Faster time-to-market and business value driven application functionality are the biggest drivers for DevOps. With DevOps, more frequent releases require shorter development and test cycles creating a higher risk of breaches exploiting the application layer. The last couple of years have shown business value can take a significant hit with security breaches. Building security features at the speed of DevOps, and reducing risk with the right security architecture, processes, and collaboration is key to staying in business. This is the genesis of DevSecOps.
In this Webinar, Derek Brink from Aberdeen Research describes how the shift towards rapid application delivery methods creates new opportunities for improving application security and reducing risk. MicroFocus’ James Rabon (Product Manager, Fortify Software Security Center and Tools) and Paladion's Vinod Vasudevan (Co-founder and CTO) discuss how MicroFocus and Paladion are helping customers integrate security and compliance into DevOps processes.
Key Takeaways from the Webinar:
- Trends in application delivery: from waterfall, to Agile and DevOps
- How characteristics of Agile, DevOps provide a high-level blueprint for what application security in that environment should look like
- Capabilities you should be looking for to improve application security at the speed of DevOps
- How to adopt non-disruptive and continuous application security processes
- Bringing in around-the-clock security monitoring for cloud assets
VMware transforms security by providing a ubiquitous software layer across application infrastructure and endpoints, maximizing visibility and context of the interaction between users and applications, aligning security controls and policies to the applications they are protecting, and enabling the insertion of third-party security services for additional intelligent protection.Read more >
When planning a go-to-market strategy, it’s common practice to build detailed marketing and sales personas for key security individuals such as the CISO, the IT administrator, the developer, and the end user. Each of these roles has different needs and priorities when considering a security tool, and sales strategy recognizes the need to address each of them. Organizations have different types of business drivers, priorities, constraints, and capabilities as well: for example, an 80-year-old manufacturing company may not care what cute new IoT ideas you might have.
These organizational personas must be considered when searching out peers for benchmarking. Security decisions made only by looking at other companies in the same industry doesn’t provide enough data, because there are many other variables that come into play. Building a security anthropology model for comparing organizations provides more context to better design products and services to align with their needs, while helping the security community speak the language of the users it’s serving. Join us for a discussion on how we can excavate a better approach with Wendy Nather, Principal Security Strategist at Duo Security.
Wendy Nather is a former CISO in the public and private sectors, and past Research Director at the Retail ISAC (R-CISC) as well as at the analyst firm 451 Research. She enjoys extreme weather changes while shuttling between Austin and Ann Arbor.
When it comes to building a security program, focusing only on technology and processes puts organizations in a weak and unbalanced position. People need to be equally factored in—and that’s where culture comes in. Listen as Bo talks about the importance of a strong security culture and walks through four essential components needed to build one.Read more >
Rapid adoption of cloud apps and services is driving the need for Cloud Access Security Brokers (CASB)
It is time for CASB systems to weave into your overall security infrastructure. There are many intersections to consider, such as DLP, Advanced Malware Protection, Web Security and Endpoint where organizations are navigating how to best integrate cloud security solutions into their environment to improve security and reduce operational overhead.
This talk will explore this next frontier of CASB solutions.
New security challenges in 2018
Hackers are already scheming their next wave of targets: will they replicate the colossal Equifax breach and cash in on reams of personal data or freeze up IoT devices simply in order to disrupt critical systems?
Join Forcepoint's Bob Hansmann, Director, Security Technologies for a Forcepoint 2018 Security Predictions Report webcast on the most pressing security issues for the upcoming year.
You’ll receive an advance copy of the Forcepoint 2018 Security Predictions Report just for attending.
Join 451 Research and SecureAuth+Core Security for a peek into the emerging trends in cyber security and identity in 2018. Register today and learn how these trends will impact your strategy, organization, and job in the coming year.
Security experts Garrett Bekker, 451 Research and Chris Sullivan, SecureAuth+Core Security will share insight on these trends and more:
•Why network-based approaches to security are no longer sufficient in the age of cloud and IoT
•Why identity is the new gating factor for access to sensitive resources
•How various methods for securing cloud resources – CASB and IDaaS - need to converge
•The need for risk-based approaches to authenticating users – and machines
Offering organizations of all sizes the benefits of agility and scalability, the adoption of public cloud continues at a pace rivalled only by that of the early days of the Internet era. As was the case then, the speed of adoption often means that “good enough” security is viewed as acceptable. With the underlying premise that the public cloud is someone else’s computer, and an extension of your network this session will cover public cloud security concerns, what the shared security responsibility model really means and recommendations for protecting your public cloud workloads and data.Read more >
The new 2017 Gartner Magic Quadrant for Web Application Firewalls (WAF) is based on detailed responses to questionnaires from experienced Web App Firewall customers. Attend the webinar and hear the experiences of major customers who participated in the Gartner MQ for WAF research and how they implemented web app firewall to protect their applications and critical data.
This webinar will cover:
* Detailed results and considerations of the report
* Effective deployment options to meet enterprise demands
* Success stories and implementation options you can leverage within your own environment
Join us to hear Morgan Gerhart, Vice President of Product Marketing at Imperva, discuss the Gartner MQ for WAF with:
*Rob McCurdy, CIO of Michigan State University
*Darío Eduardo Herrera Yáñez, CTO of Sm4rt Security Services
This Modern Security episode introduces a security based chaos testing tool and methodology. ChaoSlingr is a Security Chaos Engineering Tool focused primarily on the experimentation on AWS Infrastructure to bring system security weaknesses to the forefront.Read more >
Welcome to the Cloud Generation, where employees demand flexibility and access wherever they are, but can expose your most sensitive data to risk.
Distributed environments—like mobile and distributed workforces—introduce new attack surfaces that must be protected and increased use of SaaS Cloud Apps are driving the need for new compliance and security controls. The result? Security and IT teams are being forced to rethink network designs to better answer questions like:
- How do we effectively govern access to data, apps and systems?
- How can we combat advanced threats targeting our business through the web, cloud and e-mail?
- How should we secure information that is moving between our network, endpoints and the cloud?
Join Gerry as he discusses the key Cloud Generation security challenges facing Symantec’s enterprise customers and learn how Symantec’s Cloud-delivered security solutions can be used to protect users, devices and corporate data, wherever it resides.
Data breaches, cyber-attacks, security lapses and new regulations have made IT security more challenging than ever now that every organization has gone digital. IT teams are struggling with points solutions, as the traditional security approach no longer works. Explore how VMware makes cyber security intrinsic with a footprint throughout IT organizations with a security solution that includes products such as Workspace ONE, AirWatch, Horizon, NSX, AppDefense, vSphere, vSAN and vRNI that simplifies and consolidates IT security. Also, learn about what’s new with NSX and our newest security solution AppDefense.
Technical Demo’s will include looks into the Horizon with NSX solution, and how it interacts with 3rd party solutions such as Trend Micro’s Deep Security to automate security processes. You will also get a look into the vRealize Network Insight tool, and how it is helping our customers operationalize these new security models, maintain operational visibility into the network, and ensure best practices and health of the networking and security services.
Evrim Eroglu, Head of Security Infrastructure at VakifBank discusses how traditional signature based systems are not enough to protect the bank’s endpoints. Traps with exploit techniques integrated with WildFire provides more secure endpoints.
Learn how VakifBank strengthened their endpoint security for approximately 16,000 employees by implementing Palo Alto Networks Traps to block both known and unknown threats.
Mobile computing and the use of cloud applications are touted as ways to help healthcare providers deliver better patient care. Clinicians carrying tablets or other devices to exam rooms and patients’ bedsides can quickly access and update patient data and other vital resources necessary for accurate and expeditious treatment.
No one disputes the value of “anytime, anywhere” computing in healthcare – indeed, in other industries as well – but there is a concern about the risk associated with access to sensitive and regulated data via unmanaged devices and unsanctioned cloud applications.
In this CISO panel discussion moderated by Hussein Syed, CISO at RWJBarnabas Health and joined by panelists Alex Fry, VP of Software Security Assurance at Elsevier and Mike Schuricht, VP of Product Management, Bitglass, you’ll learn about real-world approaches to some of the most vexing challenges of mobile and cloud computing.
Up-front design of your cloud environment can be done in a way that creates a reliably secure and controlled environment no matter how the AWS resources are used. This session will focus on "Security by Design" principles and show how an AWS environment can be configured to provide a reliable operational security control capability across, such as:
- Organizational governance
- Asset inventory and control
- Logical access controls
- Operating system configuration
- Database security
- Applications security configurations
Why this session:
Cloud Computing is becoming the new normal, the question isn’t “if” anymore, it’s really just “how fast can we move?” and “what are we going to move first”
Because of this trend organizations need to understand their security and compliance capabilities and shared responsibilities for security as they migrate resources to the cloud. Whether its clinical trial simulations with Bristol Myers-Squibb, who uses AWS to run clinical trial simulations for 64% less cost; in 1.2 hours vs. 60 hours or Galata Chemicals who are running their development and test workloads in the cloud. Organizations need to start with a “Secure by Design approach, which support security at scale as they increase their use of cloud resources.”
In this talk, we will give a short introduction into hybrid app development, present specific attacks and discuss how Android developers are using Apache Cordova. In the second half of the talk, we will focus on the secure development of hybrid apps: both with hands-on guidelines for defensive programming as well as recommendations for hybrid app specific security testing strategies.
Dr. Achim D. Brucker (https://www.brucker.ch) leads the Software Assurance & Security Research Team (https://logicalhacking.com) at the University of Sheffield, UK. Until December 2015, he was a Security Testing Strategist in the Global Security Team of SAP SE, where, among others, he defined the risk-based security testing strategy of SAP. He is a frequent speaker at security conferences.
BrightTALK caught up with Kai Roer, the Creator of the Security Culture Framework for an in-depth conversation on security culture and it's value to businesses today. Kai also talks through the findings of the Security Culture Report 2017, which can be accessed via the videos attachments.
Topics up for discussion:
- The importance of building a strong culture of security at businesses to add to an overall security strategy
- How to improve security culture within your organisation
- GDPR and how to prepare effectively
- The findings of the Security Culture Report 2017
BrightTALK caught up with Menlo Security's Jason Steer for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.
Topics up for discussion:
- The Russian hack of the US election
- AI & Machine learning in Cyber Security
- The Yahoo breach and steps to take to avoid it happening to other companies
- The leading prevention technologies currently and how to adopt them
- Cyber warfare in today's political spectrum
These days it's not a matter of if you'll be breached, but when. Security teams in the modern enterprise must accept that as well as efforts to protect their perimeter, they must also focus on understanding their east-west traffic.
This panel discussion will look at the trends and technologies influencing cyber security strategy in 2017, in particular those that deal with effectively monitoring your network to ensure your organisation handles vulnerabilities and stays breach free.
- Josh Downs, Community Manager - Information Security, BrightTALK (moderator)
- Jeff Costlow, Director of Security, ExtraHop Networks
- Rami Mizrahi, VP of R&D, TopSpin Security
- Francois Raynaud, Founder, DevSecCon
Tune into this panel conversation if you're a network or security professional looking to hear the latest trends and security best-practices to defend against a constantly evolving opponent.
Web and cloud application security exposures and email-based attacks continue to plague enterprises of all sizes, industries, and geographies. To tackle the threat, organisations have typically relied on multiple single purpose solutions to address each channel of risk. They’ve ended up with a proliferation of products, which complicates security and compliance, rather than simplifying it.
By unifying email, web, and cloud security with multi-factor authentication, CensorNet offers the freedom, visibility and protection that businesses need to navigate the threat landscape while unlocking the benefits of the cloud by enabling safe adoption of a wide range of apps.
Security is not rocket science. Developing an effective and efficient enterprise security program starts with strong culture and risk communication. Ditch the old school security ways and embrace the millennial approach. The pillars of the millennial approach to security are: developing a positive security culture, making secure business processes easy, fostering enduring business relationships, constant communication with executives, and getting the biggest bang for your limited bucks with risk prioritization.Read more >
Cloud security remains one of the top barriers to the adoption of cloud computing (Gartner top 3) and drives a need for new and broader security measures that go beyond traditional enterprise IT security tools and practices.
Join security experts from IBM, SoftLayer and Intel® for a comprehensive webinar about the cutting-edge products and services that deliver unparalleled control and data security in the cloud. In this webinar, you will receive:
Practical and technical advice can be applied immediately to help secure your organization's IT environment using SoftLayer's security-rich environment for deploying and running customer workloads.
A full overview of the chip-level Intel®TXT security available first in the cloud at SoftLayer. Lastly learn more about IBM Cloud Data Encryption Services™ about Data protection, resiliency, security and storage.
- RSA 2016 -
BrightTALK favourite Raj Samani took the time to discuss the influence of cyber on middle eastern political conflicts; the role of hacking in Russian-American tensions; how to combat the cyber skills shortage and the enduring benefits of security collaboration.
Josh Downs, BrightTALK's Information Security Community Manager breaks down 3 must-watch webinars from February's Data-driven Security Summit:
3. Business-lead and Threat-Focused Cyber Risk Management - Chris Verdonck, Global Cyber Strategy & Peter Wirnsperger, Cyber Risk Services, Deloitte
2. Making Vulnerability Management Sexy, Again! - Amar Singh, Chair of ISACA's UK Security Advisory Group
1. (mis)Adventures in Data-driven Security: How to Avoid Tragedy & Engineer Success - Nik Whitfield, CEO, Panaseer
To attend any of the above, see the URLs in the attachments.
For more insights, follow Josh on @BrightTALK_Josh
The future for women in Cyber Security is NOW.
Despite the growing demand and tremendous opportunities in the job market, cyber security remains an area where there is a significant shortage of skilled professionals regionally, nationally and internationally.
At EC-Council University we want to empower and recognize women who are results-driven and able to manage multiple disparate tasks while leading groups to achieve positive outcomes and astonishing professional successes.
Even worse, women’s representation in this male-dominated field of security is alarmingly low. Women are detail oriented with an analytical mind that quickly assess and achieve solutions to the most difficult problems, prioritizing and executing in a rapid, dynamic environment.
“At EC-Council University we wish to highlight these prestigious women and set examples for others to follow suit.”