Hi [[ session.user.profile.firstName ]]

The Value of Vulnerability Disclosure

What is a vulnerability worth? If you are an attacker looking to launch an attack on an unsuspecting organization, your answer will be very different than the IT administrator running the organization. HP DVLabs runs the Zero Day Initiative, the industry’s leading organization for purchasing and disclosing vulnerabilities. In this unique position the DVLabs team must be keenly aware of both the black market for selling vulnerabilities and exploit information, as well as the potential costs to the enterprise affected by such vulnerabilities. Join Derek Brown, security research with HP DVLabs and liaison for the Zero Day Initiative for session on vulnerability disclosure and why it is so important to the security industry.
Recorded Mar 14 2012 43 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Brian Gorenc, CISSP, CSSLP, Security Researcher with HP DVLabs
Presentation preview: The Value of Vulnerability Disclosure

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Digitally Transform with Confidence Recorded: Jul 6 2016 23 mins
    Sue Barsamian, SVP and General Manager HPE Security Products
    In today’s increasingly connected digital world, your organization needs to adapt to how employees and customers want to use IT to do business. But to embrace innovative IT with confidence, you must protect against the threats that target people, the applications they use, and the devices and data they access. In this session, we will share how building security into the fabric of your IT infrastructure, together with giving Security Operations the tools to address threats intelligently, will enable you to power your business forward with confidence.
  • Emerging Trends in Incident Response Recorded: Jun 29 2016 66 mins
    Matt Bromiley, SANS & Mark Painter, HPE Security
    The third annual SANS survey on incident response will look at the continuing evolution of incident response, how tactics and tools have changed in the last three years and how security professionals are dealing with increasing numbers and kinds of attacks. The survey report and webcast will also look at key takeaways and recommendations for practitioners and management.

    In this session, we will look at emerging trends in addition to survey results. Attendees will learn:

    How integrated incident response tools are in the typical organization
    What impediments hamper effective incident response
    How budget allocations are projected to change over the next 12 months
    Improvements planned in the next 12 months
  • Enterprise Security: Are you wasting your money? Recorded: Jun 14 2016 43 mins
    Kerry Matre, Senior Product Marketing Manager, HPE Security & Christian Christiansen, Vice President Security Products, IDC
    Disrupt Business of Hacking

    Enterprises spend millions protecting themselves from adversaries and attempting to reduce their risk. Are their investments paying off? Hear from industry expert Chris Christiansen what organizations are doing to effectively make themselves less of a target for cyber criminals and how some enterprises make themselves an easier target for their adversaries. Gain insights on how these tactics have evolved over time and get a glimpse of what the future holds.
  • Converged Security - Protect your Digital Enterprise Recorded: May 24 2016 50 mins
    Gerben Verstraete, HPE, John Kindervag, Forrester
    Join Forrester and HPE Experts discussing why enterprise investments in security aren’t having the desired impact due to reliance on point solutions and treating security as a silo, overlay function. Find out more about how Converged Security can help overcome these challenges:

    A use-case driven approach enhancing current security practices
    Integrates with existing security methods, creating a ‘security-by-design’ solution
    Uses end-to-end collaboration to embed security throughout the IT service value chain
  • Recognizing the Collective Risk, HPE 2016 Cyber Risk Report Recorded: May 17 2016 61 mins
    Jewel Timpe, Senior Manager at HPE Security Research
    In a world where all devices now have global reach, risk is no longer contained to just one organization. Breaches now have collateral damage and legislation threatens security practitioners in unintended ways. Just as attackers continue to evolve their techniques, defenders must accelerate their approach to detection, protection, response, and recovery as we move into the concept of the digital enterprise.

    Jewel Timpe, Senior Manager at HPE Security Research, will highlight our unique perspective on the attack surface. Drawing from the latest findings from the 2016 Cyber Risk Report, this session will provide critical guidance on responding to changing technology, impending regulatory changes, and reducing security threats in an interconnected world.
  • Threat Hunting: Open Season on the Adversary. Part 1 - Threat Hunting 101 Recorded: Apr 25 2016 62 mins
    Mark Painter, HPE Security Evangelist
    Expanding on the results of the 2015 SANS Incident Response Survey, the threat hunting survey explores the uses and benefits of threat hunting. Results of the survey will be presented in a two-part webcast.

    In Part 1 of the webcast, attendees will gain insight into:

    What threat hunting entails
    What pitfalls stand in the way of attaining actionable results
    What organizations are discovering through threat hunting
  • Gamification of a Fortune 20 SOC Recorded: Apr 11 2016 61 mins
    Marcel Hoffmann and Josh Stevens
    Many Security Operations Centers (SOCs) struggle in 3 key areas when it comes to personnel: continuous training, extending retention and measuring effective KPIs. In this talk we introduce the combination of gamification, user experience and machine learning as a concept to address these 3 challenges. We plan to share our real world experience implementing these concepts for the internal SOC at Hewlett Packard Enterprise.
  • Data-centric Security Enables Business Agility Recorded: Mar 30 2016 31 mins
    Farshad Ghazi, Global Product Management, HPE Security – Data Security
    Data security is one of the most challenging areas facing IT across consumer-transacting businesses today. The mega-breaches in the news are not physical and traditional perimeter security is insufficient. Instead, cyber criminals steal business-critical and customer-confidential data through malware, hacking and attack vectors that exploit security gaps throughout the extended digital enterprise.

    The good news is there are standards-based, innovative data-centric technologies that protect sensitive data at rest, in motion and in use. Most important, implementing a data-centric security program does not hamper your organization’s ability to access, move, analyze, and use your data across platforms, to enable business success. CISO’s can mitigate risk while saying ‘yes’ to the business.

    Attend this session to gain a deeper understanding of how to get ahead of rapidly evolving cyber-threats to secure sensitive customer and corporate data across your ecosystem.
  • Cybercriminals – The Unaddressed Competition Recorded: Mar 28 2016 30 mins
    Kerry Matre, Sr. Manager, HPE Security
    We often hear that cyber criminals are sophisticated and that they are organized. But what does that mean exactly? What does it mean to our organizations? Hear how HPE is digging into the world of cyber-criminals to understand it and to disrupt it. See how these businesses are organized and when we look closely, see how they look a lot like our businesses. With a value chain that includes finance, marketing, customer and even legal functions, our approach to adversaries’ shifts from one that is basic and rudimentary to one that recognizes these organizations as competitors. We can begin to take these competitors into account when planning for future business innovations. Learn about the most valuable hacking business types, their motivations, and the weaknesses of this underground marketplace so that you can most-effectively protect your enterprise against these adversaries.
  • Best Practices to Stop Data Breaches in 2016 Recorded: Mar 16 2016 64 mins
    Albert Biketi, HPE Security – Data Security; Steve Schlarman, RSA; Charles H. “Hank” Thomas, Booz Allen Hamilton
    In 2015 around 40 percent of data breaches were the result of external intrusions, while the remainder were caused by a lack of internal controls/employee actions, lost or stolen devices/documents, and social engineering/fraud. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.
    Join this educational panel webinar to hear experts discuss how to establish a data protection plan and educate employees to maintain PCI compliance, and enforce basic security best practices and leverage technology solutions to prevent data breaches in 2016.
  • SIEM is dead. Long Live the SIEM! Recorded: Feb 23 2016 16 mins
    Michael Mackrill, Security & Intelligence Operations Consulting
    SIEMs have been around for years and many companies are wondering if they actually got a return on their investment. Meanwhile, multiple vendors are claiming that their latest tool can do everything that a SIEM can and more! Can the SIEM survive?

    We believe that the SIEM is not dead. SIEM is evolving. It must be remembered though that a SIEM is a living, breathing creature that must be cared, fed and interacted with in order to thrive. SIEMs have gotten more robust and can be used to interact with other security programs in ways that they couldn’t a few years ago. Companies need to utilize the SIEM as their central pane of glass to see the threats to their environment and use integration with other tools to help ensure the security of their electronic data.
  • Data-centric security: Enabling the new style of business in the Cloud Recorded: Feb 18 2016 33 mins
    Farshad Ghazi, Global Product Manager, HPE Security – Data Security
    Join this webinar to learn how data-centric security brings next generation protection for reducing risk and protecting sensitive information as well as your brand, while enabling Cloud business practices. We’ll discuss how we help customers “accelerate next” and neutralize the possibilities of cloud data breaches. Find out how HPE SecureData for Cloud is a game changer.
  • Best Practices to Prevent Data Breaches in 2016 Recorded: Feb 4 2016 64 mins
    Albert Biketi, Rebecca Herold, Hank Thomas, and Steve Schlarman
    In 2015 around 40 percent of data breaches were the result of external intrusions, while the remainder were caused by a lack of internal controls/employee actions, lost or stolen devices/documents, and social engineering/fraud. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.

    Join this educational panel webinar to hear experts discuss how to establish a data protection plan and educate employees to maintain PCI compliance, and enforce basic security best practices and leverage technology solutions to prevent data breaches in 2016.
  • New Frontiers in Intrusion Protection Recorded: Dec 14 2015 61 mins
    Elisa Lippincott, Network Security Product Marketing Lead
    Any organization deploying or looking to deploy an IPS recognizes that false positives are the bane of such systems, while intelligence about active and new threats is vital to keeping an IT organizations defensive posture at its utmost effectiveness and efficiency. Hewlett Packard Enterprise (HPE) TippingPoint IPS appliances inspect traffic in real time and take advantage of the latest warnings of network-based threats while reducing, and often eliminating, false positives; this webcast will discuss the technology behind the next-generation features and present the results of a review by SANS senior analyst and instructor Dave Shackleford.
  • 6th Annual Ponemon Cost of Cyber Crime Global Study Results Recorded: Dec 10 2015 45 mins
    Dr. Larry Ponemon, chairman and founder of the Ponemon Institute
    On average, the 58 United States companies participating in the 2015 Cost of Cyber Crime study lost $15 million due to cyber crime, an increase of 19 percent from $12.7 million in last year's study. And other countries are close behind. These are results from the recently completed Ponemon Institute 2015 Cost of Cyber Crime study. You know the risks, but you need the data to plan your defenses and demonstrate the cost of inaction.

    For a fuller look at these and other findings from the institute’s study, join Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, to learn:

    -What cyber crimes are most common and most costly
    -The hidden internal and external costs you incur
    -What security defenses are most effective in reducing losses
    -How businesses with a strong security posture drive down costs
  • What Are Your Vulnerabilities: A SANS Continuous Monitoring Survey Recorded: Nov 4 2015 64 mins
    Mark Painter, Security Evangelist for Hewlett Packard Enterprise Security Products
    In this webcast, a panel of peers as well as our very own Mark Painter examines the most common found vulnerabilities and ask how they’re being discovered, patched, and centrally-managed throughout the system’s life cycle. Listen to this webcast and learn best practices and advice from peers who’ve implemented or attempted to implement continuous monitoring within their organization.
  • Welcome to the new school of cyber defense Recorded: Oct 21 2015 36 mins
    Eric Schou
    The old school of cyber defense emphasized securing your infrastructure – protecting endpoints, your network, servers and inhibited data flows. But data needs to run free to power our organizations, and it's hard to protect something as fluid as data. Come see how the new school of cyber defense addresses this challenge. Join us to discover security that is agile and emphasizes protecting the interactions between our users, our applications and our data.
  • The cost of inaction—what cyber crime could cost your business Recorded: Oct 19 2015 62 mins
    Dr. Larry Ponemon, Chairman of the Ponemon Institue & Brett Wahlin, VP and CISO of HP
    Cyber Crime cost US companies an average of $15 million in 2015 – a significant increase from a year earlier. It’s a troubling trend unearthed by the Ponemon Institute’s 2015 Cost of Cyber Crime study. You know the risks, but you need the data to plan your defenses and demonstrate the cost of inaction. In this Webinar Dr. Larry Ponemon and

    HP CISO Brett Wahlin will explain how to craft an effective preemptive security strategy. You’ll learn:


    -What cyber crimes are most common and most costly
    -The hidden internal and external costs you incur
    -What security defenses are most effective in reducing losses
    -How businesses with a strong security posture drive down costs
  • Orchestrating Security in the Cloud Recorded: Sep 30 2015 63 mins
    Dave Shackleford, Farshad Ghazi, Sami Laine, Andrew Maguire and Swaroop Sayeram
    This webcast presents the results of a new SANS survey that examines organizational use of public and private clouds and seeks to determine their best practices in securing content that traverses through both ecosystems.

    Attend this webcast to learn:

    -How organizations use the cloud
    -What types of information they store in the cloud
    -What concerns they have about data security
    -How much they rely on cloud service providers and what difficulties they face
    -What security and data protection technologies they use in the cloud environment
    -How they manage cloud users
    -And much more
  • Flash Back Up - A Robust Data Protection/Security Strategy for Your Flash Recorded: Sep 17 2015 44 mins
    Mark Henderson, Storage Technology Marketing Engineer, Intel & Patrick Osborne, ‎Sr. Dir. Product Management & Marketing, HP
    Once the decision to transition from spinning disks is made, you’ll want to have a robust recovery system put in place that matches the speed, scale and efficiency that Flash gives you. In this webinar, you’ll see how you can achieve 17 times faster backup than in the past with 5 times faster restore at significantly reduced cost. But that’s not all. You’ll also discover more about E2E Data Protection, Flat Backup Snapshot Management, Remote Copy and Asynchronous Replication.
Leading Security Intelligence & Risk Management Enterprise Platform
HPE is a leading provider of security and compliance solutions for modern enterprises that want to mitigate risk in their hybrid environments and defend against advanced threats. Based on market leading products, the HPE Security Intelligence and Risk Management (SIRM) Platform uniquely delivers the advanced correlation, application protection, and data security & encryption technology to protect today’s applications and IT infrastructures from sophisticated cyber threats. Visit HPE Enterprise Security at: www.hpe.com/security

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Value of Vulnerability Disclosure
  • Live at: Mar 14 2012 4:00 pm
  • Presented by: Brian Gorenc, CISSP, CSSLP, Security Researcher with HP DVLabs
  • From:
Your email has been sent.
or close