Cognitive Security: A Game Changer?

With more than three decades of use, MFA is a proven method to reduce the risk of breaches due to stolen or weak credentials. While nearly any MFA method is an improvement over username and password alone, creative and resourceful attackers continue to expose weaknesses in legacy solutions such as token-based or telephony-based authentication. When considering or reviewing your secure access options, there are valuable lessons that can be learned from some of these real-world examples.

Join Duo Security’s Josh Green on 11 February for a grounded discussion on how MFA methods have evolved, a dissection of several successful attacks, and how modern MFA solutions fare against the same threats.

In this webinar, you will also learn:

Why SIM-Swap attacks and insecure multi-factor authentication (MFA) methods can increase the risk of the credential theft
How attackers leveraged these security gaps in the real-world breach examples

DNS is one of the only business-critical services you rely on every day that has threat intelligence checks built into the standard. And yet, chances are you think of DNS mainly as an IT utility—and are overlooking its unique threat intelligence properties.

Join us for this live webinar as we walk you through the characteristics of DNS that make it ideal as a threat intelligence resource and facilitator. During the live session, you’ll discover:

- How DNS enhances Zero Trust architectures
- Ways to integrate DNS in malware detection, mitigation and response solutions
- The role of behavioral intelligence in DNS
- Strategies for effectively handling encrypted DNS

Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session

CrowdStrike’s 2019 Falcon OverWatch Mid-Year Report provides unique insights into the targeted, state-sponsored and criminal campaigns the CrowdStrike team has encountered in the first half of 2019.

Join this webcast and hear CrowdStrike Technology Strategist, Zeki Turedi provide detailed accounts of real-world incidents the CrowdStrike team have observed, including the trends, adversaries and techniques that were most prominent in the last 12 months. You will also gain valuable information on the industries and regions most impacted by cyberattacks.

Learning Outcomes:
-Why “speed” is the new critical metric in cybersecurity.
-How organisations are using the MITRE ATT&CK framework to shorten the time to investigate and understand threats.
-Trends in adversary tradecraft, as seen across 1000s of real-world intrusion attempts.
-Action plans that you can use to ensure your organisation is ready to anticipate and defend against the most dangerous threats of tomorrow.

The threat landscape continues to evolve at a rapid pace, with new threat vectors emerging and increasing in sophistication. With the new year on the horizon, how can organisations prepare to defend against new and emerging attacks? Join James Hickey and David Mount in our webinar as they share their thoughts on what we can expect in 2020 and beyond. Based on insights collected from our research teams, our speakers will touch on trends positioned to dominate the threat landscape next year so you can strengthen your organisational defence.

Attend the webinar and learn:
• How ransomware is evolving and becoming more targeted to reap more sizeable payouts
• Why healthcare and genetic testing organisations will be a rich target for monetising data
• Why cryptocurrency will find itself in the crosshairs
• How human intuition, a powerful weapon against phishing, will also prove essential as information warfare heats up

Don’t miss this timely event—register today!

Get your sneak peek into the mind of a hacker!

Every intelligence industry has a central goal and that is to predict the future. As security professionals, we collect and analyse, dissect and interpret, in order to find those essential nuggets that will give us the edge over our adversaries, enabling us to better understand what they’ll do next.

Join VMware Carbon Black’s Chief Cybersecurity Officer, Tom Kellermann, and Head of Security Strategy, Rick McElroy, who will give their unique insights on the tactics and techniques topping the cyber attacker’s hit list for 2020 including how:

•The act of cloud jacking and island hopping will become commonplace.
•We'll see more mobile root kits allowing people to take full control over someone else’s device.
•Access mining-as-a-service will grow as criminals see the utility in purchasing access to compromised environments.
•Virtual home invasions of public figures (celebrities, CEOs, politicians) will occur.

Should 2019 be dubbed the year of the SOC? Looking back at the last 365 days, Splunk experts certainly think so! Reminiscing on the stories of SOC modernisation, this webinar will share techniques and lessons learned from Splunk’s own customers throughout 2019, including;

•How Fresenius made cybersecurity easy to understand for the C-Suite by building the “DAX” index for cybersecurity
•Insights from 3 SOC automation playbooks created by Norlys
•Methods used by Dutch Tax and Customs Administration to increase e-mail security, combining Sender Policy Framework (SPF), DNS logging and DMARC
•How DATEV built and demonstrated SOC success, from detection to headcount planning, in just 6 months
•Johnson Matthey’s advice on which people to involve and the roles needed to build and establish a modern SOC

Join us on December 10th, 13:00 GMT as Matthias Maier goes through the top tales you need to hear to modernize your Security Operations Centre.

Password cracking is no longer rocket science but a handy skill for any penetration tester or system and network defender, or anyone who simply enjoys a good geek project. Join our webinar series by Brian Johnson, a cybersecurity enthusiast from 7 Minute Security, to learn how to set up cracking tools in the cloud (and on the cheap!) and better protect your organisation’s Active Directory environment.

In this session, you will learn how to:

Crack Active Directory and wireless passwords
Make sure your password policy is strong enough to resist password cracking
Download and customise the popular Pwned Passwords list
Incorporate Pwned Passwords into Active Directory for free using the open source PwnedPasswordsDLL project
Build customised lists of additional bad passwords

Privileged access exists in many forms such as Local Administrative Accounts, Domain Administrative Accounts, Service Accounts, Application Credentials and SSH Keys. Privileged accounts, credentials and secrets are found in devices, applications and operating systems.

Experts agree it’s a best practice to ensure they are protected, managed and monitored. Whether your organisation choices an on premises of SaaS for Privileged Access Management (PAM) solution, your program should start with steps that focus on rapid risk reduction for high value assets.

In this session, we’ll review what is considered to be table stakes Privileged Access Management hygiene, and we’ll focus on three key areas for a Privileged Access Management security program:

•Account Discovery and Credential Vaulting
•Session Management and Isolation

E-business relies on core network services to function. Name resolution through DNS and IP addresses handling (DHCP, IPAM), specifically.

And yet too many organizations view these crucial services as IT utilities. As a result, they miss out on the substantial cybersecurity benefits that lie hidden in them.

Make plans now to attend this live event where leading experts from Infoblox and (ISC)2 outline how to turn DNS and associated services into foundational cybersecurity assets. Join us and learn how the unique properties of DNS can enhance:
Security analytics
Malware detection, response and containment
Security orchestration and automation

Metadata helps you separate signal from noise, reduce time-to-threat-detection and improve overall security efficacy. And now application metadata helps you monitor user experience, troubleshoot problematic apps, understand “Shadow IT” usage and improve security posture within your organisation.

Join Gigamon as we discuss the growing need for application-aware network operations and how Gigamon Application Metadata Intelligence provides the deep application visibility needed to rapidly pinpoint performance bottlenecks and potential network security risks. You’ll see how next-gen network packet brokers enhance metadata with intelligence and insights from traffic flows so you’ll discover how to understand the performance and have control of hundreds of critical apps.

We all know that compliance and security aren’t always the same. Attend this session to learn how they differ, how compliance is broken, learn about some common examples, and see how you can modify your compliance plans to be more secure without failing an audit. Taught by 30-year security veteran and former auditor who has passed the CPA and CISA exams.

What you’ll learn:
· Difference Between Compliance and Security
· How Compliance Is Hurting Security
· How to Fix

Why organisations need a multi-pronged approach, rather than just filtering tools.
Phishing is not new – most organisations receive phishing emails all the time. Despite wide awareness of what phishing is and most organisations having some phishing mitigations, NCSC’s work with cyber victims shows that most cyber compromises still start with phishing emails. There are many tools and services that can detect and block phishing emails, but none are completely effective. NCSC, the UK’s technical authority for cyber security, advocates a multi-pronged approach to dealing with phishing risks, including people-focussed measures and wider network security, as well as phishing detection tools. NCSC’s work has found that many organisations do not follow this multi-pronged advice. This webinar will show that a more holistic approach to managing phishing risks is far more effective than even the most advanced detection tools, if they are used on their own.

As the phishing threat landscape continues to evolve at a pace that technology is unable to keep up with, organisations are turning to phishing awareness and simulation programs to plug the gap. Is your phishing awareness program keeping up with this changing landscape?

Join Cofense as we explore the attributes of a modern phishing awareness program and see what our data, based on millions of phishing simulations, shows about awareness programs and simulation exercises.

You will learn:
-The statistical advantage of using an email reporting tool
-The important role the end user plays in active defense
-How often you need to send simulations for maximum resiliency
-The advantages of basing simulations on active threats, not random dangers
-Why ‘phish testing’ is the enemy of true phishing defense

Defending against modern adversaries requires the ability to detect and understand threats quickly and to respond decisively. CrowdStrike’s experts fight and win these battles every day, and have one of the industry’s most comprehensive pictures of today’s top cyber threats.

Join us for a webcast featuring CrowdStrike’s John Titmus as he explores global observations and trends, and real-world intrusion case studies, delivering deep insights on modern adversaries, and their tactics, techniques, and procedures (TTPs).

Key takeaways:

-Global trends as seen across 1000s of real-world intrusion attempts, such as the emergence of mobile as a fruitful hunting ground for adversaries
-How organisations are using the MITRE ATT&CK framework to shorten the time to investigate and understand threats
-Why “speed” is the new critical metric in cybersecurity and the key steps you can take to improve your organisation’s ability to detect, investigate and remediate threats

Industry analysts and security leaders agree – organisations should prioritise privileged access security programs to maximize risk reduction with respect to the resources required for deployment. “Privileged Access” is what attackers seek, and this access is increasingly available in places organizations overlook including applications.
Join us for a session that will cover the basics of privilege access security. We’ll address how to define a program with respect to people, process and technology. We’ll also review some lessons learned from the field that will facilitate a successful launch.

Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session