Global Panel: Dissecting Cloud Security Standards

Join Mike Gare to hear more about how to simplify security configuration management and automation for servers.

IBM intention to share the details of a our exciting solution comprising our best-in-class automation and security configuration management capabilities - all leveraging the BigFix platform. That means a single agent, console and server to provide a comprehensive offering for Data Center Ops and IT Security Professionals - all at the lowest TCO.

Michael Gare is a Product Manager with more than 20 years of experience with global organizations including Computerland, Nortel Networks and IBM. Mike has a broad range of experience in Telecommunications, Mobile technologies, Data Center Automation and Cloud Computing. He has performed a variety of leadership roles, all of which, involved working directly with customers.

He is currently a software product manager in IBM responsible for a number of solutions focused on automating the lifecycle management of servers.

In today’s world of advanced persistent threats, security professionals need to implement new methods and strategies to gain the upper hand in protecting their business. Thinking like an attacker isn't really good enough. However, incorporating hacker methodologies & tools will give security teams the situational awareness and intelligence needed to respond quickly to new & previously unknown threats.

Thinking like an attacker isn't good enough, nor are traditional solutions, as smart adversaries already know which technologies they'll disable on your system. However, incorporating the right hacker-like methods and tools can give security teams a new level of situational awareness and context needed to respond quickly to targeted, persistent threats.

Attendees will learn a new approach consisting of four fundamentals: Detect, Remediate, Analyze and Resist. The presentation will provide detailed information including how to:

• Use attacker technology and tools against adversaries to detect their presence on all endpoints
• Incorporate the same stealth techniques that attackers use to remain hidden from you - so you can monitor them
• Leverage forensics at the point of attack to better understand the overall threat
• Use big data analytics to collect and analyze behavioral data across the enterprise

Join us for our Intro to Box series, a monthly discussion of the latest in
the world of enterprise IT, content collaboration, cloud technology, and Box.
We'll cover an overview of Box, how businesses like yours are changing the
way they work with Box and other cloud technologies, and walk through a
demo of the latest and greatest in the product. The sessions will be led by
Box product experts, and you might even get a guest appearance from one of
our fearless leaders.

Advanced adversaries refining techniques hourly against a highly complex and constantly evolving enterprises with a Security team that is overwhelmed at a disadvantage immediately causes a chasm in overall Risk for most organizations. Learn how the best teams create more defensible state through enhanced visibility and advanced analytics in order to reduce the risk gap and quickly close any window of opportunity for an attacker.

Since the 1990’s, data entry-based attacks have been utilized to social engineer credentials from users for network access. There was a period of time when they were forgotten or overlooked by information security teams due to the prevalence of Trojans, worms, DDoS, and other malware attacks. Well, data entry attacks are back in fashion as reported in recent high-profile breaches. This session will provide some history, highlight examples, and demonstrate the latest techniques to develop and detect data entry-based phishing attacks.

As threats have become more complex, so have the tools to mitigate them. Frost & Sullivan Principal Consultant Jarad Carleton and WatchGuard Director of Security Strategy Corey Nachreiner will discuss the pressing need for real-time visibility of critical security parameters, and better manageability of your increasingly numerous and complex IT security tools.

Join Jarad as he explains what IT leaders should look for in security solutions in order to maximize efficiency and productivity—the tools you need to pull the critical information from your oceans of log data.

Corey will then discuss specifics of how you can achieve a unified security environment that provides the focused visibility and simplified management you need.

While understanding the need for Advanced Threat Protection (ATP) is easy, understanding what ATP actually is and how to implement it in your network is a completely different story.  In Network Security, like life, there are very few absolutes.  Relying on only one technology to fight a wide range of threats is not one of them.
 
This webinar will cut through the various claims being made in the market and look at a solution designed with only one objective – to stop Advanced Targeted Attacks from getting into your network.

IT networks are staged for massive changes in 2014. With users and endpoint devices proliferating and with threats to systems and data becoming more sophisticated and pervasive, organizations of all sizes must be prepared for what lies ahead.
 
Attend our  “Top Trends Driving IT Security in 2014” webinar to find out what these trends mean for your IT network, and what you can do to stay ahead of the game.
 
You’ll learn:
•What kinds of attacks to expect from a new generation of exploits
•How botnet operators now cloak their command and control operations
•What types of organizations and platforms will be targeted by ransomware
•Why Near Field Communication capabilities open the door to new exploits
Why traditional security is no longer effective against new, sophisticated threats

Data Encryption has been spoken about for years, but finally ENCRYPTION importance has come front-page. From the recent Snowden NSA Affair to major data breaches at Target, companies now have no choice but to consider securing their data at the source.

This presentation will introduce you to your responsibilities in providing your customers with the Due Diligence (Risk Control and Executive Management Oversight) and Due Care (Continuous Monitoring through Security Practices, Procedures, Policies, Processes and Standards) that their personal data deserves.

Advance Persistent Threats (APT) use unexpected, multiple, time limited and diverse attack vectors. Experience, knowledge and skills all play a powerful role in shaping effective security intervention decisions but without robust understanding of your context, actual network traffic and content you are left relying on making an informed guess which may or not prove to be correct. 

When APT security issues occur network security operations professionals are instantly under pressure from their organization to explain and resolve the problems swiftly. So how fast can you react to a suspected APT security anomaly? And even more importantly, are you giving yourself the best chance of success when you act by ensuring that your actions are informed, appropriate and effective?
 
The capture and examination of network traffic before, during and after an event of interest can provide you the clarity and understanding to make a truly informed intervention and increase your likelihood of an effective outcome. Approaches to capture, indexing, search and recall of captured traffic can vary in cost and complexity, ranging from simple open source software tools to high performance, high fidelity Intelligent Network Recording solutions capable of operating at sustained link bandwidths up to 100 Gigabits per second.
 
Join James Barrett, Technical Director of Endace in this session for network security operations professionals where he’ll  show you how to derive insight and certainty of what’s occurring by using network packet inspection and visualization techniques.

Whilst not every organisation may be a target of an APT, it’s important that all companies large or small understand these attacks as a way to help build stronger defences against the constantly changing threat landscape.
· Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010.
· In 2012 the number of Web based attacks increased by 1/3 with approximately 247,350 Web-based attacks were blocked each day.
· 5291 New Vulnerabilities were discovered in 2012
· Spam accounts for 69% of all email and one in 414 emails are from phishers

All security and IT professional need to understand the new reality classic textbook protections may well not be enough. Join Symantec Website Security solutions to understand how you can protect your websites from vulnerabilities and malware and how SSL can prevent your company and your customers.

BAYAS (Swahili word for 'badness' aka. malware of any kind, shape or form) continue to grow in number as script kiddies, hacktivists, organised crime and nation-state actors use them to deface websites, steal money, engage on cyber-warfare or "simply" to disrupt large businesses or nation-critical infrastructure.

However, malicious software don't exist in a vacuum; any piece of malware is designed to call-back home sooner or later: to download additional malware, to report back to a C&C server or to exfiltrate data. How can Incident Responders detect hidden malware on the network using open-source tools and what patterns do they need to look for? In my webinar, I will share lessons learnt from practical traffic analysis in the field (i.e. predominate communication protocols, current trends, etc.) and present some effective techniques used to filter suspicious connections and investigate network data for traces of malware using tools like Wireshark, Snort and Bro.

About the speaker:
Ismael Valenzuela 13 years years experience in IT security and currently works as Principal Architect at McAfee Foundstone Services in EMEA. Author of security articles for Hakin9, INSECURE Magazine and the SANS Forensics Blog, Ismael also has experience teaching at BlackHat, serves on the GIAC Advisory Board and is a Community SANS Instructor for the Computer Forensics and Intrusion Detection tracks.

He holds a bachelor's degree in computer science from the University of Malaga (Spain), is certified in Business Administration, and holds several professional certifications including. He is Lead Auditor from Bureau Veritas UK.

Some of his articles are freely available at http://blog.ismaelvalenzuela.com.
Mr. Valenzuela can be followed on twitter at @aboutsecurity