If you and your on-call team feel overwhelmed or exhausted by the volume of alerts, this is for you. In it, we explore methods to not only identify and deal with alert fatigue but reduce it over time by fine-tuning your monitoring and alerting services. We'll also discuss the iterative process of identifying which data sets really represent actionable issues, which ones are redundant or overlap, and which ones are valuable only for information, and are never actionable. Join us to hear how you can make on-call suck less.Read more >
Recent controversies such as Apple vs FBI have highlighted that often strong security is a prerequisite for privacy, and that upholding privacy can ensure stronger security is built into software. As consumers become more aware of privacy issues, can the argument still be made that security must be sacrificed in place of privacy? How do new technologies confirm or deny this notion?Read more >
In 2008, a US district court said that expired patent numbers fall within the scope of “unpatented articles”, as defined by the section of the US statute relating to the standards for bringing lawsuits for false patent marking. Then, in December last year, the Federal Circuit ruled in Forest Group v Bon Tool that false marking defendants are subject to potentially much greater fines than had been previously awarded.
These two cases have arguably incited a false marking frenzy in the US, with hundreds of suits having been filed this year alone. This webinar will discuss how we got here, proposals to curb the problem, and strategies for companies to both avoid and successfully navigate such actions.
Eileen McDermott, Managing IP (moderator)
Lawrence M. Sung, University of Maryland School of Law
Robert Krebs, Nixon Peabody
Maia Harris, Nixon Peabody
First instalment of security Q&A sessions on whether organisations are operating under a false sense of security with the current measures they have in place.Read more >
• How to distinguish between statements that might be subject to false advertising claims and mere "puffery"
• What types of evidence might be needed to refute a claim of false advertising, and where to find that evidence
• How to use false advertising law as a weapon against a competitor's advertising campaign
Data Loss Prevention (DLP) is a computer security term referring to systems that enable organizations to reduce the corporate risk of the unintentional disclosure of confidential information. Data-loss prevention of stored data typically involves a Data Security Software installed on your computer to prevent unauthorized access to the data stored on your hard drive and USB/External drives. These systems identify, monitor, and protect confidential data while in use (e.g. endpoint actions), in motion (e.g. network actions), and at rest (e.g. data storage) through deep content inspection, contextual security analysis of transaction (attributes of originator, data object, medium, timing, recipient/destination and so on) and with a centralized management framework.
The purpose of this talk is to provide an overview of DLP tools/software and why it is generally ineffective in preventing data loss. Organizations need to establish best practices in addition to (possibly?) deploying DLP to reduce risk of data loss. This talk will include a discussion of these best practices.
IT discovery tools a promise to uncover all hardware, software, servers, databases, applications, dependencies and more. Unfortunately, discovery tools have some significant limitations.
Below are the Top 5 limitations users face:
5. Complexity: Discovery tools usually depend on complex Unix or Linux package manager or windows registry data that is complex and hard to decipher. For discovery to be useful, you need undiscoverable data. Finding out who owns a software license on a server and why is it deployed it is difficult if not impossible to obtain that from automated discovery for example.
4. Inaccuracy: Software installers can fail to update fingerprints to reflect the true owner of the license creating a false positive. Dependencies can cause false negatives. For example, if a given process only runs sporadically, then the discovery process may have to be running at just the right time to catch it.
3. Currency: The discovery tool usually runs as a batch process. It caches the data, which can then become outdated almost immediately, until the next run of the discovery, when it becomes outdated again almost immediately. Continuous discovery is rare because of the overhead it generates.
2. Reach: It is rare for an organization to have a network that is not segmented. Discovery has to be given access to every segment to be complete.
1. It’s just one source. Your business architecture, services, products, and applications must still be mapped. Who owns what? Who is called? How do escalation paths work? What about chargebacks? Who is accountable for compliance exceptions? None of this can be discovered. Discovery has to be augmented with data from many sources to be validated and complete.
Blazent has been working with some of the largest and most complex IT infrastructures in the world helping customers overcome the limitations of their discovery tools. Learn more at www.blazent.com
Our security experts will take you through WAF setup for policy and exceptions, profile review, and plugin rules to get the most of your WAF investment. They will cover 3 core topics of tuning a WAF:
-Alert exception for false positive reduction
-Profile maintenance for accuracy and efficiency (UBA)
-Plugins for Dynamic Applications and Profile Tuning
It’s a bird, it’s a plane, no it’s just your legacy SIEM. Did you know your SIEM might be weakening your security powers? Your legacy SIEM could be:
• Limiting your ability to collect, store and use security-relevant unstructured and structured data
• Making it difficult to maintain your SIEM and requiring skilled staff to work around the clock just to keep the lights on
• Burdening your security operations team by forcing them to chase false alarms while missing critical alerts
• Failing to detect modern threats and putting your entire business at risk
Finding threats on a corporate network is certainly necessary, but by definition it means the threat has already breached your perimeter and is embedded in your networks. You're now on the defensive. This special report webinar looks at techniques you can use to identify potential breaches before they enter your network.
You'll learn about using off-network threat intelligence to identify not only potential breaches before they attack, but also potential false positives and other network noise that might distract your team and technology from doing their jobs most effectively and efficiently.
It’s not uncommon for security teams to see upwards of 17,000 malware alerts per week and only investigate a third of them. Each incident detected requires investigation and eventually remediation before it can be laid to rest. Unfortunately, the security talent capable of performing these tasks is scarce, which leaves most security operations teams spread thin, a symptom of sparse coverage compounded by the drain of low fidelity security alerts and false positives. Join Exabeam and (ISC)² on August 3, 2017 at 1:00PM Eastern to learn how SIEM technologies must evolve to include automated playbooks and orchestration for common attacks such as malware and spear-phishing.Read more >
Ah, the Service Catalog. Every organization needs one, but few have one they truly love. It sounds so easy, doesn’t it? Create a menu of IT services, then communicate said menu to your customers. Done!
Sadly, the above scenario is a rare one. While most of our organizations have some semblance of a Service Catalog, it’s often a bit of mess, hasn’t been updated in a while, or lives in a perpetual state of almost done. If any of this sounds painfully familiar to you – or if you fall into the camp of not having a Service Catalog at all – be not afraid!
Why not? Because the BEYOND20 Catalog Doctors are here to help (trust us, *we’re doctors)! We’ve seen it all, and have helped strategize, design, and build countless Service Catalogs over the years. Our panel of catalog experts (or **doctors) will be sharing their knowledge, recommendations, and practical advice on how to quickly build a Service Catalog both you and your customers will love - with as little pain as is humanly possible.
*This is patently false. It couldn’t possibly be less true.
**Not doctors. Can’t stress it enough.
Noise is the enemy of breach detection and response. After a major data breach it is often the case that signs of an attacker existed, but were buried in thousands of other security alerts that were mainly false positives.
With machine learning, meaningful signs of an attack are more easily detected and isolated, so a security operator can focus on precisely the right issue.
This session will examine:
- The problem of noise
- The role of machine learning in sifting through vast amounts of data to get to the fidelity needed to detect an attacker
- Best practices for including machine learning in your security operations
About the Presenter:
Kasey Cross is a Sr. Product Marketing Manager at Palo Alto Networks, joining this month through the acquisition of LightCyber. She has over 10 years of experience in marketing positions at cybersecurity companies including Imperva, A10 Networks, and SonicWALL. She was also the CEO of Menlo Logic and led the company through its successful acquisition by Cavium Networks. She graduated from Duke University.
One of the most valuable capabilities of OSSIM is the ability to define policies to tune event processing and trigger actions based on certain types of events. This special user training webcast will walk you through how to use policies and actions to:
Filter unnecessary events and false positives
Trigger e-mail notifications for critical events
Improve performance of OSSIM
Turn security policies into security practice
As a cyber security professional, you already know that users are both an organisation’s greatest asset and its greatest vulnerability. Users can do great damage - and they’re notoriously difficult to catch. Many companies are confronting this challenge with User Behaviour Analytics (UBA), which can help you detect and respond to user threats, such as when:
- An insider turns against your organisation
- A cyber attacker steals a user’s credentials
- An administrator abuses account privileges
If you’re focused on addressing user threats, UBA can be a powerful tool in your kit.
Join Tom Salmon from LogRhythm, as he discusses the elements of an effective user threat detection program. You’ll learn:
- Why detecting user threats is so important—and so difficult
- Different approaches to UBA
- The value of data from across your business
- How to maximise the efficiency of your security analysts
Watch this on-demand webinar to learn how UBA can help you discover hidden user threats, reduce false-positives and prioritise the most concerning threats.
The effectiveness of a security system depends on how quickly it detects and responds to threats. Is your security system able to tackle security challenges in near real time, while reducing false positives so analysts can focus on critical events and Indicators of Compromise (IOCs)?
HPE Security ArcSight ingests large volumes of security events and correlates against IOCs in real time to identify potential threats. Hexadite Automated Incident Response Solution (AIRS) takes these security alerts in real time and performs investigation and remediation at scale.
Learn how the combination of these two systems gives you the ability to:
• Gain visibility across the entire IT footprint
• Detect security threats in real-time
• Automate incident investigation
• Perform automated or semi-automated remediation actions
Get inspired and informed by Eric Ogren, Sr Analyst at 451 Group, and Matt Rodgers, Head of Strategy at E8 Security, as they discuss how behavioral analytics is transforming security operations with improved visibility across endpoints, users, and networks. Learn how that translates into better detection and faster investigation time for security incidents.
Behavioral analytics is about un-complicating your security environment. The information is there, but how do you make the most of it? Security analysts should understand what’s happening without having to piece an incident together from scratch.
1. Why security teams are a company’s true heroes
2. Black holes: turning “more data” into “better data”
3. Navigating the grey area between the binary poles of true positive and false positive
As businesses begin to rely more on data-driven Artificial Intelligence applications, the new applications lead to new business issues, security, and privacy concerns. Each bank also needs to have a transparent system for total audit-ability so one can see who did what, and when. Bank can use AI Deep Learning techniques to identify erroneous or incomplete data to avoid misleading decisions.The new AI applications introduce a number of business, security and privacy issues which will have to be addressed. Neural Network, Natural Language Processing, Image Recognition, Speech Recognition and Sentimental Analysis techniques are Deep Learning techniques used in Banks and Financial Services. AI Deep Learning techniques are used to help with anti-money laundering programs, know-your-customer checks, sanctions list monitoring, billing fraud oversight or other general compliance functions, artificial intelligence can:
- Improve efficiency
- Weed out false-positive results
- Reduce costs and increase profits.
- Make better use of workers’ time and company resources
- Help banks handle their compliance monitoring
- Automate some legal and regulatory work
- Handle most customer service and improve customer experience
- Help in detection of Fraud
- Creates a massive competitive advantage
Bhagvan Kommadi, Founder, Architect Corner has around 20 years experience spanning in the creation of products & incubation of Product Startups. He has done Masters in Industrial Systems Engineering at Georgia Institute of Technology (1997) and Bachelors in Aerospace Engineering from Indian Institute of Technology, Madras (1993).Architect Corner is in CIO Advisor Top 25 Fast Growing AI startups in APAC for 2017. Architect Corner is part of Citi T4I Growth Accelerator.
As technology advances, so does the threat landscape, with cyber criminals effectively exploiting weak points on an almost daily basis. When malware infiltrates an organisation’s first layer of defence, it can spread quickly throughout the network, exposing data and weakening security - and in most cases this happens faster than analysts or administrators have time to react to. Indeed, with reams of data being generated and transferred over networks, organisations are having a hard time monitoring everything, which means potential threats can easily go unnoticed.
Organisations need to rely on machines to detect and respond to threats more quickly and efficiently. Even enterprises with a dedicated security team that monitors the latest security threat trends and understands the blueprint of evolving attack vectors still need to continuously monitor all network activity. The sheer volume of processes, services and applications running on a corporate network is just too much for human beings to monitor alone. However, this doesn’t mean that human analysis is not important.
User and entity behavioural analytics (UEBA) is essential in keeping up with continuously evolving threats and making sense of anomalous network behaviour. Security approaches that utilise both machine learning and human analysis enable all threats to be analysed for effective detection and response, ensuring all data is accounted for and including the human element to help reduce the opportunities for false positives. To keep up with the ever-changing security landscape, companies need to integrate internal and external threat context in their environment by updating processing rules for operating systems, applications, and network devices in order to strengthen the accuracy of real-time machine analytics.
As a cybersecurity pro, you already know that users are both an organization’s greatest asset and its greatest vulnerability. Users can do great damage—and they’re notoriously difficult to catch.
If you’re focused on addressing user threats, User Behavior Analytics (UBA) can be a powerful tool in your kit. In this webcast David Gorton and Mark Settle from LogRhythm, discuss the elements of an effective user threat detection program. You’ll learn:
- Why detecting user threats is so important—and so difficult
- Different approaches to UBA
- The value of data from across your enterprise
- How to maximize the efficiency of your security analysts
Watch the webcast to learn how UBA can help you discover hidden user threats, reduce false-positives, and properly prioritize the most concerning threats.
Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter. The solutions are anchored on patented innovations in Deception and Data Science. This enables a DevOps approach to ATD, enabling ease of deployment, monitoring and management. Acalvio enriches its threat intelligence by data obtained from internal and partner eco-systems, enabling customers to benefit from defense in depth, reduce false positives, and derive actionable intelligence for remediation.Read more >