Sustainable Defense: How To Stop Chasing Security and Win the Battle

Raj Goel, CISSP, CTO, Brainlink International, Inc.
Data protection, Privacy Compliance and Network Defense can seem like a never-ending tower defense game. And just like PvZ, you've got to identify your resources, plant your defenses, and watch as the horde of zombies, spam bots, and your own users batter your defenses.

Remember...when you lose, you get to play again.
When you win, the threats become stronger, the stakes higher, and the stress...incredible.

This presentation will take a critical view towards "vendor pitches", and provides common-sense based, practical strategies for winning the game.
Sep 5 2012
46 mins
Sustainable Defense: How To Stop Chasing Security and Win the Battle
Join us for this summit:
More from this community:

IT Security

  • Live 2 and recorded (5640)
  • Upcoming (120)
  • Date
  • Rating
  • Views
  • Channel
  • Channel profile
  • OpenStack and Cloud Security, Getting it Right Every Time! Jun 12 2015 4:00 pm UTC 45 mins
    Valentina Alaria, Senior Director of Product & Marketing, PLUMgrid, Cynthia Hsieh Director of Product Marketing, Fortinet
    While OpenStack-based clouds are all the rage for elastic, on-demand multi-tenant applications, what’s clear is that securing data and user traffic is a puzzle that has some pieces missing.
    The changing nature of the network in transition to cloud makes viable security a moving target, regardless of new models like SDN, NFV and Virtual Network Infrastructure (VNI) there is a deep and developing relationship between networking, security and policy enforcement.

    Fortinet and PLUMgrid are proud to present, OpenStack and Cloud Security, Getting it Right Every Time!, a live and interactive webcast on how security orchestration and policy enforcement can be integrated into the networking design of OpenStack cloud environments.

    Discover how PLUMgrid Open Networking Suite (ONS) and Fortinet work together to provide an out-of-the-box integration strategy so all security policies can be seamlessly applied.
    Learn key use cases like auto-scaling/auto provisioning security engines and firewall/security rules with web-scale workloads.
    Understand the benefits of logical firewall rules that follow VM workloads across clouds, irrespective of physical hosts, IP address or VXLAN overlay and underlay encapsulation for emerging OpenStack platforms
  • Addressing the Gaps in Endpoint Backup Strategy for Global Organizations Jun 11 2015 5:00 pm UTC 45 mins
    Seyi Verma, Druva Product Marketing
    Multi-national businesses must have an endpoint backup strategy that goes beyond simple laptop backup and restore capabilities. Organizations with employees in different regions, under different legal jurisdictions, face more complex and complicated challenges to manage and secure data while enabling user productivity. Policies for privacy, security and governance and flexible assignment of regional data storage access are but a couple of unique needs of enterprises that span borders. Join Druva to learn best practices around rolling out a global endpoint backup strategy. Uncover critical points to consider as well as hints and tips to successfully protect laptop and mobile device data using global policy.
  • Changes that mobile brings to banking: what the US needs to do to catch up Jun 10 2015 5:00 pm UTC 60 mins
    Brett King, Founder & CEO; Moven
    Driven by customer behavior and technological disruption, banking and financial services will change more in the next 10 years than it did in the last 100. Mobility is shifting from being an option to being a basic of customer acquisition and a cornerstone of customer relationships.

    Brett King, Author of "Bank 3.0" and radio host of "Breaking Banks", discusses the new rules of engagement: Advocacy, Behavior, and Context; and why burgeoning FinTech should be considered both the consumers and the banks biggest ally.
  • A Walk in the Digital Shadows Jun 10 2015 4:00 pm UTC 45 mins
    James Chappell, CTO and Co-founder, Digital Shadows
    As businesses and people increasingly engage with new forms of online communication so their digital footprints are expanding. While much of this information is positive and benign, some of it directly relates to enterprise security and potential threats. However, businesses remain ignorant of the trails that they, and those who threaten them, leave behind because they lack the resources to both discover and manage them. In this seminar we will show how businesses can lift the lid on their digital shadows and explore what lurks within. By learning about their weaknesses and the threats they face, they can then make smarter investment decisions about their defences.
  • Never mind the Next Big Threat Thing. Fix the Golden Oldies first. Jun 10 2015 3:30 pm UTC 45 mins
    Santeri Kangas, CTO, Secunia
    Globally, we are seeing an increase in Advanced Persistent Threats (APT) and targeted attacks. And while the strategy applied to choosing which organizations and assets to target is increasingly sophisticated, the methods are the same as always: exploiting well-known vulnerabilities that could have been mitigated with simple and fundamental controls.

    In this webinar, Secunia’s new CTO Santeri Kangas will use real-life examples to demonstrate how hackers actually exploit vulnerabilities, and illustrate the risk organizations are effectively accepting, when they neglect the fundamentals of IT security. Kangas also discusses how organizations can strengthen their resilience to attacks that exploit publicly known vulnerabilities, and explain why business leaders are central players in saving the company bacon: they need to get behind the efforts to get security fundamentals right.
  • Is your Business Running the Risk? Jun 10 2015 2:00 pm UTC 45 mins
    Chris Kozup, Senior Director, Aruba Networks
    The recent Aruba Networks study, “Securing #GenMobile: Is Your Business Running the Risk”, highlights that enterprises need to take immediate action to secure their sensitive data.

    The study has uncovered that IT departments do not have the proper security measures in place for the ever expanding #GenMobile workforce. A one-size fits all perimeter security model is a thing of the past. IT must take various levels of context into consideration when building a Mobile Security strategy. The chasm that is exposed between age, gender, income level, industry and geographic location has a direct effect on the risk of security breach an enterprise may experience.

    Attend this webinar to discover our in-depth findings, and determine best practices towards building an adaptive trust approach to connectivity and data security.
  • How well prepared are you for the next security threat? Jun 10 2015 1:00 pm UTC 45 mins
    Florian Malecki, EMEA Director, Dell Network Security
    These are trying times for IT professional. Each and every day you face the risk of your network being hacked by the newest zero-day threat. Not long ago, it was the Venom and the TV5 Monde breach, as well as Shellshock a few months ago. And, while you’re still working to defend your infrastructure from these two critical threats, the cybercriminal community is working just as hard trying to exploit the weaknesses of your network. So how well are you prepared for the next attack?

    A comprehensive security approach should encompass three factors. It should be adaptive to threats, business requirements and the ever-evolving use of the internet within the corporate network, have adapted to meet the specific requirements of an organization and have been adopted fully by end users. These factors can be summarized as a “Triple-A” security approach.

    Attend this webinar to see how you can take advantage of this “triple A security approach” as well as modern-day network security tools and services to achieve ongoing protection against new threats as they occur and use IT security to drive innovation – not blocking it.
  • Grow Your Own...Social Engineering, Corporate Culture and the Insider Threat Jun 10 2015 10:00 am UTC 45 mins
    Jenny Radcliffe, Social Engineer & Director, Jenny Radcliffe Training
    Organisations of all sizes and types unwittingly, but actively, assist both Social Engineering and more technical attacks on their businesses through their own corporate culture, habits and management style.

    Whether it be through a management style of arrogance or bullying, through poor supplier management or through the naiveté that comes with having plentiful resources & being a household name, firms are encouraging external attacks and growing their own risk of internal threats, primarily through having the wrong attitude and organisational behavioural traits.

    In this webinar, Social Engineer and People Hacker, Jenny Radcliffe explains why this is the case and discusses what organisations can do to adapt their culture in order to repel, rather than attract, the attackers.
  • The End Point Protection Conundrum: Inside Looking Out or Outside Looking In? Jun 10 2015 9:00 am UTC 45 mins
    Patrick Grillo, Fortinet Senior Director, Security Solutions
    Advanced Threat Protection (ATP) has taken on a life of its own over the past year. Despite some differences, most solutions tend to agree on the type of protection needed for the core network. Where things start to come apart is when you introduce the end user into the equation and how to protect the network from an internal error, deliberate maliciousness or even criminal intent. End point protection, in all of its various forms, must be a key component of any ATP solution and integrated into the process of Prevent, Detect and Mitigate.

    This session will focus on the overall issue and how the Fortinet ATP solution addresses this matter.
  • Cyber Warfare Jun 9 2015 5:00 pm UTC 45 mins
    Chuck Easttom, Computer Scientist, Author, and Inventor
    This discusses the history of cyber warfare, current trends, and what is coming in the near future.
  • Cloud Security Report 2015: What You Need to Know Jun 9 2015 5:00 pm UTC 45 mins
    Martin Lee, Manager, Intelligence, Alert Logic
    With the recently released Cloud Security Report, Alert Logic will open the doors to our research team and give you insight into how we gather data to prepare the cloud security report.

    Register for this live webinar as Alert Logic ActiveIntelligence team manager Martin Lee provides insight into the key resources used by our staff to find the latest data and then explore what our research team does with the information.

    This webinar will also cover:

    •Macro-trends uncovered in this years report,
    •The cyber kill chain in easy to understand terms
    •Industry specific analysis
  • HP Cyber Risk Report 2015: The Past is Prologue Jun 9 2015 4:00 pm UTC 30 mins
    Jewel Timpe, Senior Manager- Threat Research, HP Security Research
    In the world of information security, the past isn’t dead; it isn’t even the past.

    The 2015 edition of HP’s annual security-research analysis reveals a threat landscape still populated by old problems and known issues, even as the pace of new developments quickens. In 2014, well-known attacks and misconfigurations existed side-by-side with mobile and connected devices (the “Internet of Things”) that remained largely unsecured. As the global economy continues its recovery, enterprises continued to find inexpensive access to capital; unfortunately, network attackers did as well, some of whom launched remarkably determined and formidable attacks over the course of the year.

    The 2015 edition of the HP Cyber Risk Report, drawn from innovative work by HP Security Research (HPSR), examines the nature of currently active vulnerabilities, how adversaries take advantage of them, and how defenders can prepare for what lies ahead. Jewel Timpe, HPSR’s senior manager of threat research, describes the report’s findings and explains how this intelligence can be used to better allocate security funds and personnel resources for enterprises looking toward tomorrow.
  • Sensitive Data Loss is NOT Inevitable Jun 9 2015 2:00 pm UTC 45 mins
    Dan Geer, CISO, In-Q-Tel & featured speaker Heidi Shey of Forrester
    Learn how to prevent the inevitable intrusions from compromising sensitive data! There is no silver bullet, but there is a solution.

    It’s widely accepted that perimeter breaches are inevitable – the bad guys are getting in. There is no silver bullet and there aren’t enough dollars in any IT security budget to address every vulnerability. But the loss of sensitive data from a breach is NOT inevitable.

    Data Loss Prevention (DLP) is a proven solution that stops the theft of sensitive data. The problem is, DLP is not widely deployed. Why? Put simply, DLP is hard. But just because it’s hard, doesn’t make it a less necessary component of your security strategy.

    In this webinar, Dan Geer and featured speaker Heidi Shey of Forrester will discuss:

    • Why and how CISOs need to get past the DLP horror stories and limited usage to prevent the inevitable intrusions from compromising sensitive data

    • What’s required for DLP to be a success

    • New DLP solution deployment options that get you all the data protection, without the deployment and management headaches.
  • Anatomy of a Botnet – Dissecting and Malware analysis Jun 9 2015 12:00 pm UTC 45 mins
    Tiago Pereira, Threat Intel Researcher at AnubisNetworks
    Knowing that your company has been compromised is just the first step in a long road to erase the threat.

    Many companies take weeks and sometimes months to address compromised machines due to a lack of real-time notifications or, in many cases, a deep understanding of the malware profile.

    Tiago Pereira, Threat Intel at AnubisNetworks will share the methodology used by AnubisNetworks which comprises the combination of Cyberfeed threat intelligence capabilities with the expertise of the security team to dissect and understand the botnet behaviour, destroying capabilities and threat risk for organizations. The first part of the webinar will be dedicated to explaining the methodology and the second how it was applied in a real case study.

    In this webinar you will learn:
    - AnubisNetworks’ sinkhole techniques and botnet research methodology
    - Case study: understand a botnet:

    o DGA mechanisms

    o Decipher the network protocol

    o Uncover the malware capabilities
  • The Evolving Cyber Threat Landscape Jun 9 2015 11:00 am UTC 45 mins
    Adrian Nish, Head of Cyber Threat Intelligence, BAE
    Attackers are getting smarter, while repurposing what we thought were outdated techniques. So, how can your organisation stay safe?

    In the past decade we’ve seen the emergence of the world’s youngest profession – the Cyber-Intruders. These actors, often working normal 9 to 5 hours, Monday to Friday, are paid to break into systems and steal sensitive information or scope out a target for their employer.

    Crime-as-a-service has become a reality in cyber-space, with specialisms emerging which make it akin to a mini-industrial revolution. The techniques they use are often novel, though not always. Out-dated technology as well as lessons unlearned by organisations mean that persistent attackers can breach networks with relative ease.

    This talk aims to present the current state of the cyber threat landscape, what are the latest tricks attackers are using, and what should organisations focus on to keep data and systems secure.
  • Five steps to improving security: A pragmatic approach Jun 9 2015 11:00 am UTC 45 mins
    Hadi Hosn, Managing Principal Consultant, Dell SecureWorks
    Information security is becoming more and more vital to organisations in an ever changing landscape with the role of the Chief Information Security Officer (CISO) growing in magnitude with hacker based activity, cloud computing, and work-from-anywhere initiative adding to the complexity. New privacy regulations, social media and BYOD have added further challenges and put additional strains on compliance…

    In this webcast, Hadi Hosn, Managing Principal Consultant at Dell SecureWorks, will discuss the five key areas we believe a CISO should focus today to help shape and drive a security programme. Hadi will focus on the most important areas that are applicable in all market sectors and centre in on those activities that, in his experience, deliver the most value, security improvement and return on investment.

    Key topics covered include:

    •Understanding your organisation’s extended enterprise

    •How to improve visibility into what’s going on in your environment

    •Building a culture of security in your organisation
  • If Hacking is the Poison, What's the Antidote? Jun 9 2015 10:00 am UTC 45 mins
    James Hanlon CISM, CISSP, Cyber Security Strategy & GTM Lead, EMEA
    James Hanlon, Security Strategist at Symantec, looks at both the current cyber poisons and potential antidotes to the cyber security challenge. The discussion will focus current threat landscape and the changes we are seeing in regard to hacking and cyber attacks. It will pose the questions to whether global intelligence & data analytics is an approach that can be used counter the most advanced threats.
  • Stopping Data Breaches: Show me the money Jun 3 2015 3:00 pm UTC 45 mins
    Dave Finger, Director of Product Marketing, Fortinet
    Yes, there are annual studies that calculate the cost of the average data breach. And yes, within weeks of a major data breach the headlines shift from number of records lost to estimated cost. So it is unsurprising, if troubling, that a recent survey of enterprise executives indicated that the #1 thing they are most concerned about protecting from cyber attack is customer data. However, there are other important aspects to making a business case for improving your security posture. This webcast will discuss what we feel you should be concerned about losing and why…and it’s not just customer records that require costly breach notification.
  • Using Your Network and Cisco ASR 9000 for Comprehensive DDoS Protection Jun 3 2015 2:00 pm UTC 45 mins
    Talbot Hack, Senior Product Manager, Arbor Networks + Mike Geller, Principal Engineer Cisco Systems
    DDoS attacks are rising in size, frequency and complexity; recent research from Arbor Networks discovered a 334 Gbps DDoS attack! What makes this concerning is that there isn’t a single DDoS protection product on the planet that can stop an attack of this magnitude. So what’s the solution? You need to leverage your network to stop DDoS attacks.

    In this session, representatives from two industry leaders – Talbot Hack from Arbor Networks and Mike Geller from Cisco Systems – discuss best practices in leveraging your network for DDoS detection and mitigation.

    This presentation will cover:
    -The use of current and emerging technologies such as, Netflow, BGP, Flowspec, S&D/RTBH and SDN/NFV
    -An introduction to a joint Arbor-Cisco solution which embeds Arbor’s Threat Management System (TMS) technology in the Cisco’s ASR 9000 router for network embedded, virtual DDoS protection
  • 2015 Cyberthreat Defense Report Live 45 mins
    Steve Piper, CEO, CyberEdge and Hal Lonas, CTO, Webroot
    This presentation provides key findings from the 2015 Cyberthreat Defense Report from the analyst firm CyberEdge. Based on a survey of IT security decision makers and practitioners across North America and Europe, the report examines the current and planned deployment of security measures, including the use of threat intelligence. It also provides developers of IT security technologies and products with answers they need to better align their solutions with the concerns and requirements of end users.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Sustainable Defense: How To Stop Chasing Security and Win the Battle
  • Live at: Sep 5 2012 6:00 pm
  • Presented by: Raj Goel, CISSP, CTO, Brainlink International, Inc.
  • From:
Your email has been sent.
or close
You must be logged in to email this