Browse communities
Browse communities
Presenting a webinar?

This Cloud is a Smoke Screen

Dave Chronister, Managing Partner of Parameter Security
The cloud is the big thing these days. In the security world, we are concern about possible security issues, but what real world issues are we most likely to face? Parameter Security’s managing Partner Dave Chronister will discuss real world issues he has encountered over the past year. He will also discuss a 0-Day exploit that his firm discovered in a production environment which allowed them to lock out all users and gain access to all systems housed in the cloud. Dave will discuss security issues you should consider while performing due diligence on your cloud-based solutions.
Jun 11 2012
51 mins
This Cloud is a Smoke Screen
More from this community:

Mobile Computing

  • Live and recorded (1206)
  • Upcoming (23)
  • Date
  • Rating
  • Views
  • Join us this week for a special 30-minute live session on how RingCentral integrates with Zendesk for improved workflow and increased productivity.

    Tune in every Friday for RingCentral Live. We’ll tour the RingCentral interface, discuss the latest innovations and features available on the RingCentral platform, and share best practices on leveraging cloud communications for your business. This session also features a live demo of RingCentral Office and an open Q&A session led by a Sales Engineer.
  • Early on expectations from B2B buyers in their journey set the stage for marketing and sales to work together. As leads flow in, an agreed-upon plan and process should be in place for lead identification, distribution and follow-up. This optimized plan and process can make a huge difference between smooth sailing or rough seas in the next steps of the journey for the marketing and sales teams and most importantly, the buyer.

    So, what does this process look like, and how can an optimized lead process affect not only the quality of the buyer's journey, but opportunity generation? Join Isaac Payne, Marketing Operations Specialist, and Ali Gooch, Sr. Sales Manager-both of Pardot, as they explore and give us tips on how we can get the most out of an optimized lead process.
  • Gartner has predicted 18-20% growth in SaaS market, and expects it to hit US $22.1 billion by the year 2015. They have also measured that SaaS adoption rate has increased many fold in the last few years (almost 71% of enterprises use SaaS solutions).

    SaaS has come a long way from “hype” to “norm”. The key to this change is the confidence that has been built by the cloud/SaaS community by providing enterprise class security. Since, SaaS model of delivery has become a defacto standard of delivering products it’s critical for software providers to ensure that their SaaS product meets the required industry security standards. In this webinar, we will address the security aspects related to architecture, deployment and management of SaaS solutions.

    Key Takeaways:
    • Security considerations in each of the architecture layers
    • Data isolation risks and mitigation plans
    • Overview of CWE/SANS and OWASP Security threats
    • Data retention and termination policies
    • Infrastructure and cloud related security risks and solutions
  • Most two-factor authentication credentials offer high levels of security, but reduce usability; others offer limited security but are very easy to use. Risk-based authentication adds dynamic risk analysis to your authentication framework, while helping to maintain a frictionless experience for the user.

    Please join Charley Chell, Sr. Director, Security Solutions at CA Technologies to learn how you can enhance the value of two-factor authentication and strengthen the security posture of your organization with risk-based authentication.
  • There are more costs to your phone system than you think. From capital expenditures to software upgrades, your phone system could be costing you. Join Matt McGinnis, Senior Director of Product Marketing at RingCentral, as he discusses the total cost of ownership (TCO) of an on-premise phone system and how you can see up to a 70% savings on your phone bill.
  • There are more costs to your phone system than you think. From capital expenditures to software upgrades, your phone system could be costing you. Join Matt McGinnis, Senior Director of Product Marketing at RingCentral, as he discusses the total cost of ownership (TCO) of an on-premise phone system and how you can see up to a 70% savings on your phone bill.
  • Join us for a 30-minute live session every Friday, where we’ll tour the RingCentral interface, discuss the latest innovations and features available on the RingCentral platform, and share best practices on leveraging cloud communications for your business. This session features a live demo of RingCentral Office and an open Q&A session led by a Sales Engineer.

    This week tune in and learn about how RingCentral integrates with Google Gmail, Calendar, Docs and more.
  • Mobile applications, cloud computing and BYOD (Bring Your Own Device) are reshaping nearly every aspect of your business, from revenue opportunities to how and where your employees work. They’re also forcing you to reinvent your security policies. Otherwise every device, from laptop to smartphone, is a data breach waiting to happen.

    In Pulse Secure’s webinar on March 19, Senior Principal Analyst Jon Oltsik of Enterprise Strategy Group will explore the new world of mobile security:

    User role, device type, network location & factors define your new security needs.

    Creating - Enforcing - Effective network access policies for secure mobile processes.

    How top organizations are tackling mobile security.
  • Mobile apps present a unique challenge for e-commerce merchants. Not only do they need to positively engage your customers, they must also generate revenue for your company. 

    So what keeps customers happy and coming back for more? Apps that support the on-the-go lifestyle and are engaging enough to keep users interested for the long term.

    In this webinar, 5 Tips to make sure customers transact with your app, we'll provide a clear roadmap for success that focuses on specific dos and don'ts, including:

    - DO NOT be insensitive to data privacy concerns
    - Do pay close attention balancing functionality with download speed
  • Enterprises still don’t trust the cloud for their sensitive workloads. Are their concerns reasonable? Are they inevitable? In this briefing, Frost & Sullivan examines perceptions and realities associated with cloud security and recommends ways to mitigate risk.

    Why You Should Attend:
    • Understand the “risk premium” ascribed to the cloud versus the private data center.
    • Learn why the cloud requires new processes for governance and compliance.
    • Hear why traditional security approaches, such as asset protection, are not relevant to a cloud environment.
    • Understand how to build a holistic approach to cloud security.
  • Channel
  • Channel profile
  • Industrial Control Systems Cyber Security: It’s Not All About Stuxnet Apr 14 2015 3:00 pm UTC 45 mins
    Dr Damiano Bolzoni, CEO & co-founder, SecurityMatters
    Recently cyber attacks against Industrial Control Systems (ICS) used by
    utilities and other Critical Infrastructure organizations have hit the
    newlines worldwide. Stuxnet is the best known cyber attack against an
    industrial installation, but it's not the only one.

    But what if cyber attacks were not the biggest threat to industrial
    networks and systems? Although malware is still a major point of
    interest, the sword of Damocles for critical industrial networks is
    represented by system misuse performed by disgruntled employees,
    contractors and vendors, as well as unintentional mistakes,
    network and system misconfiguration; all this could lead to the
    divergence or failure of critical processes.

    In this talk we will reshape the concept of ICS cyber security and will present our vision for a comprehensive approach to cyber security for ICS.
  • All About the Thousands of 2014 Vulnerabilities - From Secunia Research Apr 14 2015 3:00 pm UTC 45 mins
    Kasper Lindgaard, Director of Research and Security, Secunia
    Every year, Secunia Research releases a review of the global vulnerability landscape, based on their large vulnerability database and data from the Secunia Personal Software Inspector (PSI) user base.

    The data in this research provides security professionals around the world with perspective on the impact and evolution of the threat landscape and what has trended throughout the year.

    In this webinar, Secunia’s Director of Research and Security Kasper Lindgaard will discuss the data presented in the Secunia Vulnerability Review 2015 and answer questions.

    The review itself is released on March 25.

    Before March 25, you can pre-register to receive a copy of the review as soon as it is released:

    www.secunia.com/VR2015

    Key takeaways:

    - The number of vulnerabilities and zero-days detected in 2014

    - How quick vendors are to respond to vulnerabilities

    - Which programs are more vulnerable

    - How products bundled with open source applications and libraries affect security
  • It Wasn't Me, It Was Bennett Arron Apr 14 2015 10:00 am UTC 45 mins
    Bennett Arron, Comedian, Author & Identity Theft Speaker
    Several years ago, award-winning writer and stand-up comedian Bennett Arron was in serious debt. He owed thousands of pounds to mobile phone companies, catalogues and department stores. Only it wasn’t him. Bennett was a victim of Identity Theft, the fastest growing crime in the UK. This theft resulted in Bennett and his pregnant wife becoming penniless and homeless.

    Years later, Bennett wrote a comedy show about his experience. The show was critically acclaimed at the Edinburgh Festival and led to Bennett being asked to direct and present a Documentary for Channel 4. The Documentary, How To Steal An Identity, was Pick of The Week in The Guardian and The Telegraph and was called ‘Fascinating and Disturbing’ by the TV Times. It went on to be shortlisted for a BAFTA.

    In the Documentary, Bennett proved the ease of ID theft, by first stealing the identities of the general public and then stealing the identity of the then Home Secretary, Charles Clarke.This action resulted in Bennett being arrested in a dawn raid by Scotland Yard and given the code-name Operation Hydrogen.

    Bennett has recently written a memoir on the subject. This book, which has received several 5 star reviews, is not only a disturbingly true yet funny account of what it's like to have your identity stolen and but also reveals the devastating consequences of making a documentary ‘in the public interest’.

    He has performed as a speaker at many corporate events around the world and he was the Guest Speaker at the International Fraud Convention in Italy, the International Congress On Anti-Fraud & Anti-Corruption in Poland (twice) and the opening keynote speaker at Auscert in Australia.

    Bennett has been called... 'A Welsh Seinfeld' by The Guardian, 'Genuinely Original and Funny' by The Times and ‘Case Number 2477419’ by The Metropolitan Police.
  • From the Front Lines: The Top 10 DNS Attacks Apr 9 2015 5:00 pm UTC 45 mins
    Srikrupa Srivatsan, Sr. Product Marketing Manager, Infoblox
    More than 75% of organizations in the U.S. and U.K. have experienced at least one DNS attack according to SC Magazine. DNS Attacks are increasing in frequency and evolving constantly. They range from common amplification, reflection, and flood attacks to more sophisticated and stealthier types. These might have fancy names like random subdomain, phantom domain, and domain lock-up, but their effects on DNS are far from pretty. Join this webinar as we reveal the top 10 attacks on external and internal DNS servers; and the impact they have on your operations.
  • Optimize Customer Signup Flows Online and in Your Mobile App Apr 9 2015 4:00 pm UTC 45 mins
    Chris Morton, President, Block Score; Lisa Aguilar, Marketing Manager, Jumio; James Bickers, Senior Editor,Networld Medi
    In today’s online and mobile environment, financial service organizations are struggling to comply with a multitude of regulatory requirements that impede online and mobile customer signups. What is the best way to signup customers while still complying with regulations and mitigating fraud?

    Join us for a live webinar, “Optimizing customer signup flows in your mobile and web channels” and listen in as experts in ID authentication and identity verification discuss various strategies that will help you:

    · Quickly and safely signup customers through your mobile and online channels
    · Remain compliant with regulatory requirements without adding additional operational overhead
    · Reduce customer sign-up abandonment

    Don’t loose another customer because you can’t offer a real-time sign-up process through your online and mobile channels. Join us and learn how to optimize your sign-up flows, and enable anytime, anywhere through any digital channel customer account opening.
  • Looking Forward to HIMSS 2015: What are the latest trends? Apr 8 2015 5:00 pm UTC 60 mins
    Lysa Myers, Security Researcher III, ESET North America
    ESET security researcher Lysa Myers discusses developments in healthcare IT system security that you may see at the HIMSS conference in Chicago next week. Find out what is being done to better protect patient data privacy and more.
  • How Mobile Data Protection Can Accelerate Top CIO Initiatives Apr 8 2015 4:00 pm UTC 60 mins
    Seyi Verma, Sr. Product Marketing Manager
    The proliferation of data on mobile devices has created huge headaches for CIOs as they attempt to protect data, stay in compliance and move workloads to the cloud. How IT approaches data protection for mobile devices can support or hinder these high level efforts. Endpoint backup, traditionally viewed as a functional requirement below the radar of CIOs, is evolving to offer not just data backup and restore, but also a modern way to address costly data governance challenges such as compliance and eDiscovery. This webcast will cover real-world case studies of Fortune 1000 companies leveraging endpoint backup solutions to gain significant business advantages including cost control, compliance and embracing the cloud.
  • ISA 62443 Patch Management Overview and Methods for Zero-Day Threat Protection Apr 8 2015 4:00 pm UTC 75 mins
    Joe Weiss, Managing Director for ISA99; William Cotter, Systems Engineering Specialist; Delfin Rodillas, Sr. Manager of SCADA
    The growing presence of widely known and used Commercial Off-the-Shelf (COTS) systems in Industrial Control Systems (ICS) provides an increased opportunity for cyber attacks against ICS equipment. Such attacks, if successful, could have severe impact to not only process availability but also safety. Patch management is one particular area of cybersecurity which requires special attention when applied to ICS. It is part of a comprehensive cybersecurity strategy that increases cybersecurity through the installation of patches that resolve bugs, operability, reliability, and cyber security vulnerabilities. The ISA-TR62443‑2‑3 technical report, developed by the ISA 99 Working Group 6, addresses the patch management aspect of ICS cyber security. Also part of an effective strategy is the use of compensating cybersecurity controls to protect ICS systems from exploits and malware in between often long patching cycles. Novel network and host based technologies have recently become available to address even zero-day threats which bypass conventional signature-based approaches.

    Attendees of this webinar will leave with a better understanding of:
    -The unique aspects of ICS that entail a different and more rigorous approach to patch management than that used in business networks
    - An overview of the ISA 99 standards efforts with detail review of the main aspects of the ISA-TR62443-2-3 Technical Report on Patch Management in IACS
    - Advancements in compensating cybersecurity controls for protecting systems from zero-day threats
  • Why DDoS Makes for Risky Business – And What You Can Do About It Apr 8 2015 3:00 pm UTC 60 mins
    Dave Shackleford, IANS Lead Faculty and Tom Bienkowski, Director of Product Marketing
    Despite years of headlines, and countless examples, many organizations are still under the impression that DDoS attacks are a problem for somebody else (i.e. their ISP), or that it’s a problem that can be defended using an existing on-premise security solution, such as their firewall or IPS. In a risk obsessed world, these organizations are ignoring the very real likelihood of becoming a target for DDoS attacks, along with the severe operational and business consequences of falling victim to an attack.

    It’s time to debunk some misconceptions about DDoS.

    Attend this webinar to learn:

    - Why a single layer of DDoS protection isn’t enough
    - How the impact of a DDoS attack is significantly more costly than protection options
    - The correlation between DDoS attacks and advanced threats revealed in our latest research and how both are used during multiple phases of an advanced threat campaign.
  • Your organization has been breached, now what? Mar 31 2015 5:00 pm UTC 45 mins
    Dal Gemmell, Director of Product Management and Steve LaBarbera, Director of Security Solutions, SentinelOne
    Unfortunately, there is a high likelihood that organizations will suffer a breach by advanced malware. Learn how to minimize response time through real-time forensics to understand the scope of compromise including:

    - Identifying attacked endpoints
    - Finding indicators of compromise
    - Analyzing malicious activity
    - Tracing outbound communication, and more
  • UTM + USM: All you need for complete Threat Management Mar 31 2015 4:00 pm UTC 45 mins
    Patrick Bedwell, AlienVault; Neil Matz, Fortinet
    Did you know the average breach goes undetected for 229 days? The earlier you can detect and respond to a breach, the faster you lower the risk and potential damage. Traditionally, companies have implemented a number of point solutions to for each new threat, an expensive and cumbersome approach. However, by combining threat protection from Fortinet with threat detection and response from AlienVault, companies now have an affordable way to significantly reduce the cost and complexity of complete threat management.

    Join threat experts from AlienVault and Fortinet for this webcast to learn how this integrated solution will provide:

    · Continuous threat prevention, detection and remediation in an easy-to-use solution

    · The ability to identify all critical assets and the potential attack surfaces in your network

    · Advanced analysis of FortiGate logs for threat identification and response through AlienVault USM

    · Simplified protection of your network with ONLY two products, at a price you can afford

    · Continual improvement of your security posture through frequent assessment.

    · Integrated threat intelligence that maximizes the efficiency of your security monitoring program
  • Bridging the Trust Gap for Identity Services Based Market Growth Recorded: Mar 30 2015 48 mins
    Joni Brennan, Executive Director, Kantara Initiative
    In the age of digital transformation trust is key to the growth of services in both the public and private sectors. With more and more services evolving and innovating around digital identity there is a universal need to bridge and balance business incentives with government requirements. At Kantara Initiative we see the transformation cycle as a 4 stage process: strategy setting, innovation, deployment, and assurance. Few, if any, organizations can succeed at all of the strategic stages of change and innovation in isolation. We invite you to join us to discuss how trust frameworks will evolve to bridge the digital transformation of identity assurance.
  • Insights From CyberEdge’s 2015 Cyberthreat Defense Report Recorded: Mar 27 2015 44 mins
    Steve, CEO, CyberEdge Group
    CyberEdge Group, a premier information security research firm, recently announced the results of its 2015 Cyberthreat Defense Report. Designed to complement Verizon’s annual Data Breach Investigations Report, this report provides a 360-degree view of organizations’ security threats, current defenses, and planned investments. Over 800 security decision makers and practitioners from across North America and Europe were surveyed in December 2014. Attend this insightful webinar to learn:

     How many were affected by a successful data breach in 2014
     How many think they’ll be victimized in 2015
     What portion of IT spending is dedicated to security
     Which cyberthreats concern security professionals the most
     Which security defenses are present or planned for acquisition
     Plus two dozen additional insights from security professionals just like you
  • A Zero-Day Agnostic Approach to Defending Against Advanced Threats Recorded: Mar 26 2015 51 mins
    Eric Hanselman, Chief Analyst, 451 Research & Dave Karp, VP Technical Enablement, Digital Guardian
    As organizations work hard to ensure complete anti-malware coverage on desktops, servers, and at the perimeter, attackers are already moving on to techniques completely outside those detected by traditional security tools. Enterprises must consider alternative approaches to defending their infrastructure and turn their focus to tools, products and techniques that approach security in new and different ways.

    In this webinar, Eric and Dave will discuss:

    • How the volume of system alerts from Network Security solutions are creating lots of noise but lack context to focus on the real threats facing your data
    • How to stop advanced threats – with no advance knowledge of the tools or malware – by following the attack sequence
    • Why bridging the gap between system security and data protection is the key to stopping ever increasing sophisticated attackers from stealing your data
  • New Attack Intelligence Capabilities Coming Soon - Get a Sneak Peek! Recorded: Mar 26 2015 48 mins
    Todd Harris, Director of Product Marketing; Ray Suarez, Director of Product Management, Core Security
    Attackers always have a goal in mind and it’s up to you to understand how they will get there. But how is that possible when there is simply too much data to sort through and act upon?

    The upcoming release of Core Insight 4.5 adds new attack intelligence features to consolidate, normalize, and prioritize vulnerability management initiatives enterprise-wide. These features allow users to reduce the noise from scanners by more than 90%, so that you can focus on the most critical threats.

    Join us on March 26, 2015 at 1pm ET to get a sneak peek and live demo of Core Insight 4.5. Hear about new features such as:

    - User customizable and flexible reporting
    - Centralized asset store for extended scalability
    - Enhanced exploit matching and filtering
    - Interactive and adaptive attack paths
  • See something say something: A humanistic approach to security intelligence Recorded: Mar 26 2015 25 mins
    Ronnie Tokazowski, Senior Researcher and Shyaam Sundhar, Senior Researcher, PhishMe
    Attackers are constantly trying to find new exploits to penetrate network defenses and bypass security controls. In 2014, Mandiant’s M-Trends report indicated that it takes an average of 229 days to detect the presence of a threat actor on an enterprise network. Organizations are starting to realize that the evolution in technologies alone cannot stop such incidents, as the actors continue to change their tactics.

    Organizations need to consider supplementing their security technologies and processes with their people. By leveraging employees as human sensors, we not only adopt “see something, say something”, but we are able to add an extra layer of defense and exponentially reduce detection time as well.

    In this webinar, PhishMe’s Senior Researchers Ronnie Tokazowski and Shyaam Sundhar will discuss:

    • Engaging human sensors as a layer of defense
    • Utilizing user reports to detect malware
    • Real use cases of user detection within our enterprise
  • From the SOC to the BOD: The Board’s Role in Cyber Security Recorded: Mar 26 2015 48 mins
    Donna Dabney, Executive Director of The Conference Board Governance Center; Bill Ide, Partner at McKenna Long & Aldridge
    As major breaches cause financial and reputational damage to businesses across all industries, there is a push for cyber security to become a board level issue. A recent survey from BDO International found 59% of board directors have become more involved in cyber security within the past twelve months. But how can board members unfamiliar with the ins and outs of network security effectively manage these risks?

    Join BitSight’s VP of Business Development, Jacob Olcott, Partner at McKenna Long & Aldridge, Bill Ide and the Executive Director of The Conference Board Governance Center, Donna Dabney on Thursday, March 26 at 11:00am EDT for an online roundtable discussion on board involvement in cyber security. The panelists will discuss how both security leaders and board members should approach the communication and management of cyber risks in the enterprise.

    Attendees will also learn:

    - What cyber security metrics are most important for the board
    - Methods for security leaders to communicate cyber issues across the enterprise
    - How BitSight’s platform enables communication on security performance throughout the enterprise
  • DNS Security: Safeguarding Your Online Presence Recorded: Mar 25 2015 19 mins
    Reynold Harbin, VP Product Management, Neustar; Rob O'Regan, Sr Digital Content Strategist, IDG Strategic Marketing Services
    Cyber security threats are persistent and constantly evolving. A vulnerable website puts a business’s reputation – not to mention its revenue – at risk. In this webcast, Reynold Harbin, VP of Product Management for Neustar, discusses exclusive new IDG research about DNS deployments, the importance of robust DNS security, and the best way to defend against a rising tide of threats.
  • Assessing Cloud Apps Risk Recorded: Mar 25 2015 27 mins
    Chris Hines, Product Marketing Manager, Bitglass
    Mirror mirror on the wall who's the riskiest of them all?

    It's no secret that companies are adopting cloud applications like Office 365, Google Apps, Dropbox and Salesforce to help improve their business. With the cost savings and increased scale and efficiency of the cloud, who could blame them? But what some companies tend to overlook is that there is a level of risk when it comes to each of these apps, and that it can differ based on each company's use case.

    Do you know what cloud applications are running in your infrastructure today? How about the ones putting your sensitive data at the most amount of risk? Do you have a way of finding out?

    In this webinar Chris Hines, Product Manager at Bitglass will teach you what's necessary when it comes to determining your company's riskiest cloud applications.
  • Content is Still King – How to Choose a Secure Collaboration Castle Recorded: Mar 25 2015 48 mins
    TJ Keitt, Senior Analyst, Forrester Research and Peter Brown, Director, Product Marketing, Intralinks
    The continued growth of the business networks that employees, partners and customers use to share information is driving the need for collaboration tools that are available beyond firewalls, on any device. With the cloud emerging as the preferred place for these technologies, and a crowded landscape of potential vendors, how can your organization make the right choice?

    Join Forrester Research Analyst TJ Keitt and Product Marketing Director Peter Brown of Intralinks as they review:

    - The emerging types of cloud collaboration technologies and the key considerations to think through
    - The inherent value in having a collaboration platform that connects people to information
    - How to align the organizational need to collaborate while keeping information secure at every touchpoint
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: This Cloud is a Smoke Screen
  • Live at: Jun 11 2012 8:00 pm
  • Presented by: Dave Chronister, Managing Partner of Parameter Security
  • From:
Your email has been sent.
or close
You must be logged in to email this