Is Enterprise Security Positioned to Succeed?

In the CISO Says Series, information security leaders share their experiences of what it means to be responsible for establishing and maintaining an enterprise's security vision and strategy in an interview format.

In this session Bruce Beam, Chief Information Officer at (ISC)² will provide insight into the path he took to become a Cybersecurity Leader and how he is reinventing the role in the face of accelerating industry change

As organisations increase their reliance on third-party vendors for outsourced solutions, they expand their attack surface.
Today’s digital environment offers tremendous opportunities for modern organisations. At the same time, there is more risk. Vulnerabilities and infections plague organisations around the globe — and their numbers continue to rise.

The tips discussed in this webinar will help you start managing third-party risk to centralise your program and get a preliminary perspective of the risks you face. Once this foundation is established, you can build on it and shift to a more proactive approach to managing third-party risk — and limiting your exposure.

In this webinar, Chris Poulin (Principal Consulting Engineer, BitSight) and Kimberly Johnson Product Marketing Manager, BitSight) discuss:
•The state risk and the rise of global vulnerabilities and infections.
•The supply chain as an expanded attack surface.
•5 tips for launching a third-party risk management program.

Join the Guide to Your (ISC)² Membership in EMEA webinar to learn more about these topics and others including:
- CPE opportunities, member benefits and getting involved
- Updates on (ISC)² news, developments and changes in your region
- Your membership requirements summarized
- Who are the (ISC)² EMEA team and how we can help you
- Focus discussions
- Q&A session

Mottos like "If you see something, say something" speak to the power of human observation in preventing security disasters. Similarly, valuable human-generated intelligence can be effective in preventing data breaches emanating from phishing attacks. In today’s changing cyber threat landscape, humans need to be conditioned to recognise phishing attacks and security teams need to be armed with actionable threat intelligence to rapidly manage an attack once it hits.

This is where Phishing Threat Intelligence comes into play. By extracting key IOCs from newer phishing threats and making them available to security teams, organisations can detect attacks in progress and respond quickly to reduce the effect of a breach. Plus, by incorporating the same intelligence and tactics in your awareness program, you can train your users to more quickly detect and report an active threat.

Join this webinar to learn about:
-The constantly changing threat landscape
-Turning active, real threats into learning moments for your users
-Speeding up response with timely, actionable intelligence

Constantly evolving threats and shortage of qualified cybersecurity professionals have led security teams to move to security workflow automation to meet the demands. It’s not enough to have a great tool nowadays. These tools have to work better together to meet today’s security challenges. Security orchestration, automation and response (SOAR) tools improve efficiency and efficacy of security operations by automating threat intel management, event monitoring and incident response processes.

One of the key sources of contextual network and threat intel data comes from infrastructure that organizations already rely on for connectivity – DNS, DHCP and IPAM. This data along with timely, reliable and accurate threat intel can be used to improve scoring and investigation, assist in prioritizing incoming incidents, and can be relied upon to build automation.

Join this webinar to learn how a well architected DNS, DHCP and IPAM can power SOAR platforms to:

-Block/unblock domains using context
-Enrich other security tools with valuable IPAM data
-Enhance and improve incident response with better threat intelligence

Defending against modern adversaries requires the ability to detect and to understand threats quickly, and to respond decisively. CrowdStrike’s experts fight and win these battles every day, and have one of the industry’s most comprehensive pictures of today’s top cyber threats. Join CrowdStrike for a deep dive into global observations and trends, and real-world intrusion case studies, delivering deep insights on modern adversaries, and their tactics, techniques, and procedures (TTPs).

Learning Outcomes:
-Why “speed” is the new critical metric in cybersecurity.
-How organisations are using the MITRE ATT&CK framework to shorten the time to investigate and understand threats.
-Trends in adversary tradecraft, as seen across 1000s of real-world intrusion attempts.
-Action plans that you can use to ensure your organisation is ready to anticipate and defend against the most dangerous threats of tomorrow.

What is the MITRE ATT&CK framework? Where did it come from? Why and how should you use it? Get the answers to all of these questions, as security experts from Splunk take a practical look at how your SOC and SIEM can apply the MITRE ATT&CK framework. Ensure the coverage of known TTP’s of threats your business is exposed to, to improving threat hunting and detection of Adversary’s. Join this webinar to discover:

• What the MITRE ATT&CK framework is, and why it should be used
• How to align your use cases to the MITRE ATT&CK framework
• How to navigate an ATT&CK Threat group TTP's
• How to track and monitor your detection capabilities to ensure wide coverage

For many years the choice for monitoring networks has been focussed on the collection and Analysis of raw packets. With the increasing need for multiple tools and SIEM's to get access to this data, along with requirements from Forensic Response teams, a more streamlined method of understanding the behaviour of traffic and user behaviour is required. Whilst NetFlow version 5 and 9 do provide some visibility, there are challenges such as sample rates and lack of Application Layer inspection that need to be addressed.

Join us for this webinar to learn more about how you can:

-Produce rich Metadata from network traffic and dive into the Application Layer
-Use this rich Metadata for Security, Forensics and Business Intelligence purposes
-Generate Metadata based on the application rather than the IP & Port
-Ensure that the Application traffic, regardless of port spoofing, produces the correct Metadata

Office 365 has become the platform of choice for document collaboration and sharing. If you’re using Microsoft Office 365 or planning to migrate there, understanding the types of security attacks you can expect is imperative.

Discover how to:

- Simulate common Office 365 attacks
- Test and educate your end users
- Spot attacks in their early stages

Distinguishing between good bots, bad bots, and humans is a major challenge. Today, over 50% of online traffic is generated by bots and they are involved in nearly every attack. Identifying malicious bots and safeguarding against them is now a top priority for organisations developing a sustainable security strategy.

Join us for this webinar to learn:

• How bots infect, propagate, and attack applications
• What types of application attacks are commonly performed by bots
• How you can defend against bad bots without disrupting the good ones

Despite investment in next-gen technologies and employee awareness training, phishing threats continue to become more sophisticated and more effective. It’s time for organisations to accept that REAL phish are the REAL problem. Join the Cofense Phishing Threat Landscape review to discover the trends defining phishing in 2019 and priorities for defending your organisation going forward.
Attend this webinar to learn how attackers are:
•Using major malware types and their innovative tactics, techniques, and procedures
•Intensifying credential theft as organizations move infrastructure and applications to the cloud
•Evolving Emotet and the threat actors behind the botnet
•Increasing proliferation of sextortion phishing emails

We’ll examine the obvious changes in the phishing threat landscape, plus look ahead at trends shaping 2019.

More than 130,000 information security professionals have invested time, determination and resources to attain the CISSP certification. Join (ISC)² members from different regions on May 21, 2019 at 10:00AM Eastern as we discuss what pain points, issues and challenges they encounter in their day-to-day work life, as well as solutions, tips and best practices they have developed along the way. We’ll also examine how the CISSP certification has helped them with their job and career.

Today, your users directly access cloud applications from everywhere. Transformative technologies such as SD-WAN, IoT and the cloud are borderless and complicate security. Non-standard IoT devices using non-standard protocols are rapidly proliferating. And yet, securing your digital transformation doesn’t require a new tool.

Instead, it takes a simple, scalable and integrated security solution that makes your existing security infrastructure smarter and more efficient. DNS is foundational to the Internet and IP-based communication. It is also the perfect foundation for security: simple to deploy, ubiquitous in networks, essential for connectivity and scalable to Internet size.

Join this webinar to learn how using DNS as a foundational security architecture can:
• Protect your brand by securing traditional networks and digital transformations
• Reduce time and cost of defending your enterprise against threats
• Detect and remediate problems automatically and provide data to the entire ecosystem

Every day, security professionals around the globe face advanced cyber-threats, ranging from opportunistic malware to targeted, human-driven attacks. As we enter a new era of AI attacks that are hyper-stealthy and self-masking, how can organizations adapt their defenses? Join Darktrace’s Director of Threat Hunting, Max Heinemeyer, as he shares expert insights on the future of AI-driven cyber-attacks and the need for AI that fights back.

In this webinar, Max will:
· Present three scenarios of advanced cyber-attacks
· Illustrate how these sophisticated attacks can be supercharged with AI
· Explore the critical importance of deploying AI to prepare for this paradigm shift in the threat landscape

As more organisations deploy cloud apps like Office 365, AWS, and Slack securing corporate data becomes a challenge. Cloud Access Security Brokers (CASBs) have emerged as the go-to solution for organisations that need end-to-end data security, from cloud to device. In fact, Gartner believes that by 2022, 60% of large enterprises will use a CASB to govern some cloud services.

In this webinar, we'll explore:
•Critical gaps in cloud applications that must be filled
•The 4 pillars of CASB
•What makes CASBs different from security solutions built natively into cloud apps like Office 365.
•Case studies on how leading enterprises leverage CASB to secure their cloud footprint.

Join us to learn how a CASB can help you meet your security and compliance requirements.

In the CISO Says Series, information security leaders share their experiences of what it means to be responsible for establishing and maintaining an enterprise's security vision and strategy in an interview format.

In this session Abeer Khedr, Information Security Director at the National Bank of Egypt will provide insight into the path she took to become a Cybersecurity Leader and how she is reinventing the role in the face of accelerating industry change.