Name: An Asset-Centric Approach to Manage Cyber Risk
Start: 2016-08-31T17:00:00Z
End: 2016-08-31T17:55:39.000Z
Location: BrightTALK
Rating: 4.5

Bay Dynamics® is the market leader in cyber risk predictive analytics providing actionable visibility into organizations’ cybersecurity blind spots, complete with business risks and threats.  The company’s purpose-built Risk Fabric® platform assembles and correlates relevant data from existing tools in a novel patented way to provide actionable cyber risk insights, before it’s too late. Bay Dynamics enables some of the world’s largest organizations to understand the state of their cybersecurity posture, including contextual awareness of what their insiders, vendors and bad actors are doing, which is key to effective cyber risk management

Taking a Zero Trust approach that emphasizes users and data offers a significant opportunity to modernize security, and traditional kill chain models. While many of today's models leverage data detected on endpoints, they lack the critical context of how users are interacting with data and sensitive applications in the cloud, and from devices lurking in blind spots from traditional controls.

To establish more inclusive, Zero Trust kill chains that pinpoint troublesome data handling - in direct relation to business objectives - today's security practitioners require the ability to inject context from data protection tools, including CASBs and DLP, among others, deeper into the process. Integrated analytics that combine and analyze these data sources hold the key to increased effectiveness.

Register for this webinar to learn how to:

Provide more robust data protection, married with targeted threat prevention
Pinpoint users and systems that pose the greatest risks, related to exfiltration
Highlight key differentiators between internal and external threats
Tie business-driven data protection priorities directly to incident response

Webinar: Building Effective Zero Trust Kill Chains Using Data-Centric Analytics

Multi-stage attacks use diverse and distributed methods to circumvent existing defenses and evade detection - spanning endpoints, networks, email and other vectors in an attempt to land and expand. Meanwhile, individual tools including DLP, EDR, CASBs, email security and advanced threat protection are only designed to identify individual elements of a campaign, putting the onus on human analysts to piece together the bigger picture - when time and resources allow. 

Today's advanced security analytics platforms combine data from numerous security solutions to eliminate blind spots, visualize multi-stage threats and provide the detailed context necessary to enact targeted response. By using behavioral analytics and applying dedicated machine learning, these platforms automate critical threat hunting capabilities, so analysts at all levels can pinpoint advanced attacks, drive remediation and continuously refine investigation.

Register for this webinar and learn about:

-Visualizing multi-stage threats and compromised users;
-Investigating and hunting within and across stages;
-Maximizing human talent using Machine Learning.
-Addressing DLP, EDR and Email Security use cases;

Automate Threat hunting With Security Analytics & Machine Learning

Incident triage dominates daily efforts by Data Loss Prevention (DLP) teams. What’s more pressing is the need to expand DLP policies and channels, i.e. cloud apps and email, are creating more incidents. But more incidents arrive than can be closed - so high risk actions sometimes get missed. 

New user and entity behavior analytics platforms like Symantec Information Centric Analytics (ICA) dramatically reduce false positives, so there’s time to refine processes and educate other organizations. 

Key questions answered include: 

-How to expand existing Data Protection to cover more channels while reducing incident management?

-What’s abnormal but dangerous activity? and how dangerous is it?

-How to address more incidents and risky users without changing policies?

Secrets of Mature DLP Programs

There has been a lot of industry buzz about cybersecurity platforms over the past year but much of the discussion is long on hyperbole and short on detail.  

What exactly is a cybersecurity platform?  
Are organizations really looking to purchase and deploy these platforms?   
How can they impact the daily lives of security practitioners?

Join Bay Dynamics, ESG, and Symantec and get educated on:

-  New research about the growing transition to cybersecurity platforms

-  The benefits of cybersecurity platforms

-  How cybersecurity platforms will continue to evolve in the future.

Register Today

A Pragmatic Look at Security Platforms - Immediate Impact and Future Promise

In the first of a three-part webcast series: 

Part 1:  First Things First - Understanding “Normal” Through Smart Incident Response and User and Entity Behavior Analytics (UEBA) 

Incident triage dominates daily efforts by Data Loss Prevention (DLP) teams.  What’s more is the need to expand DLP policies and channels, i.e. cloud apps and email, are creating more incidents. But more incidents arrive than can be closed - so high risk actions sometimes get missed.  

New user and entity behavior analytics platforms like Symantec Information Centric Analytics (ICA) dramatically reduce false positives, so there’s time to refine processes and educate other organizations.  

Key questions answered include: 

-How to expand existing Data Protection to cover more channels while reducing incident management?

-What’s abnormal but dangerous activity? and how dangerous is it?

-How to address more incidents and risky users without changing policies?

Register Today

About the 3-Part DLP webcast series:
The need for data protection continues to increase as organiztions mature, acquire new organizations, adopt cloud applications and infrastructure. 

While each DLP initiative launches with high expectations, many remain immature after years.  Root causes can be understood - technology, people, and processes – and addressed so DLP can effectively protect data in the hybrid cloud world. 

This 3-part series features pragmatic insights and lessons learned from mature DLP programs on making their teams effective and getting buy in from their organizations.

Upcoming webcasts: 
August 30th: Part 2 of 3:Talking It Out – Cross-functional Communication Key to Mature DLP Programs (Register Today http://bit.ly/0830DLPwebcast)

September 20th: Part 3 of 3: Data, Data Everywhere - Increasing DLP Value as Everyone Goes Cloud (http://bit.ly/0920DLPwebinar)

Part 1 of 3: Secrets of Mature DLP Programs - Getting from "How?" to "Wow!"

Leveraging state of the art technology to help you find personal data, spot risky users, and respond to incidents 

The General Data Protection Regulation (GDPR) sets a new standard in data protection that will impact not just EU, but global organizations. With the GDPR start date quickly approaching, organizations face plural priorities; how to stay on top of their existing security program, while building – and implementing - a compliance strategy by May 2018. 

The keys to success? First, ensuring you understand the data protection risks you face. Second, using state of the art technology to both reduce risk and free up your security team. 

Join us on March 15th to learn how to leverage state of the art technology to build an efficient data protection risk management strategy. 

During this session, you will learn: 

-Why good risk management and data-centric protection go hand in hand 

-How leading technology helps you discover, monitor and protect personal data, wherever it is 

-Using data analytics to detect, quantify, and prioritize insider threats and outsider risks 

-How to free up your security team by removing unnecessary alerts and distractions

Please join us, register today

How to Tackle Data Protection Risk in time for GDPR Compliance

The risk from software vulnerabilities has historically been an IT Operations concern, but no longer. A more integrated approach centralizing vulnerability data, and decision making, is necessary to provide a holistic view of organizational risk up the executive chain. The ability to prioritize asset risk, communicate with stakeholders, and make rapid, informed decisions, will be the difference between success, and failure, for many modern enterprises.
 
Join this live Q&A with guest speaker, Forrester Senior Analyst Serving Security & Risk professionals, Josh Zelonis and Bay Dynamics VP of Strategy, Steven Grossman, as they answer your questions and cover:
 
- Why is vulnerability risk management more that scanning?
- How do you prioritize risks beyond CVE and CVSS scores?
- How can a preemptive approach elevate vulnerability risk management to the core enterprise-wide risk management item it should be?
-What are the common challenges in moving to a vulnerability risk management model?
 
Register for this webcast for insight into the changing demands on vulnerability management programs.

Vulnerability Risk Management; Not Just Scanners Anymore

The General Data Protection Regulation (GDPR) goes into effect in May 2018. It’s predicted that over 50% of companies affected will not be in full compliance in time. With fines as much as 4% annual revenue, cybersecurity experts, executives and boards are paying attention. 
 
What are the main obligations under the GDPR which will apply to your organization?
How can you identify the gaps that exist between your existing programs and GDPR requirements?
What changes are needed and which technologies can help to achieve compliance?
What is a pragmatic timetable, in what order of priority, and at what cost?
 
Join ESG Sr. Principal Analyst, Jon Oltsik, Symantec Director, Global Product Marketing and GTM Strategy, Salah Nassar, and Steven Grossman, Bay Dynamics’ Vice President of Strategy as we discuss how to:
 
- Identify what data matters for GDPR compliance
- Implement a framework for change
- Leverage DLP and behavioral analytics for data governance
 
The clock is ticking.

GDPR Compliance and the Role of DLP and Behavioral Analytics

Two events in a single month recently reshaped the cyber-security landscape– the President’s Cybersecurity Executive Order and a massive ransomware attack that struck countless organizations worldwide. At their core, these headlines span common unresolved matters that affect nearly every practitioner in the cybersecurity field.
 
The Wannacry ransomware attacks exploited unpatched-yet-well-known vulnerabilities. The White House policy explicitly supports a risk based approach, mandating that federal agencies prioritize IT security strategy based on exposure of their most valued assets.
 
For years, cybersecurity teams have sought to tackle those threats and vulnerabilities that could compromise these critical assets. Given the state of real-world threats and these new marching orders, both public and private sector organizations must re-assess where they stand and take a closer look at evolving practices.

This webinar, co-presented by Craig A. Newman, Partner and Chair of Patterson Belknap Webb & Tyler LLP’s Privacy and Data Security Practice, and Steven Grossman, VP of Strategy at Bay Dynamics will cover:

  *   The must-know takeaways of the latest Cybersecurity Executive Order
  *   Related findings from the recently released report – A Day in the Life of a Cybersecurity Pro
  *   How private and public organizations can apply specific practices that directly enable more effective prioritization of asset-based IT risk

How the Cybersecurity Executive Order Impacts Today’s IT Risk Strategy

Physical health comes from both common sense – eat right and exercise – and advanced medicine. Blood pressure, sugar levels, and white cell counts are vital metrics to be monitored and controlled. 

What meaningful numbers are available to cyber teams? How can they be used to 
understand overall risk posture and prescribe detailed actions to take today?

•Overall health - Which departments need cyber health checks now? Next quarter?
•Regular hygiene - Whose applications are patched quickly? Whose are not?
•Immune systems - How is unusual behavior pertaining to critical assets detected? 
•Breakthroughs - Can cyber risk be quantified in financial terms?

Know Your Numbers - Vital Signs, Immune Systems, and Cyber Risk

The New York State Cyber Security Regulation for financial organizations becomes mandatory March 1st. Since our last webinar, the requirements have been updated. The revised regulation, which NYS banks, insurance companies, and other financial services institutions regulated by the Department of Financial Services must follow, includes changes surrounding risk assessments, encryption, cyber security policies, cyber governance and more. Join us for this second webinar specifically addressing the revised components of the regulation and what financial organizations inside and outside of NYS should be doing now that the regulation is taking effect.

The NYS Cyber Security Regulation Is Mandatory: Now What?

Enterprises use value at risk metrics to drive most strategic decisions, except when it comes to cyber risk. Prioritizing cyber risk response and remediation is typically a guessing game that requires experts to work with the cyber and business teams to try to guesstimate probabilities of particular events and their ability to compromise each application's confidentiality, integrity and availability.  Without calculating a dollar amount impact to which the business is exposed, stakeholders enterprise-wide have no way of knowing the most potentially damaging vulnerabilities and threats within their environment.

This webinar will discuss why enterprises must embrace quantifying cyber risk as they do in all other parts of the business and how they can calculate the financial impact metrics needed to drive faster and more effective decision making.

Don't 'Guesstimate' Your Cyber Risk, Use Financial Impact to Prioritize & Decide

Effective cyber risk management depends upon security analytics technology. However, as more enterprises and vendors see the value in this technology, more hype and misconceptions come to surface. In some cases, security analytics is being used interchangeably with solutions like SIEM and user behavior analytics when in reality, those solutions are components of a security analytics platform. To clear the confusion, Enterprise Strategy Group's Senior Analyst of Cybersecurity, Doug Cahill, and Bay Dynamics co-founder and CTO Ryan Stolte are hosting a webinar which will dive deep into what security analytics really is and how organizations can most effectively use it to reduce cyber risk to their crown jewels.

Protecting Your Crown Jewels with Security Analytics

The New York State Department of Financial Services (NYS DFS) recently issued proposed regulations for financial services firms in NYS to go into effect in January 2017. The regulations are groundbreaking in some respects, in particular in that they include requirements for emerging (or not yet fully emerged) technology categories. Yet, there are also significant gaps. Find out what these regulations may mean for your organization (whether or not you’re a financial services firm, or do business in New York). You’ll learn from the experts at Nemertes Research and Bay Dynamics how you can leverage the regulations to strengthen your cyber risk posture and take strides towards better protecting your company.

NY State Cybersecurity Requirements for Financial Firms: Why Should You Care?

Organizations' ultimate goal is protecting corporate assets and reducing cyber risk around them. A multitude of security tools, both traditional and advanced, are deployed towards attaining this goal. But in order to truly address today’s cyber risk challenges, organizations need a security analytics platform that automates the process of aggregating data from existing security tools, enables understanding the assets at risk, and effectively communicates cyber risk to the right people at right time. In this presentation, you will learn how the Bay Dynamics Cyber Risk Analytics platform goes beyond traditional SIEM and User Behavior Analytics solutions to provide a prescription for organizations to measurably reduce cyber risk.

Security Analytics for Effective Cyber Risk Management

With today's multi-layered attack surface, traditional vulnerability management no longer suffices. Security leaders must embrace a new strategy to help identify and secure true assets at risk. Gautam Aggarwal of Bay Dynamics explains how.

The challenge isn't identifying and taking inventory of assets at risk - organizations are adept at that. Where they fall short is at knowing which assets need the most attention, says Aggarwal, CMO at Bay Dynamics.

"When it comes to prioritizing which assets to come back and mitigate, that is the challenge for [security leaders]," Aggarwal says. "They still lack context."

All assets are valuable, Aggarwal points out. But some hold a higher cyber-value at risk than others. The key is not just to identify those assets, but to develop strong relationships with the line of business leaders who control those assets. Those relationships will reveal the business context necessary to making smarter security decisions.

In an interview in the topic of securing assets at risk, Aggarwal discusses:

- The flaws in traditional vulnerability management
- How to identify and prioritize assets at risk
- Why and how to engage line of business leaders in this discussion

Beyond Vulnerability Management

Security practitioners must take a proactive, inside out approach to managing their organization’s cyber risk. But the challenges lie in effectively measuring the overall risk posture of the business. The manual process tied to analyzing security data today is demanding and error prone. To address this, the security and risk department needs an automated and repeatable process that makes sense of the volumes of security data from their existing solutions. This would allow them to effectively communicate a traceable and actionable view of cyber risk to line of business owners and the board of directors.

Please join us on Thursday, April 28, 2016 at 10:00 a.m. PT for a live Bay Dynamics webinar as Humphrey Christian, Vice President, Product Management, explains how your organization can obtain a 360 degree view of your cyber risk posture.

Managing Cyber Risk From the Inside Out

Enterprises, both large and small, all have vulnerability management solutions.  However, security teams are overwhelmed by the mountain of vulnerabilities uncovered by these solutions. Once they determine which endpoints, systems and applications are vulnerable to an attack, they do not know which steps to take next and in what order. As a result, they spend countless hours manually determining who owns the vulnerable asset, the value of that asset, if it was compromised and if there is an active threat to that asset. 

Join us for a live webinar on Wednesday, August 31, 2016 at 10am PT as Humphrey Christian, Vice President, Product Management, Bay Dynamics, discusses why organizations and business stakeholders, need an asset-centric approach to provide a fully integrated view of threats, vulnerabilities, asset value and business context. He will also give a live demonstration of the Bay Dynamics Risk Fabric cyber risk platform and provide examples of how our customers have used it to build asset-centric risk management programs that allow security teams, line-of-business leaders, C-level executives and boards of directors to determine which threats and associated vulnerabilities could lead to a compromise of their most valued assets and what steps need to be taken in order to reduce that risk.

Register for the live webinar to learn more about:
• Understanding your Assets at Risk by protecting your high value assets that can be exploited by threats and vulnerabilities
• Why it is important to take an asset-centric approach to effectively manage cyber risk 
• How Risk Fabric cyber risk analytics platform servers as a centerpiece for this asset-centric approach through a live demonstration

An Asset-Centric Approach to Manage Cyber Risk

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

An Asset-Centric Approach to Manage Cyber Risk

Presented by

About this talk

More from this channel