In 2018, the gains realized from applied analytics will become so pervasive that we expect virtually every security product to be an analytics product. Automation will become more evident, identity will assume new importance, and consolidation will be the word of the day at the endpoint. With new classes of security concerns already making headlines in 2018 – and with EU Global Data Protection Regulation and privacy in the spotlight - what risks are on the horizon?
Join Scott Crawford, Research Director, Information Security and Dan Kennedy, Research Director, Voice of the Enterprise, for a live webinar on February 13 as he reviews these and other trends expected to shape the information security landscape in 2018, and the level of impact those trends will have on the market. Come armed with questions, as there will be a live Q&A session at the end of the webinar.
A common approach for addressing a security initiative is to make assumptions about the underlying problem that needs to be solved. Too often, those assumptions are incorrect. In those cases, security practitioners end up wasting resources with little to show for it.
Join Fernando Montenegro, Senior Analyst at 451 Research, as he presents an alternative framework for evaluating the fundamental issues that may hinder an initiative’s progress in a specific scenario. This framework allows practitioners to consider whether the issue is driven by incentives, information, investment, or irrationality which will help determine the appropriate path for addressing them in the context of security. With this knowledge, the security practitioner can tackle the problems with confidence and make real progress in their environment.
In a survey of 722 IT leaders by CIO Magazine, four out of five respondents were concerned about shadow IT projects lacking proper IT oversight in their organizations*. This concern is justified -- when users create "shadow IT" workarounds or avoid security processes altogether, it can leave organizations at risk.
Security teams are learning that when you account for the human element, you can develop policies that users actually want to adopt. Join us for a discussion on how you can build a strong security culture by learning from user behavior research, and employing concepts like gamification to collaborate with your users.
Security is changing. New innovations are making defenses such as anti-malware more of a reality than ever before, while yesterday’s incumbents are being remade through new acquisitions as well as selloffs of their legacy security businesses. So what’s next for security? For one thing, the scale of IoT security risk has finally been revealed – while the threat of ransom may provide attackers an alternative if malware becomes less viable. Will security’s innovations be ready enough, soon enough to protect enterprises from today’s emerging threats?
Join this session with Scott Crawford, Research Director for Information Security, to find out why 451 Research has rated all 6 of 2017’s key security trends as “high impact.”
See Richard Hollis in action as he delivers an informative brief of the essential elements needed in designing an effective information security awareness program for your business.
The session covers the four pathways that need to be taken and includes the way to identify the KPIs required to actually measure the success of the program and verify the real change in your business culture.
After you’ve solved your core authentication needs, what’s the next step in securing access to your critical resources? Your users are validated, but they still connect through a network from potentially vulnerable computers and mobile devices.
So how do you identify which of these devices are compromised endpoints?
In a 2017 SANS survey of IT professionals, 79% said hunting for compromised endpoints is “difficult or impossible.” Finding the right balance of security and user convenience is daunting, especially with BYOD and hosted applications added to the mix. The good news is that there are ways to make this easier, and this webinar will show you how.
If you are struggling to keep up with selecting, testing and deploying new security tools, you won’t want to miss this webinar.
You’ll learn how to:
- Address the unique challenges of securing your unique network.
- Implement smart network segmentation and intelligent tool routing.
- Facilitate testing and deploying tools through a security delivery platform.
- Handle the challenges of setting up realistic tests.
Learn how the GigaSECURE security delivery platform strengthens new security tool testing and streamlines deployment.
Josh Downs. BrightTALK's Information Security Community Manager breaks down the 5 webinars to attend (see attachments) at January's The Next Generation of Information Security Summit:
5 - Big Daddy Loves Big Data - Richard Hollis, Risk Factory
4 - Risk-based Security: Having the Right Security in the Right Place - Illyas Kooliyankal, ADS Securities
3 - Achieving Digital Trust: The Final Frontier - Jeffrey Ritter, The Ritter Academy
2 - Have Cyber Security Professionals Lost Their Touch? - Jitender Arora
1 - Best Practices for Uncovering Deeply Hidden Threats - Eyal Gruner, Cynet
To attend any of the above, see the URLs in the attachments.
For more insights, follow Josh on @downsy1990.
Shan Lee is the Head of Information Security at JUST EAT Plc where he is passionate about promoting a "Security Culture" in what is a fast moving and rapidly expanding, multinational environment.
In this presentation he will touch upon the following subjects: security culture, awareness, education, and the problems around the real threat being the (non-malicious) employees that don't even realise their online behaviour is a problem.
Faced with a complex, heterogeneous IT infrastructure and a “cloud first” directive from the board, Nick Bleech, Head of Information Security at building supplies giant Travis Perkins, used Splunk Enterprise Security running on Splunk Cloud to deliver enhanced security for 27,000 employees. The Splunk solution allowed Travis Perkins to provide real-time security monitoring, faster incident resolution and improved data governance while delivering demonstrable business value to the board.
Watch this webinar to hear Nick Bleech discuss:
• The business and security drivers tied to the deployment of a cloud-based SIEM (security incident and event management solution)
• The overall benefits of the Splunk solution
• The project’s critical success factors
• How stakeholders and the overall project were managed
• The positive impact of the deployment on the IT operations and IT security teams
• The next steps in the development of a lightweight security operations center
As management is increasingly involved in information security budgets, many questions are being asked – Did we really need to spend this money or could we have done without it? Are we really more secure now than before? Would we be more secure if we installed this product or spent money on security training?
In this presentation, MEEZA’s Information Security team will talk about a 3-step process which is a pragmatic view of the different components of an effective Security Risk based approach which provides perspective to a given organisation.
The MEEZA Information Security team will provide pointers on how to effectively present a Risk-based Security Plan to executives by highlighting some of the benefits which are considered ironies from a risk-based perspective
Join us at our next Career Conversations session. We'll discuss topics such as: what made them decide on IT or Cyber Security, what were some of their work/life challenges, and what skills and education do they see as essential to success?
Whether you are an experienced professional or just contemplating a future in Cyber Security, WSC's Career Conversations allows you to have a conversation with women making a difference. Join us and share in Career Conversations with successful women in cyber security!
Guests: Julia Hermann, Information Security Analyst at Giesecke & Devrient GmbH
Hosted by Elena Steinke, Board Member of the Women's Society of Cyberjutsu
About the Speaker:
Julia Hermann brings more than 15 years of experience in systems engineering, IT security and information security management. She started off her career at a large German Telco provider in the field of IT security consulting, developing and implementing security solutions for large international customers. Afterwards, she spent the longest time of her career at an agency of the European Union as Information Security and Risk Officer, establishing IT security from the moment of its foundation.
Currently, as Information Security Analyst within the corporate security department of an international company in Munich, her main tasks involve assessment of requirements and technical conception of security solutions as well as threat intelligence, security incident management and audits.
Being a certified CISSP and CISM, she contributed to the foundation of the (ISC)2 Chapter Germany. Previously as a member and since May 2017 as lead of the ISACA Germany Chapter working group on information security, she co-authored the Implementation Guideline ISO/IEC 27001:2013 and participated to the development of the 2-day certification course “Information Security Practitioner.”
When it comes to building a security program, focusing only on technology and processes puts organizations in a weak and unbalanced position. People need to be equally factored in—and that’s where culture comes in. Listen as Bo talks about the importance of a strong security culture and walks through four essential components needed to build one.Read more >
Threat intelligence is one of the most talked about areas of information security today. Vendors, service providers, consultants and integrators are all looking to find ways to use threat intelligence to help businesses apply what we can learn about emerging cyber-threats and their tactics to protect valuable data and systems.
However, when it comes to applying these types of services/products, it can be hard to know where to start, whilst establishing what types of threat intelligence will prove truly beneficial to your organization is also a challenge.
In this webinar we’ll take you towards getting “hands on” with threat intelligence, including:
• Understanding the difference between strategic, operational, tactical and technical threat intelligence
• Real world examples of applying threat intelligence to monitor for emerging threats, to better prioritize vulnerabilities and more clearly understand your own threat surface
• Find the parts of your security operations that can reap the most benefit from the application of relevant threat intelligence
Cybersecurity disasters dominated the news in 2017. WannaCry alone bashed hundreds of thousands of targets. Now is the time for CIOs and CSOs to scrutinize multiple components of their security because, let’s face it, attackers are busy working up new creative ways to hijack your data in 2018.
Attend this webinar to learn what it takes to build an in-depth defense. This straightforward presentation will cover:
• Security KPIs with risky validation processes (far more common than you think)
• A checklist of security points that need tight inspection (and where to drill down)
• New security services that streamline the process
This presentation will examine some notorious attacks, explore factors that lead to successful attacks, and discuss significant issues and circumstances that lead to successful breaches.Read more >
AuditD is a very useful feature on the linux kernel. Ryan Huber, Security Architect at Slack, discusses go-audit, the golang-based open source alternative to the auditd daemon.
He also discusses how he uses go-audit along with a reliable logging pipeline consisting of streamstash, elasticsearch, and elastalert to collect and process data from thousands of hosts.