Hi [[ session.user.profile.firstName ]]

The Insider Threat: Employees and Vendors as Attack Vectors

Target, Home Depot and The Office of Personnel Management. These organizations have two things in common – they have all suffered from a data breach and the attackers broke in through a third party vendor. Our analysis also shows that in 90 percent of data loss prevention incidents – meaning when employees leak sensitive data outside an organization – the employees are legitimate users who innocently send out data for business purposes.

Join this webinar to learn more about:

- How to manage the data deluge from various security tools and alerts to identify the threat within

- Best practices and tools to make employees more security conscience

- Products and solutions for security professionals to address all aspects of cyber risk from vendors and employees

- How to increase security awareness, and use Just-In-Time training to change behavior of negligent insiders
Recorded Dec 8 2015 48 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Anil Nandigam, Head of Product Marketing, Bay Dynamics
Presentation preview: The Insider Threat: Employees and Vendors as Attack Vectors
  • Channel
  • Channel profile
  • Live Webinar: Building Effective Zero Trust Kill Chains Using Data-Centric Analy Recorded: Oct 11 2019 66 mins
    Ryan Stolte, Bay Dynamics CTO
    Taking a Zero Trust approach that emphasizes users and data offers a significant opportunity to modernize security, and traditional kill chain models. While many of today's models leverage data detected on endpoints, they lack the critical context of how users are interacting with data and sensitive applications in the cloud, and from devices lurking in blind spots from traditional controls.

    To establish more inclusive, Zero Trust kill chains that pinpoint troublesome data handling - in direct relation to business objectives - today's security practitioners require the ability to inject context from data protection tools, including CASBs and DLP, among others, deeper into the process. Integrated analytics that combine and analyze these data sources hold the key to increased effectiveness.

    Register for this webinar to learn how to:

    Provide more robust data protection, married with targeted threat prevention
    Pinpoint users and systems that pose the greatest risks, related to exfiltration
    Highlight key differentiators between internal and external threats
    Tie business-driven data protection priorities directly to incident response
  • Automate Threat hunting With Security Analytics & Machine Learning Recorded: Jun 26 2019 61 mins
    Ryan Stolte, CTO and co-founder, Bay Dynamics
    Multi-stage attacks use diverse and distributed methods to circumvent existing defenses and evade detection - spanning endpoints, networks, email and other vectors in an attempt to land and expand. Meanwhile, individual tools including DLP, EDR, CASBs, email security and advanced threat protection are only designed to identify individual elements of a campaign, putting the onus on human analysts to piece together the bigger picture - when time and resources allow.

    Today's advanced security analytics platforms combine data from numerous security solutions to eliminate blind spots, visualize multi-stage threats and provide the detailed context necessary to enact targeted response. By using behavioral analytics and applying dedicated machine learning, these platforms automate critical threat hunting capabilities, so analysts at all levels can pinpoint advanced attacks, drive remediation and continuously refine investigation.

    Register for this webinar and learn about:

    -Visualizing multi-stage threats and compromised users;
    -Investigating and hunting within and across stages;
    -Maximizing human talent using Machine Learning.
    -Addressing DLP, EDR and Email Security use cases;
  • Secrets of Mature DLP Programs Recorded: Jan 16 2019 56 mins
    Salah Nasser, Director Product & GTM Strategy, Symantec and Kyle Black, Director Systems Engineering, Bay Dynamics
    Incident triage dominates daily efforts by Data Loss Prevention (DLP) teams. What’s more pressing is the need to expand DLP policies and channels, i.e. cloud apps and email, are creating more incidents. But more incidents arrive than can be closed - so high risk actions sometimes get missed.

    New user and entity behavior analytics platforms like Symantec Information Centric Analytics (ICA) dramatically reduce false positives, so there’s time to refine processes and educate other organizations.

    Key questions answered include:

    -How to expand existing Data Protection to cover more channels while reducing incident management?

    -What’s abnormal but dangerous activity? and how dangerous is it?

    -How to address more incidents and risky users without changing policies?
  • A Pragmatic Look at Security Platforms - Immediate Impact and Future Promise Recorded: Nov 14 2018 60 mins
    Ryan Stolte CTO, Bay Dynamics, Jon Oltsik Sr.Principal Analyst, ESG and Patrick Gardner SVP, Email Security & ATP, Symantec
    There has been a lot of industry buzz about cybersecurity platforms over the past year but much of the discussion is long on hyperbole and short on detail.

    What exactly is a cybersecurity platform?
    Are organizations really looking to purchase and deploy these platforms?
    How can they impact the daily lives of security practitioners?

    Join Bay Dynamics, ESG, and Symantec and get educated on:

    - New research about the growing transition to cybersecurity platforms

    - The benefits of cybersecurity platforms

    - How cybersecurity platforms will continue to evolve in the future.

    Register Today
  • Part 1 of 3: Secrets of Mature DLP Programs - Getting from "How?" to "Wow!" Recorded: Aug 9 2018 56 mins
    Salah Nasser, Director Product & GTM Strategy, Symantec and Kyle Black, Director Systems Engineering, Bay Dynamics
    In the first of a three-part webcast series:

    Part 1: First Things First - Understanding “Normal” Through Smart Incident Response and User and Entity Behavior Analytics (UEBA)

    Incident triage dominates daily efforts by Data Loss Prevention (DLP) teams. What’s more is the need to expand DLP policies and channels, i.e. cloud apps and email, are creating more incidents. But more incidents arrive than can be closed - so high risk actions sometimes get missed.

    New user and entity behavior analytics platforms like Symantec Information Centric Analytics (ICA) dramatically reduce false positives, so there’s time to refine processes and educate other organizations.

    Key questions answered include:

    -How to expand existing Data Protection to cover more channels while reducing incident management?

    -What’s abnormal but dangerous activity? and how dangerous is it?

    -How to address more incidents and risky users without changing policies?

    Register Today

    About the 3-Part DLP webcast series:
    The need for data protection continues to increase as organiztions mature, acquire new organizations, adopt cloud applications and infrastructure.

    While each DLP initiative launches with high expectations, many remain immature after years. Root causes can be understood - technology, people, and processes – and addressed so DLP can effectively protect data in the hybrid cloud world.

    This 3-part series features pragmatic insights and lessons learned from mature DLP programs on making their teams effective and getting buy in from their organizations.

    Upcoming webcasts:
    August 30th: Part 2 of 3:Talking It Out – Cross-functional Communication Key to Mature DLP Programs (Register Today http://bit.ly/0830DLPwebcast)

    September 20th: Part 3 of 3: Data, Data Everywhere - Increasing DLP Value as Everyone Goes Cloud (http://bit.ly/0920DLPwebinar)
  • How to Tackle Data Protection Risk in time for GDPR Compliance Recorded: Mar 15 2018 62 mins
    Sunil Choudrie: Information Protection Strategist, Deena Thomchick: Sr. Dir. Product Mgmt, Steven Grossman: VP Bay Dynamics
    Leveraging state of the art technology to help you find personal data, spot risky users, and respond to incidents

    The General Data Protection Regulation (GDPR) sets a new standard in data protection that will impact not just EU, but global organizations. With the GDPR start date quickly approaching, organizations face plural priorities; how to stay on top of their existing security program, while building – and implementing - a compliance strategy by May 2018.

    The keys to success? First, ensuring you understand the data protection risks you face. Second, using state of the art technology to both reduce risk and free up your security team.

    Join us on March 15th to learn how to leverage state of the art technology to build an efficient data protection risk management strategy.

    During this session, you will learn:

    -Why good risk management and data-centric protection go hand in hand

    -How leading technology helps you discover, monitor and protect personal data, wherever it is

    -Using data analytics to detect, quantify, and prioritize insider threats and outsider risks

    -How to free up your security team by removing unnecessary alerts and distractions

    Please join us, register today
  • Vulnerability Risk Management; Not Just Scanners Anymore Recorded: Oct 24 2017 57 mins
    Steven Grossman, VP of Strategy, Bay Dynamics with Guest Speaker, Forrester Sr. Security & Risk Analyst, Josh Zelonis
    The risk from software vulnerabilities has historically been an IT Operations concern, but no longer. A more integrated approach centralizing vulnerability data, and decision making, is necessary to provide a holistic view of organizational risk up the executive chain. The ability to prioritize asset risk, communicate with stakeholders, and make rapid, informed decisions, will be the difference between success, and failure, for many modern enterprises.

    Join this live Q&A with guest speaker, Forrester Senior Analyst Serving Security & Risk professionals, Josh Zelonis and Bay Dynamics VP of Strategy, Steven Grossman, as they answer your questions and cover:

    - Why is vulnerability risk management more that scanning?
    - How do you prioritize risks beyond CVE and CVSS scores?
    - How can a preemptive approach elevate vulnerability risk management to the core enterprise-wide risk management item it should be?
    -What are the common challenges in moving to a vulnerability risk management model?

    Register for this webcast for insight into the changing demands on vulnerability management programs.
  • GDPR Compliance and the Role of DLP and Behavioral Analytics Recorded: Aug 17 2017 64 mins
    Jon Oltsik, Sr. Principal Analyst, ESG Salah Nassar, Dir. Product Marketing, Symantec Steve Grossman, VP of Strategy
    The General Data Protection Regulation (GDPR) goes into effect in May 2018. It’s predicted that over 50% of companies affected will not be in full compliance in time. With fines as much as 4% annual revenue, cybersecurity experts, executives and boards are paying attention.

    What are the main obligations under the GDPR which will apply to your organization?
    How can you identify the gaps that exist between your existing programs and GDPR requirements?
    What changes are needed and which technologies can help to achieve compliance?
    What is a pragmatic timetable, in what order of priority, and at what cost?

    Join ESG Sr. Principal Analyst, Jon Oltsik, Symantec Director, Global Product Marketing and GTM Strategy, Salah Nassar, and Steven Grossman, Bay Dynamics’ Vice President of Strategy as we discuss how to:

    - Identify what data matters for GDPR compliance
    - Implement a framework for change
    - Leverage DLP and behavioral analytics for data governance

    The clock is ticking.
  • How the Cybersecurity Executive Order Impacts Today’s IT Risk Strategy Recorded: Jun 6 2017 58 mins
    Craig A. Newman, Partner and Chair of Patterson Belknap Webb & Tyler LLP, Steven Grossman, VP of Strategy at Bay Dynamics
    Two events in a single month recently reshaped the cyber-security landscape– the President’s Cybersecurity Executive Order and a massive ransomware attack that struck countless organizations worldwide. At their core, these headlines span common unresolved matters that affect nearly every practitioner in the cybersecurity field.

    The Wannacry ransomware attacks exploited unpatched-yet-well-known vulnerabilities. The White House policy explicitly supports a risk based approach, mandating that federal agencies prioritize IT security strategy based on exposure of their most valued assets.

    For years, cybersecurity teams have sought to tackle those threats and vulnerabilities that could compromise these critical assets. Given the state of real-world threats and these new marching orders, both public and private sector organizations must re-assess where they stand and take a closer look at evolving practices.

    This webinar, co-presented by Craig A. Newman, Partner and Chair of Patterson Belknap Webb & Tyler LLP’s Privacy and Data Security Practice, and Steven Grossman, VP of Strategy at Bay Dynamics will cover:

    * The must-know takeaways of the latest Cybersecurity Executive Order
    * Related findings from the recently released report – A Day in the Life of a Cybersecurity Pro
    * How private and public organizations can apply specific practices that directly enable more effective prioritization of asset-based IT risk
  • Know Your Numbers - Vital Signs, Immune Systems, and Cyber Risk Recorded: May 4 2017 44 mins
    Christophe Veltsos, a.k.a Dr. Infosec, Assoc. Professor at MSU, Steven Grossman, VP of Strategy, Bay Dynamics
    Physical health comes from both common sense – eat right and exercise – and advanced medicine. Blood pressure, sugar levels, and white cell counts are vital metrics to be monitored and controlled.

    What meaningful numbers are available to cyber teams? How can they be used to
    understand overall risk posture and prescribe detailed actions to take today?

    •Overall health - Which departments need cyber health checks now? Next quarter?
    •Regular hygiene - Whose applications are patched quickly? Whose are not?
    •Immune systems - How is unusual behavior pertaining to critical assets detected?
    •Breakthroughs - Can cyber risk be quantified in financial terms?
  • The NYS Cyber Security Regulation Is Mandatory: Now What? Recorded: Mar 2 2017 58 mins
    Craig A. Newman, Partner at Patterson Belknap Webb & Tyler LLP, Steven Grossman, VP of Strategy and Enablement, Bay Dynamics
    The New York State Cyber Security Regulation for financial organizations becomes mandatory March 1st. Since our last webinar, the requirements have been updated. The revised regulation, which NYS banks, insurance companies, and other financial services institutions regulated by the Department of Financial Services must follow, includes changes surrounding risk assessments, encryption, cyber security policies, cyber governance and more. Join us for this second webinar specifically addressing the revised components of the regulation and what financial organizations inside and outside of NYS should be doing now that the regulation is taking effect.
  • Don't 'Guesstimate' Your Cyber Risk, Use Financial Impact to Prioritize & Decide Recorded: Jan 25 2017 46 mins
    Rob Sloan, Director of Cybersecurity Research at Dow Jones & Ryan Stolte, Co-founder and CTO at Bay Dynamics
    Enterprises use value at risk metrics to drive most strategic decisions, except when it comes to cyber risk. Prioritizing cyber risk response and remediation is typically a guessing game that requires experts to work with the cyber and business teams to try to guesstimate probabilities of particular events and their ability to compromise each application's confidentiality, integrity and availability. Without calculating a dollar amount impact to which the business is exposed, stakeholders enterprise-wide have no way of knowing the most potentially damaging vulnerabilities and threats within their environment.

    This webinar will discuss why enterprises must embrace quantifying cyber risk as they do in all other parts of the business and how they can calculate the financial impact metrics needed to drive faster and more effective decision making.
  • Protecting Your Crown Jewels with Security Analytics Recorded: Nov 17 2016 61 mins
    Doug Cahill, Senior Analyst, Cybersecurity, Enterprise Strategy Group, Inc., Ryan Stolte, Co-Founder and CTO, Bay Dynamics
    Effective cyber risk management depends upon security analytics technology. However, as more enterprises and vendors see the value in this technology, more hype and misconceptions come to surface. In some cases, security analytics is being used interchangeably with solutions like SIEM and user behavior analytics when in reality, those solutions are components of a security analytics platform. To clear the confusion, Enterprise Strategy Group's Senior Analyst of Cybersecurity, Doug Cahill, and Bay Dynamics co-founder and CTO Ryan Stolte are hosting a webinar which will dive deep into what security analytics really is and how organizations can most effectively use it to reduce cyber risk to their crown jewels.
  • NY State Cybersecurity Requirements for Financial Firms: Why Should You Care? Recorded: Nov 8 2016 45 mins
    Johna Till Johnson CEO and Founder Nemertes Research, Steven Grossman VP Strategy & Enablement Bay Dynamics
    The New York State Department of Financial Services (NYS DFS) recently issued proposed regulations for financial services firms in NYS to go into effect in January 2017. The regulations are groundbreaking in some respects, in particular in that they include requirements for emerging (or not yet fully emerged) technology categories. Yet, there are also significant gaps. Find out what these regulations may mean for your organization (whether or not you’re a financial services firm, or do business in New York). You’ll learn from the experts at Nemertes Research and Bay Dynamics how you can leverage the regulations to strengthen your cyber risk posture and take strides towards better protecting your company.
  • An Asset-Centric Approach to Manage Cyber Risk Recorded: Aug 31 2016 56 mins
    Humphrey Christian, Vice President, Product Management, Bay Dynamics
    Enterprises, both large and small, all have vulnerability management solutions. However, security teams are overwhelmed by the mountain of vulnerabilities uncovered by these solutions. Once they determine which endpoints, systems and applications are vulnerable to an attack, they do not know which steps to take next and in what order. As a result, they spend countless hours manually determining who owns the vulnerable asset, the value of that asset, if it was compromised and if there is an active threat to that asset.

    Join us for a live webinar on Wednesday, August 31, 2016 at 10am PT as Humphrey Christian, Vice President, Product Management, Bay Dynamics, discusses why organizations and business stakeholders, need an asset-centric approach to provide a fully integrated view of threats, vulnerabilities, asset value and business context. He will also give a live demonstration of the Bay Dynamics Risk Fabric cyber risk platform and provide examples of how our customers have used it to build asset-centric risk management programs that allow security teams, line-of-business leaders, C-level executives and boards of directors to determine which threats and associated vulnerabilities could lead to a compromise of their most valued assets and what steps need to be taken in order to reduce that risk.

    Register for the live webinar to learn more about:
    • Understanding your Assets at Risk by protecting your high value assets that can be exploited by threats and vulnerabilities
    • Why it is important to take an asset-centric approach to effectively manage cyber risk
    • How Risk Fabric cyber risk analytics platform servers as a centerpiece for this asset-centric approach through a live demonstration
  • Security Analytics for Effective Cyber Risk Management Recorded: Jun 23 2016 55 mins
    Anil Nandigam, Sr Director, Product Marketing
    Organizations' ultimate goal is protecting corporate assets and reducing cyber risk around them. A multitude of security tools, both traditional and advanced, are deployed towards attaining this goal. But in order to truly address today’s cyber risk challenges, organizations need a security analytics platform that automates the process of aggregating data from existing security tools, enables understanding the assets at risk, and effectively communicates cyber risk to the right people at right time. In this presentation, you will learn how the Bay Dynamics Cyber Risk Analytics platform goes beyond traditional SIEM and User Behavior Analytics solutions to provide a prescription for organizations to measurably reduce cyber risk.
  • Beyond Vulnerability Management Recorded: May 23 2016 13 mins
    Gautam Aggarwal, Chief Marketing Officer, Bay Dynamics
    With today's multi-layered attack surface, traditional vulnerability management no longer suffices. Security leaders must embrace a new strategy to help identify and secure true assets at risk. Gautam Aggarwal of Bay Dynamics explains how.

    The challenge isn't identifying and taking inventory of assets at risk - organizations are adept at that. Where they fall short is at knowing which assets need the most attention, says Aggarwal, CMO at Bay Dynamics.

    "When it comes to prioritizing which assets to come back and mitigate, that is the challenge for [security leaders]," Aggarwal says. "They still lack context."

    All assets are valuable, Aggarwal points out. But some hold a higher cyber-value at risk than others. The key is not just to identify those assets, but to develop strong relationships with the line of business leaders who control those assets. Those relationships will reveal the business context necessary to making smarter security decisions.

    In an interview in the topic of securing assets at risk, Aggarwal discusses:

    - The flaws in traditional vulnerability management
    - How to identify and prioritize assets at risk
    - Why and how to engage line of business leaders in this discussion
  • Managing Cyber Risk From the Inside Out Recorded: Apr 28 2016 46 mins
    Humphrey Christian, Vice President, Product Management, Bay Dynamics
    Security practitioners must take a proactive, inside out approach to managing their organization’s cyber risk. But the challenges lie in effectively measuring the overall risk posture of the business. The manual process tied to analyzing security data today is demanding and error prone. To address this, the security and risk department needs an automated and repeatable process that makes sense of the volumes of security data from their existing solutions. This would allow them to effectively communicate a traceable and actionable view of cyber risk to line of business owners and the board of directors.

    Please join us on Thursday, April 28, 2016 at 10:00 a.m. PT for a live Bay Dynamics webinar as Humphrey Christian, Vice President, Product Management, explains how your organization can obtain a 360 degree view of your cyber risk posture.
  • Making Sense of Threat Intelligence Recorded: Feb 25 2016 52 mins
    Al Cooley, Director, DeepSight Cyber Intelligence, Symantec & Humphrey Christian, VP, Product Management, BayDynamics
    As the cyber threat landscape expands, so does need for good threat intelligence. The marketplace has exploded with sources of threat information, from the Internet, to open source code, to commercial threat data. But companies struggle with finding a way to collect the right threat information, to organize and prioritize it into true insights that are meaningful to their businesses.

    Join this live webinar to hear about the power of threat intelligence combined with analytics and how you can use the joint offering with Symantec DeepSight and Bay Dynamics Risk Fabric, a Cyber Risk Analytics platform, to protect your assets from the ever changing threat landscape in today’s cyberspace.

    You will learn:
    • What is effective threat intelligence?
    • How the different processes in your security and risk organization benefit from threat intelligence
    • How your vulnerability and risk management teams can benefit from threat intelligence
    • How Symantec and Bay Dynamics can help vulnerability and risk management teams become more productive in integrating threat intelligence into their workflow and maturing their capabilities
  • Cyber Risk Readiness – The gap between perception and data Recorded: Jan 21 2016 50 mins
    Humphrey Christian, VP Product Management, Bay Dynamics
    Bay Dynamics commissioned a study with Osterman Research to find out how prepared the large retailers were for dealing with cyber risk from hiring large temporary workers. The study revealed some surprising findings including how little organizations knew about their high value systems and the type of access granted to temporary workers. In fact, almost 40% of retailers don’t know which systems their temporary employees access in their organization.

    Please join us on Thursday, January 21, 2016 at 10:00 am PT for a live Bay Dynamics webinar as Humphrey Christian, VP Product Management discusses the findings from this report, and its implications across different verticals. The webinar will highlight best practices to address the report findings and will demonstrate how our Risk Fabric Platform can help build effective cyber risk reduction programs for enterprises.
Cyber Risk Predictive Analytics for Actionable Visibility
Bay Dynamics® is the market leader in cyber risk predictive analytics providing actionable visibility into organizations’ cybersecurity blind spots, complete with business risks and threats. The company’s purpose-built Risk Fabric® platform assembles and correlates relevant data from existing tools in a novel patented way to provide actionable cyber risk insights, before it’s too late. Bay Dynamics enables some of the world’s largest organizations to understand the state of their cybersecurity posture, including contextual awareness of what their insiders, vendors and bad actors are doing, which is key to effective cyber risk management

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: The Insider Threat: Employees and Vendors as Attack Vectors
  • Live at: Dec 8 2015 6:00 pm
  • Presented by: Anil Nandigam, Head of Product Marketing, Bay Dynamics
  • From:
Your email has been sent.
or close