The following partner(s) of the the above webcast(s) will have access to the list of registrants, including your contact information.
Businesses across sectors are adopting a host of new technologies – containers, SDN, IoT and many others -- as digital transformation disrupts practically every industry. The result is a significantly more complex IT environment than ever before. These environments present new challenges for professionals tasked with ensuring applications perform perfectly, leading to a re-examination of a once widely accepted monitoring toolset.
Join as we discuss:
•Why monitoring has become a big data problem
•The morphing monitoring tools landscape
•The value network monitoring tools can bring to APM and security
With the extensive use of open source software in containers, it’s critical to prevent vulnerable software from being deployed into production. But even with protections in place, unknown and new vulnerabilities can be exploited during runtime, compromising sensitive data, revealing secrets, and damaging infrastructure.
In this webinar, Black Duck by Synopsys and NeuVector will explain:
- How to protect containers starting from the build
- How to develop container security policies and procedures around threats
- Best practices for deploying secure container
This is an expanded version of what was presented at the KubeCon Lightning Talk
An admission controller intercepts requests to the Kubernetes API server prior to persistence of the object. By applying proper admission controls in your Kubernetes cluster, it's possible to generate deployments that adhere to the least privilege model, limiting user and container activity based on their business usage needs.
In this session, we will review the latest and greatest Kubernetes 1.10 admission controller capabilities. We will demonstrate in a live demo a dynamic admission control webhook that can be customized to limit privileged user access.
You’ll walk away understanding how to make such standards easier to implement and methods for going beyond them to provide security worthy of critical applications in production.
(ISC)² is committed to delivering value to our members, providing a transparent view of the organization’s developments and plans for the future. To that end, please join (ISC)² for a virtual Town Hall meeting on June 19, 2018 at 1:00PM Eastern to review many of our new member benefits, service offerings and look at what is still to come in 2018, including enriching professional development opportunities, Security Congress and more. Members and non members alike will enjoy the opportunity to learn how (ISC)² is delivering on its value promise.
What’s your standard penetration testing getting you? Compliance and a vague summary report. What could you get with a crowdsourced penetration test from Synack?
- A crowd of top, trusted researchers
- Technology that optimizes for testing efficiency, control, and visibility
- Managed workflow processes
- Own the IP of all discovered vulnerabilities with none of the liability.
Stop settling for the ordinary...Try the Next-Gen. See how you can go beyond just compliance by joining our webinar. You will learn:
- The problems that traditional penetration testing haven’t addressed
- How Synack’s crowdsourced platform offers a better pen test and better customer experience
- Specific use cases for a Synack crowdsourced penetration test
According to ESG, 25 percent of organizations say maintaining strong and consistent security across their own data center and multiple public cloud environments with a centralized command-and-control a top CISO concern. So how do you do it?
Join Alaska Airlines Director of Network and Connectivity Solutions Brian Talbert, former Symantec CEO Enrique Salem and ShieldX VP of Products John Parker for a discussion on best practices for secure cloud migration. This panel will discuss:
- How security can help your company adopt a cloud first strategy
- Key threats security teams should expect.
- Why micro-segmentation becomes a critical control when your perimeter defenses are defeated
- How to gain visibility into your data center and cloud environments
- Overcoming common objections encountered during migration
With the growing IT security skills shortage, many enterprises simply do not have the staff they need to handle new projects or ongoing threats. In addition, many businesses are increasingly relying on network and cloud service providers, taking key security functions out of their hands. How can enterprise security teams work with third-party contractors and service providers to improve overall security? In this Dark Reading & Arctic Wolf webinar, top experts discuss security outsourcing strategies, tools for measuring service provider security, and ways to use third-party services to supplement your in-house cybersecurity skills.
By attending, you’ll:
- Understand best practices for working most effectively with third party providers
- Discover what security functions can be handled by third parties and what should be kept in-house
- Recognize how to avoid common pitfalls of working with third parties
- Get a peek into how the market is changing, what type of security functions third parties will be providing in the future, and how to prepare for it
Explore the role of the IoT in the mining industry. From big industry to incubators and startups -- many organizations are engaging globally via innovative ecosystems, testbeds and tech hubs for education, awareness, and best practices.
Security mature organizations are increasingly utilizing User and Entity Behavior Analytics (UEBA) to quickly surface, prioritize, and respond to anomalous and alarming user behavior.
Join Stephen Frank, director of technology & security at National Hockey League Players' Association (NHLPA), and Rob McGovern, LogRhythm senior technical product manager, as they discuss how to apply UEBA to meet security use cases. The duo will outline NHLPA’s key use cases and how LogRhythm is supporting their security initiatives.
During the webinar, we’ll present:
• Why UEBA is a critical security capability
• NHLPA’s security environment and key use cases
• How LogRhythm is advancing their UEBA capabilities
• A brief demo of LogRhythm’s UEBA solutions
Register now to get an inside look at how NHLPA is working with LogRhythm to enhance their UEBA capabilities.
Security leaders must choose appropriate tools and build a culture that does not inhibit the development pipeline but supports it. In this webinar, Ultimate Guide to Building Security into CI/CD, Olli Jarva, Managing Consultant and Solution Architect, Synopsys Asia Pacific, outlines how security teams can work within a Continuous Delivery or Continuous Deployment model by building security into operational processes and an integrated, Continuous Integration toolchain. This integrated software security strategy is known as “Continuous Security.”
Datenschutz und -absicherung sind für Ihre Organisation von entscheidender Bedeutung und keine Verordnung hat weltweit weiter reichende Anforderungen als die DSGVO. Cherwell ISMS bietet eine einfache Möglichkeit, die DSGVO-Artikel Ihren Sicherheitskontrollen zuzuordnen. Darüber hinaus können Sie mit dem Incident Management die Meldefrist von 72 Stunden einhalten und die betroffenen Personen kontaktieren. Schließlich können Sie unser Self-Service-Portal erweitern, um EU-Bürgern eine einfache Möglichkeit zu bieten, Anfragen in Bezug auf Datenzugriff, Berichtigung, Löschung und Portabilität zu erstellen und zu verfolgen.
Mit FireEye Threat Analytics in kürzester Zeit das eigene SIEM realisieren.
Die Erfahrungen mit klassischen SIEM-Lösungen haben immer wieder gezeigt, dass durch deren Implementierung recht schnell große Datenmengen und gleichzeitig viele Alarme erzeugt werden. Damit werden noch lange nicht alle für die Cyber-Sicherheit relevanten Probleme gelöst
Wir zeigen Ihnen, wie Sie schnell zu einer SIEM-Lösung kommen, die einen entscheidenden Mehrwert aus dem Daten-Dschungel bietet um:
•Kostspielige und aufwändige Installation zu vermeiden
•Die hohe Anzahl an Alarmen und der damit verbundene Aufwand zu priorisieren
•Angriffe und Aktivitäten in Ihrem Netzwerk sofort zu erkennen
Ergänzen Sie Ihre bestehende SIEM-Lösung und steigern Sie damit deutlich das Cyber-Security-Niveau Ihrer Organisation.
From India to Belarus, organizations are tapping software development talent in emerging markets. These developers often work outside of company offices, leading to four IT challenges that can undermine developer productivity, render cloud-based versioning systems and repositories unusable, complicate onboarding new developers, and increase risk.
Learn from the experiences of three IT pros supporting distributed development teams, and how Cato Cloud solves those challenges.
For this month's theme of 'Cyber-Espionage and Threat Hunting' we'll here from Chris Novak, Director, Investigative Response on cyber-espionage and threat hunting as seen across the Investigative Response Team caseload. We'll then transition into a Q&A session with Jihana Clemetson, Senior Analyst, Threat Intelligence, and Marcus Cymerman, Senior Analyst, Network Forensics to dig further into our cyber-espionage cases and discuss typical indications of being a victim of cyber-espionage, the components of threat hunting, and the approaches to investigating cyber-espionage incidents.
Following the cyber-espionage insights, we'll cover the following topics: