Solution Summit Part 1: Shadow Data - The Elastica Shadow Data Report

As IT complexity increases at organizations, gaining visibility into a comprehensive asset inventory becomes progressively difficult for information security teams. The convergence of three trends account for this new era of complexity: the increase in the number and types of devices, rapid public cloud adoption, and the looming IoT explosion. Axonius commissioned a research survey with Enterprise Strategy Group (ESG) to uncover what kinds of visibility gaps, challenges, and strategies are top of mind for information security professionals. Join Axonius and (ISC)2 on May 21, 2020 at 1:00PM Eastern for the third of three webinars focusing on the looming and inevitable IoT explosion. By some reports, there will be 500 billion connected devices by 2030 (Cisco). Organizations are most concerned about visibility into the volume and diversity of devices.


Webinar attendees will learn:


• Detailed research findings on the looming IoT explosion, visibility challenges, and security implications


• An understanding of the key asset inventory challenges and how organizations are addressing these issues


• Best practices when implementing and improving an asset inventory process


• Emerging innovations and approaches to continuous asset discovery and automation

The beauty of the internet is that when users access content, they don’t actually care about the exact physical location of the “hardware” that is ultimately fetching the information. Users primarily care about how quickly they can get the information and how secure they are while doing it. To ensure business continuity, organizations deploy highly distributed but interconnected networks to ensure faster and efficient internet delivery. This webinar highlights some of the challenges you face while deploying distributed infrastructure and validation solutions to ensure high performance and security.

- Overview of technologies like software-defined wide area network (SD-WAN) and contend delivery network (CDN) that leverage distributed topologies

- Common challenges of deploying such technologies

- Performance and security issues during deployment and post deployment of distributed networks

Did you know that 81% of organizations reported that they suffered a successful cyber-attack in 2019? CyberEdge’s 2020 Cyberthreat Defense Report (CDR) has become the de facto standard for assessing organizations’ security posture, for gauging perceptions of IT security professionals, and for ascertaining current and planned investments in IT security infrastructure. The 2020 CDR assesses the views of 1,200 IT security professionals representing 17 countries and 19 industries. It’s the most geographically comprehensive view of IT security perceptions in our industry. Join (ISC)2 (a sponsor of this year’s study) and CyberEdge on May 12, 2020 at 1:00PM Eastern for highlights of the results and get key insights including:

A record 62% of organizations were compromised by ransomware last year

58% of ransomware victims paid ransoms last year, but a third failed to recover their encrypted data

Malware, spear-phishing, and ransomware cause the most headaches while zero-day attacks are of least concern

Lack of skilled personnel and low employee awareness inhibit IT security’s success

85% of organizations are experiencing a shortfall of skilled IT security personnel

Organizations across the world rely heavily on customer-facing and enterprise web applications to conduct their day-to-day business operations. It is mission-critical to ensure legitimate users are able to access these applications unhindered while malicious actors are kept at bay. This has become even more complicated since web apps have grown from just a few business apps to a multitude of backend web apps, mobile apps, SaaS apps, and other cloud-delivered solutions — all while the number and diversity of threats targeted at web applications continues to increase. Web application firewalls (WAFs) are generally tasked to protect modern websites and applications, but many times policies are based on performance rather than a known risk level. In this webinar we will discuss the following:

1) Techniques to discover security loopholes in existing WAFs that hackers may exploit

2) Continuous validation and remediations that not just help close existing loopholes, but also identify new ones as they arise

3) Performance benchmarking that ensures the WAF continues to deliver expected performance while increasing its security efficacies

Account Takeover (ATO) attacks are on the rise. Not only are they hard to detect, they have consequences far beyond compromised PII and stolen goods. Stopping such ATO attacks is critical for any company engaged in online commerce. Join PerimeterX and (ISC)2 on May 7, 2020 at 1:00PM Eastern time as we highlight the top five ways to identify automated bot attacks to your website. We’ll cover:

● Real use cases - attacks that happened in the real world

● Practical strategies for identifying automated attacks

● Best practices for addressing and blocking bot attacks

● ATO attack trends during COVID19 pandemic

When you hear the words "Threat Intelligence", what's the first thing that comes to mind? Back end research? Threat Hunting? It's easy to categorize threat intelligence as a reactive tool - best suited for things like root-cause analysis - but it's so much more than that. In the first part of a three part series presented by Keysight, we'll explore an array of practical applications for threat intelligence, including traditional defensive strategies and new offensive strategies that will help you maximize your SecOps team.
•Join us to discover how applying threat intelligence can help you:

•Answer the question "Am I more secure today than I was yesterday?"

•Improve the efficiency and effectiveness of Breach and Attack Simulation tools

•Reduce your attack surface by blocking the latest threats

•Prevent DDoS attacks and improve performance with pre-deployment testing

•Maximize your threat hunting capability with real-time insights into botnets, phishing, etc.

•Stay ahead of attackers by researching the latest attack signatures

As IT complexity increases at organizations, gaining visibility into a comprehensive asset inventory becomes progressively difficult for information security teams. The convergence of three trends account for this new era of complexity: the increase in the number and types of devices, rapid public cloud adoption, and the looming IoT explosion. Axonius commissioned a research survey with Enterprise Strategy Group (ESG) to uncover what kinds of visibility gaps, challenges, and strategies are top of mind for information security professionals. Join Axonius and (ISC)2 on April 23, 2020 at 1:00PM Eastern for the second of three webinars that will focus on rapid cloud adoption. We have surpassed the Cloud Tipping Point with more than half of all virtual machines (VMs) residing in the cloud and container usage becoming mainstream. Organizations are struggling to solve cloud asset visibility challenges and the resulting security incidents as expected growth adds further complexity.

We’ll examine

· Detailed research findings on cloud adoption, visibility challenges, and security implications

· An understanding of the key asset inventory challenges and how organizations are addressing these issues

· Best practices when implementing and improving an asset inventory process

· Emerging innovations and approaches to continuous asset discovery and automation

Targeting online shopping cart systems, Magecart attacks steal customer payment information via insertion of a malicious piece of Javascript code. This code-injection exploit can leave businesses exposed to digital skimming, data theft, compliance penalties, and brand damage. But how do these attacks actually happen and how does one mitigate them? Join PerimeterX and (ISC)² on April 9, 2020 at 1:00PM Eastern for a discussion on Magecart attacks and see a live simulation of a Magecart attack.

You will also learn about:

● Methods and tricks used to compromise websites

● Data exfiltration mechanisms used by malicious scripts

● Detection techniques and their limitations

As IT complexity increases at organizations, gaining visibility into a comprehensive asset inventory becomes progressively difficult for information security teams. The convergence of three trends have resulted in a new era of complexity: the increase in the number and types of devices, rapid public cloud adoption, and the looming IoT explosion. Axonius commissioned a research survey with Enterprise Strategy Group (ESG) to uncover what kinds of visibility gaps, challenges, and strategies are top of mind for information security professionals. Join Axonius and (ISC)² March 26, 2020 at 1:00PM Eastern for a discussion on the explosion of the number devices in an enterprise and how to keep them accounted for and secure. Areas to be covered include:

-Detailed research findings on device adoption, solution deployment, and time to inventory

-An understanding of the key asset inventory challenges and how organizations are addressing these issues

-Best practices when implementing and improving an asset inventory process

-Emerging innovations and approaches to continuous asset discovery and automation

Over the last decade, many publicly reported breaches have caused organizations to re-think and re-architect their internal network, eschewing older conventions and replacing them with frameworks that continually ensure that the implicit trust granted to users, devices and applications, is reduced. However, these new frameworks, generally categorized as Zero Trust frameworks, are often misunderstood, and their implementation, delayed. Join Gigamon and (ISC)² on March 12, 2020 at 1:00PM Eastern as we examine Zero Trust architectures. The webcast will include:

• An overview of Zero Trust and some of its conventions
• What changes are needed networks to support Zero Trust frameworks
• Caveats and gotchas
• Best practice implementation strategies

With the release of TLS 1.3 and the continued rise of external and internal encrypted traffic use, security teams are faced with the dilemma of finding threats within traffic streams that are increasingly obscured. Though many organizations decrypt and inspect traffic due to both security and regulatory concerns, there are many that are effectively blind to threats that are communicating via encrypted channels. However, the news is not all grim; join (ISC)² and Gigamon on February 13, 2020 at 1:00PM Eastern as we dive into discovery methodologies that can be used to detect threats within encrypted traffic without the need for decryption.

Attendees will learn:
• An overview of threat detection methodologies
• Detection techniques that are encryption-agnostic
• Detailed breakdowns of what can be learned from encrypted traffic
• Best practice setups for use

Network traffic encryption is the pillar on which the Internet, as we know it today, rests on. E-commerce, banking transactions, private and sensitive communications…all occur based on the implicit assumption that our communications are secured. However, ubiquity also means targetable, and Transport Layer Security (TLS) has undergone changes in an effort to stay ahead of the security game. Join (ISC)2 and Gigamon on Tuesday, January 28, 2020 at 1:00PM Eastern as we dive into TLS 1.3, the newest version of the TLS encryption protocol. Areas covered include an overview of statistics associated with encrypted traffic, what changes are introduced in TLS 1.3, and the advantages and challenges associated with them, implementation caveats and gotchas and best practice deployment strategies.

Legacy, signature-based AV isn’t working. It is ineffective in stopping ransomware and zero-day attacks and creates a burden on your staff between patching, updating, reimaging systems, and overall impact to endpoint performance. As former NSA Director Admiral Michael Rogers said, “Without Artificial Intelligence, Cyber ‘is a losing strategy.” AI is all around us, and everyone is claiming to use it, but not all AI is created equal. With 70% of all attacks beginning on the endpoint, with the right AI in place organizations can move to a prevention first approach to end point security. Join BlackBerry Cylance and (ISC)2 on Thursday, January 9, 2020 for our first Security Briefing of the year where we will discuss AI-tools that can provide powerful detection, prevention and response capabilities.

Cloud adoption is exploding with nearly 1,300 cloud apps in use in an average enterprise. From suites like Office 365 to collaboration tools like Slack, the cloud has enabled new levels of productivity resulting in enterprises gaining strategic advantages. Enterprises are not the only ones benefitting from cloud adoption. Bad actors are using the cloud to bypass legacy defense mechanisms and harvest credentials, deliver malicious payloads, and steal data. In this webcast, we’ll examine a few recent cloud data breaches and dissect how these breaches occurred and best practices to reduce the chance it will happen to your organization. We will dive into new attack scenarios that involve using the cloud to bypass traditional security tools, how the cloud-enabled kill chain forces a rethinking of how to defend against threats such as phishing and data exfiltration and 5 steps to protect against cloud threats.

The MITRE ATT&CK Framework is a comprehensive, up-to-date knowledge base of cyberattacker tactics and techniques gathered from actual observation of attacker behavior. The framework can help anticipate what an attacker will do and how to respond. Join Infoblox and (ISC)2 on December 12, 2019 at 1:00PM Eastern for an examination of how the MITRE ATT&CK can help you make better, faster decisions about assessing risks, deploying new security controls and stopping attacks faster and more efficiently.