Hi [[ session.user.profile.firstName ]]

Application Whitelisting: the Good, the Bad, the Unknown

Join Bloor’s Senior Analyst for Security, Fran Howarth, and Jon Parkes, Vice President, Pre-Sales, McAfee EMEA to learn:

- the role that application whitelisting plays in defending networks against attack through a focus on two key areas—controlling what applications are allowed to run and preventing any unauthorised applications (including malware) from executing
- how to protect systems on the network from configuration changes and mistakes that can allow serious vulnerabilities to be exploited.

Fran Howarth specialises in the field of security, primarily information security, but with a keen interest in physical security and how the two are converging. Fran’s other main areas of interest are new delivery models, such as cloud computing, information governance, web, network and application security, identity and access management, and encryption.
For more than 20 years, Fran has worked in an advisory capacity as an analyst, consultant and writer. She writes regularly for a number of publications, including Silicon, Computer Weekly, Computer Reseller News, IT-Analysis and Computing Magazine. Fran is also a regular contributor to Security Management Practices of the Faulkner Information Services division of InfoToday.

Jon Parkes is responsible for all technical sales operations and solution architects for McAfee in EMEA – helping customers to realise solutions to meet their security and business needs, in an optimal way that balances cost of ownership with security posture. Like other IT functions, the security market is maturing, going through consolidation reflecting customers’ desire for trusted partnership with fewer suppliers. Jon’s twenty-year career has been built around global Enterprise consulting and software, working with some of the world’s largest businesses in many industry sectors, including telecommunications, utilities, financial services and Government, holding regional management positions in both EMEA and Asia Pacific.
Recorded Aug 10 2011 47 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Fran Howarth, Senior Analyst, Security, Bloor Research; Jon Parkes, Vice President, Pre-Sales EMEA, McAfee
Presentation preview: Application Whitelisting: the Good, the Bad, the Unknown

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Data Theft in the 21st Century Sep 8 2016 6:00 pm UTC 45 mins
    Jay Beale, COO at InGuardians
    Cybersecurity expert Jay Beale will provide a State of the Industry look into theft and exposure of huge data sets of PII (personally identifiable information) and PEI (personally embarrassing and exposing information).

    Join this presentation and learn about the recent thefts and the methods of detecting and blocking them.
  • Securing the Future: IoT Is Not About "Things," It's About Data! Sep 8 2016 4:00 pm UTC 45 mins
    Pavan Singh, Vice President and Head of IoT, Covata
    Pavan Singh, VP and Head of IoT at Covata, will be discussing how we should be thinking about data security in the world of IoT. The Internet of Things is dramatically transforming industries and business processes, and will even change the way we live our daily lives. With industry experts predicting anywhere between 20-50 billion connected devices by 2020, the question becomes - how are these devices and systems being connected? What kind of security is available today to ensure privacy and security? The data deluge becomes the next hurdle. Big data technologies are focusing on managing huge amounts of data, but the security and access controls remain the critical challenge. Using three industry case studies - connected cars, DevOps and healthcare - Pavan will discuss why a data centric approach to security is the only way we can truly harness the power of IoT, and protect our most precious asset, our data.
  • Addressing The Challenges of the EU GDPR 2016 Sep 8 2016 1:00 pm UTC 60 mins
    Jonathan Armstrong: (Cordery Compliance), Florian Malecki; (Dell) & Luke Shutler (Absolute Software)
    The webinar will enable you to hear from an independent Legal Specialists on the real challenges and impacts of the EU GDPR and then the webinar will demonstrate how Dell & Absolute can support your business in overcoming these challenges.

    The webinar will focus on:
    • Implement a seamless, connected security strategy that works across the organisation, from device to data centre to cloud
    • Prove that a lost device is inoperable or has had its data completely wiped
    • Gain visibility of data breaches and contain and eradicate threats
    • Eliminate the blind spots between networks, identity and access management, data encryption, endpoint security and security managed services
    • Enable security decisions based on intelligence that takes into account user, content, location and context
  • Shut the Traps: Take the Win out of Recon for an Attacker Sep 7 2016 10:00 pm UTC 45 mins
    Alissa Torres, Senior Security Consultant at Sibertor Forensics
    By the time sophisticated cyber criminals gain access to your network, they may already possess incredible insight into the culture, infrastructure, security and day-to-day operations of your company. How are they able to obtain such information? Reconnaissance is the FIRST stage in remote exploitation performed in a targeted attack and can take place over a period of days, weeks or even years prior to the attacker ever delivering his first phishing email. Just what sensitive information has your company, your employees, your vendors or your customers made publicly available, either knowingly or inadvertently? Though a tweet or social media post may be harmless on its own, in aggregate, a company may suffer a weakened security posture if details such as key individuals, sensitive projects, financial projections and internal politics are disclosed in a public forum.This talk will focus on ways you can access and reduce your online disclosures. Take the "win" out of reconnaissance for the attacker by cutting off his pre-attack intelligence sources.
  • DevOps, Security and PCI - Implementing SCM To Meet PCI Standards Sep 7 2016 7:00 pm UTC 45 mins
    Kevin Eberman, Director of Operations at MineralTree
    Security failures with millions of stolen credit cards have become an all too normal part of the news. The Payment Card Industry (PCI) has issued a standard for companies and service providers for handling credit cards to mitigate the risk of these breaches. Implementing a PCI certified environment requires a coordinated and sustained commitment to security by adopting policies, writing procedures, and an ability to successfully demonstrate compliance during audits.

    A number of PCI standards require the implementation of Server Configuration Management (SCM). SCM is an integral tool of DevOps. It is invaluable for meeting PCI requirements that are technical and need documentation. This discussion will review security challenges, which PCI requirements can be met with SCM and how to successfully implement SCM to meet PCI standards.
  • “If I Wake Evil” - How I Would Attack You If I Turned into a Criminal Mastermind Sep 7 2016 6:00 pm UTC 45 mins
    John Strand, Owner of Black Hills Information Security
    What if I no longer was a white hat? What if I started to hack for fun and profit at other expense?
    How would I do it? Could you catch me? How can you stop me?

    Join this presentation and get a unique insight into the mind of the hackers trying to get into your systems and steal your information. Learn how it can be done, and what are the precautions and preventive measures you can take now to make sure your company is prepared for attack.
  • The PCI Dream Team – Bring Us Your Trickiest PCI Questions Sep 7 2016 4:00 pm UTC 60 mins
    Moderator: Ben Rothke; Panelists: David Mundhenk, Arthur Cooper, Jim Seaman
    With hundreds of different requirements, the various Payment Card Industry (PCI) standards can be overwhelming. While the PCI Security Standards Council has provided lots of answers, the devil is often in the details. Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.

    Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jim Seaman for an interactive session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.

    - Ben Rothke, Senior eGRC Consultant at Nettitude Ltd.

    - David Mundhenk, CISSP, PCIP, QSA (P2PE), PA-QSA (P2PE)
    Sr Consultant at an unnamed GRC consulting firm
    - Arthur Cooper "Coop", Sr Security Consultant at NuArx Inc.
    - Jim Seaman MSc, CCP, CISM, CRISC, QSA, M.Inst.ISP
    Security Consultants Team Lead at Nettitude, Ltd.
  • Are you having a mare with Ransomware? Sep 7 2016 2:00 pm UTC 45 mins
    Paolo Passeri, Consulting Systems Engineer Security at OpenDNS
    Ransomware has become a common and dramatic problem and the recent waves of attacks are demonstrating that new variants emerge each day in what seems an endless arms race where the attackers seem to prevail.

    However, even if the attack vectors are increasingly complex, the attackers cannot conceal themselves as the infrastructures used to launch these campaigns, despite extremely volatile, exploit elements of the internet, such as IP and domains, that cannot be hidden.

    Monitoring large scale data allows to identify these infrastructures, where attacks are staged, and to enforce a new predictive security model particularly effective against Ransomware.
  • Why visibility is a crucial part of any security strategy Sep 7 2016 2:00 pm UTC 45 mins
    Peter Smith, Regional Sales Manager - Europe & Russell McDermott, Sales Engineer, Netwrix
    With a recent increase in high-profile security breaches and compliance violations, traditional security mechanisms, such as firewalls, IDS, and antivirus are no longer enough to defend against external attackers, and insider threats. By having increased visibility into internal changes, configurations, access events, and permissions across the IT infrastructure, organizations can far more effectively defend against such attacks.

    So, please join our local auditing and compliance team from Netwrix, Pete Smith (Regional Sales Manager Europe) and Russell McDermott (Pre-Sales Engineer) and see how Netwrix Auditor can unlock the door into possible breaches in your IT environment.

    From our brief session you will learn:

    • How deeply security breaches and data leaks are really effecting organizations
    • How to protect your data from the insider threats
    • How to have “peace of mind”, and achieve complete visibility of your IT infrastructure
  • Exploring Russia’s Cyber Operations Sep 7 2016 1:00 pm UTC 45 mins
    Dan McWhorter, Chief Intelligence Strategist at FireEye
    Russia has a long history of utilising cyber actions to accomplish their information operations and national security goals. Organisations in Europe – in the private and public sector – are a top target of Russia-based cyber activity for espionage and crime. This talk will cover how some of Russia’s recent cyber actions were conducted, and it will highlight how well Russia has embraced the opportunities cyber provides when it comes to national security and foreign policy objectives. Dan McWhorter, Chief Intelligence Strategist at FireEye, will also discuss why organisations need to take note of these activities in Russia and steps to ensure your organisation is able to defend against these threats.
  • Data Protection 101: Follow and protect your critical data, wherever it lives Sep 7 2016 10:00 am UTC 45 mins
    Sunil Choudrie, Global Solutions Marketing Manager
    When it comes to your sensitive data, how can you be sure that it is protected and none of it is leaving your environment?

    Organizations today face the following challenges:
    •Identifying the type of data that needs to be protected
    •Controlling access to data & ensuring identities aren’t exposed, especially in the face of significant regulatory fines
    •Prevent sensitive data from leaving the organization, mega-breaches & data loss is increasing year on year. Over half a billion personal records were stolen or lost in 2015, spear phishing campaigns targeting company employees increased by 55% in 2015

    Answer: Firstly allow the right people to access the right data, anywhere, by controlling access, monitoring its flow, and keeping it out of the wrong hands. Secondly Easily apply policies to control access and usage―in the cloud, on mobile devices, or on the network.

    Join Symantec for a webinar on the lessons learned regarding data protection across the many applications in your environment.
  • Network security, seriously? 2016 Network Penetration Tests Sep 7 2016 10:00 am UTC 45 mins
    Peter Wood
    The results of all the network penetration tests conducted by the First Base team over the past year have been analysed by Peter Wood. The annual review covers clients in a variety of sectors including banking, insurance and retail. This presentation identifies the most common vulnerabilities, how they can be exploited and the consequences for each business. Learn in detail how criminals can take advantage of these weaknesses and how you can secure your networks using straightforward techniques.
  • Mapping the CYBERscape: Advanced Threat Detection within the Security Ecosystem Sep 6 2016 9:00 pm UTC 60 mins
    Eric McAlpine, Founder & Managing Partner at Momentum Partners and Luis Maldonado, VP of Products at Sqrrl
    Learn about the current state of the cybersecurity landscape and how various solutions, like threat hunting platforms, fit into an effective security ecosystem.

    In this webinar you will learn:
    - The current state of the cybersecurity market
    - What is the CYBERscape: a useful tool to make sense of an increasingly complex cybersecurity ecosystem
    - A breakdown of the advanced threat detection vendor category and how it continues to evolve
    - Solutions to leverage to complement your existing security ecosystem
  • Cyberattack Response & Prevention: Why Traditional Defenses Are Not Enough Sep 6 2016 6:00 pm UTC 45 mins
    Leo Taddeo, CSO at Cryptzone
    Join Cryptzone’s Chief Security Officer, Leo Taddeo, who prior to joining Cryptzone was FBI Special Agent in Charge of the Special Operations/Cyber Division of the New York office, and hear real-world accounts of cyberattack response and prevention.

    Mr. Taddeo's unique perspective blends law enforcement, security, and technology vendor perspectives. His presentation will cover:

    · Top cyber threats facing the enterprise
    · Public/private partnerships and working with law enforcement
    · Why traditional signature and perimeter-based defenses are not enough
  • Using Automation & Orchestration to Strengthen Network Security & Fight Hackers Sep 6 2016 5:00 pm UTC 45 mins
    Sourabh Satish, Co-Founder & CTO at Phantom Cyber
    Limited resources, increased threat surface and incidents, and the overwhelming complexity of technology infrastructures, have made securing the organization more challenging than ever. Learn how security automation and orchestration is helping to address advanced threats, new vulnerabilities, hackers, zero day attacks, vulnerable apps and all the other elements that threaten your organization's network.
  • From Passive to Aggressive: Taking a Surgical Approach to Security Operations Sep 6 2016 4:00 pm UTC 45 mins
    Rebekah Wilke, V-SOC Manager at Raytheon Foreground Security
    For too long, the conventional approach to information security has been to plant people at consoles and have them passively wait for an alarm. When an alert goes off, they are supposed to react and stop the attack. Whether this is done internally or through a managed security provider, the end result is the same – a passive approach to security. Enter V-SOC. A proactive, intelligence-driven and customized approach, specializing in innovations encompassing all flavors of customer engagements and service delivery. Join this presentations and learn:
    - How to be proactive in your approach to security operations
    - How to engage with an MSSP
    - Why you must automate wherever possible
  • Experts show how hackers perform web attacks which kills your site ranking Sep 6 2016 3:00 pm UTC 45 mins
    Leon Brown - Product Marketing, Symantec Website Security & Avishay Zawoznik - Security Researcher, Imperva Incapsula
    After a brief introduction to the world of SEO, we will dive into the different types of web application attacks and manipulations that are made to either degrade your competitor’s ranking or raise your own.
  • 2016 Threat Analysis: Learning from Real-World Attacks Sep 6 2016 1:00 pm UTC 45 mins
    Matt Webster, CTU Security Researcher, SecureWorks
    SecureWorks® incident responders assist hundreds of organisations annually with the containment and remediation of threats during suspected security incidents.

    Visibility of these incidents provides the SecureWorks Counter Threat Unit™ (CTU) research team with a unique view of emerging threats and developing trends. This Threat Intelligence is then continuously provided to clients, arming them with the information they need to stay one step ahead of adversaries trying to compromise their networks.

    In this webcast Matt Webster, CTU Security Researcher, will discuss developments in the threat landscape observed through SecureWorks’ Incident Response engagements from April to June of 2016, including;

    - Key developments of the APT threat
    - Criminal cyber threat trends
    - Developments in Ransomware

    Matt will also discuss observations of how the affected organisations could have better prepared for the threats they encountered.
  • Social Engineering - Are you the weakest link? Aug 30 2016 1:00 pm UTC 60 mins
    Greg Iddon, Technologist, Sophos
    Social Engineering has been around for as long as the crooks have but in a modern online world, running a con game has never been easier. And that’s why we need to be savvy.

    A social engineer can research you on Facebook and LinkedIn; read up about your company on its website; and then target you via email, instant messaging, online surveys…and even by phone, for that personal touch. Worse still, many of the aspects of a so-called “targeted attack” like this can be automated, and repeated on colleague after colleague until someone crumbles.

    Greg Iddon will take you into the murky world of targeted attacks, and show you how to build defences that will prevent one well-meaning employee from giving away the keys to the castle.
  • The GRC Evolution of Digital Enterprises with Convergence of ERM & Cybersecurity Recorded: Aug 25 2016 62 mins
    Colin Whittaker, Informed Risk Decisions; Yo Delmar, MetricStream; Chris McClean, Forrester; Sanjay Agrawal, CIMCON Software
    Cybersecurity has jumped to the top of companies’ risk agenda after a number of high profile data breaches, and other hacks. In an increasingly digitized world, where data resides in the cloud, on mobiles and Internet of Things enabling multitude of connected devices, the threat vectors are multiplying, threatening the firms’ operations and future financial stability.

    Organizations with the ability to view cybersecurity breaches as a risk, with associated probabilities and impacts, can strike the right balance between resilience and protection. By bringing together leadership and capabilities across fraud, IT, cybersecurity and operational risk, organizations can connect the dots and manage their GRC program more effectively. Organizations need to employ a proactive approach to review their existing risk management processes, roles and responsibilities with respect to cybersecurity to re-align them into an overall ERM strategy with boardroom backing.

    Attend this panel webinar, as we discuss these issues and address ways to develop an evolving GRC program to cope with the growing threat landscape.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Application Whitelisting: the Good, the Bad, the Unknown
  • Live at: Aug 10 2011 9:00 am
  • Presented by: Fran Howarth, Senior Analyst, Security, Bloor Research; Jon Parkes, Vice President, Pre-Sales EMEA, McAfee
  • From:
Your email has been sent.
or close