Name: Panel Session: Can Data Loss Prevention Get SaaSy?
Start: 2010-08-05T11:00:00Z
End: 2010-08-05T11:48:21.000Z
Location: BrightTALK
Rating: 4

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

This session provides practical advice to establish cybersecurity metrics, Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs). We begin with an explanation of the differences between them and why each are needed. Examples of how to design metrics, KPIs and KRIs are provided. Areas of focus include cybersecurity measurements for all organizations, for processes & functions and in alignment with a control framework. The end game is to measure if processes and controls are functioning as designed.

We also walk through tips for communicating new metrics and go-to-green updates for metrics in red or yellow status. The session includes 22 metrics and seven resources for many more. All of this saves time and can assist with enhancing your program.

About the speaker:
Gideon Rasmussen is a Cybersecurity Management Consultant with over 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (CISO), PCI - Payment Card Security, Third Party Risk Management, Application Security and Information Risk Management. Has diverse cybersecurity industry experience within banking, insurance, pharmaceuticals, DoD/USAF, state government, advertising and talent management. Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences). He is certified in many programs including CISSP, CRISC, CISA, CISM, CIPP, ITILv3, and NSA-IAM.

Cybersecurity Metrics, KPIs and KRIs

Spreading operations across more than one cloud enables organizations to choose from a variety of cloud services to cut costs, improve operations and improve scalability. However, operating complex environments across multiple platforms requires a comprehensive strategy to handle connectivity, applications, data and security.

In this panel, experts will discuss how organizations can evaluate risks in their own and their cloud service provider environments, as well as technologies and tools that can assist in achieving a comprehensive strategy.

Join us to learn about:
--Understanding cloud scope across the organization
--Cloud governance frameworks
--Pros and cons of centralizing security access and monitoring controls
--Multi-cloud management and network security analytics platforms
--Cloud security posture management (CSPM) tools that can identify misconfigurations and risks
--Tools for cloud compliance monitoring

Build a Multi-cloud Strategy that Supports Governance and Compliance

Organizations are adopting multi-cloud strategies to leverage capabilities of different cloud security providers (CSPs) and to provide flexibility to software development teams. But this brings up challenges for security teams who are responsible for managing security risk and meeting compliance regulations for workloads and applications running in different environments. In this session, ESG Senior Analyst Melinda Marks explores how to supercharge your security to gain the visibility and control you need to scale security programs for multi-cloud environments.

Supercharge Your Security for Multi-Cloud

Once considered an afterthought in software design, in today's cloud-native, app-centric world, application security must be top of mind. Widespread applications usage over distributed and public networks invites a variety of potential threats. Frequent testing and adherence to application security best practices can limit the possibility of unauthorized code being used to steal, share or modify sensitive user information.

This panel of experts will discuss the importance of a comprehensive application security program that incorporates best practices, threat identification and security testing.

Join us to learn about:

--Potential application threats
--Program requirements for app security
--Implementing app security standards
--Using DevSecOps initiatives to improve security
--Application security testing methods

Moderator:
Jo Peterson VP, Cloud & Security Services at Clarify360 

Panelists:
Stan Lowe, CISO of Synchronoss Technologies
More panelists to join soon!

Update Your Application Security Strategy

Threats like malware and denial-of-service attacks have been around since the earliest days of the internet, and the cybersecurity industry has created generations of threat detection and response tools to identify and remediate them. As security threats continue to evolve and advance, the tools to identify and stop them need to evolve as well.

This panel of security experts will explore how security teams can shift form using reactive to proactive measures, utilizing a host of emerging tools and technologies. Join us to learn about:

--Endpoint-focused technologies such as XDR
--AI's role in reshaping threat detection
--Threat detection and intelligence services
--Security observability tools that improve breach detection
--Using tools within a zero-trust framework to limit vulnerabilities

It's Time to Modernize Threat Detection

Organizations face a constant barrage of cyber threats that could lead to business disruption, intellectual property theft, and reputation damage. But preventing such attacks has become increasingly challenging due to business factors like supporting the remote worker population, connecting IT to third-party partners, and developing new types of applications for digital transformation. 

How can CISOs balance the need for aggressive IT initiatives for business enablement while managing and mitigating cyber risk? ESG Senior Principal Analyst and Fellow, Jon Oltsik, will discuss best practices for cyber-threat and breach prevention that can protect and support the business.

Outwit Attackers with a Proactive Cybersecurity Plan

The social, economic and technological shifts of the past two years prompted cyber attackers to refine their methods, becoming more sophisticated and aggressive. This resulted in the business community suffering a series of high-profile attacks with far-reaching repercussions. Threat actors continue to exploit vulnerabilities across endpoints and cloud environments, and are ramping up use of stolen identities and credentials to bypass legacy defenses.

This panel of security experts will discuss the top threats of the moment and look toward what to expect in the next 12 months. They'll provide best practices and recommendations for security measures that can offer the best level of defense.

Join us to learn about:
--The most prevalent attacks today
--Emerging attacks that will threaten your business tomorrow
--How to take a proactive approach to threat detection
--How to prepare for continued global disruption

The Cyber Threat Landscape: Get Ready for 2023

In this session, we will detail how to re-calibrate your CISO strategy to gain traction in your enterprise domain and change the executive perception to accelerate business.  

Key Takeaways:
• Establish the fundamentals.
• Enable a simple message.
• Harden your ecosystem.

Re-calibrate Your CISO Strategy

As the methods and practices used to attack digital assets become more refined, the security tools to combat the threats must evolve, shifting from reactive to proactive methods. This change means security teams must learn about and assess a slew of acronyms, including endpoint detection and response (EDR), network detection and response (NDR), managed detection and response (MDR) and extended detection. and response (XDR). They also must consider new methods for addressing and preventing alert fatigue, such as using AI or cloud-based services.

In this panel, experts discuss the types of endpoint detection and response available and how to tease out which is best for your organization.

Join us to learn:
--Why EDR alone is not enough
--How to inventory your endpoints and their protection needs
--How to evaluate MDR options including MEDR, MNDR and MXDR
--The difference between hybrid XDR and native XDR
--Operational benefits of XDR
--How SIEM and SOAR compare with XDR

Unpacking Endpoint Detection and Response

Endpoint protection alone used to be good enough for companies. But now we have too many alerts, from too many systems along with “the Fog of More” making it more difficult to locate and address security threats. 

How do you cut through all these alerts to pinpoint real threats to your environment? Can MDR or XDR actually help you focus on what is important or are these just buzzwords? In this session, we will review real world examples to see how MDR helped a small security team focus their limited time available to cut through the fog and effectively address the critical alerts and incidents in their environment.

Cutting through the Fog of More: Use MDR or XDR to Find Real Threats

Cybersecurity megatrends -- including zero trust, XDR, a pandemic-induced increase in remote workers, and the move to public cloud -- are influencing the way organizations think about endpoint security. These megatrends add new requirements for endpoint security, while requiring new levels of integration with other core security controls. Further influencing endpoint security strategies is the massive growth and device diversity driven by both mobile and IoT device usage.

In response, IT and security teams are thinking differently about endpoint security platforms, what they must include, and how they fit into the broader security stack. ESG Principal Analyst Dave Gruber will discuss strategies and best practices for modern endpoint security to secure this growing attack surface.

Adapt Your Endpoint Security Strategy

Cyberattacks against healthcare jumped 42% in 2020 and another 35% in 2021. 

Successful cyberattacks disrupt healthcare operations, delay access to clinical services, and lead to significant economic loss. Stolen patient records can be used to commit fraud and identity theft, disrupting patients’ personal lives. 

Medical information is an attractive target because it has high economic value on the black market. 

If you are interested in protecting patients and the healthcare organizations that serve them from cybercriminals, join WiCyS Strategic Partner, Optum, to learn about the career opportunities in healthcare cybersecurity.

Cybersecurity Careers in Healthcare

Cloud-native applications are proliferating in even the most traditional IT environments, but the ability to secure these applications and environments has fallen behind. This panel discussion will explore how to make sense of the confusion between cloud security solutions natively included in IaaS providers, Cloud Security Posture Management, and cloud workload protection, especially in light of the increased skills shortage.  We will also explore the increased overlap between security and infrastructure teams during a cloud migration, why organisations struggle with continuous compliance during cloud migration.

Moderated by: 
Melinda Marks, Senior Analyst, ESG

Featuring:
Markus Strauss, Head of Product Management, Runecast
Matt Hathaway, Chief Strategy & Marketing Officer, TrueFort

Securing the Cloud in 2022 and Beyond

Extended detection and response (XDR) capabilities can enable security teams to respond to threats quicker. This is extremely critical today given the increase in ransomware attacks – but organisations need to know what to look for when it comes to platforms and problems, too. This panel discussion will explore cybersecurity predictions for the near future, how organisations can stay ahead of what’s coming, the evolution in ransomware and machine learning, and much more.

Staying Ahead of Ransomware Attacks

Traditional application security tools are not solving today’s problems and traditional tools can create more problems than they solve. False positives are all too common and overwhelming and they can also be as time consuming as actual attacks. Join this discussion to gain insights on how you can use modern security strategies and tools to help minimize disruption, prevent bottlenecks, and more.

Moving Beyond Traditional App Security Tools

The rise in cloud adoption, remote work, and other digital transformation efforts are forcing organizations to adapt how they are managing network security. This is proving to be challenging considering there is no one-size-fits-all approach to network security. Tune into this panel discussion where experts will provide insights on how organizations can use emerging concepts like SASE, next-gen firewalls and zero trust to help enhance their network security strategy.

Moderated by:
Melinda Marks, Senior Analyst, ESG

Featuring:
Mark Guntrip, Senior Director of Cybersecurity Strategy, Menlo Security
Eyal Webber-Zvik, VP, Product Marketing, Cato Networks

Enhancing Your Enterprise Network Security Strategy

The financial and reputational costs of a data breach can have profound and lasting effects. So, it’s imperative that businesses continually assess the security of their networks and data assets. Join us for this discussion as we explore:

- The value of threat hunting in a modern detection program
- The role machine learning and data science play in threat detection and response automation
- The newest cyber threats, vulnerabilities and breach detection and response insights that will help you to ensure your critical data and assets are protected

Moderated by:
Melinda Marks, Senior Analyst, ESG

Featuring: 
Oliver Rochford, Applied Research Director, Securonix

Building Your Threat Detection and Response Strategy

The primary objective of threat intelligence is to show organisations the many risks they face from external threats. But what are the types of threat intelligence? What are the advantages of this security technology? This conversation with a cybersecurity analyst and industry professional will explore the latest and greatest threats, the various types of threat intelligence, innovation in threat intelligence to achieve even better outcomes, and more.

Leveraging Threat Intelligence in Your Organisation

About the Panel:

Ron Condon has been writing about developments in the IT industry for more than 30 years. In that time, he has charted the evolution from big mainframes, to minicomputers and PCs in the 1980s, and the rise of the Internet over the last decade or so. He has edited daily, weekly and monthly publications, and has written for national and regional newspapers, in Europe and the US. In recent years he has taken a strong interest in information security and is a former Editor-in-chief of SC Magazine.

Dr. Guy Bunker is an Independent Security and Technology Strategy
Consultant with customers across Europe and the Middle East. Guy
worked at Symantec (formerly VERITAS) for more than a decade, where
he was Chief Scientist and was responsible for, among other things,
Symantec’s Cloud Strategy.

Gareth Niblett is the Chairman of the Information Security Specialist Group for the British Computer Society which has over 3,500 members, he writes for the BCS Information Security Now Magazine and organise and speaks at numerous security events. Gareth also provides security, privacy and compliance related consultancy services through Blackarts Limited. Gareth Niblett is Chairman of the BCS Information Security Specialist Group (ISSG), a special interest group with over 3,600 members from BCS, the Chartered Institute for IT, where he is involved in a number of initiatives focused on improving security and safety.

Panel Session: Can Data Loss Prevention Get SaaSy?

Data Loss Prevention

DLPaaS

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Panel Session: Can Data Loss Prevention Get SaaSy?

Presented by

About this talk

More from this channel