The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.
In the new world of IoT, smart cities, smart cars and home, our personal devices are more connected than ever before. Learn about predicting the future by looking at the past with insights on how to improve the world of IoT that is coming into our homes.
Wer sich mit der Frage beschäftigt, wie man ein effektives und effizientes Security Operations Center (SOC) aufbauen sollte, steht vor einer großen Herausforderung, denn neben den Investitionen der physischen Sicherheitsmaßnahmen, Hard- und Software ist besonderes Augenmerk auf die Analysten zu setzen, die hochkonzentriert – einem Mitarbeiter der Flugüberwachung ähnlich – das Geschehen beobachten und auf den „Ernstfall“ eines Angriffs vorbereitet sind.
Diese Mitarbeiter befinden sich persönlich als auch technisch kontinuierlich im "Alarmzustand", denn jede Anomalie ist für geübte IT-Sicherheitsspezialisten bereits eine potenzielle Cyberbedrohung, die es zu analysieren und abzuwehren gilt. Damit ein SOC wirksam sein kann, bedarf es eines soliden Fundaments aus:
• Schlanke Prozessabläufe und eindeutig festgelegte und vernünftige Befugnisse der Beteiligten
• Hocheffiziente und moderne Technologien und Technologiepartnerschaften mit eingespielten Eskalationsstufen
• Hochmotivierte und vertrauensvolle Mitarbeiter und vertraute Partner, die in Engpässen das eigene SOC Team unterstützen können
In diesem Seminar zum Thema SOC, wird der SOC grundlegend erläutert und diese Grundsäulen eines schlanken SOC beschrieben. Außerdem gibt das Webinar einen Ausblick darauf, was auf die Unternehmen zukommt und welche Herausforderungen die einzelnen (n>1) Phasen begleiten und welche Services man outsourcen kann.
Join us at our next Career Conversations with Women in Cyber Security session. This webinar gives WSC members the opportunity to connect with female career professionals. We'll discuss topics such as: what made them decide on IT or Cyber Security, what were some of their work/life challenges, and what skills and education do they see as essential to success?
Whether you are an experienced professional or just contemplating a future in Cyber Security, WSC's Career Conversations allows you to have a conversation with women making a difference. Join us and share in Career Conversations with successful women in cyber security!
Featured Guest: Leslie Taylor, Recruiter Lead for ICF International
Jessica Gulick, VP of the Women's Society of Cyberjutsu board will moderate discussions.
About the Speaker:
Leslie Taylor is the Recruiting Lead at ICF and Recruiting lead for their Enterprise Cyber Security Division. She is a member of Leadership Fairfax and has a master’s degree in Human Resources. She has spoken at numerous Cyber and Recruiting conferences to include Cyber Montgomery, CyberMD, and numerous Recruiting events. Leslie Taylor has more than 15 years of experience in IT, cleared, cybersecurity and military recruiting. She is an active member in several professional associations and leverages participation in a variety of IT/cyber, university/college, association and military career fairs and networking events. Leslie primarily recruits for opportunities on a national scale. She plays an integral role in recruiting for a wide range of skills and talent to include Software Developers, Network Analysts, Programmers, Cyber Specialists, Homeland Security, Emergency Management and Program Managers that provide the following services to our clients.
The move to requiring encryption on all websites is picking up speed, with browsers starting to show UI warnings for unencrypted websites. Roughly 60% of internet page loads already "https", and the number of sites switching to encryption grows every month. This trend is helped by the availability of anonymous, free Domain Validated (DV) SSL certificates from several Certification Authorities (CAs), which include no identity information about the website owner.
While increased encryption is good for connection security and combating “man-in-the-middle” (MITM) attacks, many phishing and malware fraudsters are using DV certificates to imitate login pages for top sites such as PayPal.com, banking sites, etc. and steal user information. Unfortunately, these fake DV login pages receive a favorable green padlock “Secure” security indicator in the Chrome UI, causing some users to believe Chrome is vouching for the phishing website as safe or trustworthy.
Join Entrust Datacard's Chris Bailey and Kirk Hall as they discuss:
• The difference between DV, OV, and EV
• The issues with current browser UIs to do with certificate information
• A proposed new UI security indicator to help users and enhance security
In the new enterprise network reality, boundaries have blurred: the internet is central and out of your control. A modern approach to network analytics is now more important than ever. The good news is that it’s possible to get vastly better insights from network traffic data than ever before, due to the power of cloud and big data systems. The key is to link that network traffic data and show the benefit to the broader business. In this webinar guest speaker Forrester analyst Andre Kindness and Kentik Co-founder and CEO Avi Freedman will help you understand:
- The changes in enterprise networks that make modern network analytics a must-have
- Why it’s so important to combine network data with business context
- Examples of business intelligence driven by network data in IT organizations today
- How you can gain the business advantage that modern network analytics offers
Cloud Security Protection is improving, but how can we protect against Evolving Security Threats? How can we win?
In this session we will delve into some of the security risks associated with cloud environments and what can be done to protect your applications and data that reside in the cloud by utilizing a new technology known as Software-Defined Perimeter (SDP) as well as encryption and tokenization.
Join Ulf Mattsson, CTO of Atlantic BT, and his special guests David Morris, Security Scorecard, and Juanita Koilpillai, CEO, Waverley Labs, in this dynamic panel discussion and live Q&A.
A current increasingly uncertain and complex regulatory environment has made it challenging for firms tasked with creating and maintaining a “culture of compliance”. The business demands access to new forms of communications to increase engagement with employees, partners and customers, only increasing the quantity and complexity of the data you manage. Join Proofpoint to gain an understanding of the challenges that compliance faces and the consequences of not meeting the expectations of the regulators
Join us to
•Develop insight into the rapidly changing regulatory environment
•Hear how new forms of communications are bringing about the digital revolution
•Discover how to protect your organization from reputational risk and stay out of the cross hairs of the regulators
From attacks that abuse PowerShell to attacks that live exclusively in memory, “fileless” threats have become increasingly common and dangerous. They’re built to evade detection from even the most advanced defenses, but that doesn’t mean they can’t be stopped — or that they have to be difficult to understand.
Join us to learn how attackers are using fileless techniques to gain execution, persistence, and lateral movement, and what you can do to keep your company protected.
The Gartner 2017 Market Guide for Privileged Access Management (PAM) reviews 24 vendors across various categories. This comprehensive information can help you find an ideal solution for your unique business needs. Yet, selecting the right PAM solution is a pivotal decision; it is critical to weigh your options.
Make an informed decision. Join Suresh Sridharan, Director Privileged Access Management at CA Technologies, as he guides you through report recommendations, evaluates the latest tools and technologies, and compares and contrasts industry choices.
Over the past few years, malware authors have developed increasingly sophisticated and creative ways to infect endpoints. Encrypting ransomware is no longer merely an annoyance. It's a highly persistent and organized criminal "business model" in full deployment, with new abilities to move laterally through networks and infect machines previously thought not possible to infect. The damage from becoming a ransomware victim is considerable, and can even put organizations out of business.
At Webroot, we believe it's possible to effectively protect businesses and users, but only by understanding your adversary and the techniques they use for their attacks. In this webinar, Webroot's own Senior Threat Research Analyst, Tyler Moffitt, will offer expert insights into emerging encrypting ransomware variants--and how you can stay ahead.
Solving the most sophisticated security challenges requires an advanced approach that is built upon a proxy-based architecture. This approach allows you to leverage best of breed security technologies to provide a safe and confident cloud and network experience.
Symantec secure web gateway solutions deliver strong proxy-based security in the form factor your organization needs: on-premises appliance, virtual appliance, in the cloud, or in a unified hybrid combination of these solutions.
The solution’s unique proxy architecture allows it to effectively monitor, control, and secure traffic to ensure a safe web and cloud experience.
In this webinar learn:
• Why Proxy architecture is more important than ever as a critical security component of your network
• How a web proxy can serve as a platform for advanced threat detection and data protection
• Why pre-filtering your sandbox with proxy architecture is a smart move for both your SOC and your bottom line.
Are your users tired of having to login to the corporate network via VPN? Do you wish you could manage at-home devices remotely? In our latest release of PCoIP Management Console, we’ve added the ability to manage both office-based and at-home PCoIP Zero Clients.
During this 30-minute webinar you’ll learn the best ways how to set up PCoIP Zero Clients so your employees or external consultants can be productive from wherever they happen to be.
The demonstration will cover how to:
•Configure PCoIP Zero Clients for off-site employees or contractors
•Determine the best WAN settings to recognize out-of-office devices
Creating a culture of cybersecurity is critical for all organizations. Join the conversation with our own security pros to learn how they keep employees ahead of phishing attacks, share best practices for phishing education and explain how to use innovative technologies to strengthen cyber resilience.
The cloud provides organizations with elasticity and speed and by 2018 60% of an enterprises’ workloads will run in the cloud says 451 Research. The amount of business operations running in the cloud means organizations have more cloud computing service providers, with a typical enterprise having roughly six. This requires companies to develop and implement a multi-cloud strategy, especially when it comes to security. But each CSP has its own security offerings and integrations sometimes making the process confusing and complex. Even prior to the cloud, encryption and key management have presented challenges for many organizations, but with encryption becoming ubiquitous – a strong key management strategy is key. This is especially important with industry mandates and government regulations like European General Data Protection Regulation (GDPR) and U.S state data breach disclosure laws.
In this joint webinar with 451 Research, we will cover topics including:
-Building a multi-cloud security strategy for encryption and key management
-Best practices, benefits and pitfalls of managing your own security
-Impact of regulations on data protection in the next few years
-Understanding the different CSP requirements for key management:
oCustomer-Supplied Encryption Key (CSEK)
oBring Your Own Key (BYOK)
oHold Your own Key (HYOK)
oGeneral cloud service provider key management services overview
DevOps teams are building applications faster than ever before, and utilizing large amounts of open-source software to increase agility. However, that introduces the possibility of open-source security risk. The landscape of attacks has changed in recent years, with cyber-attacks increasingly happening on the application layer. This means DevOps teams need to be involved in the security process.
This task is made more daunting as modern applications are a mix of custom code and open source in their applications. How do you protect your DevOps? Register for this webinar where security experts from Micro Focus Fortify and Black Duck discuss:
- Understanding the mindset of an attacker
- Ways to automate the process of risk identification
- The ability to gate builds when finding risk elements
Brought to you by Entrust Datacard and IDG Research
As organizations expand on legacy infrastructures and build new digital business models, what is the role of trusted identity? This webinar will illustrate how trusted identity technologies — including authentication and PKI — are essential as organizations capitalize on the full potential of cloud and mobile technologies. We will also discuss how to avoid the pitfalls of misaligned identity strategies.
The care and handling of personal information is a top concern for consumers and governments alike. Unlike many issues which gain public attention and struggle to keep it, an endless stream of publicised data breaches serves to keep data privacy in the public eye. As a result we’re seeing increasingly onerous regulation coming into effect in an effort to improve the data management practices of organisations and protect the confidential information of citizens. Major Internet players are also weighing in in an effort to make the user experience more secure.
For organisations with a large digital presence, identifying all the places that personal information, or in the case of GDPR, personally identifiable information, is collected can be a daunting task. Are those forms collecting data securely? Are they accompanied by compliant statements and controls? Research carried out by RiskIQ suggests that there is much more to do in this area.
Join us for a closer look at the security and compliance issues surrounding the collection of personal information on the Internet and learn how you can automatically discover and assess all forms and persistent cookies across your web presence.
With the greatest shake-up of data protection regulation in a generation looming, CISOs, DPOs and IT Administrators are busy planning for the changes needed for their organisations to be compliant. But with 60% of IT executives suggesting staff as their biggest threat to adherence (Bluesource, 2017) and 90% of staff admitting to violating policies designed to prevent security incidents (BSI, 2017), have they really addressed the issue of friendly fire?
In this live, informative and interactive webinar led by Amar Singh, Global CISO & CEO of Cyber Management Alliance. A panel of data security and policy experts will discuss, why staff remain such an active threat to GDPR compliance, why policies are being ignored and how to ensure that your staff are on-board with the GDPR before May 2018.
Amar Singh, Global CISO & CEO, Cyber Management Alliance
Chris Payne, Data Privacy Expert & Managing Director, Advanced Cyber Solutions
Dominic Saunders, CTO and Co-Founder, NETconsent
Joe Lee – UK and Ireland Commercial Manager, NETconsent
The February 2018 deadline for complying with PCI DSS 3.2 is fast looming. Most of the new requirements in the latest PCI DSS guidelines are focused on the need to extend multi-factor authentication (MFA) to additional use cases and user groups within organisations who handle Credit Card Data. From February 2018 onwards, all individuals who access systems such as databases, network modules and email servers which hold credit card data will be required to authenticate themselves with MFA.
Join (ISC)² EMEA and Gemalto to learn:
- What’s new in PCI DSS 3.2
- How to effectively map PCI DSS MFA requirements to business use cases and user groups in your organisations
- Best practices for organisations that need to extend their MFA footprints to additional use cases, and for those that are starting to think about how to comply with PCI DSS’s authentication requirements.
Introduced in 2016, the General Data Protection Regulation (2016/679)—or GDPR—was created for the purpose of strengthening the European Union’s (EU) procedures and practices related to data protection. GDPR will impact organisations worldwide and implement maximum fines of up to €20,000,000 (or 4% of global turnover) if they fail to ensure compliance. Join BitSight’s Philip East and Metro Bank’s Julian Parkin as they discuss:
- The checklist organisations should review to align their business with GDPR.
- Noteworthy articles within GDPR and how they affect data governance/usage.
- BitSight’s recommendations for monitoring the GDPR alignment of third parties.
Contracting is becoming more and more popular among professionals. In this episode Travis O’Rourke, Head of Hays Talent Solutions in Canada, discusses how you can determine if contracting is the right career path for you.
For more contracting tips and careers advice, visit our blog Viewpoint: www.haysplc.com/viewpoint
From the first time that criminal charges were files against a known state actor for hacking in 2014 to the recent US Senate Intelligence Committee hearing on Russian influence on the 2016 US Election, FireEye has been integral to investigations where cyber attacks resulted in the most significant impact on governments around the world. We will highlight some of the most public investigations, look to key government leaders to understand their perspective on the impact of cyber, and lastly review the top strategic mistakes that organizations make when trying to address cyber risk.
Join this webinar to understand the benefits of a unified view of your infrastructure and comprehensive security that keeps up with changing network requirements and technologies like cloud services and smart devices.
If your processing and data is in the cloud, how can you deliver assurance, compliance and governance? How do you find the flaws and soft spots that criminals will exploit? From browser to database, through human factors and end points, this presentation will take a threat-based approach to securing the cloud.
This 3 part webinar series will give show you the 3 key pillars to achieving social success in sales. Learn how to create the ultimate profile, build a winning personal brand, create great and consistent content and build a winning strategy. The final session will be packed with the best industry tips and tricks to make social work for you.
Part 1 - Becoming The Brand & Selling YOU
You're not just selling your product anymore, you're selling YOU. More and more of your prospects are looking at your social media profiles and this will influence buying decisions. Find out the best personal branding tips and how to build a profile that will generate opportunities, not scare them away.
Securing Web Access & Protecting Data with Cloud-Delivered Enterprise Security
Increased cloud adoption, mobile device use, and the dramatic growth in the number of remote and home workers is putting pressure on existing security infrastructures.
In this environment, enterprise security teams are wrestling with questions like:
- How can I consistently enforce policies governing the use of the web and cloud?
- How can I effectively protect my users from web-based threats?
- How can I secure my sensitive data and comply with legal regulations?
Enterprises are turning to a comprehensive cloud-delivered security solution to tackle these challenges.
Join us to learn how Symantec’s Cloud Security Services can be leveraged to protect users, data and devices, addressing the challenges of the cloud generation.
Identifying effective threat intelligence is not easy. Learn what it means to have timely, relevant and actionable threat intelligence and how it can help you respond to threats quickly and decisively.
This webinar explains:
· Why do organisations require Cyber threat intelligence?
o To aid technical and business decision making
o To identify and manage risks
o To efficiently deploy capital against the threats that matter to enterprise
· The key requirements for establishing a cyber threat intelligence function
· Basic cyber threat intelligence workflows
· Resource and training requirements to support a Cyber Threat intelligence function
Technology will underpin all aspects of modern society by 2019, profoundly impacting the way people live and work. Business leaders face a stark dilemma; should they rush to adopt new technology and risk major fallout if things go wrong; or wait and potentially lose ground to competitors. Organisations that are well informed about emerging technologies and corresponding threats will be best placed to make winning decisions.
In this webinar, Steve Durbin, Managing Director, ISF, will examine the threats that organisations will be dealing with over the next two years and will provide advice on the best ways of handling them.
Policies are critical to organizations to reliably achieve objectives while addressing risk and uncertainty and act with integrity. Policies set the boundaries and expectations for behavior of individuals, processes, transactions, and relationships of the organization. High performing organization rely on policies to provide consistent behavior and outcomes. This is particularly true in privacy, compliance, and information security management. However, policies fail if they are poorly written, not understood, or are just paper documents that are not followed in the organization. This webinar delivers guidance and best practice in engaging users on policies to ensure they are clearly understood and followed.
Key takeaways from this webinar are to learn how:
User engagement is a critical part of a successful policy management system
Consistency is critical to define clear rules of approach to Policy creation
Policy awareness enable a dialogue on important issues that can typically be forgotten in a day to day running of the business
Policy management has become a critical part of organisational oversight
Cloud adoption is a reality today, every company is moving applications and businesses in the cloud to get more flexibility, agility and to potentially reduce their costs.
Security operations need to enable this transformation and help the business to activate capabilities in the cloud infrastructure. Risks exist and cannot be ignored if companies want to provide a sustainable and secure environment for themselves and their customers.
During this webinar, we will describe the main risks associated with cloud adoption and cover how to mitigate those risks.
Ransomware has been a huge talking point over the last year or so with the large scale Wannacry and Petya outbreaks that caused significant damage worldwide. The strains that are now being seen show that cybercriminals are becoming more sophisticated in order to try and bypass security controls in order to encrypt files and extort organisations for financial gain.
Unfortunately, Ransomware can enter an organisation through many vectors; including via email spam, phishing attacks, or malicious web downloads making it difficult to defend against. There is no silver bullet when it comes to Ransomware so you need a multi-layered approach, prioritised for the best risk mitigation.
Join this webinar to find out more on the history and evolution of ransomware, new ransomware techniques such as “rotating” ransomware but importantly to understand how and why threat actors utilise ransomware and what you can do to mitigate against it.
Evaluating Managed Detection and Response Vendors: Key Considerations that Cut Through the Hype
You’re fighting an asymmetric battle. You’ve invested millions in protection technologies but unknown attackers still find a way in. SIEMs and MSSPs provide event monitoring - but in 85% of incident response engagements conducted by Mandiant consultants last year, the client had an existing MSSP or SIEM.
A new class of managed detection and response services (MDR) has emerged to help organizations improve their threat detection and incident response capabilities. However, solution providers offer varied approaches and capabilities making it challenging for security leaders to understand and compare offerings.
In this webinar, you will learn:
•Why standard cyber security solutions still leave you vulnerable and why the market is transitioning to MDR
•Which capabilities are critical to improving threat detection and response
•What to consider when evaluating managed detection and response service providers
With so many high-profile cyber attacks and breaches in the news, it is no wonder security is cited as the biggest concern of storing data in the cloud. The amount of critical data being sent to the cloud is on the rise. In fact, more than half of business-critical data is likely to reside there by 2019.
Join this keynote panel of experts as they discuss:
- The state of cloud storage and security in 2017
- The biggest threats to data security in the cloud
- How organizations are solving these security challenges
- Ted Harrington, Executive Partner, Independent Security Evaluators
- Paula Greve, Principal Engineer, Data Science McAfee Labs
- Ken Hosac, VP, Cradlepoint
- Akhil Handa, EMEA Leader - Public Cloud Channel Partnerships, Palo Alto Networks
2017 has been another year of endless headlines featuring words like "breached," "hacked," and "cyberattack" – many of which were avoidable. Enforcing security policy across the legacy physical network is already challenging, and the addition of virtualized networks including the SDN and public cloud introduce new risks to organizations.
Join this webinar to learn how to avoid the headlines by making security policy continuously enforceable. Having served in network security roles at Wells Fargo, General Dynamics, St. Jude Medical, and the Army National Guard, Tufin's Senior Solutions Engineer, Christofer Sears, CISM, will share his insight garnered throughout 10 years of experience.
Key topics include how to:
• Develop and deploy an enforceable security policy
• Mitigate the inherent risk of DevOps’ CI/CD agility
• Contain malware outbreaks like WannaCry
• Effectively design implementation
• Create time for proactive security projects
Welcome to the Cloud Generation, where employees demand flexibility and access wherever they are, but can expose your most sensitive data to risk.
Distributed environments—like mobile and distributed workforces—introduce new attack surfaces that must be protected and increased use of SaaS Cloud Apps are driving the need for new compliance and security controls. The result? Security and IT teams are being forced to rethink network designs to better answer questions like:
- How do we effectively govern access to data, apps and systems?
- How can we combat advanced threats targeting our business through the web, cloud and e-mail?
- How should we secure information that is moving between our network, endpoints and the cloud?
Join Gerry as he discusses the key Cloud Generation security challenges facing Symantec’s enterprise customers and learn how Symantec’s Cloud-delivered security solutions can be used to protect users, devices and corporate data, wherever it resides.
The risk from software vulnerabilities has historically been an IT Operations concern, but no longer. A more integrated approach centralizing vulnerability data, and decision making, is necessary to provide a holistic view of organizational risk up the executive chain. The ability to prioritize asset risk, communicate with stakeholders, and make rapid, informed decisions, will be the difference between success, and failure, for many modern enterprises.
Join this live Q&A with guest speaker, Forrester Senior Analyst Serving Security & Risk professionals, Josh Zelonis and Bay Dynamics VP of Strategy, Steven Grossman, as they answer your questions and cover:
- Why is vulnerability risk management more that scanning?
- How do you prioritize risks beyond CVE and CVSS scores?
- How can a preemptive approach elevate vulnerability risk management to the core enterprise-wide risk management item it should be?
-What are the common challenges in moving to a vulnerability risk management model?
Register for this webcast for insight into the changing demands on vulnerability management programs.
Optiv will be sharing their insights on the market state of cloud security and how enterprises should bolster their security programs for the evolution of cloud. We will cover what we see in the field from the cloud security maturity state of most organizations to the IaaS/PaaS security trends that will impact your cloud deployment plans. At the end of this webinar, you will learn how you can accelerate cloud deployments securely so you gain a competitive edge in today’s market.