GDPR Compliance and the Role of DLP and Behavioral Analytics

Incident triage dominates daily efforts by Data Loss Prevention (DLP) teams. What’s more pressing is the need to expand DLP policies and channels, i.e. cloud apps and email, are creating more incidents. But more incidents arrive than can be closed - so high risk actions sometimes get missed.

New user and entity behavior analytics platforms like Symantec Information Centric Analytics (ICA) dramatically reduce false positives, so there’s time to refine processes and educate other organizations.

Key questions answered include:

-How to expand existing Data Protection to cover more channels while reducing incident management?

-What’s abnormal but dangerous activity? and how dangerous is it?

-How to address more incidents and risky users without changing policies?

There has been a lot of industry buzz about cybersecurity platforms over the past year but much of the discussion is long on hyperbole and short on detail.

What exactly is a cybersecurity platform?
Are organizations really looking to purchase and deploy these platforms?
How can they impact the daily lives of security practitioners?

Join Bay Dynamics, ESG, and Symantec and get educated on:

- New research about the growing transition to cybersecurity platforms

- The benefits of cybersecurity platforms

- How cybersecurity platforms will continue to evolve in the future.

Register Today

In the first of a three-part webcast series:

Part 1: First Things First - Understanding “Normal” Through Smart Incident Response and User and Entity Behavior Analytics (UEBA)

Incident triage dominates daily efforts by Data Loss Prevention (DLP) teams. What’s more is the need to expand DLP policies and channels, i.e. cloud apps and email, are creating more incidents. But more incidents arrive than can be closed - so high risk actions sometimes get missed.

New user and entity behavior analytics platforms like Symantec Information Centric Analytics (ICA) dramatically reduce false positives, so there’s time to refine processes and educate other organizations.

Key questions answered include:

-How to expand existing Data Protection to cover more channels while reducing incident management?

-What’s abnormal but dangerous activity? and how dangerous is it?

-How to address more incidents and risky users without changing policies?

Register Today

About the 3-Part DLP webcast series:
The need for data protection continues to increase as organiztions mature, acquire new organizations, adopt cloud applications and infrastructure.

While each DLP initiative launches with high expectations, many remain immature after years. Root causes can be understood - technology, people, and processes – and addressed so DLP can effectively protect data in the hybrid cloud world.

This 3-part series features pragmatic insights and lessons learned from mature DLP programs on making their teams effective and getting buy in from their organizations.

Upcoming webcasts:
August 30th: Part 2 of 3:Talking It Out – Cross-functional Communication Key to Mature DLP Programs (Register Today http://bit.ly/0830DLPwebcast)

September 20th: Part 3 of 3: Data, Data Everywhere - Increasing DLP Value as Everyone Goes Cloud (http://bit.ly/0920DLPwebinar)

Leveraging state of the art technology to help you find personal data, spot risky users, and respond to incidents

The General Data Protection Regulation (GDPR) sets a new standard in data protection that will impact not just EU, but global organizations. With the GDPR start date quickly approaching, organizations face plural priorities; how to stay on top of their existing security program, while building – and implementing - a compliance strategy by May 2018.

The keys to success? First, ensuring you understand the data protection risks you face. Second, using state of the art technology to both reduce risk and free up your security team.

Join us on March 15th to learn how to leverage state of the art technology to build an efficient data protection risk management strategy.

During this session, you will learn:

-Why good risk management and data-centric protection go hand in hand

-How leading technology helps you discover, monitor and protect personal data, wherever it is

-Using data analytics to detect, quantify, and prioritize insider threats and outsider risks

-How to free up your security team by removing unnecessary alerts and distractions

Please join us, register today

The risk from software vulnerabilities has historically been an IT Operations concern, but no longer. A more integrated approach centralizing vulnerability data, and decision making, is necessary to provide a holistic view of organizational risk up the executive chain. The ability to prioritize asset risk, communicate with stakeholders, and make rapid, informed decisions, will be the difference between success, and failure, for many modern enterprises.

Join this live Q&A with guest speaker, Forrester Senior Analyst Serving Security & Risk professionals, Josh Zelonis and Bay Dynamics VP of Strategy, Steven Grossman, as they answer your questions and cover:

- Why is vulnerability risk management more that scanning?
- How do you prioritize risks beyond CVE and CVSS scores?
- How can a preemptive approach elevate vulnerability risk management to the core enterprise-wide risk management item it should be?
-What are the common challenges in moving to a vulnerability risk management model?

Register for this webcast for insight into the changing demands on vulnerability management programs.

The General Data Protection Regulation (GDPR) goes into effect in May 2018. It’s predicted that over 50% of companies affected will not be in full compliance in time. With fines as much as 4% annual revenue, cybersecurity experts, executives and boards are paying attention.

What are the main obligations under the GDPR which will apply to your organization?
How can you identify the gaps that exist between your existing programs and GDPR requirements?
What changes are needed and which technologies can help to achieve compliance?
What is a pragmatic timetable, in what order of priority, and at what cost?

Join ESG Sr. Principal Analyst, Jon Oltsik, Symantec Director, Global Product Marketing and GTM Strategy, Salah Nassar, and Steven Grossman, Bay Dynamics’ Vice President of Strategy as we discuss how to:

- Identify what data matters for GDPR compliance
- Implement a framework for change
- Leverage DLP and behavioral analytics for data governance

The clock is ticking.

Two events in a single month recently reshaped the cyber-security landscape– the President’s Cybersecurity Executive Order and a massive ransomware attack that struck countless organizations worldwide. At their core, these headlines span common unresolved matters that affect nearly every practitioner in the cybersecurity field.

The Wannacry ransomware attacks exploited unpatched-yet-well-known vulnerabilities. The White House policy explicitly supports a risk based approach, mandating that federal agencies prioritize IT security strategy based on exposure of their most valued assets.

For years, cybersecurity teams have sought to tackle those threats and vulnerabilities that could compromise these critical assets. Given the state of real-world threats and these new marching orders, both public and private sector organizations must re-assess where they stand and take a closer look at evolving practices.

This webinar, co-presented by Craig A. Newman, Partner and Chair of Patterson Belknap Webb & Tyler LLP’s Privacy and Data Security Practice, and Steven Grossman, VP of Strategy at Bay Dynamics will cover:

* The must-know takeaways of the latest Cybersecurity Executive Order
* Related findings from the recently released report – A Day in the Life of a Cybersecurity Pro
* How private and public organizations can apply specific practices that directly enable more effective prioritization of asset-based IT risk

Physical health comes from both common sense – eat right and exercise – and advanced medicine. Blood pressure, sugar levels, and white cell counts are vital metrics to be monitored and controlled.

What meaningful numbers are available to cyber teams? How can they be used to
understand overall risk posture and prescribe detailed actions to take today?

•Overall health - Which departments need cyber health checks now? Next quarter?
•Regular hygiene - Whose applications are patched quickly? Whose are not?
•Immune systems - How is unusual behavior pertaining to critical assets detected?
•Breakthroughs - Can cyber risk be quantified in financial terms?

The New York State Cyber Security Regulation for financial organizations becomes mandatory March 1st. Since our last webinar, the requirements have been updated. The revised regulation, which NYS banks, insurance companies, and other financial services institutions regulated by the Department of Financial Services must follow, includes changes surrounding risk assessments, encryption, cyber security policies, cyber governance and more. Join us for this second webinar specifically addressing the revised components of the regulation and what financial organizations inside and outside of NYS should be doing now that the regulation is taking effect.

Enterprises use value at risk metrics to drive most strategic decisions, except when it comes to cyber risk. Prioritizing cyber risk response and remediation is typically a guessing game that requires experts to work with the cyber and business teams to try to guesstimate probabilities of particular events and their ability to compromise each application's confidentiality, integrity and availability. Without calculating a dollar amount impact to which the business is exposed, stakeholders enterprise-wide have no way of knowing the most potentially damaging vulnerabilities and threats within their environment.

This webinar will discuss why enterprises must embrace quantifying cyber risk as they do in all other parts of the business and how they can calculate the financial impact metrics needed to drive faster and more effective decision making.

Effective cyber risk management depends upon security analytics technology. However, as more enterprises and vendors see the value in this technology, more hype and misconceptions come to surface. In some cases, security analytics is being used interchangeably with solutions like SIEM and user behavior analytics when in reality, those solutions are components of a security analytics platform. To clear the confusion, Enterprise Strategy Group's Senior Analyst of Cybersecurity, Doug Cahill, and Bay Dynamics co-founder and CTO Ryan Stolte are hosting a webinar which will dive deep into what security analytics really is and how organizations can most effectively use it to reduce cyber risk to their crown jewels.

The New York State Department of Financial Services (NYS DFS) recently issued proposed regulations for financial services firms in NYS to go into effect in January 2017. The regulations are groundbreaking in some respects, in particular in that they include requirements for emerging (or not yet fully emerged) technology categories. Yet, there are also significant gaps. Find out what these regulations may mean for your organization (whether or not you’re a financial services firm, or do business in New York). You’ll learn from the experts at Nemertes Research and Bay Dynamics how you can leverage the regulations to strengthen your cyber risk posture and take strides towards better protecting your company.

Enterprises, both large and small, all have vulnerability management solutions. However, security teams are overwhelmed by the mountain of vulnerabilities uncovered by these solutions. Once they determine which endpoints, systems and applications are vulnerable to an attack, they do not know which steps to take next and in what order. As a result, they spend countless hours manually determining who owns the vulnerable asset, the value of that asset, if it was compromised and if there is an active threat to that asset.

Join us for a live webinar on Wednesday, August 31, 2016 at 10am PT as Humphrey Christian, Vice President, Product Management, Bay Dynamics, discusses why organizations and business stakeholders, need an asset-centric approach to provide a fully integrated view of threats, vulnerabilities, asset value and business context. He will also give a live demonstration of the Bay Dynamics Risk Fabric cyber risk platform and provide examples of how our customers have used it to build asset-centric risk management programs that allow security teams, line-of-business leaders, C-level executives and boards of directors to determine which threats and associated vulnerabilities could lead to a compromise of their most valued assets and what steps need to be taken in order to reduce that risk.

Register for the live webinar to learn more about:
• Understanding your Assets at Risk by protecting your high value assets that can be exploited by threats and vulnerabilities
• Why it is important to take an asset-centric approach to effectively manage cyber risk
• How Risk Fabric cyber risk analytics platform servers as a centerpiece for this asset-centric approach through a live demonstration

Organizations' ultimate goal is protecting corporate assets and reducing cyber risk around them. A multitude of security tools, both traditional and advanced, are deployed towards attaining this goal. But in order to truly address today’s cyber risk challenges, organizations need a security analytics platform that automates the process of aggregating data from existing security tools, enables understanding the assets at risk, and effectively communicates cyber risk to the right people at right time. In this presentation, you will learn how the Bay Dynamics Cyber Risk Analytics platform goes beyond traditional SIEM and User Behavior Analytics solutions to provide a prescription for organizations to measurably reduce cyber risk.

With today's multi-layered attack surface, traditional vulnerability management no longer suffices. Security leaders must embrace a new strategy to help identify and secure true assets at risk. Gautam Aggarwal of Bay Dynamics explains how.

The challenge isn't identifying and taking inventory of assets at risk - organizations are adept at that. Where they fall short is at knowing which assets need the most attention, says Aggarwal, CMO at Bay Dynamics.

"When it comes to prioritizing which assets to come back and mitigate, that is the challenge for [security leaders]," Aggarwal says. "They still lack context."

All assets are valuable, Aggarwal points out. But some hold a higher cyber-value at risk than others. The key is not just to identify those assets, but to develop strong relationships with the line of business leaders who control those assets. Those relationships will reveal the business context necessary to making smarter security decisions.

In an interview in the topic of securing assets at risk, Aggarwal discusses:

- The flaws in traditional vulnerability management
- How to identify and prioritize assets at risk
- Why and how to engage line of business leaders in this discussion

Security practitioners must take a proactive, inside out approach to managing their organization’s cyber risk. But the challenges lie in effectively measuring the overall risk posture of the business. The manual process tied to analyzing security data today is demanding and error prone. To address this, the security and risk department needs an automated and repeatable process that makes sense of the volumes of security data from their existing solutions. This would allow them to effectively communicate a traceable and actionable view of cyber risk to line of business owners and the board of directors.

Please join us on Thursday, April 28, 2016 at 10:00 a.m. PT for a live Bay Dynamics webinar as Humphrey Christian, Vice President, Product Management, explains how your organization can obtain a 360 degree view of your cyber risk posture.

As the cyber threat landscape expands, so does need for good threat intelligence. The marketplace has exploded with sources of threat information, from the Internet, to open source code, to commercial threat data. But companies struggle with finding a way to collect the right threat information, to organize and prioritize it into true insights that are meaningful to their businesses.

Join this live webinar to hear about the power of threat intelligence combined with analytics and how you can use the joint offering with Symantec DeepSight and Bay Dynamics Risk Fabric, a Cyber Risk Analytics platform, to protect your assets from the ever changing threat landscape in today’s cyberspace.

You will learn:
• What is effective threat intelligence?
• How the different processes in your security and risk organization benefit from threat intelligence
• How your vulnerability and risk management teams can benefit from threat intelligence
• How Symantec and Bay Dynamics can help vulnerability and risk management teams become more productive in integrating threat intelligence into their workflow and maturing their capabilities

Bay Dynamics commissioned a study with Osterman Research to find out how prepared the large retailers were for dealing with cyber risk from hiring large temporary workers. The study revealed some surprising findings including how little organizations knew about their high value systems and the type of access granted to temporary workers. In fact, almost 40% of retailers don’t know which systems their temporary employees access in their organization.

Please join us on Thursday, January 21, 2016 at 10:00 am PT for a live Bay Dynamics webinar as Humphrey Christian, VP Product Management discusses the findings from this report, and its implications across different verticals. The webinar will highlight best practices to address the report findings and will demonstrate how our Risk Fabric Platform can help build effective cyber risk reduction programs for enterprises.

Target, Home Depot and The Office of Personnel Management. These organizations have two things in common – they have all suffered from a data breach and the attackers broke in through a third party vendor. Our analysis also shows that in 90 percent of data loss prevention incidents – meaning when employees leak sensitive data outside an organization – the employees are legitimate users who innocently send out data for business purposes.

Join this webinar to learn more about:

- How to manage the data deluge from various security tools and alerts to identify the threat within

- Best practices and tools to make employees more security conscience

- Products and solutions for security professionals to address all aspects of cyber risk from vendors and employees

- How to increase security awareness, and use Just-In-Time training to change behavior of negligent insiders