Chronicle #1: How Backstory Can Help Organizations Rethink Enterprise Security
Today, most security teams struggle to identify and locate threats in their networks. Without the ability to find the bad actors in the network, security teams are unable to be effective in their roles. Organizations need tools to link intelligence about threats in the wild, threats in your network, and understand unique signals from both. In this webcast, we’ll examine the latest trends and downfalls in this space, and how Chronicle, an Alphabet company, is looking to solve them at a global scale with a focus on speed and efficacy. We’ll also have a demo of the Chronicle security platform, Backstory and how it can help streamline your security.
RecordedApr 16 201963 mins
Your place is confirmed, we'll send you email reminders
Don Shin, Sr. Security Solution Marketing Manager, Imperva; Brandon Dunlap, Moderator
The cloud is a popular destination for companies of all sizes. As companies plan their migration to the cloud, there is pressure to use database services from public cloud vendors. What are the compliance and visibility requirements and what does a secure cloud data deployment looks like. Join Imperva and (ISC)2 on August 27, 2020 at 1:00PM Eastern for a discussion on protecting data in the cloud and how to deploy securely and quickly.
Kim Lambert, Sr. Product Marketing Manager, Imperva; Brandon Dunlap, Moderator
As transformations continue at breakneck speeds, how are these changes impacting security? Specifically, applications are being written in new ways and deployed across clouds. How do you maintain consistent app security in a way that enables agility and speed of deployment? Join Imperva and (ISC)2 on July 9, 2020 at 1:00PM Eastern for a discussion on applications and their addition to the computing infrastructure is impacting organizations both small and large.
Daniel Kennedy, Senior Analyst, 451 Alliance; Brandon Dunlap (Moderator)
A significant percentage of data breaches in the last year came as a result of the targeting of web applications. ‘Software’ continues to eat the world, but not all of the code behind it is being constructed in conditions that ensure security. DevSecOps is oft talked about, but what does implementation mean from a practical standpoint? What’s really meant by ‘shift left’?
Join Daniel Kennedy, Senior Analyst for 451 Alliance and (ISC)² on June 30, 2020 at 1:00PM Eastern for a discussion drawing on multiple years of peer market intelligence around application security, including tool usage within enterprises. We’ll examine what challenges emerge as security and development share responsibility for ensuring application security, and how can the needs of each be met.
Edward Roberts, Director of Product Marketing, Imperva; Brandon Dunlap, Moderator
You are a security professional. The world is changing - there are transformation initiatives being accelerated across your company - What are they, what is the impact on security and how can you ensure that a consistent security profile is maintained as your business transforms? Transformation is driving your company to engage with customers and partners in new ways, but automated attacks can steal your revenue and kill your business. How can the security team stop that happening? Join Imperva and (ISC)2 on June 18, 2020 at 1:00PM Eastern for a discussion on the processes and tools which will help to enable key transformation initiatives while protecting the integrity and security of your company.
Stolen payment card information usually needs to be validated before they can be used to run larger fraudulent transactions or be sold on the black market. Typically, automated bots run these tests or validation through smaller websites that lack anti-bot defenses. Join PerimeterX and (ISC)2 on June 4, 2020 at 1:00PM Eastern as we discuss how to detect and stop fraudulent transactions originating from carding bots and save thousands of dollars in payment processing charges. We’ll also cover :
As IT complexity increases at organizations, gaining visibility into a comprehensive asset inventory becomes progressively difficult for information security teams. The convergence of three trends account for this new era of complexity: the increase in the number and types of devices, rapid public cloud adoption, and the looming IoT explosion. Axonius commissioned a research survey with Enterprise Strategy Group (ESG) to uncover what kinds of visibility gaps, challenges, and strategies are top of mind for information security professionals. Join Axonius and (ISC)2 on May 21, 2020 at 1:00PM Eastern for the third of three webinars focusing on the looming and inevitable IoT explosion. By some reports, there will be 500 billion connected devices by 2030 (Cisco). Organizations are most concerned about visibility into the volume and diversity of devices.
Webinar attendees will learn:
• Detailed research findings on the looming IoT explosion, visibility challenges, and security implications
• An understanding of the key asset inventory challenges and how organizations are addressing these issues
• Best practices when implementing and improving an asset inventory process
• Emerging innovations and approaches to continuous asset discovery and automation
The beauty of the internet is that when users access content, they don’t actually care about the exact physical location of the “hardware” that is ultimately fetching the information. Users primarily care about how quickly they can get the information and how secure they are while doing it. To ensure business continuity, organizations deploy highly distributed but interconnected networks to ensure faster and efficient internet delivery. This webinar highlights some of the challenges you face while deploying distributed infrastructure and validation solutions to ensure high performance and security.
- Overview of technologies like software-defined wide area network (SD-WAN) and contend delivery network (CDN) that leverage distributed topologies
- Common challenges of deploying such technologies
- Performance and security issues during deployment and post deployment of distributed networks
Steve Piper, Co-Founder & CEO, CyberEdge Group; Brandon Dunlap, Moderator
Did you know that 81% of organizations reported that they suffered a successful cyber-attack in 2019? CyberEdge’s 2020 Cyberthreat Defense Report (CDR) has become the de facto standard for assessing organizations’ security posture, for gauging perceptions of IT security professionals, and for ascertaining current and planned investments in IT security infrastructure. The 2020 CDR assesses the views of 1,200 IT security professionals representing 17 countries and 19 industries. It’s the most geographically comprehensive view of IT security perceptions in our industry. Join (ISC)2 (a sponsor of this year’s study) and CyberEdge on May 12, 2020 at 1:00PM Eastern for highlights of the results and get key insights including:
A record 62% of organizations were compromised by ransomware last year
58% of ransomware victims paid ransoms last year, but a third failed to recover their encrypted data
Malware, spear-phishing, and ransomware cause the most headaches while zero-day attacks are of least concern
Lack of skilled personnel and low employee awareness inhibit IT security’s success
85% of organizations are experiencing a shortfall of skilled IT security personnel
George Zecheru, Amritam Putatunda, Sashi Jeyeretnam, Brandon Dunlap (Moderator).
Organizations across the world rely heavily on customer-facing and enterprise web applications to conduct their day-to-day business operations. It is mission-critical to ensure legitimate users are able to access these applications unhindered while malicious actors are kept at bay. This has become even more complicated since web apps have grown from just a few business apps to a multitude of backend web apps, mobile apps, SaaS apps, and other cloud-delivered solutions — all while the number and diversity of threats targeted at web applications continues to increase. Web application firewalls (WAFs) are generally tasked to protect modern websites and applications, but many times policies are based on performance rather than a known risk level. In this webinar we will discuss the following:
1) Techniques to discover security loopholes in existing WAFs that hackers may exploit
2) Continuous validation and remediations that not just help close existing loopholes, but also identify new ones as they arise
3) Performance benchmarking that ensures the WAF continues to deliver expected performance while increasing its security efficacies
Ido Sufruti, Chief Technology Officer & Hadas Weinrib, Bot Defender Security Strategy Lead, PerimeterX; B. Dunlap, Moderator
Account Takeover (ATO) attacks are on the rise. Not only are they hard to detect, they have consequences far beyond compromised PII and stolen goods. Stopping such ATO attacks is critical for any company engaged in online commerce. Join PerimeterX and (ISC)2 on May 7, 2020 at 1:00PM Eastern time as we highlight the top five ways to identify automated bot attacks to your website. We’ll cover:
● Real use cases - attacks that happened in the real world
● Practical strategies for identifying automated attacks
● Best practices for addressing and blocking bot attacks
Kyle Flaherty, B2B Go-to-Market, Keysight; Scott Register, VP Product Management, Keysight; Brandon Dunlap, Moderator
When you hear the words "Threat Intelligence", what's the first thing that comes to mind? Back end research? Threat Hunting? It's easy to categorize threat intelligence as a reactive tool - best suited for things like root-cause analysis - but it's so much more than that. In the first part of a three part series presented by Keysight, we'll explore an array of practical applications for threat intelligence, including traditional defensive strategies and new offensive strategies that will help you maximize your SecOps team.
•Join us to discover how applying threat intelligence can help you:
•Answer the question "Am I more secure today than I was yesterday?"
•Improve the efficiency and effectiveness of Breach and Attack Simulation tools
•Reduce your attack surface by blocking the latest threats
•Prevent DDoS attacks and improve performance with pre-deployment testing
•Maximize your threat hunting capability with real-time insights into botnets, phishing, etc.
•Stay ahead of attackers by researching the latest attack signatures
As IT complexity increases at organizations, gaining visibility into a comprehensive asset inventory becomes progressively difficult for information security teams. The convergence of three trends account for this new era of complexity: the increase in the number and types of devices, rapid public cloud adoption, and the looming IoT explosion. Axonius commissioned a research survey with Enterprise Strategy Group (ESG) to uncover what kinds of visibility gaps, challenges, and strategies are top of mind for information security professionals. Join Axonius and (ISC)2 on April 23, 2020 at 1:00PM Eastern for the second of three webinars that will focus on rapid cloud adoption. We have surpassed the Cloud Tipping Point with more than half of all virtual machines (VMs) residing in the cloud and container usage becoming mainstream. Organizations are struggling to solve cloud asset visibility challenges and the resulting security incidents as expected growth adds further complexity.
· Detailed research findings on cloud adoption, visibility challenges, and security implications
· An understanding of the key asset inventory challenges and how organizations are addressing these issues
· Best practices when implementing and improving an asset inventory process
· Emerging innovations and approaches to continuous asset discovery and automation
You will also learn about:
● Methods and tricks used to compromise websites
● Data exfiltration mechanisms used by malicious scripts
As IT complexity increases at organizations, gaining visibility into a comprehensive asset inventory becomes progressively difficult for information security teams. The convergence of three trends have resulted in a new era of complexity: the increase in the number and types of devices, rapid public cloud adoption, and the looming IoT explosion. Axonius commissioned a research survey with Enterprise Strategy Group (ESG) to uncover what kinds of visibility gaps, challenges, and strategies are top of mind for information security professionals. Join Axonius and (ISC)² March 26, 2020 at 1:00PM Eastern for a discussion on the explosion of the number devices in an enterprise and how to keep them accounted for and secure. Areas to be covered include:
-Detailed research findings on device adoption, solution deployment, and time to inventory
-An understanding of the key asset inventory challenges and how organizations are addressing these issues
-Best practices when implementing and improving an asset inventory process
-Emerging innovations and approaches to continuous asset discovery and automation
Ricardo Font, Product Marketing Manager, Gigamon ThreatINSIGHT; Brandon Dunlap, Moderator
Over the last decade, many publicly reported breaches have caused organizations to re-think and re-architect their internal network, eschewing older conventions and replacing them with frameworks that continually ensure that the implicit trust granted to users, devices and applications, is reduced. However, these new frameworks, generally categorized as Zero Trust frameworks, are often misunderstood, and their implementation, delayed. Join Gigamon and (ISC)² on March 12, 2020 at 1:00PM Eastern as we examine Zero Trust architectures. The webcast will include:
• An overview of Zero Trust and some of its conventions
• What changes are needed networks to support Zero Trust frameworks
• Caveats and gotchas
• Best practice implementation strategies
Ricardo Font, Product Marketing Manager, Gigamon ThreatINSIGHT; Brandon Dunlap, Moderator
With the release of TLS 1.3 and the continued rise of external and internal encrypted traffic use, security teams are faced with the dilemma of finding threats within traffic streams that are increasingly obscured. Though many organizations decrypt and inspect traffic due to both security and regulatory concerns, there are many that are effectively blind to threats that are communicating via encrypted channels. However, the news is not all grim; join (ISC)² and Gigamon on February 13, 2020 at 1:00PM Eastern as we dive into discovery methodologies that can be used to detect threats within encrypted traffic without the need for decryption.
Attendees will learn:
• An overview of threat detection methodologies
• Detection techniques that are encryption-agnostic
• Detailed breakdowns of what can be learned from encrypted traffic
• Best practice setups for use
Ricardo Font, Product Marketing Manager, Gigamon ThreatINSIGHT; Brandon Dunlap, Moderator
Network traffic encryption is the pillar on which the Internet, as we know it today, rests on. E-commerce, banking transactions, private and sensitive communications…all occur based on the implicit assumption that our communications are secured. However, ubiquity also means targetable, and Transport Layer Security (TLS) has undergone changes in an effort to stay ahead of the security game. Join (ISC)2 and Gigamon on Tuesday, January 28, 2020 at 1:00PM Eastern as we dive into TLS 1.3, the newest version of the TLS encryption protocol. Areas covered include an overview of statistics associated with encrypted traffic, what changes are introduced in TLS 1.3, and the advantages and challenges associated with them, implementation caveats and gotchas and best practice deployment strategies.
Dave DeWalt; Scott Sawoya; Rich Thompson; Bob Slocum; Brandon Dunlap (Moderator)
Legacy, signature-based AV isn’t working. It is ineffective in stopping ransomware and zero-day attacks and creates a burden on your staff between patching, updating, reimaging systems, and overall impact to endpoint performance. As former NSA Director Admiral Michael Rogers said, “Without Artificial Intelligence, Cyber ‘is a losing strategy.” AI is all around us, and everyone is claiming to use it, but not all AI is created equal. With 70% of all attacks beginning on the endpoint, with the right AI in place organizations can move to a prevention first approach to end point security. Join BlackBerry Cylance and (ISC)2 on Thursday, January 9, 2020 for our first Security Briefing of the year where we will discuss AI-tools that can provide powerful detection, prevention and response capabilities.
Bob Gilbert, Chief Evangelist, Netskope; Brandon Dunlap, Moderator
Cloud adoption is exploding with nearly 1,300 cloud apps in use in an average enterprise. From suites like Office 365 to collaboration tools like Slack, the cloud has enabled new levels of productivity resulting in enterprises gaining strategic advantages. Enterprises are not the only ones benefitting from cloud adoption. Bad actors are using the cloud to bypass legacy defense mechanisms and harvest credentials, deliver malicious payloads, and steal data. In this webcast, we’ll examine a few recent cloud data breaches and dissect how these breaches occurred and best practices to reduce the chance it will happen to your organization. We will dive into new attack scenarios that involve using the cloud to bypass traditional security tools, how the cloud-enabled kill chain forces a rethinking of how to defend against threats such as phishing and data exfiltration and 5 steps to protect against cloud threats.
Mike Zuckerman, Consulting Product Maketing Manager, Infoblox; Brandon Dunlap, Moderator
The MITRE ATT&CK Framework is a comprehensive, up-to-date knowledge base of cyberattacker tactics and techniques gathered from actual observation of attacker behavior. The framework can help anticipate what an attacker will do and how to respond. Join Infoblox and (ISC)2 on December 12, 2019 at 1:00PM Eastern for an examination of how the MITRE ATT&CK can help you make better, faster decisions about assessing risks, deploying new security controls and stopping attacks faster and more efficiently.
Chronicle #1: How Backstory Can Help Organizations Rethink Enterprise SecurityMike Hom, Product Management, Chronicle; Brandon Dunlap (Moderator)[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]63 mins