Hi [[ session.user.profile.firstName ]]

Why visibility is a crucial part of any security strategy

With a recent increase in high-profile security breaches and compliance violations, traditional security mechanisms, such as firewalls, IDS, and antivirus are no longer enough to defend against external attackers, and insider threats. By having increased visibility into internal changes, configurations, access events, and permissions across the IT infrastructure, organizations can far more effectively defend against such attacks.

So, please join our local auditing and compliance team from Netwrix, Pete Smith (Regional Sales Manager Europe) and Russell McDermott (Pre-Sales Engineer) and see how Netwrix Auditor can unlock the door into possible breaches in your IT environment.

From our brief session you will learn:

• How deeply security breaches and data leaks are really effecting organizations
• How to protect your data from the insider threats
• How to have “peace of mind”, and achieve complete visibility of your IT infrastructure
Recorded Sep 7 2016 44 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Peter Smith, Regional Sales Manager - Europe & Russell McDermott, Sales Engineer, Netwrix
Presentation preview: Why visibility is a crucial part of any security strategy

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • How to Address the Biggest Hole in Identity and Access Security May 17 2017 3:00 pm UTC 60 mins
    Tatu Ylonen, Founder & SSH Fellow, SSH Communications Security, Inc.
    IDC called SSH keys “the gaping hole in your IAM strategy.” For a reason, when many banks and enterprises have literally millions of unaudited credentials granting access to their production servers and use OpenSSH configurations that allow any system administrator to self-provision permanent access to any server they use - for themselves and others - and there is no termination process for this access.

    It is a fundamental question of Who can access what, of separation of duties, and of enforcing internal boundaries (to PCI systems, financial data, health information, development vs. production, or classified compartments). Every cybersecurity regulation requires basic control of identities and access, and that is where real security starts.

    Half of the top 10 banks in US and UK have now began addressing the issue. Most other enterprises are only beginning to grasp the problem.

    This talk explains the issue and how to start addressing it. By the principal author of NIST IR 7966, the NIST guidelines for managing SSH access.

    About the Presenter:
    Tatu Ylonen is a cybersecurity pioneer with over 20 years of experience from the field. He invented SSH (Secure Shell), which is the plumbing used to manage most networks, servers, and data centers and implement automation for cost-effective systems management and file transfers. He is has also written several IETF standards, was the principal author of NIST IR 7966, and holds over 30 US patents - including some on the most widely used technologies in reliable telecommunications networks.
  • Shark Attacks and Car Crashes: Interrogating Fear and Risk in Data Protection May 17 2017 10:00 am UTC 45 mins
    Tim Sadler, ‎Co-founder & CEO, CheckRecipient
    Contrary to the fear around malicious insiders and external hackers, the Information Commissioner's Office recently reported that the most common data security incidents reported to them are all due to inadvertent human error (incidents like misaddressed emails and laptops being left on trains).

    In the face of game-changing regulatory changes like GDPR, it's crucial that information security and data protection professionals prioritise addressing the most prevalent risks first, not the ones that appear the scariest.

    This webinar is ideal for any security professionals looking to understand the regulatory and data protection landscape; reduce vulnerabilities; respond to threats more effectively and remediate breaches more effectively.
  • User Behavior Analytics: A CISO’s Buyers Guide May 16 2017 5:00 pm UTC 60 mins
    Greg Schaffer, CISO at FirstBank & Author at Security Current
    When assessing new technologies, the value of peer input cannot be overstated. In Security Current’s CISO-authored report, “CISOs Investigate: User Behavior Analytics,” 11 CISOs offer insight, quick wins and best practices for assessing and implementing UBA solutions.

    In this webinar, FirstBank CISO & lead author of CISOs Investigate series, Greg Schaffer, will discuss the following:

    - UBA technology overview
    - Compliance overview
    - Strategies for selling to the C-Suite
    - Market assessment
    - Counterpoints and compensating controls
    - Key takeaways for CISOs considering UBA

    About the Presenter:
    With over 25 years of experience, Greg Schaffer is a seasoned information technology and security executive proficient in information security planning and project management, information security risk assessment and mitigation, technical writing, policy and standards creation and implementation, and disaster recovery and business continuity. Currently, Greg is responsible for all aspects of information security risk management for FirstBank, the third largest Tennessee-headquartered bank. Greg’s previous information security executive roles include serving as the Metropolitan Government of Nashville and Davidson County's first CISO and as AVP Network and IT Security at Middle Tennessee State University.

    Greg is active in the security and risk management communities and currently serves on the Board of Directors for the Middle Tennessee Risk Management Association. Previous security community leadership roles include FS-ISAC Community Council co-chair, Middle Tennessee ISSA chapter board member, and chair of the Tennessee CISO Roundtable.
  • Preventing a “Data Breach Unicorn” in the Financial Space May 16 2017 3:00 pm UTC 60 mins
    Dr. Christopher Pierson, EVP, Chief Security Officer & General Counsel, Viewpost
    2016 saw the first Data Breach Unicorn with the loss of over 1 Billion records from Yahoo. How do we move forward in 2017 when the risks continue to increase, cybersecurity controls continue to under-perform, and cybersecurity professionals continue to be thrust into purely defensive positions in most financial organizations? This keynote we will explore the new normal for cybersecurity at financial institutions and FinTech companies, the latest attacks and trends & controls, and how to enable business through cybersecurity.

    About the Presenter:
    Dr. Chris Pierson is the EVP, Chief Security Officer & General Counsel for Viewpost - a Fintech payments company. He is a globally recognized cybersecurity expert and entrepreneur who holds several cybersecurity and technology patents. Dr. Pierson serves on the Department of Homeland Security’s Data Privacy and Integrity Advisory Committee and Cybersecurity Subcommittee and is a Distinguished Fellow of the Ponemon Institute. Previously, Chris was the first Chief Privacy Officer, SVP for the Royal Bank of Scotland’s U.S. banking operations leading its privacy and data protection program. Chris was also a corporate attorney for Lewis and Roca where he established its Cybersecurity Practice representing companies on security and data breach matters.
  • Trusting Data Protection by FinTech: The Questions to Ask May 16 2017 2:00 pm UTC 45 mins
    Jeffrey Ritter
    Global FinTech innovations challenge institutions and customers to navigate how to align the innovations to complex privacy and data protection rules, both in law and in contract. Key questions need to be asked, and answered, to achieve success. Learn how to make the answers useful to conforming to those requirements.
  • Securing FinTech: Threat-based testing along the kill chain May 16 2017 10:00 am UTC 45 mins
    Peter Wood
    Threat-based testing, accurately simulating criminal attacks, is a critical approach in securing FinTech. Attackers constantly evolve their attack methods and strategies in response to changing technologies, making it essential that security tests match the threat landscape.
  • Quantifying Cyber Risk: A Top-down Approach May 16 2017 8:00 am UTC 45 mins
    Ariel Evans, CEO, Innosec
    Cyber risk must be measures using a top-down approach to understand the business impact of cyber risk in dollars and cents and the effectiveness of cyber controls. Bottom-up approaches stop at the system level and do not tie the business processes to the data assets and the systems, hence they lack the ability to demonstrate the effect a missing control, or a discovered vulnerability has on cyber risk.

    Bottom-Up methods have proved themselves to be extremely inaccurate as they measure controls on the technology level and only describe the control maturity and not its effectiveness. Control maturity is a term that is commonly used by IT to measure their ability to perform and is derived from IT governance methodologies such as CobIT, ITIL and CMMI models. From a Risk Management perspective, controls maturity has no effect on Risk because it only describes the implementation status of the control. For example, an Anti-Malware solution can be 90% mature because it is installed on 90% of the end-points. But from a Risk perspective, the policy this control is enforcing could be irrelevant to the Risk. So its effectiveness could be 0%.

    Measuring cyber risk by evaluating controls maturity puts the insurer in a very high exposure for loss. Learn how to quantify cyber risk in dollars and cents.
  • Surveillance, Then and Now: The Growing Need for Privacy & Security by Design Apr 24 2017 5:00 pm UTC 60 mins
    Ann Cavoukian, Executive Director, Privacy & Big Data Institute at Ryerson University
    The growth of state surveillance appears to be escalating dramatically. With the most recent Wikileaks Vault 7 revelations, it is clear that independent oversight is totally lacking and yet, much-needed if we ever hope to curb such unwarranted surveillance. Transparency relating to such activities is essential in order to hold governments accountable for their actions. The need for both global privacy and security - by design, is growing on a daily basis, and will be outlined in this presentation, in an effort to move things forward.

    About the Presenter:
    Dr. Ann Cavoukian is recognized as one of the world’s leading privacy experts. She is presently the Executive Director of Ryerson University’s Privacy and Big Data Institute. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into design, thereby achieving the strongest protection possible. In 2010, International Privacy Regulators unanimously passed a Resolution recognizing Privacy by Design as an international standard. Since then, PbD has been translated into 39 languages. Dr. Cavoukian has received numerous awards recognizing her leadership in privacy, most recently as of the Top 100 Leaders in Identity (January, 2017).
  • WikiLeaks CIA Document Dump: What You Need to Know Apr 11 2017 5:00 pm UTC 60 mins
    Paul Kurtz, CEO & Co-Founder of TruSTAR Technology
    In light of the recent publishing of thousands of CIA-related documents by WikiLeaks - the largest leak of classified documents in CIA history, we will discuss the implications of the revealed information across industries and users, in the US and globally.

    Join the discussion and learn more about:
    - What is Vault 7 and how does it affect you?
    - What can we expect, as more documents get releases?
    - How will this affect organizations, and the relationship between the tech industry and government agencies?
    - Recommendations on how we can better secure our data and privacy
  • Streamlining Your Data-Security Program to Meet Regulatory Change Apr 4 2017 5:00 pm UTC 60 mins
    Colin Whittaker, Moderator; Vibhav Agarwal, MetricStream, Mark Bower, HPE Security - Data Security, and Brian Kelley, IDERA.
    Data security and the challenge of data protection is increasing in scope and difficulty. The massive volume of data that businesses are collecting is growing exponentially, and managing compliance delivery is a daunting task with huge negative consequences for getting it wrong. While organizations have long needed to safeguard intellectual property and confidential information, changes in information technology and business models introduce new threats, and new regulations. Governments and industry bodies are imposing new regulations to motivate organizations to protect the privacy and confidentiality of information. Responsibilities can vary widely by region and by industry, and staying on top of an ever-shifting regulatory landscape is complex and challenging, but it isn't impossible.

    Successful organizations coordinate enterprise-wide regulatory compliance activities with tools to identify and address new and changing regulations, and are able to map the impact of these regulations across the entire infrastructure, and prioritize compliance activities according to business impact. By deploying a consistent, sustainable, scalable and measurable process for managing regulatory change, they are able to eliminate manual, non-scalable and non-strategic activities to reduce the cost and improve the speed of regulatory compliance programs.

    On this webinar our panel of experts will discuss the key points to streamline your data-security program and meet regulatory change.
  • A Day in the Life of an Incident Investigator - Live Demo Apr 4 2017 1:00 pm UTC 60 mins
    Amar Singh Cyber Management Alliance
    This webinar includes a live demo of real incident response play-books in action!

    Join Amar Singh and his special guests in this highly informative and educational webinar on:

    * How to design play-books (aka run-books) for different attack scenarios.
    * How to align your incident response to official standards.
    * Learn more about a day in the life of an investigator.
    * How to create an effective triage process that works for every type of attack.
    * Discover the various types of data enrichment attributes to apply to every incident.
  • GDPR: How to Manage Risks and Reputation within Any Data-Driven Company Apr 3 2017 2:00 pm UTC 45 mins
    Ronald van Loon, Director Business Development, Adversitement
    With the new GDPR taking effect in 2018 in the European Union, clients and consumers will have more control over their data, allowing them to decide which companies can use and store their information, which will have a substantial impact on data driven businesses. This includes all data analytics, and all applications, including Big data, Business Intelligence, data warehouses, data lakes, analytics, marketing applications, and all other applications where data is used. Client consent will be at the forefront of a business’s concerns, and organizations must manage this process to be compliant.

    Data-driven companies need to apply proactive measures that will help in effectively managing their risks and reputation when client trust is at stake.

    In this webinar, speaker Ronald van Loon will discuss the following:

    •Maintain client trust with appropriate data management
    •Taking steps to reduce risks and protect your reputation
    •Adopting a Protection by Design approach to data
    •How to implement technical infrastructures to protect and govern client data
    •Utilizing a Data Protection Officer to define how data is collected and stored
    •How to handle the various data streams

    Stay Tuned for a Q&A at the conclusion of the webinar with speaker Ronald van Loon
  • Ransomware Wins! User Awareness Doesn't Work! What Do you Do? Mar 30 2017 1:00 pm UTC 60 mins
    Amar Singh & Industry Experts
    Nope this is NOT another webinar on How to Protect Against Ransomware blah blah blah.

    If you reckon that users (yes that includes you and me) are the first line of defence against ransomware! Sorry to break it to you but you are WRONG! We are all humans and we make mistakes and ransomware creators know that.

    You have a choice.Hope and or pray that your awareness training protects your employees and your business from becoming a ransomware victim OR attend this webinar and learn what you can do to protect your business.

    Note: This is not your typical webinar. Cyber Management Alliance’s unique and interactive approach to webinar’s allows everyone to have a say and share their knowledge. The host, Amar Singh firmly believes that every member of the audience has valuable input and that each attendee brings their own context and perspective. So, join in, share and learn.
  • Learn: SANS CyberTalent Women's Immersion Academy (Cybersecurity Training) Mar 27 2017 9:00 pm UTC 60 mins
    Sonny Sandelius, SANS CyberTalent Division
    Join the SANS Institute and WSC for an insightful presentation about the SANS CyberTalent Women’s Immersion Academy. This academy is designed to help qualified women receive training and certifications to quickly and effectively launch careers in cybersecurity. The Immersion Academy is an intensive, accelerated program designed for completion in six to eight months, depending upon program selected. The program is at NO COST to the selected women who attend and includes training and certification.

    Applications are due by April 5th, 2017.

    Come listen to learn:
    • What the selection process includes and important application tips
    • Understand what kind of training is provided (length and format)
    • Hear from a recent graduate who will share her experience
    • How this training academy and related certifications can help your career
  • Machine Learning Can Address the Most Pressing Security Challenge Recorded: Mar 23 2017 51 mins
    Kasey Cross, Director of Product Management at LightCyber
    Noise is the enemy of breach detection and response. After a major data breach it is often the case that signs of an attacker existed, but were buried in thousands of other security alerts that were mainly false positives.

    With machine learning, meaningful signs of an attack are more easily detected and isolated, so a security operator can focus on precisely the right issue.

    This session will examine:
    - The problem of noise
    - The role of machine learning in sifting through vast amounts of data to get to the fidelity needed to detect an attacker
    - Best practices for including machine learning in your security operations

    About the Presenter:
    Kasey Cross is a Sr. Product Marketing Manager at Palo Alto Networks, joining this month through the acquisition of LightCyber. She has over 10 years of experience in marketing positions at cybersecurity companies including Imperva, A10 Networks, and SonicWALL. She was also the CEO of Menlo Logic and led the company through its successful acquisition by Cavium Networks. She graduated from Duke University.
  • Are Your Security Solutions Simple and Efficient to Use? Recorded: Mar 23 2017 57 mins
    David Morris, Ulf Mattsson and Alex Pezold
    As the adoption of cloud computing increases across many business sectors, your applications ingest and share data generated and stored within and beyond the limits of your firewall. This makes your data blind spots more dangerous than ever—both for your internal data and how customers and clients handle their vital information outside your cloud systems. To protect your business, you need a balanced approach to security—combining compliance, responsiveness, and engineering without sacrificing usability and agility.

    Join this presentation to learn how your security solutions measure up when it comes to simplicity and efficacy.
    - Do you know what data you have, where it is, and how to protect it?
    - Do your data security solutions work seamlessly inside your environment? Are you able to secure multiple business units, ERP’s, etc.?
    - Does it play nice with fraud prevention, analytics, data sharing, etc?
    - Does your data security solution achieve PCI compliance as promised?
    - Does your data security solution secure ALL data sets that are a threat to your organization?
  • BrightTALK at RSA 2017: Chenxi Wang on Diversity and the Future of Cyber Warfare Recorded: Mar 23 2017 11 mins
    Chenxi Wang, Founder of The Jane Bond Project & Josh Downs, Community Manager, BrightTALK
    BrightTALK caught up with Chenxi Wang, Founder of The Jane Project and Twistlock's Chief Strategy Officer for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

    Topics up for discussion:

    - The Yahoo Breach and some of her suspected reasons why
    - The influence of the supposed Russian US election hack and what it means for cyber warfare
    - Diversity in the cyber industry and how it can be improved
    - AI & Machine learning and use cases for security
    - The key vulnerabilities in IoT networks that we should be thinking about
  • #Vault7 Happened. There’s No Going Back. Now What? Recorded: Mar 22 2017 60 mins
    Tony Busseri/Route1, Nick Bilogorskiy/Cyphort, Darin Andersen/CyberTECH, Jonathan Dambrot/Prevalent, James Carder/LogRhythm
    It's alleged that the CIA developed tools designed to spy on people, taking advantage of weaknesses in smart connected devices such as smart phones, smart TVs, smart personal assistants, and other household IoT technologies.

    In this discussion, we do a walk-through of what happened, what didn't happen, what systems and devices are impacted, and what data is involved in the leaks. Most importantly, we'll get some insight into what the larger societal impact of this could be.

    Join us for this in-depth conversation to learn:
    - Where stuff broke down.
    - Who is impacted, how are they impacted, and what’s at risk.
    - What the government can do to help.
    - What the commercial InfoSec community can do to help.
    - What consumers need to know to help (protect) themselves.

    Darin Andersen, Chairman & Founder, CyberTECH
    Nick Bilogorskiy, Sr. Director of Threat Operations, Cyphort
    Tony Busseri, CEO, Route1 Inc.
    Jonathan Dambrot, CEO & Co-Founder, Prevalent
    James Carder, CISO & VP of LogRhythm Labs

    Sean Martin, CISSP, Founder and Editor-in-Chief, ITSPmagazine
  • WikiLeaks Vault 7: Facts, Fiction & Implications Recorded: Mar 22 2017 61 mins
    Vince Tocce (Vince in the Bay), Jake Kouns (Risk Based Security), Kenesa Ahmad (WISP)
    Wikileaks recently published a throve of documents, "Vault 7 Year Zero", which they claim expose a wide-ranging hacking tools used by the Central Intelligence Agency (CIA). If true, these cyber-weapons include malware that targets Windows, Android, iOS, OSX and Linux computers as well as internet routers. In some cases, it might use smart TVs and other IoT devices in cyber surveillance and espionage.

    Join this panel discussion and find out more about the Vault 7 leak:
    - Truth / Fiction
    - How likely are you to get hacked
    - Security and privacy implications
    - Long-term effect across the tech industry and its relationship with government agencies

    Vince Tocce a.k.a. Vince in the Bay

    Jake Kouns, CISO of Risk Based Security
    Kenesa Ahmad, Chair of Women in Security and Privacy (WISP)
  • The Advantages of User ID/Awareness in Public Sector Network Security Recorded: Mar 21 2017 32 mins
    Neil Mantle - Systems Engineer - Palo Alto Networks
    To serve their citizens, federal/national, state and local governments must gather, create, or process sensitive information. As various high-profile breaches have demonstrated, this data is not sufficiently protected, particularly from the insiders whose actions are responsible for the majority of public sector security incidents. Traditional network security focuses on detecting outsiders attempting to steal data or disrupt network operations, but does little to monitor or limit the actions of legitimate users that make mistakes or deliberately misuse data. User and directory controls verify legitimate users, but they won't prevent accidental disclosure of sensitive data, exfiltration of sensitive data by legitimate users, or insiders with stolen credentials from accessing data. Preventing security incidents and protecting government information requires a comprehensive, organization-wide access approach that can accommodate the context of individual users, the data they need access to, and the limits on what they can do with that data.

    The Palo Alto Networks Next-Generation Security Platform prevents security incidents while fully enabling user productivity by granting access contextually to those who need it, and denying it to all others. This, coupled with denying all applications that are not needed by the organization, immediately reduces a government organization’s threat posture. Join us to learn more.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Why visibility is a crucial part of any security strategy
  • Live at: Sep 7 2016 2:00 pm
  • Presented by: Peter Smith, Regional Sales Manager - Europe & Russell McDermott, Sales Engineer, Netwrix
  • From:
Your email has been sent.
or close