Cybersecurity disasters dominated the news in 2017. WannaCry alone bashed hundreds of thousands of targets. Now is the time for CIOs and CSOs to scrutinize multiple components of their security because, let’s face it, attackers are busy working up new creative ways to hijack your data in 2018.
Attend this webinar to learn what it takes to build an in-depth defense. This straightforward presentation will cover:
• Security KPIs with risky validation processes (far more common than you think)
• A checklist of security points that need tight inspection (and where to drill down)
• New security services that streamline the process
Faster time-to-market and business value driven application functionality are the biggest drivers for DevOps. With DevOps, more frequent releases require shorter development and test cycles creating a higher risk of breaches exploiting the application layer. The last couple of years have shown business value can take a significant hit with security breaches. Building security features at the speed of DevOps, and reducing risk with the right security architecture, processes, and collaboration is key to staying in business. This is the genesis of DevSecOps.
In this Webinar, Derek Brink from Aberdeen Research describes how the shift towards rapid application delivery methods creates new opportunities for improving application security and reducing risk. MicroFocus’ James Rabon (Product Manager, Fortify Software Security Center and Tools) and Paladion's Vinod Vasudevan (Co-founder and CTO) discuss how MicroFocus and Paladion are helping customers integrate security and compliance into DevOps processes.
Key Takeaways from the Webinar:
- Trends in application delivery: from waterfall, to Agile and DevOps
- How characteristics of Agile, DevOps provide a high-level blueprint for what application security in that environment should look like
- Capabilities you should be looking for to improve application security at the speed of DevOps
- How to adopt non-disruptive and continuous application security processes
- Bringing in around-the-clock security monitoring for cloud assets
VMware transforms security by providing a ubiquitous software layer across application infrastructure and endpoints, maximizing visibility and context of the interaction between users and applications, aligning security controls and policies to the applications they are protecting, and enabling the insertion of third-party security services for additional intelligent protection.Read more >
If you are struggling to keep up with selecting, testing and deploying new security tools, you won’t want to miss this webinar.
You’ll learn how to:
- Address the unique challenges of securing your unique network.
- Implement smart network segmentation and intelligent tool routing.
- Facilitate testing and deploying tools through a security delivery platform.
- Handle the challenges of setting up realistic tests.
Learn how the GigaSECURE security delivery platform strengthens new security tool testing and streamlines deployment.
The cloud and mobility have fundamentally changed the IT landscape. Both apps and users have left the network, however traditional security has struggled to keep pace. Developing a strong cloud security strategy is important to help restore visibility and reduce risk, but what is the best approach? While there are many opinions and perspectives, the best security strategy starts in the beginning with the proper architecture. Join this webcast to hear:
- 5 key architectural requirements your cloud security strategy can’t live without.
- What core building blocks you need to enable and secure your users and apps
- Learn how leading enterprises are transforming their security to cloud
Steve House is a seasoned Product Management leader with over 20 years of experience in the networking and security industries. During that time, he has worked for multiple market-leading organizations including Zscaler, Blue Coat Systems, Packeteer and CacheFlow where he has a consistent track record of helping them innovate and grow their market share.
At Zscaler, Steve leads the Product Management team responsible for driving product strategy and execution. Steve’s goal is to help the company through its next phase of growth becoming the standard Internet security platform delivered as a service to any user on any device in any location. Steve holds a Bachelor of Science in Electrical Engineering from Duke University.
For more questions about Zscaler, go to www.zscaler.com
When planning a go-to-market strategy, it’s common practice to build detailed marketing and sales personas for key security individuals such as the CISO, the IT administrator, the developer, and the end user. Each of these roles has different needs and priorities when considering a security tool, and sales strategy recognizes the need to address each of them. Organizations have different types of business drivers, priorities, constraints, and capabilities as well: for example, an 80-year-old manufacturing company may not care what cute new IoT ideas you might have.
These organizational personas must be considered when searching out peers for benchmarking. Security decisions made only by looking at other companies in the same industry doesn’t provide enough data, because there are many other variables that come into play. Building a security anthropology model for comparing organizations provides more context to better design products and services to align with their needs, while helping the security community speak the language of the users it’s serving. Join us for a discussion on how we can excavate a better approach with Wendy Nather, Principal Security Strategist at Duo Security.
Wendy Nather is a former CISO in the public and private sectors, and past Research Director at the Retail ISAC (R-CISC) as well as at the analyst firm 451 Research. She enjoys extreme weather changes while shuttling between Austin and Ann Arbor.
When it comes to building a security program, focusing only on technology and processes puts organizations in a weak and unbalanced position. People need to be equally factored in—and that’s where culture comes in. Listen as Bo talks about the importance of a strong security culture and walks through four essential components needed to build one.Read more >
Rapid adoption of cloud apps and services is driving the need for Cloud Access Security Brokers (CASB)
It is time for CASB systems to weave into your overall security infrastructure. There are many intersections to consider, such as DLP, Advanced Malware Protection, Web Security and Endpoint where organizations are navigating how to best integrate cloud security solutions into their environment to improve security and reduce operational overhead.
This talk will explore this next frontier of CASB solutions.
Offering organizations of all sizes the benefits of agility and scalability, the adoption of public cloud continues at a pace rivalled only by that of the early days of the Internet era. As was the case then, the speed of adoption often means that “good enough” security is viewed as acceptable. With the underlying premise that the public cloud is someone else’s computer, and an extension of your network this session will cover public cloud security concerns, what the shared security responsibility model really means and recommendations for protecting your public cloud workloads and data.Read more >
Join 451 Research and SecureAuth+Core Security for a peek into the emerging trends in cyber security and identity in 2018. Register today and learn how these trends will impact your strategy, organization, and job in the coming year.
Security experts Garrett Bekker, 451 Research and Chris Sullivan, SecureAuth+Core Security will share insight on these trends and more:
•Why network-based approaches to security are no longer sufficient in the age of cloud and IoT
•Why identity is the new gating factor for access to sensitive resources
•How various methods for securing cloud resources – CASB and IDaaS - need to converge
•The need for risk-based approaches to authenticating users – and machines
New security challenges in 2018
Hackers are already scheming their next wave of targets: will they replicate the colossal Equifax breach and cash in on reams of personal data or freeze up IoT devices simply in order to disrupt critical systems?
Join Forcepoint's Bob Hansmann, Director, Security Technologies for a Forcepoint 2018 Security Predictions Report webcast on the most pressing security issues for the upcoming year.
You’ll receive an advance copy of the Forcepoint 2018 Security Predictions Report just for attending.
We've known for a long time that the idea of a fixed perimeter and trusted internal network doesn't work too well, especially since a successful attacker looks exactly like an insider. The concepts variously known as de-perimeterization, zero-trust, software-defined perimeter and BeyondCorp all try to address this, and they represent a fundamental change in how you architect security for your enterprise.
In this presentation, we talk about what you can do to make your old perimeter less lonely, and most importantly, how to explain this new way of thinking to the rest of the business.
Software-defined datacenter technologies are a foundational pillar of datacenter transformation to enable digital business and agile IT. In addition to enabling datacenter agility, automation and cost containment, the software-defined datacenter presents new challenges and offers new opportunities as they pertain to securing hybrid workloads.
Watch this webinar by VMware® and Bitdefender® to learn about the following:
Software-defined technologies, including software-defined compute, storage and networking and their value to the modern datacenter
Security requirements for the software-defined datacenter
How the joint Bitdefender-VMware solution helps enterprises meet these requirements effectively and efficiently
As more of our business data will exist in the cloud and as the scale of IoT creates more weak links in the security chain, what systems in the network are designed securely that CIOs and CSOs can leverage? And will a lack of industry standards and technology architecture around the IoT makes it difficult to create security policies? Also, why do some contend that the IoT is impossible to secure?
On this edition of NMGs podcast series, we invite Gee Rittenhouse, Senior Vice President, Security Business Group at Cisco and Mike Iwanoff, SVP/CISO/CIO at iconectiv.
Key takeaways for listeners:
a.Fraudsters are out in full force: Yesterday’s solution might not solve tomorrow’s problems/challenges
b.Tips and Info: Top three things I can do to get more info/more data and improve my posture in this area
c.Determine whether you have the technology requirements for an acceptable risk posture:
•segmentation of the network
•automation – allowing you to implement controls to recover from a threat, find the source and mitigate the threat from reoccurring.
d.Communicate that risk posture to exec team and to the board - At the end, the company should know what their risks are and what
they are willing to accept
e.Understand the challenge and know that you don’t have to build your own security solutions.
The new 2017 Gartner Magic Quadrant for Web Application Firewalls (WAF) is based on detailed responses to questionnaires from experienced Web App Firewall customers. Attend the webinar and hear the experiences of major customers who participated in the Gartner MQ for WAF research and how they implemented web app firewall to protect their applications and critical data.
This webinar will cover:
* Detailed results and considerations of the report
* Effective deployment options to meet enterprise demands
* Success stories and implementation options you can leverage within your own environment
Join us to hear Morgan Gerhart, Vice President of Product Marketing at Imperva, discuss the Gartner MQ for WAF with:
*Rob McCurdy, CIO of Michigan State University
*Darío Eduardo Herrera Yáñez, CTO of Sm4rt Security Services
This Modern Security episode introduces a security based chaos testing tool and methodology. ChaoSlingr is a Security Chaos Engineering Tool focused primarily on the experimentation on AWS Infrastructure to bring system security weaknesses to the forefront.Read more >
SD WAN offers some inherent advantages in terms of security and compliance but also introduces a number of new potential ‘attack surfaces’, which must be considered. Join our webcast where Paul Crichard, Security CTO, BT, and Martin Barnes, Head of Security Propositions, BT, will take you through a range of scenarios and show how security can be “built-in” as an inherent part of the overall design.Read more >
My mother was washing dishes in the kitchen when the glass window she was looking out shattered in front of her…she was OK but unfortunately my curve ball has never gotten better. The second law of thermodynamics dictates that you can't put together something that has fallen apart. There was no way I could put that shattered glass back together. The second law of thermodynamics applies to breaches. There is no way to go back once you have been breached. We will tell you what are the emerging threats, how to prepare, and how to proactively manage an ongoing breach. We will cover the following types of breaches:
- Phishing Scams
- Buffer Overflow
- Password Hacking
- Downloading Free Software
- Fault Injection
Welcome to the Cloud Generation, where employees demand flexibility and access wherever they are, but can expose your most sensitive data to risk.
Distributed environments—like mobile and distributed workforces—introduce new attack surfaces that must be protected and increased use of SaaS Cloud Apps are driving the need for new compliance and security controls. The result? Security and IT teams are being forced to rethink network designs to better answer questions like:
- How do we effectively govern access to data, apps and systems?
- How can we combat advanced threats targeting our business through the web, cloud and e-mail?
- How should we secure information that is moving between our network, endpoints and the cloud?
Join Gerry as he discusses the key Cloud Generation security challenges facing Symantec’s enterprise customers and learn how Symantec’s Cloud-delivered security solutions can be used to protect users, devices and corporate data, wherever it resides.
Data breaches, cyber-attacks, security lapses and new regulations have made IT security more challenging than ever now that every organization has gone digital. IT teams are struggling with points solutions, as the traditional security approach no longer works. Explore how VMware makes cyber security intrinsic with a footprint throughout IT organizations with a security solution that includes products such as Workspace ONE, AirWatch, Horizon, NSX, AppDefense, vSphere, vSAN and vRNI that simplifies and consolidates IT security. Also, learn about what’s new with NSX and our newest security solution AppDefense.
Technical Demo’s will include looks into the Horizon with NSX solution, and how it interacts with 3rd party solutions such as Trend Micro’s Deep Security to automate security processes. You will also get a look into the vRealize Network Insight tool, and how it is helping our customers operationalize these new security models, maintain operational visibility into the network, and ensure best practices and health of the networking and security services.
What is DevOps, and what does it mean for security? In this session, we’ll talk about trends driving adoption of DevOps, and what are the security challenges posed by automated, API-driven frameworks and agile application development. We’ll then jump into a demonstration of how Imperva SecureSphere can be leveraged in a DevOps environment to provide state of the art protections against application attacks.Read more >
Evrim Eroglu, Head of Security Infrastructure at VakifBank discusses how traditional signature based systems are not enough to protect the bank’s endpoints. Traps with exploit techniques integrated with WildFire provides more secure endpoints.
Learn how VakifBank strengthened their endpoint security for approximately 16,000 employees by implementing Palo Alto Networks Traps to block both known and unknown threats.
Up-front design of your cloud environment can be done in a way that creates a reliably secure and controlled environment no matter how the AWS resources are used. This session will focus on "Security by Design" principles and show how an AWS environment can be configured to provide a reliable operational security control capability across, such as:
- Organizational governance
- Asset inventory and control
- Logical access controls
- Operating system configuration
- Database security
- Applications security configurations
Why this session:
Cloud Computing is becoming the new normal, the question isn’t “if” anymore, it’s really just “how fast can we move?” and “what are we going to move first”
Because of this trend organizations need to understand their security and compliance capabilities and shared responsibilities for security as they migrate resources to the cloud. Whether its clinical trial simulations with Bristol Myers-Squibb, who uses AWS to run clinical trial simulations for 64% less cost; in 1.2 hours vs. 60 hours or Galata Chemicals who are running their development and test workloads in the cloud. Organizations need to start with a “Secure by Design approach, which support security at scale as they increase their use of cloud resources.”
In this talk, we will give a short introduction into hybrid app development, present specific attacks and discuss how Android developers are using Apache Cordova. In the second half of the talk, we will focus on the secure development of hybrid apps: both with hands-on guidelines for defensive programming as well as recommendations for hybrid app specific security testing strategies.
Dr. Achim D. Brucker (https://www.brucker.ch) leads the Software Assurance & Security Research Team (https://logicalhacking.com) at the University of Sheffield, UK. Until December 2015, he was a Security Testing Strategist in the Global Security Team of SAP SE, where, among others, he defined the risk-based security testing strategy of SAP. He is a frequent speaker at security conferences.
BrightTALK caught up with Kai Roer, the Creator of the Security Culture Framework for an in-depth conversation on security culture and it's value to businesses today. Kai also talks through the findings of the Security Culture Report 2017, which can be accessed via the videos attachments.
Topics up for discussion:
- The importance of building a strong culture of security at businesses to add to an overall security strategy
- How to improve security culture within your organisation
- GDPR and how to prepare effectively
- The findings of the Security Culture Report 2017