Modern Best Practices to Accelerate your Threat Modeling for Enterprise Security

Expert panel: With the increased adoption of threat modeling, the question of creating clear value from it becomes more compelling. In this webinar, our expert panelists from Microsoft Services, Cyber Electra and Security Compass will explore several attributes of what makes a good threat model along with challenges that organizations typically face when adopting threat modeling. We will discuss practical steps businesses can take to uncover potential vulnerabilities, and evaluate various threat modeling methods - both traditional and emerging. Walk away with some actionable steps for your organization that may be used as a starting point to create threat models that suit today’s fast-moving business environment.

Join us and explore:
- Best practices security leaders should consider regarding threat modeling options and strategies
- Key components of effective threat modeling to suit today’s fast-moving business environment
- How threat modeling strategies should be customized for your business needs

Effective application security programs both highlight security requirements early in the development process and manage vulnerabilities throughout the development lifecycle. This webinar demonstrates how the SD Elements security requirements automation system can be integrated with the ThreadFix vulnerability resolution platform to provide end-to-end tracking throughout the SDLC. The combination increases both developer and security team productivity by providing a seamless way to enumerate security specifications and track development teams success in meeting these obligations, and the presentation provides insight into how the integrated system reduces the cost of developing and maintaining secure applications.

DDoS Strike recently released the “State of DDoS Mitigation” report, with findings based on authorized DDoS tests on numerous companies in the telecom, tech, financial, and entertainment sectors. Despite having enterprise-level DDoS mitigation technology in place, virtually all of the targets were compromised, revealing common vulnerabilities and oversights in DDoS defenses.

Major findings included:

95% of targets experienced service degradation
78% of targets were unable to mitigate an attack
70% of targets needed non-technical improvements (people and process)
95% of targets needed rate limit tuning
Application layer attacks were the most successful and caused the longest downtime
Average bandwidth to cause downtime was only 4.3 GB/s
While problems were pervasive, the vast majority were fixable, and arose from misunderstandings about the nature of DDoS attacks and how to use DDoS mitigation technology and techniques.

In this webinar, DDoS Strike Vice President Sahba Kazerooni will dig into the report and explain how and why so many DDoS defences fail. Then he’ll explain what businesses can do to catch up and be ready when hit with a real DDoS attack.

Many application security teams scramble to pinpoint vulnerabilities and flaws during the testing and release stages while managing limited security resources, a multitude of compliance regulations and surprise feature requests. Although these teams are trying to follow the right application security practices, they're being left in the dark, over-worked and most importantly applications are being shipped with fragmented security. The common denominator we have experienced with our customers is reliance on dynamic and static testing tools during the final stages of the lifecycle, ignoring the benefits of building security in during the first stage of the software development lifecycle: Requirements.

Join DDoS Strike Vice President Sahba Kazerooni for an analysis of the most common vulnerabilities in DDoS mitigation, based on real data gathered from testing live production environments.