Hi [[ session.user.profile.firstName ]]
Sort by:
    • Data loss due to human error - Stop the zombie apocalypse Data loss due to human error - Stop the zombie apocalypse Kris Salazar, Sr Demand Generation Manager, Ipswitch; David Lacey, leading researcher, writer and innovator in Cybersecurity Upcoming: Mar 17 2016 3:00 pm UTC 60 mins
    • Implementing Compliance Controls for Data Protection in Regulated Industries

      Securing protected data and meeting data privacy compliance demands are top IT challenges, but recent survey results of over 500 IT pros globally show human and processing errors are the top reasons for data loss.

      The key is to stop zombie-like employee activity by protecting data in motion – including communication between service providers, government agencies, and customers, or integrating business systems across datacenters and the cloud.

      Join this session to understand the essential requirements, strategies and solutions for addressing data privacy laws and regulatory compliance while protecting your data in motion.
      The webinar will address key questions such as:

      • What are the top data protection concerns of your IT peers and how are their organization addressing them?
      • What are the essential IT control requirements protecting data in motion?
      • What are practical strategies to cost effectively meet requirements?
      • Which file transfer and sharing technologies help or hurt your data protection?

      We’ll also look at key trends, which are driving organizational demand for new approaches to technology:

      · Security has moved to a “de-perimeterized” model, where security is wrapped around data and applications to ensure protection.
      · Strong authentication and encryption are now a default expectation to safeguard sensitive data, both at rest and in transit, but what else is needed to ensure data protection and compliance?

      This session will be presented by David Lacey, a former CISO, founder of the Jericho Forum, and author of the original text that formed the basis of the ISO/IEC 27000 standards.

      Read more >
    • Breach Prevention Week: Why Layered Security Strategies Don’t Work Breach Prevention Week: Why Layered Security Strategies Don’t Work Glenn Dasmalchi, Director at Palo Alto Networks Recorded: Jan 20 2016 7:00 pm UTC 45 mins
    • Every year, enterprises spend record levels of money on new IT security technology – yet major breaches and compromises are more prevalent than ever. The concept of “layered security” – in which enterprises support a wide variety of security technologies in order to discourage attackers – doesn’t seem to be working.

      It’s time to rethink IT security – not just the technology, but the way enterprises approach it from a strategic, architectural perspective. There are ways for organizations to build a comprehensive set of defenses – a security architecture – that can not only discourage attackers, but actually prevent them from penetrating your IT environment.

      In this webcast, you will learn some of the basics of building a next-generation IT security architecture, including:

      - How the foundational architecture of a next-gen firewall and security platform “matters” in enabling the business, and protecting it against a wide variety of attacks.
      - How the architecture enables unique and specific security scenarios.
      - How the architecture supports a prevention-oriented approach.

      Read more >
    • Threat Hunting is Not a Hobby – Do It Right or Go Home Threat Hunting is Not a Hobby – Do It Right or Go Home Anthony Di Bello, Director of Strategic Partnerships, Guidance Software Recorded: Jun 10 2014 5:00 pm UTC 57 mins
    • The security posture that companies have adopted has been typically focused on the prevention of known attacks. This approach has failed to actually secure enterprises! In this world, “proactive security” means erecting more and more security “walls” on the enterprise’s perimeter and waiting for an attack to happen. The numerous breaches that enterprises of all sizes report on a regular basis are the evidence of such failure. Billions of dollars of investments in old-style, perimeter-focused security have failed to stop cyber attackers from successfully stealing valuable information from organizations globally. Enterprises need to realize that they should change their ways. They need to go hunting – threat hunting. This threat hunting cannot be an ancillary or optional function that the Security team conducts. Instead, cyber threat hunting needs to be conducted systematically and programmatically. In this webinar we will review the steps that an enterprise needs to take to become an effective threat hunter including processes, skills, and technology.

      Read more >
    • Data Protection in the Cloud – Whose problem is it really? Data Protection in the Cloud – Whose problem is it really? Richard Moulds, Vice President Product Management and Strategy – Thales e-Security Recorded: Dec 12 2012 7:00 pm UTC 45 mins
    • Using cloud computing is like climbing a mountain – the higher you go the harder it is to climb. Moving mundane tasks to the cloud is easy, but for security centric applications the move is harder to make and for those involving regulated data the day may never come. That’s a shame because it’s in just these areas where the strongest economic incentives for moving to the cloud lie. The question is, who is best placed to establish the appropriate security in order to make this particular mountain easier to climb? Should cloud users plan on a “Bring Your Own Security” approach where they assume that the cloud is essentially an untrusted environment where they must wrap their own security around their applications and data, or should cloud providers be responsible for providing appropriate protection as part of a trusted cloud platform where users can feel safe and do what they do best – build applications? This presentation will address the tradeoffs as well as provide practical guidance regarding data protection approaches in a cloud environment.

      Read more >
    • Beyond the Code – Holistic Application Security Beyond the Code – Holistic Application Security Kris Philipsen, Director of Application Security Programs, Verizon Recorded: Apr 17 2013 8:00 am UTC 45 mins
    • Synopsis:
      The growing nature of online business and transactions has resulted in an exponential need for integrated and distributed application architectures. The paradigm of application security over many years has focused on much-needed fixing of common vulnerabilities in application code, without actually understanding their impact on the application’s overall security posture.

      In “Beyond the Code – Holistic Application Security”, we will run through several scenarios, based on real-world case studies, where security was compromised by not looking at application security in a holistic way. The goal of this session is to understand a number of factors to be taken into account when securing the application architecture as a whole, understanding the impact integrated solutions, cloud based Content Delivery Networks and other design choices can have on the application’s overall security. The key takeaway from this talk should be increased awareness, allowing you to cast a wider net and look at the security of an application architecture in a broader and more holistic manner.

      About the speaker:
      Kris Philipsen is Global Director of Application Security Programs at Verizon. He manages teams responsible for Application and Enterprise Security Programs through which they provide customers with a repeatable holistic lifecycle of essential controls and assessments for managing, monitoring and improving their application’s security posture. Prior to his current role, Kris worked as Principal Consultant, specializing in security audits, for Fortune 50 and governmental organizations.

      Over the last 15 years, Kris Philipsen has been actively involved in security research. He is the author of several papers on application security and has worked with multiple product vendors on identifying and mitigating critical security vulnerabilities. Kris appeared as speaker at various seminars and events on Application and Information Security.

      Read more >
    • Automating Security for the Cloud: Why we all need to care… Automating Security for the Cloud: Why we all need to care… Rand Wacker Recorded: Feb 27 2012 7:00 pm UTC 60 mins
    • Alternative title: “How I learned to stop worrying and get DevOps to love security”
      Take a look around, you might be surprised who is running servers in the cloud; you might be even more surprised about what they are running. Unfortunately, these people rarely if ever thought to tell the security teams, and that means big problems for us all. Securing servers in the cloud is different, very different, than in a traditional data center; but all the same risks are there. Lets start by understanding who is using the cloud, why it is so different, and what works and doesn't work from our typical security toolbox. Then lets try to solve some of those problems and come up with some best practices to help us and those we work with do what they need…securely.

      Read more >
    • Data Protection in the Cloud – Whose Problem Is It Really? Data Protection in the Cloud – Whose Problem Is It Really? Richard Moulds, Vice President Product Management and Strategy, Thales e-Security Recorded: May 23 2012 5:00 pm UTC 46 mins
    • Using cloud computing is like climbing a mountain – the higher you go the harder it is to climb. Moving mundane tasks to the cloud is easy, but for security centric applications the move is harder to make and for those involving regulated data the day may never come. That’s a shame because it’s in just these areas where the strongest economic incentives for moving to the cloud lie. The question is, who is best placed to establish the appropriate security in order to make this particular mountain easier to climb? Should cloud users plan on a “Bring Your Own Security” approach where they assume that the cloud is essentially an untrusted environment where they must wrap their own security around their applications and data, or should cloud providers be responsible for providing appropriate protection as part of a trusted cloud platform where users can feel safe and do what they do best – build applications? This presentation will address the tradeoffs as well as provide practical guidance regarding data protection approaches in a cloud environment.

      Read more >
    • Threat defenses: Before, during and after the point of click Threat defenses: Before, during and after the point of click Tom Clare, Senior Director of Product Marketing, Websense. Recorded: Jul 8 2013 3:40 pm UTC 48 mins
    • Produced by SC Magazine and Websense, this webcast explains how to protect against malware, advanced threats and data theft with continuous defenses before, during and after the point of click.

      This webcast outlines advanced threat stages and explains how protection in early stages can quickly block attacks, and how real-time, inline threat analysis protects against threats, data loss and data theft at the point of click. And learn how containment defenses are using sandboxing and traffic analysis to identify, profile and protect after the click. Combined, security administrators and teams are better armed to protect users, data and resources.

      Learn how threat defenses have evolved to include:

      - Global threat awareness and analysis to protect before the point of click.
      - Inline, real-time defenses during the point-of-click for protection against threats and data theft.
      - Sandboxing of malware and traffic analysis to identify and protect after the click.
      - Equal protection from both web and email attacks for office workers and remote workers.

      Read more >
    • A Proactive Approach to Modern Malware using Forensics & Sandboxing A Proactive Approach to Modern Malware using Forensics & Sandboxing Bob Hansmann, Sr. Product Marketing Manager, Websense Security Labs Recorded: Sep 6 2012 5:00 pm UTC 48 mins
    • CISOs around the world are telling analysts that the majority of today’s emerging threats are bypassing their anti-virus, firewalls, and intrusion prevention solutions. In response, analysts suggest that IT needs to assume a more proactive stance. Such a shift can involve more tightly integrated defenses, strengthening in-house IT resources, and leveraging appropriate outside resources. In this webinar, Websense will discuss ways to begin this shift today including:

      - Expanding ‘inbound’ defenses to include ‘outbound’ controls
      - Options for enhancing in-house IT security expertise
      - Leveraging research-grade forensic tools such as Websense ThreatScope™

      Real-world context will be provided as an actual malware sample undergoes forensic dissection and the Websense CyberSecurity Intelligence™ service is reviewed as a concrete example of the capabilities of today’s threat intelligence marketplace.

      Read more >
    • Collaborative Data Loss - Where DLP Breaks Down Collaborative Data Loss - Where DLP Breaks Down Andrew Yeomans, Board, Jericho Forum & Head of Security Engineering & Architecture - International, Commerzbank AG Recorded: Aug 5 2010 12:00 pm UTC 49 mins
    • How do you prevent data loss when you need to share data with other organisations? Data Leakage Prevention systems cannot help, as you know the data has to leave your organisation. The Jericho Forum has been working on such collaboration scenarios and can provide guidance on reducing your risk, as well as a vision for the future collaborative enterprise cloud.

      Andrew is on the management board of the Jericho Forum, which is an international information security thought-leadership group dedicated to defining ways to deliver effective IT security solutions that will match the increasing business demands for secure IT operations in our open, Internet-driven, globally networked world. Andrew is also is a member of the Executive Advisory Board of the ISSA UK chapter and Infosecurity Europe Advisory Council.

      Prior to this, Andrew led IBM’s European technical sales for Internet security. He is co-author of “Java Network Security”, the first book to cover secure multi-tier Java applications. He has worked with UNIX and Open Source software since 1985, and managed and ran IBM’s Scientific and Technical Computing group’s UNIX network.

      Read more >