Website Threats: It’s Not All About the Hacker Anymore
Website Security Series Part 3
The external threat landscape is evolving; web-based malware and legitimate website hacking is continuing to fluctuate as we learn and adapt our network defence strategies, or externalise our infrastructure to mitigate risk. However, do these initiatives around protection extend to our customers?
Every organisation has a web presence and increasingly this presence is not just for broadcasting corporate brands and products; it is used to collect and socialise personal information from customers and constituents and process regulated financial transactions.
In this session Symantec will discuss:
- Top threats that target customer identities
- How the Trust model of SSL has survived the last 18 months
- Why the Internet’s top brands are moving to Always-On SSL
- Why not all SSL certificate infrastructures are created equal and how this can influence business growth
- How to manage an expanding cryptography infrastructure effectively
Mike Smart is the Senior Manager of International Product and Solutions at Symantec.
In his role, Mike is responsible for driving Symantec’s Trust Services business across International and emerging markets. He joined Symantec in 2012 from SafeNet where he was Director of Products and Solutions in EMEA.
Mike has a strong history in the SMB and Enterprise IT Security arena and has been at the forefront of introducing new technologies and solutions to the market in areas such as Cloud Security Solutions, Information Leakage Detection and Prevention and Unified Threat Management. Mike is an active member of the UK’s Get Safe Online not-for-profit organisation which provides a leading source of unbiased, authoritative information on protection against fraud, identity theft, viruses and many other problems encountered online.
Simon Bryden, Consulting Systems Engineer, Fortinet
This webinar reviews some of the headline attacks and threat events of 2015, then asks what can be learned from them. After looking at some of the trends and directions that today's attacks are taking, it looks at key challenges facing the enterprise, and how they can be addressed by leveraging the latest developments in security technologies, combined with constantly updated threat intelligence.
Nahim Fazal, Cyber Security Development Manager, Blueliv
With each passing year, the frequency and number of organisations that are hacked increases at a dizzying rate. No industry vertical can ignore this trend. One of the key challenges facing all business is to come to grips rapidly with an ever-changing threat landscape.
How can your organisation understand specifically what threats is being targeted with? In order to answer this question business need to be able to quantify and qualify the threats aligned against them. In essence being able to understand what malicious actor’s know about an organisation and how that knowledge may be deployed in attack campaigns and vectors.
During the course of the webinar session, Blueliv’s Cyber Security Development Manager, Nahim Fazal will present the Blueliv proposal for improving the cyber threat visibility of a business.
- Why the same approach gives the same results
- Actionable intelligence – what does this look like in the real world?
- Reducing your cost and incident response time
The increased complexity and frequency of attacks, combined with reduced effectiveness of detective or preventative control frameworks, elevate the need for organisations to roll out enterprise wide incident response initiatives to ensure rapid containment and eradication of threats.
In this webcast, Don Smith, Technology Director at Dell SecureWorks, describes three organisation’s experience with “APT” actors, examining techniques deployed for intrusion, persistence, lateral expansion and exfiltration.
Don will highlight where changes to the detective or preventative control frameworks could have prevented the attackers from achieving their objectives and outline key steps to building a robust incident response plan.
Webcast takeaways include:
· Real-world examples of APT attacks from the coalface
· The latest tools and techniques that advanced threat actors are using
· Recommendations for preventing and responding to APTs
It’s no secret that there are botnets for hire, groups of computers that can, and are, used against our organizations on a daily basis. But what is the nature of these botnets? What abilities do each of the installed toolkits offer to the attacker? Most importantly how do their capabilities change the defenses necessary to protect yourself?
We’ll cover two of the most recent toolkits that have been seeing wide usage. Learn a little about the people behind the attacks, where the attacks are coming from and what you might expect to see in the near future. You might be a bit surprised at where a lot of the traffic is coming from (hint: it’s closer than you think).
Kai Roer, Creator of the Security Culture Framework
In this webinar I will discuss what security culture is, where it belongs in the organisation, and how good security culture can reduce the likelihood of being breached. I will point to research on culture, human behaviours, and how to motivate people to do the right thing.
Ben Wilson, Senior Director, Product Management, Fortinet
Wireless is now the expected medium of choice for network users. Delivering it successfully can be a challenge especially with multiple different approaches and architectures available. What is right for your organisation? Cloud? Controller? How is it all secured?
This session will discuss 3 main Wi-Fi architecture types, their different advantages, the wired edge, and how to secure it all. Importantly, we will finish with what to consider when making the right choice for your needs.
Darren Argyle, Global Chief Information Security Officer (CISO) for Markit
The use of third parties is unavoidable in today’s global economy. The growing use of third party suppliers and business partners, whilst bringing significant business advantages, also exposes organisations to substantial risk, such as financial loss, reputational damage, regulatory prosecution and fines from major breaches of security. In the last few years we’ve witnessed many of these risks being realised; examples have included major breaches of security and costs to recover escalating into millions of dollars, as a result of the third party supplier being comprised. Changes in regulation, the evolving threat landscape and policy changes globally further complicate matters, generating further risk and expense for business.
Despite considerable efforts from many industries to address these issues, it remains difficult to manage. As well as the risks described, companies perceived as the ‘weakest link’ in the supply chain could end up not having third party contracts renewed. These challenges are discussed in more detail, and some suggestions put forward to help tackle the increasing burden on teams and risk mitigation strategies.
How can companies effectively measure their company’s risk of a data breach? What security metrics are most important when it comes to determining breach risk? How do different types of security compromises, whether botnet infections or brand name SSL vulnerabilities, contribute to an organization’s risk profile? Can you aggregate data to create high-level ratings to measure and report on cybersecurity risk?
Join BitSight’s Chief Technology Officer Stephen Boyer and Senior Data Scientist Jay Jacobs to get these questions answered - and more. This data driven webinar will highlight the extensive analysis that the BitSight Data Science team undertakes to make security signals into concrete risk mitigation actions. Perhaps most importantly, the speakers will give guidance on how security and risk professionals at every level - from the board room to the server room - can drive positive change throughout their organizations.
A recent Forrester Consulting survey revealed that while organizations initially rated all Next Generation Firewall features as high priority during evaluation, only two features were actually used in more than 50% of deployments. Respondents cited configuration challenges, too much noise and slowdown in performance as the primary reasons for using fewer features. In this webcast we will discuss how to get full value out of a next generation firewall:
· Finding an effective, accurate and extensible set of NGFW security features
· Defining, configuring and validating an appropriate set of NGFW policies
· Assessing actual performance of NGFWs
· Monitoring NGFWs on a regular basis
· Responding to the inevitable incident with your NGFW
You're invited to join us on Thursday, Nov. 19, to be among the first to see how ThreatSecure Network, which detects advanced threats and network anomalous behavior, is integrating with Splunk to make powerful big data capabilities a reality for your security team.
The webinar will demonstrate how this integration will enable teams to:
· Decrease the time of incident detection and reporting
· Analyze data and make informed decisions on threat severity via a single interface
· Demonstrate and determine the impact of malware across the network
Richard Sherrard, director of product management, Rogue Wave Software
It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely.
Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016.
In this webinar you’ll learn how to:
-Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts
-Implement controls on OSS usage at your organization
-Create a multitier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis
Barry Fisher, Sr. Product Marketing Manager, Bobby Guhasarkar, Director or Product Marketing
We know that “What happens in Vegas, stays in Vegas” is not a winning network security strategy. Yet how would you know what happens on the Internet when your employees are off the corporate network? If you’re thinking VPN? Think again. Why would employees VPN when they’re working in Office 365 or Google Docs?
We need visibility everywhere. It is the foundation for security. We also need consistent enforcement of our policies and protections. But we’ve lost both these days, now that employees work anywhere, anytime.
OpenDNS Umbrella restores visibility and enforcement easier than any other solution.
Unlike VPN’ing, we do not add latency, hog memory, or burden the end-user.
Unlike endpoint protections, we block threats before the first victim is hit.
Patrick Foxhoven, VP & CTO of Emerging Technologies, Zscaler, Inc.
The holiday season is approaching and for cyber criminals, this period is typically a feeding frenzy to hunt and exploit vulnerable businesses and employees. The statistics are staggering:
– 64% of organizations report an increase in cyber-crime on cyber Monday*
– 30 million malicious tweets are sent daily*
– Phishing links skyrocket by around 336% during Thanksgiving**
– Organizations get hit with losses of about $500k per hour when compromised***
The overall cost to an organization, including damages to reputation and brand, can be as high as $3.4M per hour. And yet, only 70% of companies take extra precautions in anticipation of these higher risks.*** How confident are you that your employees will not be used as a Trojan horse to compromise more sensitive company information?
Join Patrick Foxhoven, VP & CTO of Emerging Technologies, Zscaler, Inc., for a compelling webcast that will address:
– 5 key ways cyber criminals will target your employees and infiltrate your organization
– Key insights into holiday activity from Zscaler’s Security-as-Service platform
– Tell-tale signs that you have been compromised
– Guidelines and best practices to stay safe this holiday period
*Inc. - How Hackers Will Attack on Cyber Monday
**Huffington Post Tech - Five Ways You'll Be Hacked on Cyber Monday
***Computer Business Review - Cyber Monday attacks could cost organizations up to $3.4m per hour
Araldo Menegon Vice President & Global Managing Director, Financial Services Fortinet & Johna Till Johnson CEO, Nemertes
Enterprise architects sometimes shy away from internally segmentation data centers out of concerns over performance and agility. But implementing internal segmentation need not involve a performance hit. Learn how to approach internal segmentation, including how to avoid the most common pitfalls, and how to integrate segmentation into your broader security strategy. And most of all, learn why you can’t afford not to segment: the benefits it provides in terms of control, compliance, and protection.
Bob Plumridge, SNIA Europe Board Member; Eric Hibbard, Chair SNIA Security TWG, Alex McDonald, Chair, SNIA Cloud Storage
Governments across the globe are proposing and enacting strong data privacy and data protection regulations by mandating frameworks that include noteworthy changes like defining a data breach to include data destruction, adding the right to be forgotten, mandating the practice of breach notifications, and many other new elements. The implications of this and other proposed legislation on how the cloud can be utilized for storing data are significant. Join this live Webcast to hear:
•EU “directives” vs. “regulation”
•General data protection regulation summary
•How personal data has been redefined
•Substantial financial penalties for non-compliance
•Impact on data protection in the cloud
•How to prepare now for impending changes
Adrian Sanabria, 451 Research; Shamiana Soderberg, Microsoft; Jamie Barnett, Netskope
One of today's biggest cloud trends is enterprise adoption of the Microsoft Office 365 suite. There is one wrinkle, though. Your business wants to move quickly to get immediate value, while your security team needs to proceed a little more cautiously to ensure they can govern usage and protect sensitive data. Can organizations move quickly and instrument the proper controls?
Join Adrian Sanabria, Senior Security Analyst from 451 Research, Shamiana Soderberg, Senior Business Development Manager Cloud Productivity from Microsoft, and Jamie Barnett, CMO of Netskope for a look at safe enablement best practices for Office 365, and the role Cloud Access Security Brokers play in this effort.
Attendees will come away with the ten real-world requirements that every organization should consider when adopting a sanctioned cloud productivity suite like Office 365. These requirements will address areas like:
- Granular administrative and user controls across the Office 365 suite
- DLP for content “at rest” within and “en route” to or from the suite
- Usage and data governance within the suite and its ecosystem
Itsik Mantin, Director of Security Research, Imperva
Organizations of all sizes face a universal security threat from today’s organized hacking industry. Why? Hackers have decreased costs and expanded their reach with tools and technologies that allow for automated attacks against Web applications.
This webinar will detail key insights from the Imperva Application Defense Center annual Web Application Attack Report. Attend this webinar for an in-depth view of the threat landscape for the year. We will:
- Discuss hacking trends and shifts
- Provide breach analysis by geography, industry and attack type
- Detail next steps for improved security controls and risk management processes
Christopher Kissel, Industry Analyst at Frost & Sullivan & Seth Goldhammer, Sr. Product Management Director at LogRhythm
The stakes have never been higher as businesses attempt to protect their assets from a barrage of threats that continue to grow in frequency and sophistication. These efforts have traditionally centered on perimeter-based cyber defenses. Intrusion detection and prevention systems (IDS/IPS), antivirus (AV), firewalls, next generation firewalls (NGFW), unified threat management (UTM) platforms, and vulnerability management (VM) are among the technologies used (and needed) to stop miscreants from entering the network.
However, even the most advanced cyber security teams acknowledge that user accounts, systems and networks WILL be compromised, regardless of the prevention measure in place. It’s amidst this reality that organizations are exploring new, more effective ways to detect and respond when the inevitable occurs.
In this webinar we will explore how unified security intelligence is empowering organizations to accelerate their mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) to compromises and avoid material breaches. Chris Kissel, industry analyst from Frost & Sullivan will start with a quick update on the state of SIEM and how next-gen SIEM has evolved to deliver true security intelligence through a number of new capabilities including behavioral analytics, network and endpoint monitoring and analytics, as well as advanced search capabilities.
Attend this webinar if you:
-Are seeking to reduce your organizations meantime-to-detect (MTTR) and meantime-to-respond (MTTR) to cyber threats
-Struggle to find the needle in the haystack of security events
-Believe your current incident response process lacks adequate automation and efficiency
-You have a first-gen SIEM platform deployed and are frustrated by its complexity or feel that you still have significant blind spots
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.