Code Signing and How it Helps Prevent Malware AttacksRead more >
Billy Rios caused a stir at the recent Black Hat event when he demonstrated a hack that exposed vulnerabilities in a medical device that had the ability to impact patient safety. He now joins Mike Nelson to discuss the state of code signing with medical device manufacturers and what can be done to secure these critical devices.
- Code signing basics
- What are the risks of not doing code signing?
- What are the regulatory bodies doing, or not doing, to promote the use
of code signing
- What system requirements are needed to get started?
- Live Q+A
Learn how to manage your Code Signing certificate using the Symantec Trust Center.
You'll get step-by-step instructions and quickly learn:
- How to manage your Symantec certificates from one account
- How easy it is to now install your certificate
This is the perfect session for getting started. You’ll get to see how to do everyday tasks and ask questions to our Symantec Code Signing expert, so you can manage your certificates with confidence.
With the explosion of connected objects and mobile devices, publishing or sharing software - even internally - has become a real challenge for companies with a coding activity. In this webinar, we will explore the code signing threat landscape and share our best practice and solutions to all your code signing needs. You will learn about:
- the value of code signing today and the new code signing use cases in the world of IoT
- the risks associated with traditional code signing: key management, auditing and reporting, multitude of signing platforms and files, compliance, embedding in the development process, etc.
- the security and development costs to take into account
- how to transition from a traditional to a next generation code signing activity thanks to Cloud based signing
Advanced persistent threats (APTs) like Stuxnet and Duqu have caused many software-producing organizations to re-examine their code signing operations – specifically the security of private signing keys that underpin the integrity of the entire process. What many don’t realize is that they can both increase the assurance level of their code signing AND simplify and automate their code signing workflows at the same time!
Join Thales security expert Peter DiToro on April 24, 2012 at 2:00pm EST for an informative session where you will learn how to:
• Provide high assurance protection for private code signing keys and digital signature operations
• Automate and simplify code signing workflows in multi-workstation environments
• Apply cryptographic best practices to significantly reduce the risk of malicious software alteration and protect your brand.
Harmful code is today a real threat to users and organizations alike. Criminal groups and even governments increasingly use malicious software to steal, manipulate, and monitor data, to export money, or empty bank accounts. An efficient way to prevent this, to protect your intellectual property, and brand equity is through code signing. That is why the solution today has the attention of the business owner and developer community worldwide. However, code signing requires not only signing keys to be robust, but also to be stored securely. With the use of a hardware security module (HSM), you can manage the risk of having critical code signing keys stolen and your security compromised. In this webinar, PrimeKey a leading provider of PKI and signing solutions, together with Thales eSecurity, a leader in HSM technology, will take you through the world of safe code through proper code signing.
Join this webinar to learn how to:
• Achieve trusted and secure software distribution using PKI and HSMs
• Take advantages of server-side signing with central key management
• Support multiple code signing needs, drivers, firmware, and formats
(Microsoft, JAR, P#1, P#7, CMS etc.), in one single installation
• Integrate with existing build and distribution processes for automation
• Deploy best practices for code signing solutions and improve security
Join us to learn about Symantec Secure App Service - a better way to sign code and secure applications.
Traditional code signing provides a way for software publishers to assure their customers that the apps and files they have downloaded are, indeed, from them and have not been tampered with. Unfortunately, inadequate controls around this process can lead to malware propagation.
Compromised certificates make news headlines and can lead to poor reputation for your company, and revoking these certificates could result in your distributed applications to suddenly appear as untrusted.
Symantec Secure App Service is a cloud-based code signing and management solution with a complete range of services to help enterprises control and secure their code signing activities and keys easily. Services include vetting and approval of software publishers, code signing, key protection and revocation, administrative controls, reporting and audit logs.
The number of machines of all types – from containers, to cloud, to IoT – is on the rise. The identities of these machines – SSL/TLS, SSH, and code signing keys and certificates – control encryption, authentication, and code execution; powerful security controls too often left unprotected. Compromise, misuse, and fraud of machine identities are already prime attack vectors for hackers
As attackers look for ways to evade network monitoring, behavioral analytics and tighter privileged account security controls, they are finding hijacking machine identities to be incredibly effective and lucrative. The stage is set for a dramatic escalation of these attacks in 2018. Are you prepared?
Attend this session to learn:
• The top four machine identity attacks targeting your organization in 2018
• How SSL/TLS, SSH, and code signing keys and certificates are left unprotected
• Why most organizations are not prepared to defend against them.
• Three things your organization can do today to protect machine identities and prevent attacks
Learn how to manage your Code Signing certificate using the new Thawte Certificate Center.
The new Thawte Certificate Center includes:
- Simplified certificate installation and retrieval process
- Greater savings on new 3-year term code signing certificates
- HSM (Hardware Security Module) support
This is the perfect session for getting started. You’ll get to see how to do everyday tasks and ask questions to our Thawte Code Signing expert, so you can manage your certificates with confidence.
In your eco-systems with apps across numerous platforms, and where you possibly are fielding millions of IoT devices, preventing mistrust, and avoiding damaging malware targeting your customers is priority one. We will talk about challenges of remediation when things go wrong, and suggest some solutions to the complexities of managing code-signing and keys at scale.Read more >
An application program interface or API is critical to making mobility work in the enterprise.
Mobility has grown in isolation from other aspects of corporate IT infrastructure. It evolved at a different pace, requires a different toolset, and is not yet uniformly adopted throughout organizations. When mobility is isolated and needs to be administered differently, it adds complexity to IT management and does not allow the enterprise to realize the full ROI of mobility. A comprehensive set of APIs is the key that will resolve these pain points and result in an open and extensible enterprise mobility management.
Watch this on-demand webinar to learn how enterprises are leveraging app management APIs to extend and integrate the capabilities of mobility management solutions based on their specific business needs. Senior Director of Customer Success, Robert Lacis, and Product Manager, Magnus Mjøsund, provide an overview of Apperian’s API Platform and explore the integration possibilities with enterprise business analytics and intelligence platforms such as Tableau.
APIs that will be covered include:
- Reports API
- Publishing API
- Signing API
- App Catalog API
- User and Group API
•SaaS is becoming the dominate platform of choice for customers in many areas – including IT Service Management (ITSM). If your service management team is evaluating ITSM solutions in the cloud then you must know what are some the important criteria and topics to evaluate before signing that contract for ITSM SaaS. Senior Forrester Analyst, Amy DeMartine, will share with you what you and your team need to consider and answer questions to help you avoid the pitfalls of moving your ITSM implementation to the cloud.Read more >
The Open Build Server is a cross-distro, multi-architecture platform for building packages from source code into native package formats for a wide number of Linux Distributions. From a single source tarball or source repository like git, you can create rpm and deb packages for all major Linux distributions on all supported hardware architectures. This presentation will first outline the major features and explain how various distros are supported. The latter part of the presentation will show a live demo of creating a package and showing the various build steps and QA checks integrated into the system. The latter part of the demo will show the gpg signing, publishing and automatic repository creation - allowing end users to consume packages using the default package management tools for their distro. The presenter has been using OBS since 2006.Read more >
Amazon’s S3 (Simple Storage Service) is recognized as the de facto standard interface for interacting with object stores. Deploying an object solution at scale requires rich and robust security that both protects data on the infrastructure and ensures only the right level of access is granted to end users. Join us for the second of our S3 webinars, when we discuss all things security related. You will learn:
- Accessing S3 resources using access keys and signing.
- How to use Identity and Account Management.
- Supporting external users.
- Using code to manage access permissions.
- How data is protected in-flight and at rest.
- Encryption choices; using S3, Key management or customer supplied keys