The business of cyber security is here today and growing. Innovations in technology have provided organizations with numerous opportunities for new products, markets, and distribution channels. At the same time these innovations have dramatically increased the risk profiles for companies of all sizes and across all industry segments.
The biggest vulnerability we face today and in the future is the misperception of risk. A perfect storm of risk has been brewing for decades and has hit with full force the past few years. It has moved from a backroom issue to the boardroom and many have not been prepared. Many more still aren’t prepared.
This discussion will be about cyber risk leadership exploring the threat and vulnerability cycle and the potential future trends as they related to Information and Technology risk. We will discuss the risks so that a non-security person that is in the c-suite can comprehend cyber risks. It will be communicated not from the doom and gloom that many in the security industry so readily create to scare people in to purchases but in the context of the enterprise risk and the top 10 universal business risks. We will also discuss what everyone needs to look for in security solutions to ensure they meet what is required to achieve the goals of the business.
The lessons from this interactive session will allow you to not only provide ideas on how to capitalize on technology to improve your business but also offer practical ways to protect the business so that you can survive and thrive in this new environment.
RecordedMay 11 201641 mins
Your place is confirmed, we'll send you email reminders
Sunil Choudrie, Global Solutions Marketing Mngr - Symantec & Ravi Pather, VP EMEA, Cloud Data Protection Solutions - Bluecoat
The adoption of SaaS is accelerating faster than expected. However, as this SaaS adoption accelerates, enterprises are discovering various legal and regulatory data compliance responsibilities that maybe challenging to address in a seamless manner or potentially slow down the adoption of SaaS applications and potentially innovation.
• How enterprises can leverage the full value of SaaS applications such but fully meet complex data compliance needs without impacting the usability of the SaaS application. Learn how sensitive data can be protected yet leverage the full benefits of the SaaS application without breaking SaaS application functionality such as searching, sorting and reporting of sensitive data.
• The different methods of data obfuscation such as 'data tokenization' and 'data encryption' and understand the specifics when meeting and demonstrating data compliance in a SaaS environment.
• If SaaS vendor application encryption can be relied upon to address your enterprises data compliance requirements when the sensitive data is encrypted just at rest. What are the data compliance implications of key management and who controls the encryption keys?
This talk provides a look into the fatigue that we’ve observed in operating and managing security operations teams. We look at some of the causes, indicators, costs and prevention techniques to help internal Incident Response (IR) and security teams be more effective. We will explore solutions like tooling, cross-training, continuous rotations and explain the benefits of these approaches and why you should rethink how you run your SOC/CIRT/MSSP.
The need to detect data security blind spots is becoming more important every day. This includes sensitive data that was not found in the data discovery process, as well as failures of our deployed critical security control systems. Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows, allowing attackers to identify a way to compromise the systems and steal sensitive data. This can also impact our real compliance posture and compliance to PCI DSS 3.2.
Revisions to PCI DSS point toward the realization that security must be built into the development process. This is frequently referred to as Rugged DevOps or SecDevOps, and is embracing the speed of DevOps and continuous delivery in a secure environment. DevOps does affect security, and you can use it to your advantage. As cloud, big data and DevOps disrupt traditional approaches to security, new capabilities emerge to automate and enhance security operations.
Join this session and learn how to automatically report on these data security blind spots and how security can be built into the development process and platforms. Ulf Mattsson, CTO of Compliance Engineering will discuss how security can be built into the development process, including Rugged DevOps,SecDevOps vs DevSecOps, Scrum, SAFe, DAD and use in Large-scale Development.
Tiago Pereira – Threat Intel Researcher, at AnubisNetworks
Nivdort is a malware family that has been around for several years. Over these years it has been subject to several improvements and, as a result, today it is a very interesting piece of malware with an uncommonly large number of features that has steadily kept a few botnets running with a high number of infections.
Join us on this webinar to learn more about the Nivdort family and some of its extensive list of tricks (e.g. DGA, P2P, information stealing, email spam, instant messaging spam, bitcoin mining), and about its worldwide infection distribution.
Ransomware has spread epidemically in 2016. Analysts, IT pros and corporate staff list it among the top IT security threats. According to a report prepared by the Cyber Threat Alliance (CTA), CryptoWall, version 3.0, alone has already cost its victims $325 million. Malicious software R&D is funded profusely through sources ranging from the proceeds of criminal activity to money raised through crowdfunding services. Under crowdfunding, those who pay the developer receive a copy and can try using it.
Join our new webinar “Withstanding a ransomware attack: A step-by-step guide” and learn:
-What you should do to ensure your data’s availability,
-How to train your colleagues to avoid being caught on the hook of ransomware,
-How to moderate the aftermath of a ransomware attack,
Contrary to the fear around malicious insiders and external hackers, the Information Commissioner's Office recently reported that the most common data security incidents reported to them are all due to inadvertent human error (incidents like misaddressed emails and laptops being left on trains). In the face of game-changing regulatory changes like GDPR, it's crucial that information security and data protection professionals prioritise addressing the most prevalent risks first, not the ones that appear the scariest.
The purpose of this webinar is to provide a deep insight into the concerns of cyber defence for small and midsize enterprises, taking into account all the financial aspects of those organisations.
As the case study to this research, we would use the example of Republic of Serbia being the part of Southeastern Europe. Through such an overview the audience would get familiar with all the pluses and minuses of doing a business in that part of the world. Also, we would mention that investing into a cybersecurity amongst a small business – primarily relying on well-developed cyber procedures as the ways of the incident prevention as well as some smart steps of incident response and managing the risk may affect your businesses lose less funds being the consequence of cyber diversions – so make them stay financially secured.
The audience who would learn the most from this presentation could be IT Security Professionals, Financial Professionals and potential Investors who would intend to take advantage over skilful workforce not being that expensive.
Patrick Grillo, Senior Director, Security Solutions, Fortinet
The firewall wars have caused nothing but confusion in the market. Lines have been drawn between UTM and NGFW; are they different or are they the same thing? Unfortunately that confusion has led to introducing complexity and vulnerability in enterprise networks. There is a better way. Rather than fighting through a sea of acronyms, focus on what’s really important - How can I simplify my security infrastructure and improve my ability to fight off advanced attacks, no matter where they occur in the network?
This session will present a new way of thinking about firewalls, one without the confusion, acronyms and complexity.
Ely Kahn, Adam Isles, Rob Knake, Paul Kurtz, and Jacob Olcott
On November 8th, the citizens of the United States will elect their next President, who will be facing a variety of cybersecurity issues that he or she will need to address.
On November 7th at 11 AM PT, a panel of former senior government officials will come together to discuss these cybersecurity issues that the next President will be facing.
Moderator: Ely Kahn, Co-Founder of Sqrrl and former Director of Cybersecurity at the National Security Council, White House
- Adam Isles - Principal at The Chertoff Group and former Director of International Economic Affairs at the National Security Council, White House
- Rob Knake - Senior Advisor at Context Relevant and former Director of Cybersecurity at the National Security Council, White House
- Paul Kurtz - Co-Founder and CEO of TruStar and former Special Assistant to the President for Critical Infrastructure Protection at the National Security Council, White House
- Jacob Olcott - Vice President Business Development at BitSight and former Counsel at the US Senate
While their cyber tactics may be continuously changing, bad actors can’t avoid interacting with core components of the internet. These interactions leave a trail that when connected through rigorous threat infrastructure analysis, can reveal the full scale of an attack and provide the information needed to determine the best response. The key to this analysis is access to a variety of global datasets and the ability to correlate and pivot between them in your investigation.
In this two part series we will look at a range of global datasets and how each can be used to shed additional light on your adversary’s infrastructure. This session will focus on SSL Certs, Host Pairs and Trackers. We will also demonstrate how security analysts can use the free community version of RiskIQ’s PassiveTotal to gain access to and pivot across these global datasets.
Are government encryption backdoors and privacy in such a fundamental conflict that one necessarily obliterates the other. We will also be examining this issue in the context of the big data era - is law enforcement really going dark or is right now the golden age of surveillance?
Web gateways and proxies are losing to malware and other advanced threats and are generating troubling operational overhead. Join us to learn the top 5 reasons why gateways are falling behind and experience a live demo of web isolation which prevents malware from ever reaching the corporate network.
Greg Foss, Head of Global Security Operations, LogRhythm and Sarah Miller Threat Intelligence Analyst, Carbon Black
Security operations is all about understanding and acting upon of large amounts of data. When you can pull data from multiple sources, condense it down and correlate across systems, you are able to highlight trends, find flaws and resolve issues.
This webcast will cover the importance of monitoring endpoints and how to leverage endpoint data to detect, respond and neutralize advanced threats.
- Why endpoints are the new perimeter
- How employees can strengthen your security operations strategy
- Techniques to test and validate security awareness program
- How to take the data that Carbon Black collects, correlate it against thousands of endpoints, and dynamically neutralize threats using the LogRhythm security intelligence and analytics platform
Register now to learn how LogRhythm and Carbon Black can help you strengthen your overall security operations strategy—all within a single interface.
CP Morey, VP Products & Marketing at Phantom Cyber
Both Presidential candidates agree on the need for increased spending on our nation’s infrastructure. While we tend to think first of bridges, roads, and other physical features, cyber is also an area impossible to ignore given the pervasiveness of technology in our lives.
Without question, the speed, sophistication, and volume of cyber security attacks is constantly changing. In the case of nation states, the motives are also shifting from spying and surveillance to using offensive capabilities to attack critical infrastructure, national security assets, and even the political system itself. It’s no longer just about the money; safety and even lives may be at stake.
Adversaries are attacking us at an unmanageable scale. For instance, research sponsored by Department of Homeland Security and NSA showed environments with security event traffic of more than 1 billion alerts per day. Even after reducing the load to 1 million alerts per day with correlation and other tools, more than 20,000 human analysts would be needed to respond.
State-backed adversaries are using automation against us. It’s time we do the same, and projects like Integrated Adaptive Cyber Defense at Johns Hopkins Applied Physics Lab are leading us there.
Join our webcast to learn how public and private organizations are progressing on the security automation continuum from simple security lifecycle management to predictive response strategies.
Oliver Pinson-Roxburgh, EMEA Director of Solutions Architecture
Do you know if your workloads are secure? Do you have the same security and compliance coverage across all of the cloud platforms and datacenters running your critical applications? Are you having to design your security framework each time you deploy to a new region or datacentre?
Whether you’re working with multiple cloud environments or exclusively on Azure, there are certain things you should consider when moving assets to Azure. As with any cloud deployment, security is a top priority, and moving your workloads to the cloud doesn’t mean you’re not responsible for the security of your operating system, applications and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your Azure environment is secure.
Register for this impactful webinar as we discuss step-by-step what you need to do to secure access at the administrative, application and network layers.
In this webinar, we will take a look at:
• The Shared Security Model: What security you are responsible for to protect your content, application, systems and networks
• Best practices for how to protect your environment from the latest threats
• Learn how traditional security approaches may have limitations in the cloud
• How to build a scalable secure cloud infrastructure on Azure
Alex Holden, Founder and CISO of Hold Security, LLC
Political elections shape our society for the years to come. While the foreign hackers are no longer watching our politics out of interest, they are electronically directly interfering with our politics. The Sony Pictures breach was more of a political statement, than a data loss event. With US elections around the corner, we are more of a cyber breach target than ever. Wikileaks is releasing documents, Russian hackers allegedly breaching DNC, and there is more to come. We will examine the current trends, look at the history of the worst manifestations of hackers influencing politics. Then we will draw conclusions on how the politics are changing under a threat of a constant privacy breach.
The US election and its voting infrastructure are under attack. The result is ugly and shows the extent to which we need to plan for and protect against the influence of cyber-related attacks on US elections in future. In this brief discussion, Simon Crosby, CTO of Bromium will review the underpinnings of Democracy, and how we might defend it when it is in everyone’s interest to subvert it.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.