Hi [[ session.user.profile.firstName ]]

Are Virtual Desktops More Secure?

Everyone says to virtualize your desktops and you will be more secure, but is that really the case, we will look into the concept around 'more secure' with why this could be and most likely is not the case. Can it be more secure, perhaps, is it? The reality is a bit less than people realize and could open the door to more risk.

Edward Haletky provides Virtualization, Virtualization Security, Network Security, Secure Coding Consulting and Courseware as well as Linux Security and Application Development.

* Author of "VMware Virtual Infrastructure Security: Securing the Virtual Environment" and "VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers", published December 2007, Copyright 2008 Pearson Education.

* Guru and moderator for and participant in the VMware Community Forums.

* Moderator for the Virtualization Security Podcast held every other week on thursday.

* Analyst and Managing Director for The Virtualization Practice, LLC.

* Participant in the VMware VMTN Communities Roundtable Podcast held every wednesday.

* Blogs about Virtualization on his own Blog, Blue Gears, as well as for the Virtualization Practice and TechTarget.

* Writer for various online and physical magazines.

* Virtualization Security
* VMware Virtual Infrastructure
* Network Security
* Secure Coding
* Linux Security
* Linux Application Development
Recorded Nov 10 2011 48 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Edward Haletky, Managing Director, The Virtualization Practice
Presentation preview: Are Virtual Desktops More Secure?

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Data De-identification: Protecting Privacy While Preserving Utility Jan 23 2020 6:00 pm UTC 45 mins
    John Noltensmeyer, Head of Privacy and Compliance Solutions, TokenEx
    As organizations evaluate their de-identification and data minimization practices to satisfy an expanding landscape of regulatory obligations there are a number of factors to consider. Various technologies will be considered as part of a data-centric security strategy for de-identifying and securing sensitive information such as statistical tools, cryptographic solutions, suppression, pseudonymization, generalization, and randomization. Further, we will examine the capability of these technologies to preserve business utility within a Zero Trust data security model.

    Listen to this session and you will take away:

    • An understanding of the definition of de-identification as it relates to international and industry privacy regulations, including the difference between pseudonymization and anonymization
    • A strategy for balancing privacy and security concerns with business needs, such as evaluating and prioritizing risk
    • How various methods of de-identification can help meet the privacy requirements of applicable compliance obligations
  • When Privacy Compliance "Gets Stuck": Dos and Don'ts of Privacy Operations Jan 22 2020 10:00 pm UTC 45 mins
    Adrienne Allen, Head of Security GRC and Privacy, Coinbase
    Companies today are increasingly aware of their privacy compliance obligations, including the emerging requirements from recent regulations like GDPR and California's CCPA. Most companies that invest in a privacy compliance uplift spend time on policy revisions, data subject rights tooling, training, and data discovery. But after the first rush of compliance activities, the challenges of privacy operations evolve:

    - How do you get beyond point in time compliance into managing repeatable processes?
    - What existing teams and operations should privacy leverage right away, and how should this change over time?
    - How do you prioritize updates to your data subject rights tooling, whether you've custom built or outsourced?
    - How do you avoid privacy fatigue?

    This webinar will cover common areas where privacy compliance can "get stuck," and discuss ways to successfully operationalize a growing privacy program at the speed of business.

    Presenter Info: Adrienne Allen, Head of Security GRC and Privacy, Coinbase
  • Offensive vs Defensive Security Jan 22 2020 8:00 pm UTC 60 mins
    Rhonda Bricco (UnitedHealth Group), Mary Diner (Optum), Deb Doffing (Optum), Sue Perkins (Optum), Cat Goodfellow (Optum)
    US Cyber Command has undergone a significant shift in strategies away from defense and deterrence to engagement and forward disruption. We’ll discuss whether offensive cyber actions deter or invite retaliatory attacks, impacts to private industry (both positive and negative), and whether enterprise security offices should take offensive measures and if so – how far should we go?
  • Data Privacy in 2020 and Beyond Jan 22 2020 4:00 pm UTC 60 mins
    Panelists TBA
    Is your organization aware of the main differences in data regulations around the world?

    Join this panel of industry leaders for an interactive Q&A roundtable to get a comprehensive look into the different data privacy and security requirements. The panel will also discuss what to expect in 2020 and beyond.

    Viewers will learn more about:
    - What's new on the data privacy and compliance landscape
    - Main differences between data regulations around the world and what this means for your organization
    - Expert recommendations regarding best tools and practices for achieving and maintaining compliance
    - The future of data privacy
    - What to expect in 2020 and beyond
  • What to expect in 2020: Regulatory Compliance in Privacy & Cybersecurity Jan 21 2020 10:00 pm UTC 45 mins
    Kevin Kim, CIPP/C, CIPT, CIPM, FIP former Chief Privacy Officer, Canadian Western Bank Financial Group
    The General Data Protection Regulation (GDPR) has been making far more influence on the privacy landscape online than expected since its enactment by the European Union (EU) on May 25th, 2018.

    Google and Facebook, two of the most powerful digital platforms, were heavily scrutinized and penalized with hefty fines for their non-compliance in the European market. GDPR has also driven many countries, such as Japan, Brazil, and South Korea, to follow suit by strengthening their privacy laws. All 50 states in the United States have also joined the camp by amending their privacy laws - albeit to varying degrees - to make privacy breach reporting mandatory.

    Most notably, the State of California developed its own GDPR-style privacy law called “California Consumer Protection Act” (CCPA) and will enact in January 2020. Moreover, two federal privacy bills were recently submitted to the Congress aiming to be the very first federal-level, comprehensive privacy law in the U.S. Canada is no exception in this privacy-aware trend. The ruling liberal party made clear that modernizing privacy legislation to protect citizens online will be one of the party’s priorities.

    This presentation will talk about current trends in privacy field in terms of regulatory requirements in the U.S., Canada, and Europe, discuss what to expect in 2020, and what to do to make sure that all the organizations and institutions are compliant with applicable laws and regulations in their jurisdiction.
  • Balancing Data Privacy & Security in 2020 Jan 21 2020 6:00 pm UTC 60 mins
    Dr. Christopher Pierson | Shahrokh Shahidzadeh | Michelle Drolet | George Wrenn
    How has the compliance landscape changed in 2020? Is your organization aware of the main differences in data regulations around the world?

    Join this panel of industry leaders for an interactive Q&A roundtable to get a comprehensive look into the different data privacy and security requirements. The panel will also discuss what to expect in 2020 and beyond.

    Viewers will learn more about:
    - CCPA is now in effect and what this means for you
    - The main differences between GDPR and CCPA
    - Best tools, practices, required policies and cultural game changers for commercial and government environments
    - Other data regulations on the horizon
    - Recommendations for 2020

    - Dr. Christopher Pierson, CEO & Founder, BLACKCLOAK
    - Shahrokh Shahidzadeh, CEO, Acceptto
    - Michelle Drolet, CEO, Towerwall
    - George Wrenn, CEO & Founder, CyberSaint Security

    This Q&A panel is part of Privacy Month.
  • Data Privacy in 2020: Data Management for a Multi-Regulation Environment Jan 21 2020 6:00 pm UTC 45 mins
    Primitive Logic
    When GDPR first arrived, some companies addressed it by implementing data privacy measures solely for their EU data subjects — only to have to go through the same exercise for California residents when CCPA came along. With major data privacy laws now in effect on both sides of the Atlantic and more on the way (possibly including U.S. federal legislation), organizations must adopt a holistic approach to managing personal data in an ethical, compliant manner.

    Join the data privacy experts from Primitive Logic to explore data management strategies for achieving and maintaining readiness for CCPA, GDPR, and other current and future privacy regulations.

    You will learn:

    - Why traditional master data management (MDM) can lay the groundwork for multi-regulation readiness, but won’t make you compliant on its own
    - How to address common threads in data privacy legislation while maintaining flexibility to adapt to future requirements
    - How to build a single source of truth for personal data as a cornerstone of your data privacy strategy
    - Governance strategies for adapting to “triggers” in maintaining data privacy readiness
  • CCPA Compliance Beyond Deadline Day Jan 21 2020 5:00 pm UTC 60 mins
    Guy Cohen | Lisa Hawke | Joanne Furtsch | Laura Koulet
    On January 1st 2020, the California Consumer Privacy Act (CCPA) is going into effect. Are you familiar with the CCPA's privacy requirements? Is your organization ready for the most far-reaching data privacy regulation in the U.S. to date? 
    Join this panel of privacy experts for an interactive Q&A session to learn more about how CCPA will impact your organization, as well as dive into the main differences between CCPA and GDPR.
    - The CCPA privacy requirements- CCPA checklist beyond deadline day
    - Data mapping: how and why it is important for CCPA and GDPR
    - Data Subject Access Requests 
    - Other key similarities and differences between GDPR vs. CCPA
    - The future of privacy and compliance in 2020 and beyond

    - Guy Cohen, Strategy and Policy Lead, Privitar
    - Lisa Hawke, VP Security and Compliance, Everlaw
    - Joanne Furtsch, Director, Deputy Data Governance Officer, TrustArc
    - Laura Koulet, Vice President, Head of Legal & Privacy, Tapad
  • A Practical Approach to FFIEC, GDPR & CCPA Compliance Jan 21 2020 4:00 pm UTC 60 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    With sensitive data residing everywhere, organizations becoming more mobile, and the breach epidemic growing, the need for advanced data privacy and security solutions has become even more critical. French regulators cited GDPR in fining Google $57 million and the U.K.'s Information Commissioner's Office is seeking a $230 million fine against British Airways and seeking $124 million from Marriott. Facebook is setting aside $3 billion to cover the costs of a privacy investigation launched by US regulators.

    This session will take a practical approach to address guidance and standards from the Federal Financial Institutions Examination Council (FFIEC), EU GDPR, California CCPA, NIST Risk Management Framework, COBIT and the ISO 31000 Risk management Principles and Guidelines.

    Learn how new data privacy and security techniques can help with compliance and data breaches, on-premises, and in public and private clouds.
  • STORAGE LIMITATION under GDPR: Overcoming compliance challenges in 2020 Jan 21 2020 1:00 pm UTC 45 mins
    Virgilio Cervantes, Data Protection Compliance Manager, Countrywide PLC
    The GDPR principle of storage limitation determines that personal data must be erased (or anonymised) when 'no longer necessary'.

    As such, data controllers must embed appropriate technical and organisational measures into operations, to allow for the periodical review of personal data and to the erasure (or anonymisation) of any 'non-necessary' data, thus achieving compliance with GDPR's data storage requirements.

    An overview on the impact of the 'storage limitation' principle on organisations' operations will be undertaken, considering:

    - Storage limitation (structured, unstructured data);
    - Data minimisation (data collection, data hygiene);
    - Time limitation (retention policies, procedures and time schedules);
    - Risks of non-compliance (Data subject rights, data breaches).

    This session will thus provide a holistic and pragmatic framework-based approach to storage limitation and its ongoing compliance.

    Virgilio Lobato Cervantes holds an LLB Honours degree in Law and a Master of Arts degree in International Tourism and Aviation Management. He is a certified Data Protection Officer by the University of Maastricht (ECPC-B DPO). Currently pursues a Doctorate degree in law at the University of Reading. Virgilio’s research focus is in EU data protection and privacy law.

    England and Wales Qualified Paralegal Lawyer, member of the Professional Paralegal Register (PPR Tier 3) and the Institute of Paralegals (Q.Inst.Pa.), specialised in Data Protection and Privacy Law, Virgilio presently takes on the role of Data Protection Compliance Manager at Countrywide PLC, the UK’s largest property services group.
  • How will Quantum Computing Impact Cryptography? Jan 17 2020 9:00 pm UTC 60 mins
    Sadaf Syed, Software Engineer at Cisco
    Quantum computing is the next generation of computing that utilizes quantum physics using typically subatomic particles, quantum bits (quits), which can exists in a continuum of states between 1 and 0 until observed. It is exponentially faster than the classical computing in solving certain problems. There are quantum computing prototypes already available as cloud services. With quantum computing becoming a near-future reality, where does the future of cryptography stands? Is our data and security under threat in the quantum computing era?

    About the presenter:
    Sadaf Syed is a software engineer at Cisco working on the Firepower Next Generation Firewall (NGFW). She has MSc in Electrical and Computer Engineering from the University of Texas at Austin. When she is not coding, she likes to look up at the stars and photography the night sky. Her interest in astronomy and physics, along with her security background excites there to research Quantum Computing.
  • PCI Dream Team: Ask Us Your Toughest Questions [Part 8] Jan 14 2020 6:00 pm UTC 60 mins
    Ben Rothke | David Mundhenk | Jeff Hall | Arthur Cooper "Coop"
    The PCI Dream Team is back for another interactive Q&A session.

    Join us with your toughest questions and learn more about the various Payment Card Industry (PCI) standards and requirements, with a focus on PCI DSS v4.0.

    Our panelists are some of the top PCI QSA’s in the country, with decades of combined PCI and card processing experiences. They’ve seen it all: the good, bad and ugly; and lived to tell the tale.

    Join Ben Rothke, David Mundhenk, Arthur Cooper, and Jeff Hall for an interactive Q&A session, and get answers to your most vexing PCI questions. No PCI question is out of bounds.

    - Ben Rothke, Senior Information Security Specialist at Tapad
    - David Mundhenk, Senior Security Consultant at Herjavec Group
    - Jeff Hall, Senior Consultant with Online Business Systems
    - Arthur Cooper "Coop", Senior Security Consultant at NuArx
  • The Top 20 Security Predictions for 2020 Jan 8 2020 6:00 pm UTC 60 mins
    Dan Lohrmann (Security Mentor, Inc.) | Marija Atanasova (BrightTALK)
    Every year the top security companies, industry thought-leaders and tech media publications come out with their predictions for the coming year. And every year Dan Lohrmann publishes his roundup of these security industry reports, forecasts and trends.

    This BrightTalk webinar will dig into the 2020 report in detail. (Note: This year’s report to be released in mid-December).

    There is huge career value for technology and security professionals who understand where the cybersecurity industry predictions, and you can read about those benefits in this CSO Magazine article: https://www.csoonline.com/article/3021951/why-more-security-predictions-and-how-can-you-benefit.html

    In addition to counting down (and referencing) the top 20 security prediction reports from the leading vendors, this webinar will examine:
    - Where is there agreement on what’s coming next?
    - Where is there major disagreement?
    - Where will cyberattacks come from next?
    - Which vendors have the best reports (and why)?
    - Who are the award-winners for most creative, most likely, most scary and other security industry predictions?

    We will discuss security and tech predictions on AI, autonomous vehicles, cloud solutions, cyberthreats, ransomware, IoT, malware, multi-factor authentication, business priorities, data breaches, spending, new vulnerabilities to watch for, mobile threats, 5G, new announcements, major security incidents, government contracts, election security, attacks on global events (like the 2020 Olympics), cyber incident response and much, much more.

    At the end, we will take your questions on all of this, and may even ask you to vote for your favorite predictions (or offer one of your own to share.)

    Join us.
  • Threat Hunting - An Introduction Dec 19 2019 6:00 pm UTC 75 mins
    David Morris, Reid Eastburn and Skeet Spillane
    This Session will be the first in a series on Threat Hunting. This kick-off session will introduce the concept of Threat Hunting as there is a lot of confusion about this important activity. Specifically, we will cover what it is, how it is performed, its’ role and some of the best Tools to use as a Threat Hunter.
  • Taking a Global Look at Market Access Requirements in Cybersecurity Landscape Dec 17 2019 7:00 pm UTC 60 mins
    Samantha Symonds, Security & Trust Cybersecurity Advisor for Cisco Systems
    In this talk, we will discuss the portion of cybersecurity known as ‘market access’. We will dive into what market access requirements are and what they mean for cybersecurity professionals as well as to the world. We will go over the different types of market access requirements as well as discuss from a geopolitical standpoint where cybersecurity is moving in this space and what we are expecting to happen in the near future.

    We will breakdown the most common/popular market access requirements and discuss the security domains that are tested as well as the most common security best practices covered. We will cover both the differences and similarities in cloud and on-premises based cybersecurity market access requirements as well as go into the different cybersecurity requirements per business need (i.e. financial, medical, etc.).

    We will also go through who specifically is involved in influencing and creating these global market access requirements, the specific technical and business requirements that go into these regulations, the specific types of businesses, users, or governments affected, as well as what these market access requirements satisfy in the global cybersecurity landscape, and what they are lacking in the current market. We will map out the global viewpoint of cybersecurity market access certifications, attestations, regulations, and accreditations as well as dive into what the typical engagement process looks like, and how the overall cybersecurity posture of what is being tested is determined.

    In summary, this is meant to be a technical discussion on cybersecurity certifications/attestations/regulations/accreditations from the global perspective to take a deeper look at what we are seeing from different countries and where we are seeing trends emerge from key influential regulating bodies. Some market access requirements we will go into are ISO 27001, SOC2, C5 (Germany), SecNumCloud (France), R226, Common Criteria, and many more.
  • [Earn CPE] Critical Steps to Manage CCPA Compliance and Risk in 2020 Dec 17 2019 6:00 pm UTC 75 mins
    Panelists: K Royal, TrustArc; Ilia Sotnikov, Netwrix, Dr. Else van der Berg, Datawallet; and Harold Byun, Baffle.
    The California Consumer Privacy Act of 2018 (CCPA) is arguably the most expansive privacy law in U.S. history and will become enforceable in just a matter of months. The CCPA introduces new privacy rights for consumers and will force companies that conduct business in the State of California to implement structural changes to their privacy programs.

    The new rights given to California consumers are similar to the rights provided in the European Union’s General Data Protection Regulation (GDPR). The CCPA also subjects non-compliant businesses to expensive fines, class-action lawsuits, and injunctions.

    On this webinar, we will examine the impact of the CCPA, answer your burning questions, uncover the CCPA’s nuances, and address its ambiguities and challenges. We will also include strategies for creating compliance programs in the midst of the unknowns, and a strategic action plan for businesses to become compliant.
  • What I learned at the Infosecurity ISACA North America Conference 2019 Dec 17 2019 5:00 pm UTC 60 mins
    Ulf Mattsson, Head of Innovation, TokenEx
    The 2019 Infosecurity ISACA North America Expo and Conference was held in New York City’s Javits Convention Center on November 20-21. With more than 50 sessions spanning 5 tracks, this conference offered the best-in-class educational content ISACA members and certification holders depend on, plus unprecedented access to leaders in the security industry.

    Join Ulf Mattsson, Head of Innovation at TokenX for a conference recap webinar on the biggest takeaways from this year's event.
  • “RIPlace” - Does It Make Ransomware Unstoppable? Dec 12 2019 8:00 pm UTC 45 mins
    Nir Gaist, Founder and CTO of Nyotron
    Remember WannaCry - the ransomware attack that two years ago infected Windows devices across 150 countries and resulted in an estimated damage of $4B?. We now know that WannaCry was completely preventable. Microsoft had issued a patch two months prior to the attack. If you think WannaCry was bad, brace yourself: We have discovered a technique that attackers may use to deliver ransomware that most organizations have no way to detect or prevent.

    This webinar will cover a Windows evasion technique called “RIPlace” that, when used to maliciously alter files, bypasses most existing ransomware protection technologies. In fact, even Endpoint Detection and Response (EDR) products are blind to this technique, which means these operations will not be visible for future incident response and investigation purposes.

    The technique leverages an issue at the boundary between a Windows design flaw and improper error handling of an edge-case scenario by filter drivers of security products. While not a vulnerability per say, the technique is extremely easy for malicious actors to take advantage of with barely two lines of code. RIPlace abuses the way file rename operations are (mis)handled using a legacy Windows function.

    We will review existing ransomware detection methods, the workflow of a typical ransomware and provide a live demo of RIPlace bypassing a number of anti-ransomware technologies.

    Presenter: Nir Gaist, Founder and CTO of Nyotron.
    Nir Gaist is a recognized information security expert and ethical hacker. He has worked with some of Israel’s largest public and private sector organizations, such as the Israeli Police, the Israeli parliament and Microsoft’s Israeli headquarters. He also wrote cybersecurity curriculum for the Israel Ministry of Education. Nir holds patents for the creation of a programming language called Behavior Pattern Mapping (BPM) that enables monitoring of the integrity of the operating system behavior to deliver threat-agnostic protection.
  • Inclining SIEM for 2020 Recorded: Dec 12 2019 40 mins
    Geethanjali Natarajan and Saumya Saxena, Sennovate Inc
    In today's world of IT, a robust safeguard service is required for identifying and managing applications from a single point to spot trends and see patterns that are out of the ordinary. SIEM (System Information and Event Management) is a managed security service used to gather information from end-user and even specialized security equipment like firewalls and antivirus systems. Security information and event management (SIEM) software gives security professionals both insight into and a track record of the activities within their IT environment.

    While SIEM technology has been around for more than a decade, it’s become a critical component of a comprehensive security strategy in today’s threat environment.

    Topics for discussion include:
    - Evolution of SIEM.
    - Best practices from expertise.
    - Next generation SIEM – UEBA and SOAR
    - SIEM solutions for some common SOC pains.
    - Integrating AI and ML.

    Geethanjali Natarajan, Security Solutions Lead at Sennovate Inc
    Saumya Saxena, Software Engineer at Sennovate Inc
  • Breach Detection and Response - The whole business challenge Recorded: Dec 12 2019 29 mins
    Ade Taylor, CTO, ITC Secure
    Technical detection is now just the starting point for a series of exercises which will see the entire business work together to identify what happened and to mitigate the results.

    In this session, you will learn:

    - How EDR and MDR are morphing into BDR
    - Why BDR is a challenge for the whole business
    - How technology can help, and how it doesn’t

    In this 30 minute webinar Ade will discuss how the world of cyber-security detection and response is changing, fast. From IT and technical analysts to the CEO via HR, this is a problem for the whole business to solve together.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Are Virtual Desktops More Secure?
  • Live at: Nov 10 2011 3:00 pm
  • Presented by: Edward Haletky, Managing Director, The Virtualization Practice
  • From:
Your email has been sent.
or close