Cyber Thursday is a regular monthly broadcast video which provides an update on the latest development in the field of Cyber Security. Every second Thursday of the month the programme will feature a number of contributors and panellists from both within Palo Alto Networks and third party thought leaders from the Security Industry.
This first edition will focus on Next Generation EndPoint Security Solutions and the challenges that organisations face when a breach occurs. Among the things we will discuss are:
- what we mean by endpoint
- how come attacks go through despite all measures
- what happens after a breach
- what are the big challenges in endpoint protection and any specific to EMEA
- what are the changes coming up
- the big threat of ransomware
A maturing information security field and more sophisticated cyber-attack capabilities demands skilled information security professionals who are increasingly scarce. Cybercriminals are increasing in numbers and deepening their skillsets. The ‘good guys’ are struggling to keep pace. Where will these resources and skillsets come from? Organizations need to build sustainable recruiting practices as well as develop and retain the talent they already have to boost the organization’s cyber resilience.
Businesses must prepare to build information security capabilities across the organization and position the executive team to recognize and retain talent, both those who have come up through the ranks and newer employees who have worked in a digital environment and business roles. Moving forward, there will be a need to be more aggressive about getting the skill sets that the organization needs. While the industry continues to attract the right level of interest, as a whole, the industry must realize that there is a skills gap problem that needs to be resolved.
- Greg Reber, CEO, AsTech
- Bret Fund, CEO, SecureSet
- Dan Lohrmann, CSO, Security Mentor
Faster time-to-market and business value driven application functionality are the biggest drivers for DevOps. With DevOps, more frequent releases require shorter development and test cycles creating a higher risk of breaches exploiting the application layer. The last couple of years have shown business value can take a significant hit with security breaches. Building security features at the speed of DevOps, and reducing risk with the right security architecture, processes, and collaboration is key to staying in business. This is the genesis of DevSecOps.
In this Webinar, Derek Brink from Aberdeen Research describes how the shift towards rapid application delivery methods creates new opportunities for improving application security and reducing risk. MicroFocus’ James Rabon (Product Manager, Fortify Software Security Center and Tools) and Paladion's Vinod Vasudevan (Co-founder and CTO) discuss how MicroFocus and Paladion are helping customers integrate security and compliance into DevOps processes.
Key Takeaways from the Webinar:
- Trends in application delivery: from waterfall, to Agile and DevOps
- How characteristics of Agile, DevOps provide a high-level blueprint for what application security in that environment should look like
- Capabilities you should be looking for to improve application security at the speed of DevOps
- How to adopt non-disruptive and continuous application security processes
- Bringing in around-the-clock security monitoring for cloud assets
The cloud and mobility have fundamentally changed the IT landscape. Both apps and users have left the network, however traditional security has struggled to keep pace. Developing a strong cloud security strategy is important to help restore visibility and reduce risk, but what is the best approach? While there are many opinions and perspectives, the best security strategy starts in the beginning with the proper architecture. Join this webcast to hear:
- 5 key architectural requirements your cloud security strategy can’t live without.
- What core building blocks you need to enable and secure your users and apps
- Learn how leading enterprises are transforming their security to cloud
Steve House is a seasoned Product Management leader with over 20 years of experience in the networking and security industries. During that time, he has worked for multiple market-leading organizations including Zscaler, Blue Coat Systems, Packeteer and CacheFlow where he has a consistent track record of helping them innovate and grow their market share.
At Zscaler, Steve leads the Product Management team responsible for driving product strategy and execution. Steve’s goal is to help the company through its next phase of growth becoming the standard Internet security platform delivered as a service to any user on any device in any location. Steve holds a Bachelor of Science in Electrical Engineering from Duke University.
For more questions about Zscaler, go to www.zscaler.com
In cyber security the strategic goals are often clear, while the methods to achieve those goals is anything but. This webinar introduces Damrod’s Cyber Strategic Framework that applies military analysis to cyber security challenges. Aimed at security teams trying to implement high level goals in the real world, this talk focuses on effects based planning that integrates disparate elements of IT and security into a cohesive package. Defending the network is about more than technology. Analysis and leadership are critical elements of an effective cyber defense. You will leave this webinar better equipped to develop the tactics that make strategy a reality.
About the Presenter:
Griff is trained as a Canadian Infantry Officer and is a holds a Master’s Degree from the LSE. Unable to find “real” work, he got into software development as a Scrum Master, leading the development of a web based application. This experience fostered an interest in cybersecurity, and Griff went on to a boutique start-up providing application security to Fortune 500 companies. Frustrated by the disconnect between technologies and poor analysis within cyber security, Griff founded cyber defense firm Damrod Analysis in 2017.
VMware transforms security by providing a ubiquitous software layer across application infrastructure and endpoints, maximizing visibility and context of the interaction between users and applications, aligning security controls and policies to the applications they are protecting, and enabling the insertion of third-party security services for additional intelligent protection.Read more >
Join 451 Research and SecureAuth+Core Security for a peek into the emerging trends in cyber security and identity in 2018. Register today and learn how these trends will impact your strategy, organization, and job in the coming year.
Security experts Garrett Bekker, 451 Research and Chris Sullivan, SecureAuth+Core Security will share insight on these trends and more:
•Why network-based approaches to security are no longer sufficient in the age of cloud and IoT
•Why identity is the new gating factor for access to sensitive resources
•How various methods for securing cloud resources – CASB and IDaaS - need to converge
•The need for risk-based approaches to authenticating users – and machines
Three major trends define the Cloud Generation chaos that organizations face today. They are 1) Use of cloud applications, 2) An increasingly mobile workforce accessing these cloud applications from outside the perimeter and 3) Use of both corporate owned and BYO devices (PC, Mac and Mobile).
On the other hand, the threat landscape is constantly evolving with adversaries taking advantage of these trends to attack organizations with ransomware, targeted attacks and mobile malware.
Existing solutions from the industry have been largely a mixture of disjointed point products to solve these problems piece meal. All of these have led to operational complexity for Organizations who face a severe shortage of skilled IT security personnel.
Attend this webinar and learn how endpoint security can solve these problems while increasing operational efficiency and lowering total cost of operations with a single agent architecture.
In addition, Symantec will discuss how the latest evolution of Symantec Endpoint Security can:
-Turn the tables on attackers by exposing intent and delaying their tactics using deception techniques and proactive security
-Expose, investigate and resolve incidents including file-less attacks with integrated Endpoint Detection and Response
-Harden environments against cyber-attacks with complete visibility into application attack surface and isolating suspicious applications
-Extend advanced security to mobile devices to protect them from network based attacks and OS/App vulnerabilities.
Asia Pacific has recently seen numerous changes to legislation and regulations as governments attempt to come to grips with the risks posed by cyber security breaches. In particular, the strengthening of data privacy laws which are increasingly requiring organizations to disclose, within a short time-frame, when they become aware that personally identifiable information belonging to customers or employees has been exposed. The associated heavy penalties are driving more and more companies to take proactive measures. Then there are the regulators (notably in the financial world) who are driving requirements for self-testing of cyber security with a focus on the ability to quickly recover from and remediate a cyber incident. Join Paul Jackson as he discusses the latest development of the privacy and cyber security field in Asia, and the best approach to mitigate these risks.Read more >
The year of 2018 may very well be the year of ‘smart malware’. As sophisticated threat-actors continue to bolster their toolkits, it is only a matter of time before we see weaponized AI targeting our organizations. Simultaneously, cyber security companies are racing to implement new AI technologies into their cyber defense strategies. We now find ourselves in an AI arms race. Defenders and attackers alike are rushing to stay one step ahead before machines fight machines on the battleground of corporate networks.
Amidst this new threat landscape, cyber defense has become a confusing terrain to navigate. What are the actual risks of AI-based attacks? What would an AI attack look like? And how can effectively implementing AI proactively defend against this new era of threat?
Join Dave Palmer, Director of Technology at Darktrace, on February 22nd at 9AM PST for a discussion on how AI will shape the next age of cyber defense.
In this webinar, you will learn:
•How AI will enhance the sophistication of cyber-threats
•Why organizations should prepare for AI-based attacks
•How cyber security companies are responding to advances in AI
•How Darktrace has leveraged AI to spearhead a fundamentally new approach to cyber defense
Part 4: Respond – Damage control by Michael Montoya [Executive Security Advisor, Enterprise Cybersecurity Group (ECG), Microsoft Asia]. Michael shares advice on a few ways to prepare for your response on cyber attacks to prevent your organisation from unneeded disruption with discussions on assume breach, managed hunting and incident response process.Read more >
Steve Bongardt, retired FBI agent, took time out recently to talk to Amar Singh from Cyber Management Alliance as part of their exclusive Insights With Cyber Leaders series. Steve opened up about his early career in the Navy and multiple applications to become an FBI agent, the impact of cyber security on his time as an agent, and one of his favourite interview tactics that he likes to use on potential employees.Read more >
Offering organizations of all sizes the benefits of agility and scalability, the adoption of public cloud continues at a pace rivalled only by that of the early days of the Internet era. As was the case then, the speed of adoption often means that “good enough” security is viewed as acceptable. With the underlying premise that the public cloud is someone else’s computer, and an extension of your network this session will cover public cloud security concerns, what the shared security responsibility model really means and recommendations for protecting your public cloud workloads and data.Read more >
When planning a go-to-market strategy, it’s common practice to build detailed marketing and sales personas for key security individuals such as the CISO, the IT administrator, the developer, and the end user. Each of these roles has different needs and priorities when considering a security tool, and sales strategy recognizes the need to address each of them. Organizations have different types of business drivers, priorities, constraints, and capabilities as well: for example, an 80-year-old manufacturing company may not care what cute new IoT ideas you might have.
These organizational personas must be considered when searching out peers for benchmarking. Security decisions made only by looking at other companies in the same industry doesn’t provide enough data, because there are many other variables that come into play. Building a security anthropology model for comparing organizations provides more context to better design products and services to align with their needs, while helping the security community speak the language of the users it’s serving. Join us for a discussion on how we can excavate a better approach with Wendy Nather, Principal Security Strategist at Duo Security.
Wendy Nather is a former CISO in the public and private sectors, and past Research Director at the Retail ISAC (R-CISC) as well as at the analyst firm 451 Research. She enjoys extreme weather changes while shuttling between Austin and Ann Arbor.
This case study examines how a major NHS organisation used Richard Thaler’s Nudge strategies to redirect employee behaviour and create a culture of cyber vigilance.
Join this webinar presentation to learn:
- Key lessons on the value of micro-marketing
- Lessons from cybernetics
- The value of cyber resilience in healthcare
About the Presenter:
Robin Smith is a former cybersecurity lead analyst in UK Police Service. He has authored four books on cyber security and is currently working on a documentary feature examining the impact of cyber-crime on society for release in 2018. He has previously worked in UK health sector, telecommunications and was formerly a lecturer at Loughborough University in Information Risk Strategy.
Data breaches, cyber-attacks, security lapses and new regulations have made IT security more challenging than ever now that every organization has gone digital. IT teams are struggling with points solutions, as the traditional security approach no longer works. Explore how VMware makes cyber security intrinsic with a footprint throughout IT organizations with a security solution that includes products such as Workspace ONE, AirWatch, Horizon, NSX, AppDefense, vSphere, vSAN and vRNI that simplifies and consolidates IT security. Also, learn about what’s new with NSX and our newest security solution AppDefense.
Technical Demo’s will include looks into the Horizon with NSX solution, and how it interacts with 3rd party solutions such as Trend Micro’s Deep Security to automate security processes. You will also get a look into the vRealize Network Insight tool, and how it is helping our customers operationalize these new security models, maintain operational visibility into the network, and ensure best practices and health of the networking and security services.
The systems that connect our lives like financial institutions, and transportation - are all dependent upon the internet. Building resilience in critical infrastructure is crucial to our national security. Join us as we examine cyber security in relation to keeping our traffic lights, running water, phone lines, and other critical infrastructure secure. It also facilitates the transition to November's Critical Infrastructure Security and Resilience Month (CISR), highlighting the tie between cybersecurity and our nation's critical infrastructure.Read more >
Increasingly sensitive school and local government data is being targeted by cyber criminals. In 2016, there was a startling 40% growth in data breaches, with over 172k records exposed in the US.
Join Presidio on December 19th for 30-minute webinar:
• Understand how cyber criminals are approaching their targets
• Discover how phishing, hacking and selling info in the black market works
• Learn valuable tools and strategies to secure private information from cyber criminals
About the Presenter: Alpesh Shah is the Practice Director and Cyber Security Solutions Architect Manager at Presidio. He supports both fortune 500 companies and government agencies in designing leading edge, complex and enterprise level cloud and security solutions. His passion for information security encouraged him to obtain several technical and business level certifications like CISSP, CISM, CEH, CHP, Security+ and ITILv3. With over a decade of experience in the IT industry, he specializes in managed security solutions, threat and vulnerability management, governance and compliance (HIPAA, PCI, FEDRAMP, ISO 27001, NIST), Disaster Recovery and Business Continuity Planning amongst other areas.
Cyber attacks are as unique as the attackers behind them and the organizations they target: both attackers and the organizations they target have different objectives. Analysis of attack trends can help determine where security efforts should be focused to prepare for the most common attack types and protect from the highest risk.
In this talk we will walk through the latest data from NTT Security’s Threat Intelligence Reports to show the most common threats facing organizations in various sectors and geographies today.
The new 2017 Gartner Magic Quadrant for Web Application Firewalls (WAF) is based on detailed responses to questionnaires from experienced Web App Firewall customers. Attend the webinar and hear the experiences of major customers who participated in the Gartner MQ for WAF research and how they implemented web app firewall to protect their applications and critical data.
This webinar will cover:
* Detailed results and considerations of the report
* Effective deployment options to meet enterprise demands
* Success stories and implementation options you can leverage within your own environment
Join us to hear Morgan Gerhart, Vice President of Product Marketing at Imperva, discuss the Gartner MQ for WAF with:
*Rob McCurdy, CIO of Michigan State University
*Darío Eduardo Herrera Yáñez, CTO of Sm4rt Security Services
New cyber risks and threats are emerging at a pace faster than ever before. How are cyber risks evolving, and which risks can be managed through cyber insurance?
We’ll address these questions – and dig a bit deeper into the state of the cyber insurance market and the role of cyber insurance in your overall cyber risk management strategy. Cyber risk can’t be eliminated – it must be managed.
About the Speaker:
Susan Young is a Senior Vice President and advisor with Marsh’s
national Cyber & E&O Practice (part of Marsh’s Financial & Professional Liability Practice, FINPRO) in the Seattle office. She is primarily focused on cyber /security & privacy risk, media liability, and technology errors and omissions.
This session will look at the changing threat landscape and share intelligence insights and practical approaches to combat threats and help your organisation stay safe.
Nick Coleman is the Global Head of Cyber Security Intelligence Services at IBM. Previously he was National Reviewer of Security for the UK Government. He is an appointed advisor to the Executive Director of the EU Cyber Security Agency ENISA serving on the Permanent Stakeholders Group. He is an Honorary Professor at Lancaster University. He is a Fellow of the Institution of Engineering and Technology and a Fellow of the British Computer Society. He also holds an MBA with Distinction.
Brought to you by:
Davenport Group & Arctic Wolf Networks
Ben Bitterman, Account Executive, Arctic Wolf Networks
Bryan Van Den Heuvel, Systems Engineer, Arctic Wolf Networks
Today’s IT landscape is quickly evolving and elevating the need for security expertise. Organizations are becoming more at risk to cyber attacks and phishing scams because of their clients, intellectual property, and sensitive nature of their data. Recent cyber attacks like Petya and WannaCry demonstrate how business can be brought to a grinding halt by encrypting business critical data if you are not diligent with your security posture.
During this webinar, you’ll learn why a robust Security Operation Center-as-a-service with human augmented machine learning and 24x7 network monitoring is critical to bolster your firm’s defenses against the most advanced of threats.
Specifically, you’ll hear how you can:
- Augment your existing IT operations with a cloud-based service that isn’t costly, complex, or time-consuming
- Significantly reduce the time it takes to detect and respond to advanced threats
- Take advantage of timely and actionable security intelligence without the noise of endless false positives
- Benefit from security reporting and monthly external vulnerability scans
Part 2: Protect - Platform Security by Wee Yeh Tan [Enterprise Security Executive, Enterprise Cybersecurity Group (ECG) Microsoft Asia]. Learn the 4 steps to protect yourself against cyber attacks through identity management, device security, phishing attacks and protecting data.Read more >