Hi [[ session.user.profile.firstName ]]

IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly

2014 brought significant change for the internet security industry. According to IBM's latest X-Force report:
- Over 1 billion records of PII were leaked in 2014
- Vulnerability disclosures rocketed to a record high in 2014, and designer vulns like Heartbleed and Shellshock revealed cracks in the foundation of underlying libraries on nearly every common web platform
- Crowd-sourced malware continues to mutate, resulting in new variants with expanding targets
- App designer apathy is negatively impacting security on mobile devices.
Join (ISC)2 and IBM to learn more about the findings of the latest IBM X-Force report and X-Force Interactive Security Incident website, designed to help users gain in-depth understanding of security breaches publicly disclosed over time.
Recorded May 20 2015 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Simon Smith, Security Technical Specialist, IBM UK
Presentation preview: IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Guide to your (ISC)² Membership in EMEA: Benefits, Maintenance & Opportunities Nov 27 2017 12:00 pm UTC 60 mins
    Adrian Davis, Managing Director, (ISC)² EMEA, Membership Services, (ISC)² EMEA
    Are you an (ISC)² member with questions about your certification and member benefits, or want to keep in touch with (ISC)² news in EMEA? Are you thinking about joining, and curious to hear more about what membership means and how (ISC)² can help you?

    Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
    - CPE opportunities, member benefits and getting involved
    - Updates on (ISC)² news, developments and changes in your region
    - Your membership requirements summarized
    - Who are the (ISC)² EMEA team and how we can help you
    - Focus discussions
    - Q&A session
  • How a Military Concept can Help Build Your Incident Response Framework Nov 14 2017 12:00 pm UTC 60 mins
    Adrian Davis, Managing Director (ISC)² EMEA, Craig Roberts, European Technical Engineer, IBM Resilient
    In the current cyber threat landscape, organisations are looking at ways to respond as effectively as possible. This session will look at the role that can be played by OODA loops, a military concept developed to improve fighter pilots' abilities to respond in combat, it stands for Observe, Orient, Decide & Act. Companies can build these concepts into their Incident Response (IR) process to aid clarity of thinking and improve their ability to respond quickly and effectively to cyber attacks.
  • Form the Future with Secure IoT Nov 7 2017 12:00 pm UTC 60 mins
    Adrian Davis, (ISC)² EMEA, Mark Wharton, CTO, Iotic Labs, Ali Nicholl, Head of Communication, Iotic Labs
    The Internet of Things (IoT) has the potential to disrupt and enchant services, empower communities and improve efficiency and effectiveness, enhancing our experiences. However, it has so far promised much and failed to deliver. There are many reasons for this, summed up by just two:
    1.Diverse and incompatible solutions
    2.Security concerns
    If we can meet the security challenges that threaten the IoT, then we can unlock potential for businesses to mitigate risks, take advantage of operational efficiencies, and emerge as significant players of the 21st century.
    In collaboration with (ISC)² and network security experts, Iotic Labs has written a self-paced practical course to help businesses understand and overcome the pitfalls of introducing IoT devices into their networks and to “just start”.
    This webinar will discuss the landscape of IoT security, notable challenges, and provide an overview as to how the course and a future-flexible Iotic approach address these challenges.
  • PCI DSS 3.2 - Are You Ready? Oct 19 2017 11:00 am UTC 60 mins
    Adrian Davis, Managing Director, (ISC)² EMEA, Mor Ahuvia, IAM Product Marketing Manager, Gemalto
    The February 2018 deadline for complying with PCI DSS 3.2 is fast looming. Most of the new requirements in the latest PCI DSS guidelines are focused on the need to extend multi-factor authentication (MFA) to additional use cases and user groups within organisations who handle Credit Card Data. From February 2018 onwards, all individuals who access systems such as databases, network modules and email servers which hold credit card data will be required to authenticate themselves with MFA.
    Join (ISC)² EMEA and Gemalto to learn:
    - What’s new in PCI DSS 3.2
    - How to effectively map PCI DSS MFA requirements to business use cases and user groups in your organisations
    - Best practices for organisations that need to extend their MFA footprints to additional use cases, and for those that are starting to think about how to comply with PCI DSS’s authentication requirements.
  • Part 2: Security control quick wins that help achieve clarity for GDPR Recorded: Oct 10 2017 63 mins
    Adrian Davis, Jeremy King, Andrew Barrett, Chris Strand
    Organisations apply many cybersecurity controls to help measure and maintain data security and regulatory compliance. Several are purposeful and list requirements that are subjective in how to employ them and how to meet their unique business risk strategy. This can often make it difficult to create a baseline security control strategy that will meet new regulations as they are introduced.

    In this session, the expert panel will discuss specific security controls that can be used to provide clarity, and measure for any data security and protection programme including the GDPR. Considerable focus and examples will be drawn from prescriptive data security standards such as the PCI DSS, (Payment Card Industry Data Security Standard), and how leveraging such standards can help to create a security control strategy to meet and measure continuous data security compliance.

    Webinar attendees will take away many practical examples, solutions, and anecdotes on how their businesses can alleviate the pressures of employing the right security controls to protect GDPR-defined data, meet compliance and prove security control efficacy.

    Panel Experts:
    Jeremy King, ‎International Director, PCI Security Standards Council
    Andrew Barrett, International / Managing Principal Application validation, Coalfire
    Christopher Strand, Sr. Director Compliance Strategy, Carbon Black
    Moderator: Adrian Davis, Managing Director, (ISC)² EMEA

    To listen to Part 1 of this session, paste the following URL into your browser: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars/Focused-Webinars?commid=260091
  • Phishing Response: Stop the Chaos Recorded: Oct 3 2017 62 mins
    Adrian Davis, Managing Director, (ISC)² EMEA, John ‘Lex’ Robinson, Marcel Feller, PhishMe
    During a survey recently conducted among security professionals, 90% said phishing is the #1 threat. Yet many acknowledged they’re unprepared to deal with phishing attacks.

    Attend this webinar to learn why responders are drowning in emails instead of hunting real threats. See why they’re betting on automation whilst we know, tech alone won’t stop threats from getting through and wreaking serious havoc. Learn what rapid changes and investments your peers are planning to turn the tide against phishing and protect their organisations.

    You will also find out:
    •How bad is the phishing threat?
    •How confident are companies in their phishing responses?
    •What solutions are companies using—and which ones should they add?
    •How can automation and technology help? Why are humans important, too?
  • A Day in the Life of a GDPR Breach Recorded: Sep 21 2017 62 mins
    Adrian Davis, (ISC)² EMEA, Matthias Maier, Elizabeth Davies, Splunk
    You’re a CIO, CISO or DPO - and you’ve been woken up in the middle of the night because personal data held by your organisation has been discovered for sale on the dark web. This disclosure puts the privacy of your customers at risk. What do you do next?

    Join this session to learn about the impact of GDPR and go through a breach investigation and response scenario as it would be after GDPR comes into effect in May 2018. You’ll hear from Splunk’s Data Privacy Officer Elizabeth Davies and Splunk’s Security Ninja Matthias Maier.

    What you will learn:
    - What breach response will look like under the GDPR
    - What tools and processes a data privacy officer will rely on in case of a breach
    - What departments and entities will be involved beyond IT
    - What activities are currently happening within organisations to prepare for the GDPR
    - What the consequences of the breach could be
  • Cognitive Security in Action: Watson at Wimbledon Recorded: Sep 20 2017 60 mins
    Adrian Davis, Managing Director, (ISC)² EMEA, Mike Spradbery, IBM's UK & Ireland Security Technical Leader
    Cognitive Security has game-changing potential to help tackle cybercrime, but how is this playing out in reality? In February this year IBM announced Watson for Cyber Security, described as 'the industry’s first augmented intelligence technology designed to power cognitive Security Operations Centres'. What do customers say about their experiences working with Watson for Cyber Security and how is it helping security analysts improve response times?

    Mike Spradbery, IBM's UK&I Security Technical Leader, will discuss not only the promise of Watson for Cyber Security but the client results that IBM is seeing. Mike will talk live to Brian Jensen, the analyst responsible for Cyber Security during the high-profile Wimbledon tennis tournament, to understand the scale and type of attacks the team saw, and how innovative new technologies like Watson for Cyber Security helped the team keep Wimbledon safe and secure.
  • The Next Generation CISO: How to Find and Train Tomorrow's Security Executives Recorded: Sep 7 2017 62 mins
    Adrian Davis, (ISC)² EMEA, Sam Curry Chief Security Officer, Cybereason
    Somewhere out there, in a market crowded by over-qualified workers deluged by job offers, the next generation of CISOs is maturing. But how can CISOs train tomorrow’s security executives when today’s well-known security talent deficit makes it difficult to fill even the most basic roles?
    Retaining cyber professionals isn’t just a matter of offering the biggest salary — it requires getting creative with cross-training, hands-on experience and developing collaborative solutions with fellow CISOs.
    Watch the webinar with Sam Curry, Cybereason Chief Security Officer, to explore strategies for identifying and developing the next generation — including your own replacement.
  • Guarding Against Mobile Malware, How to Avoid the Next Big Threat Recorded: Sep 5 2017 62 mins
    Adrian Davis, Managing Director, (ISC)² EMEA, Stephen McCormack, Mobile Security Leader, IBM MaaS360
    In the wake of global ransomware attacks targeted mainly at Windows desktop and laptop devices, this webinar will discuss an often-overlooked threat: the mobilization of malware and ransomware. Whether through malign apps, poorly written code, corrupt e-mail profiles or disreputable websites, there are a range of avenues of attack open to hackers who might choose to target smart devices.
    To date, attacks on mobile devices have been mostly on a small scale, targeting individual user devices and data. But is a big attack waiting in the long grass? Will the next WannaCry or Petya target mobiles, and how can you protect yourself?
  • The IR Boost: How Cyber Hunting Enhances Incident Response Recorded: Aug 31 2017 51 mins
    Nathaniel Ford, (ISC)² EMEA, Clifton Slater, Lital Asher-Dotan, Cybereason
    Incident response has become increasingly complicated. According to a recent report, 67% of security professionals believe that incident response is more difficult today than it was two years ago. This is due to the numbers of IT activities and security alerts, and the need for advanced IR skills.
    This webinar will explore a new and unexpected boost to incident response, coming from the integration of threat hunting methodologies.
    Israel Barak, Cybereason CISO and an Incident Response expert, will chat with Lital Asher-Dotan, Senior Director of Content, about:
    - The latest challenges faced by IR professionals
    - Threat hunting and its benefits for IR
    - Specific examples in which threat hunting leveled up IR practices
  • Guide to your (ISC)² Membership in EMEA: Benefits, Maintenance & Opportunities Recorded: Aug 21 2017 49 mins
    Nathaniel Ford, Moderator (ISC)² EMEA, Membership Services, (ISC)² EMEA
    Are you an (ISC)² member with questions about your certification and member benefits, or want to keep in touch with (ISC)² news in EMEA? Are you thinking about joining, and curious to hear more about what membership means and how (ISC)² can help you?

    Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
    - CPE opportunities, member benefits and getting involved
    - Updates on (ISC)² news, developments and changes in your region
    - Your membership requirements summarized
    - Who are the (ISC)² EMEA team and how we can help you
    - Focus discussions
    - Q&A session
  • Reduce Security Vulnerabilities in Enterprise Applications Recorded: Aug 17 2017 61 mins
    Mike Pittenger, VP of Security Strategy, Black Duck Software, Adrian Davis, Managing Director, (ISC)² EMEA
    Would you leave sensitive data out in the open making yourself a target to thieves looking for a victim? That is exactly what your business is doing if it fails to identify vulnerabilities in their business applications. Cyber attackers are looking at your business applications for security vulnerabilities so they can get access and wreak havoc. It’s time to find and fix security vulnerabilities before the hackers do. Wondering where to start and what to do? This webinar will help you build a comprehensive plan to minimize threats and protect your company. Join this webinar to hear application security experts: Discuss methods for scanning & evaluating potential security vulnerabilities in out-of-the box and home grown business applications Teach methods for quickly detecting and eradicating software flaws Make recommendations for how to choose and implement vulnerability scanning tools Explain how to reduce security vulnerabilities during internal application development Examine the widespread use of open-source code and how it may expose your business to security threats
  • 6 steps to GDPR compliance Recorded: Aug 1 2017 61 mins
    Adrian Davis, Managing Director, (ISC)² EMEA, Jan Smets, Certified Data Protection Officer, Gemalto
    The introduction of GDPR is set to bring data protection to the top of businesses’ priority lists. So how can businesses ensure they are compliant and what steps do they need to take?
    In this webinar, certified DPO Jan Smets with provide a six-step overview to help achieve compliance:

    1) Understand the GDPR legal framework
    2) Create a Data Register
    3) Classify your data
    4) Start with your top priority
    5) Assess and document additional risks and processes
    6) Revise and repeat
  • Developing Security Behaviours – 8 Practical Principles for Effective Change Recorded: Jul 19 2017 44 mins
    Sarah Janes, Managing Director, Layer8, Adrian Davis, Managing Director, (ISC)² EMEA
    Overwhelming evidence consistently shows that people are at the heart most data breaches. A new approach is needed, not so long ago technical attacks by hackers required technical solutions, but, as hackers find it more lucrative to target human vulnerabilities attention needs to be refocused on people.

    Discourse is shifting from awareness to culture change, however, early in its maturity, culture change lacks a universally accepted approach, and therefore people struggle to make change happen or to convince the business to invest.

    This webinar will provide 8 practical principles for effective change from auditing your current security culture through to embedding security as business as usual. It will provide a cohesive approach to behavioural change that can be measured. You will gain knowledge to help build a business case for culture change and techniques to use when your program launches.
  • The Role of Orchestration in Incident Response Recorded: Jun 29 2017 53 mins
    Chris Neely, CISSP, Director of Technical Sales, EMEA, IBM Resilient, Adrian Davis, Managing Director, (ISC)² EMEA
    Faced with an avalanche of alerts, insufficient staffing, and a bewildering regulatory environment it's no wonder that most organizations struggle to respond effectively to cyber attacks. Successfully resolving attacks requires fast, intelligent, and decisive action - organizations need to have an orchestrated plan in place before an attack occurs. Indeed, the best orgaizations leverage an orchestrated response capability to achieve cyber resilience, the ability to weather the inevitable cyber attacks as just another part of doing business.

    Join IBM Resilient’s Chris Neely, Director of Technical Sales, EMEA to explore the latest incident response methodology and technology. Can automation really save the day? From instant escalation, to automatic enrichment, to guided mitigation, Chris will explore the latest incident response techniques and share what works and what doesn't. Attendees will gain a framework for understanding their incident response capability and a maturity model for evaluating opportunities for orchestration / automation.
  • Part 1: Change Liability for Accountability - GDPR with CS Risk Measurement Recorded: Jun 22 2017 63 mins
    Christopher Strand, Carbon Black, Andrew Barratt, Coalfire, Adrian Davis, (ISC)² EMEA
    This webcast will introduce a discussion of several threat models that help to illustrate how organizations can look to strengthen their security posture while supporting their GDPR strategy. Areas of concentration will include:

    • How to reduce the potential risk and liability associated with the GDPR data residency and data protection accountability requirements.
    • Focus on specific controls used to provide clarity and measure to any GDPR strategy within the enterprise.
    • An introduction of cybersecurity control measure that can help reduce threats to the enterprise, while ensuring acceleration of data and security regulatory accountability for any GDPR program.

    Session attendees will take away many practical examples, solutions, and anecdotes on how their businesses can alleviate the pressures of balancing the confluence of security risks and the GDPR mandate. They will have some starting points on how they can create a plan to step beyond static regulatory alignment and apply collective intelligence, industry baseline initiatives and mandates, as well as shared industry intelligence, to better measure what’s most important to their cyber policy and regulatory GDPR requirements.
  • Investigation or Exasperation? The State of Security Operations Recorded: Jun 20 2017 58 mins
    Duncan Brown, IDC, Matthias Maier, Splunk, Nathaniel Ford, (ISC)² EMEA
    Cyberattacks are top of mind for organizations across the globe. In fact, 62 percent of firms are being attacked at least weekly and 145 percent are experiencing a rise in the number of security threats. But do organizations have the processes in place to investigate and effectively respond to these incidents? IDC recently surveyed security decision makers at 600 organizations to understand the state of security operations today.

    Join this webinar to hear from guest speaker Duncan Brown, Associate Vice President, Security Practice, IDC, and Matthias Maier, Security Product Marketing Manager, Splunk, and discover:

    ●The time and associated cost security teams spend on incident response and how you compare to your peers
    ●How organizations are coping with an average of 40 actionable security incidents per week
    ●Where teams are focusing their security efforts
    ●Why an analytics-driven approach can make security investigation more efficient and effective, reducing costs and improving security posture
  • Attribution: When Technical Information is Not Enough Recorded: Jun 13 2017 57 mins
    Ross Rustici, Senior Manager, Cybereason, Nathaniel Ford, (ISC)² EMEA
    After every major data breach, the security community engages in a game of whodunit. It's human nature to want a resolution and to see the perpetrators brought to justice. The problems with attribution are starting to be discussed more openly within the security community, with many firms questioning the utility of technical attribution. At the same time, all are in agreement that the model they continue to use is failing.

    Recent research proves that threat actors use a variety of techniques to create misattribution of the attacks. In our upcoming webinar, Cybereason's Ross Rustici, Sr. Manager Threat Intel, will discuss examples of attack misattribution and discuss whether correct attribution is still possible.

    Join us to learn:
    • Why attack attribution is a complex mission
    • The variety of techniques used by nation-state and criminal actors to disguise their involvement
    • An approach to help organizations better harness the power of attribution
  • Latest Malware Trends & Attack Vectors Recorded: Jun 2 2017 62 mins
    Richard Cassidy, Technical Director EMEA, Cybereason, Adrian Davis, Managing Director, (ISC)² EMEA
    In this webinar, Richard Cassidy, Technical Director EMEA, and (ISC)² EMEA Managing Director, Adrian Davis will discuss the latest malware trends and attack vectors. The most reported cyber-criminal groups, the latest attack trends (like WannaCry), and best practices for fighting the adversary will be explored. Join us for an up-to-date deep dive into adversary TTPS and how to prevent and respond to attacks using techniques like proactive hunting and SOC analysis and response.
(ISC)² EMEA Secure Webinars
Forming part of the (ISC)² commitment to Inspiring a Safe and Secure Cyber World, we welcome you to the (ISC)² EMEA Secure Webinars Channel. Sign up to join us for educational Security Briefings, Roundtables and eSummits aimed at all those vested in the world of information security. We welcome members and non members alike.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
  • Live at: May 20 2015 12:00 pm
  • Presented by: Simon Smith, Security Technical Specialist, IBM UK
  • From:
Your email has been sent.
or close