What to Expect in 2016: A View of the Emerging Threat Landscape
We're seeing a massive shift in cyber security activity from internal threats to organised gangs and targeted state sponsored activities. Recent news items suggest there is an overwhelming need for organisations to understand their "Situational Awareness".
In this webinar, (ISC)² and IBM will explore what to expect in 2016, focusing on the following key questions:
- How do organisations understand what threats are real?
- How much risk appetite do boards have in this complex, mobile, interconnected near real-time world?
- As more and more devices are connecting to an ever-increasing number of communication channels, how do you ensure you can protect, prevent and respond to cyber security issues, yet provide a transparent easy to use multi-channel experience?
Adrian Davis, Managing Director (ISC)² EMEA
Peter Jopling, Executive Security Advisor, Deputy WW Tiger Team Leader, IBM
Simon Moores, Information Security Futurist
RecordedDec 1 201561 mins
Your place is confirmed, we'll send you email reminders
Brandon Dunlap, Moderator, (ISC)², Karl Lankford, Lead Solutions Engineer EMEA, Bomgar
Industry thought leaders have stated that if you can only tackle one project to improve the security of your organisation it should be Privileged Access Management (PAM). Our own research backs this up with the 2018 Privileged Access Threat Report revealing organizations using automated PAM technology experience far fewer serious breaches than those that did not. Karl Lankford, Lead Solutions Engineer EMEA at Bomgar will discuss what ‘privilege’ means to your business and how implementing a PAM solution can drive significant improvements across the organisation. You will learn:
•Why organisations should make PAM their top 2019 investment
•Why quickly controlling and automating key PAM capabilities is critical to your organisation’s success
•Help you to prepare the business case for your PAM project and to get Executive Leadership buy in
Lindsay Drabwell, Head of Membership, (ISC)² EMEA, Richard Archdeacon, Duo, Daniel Cuthbert, Banco Santander
As early as 2003 the Jericho Forum was created to tackle "de-perimeterisation" and later in 2014 Google released their "BeyondCorp" paper detailing how they made it happen. However, have Zero-Trust security models been adopted in the enterprise and what challenges do organisations face when considering de-perimeterisation?
Join the discussion between Richard Archdeacon from Duo Security and Daniel Cuthbert from Banco Santander in Part 2 of the Zero Trust series and learn about Zero Trust deployments within the enterprise.
Richard Archdeacon, Advisory CISO, Duo Security
Daniel Cuthbert, Global Head of Cybersecurity Research, Banco Santander
For Part 1 in the Zero Trust Series, copy and paste this link into your browser: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars?commid=334792&Part2
Brandon Dunlap, Moderator, (ISC)², Chris Steffen, Technical Director, Cyxtera
There are a large proportion of business critical legacy applications unable to accept modern forms of authentication.
Refactoring legacy applications is costly and sometimes virtually impossible. Yet these applications are accessing highly valuable data across networks and they are a data breach ready to happen.
Join us as we discuss how to secure legacy applications with modern Zero Trust security.
Brandon Dunlap, (ISC)² Moderator and Chris Steffen (CISSP, CISA), Technical Director for Cyxtera will discuss:
-Problems with how legacy applications are secured today
-Options for security without refactoring these applications
-Simplicity and speed to security that reduces operational complexity and scope of audits
-A process for gradual end-of-life legacy assets, while still operating day-to-day normal business
Lindsay Drabwell, Head of Membership EMEA, (ISC)², Rainer Singer, Technical Engineer, Infoblox
Have you ever done an assessment on how secure your DNS infrastructure is? Ponemon Institute has recently completed the first DNS Security Risk Survey among global organizations to understand how secure they are when it comes to malware and data exfiltration that uses DNS. The survey also provides insights into:
•The level of visibility these organizations have, especially in today’s complex network deployments
•Their use of threat intelligence and the effectiveness of threat intelligence
•The efficiency of their security operations
Brandon Dunlap, Moderator, (ISC)², Andrew Yeates, UK&I Solutions Architect, Resilient | IBM Security
Organisations today need to be agile, and dynamic in responding to the most advanced cyber threats, and although automation has it's place in improving SOC efficiencies, human intelligence is still one of the most important aspects in effective incident response, in this session learn how more about the journey to Intelligent orchestration and how leveraging it in an uncertain world can empower your organisation.
Lindsay Drabwell, Head of Membership Services, (ISC)² EMEA, Membership Services Team, (ISC)² EMEA
Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session
Lindsay Drabwell (ISC)², Tristan Morris, Stacia Tympanick Carbon Black
According to ESG research, 72% of organizations believe that security operations are more difficult now than they were two years earlier.
This stems from security and IT operations teams lacking a reliable way to assess the current state of endpoints across their enterprise and leads to an increased risk of breaches, an inability to make informed remediation decisions, and unnecessary spending on infrastructure maintenance.
On this webinar we look at the current need to bridge the gap between Security and IT Operations with shared toolsets and shared goals, why IT hygiene and proactive vulnerability assessments are now vital aspects of any successful endpoint security program and how to leverage real-time query and remediation tools to better understand the state of endpoints.
•How businesses can understand and adopt a SecOps strategy
•How you can leverage real-time query and remediation tools to get a better understanding of the current state of your endpoints
•The need to bridge the gap between security and IT operations and with shared toolsets, shared goals and shared priorities
Tristan Morris – Security Strategist, Carbon Black
Stacia Tympanick – Solution Engineer, Carbon Black
Lindsay Drabwell, Head of Membership, (ISC)² EMEA, Wendy Nather, Director, Advisory CISO, Richard Archdeacon, Advisory CISO
Although “zero trust” is a popular term for the alternative security model that everyone’s talking about, it’s not always clear what it means, or whether it describes what policy changes you may want to make in your organisation.
Join Wendy Nather and Richard Archdeacon to find out more about Zero Trust Security models, implemented by Google in their BeyondCorp initiative.
Register for Part 2 in the Zero Trust Series: https://www.isc2.org/News-and-Events/Webinars/EMEA-Webinars?commid=334792&Part1
Lindsay Drabwell, (ISC)² EMEA, Gary Cox, Infoblox, Alastair Broom, Logicalis
Today’s enterprise network has a vast number of network and security devices – all generating their own incidents, but they don’t always share information. According to the ESG research report on Security Operations Challenges, Priorities and Strategies in 2017, keeping up with the volume of security alerts and lack of integration between different security tools are the biggest challenges related to security. Organizations are investing heavily in automation/orchestration of incident response to improve collaboration, prioritize alerts and shorten time for incident response.
This webinar will discuss how integration of different network and security tools can:
•Provide better visibility across your entire network and remove silos
•Improve agility and automate IT workflows
•Enable faster remediation to threats
Please join Infoblox and Logicalis for this key discussion on the integrated ecosystem -- taking your organization to the next level of security.
Breakout time, the time that it takes an intruder to jump from the machine that’s initially compromised and move laterally through your network, on average is 1h and 58m*. This is your critical window to take action and stop the breach. When an attack is in progress, we’re seeing world leading security teams take one minute to detect it, 10 minutes to understand it and one hour to contain it. Is your organisation ready to meet the 1/10/60 minute challenge?
Attend this webcast to learn:
-What breakout time is and what it means for defenders that are responding to attacks in real time
-How the incident response process unfolds and the barriers that keep organisations from mounting a rapid and efficient response
-The key steps you can take to improve your organisation’s ability to rapidly detect, investigate and remediate threats
Adam Bosnian, EVP Global Business Development, CyberArk
Robotic process automation (RPA) is a powerful and emerging technology that streamlines and standardizes many human user processes as well as harmonizes different systems across an organization’s environment. So what do IT security professionals need to know about RPA platforms and the connection to privileged credentials? Very simply, it is a new attack vector and organizations need to protect these accounts with the RPA platform.
Because RPA software interacts directly with business applications and mimics the way applications use and mirror human credentials and entitlements, this can introduce risks when the software robots automate and perform routine business processes across multiple systems.
Learn about the vulnerabilities attackers seek out in RPA and the methods you can employ to proactively secure, protect and monitor privileged credentials in RPA non-human user entities that mirror human entitlements.
Lindsay Drabwell, Moderator & Head of Membership EMEA, (ISC)², Matt Middleton-Leal, Kennet Johansen, Netwrix
While compliance is close to security, being compliant doesn’t necessarily mean that you’re protected from a security breach.
Malicious actors don’t care if you passed a regulatory audit, and there are many companies that are fully compliant on paper but that have suffered a data breach.
That’s why it’s essential to take a “go beyond compliance” approach.
In this webinar, we’ll share some insights into the biggest IT security disasters and explain how you can avoid such failures by not just working towards compliance, but building a robust security culture in your organisation.
Join Matt Middleton-Leal (CISSP), General Manager at Netwrix and Kennet Johansen, Security and Infrastructure Solution Architect, to learn:
•Why going beyond compliance is good for business
•Practical tips for improving your IT security posture
•How the right security investments help you save money in the long term
•How to establish a strong security culture in your organisation
Lindsay Drabwell, Head of Membership Services, (ISC)² EMEA, Nick Trigg, Risk Consultant, BitSight Technology
Security Ratings are the relatively new kid on the block when it comes to externally derived Cyber posture analysis.
According to one of the most reputable research bodies, ‘continuous monitoring of systems and behaviours is the only way to reliably detect threats before it's too late’.
The three big topics are VISIBILITY - across my whole cyber risk landscape , COLLABORATION - in order to remediate against risk appetite and AGILITY - How can I react in a timely manner to rapidly changing risk factors
Given these challenges can you afford NOT to utilise Security Ratings?
In this session Nick Trigg - Risk Consultant for BitSight Technology - will address these points along with
•Do security ratings threaten or compliment traditional methods of questionnaires and audits
•Why security ratings should be treated as a risk position rather than a vulnerability checklist.
•Data: sources, accuracy, coverage, currency
•Context : stakeholders, business impact
•Time to value : best approach to implementation
Lindsay Drabwell, Head of Membership Services (ISC)² EMEA, Mike Spradbery, Neil Jones, IBM
How can AI help overworked, understaffed and overwhelmed security analyst teams? How can the use of an AI platform help reduce the cost of a data breach? Mike Spradbery, IBM's UK&I Security Technical Leader, will explore these and other questions as he talks live to the experts behind a new Ponemon Institute study on the use of Artificial Intelligence in Cyber Security. Mike will also share case studies of AI in action in Cyber Security and explore how AI is helping organisations elevate their cybersecurity posture and reduce response times.
Lindsay Drabwell, Head of Membership, (ISC)² EMEA, Ollie Sheridan, Principal Engineer, Gigamon
As the volume of encrypted traffic continues to grow, organisations become even more vulnerable to encrypted attacks, threats and exploits that go undetected. Learn how to create a centralised “decryption zone” to decrypt traffic once and give security tools newfound visibility into encrypted traffic.
Join Ollie Sheridan (CISSP), Principal Engineer at Gigamon to learn:
•How the TLS 1.3 draft 28 proposal removes visibility which was widely deployed for threat identification in TLS 1.2.
•How to acknowledge and address critical management, troubleshooting, legal, regulatory, ethical and technical concerns.
•Why deploying TLS decryption in the core of networks is critical to detecting threats.
•How to deploy innovative architectures for TLS decryption while maintaining availability and reliability.
•How to manage growing SSL/TLS traffic volumes by creating a centralized “decryption zone” to decrypt traffic once and give security tools newfound visibility into formerly encrypted traffic and threats.
Lindsay Drabwell, Head of Membership Services, (ISC)² EMEA, David Gamer, Philipp Drieger, Splunk
A growing use of the terms ‘AI’ and ‘Machine Learning’ being used in the descriptions of vendors’ products and capabilities can cause some confusion. With all the buzz around these latest trends, security professionals are left with some important questions: What can these technologies do in Infosec? How they can be implemented to improve everyday security processes? Where can’t AI and ML improve security tools? In this Splunk webinar, a machine learning expert will;
•Demystify what machine learning is as well as what it can and cannot do in InfoSec
•Walk through three of the most common use cases of where these technologies can be implemented
•Explore the latest innovations in ML & AI, and where this will take cybersecurity professionals next
Lindsay Drabwell, Head of Membership Services, (ISC)² EMEA, Faraz Aladin, Director Product Marketing, Illumio
Compliance regulations such as SWIFT and GDPR can be challenging to understand and implement. Many of these regulations have cybersecurity requirements that are focused on protecting critical banking infrastructure with aggressive timelines - and without disrupting the very business-critical systems you're trying to protect. Jumping from one set of requirements to another, and to subsequent internal and external audits, can feel like a never-ending cycle.
In this webinar, Faraz Aladin, will share thoughts on different approaches to handling the unique challenges a security practitioner in financial services can expect. He’ll highlight Illumio's unique position helping the largest financial institutions in the world solve regulatory and compliance challenges quickly and at scale. Register now to learn:
•Top challenges facing global banking
•Approaches to protecting your "digital crown jewels"
•Pros and cons of different approaches
•How to future-proof for evolving requirements
Lindsay Drabwell, Head of Membership Services, (ISC)² EMEA, Daniel Harris of Okta and Przemek Dybowski, CyberArk
Unauthorised access is the leading cause of breaches today, whether it comes from external threat actors or insider activity. To mitigate this risk, Okta and CyberArk have integrated technologies to provide a comprehensive solution for unauthorised access protection. In this webinar, Daniel Harris of Okta and Przemek Dybowski of CyberArk will discuss how to:
•eliminate identity sprawl and prevent privileged access abuse
•enable strong authentication and reduce the attack surface
•identify and respond to account compromise.
Lindsay Drabwell, Head of Membership Services, (ISC)² EMEA, Tim Hale, Director of Solutions Marketing, ThousandEyes
How does one steal cryptocurrency? By hacking DNS and BGP—the two cornerstone protocols governing the Internet. Join us ThousandEyes and (ISC)² EMEA while we walk through this and other examples of how network security in the cloud and public internet can be a serious blind-spot in your security strategy.
Lindsay Drabwell, Head of Membership Services EMEA, (ISC)², Darrel Rendell, Mollie Holleman,
What’s keeping you up at night? Ransomware? Phishing? Spyware? Malware? Data Breaches? A malicious email typically opens the door to those threats. Organizations spend great energy (and budget) preventing users from falling prey, but threat actors continue to find ways to get past automated controls, staying one step ahead of artificial intelligence tools. Cofense believes solving the phishing problem is more than just awareness: it’s about empowering humans to become instinctual nodes on the cyber defense network and feeding their real-time intelligence to security teams for immediate action.
Darrel Rendell, Principal Intelligence Analyst, Cofense
Mollie Holleman, Senior Intelligence Specialist, Cofense
Forming part of the (ISC)² commitment to Inspiring a Safe and Secure Cyber World, we welcome you to the (ISC)² Secure Webinars - EMEA Channel. Sign up to join us for educational Security Briefings, Roundtables and eSummits aimed at all those vested in the world of information security. We welcome members and non members alike.