The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.
Deliver Production-like Environments Early in the Dev/Test Lifecycle
As a growing number of financial enterprises look into adopting Cloud and DevOps, environment complexity is often cited as one of the top barriers for such initiatives. Focusing on a Shift Left philosophy to deliver production-like environment access early on in the dev/test lifecycle can tremendously increase quality, cut down the cost to fix issues and, more importantly, increase innovation speed. This webinar will cover an example of using cloud sandboxes for allowing access to authentic replicas of production environments, allowing financial firms to focus on release software faster without sacrificing security and compliance.
Email remains the biggest entry point into your healthcare organization, and with medical records at least 10X as valuable as credit cards, potential payoffs are high. Security threats are real and debilitating – they can even affect patient care – and they aren’t going away anytime soon. Join us for Anatomy of an Email-Borne Attack where we'll paint the current healthcare threat landscape for attacks and demonstrate an actual live “hack.”
The regulators are coming regarding cybersecurity. Are you ready?
Join this interactive webinar to learn more about:
- The NYDFS Part 500 cyber regulations, including insights on implementation and auditing
- Review the NAIC's new Insurance Data Security Model Law adopted on October 24, 2017
About the Presenter:
Adam Hamm is a Managing Director at Protiviti Global Consulting who serves financial services industry clients across the country regarding risk, compliance, and cybersecurity matters. He has deep knowledge of financial services regulation with hands on experience in all insurance supervision and policy related matters. Before he joined Protiviti in January 2017, he was a former President of the National Association of Insurance Commissioners (NAIC), Chairman of the NAIC’s Cybersecurity Task Force, Principal on America’s Financial and Banking Information Infrastructure Committee (the primary national regulatory cybersecurity committee for the financial services sector), Principal on the United States Financial Stability Oversight Council (FSOC), and North Dakota’s elected insurance commissioner from 2007-2016. Adam also spent ten years as a violent crimes prosecutor and civil litigator.
Join Derek Manky, Global Security Strategist at Fortinet, to learn about the top Threat Predictions for 2018, as identified by FortiGuard Labs' 200 expert threat researchers, and gain the latest intelligence on the threat landscape and our predictions for every critical area including malware, botnets, mobile threats and more.
You can also access our 2018 Threat Prediction Report attached to understand what cybercriminals have in store for us and what you, as an IT security professional, should be most prepared to address.
L’année qui s’achève a été essentiellement marquée par des attaques coûteuses, des fuites de données retentissantes et plusieurs cas de ransomwares et d’espionnage économique. La cyber criminalité a gagné en ampleur et en audace, avec des retombées financières bien plus élevées. Les cyber attaques sont désormais régulièrement citées dans les médias.
Ce webcast aborde les points suivants :
• Le paysage des menaces en 2017
• Les personnes ou les erreurs qui ont conduit à ces incidents
• Les enseignements à tirer de cette année pour les professionnels de la sécurité comme vous
• Les solutions qui peuvent renforcer votre sécurité à l’approche de 2018
Participe en nuestro seminario virtual sobre la seguridad de correo electrónico hospedada Combata las amenazas avanzadas con SonicWall Hosted Email Security el viernes, 15 de diciembre a las 11:30 h CET.
El correo electrónico continúa siendo vital para los negocios. Sin embargo, a medida que crece el volumen de correos electrónicos, aumenta también la cantidad de ataques de ransomware, phishing, compromiso del correo electrónico de negocio (BEC), spoofing, spam y virus.
Los cibercriminales falsifican direcciones de remitentes de correo electrónico para engañar a los destinatarios, dañando así a marcas legítimas sin que éstas lo sepan. Las organizaciones pueden sustituir sus soluciones antiguas por la solución de seguridad de correo electrónico basada en la nube asequible y fácil de usar de SonicWall, que ofrece protección contra el dinámico y cambiante panorama de las amenazas de correo electrónico.
En este seminario virtual, obtendrá información sobre los siguientes temas:
•Protección contra las amenazas de correo electrónico avanzadas
•Cómo la seguridad de correo electrónico hospedada de SonicWall mejora MS Office 365
•Otras ventajas del servicio de suscripción de seguridad de correo electrónico basado en la nube
Saviez-vous que des millions d’hôtes (domaines, sous-domaines ou adresses IP) apparaissent chaque jour et que, dans bien des cas, leur durée de vie ne dépasse pas 24 heures ?
De nombreuses entreprises choisissent d’instaurer des politiques de passerelles web sécurisées afin d’empêcher les utilisateurs d’accéder à des sites non classifiés à cause du risque qu’ils représentent, même si la plupart sont tout à fait légitimes dans le cadre d’un usage professionnel.
De la même façon, beaucoup d’entreprises décident de bloquer des sites dès lors que le niveau de risque est fort, sans être totalement avéré.
En découle un blocage excessif des sites web qui nourrit l’insatisfaction des utilisateurs.
Certains sites sont réputés pour leur fiabilité, d’autres pour leur dangerosité. Les sites qui posent vraiment problème sont ceux qui se situent entre les deux, lorsqu’il n’y a pas suffisamment de recul ou d’informations.
Principaux thèmes abordés :
- Découvrez le plus grand réseau civil d’intelligence sur les menaces au monde et la protection qu’il peut vous apporter face aux attaques de malware.
- Apprenez à définir des politiques permettant d’isoler tout le trafic dont le risque est indéterminé ou non classifié par le Global Intelligence Network.
- Sachez comment booster la productivité de l’entreprise sans créer de risques supplémentaires.
Inscrivez-vous dès aujourd'hui.
Rejoignez-nous le vendredi 15 décembre à 10h00 CET pour le webcast consacré à la sécurité de messagerie hébergée : Combating Advanced Threats with (Combattre les menaces avancées avec SonicWall Hosted Email Security).
La messagerie reste essentielle pour l’entreprise. Mais l’augmentation en volume des messages électroniques entraîne parallèlement la prolifération des ransomwares, du phishing, des menaces de type BEC (Business Email Compromise), du spoofing et autres attaques de virus.
Les cybercriminels falsifient les adresses e-mail des expéditeurs pour tromper les destinataires et portent par là même préjudice aux marques légitimes. Les entreprises ont tout intérêt à remplacer leurs solutions actuelles par la solution Cloud conviviale et économique SonicWall de sécurisation de la messagerie afin de se protéger d’un paysage de menaces dynamique et changeant.
Dans ce webcast, vous en saurez plus sur les thèmes suivants :
•Protection contre les menaces avancées véhiculées par e-mail
•Comment la sécurité de messagerie hébergée SonicWall améliore MS Office 365
•Autres avantages du service Cloud de sécurisation de messagerie par abonnement
A recent, significant data breach in 2017 has caused people to take a deeper look into Apache Struts vulnerabilities. This weakness emphasized the impending risks for Apache Struts-based applications. Even today, scanners do not detect all known vulnerabilities. As of November 2017, the leading scanners still missed 14 total unique Common Vulnerabilities and Exposures (CVEs).
In this webinar, we will analyze Apache Struts-related vulnerability weaponization patterns spanning the last decade. We will also provide insight into exploit patterns through a live exploit demonstration and explain how these patterns can define an organization’s risk management strategy.
Hear from RiskSense’s Anand Paturi (VP of Research and Development) and Barry Cogan (Senior Security Analyst) as they guide us through the live demonstration and provide insights into exploit patterns
and how attacks can be avoided.
In the early days of aviation, flight instrumentation made it safer to fly in bad weather. Today, cloud computing is taking off and revolutionizing how applications are built and delivered. But while these technologies offer new possibilities, they also can obscure visibility and make it much more difficult for IT Operations teams to detect security threats and diagnose the root cause of performance issues.
There is hope: the network remains the common denominator for all applications and provides a source of real-time insight across hybrid, multi-cloud environments.
In this webinar, IDC Research Director Brad Casemore and ExtraHop’s Director of Solutions Architecture, Eric Thomas, discuss how organizations can tap into network communications and maintain visibility for security and performance.
Join 451 Research and SecureAuth+Core Security for a peek into the emerging trends in cyber security and identity in 2018. Register today and learn how these trends will impact your strategy, organization, and job in the coming year.
Security experts Garrett Bekker, 451 Research and Chris Sullivan, SecureAuth+Core Security will share insight on these trends and more:
•Why network-based approaches to security are no longer sufficient in the age of cloud and IoT
•Why identity is the new gating factor for access to sensitive resources
•How various methods for securing cloud resources – CASB and IDaaS - need to converge
•The need for risk-based approaches to authenticating users – and machines
With major breaches exposing the personal information of hundreds of millions of Americans and disruptive ransomware attacks shaking the world in 2017, we'll examine the lessons learned from these events as a guide to shape CISO strategy for 2018.
This interactive Q&A panel with security industry experts will explore:
- The biggest threats on the horizon
- Key vulnerabilities and how to protect against them
- Measures for breach prevention, detection and response
- Which areas to focus on in 2018
- Recommendations for CISOs
- Diana Kelley, Cybersecurity Field CTO, Microsoft
- David McGuire, CEO, SpecterOps
- Ashton Mozano, CTO, Circadence
- Mark Weatherford, Chief Cybersecurity Strategist, vArmour
- Jon Green, VP and Chief Technologist for Security at Aruba, a Hewlett Packard Enterprise Company
The DriveLock Endpoint Protection Platform is helping you to secure, control, and protect your critical infrastructure from internal and external threats. DriveLock achieves this through a comprehensive, layered security approach that includes application control, device control, and drive encryption. DriveLock combines this with advanced AI and a security awareness system that, as a whole, provides the highest level of security for your critical data and users.
* DriveLock provides a layered approach to system security that is both comprehensive and flexible.
* Device and Drive Protection prevent malicious applications from being brought into your infrastructure and prevent sensitive data from getting out.
* Application Control with AI allows more flexible, intelligent control over the applications allowed on your infrastructure without weakening your security posture.
* Disk Encryption lets you ensure the security of the confidential data after it has left your infrastructure.
* Web Security prevents known threats from infecting your network.
* Security Awareness lets you seamlessly train users on information security best practices without interrupting their work.
In early 2000, the Open Source Security Testing Methodology Manual (OSSTMM) was released with the primary objective of improving how the enterprise conducted security testing. Key sections of this methodology include operational, human, physical, wireless, telecommunication, and data network security testing. Today, OSSTMM is widely regarded as a methodology for penetration testing world-wide, offering a standard approach to conducting security testing. Frank Shirmo of ITPG Secure Compliance, a Cyber Security Boutique in Northern Virginia will be joined by Pete Herzog, the creator of OSSTMM, to answer key questions, and provide clarifications on OSSTMM for CTOs, CISOs, CIOs, Security Engineers and Analysts, and all other stakeholders interested in the topic of security testing.
In some organizations, the theme of “can’t we all just get along” accurately describes the relationship between DevOps and network security. DevOps operates at a rapid and dynamic pace, leveraging the cloud to create and deploy; security teams exercise industry best practices of policy change control to eliminate potential security holes. Inevitably, deployment challenges arise. The ideal solution is one where security becomes part of the DevOps fabric.
In this session our Cloud Automation Experts will discuss and demonstrate how customers can automate the deployment of the deployment of VM-Series next generation firewall to protect DevOps environments on AWS and Azure. Based on current customer examples, the topics covered in this session will include:
• “Touchless” deployment of a fully configured firewall utilizing a combination of native and 3rd party automation tools such as Terraform and Ansible
• Consuming Tags to execute commit-less policy updates
The session will wrap up with a discussion of sample templates and scripts to get started and a video demonstration of a fully automated VM-Series deployment.
You’re a security professional, or not, but sometimes get asked to sort of be one? You don’t have enough people, you don’t have enough budget, and you don’t have enough time. But you know that’s not an acceptable excuse now that we are all running fast in the cloud.
Tune into our webinar to learn how you can make the most of your people, processes, and technology:
- Despite security talent shortage, leverage your small team and other resources most effectively.
- Make sure automated processes handle 99% of the noise, so you’re left to manage real threats.
- Buy and manage the least amount of tools to do the most
Public clouds provided by services like AWS and Azure continue to surge in popularity with organizations small and large. However, the security of these services and how the responsibility for it is shared can be murky. Organizations want to assure that the public cloud is being used properly by everyone in the enterprise and to run mission-critical applications while meeting compliance and security controls. Join Gigamon and (ISC)2 on Thursday, December 14, 2017 at 1:00PM Eastern for a roundtable discussion on public clouds and the shared responsibility model and how that can help to secure and protect your organization.
Join us on Monday, December 18th at 9 a.m. GMT for the hosted email security webinar, Combating Advanced Threats with SonicWall Hosted Email Security.
Email continues to be vital to business. However, as the volume of email increases, so too does the amount of ransomware, phishing, business email compromise (BEC), spoofing, spam and virus attacks.
Cyber criminals falsify email sender addresses to fool recipients and inflict damage to unknowing, legitimate brands. Organizations can benefit from replacing legacy solutions with SonicWall’s easy-to-use, affordable cloud-based email security solution that defends against the dynamic, evolving email threat landscape.
In this webinar, gain insights on:
•Protection against advanced email threats
•How SonicWall hosted email security enhances MS Office 365
•Other benefits of the cloud-based email security subscription service
Join us for a new webinar in our series focused on helping companies prepare for the upcoming global government regulations, like European General Data Protection Regulation (GDPR). Data sovereignty, especially for cloud-first companies, is becoming an important part of any security strategy as these data breach regulations go into effect next year. Being able to demonstrate best efforts to protect the privacy of an individual’s data will be a requirement and non-compliance will have hefty monetary ramifications.
This webinar will walk attendees through what Gemalto has already done and is doing to prepare for data privacy regulations from product management to sales operations and more. Our Director of Global Data Privacy, Jean-Pierre Mistral, will share how and what we have done, takeaways and timelines and Alex Hanway, Product Marketing, will cover the different technologies companies can use to mitigate the risk of non-compliance and what this means for business operations globally.
Join us to hear more about:
•What is GDPR?
•Case Study: A look at how Gemalto has prepared for GDPR
•The implications for local businesses and technologies that can help mitigate risk around complying with data privacy regulations
Join Justin Harris, Public Cloud Architect at Palo Alto Networks and Jason Montgomery, EMEA Manager for Palo Alto Networks Aperture to understand:
- Why organisations are moving to the cloud and the obstacles getting there
- The role of Cloud Access Security Brokers (CASB) and a simpler approach to securing SaaS applications
- How a Next-Generation Firewall compliments and enhances AWS/ Azure's built in security tools
- Automation and how to move quickly with cloud security
- Key strategies to ensure your organisation's data remains protected
- Questions and Answers
We do hope you can join us for this exclusive webinar to understand new cloud security challenges and strategies for protecting your data.
The cost of Impostor email has risen to $5.1B. Business email compromise (BEC) is impacting employees, business partners and customers of organizations around the world.
Proofpoint Email Fraud Defense (EFD) extends the security already offered by Email Protection to block criminals that spoof your trusted domains to trick victims, both inside and outside of your organization, into sending money and other sensitive information to the attacker.
Join us for a live webinar on Tuesday, June 6th at 10am PST where you will learn:
• Latest impostor email trends including BEC and consumer phishing
• How to extend your current protection to stop all impostor threats
• Upcoming product integration with Email Protection to secure your entire email ecosystem
From cyber criminals who seek personal financial information and intellectual property to state-sponsored cyberattacks designed to steal data and compromise infrastructure, today’s advanced persistent threats (APTs) can sidestep cyber security efforts and cause serious damage to your organisation. 2017 is already one of the most prolific years in terms of APT activity. Indeed, since the beginning of the year, there have been several examples of major cyberattacks across EMEA and more specifically in the Middle East. How can FireEye help your organisations protect against these persistent threats?
Join this live webinar in Arabic as we will discuss the following topics:
- FireEye Adaptive Defense
Recent investigations by FireEye’s Mandiant incident response consultants combined with FireEye iSIGHT Threat Intelligence analysis have given us a more complete picture of a suspected Iranian threat group, that we believe has been operating since at least 2014.
APT34 are involved in long-term cyber espionage operations largely focused on the Middle East. This threat group has conducted broad targeting across a variety of industries, including financial, government, energy, chemical, and telecommunications.
Join us in a live webinar as we discuss this threat group whom we assess to be working on behalf of the Iranian Government, with a mission that would benefit nation-state geopolitical and economic needs. APT34 uses a mix of public and non-public tools, often conducting spear phishing operations using compromised accounts from trusted third parties, sometimes coupled with social engineering tactics.
Register today to gain deeper insights into this threat group!
Join Michael Gorelik, distinguished threat researcher and Morphisec Chief Technology Officer and Vice President of R&D, for a close look at top cyber threats targeting enterprises today. He will walk through the where, what and how of the leading attack vectors as well as explore ways to protect your company.
• Learn the primary attack vectors used by cybercriminals to infiltrate an organization
• Understand how different attack techniques work and what damage they can do
• Find out what protection methods work and where they fall short
• Get answers directly from our chief bad-guy researcher during the Q&
Vulnerabilities are an inevitable part of software development and management. Whether it’s open source or custom code, new vulnerabilities will be discovered as a code base ages. A 2017 Black Duck analysis of code audits conducted on 1,071 applications found that 97% contained open source, but 67% of the applications had open source vulnerabilities, half of which were categorized as severe. As the number of disclosures, patches, and updates grows, security professionals must decide which items are critical and must be addressed immediately and which items can be deferred.
Join Black Duck’s VP of Security Strategy, Mike Pittenger, for a 30-minute discussion of best practices in open source security and vulnerability management. You’ll learn:
- Methods for determining which applications are most attractive to attackers, and which pose the greatest risk
- Ways to assess the risk associated with a disclosed open source vulnerability
- Strategies to minimize the impact of open source security vulnerabilities when immediate fixes can’t be made
Cybersecurity disasters dominated the news in 2017. WannaCry alone bashed hundreds of thousands of targets. Now is the time for CIOs and CSOs to scrutinize multiple components of their security because, let’s face it, attackers are busy working up new creative ways to hijack your data in 2018.
Attend this webinar to learn what it takes to build an in-depth defense. This straightforward presentation will cover:
• Security KPIs with risky validation processes (far more common than you think)
• A checklist of security points that need tight inspection (and where to drill down)
• New security services that streamline the process
During this upcoming webinar we will discuss the current state of IoT adoption, security and trust challenges to deployment by key vertical markets. We will also dive into lessons learned, emerging standards for IoT security, and the necessary innovative technologies required for the Internet of Things to succeed. Please join Entrust Datacard and 451 Research for this informative upcoming webinar.
2017 left us with little doubt that attacks against our national critical infrastructure are real. The U.S. government and EU both released rare public statements for energy and utility firms, warning that sophisticated threat-actors are targeting industrial control systems at a never-before-seen rate.
Operational Technology (OT) systems present a unique cyber challenge that traditional technologies fail to meet. Reliant on bespoke legacy systems, industrial environments are increasingly connected to IT environments, a challenge compounded by remote maintenance repair operations and connected industrial devices.
Darktrace turns the OT security problem on its head, by leveraging AI to identify and neutralize threats to critical infrastructure in real time. Powered by machine learning, Darktrace’s Industrial Immune System understands the normal ‘pattern of life’ for every operator and device without requiring agents or knowledge of operating system – ensuring that cyber-attacks across OT and IT are stopped before they escalate into a crisis.
Join Darktrace Industrial’s Director of Technology, Andrew Tsonchev, and Darktrace’s Head of Security, Simon Fellows, for a discussion on the evolving OT threat landscape, and how immune system technology helps industrial organizations fight back.
A secure product lifecycle (SPLC) is integral to ensuring software is written with security in mind, but companies struggle to create a successful process with limited security resources and minimal impact to engineering teams.
In this webinar, Julia Knecht and Taylor Lobb – Managers, Security & Privacy Architecture at Adobe, will explain how a team of just two security pros helped roll out a successful SPLC program that has scaled to support thousands of engineers by leveraging automation and establishing security ambassadors (champions) within the product engineering teams.
Defining security requirements and KPIs for engineering teams is just the first step in creating the SPLC. In order to make the design a reality for several products, thousands of engineers, and millions of lines of code, Adobe’s team was organized into an “as a service” model and utilized automation to scale to meet this demand. Establishing a strong security ambassador program helped ensure the success of the SPLC. The centralized ambassador network has been crucial to the success all product security initiatives throughout the business unit.
You’ll walk away with on-the-ground knowledge you can use to establish an effective SPLC in your own organization by establishing and utilizing security ambassadors and providing seamless automation to support these key initiatives.
Organizations continue to rapidly move their workloads to the cloud as they benefit from the flexibility and agility this can provide. However, many security processes become increasingly difficult to manage in a Shared Responsibility model. Top among these is vulnerability management which is the key to visibility into virtual and multi-cloud networks. Join Skybox and (ISC)2 on December 19, 2017 at 1:00PM Eastern for our final ThinkTank of the year where we will discuss how to better prioritize and manage vulnerabilities and the best way to provide visibility (and thus, context) into the physical, virtual and multi-cloud environments all organizations find themselves dealing with now.
Phishing campaigns are among the most common and damaging cyberattacks. Despite how common and successful phishing attacks are, often times organizations and their employees are ill-prepared to handle these threats.
In this webinar, Greg Foss, LogRhythm Manager of Global Security Operations, Paul Asadoorian, Security Weekly CEO and Founder, and John Strand, Black Hills Information Security Owner and Security Analyst, discuss phishing attacks and how you can protect yourself from them. Additionally, the three go on to discuss how LogRhythm’s open-source Phishing Intelligence Engine (PIE), can help streamline and automate the entire process of tracking, analyzing, and responding to phishing emails.
Watch now to learn how LogRhythm is helping to automate the detection and response to phishing attacks.
Detecting malware, helping to prevent and disrupt command and control communication, ransomware and phishing attacks, being part of a data loss prevention program – DNS can help with this and much more, but are you leveraging it as part of your security controls and processes?
DNS is the perfect choke point to stop not just data exfiltration through it, but also detect and stop malware from spreading and executing
In this webinar you’ll learn:
•The value of DNS as part of your cyber strategy
•How DNS can provide your SIEM with actionable intelligence
•How DNS can add value to other security controls, such as vulnerability scanners and end point protection
Join Infoblox and (ISC)² for a discussion on this often overlooked topic.
Cloud is transforming many industries, and the automotive industry is no exception. Gartner predicts that, by 2020, we will have a quarter of a billion connected cars on the road, and new cars will rely heavily on innovative cloud-based technology. Find out how Cloud is pushing this industry forward and what the security concerns and predictions will be for 2018 in this video.
Discover more by reading the blog in the attachments.
The rapid, ongoing growth of IoT is opening exciting new opportunities for seeing, measuring, controlling, and profiting from actions that take place within enterprises. In fact, 69 percent of organizations have adopted, or plan to adopt, IoT solutions within the next year, according to Cradlepoint’s new State of IoT 2018 report.
That said, there’s a vast divide in the world of enterprise IoT between what businesses say they believe and how they plan to act.
Join Ken Hosac, VP of business development at Cradlepoint, for a live webinar on Dec. 20, 2017, at 8am PT, to explore brand-new data from the State of IoT 2018 report.
Webinar attendees will gain knowledge about:
— IoT perceptions & infrastructure preferences
— IoT adoption & implementation trends
— Solutions & best practices
The recent release of our Cloud-Based Logging Service marks the next step in Palo Alto Networks’ evolution towards a consumption model that complements the dynamic nature of today’s IT infrastructure. In this brief 30-minute webinar we will discuss how Logging Service provides an alternative for Palo Alto Networks next-generation security infrastructure and why it is a cornerstone of our strategy. We will show how the Cloud-Based Logging service will help to offload CAPEX and operational overhead while also increasing data retention and intelligence.
Ensure that all your applications are accurately assessed with policy-based scanning.
Join this 20 minute webinar to see how Veracode can help you protect your organization against data breaches and meeting regulations and policies addressing cybersecurity and information security controls in a timely manner.
See how the Veracode Platform provides built-in, automated compliance workflows to reduce communication overhead and provide a secure audit trail of your compliance processes, including notifications about policy changes. Veracode’s unified platform can also help you address OWASP security issues by integrating security seamlessly into software development and eliminating vulnerabilities at the most efficient and effective points in the development/deployment chain.