We’ve all heard it by now - the PCI standard is changing – to match an advancing threat landscape, new business and technology platforms, and evolving requirements of the payments community. Join Trustwave’s PCI compliance and threat intelligence experts in this expert webcast, to get a holistic view of PCI 3.0 from both a compliance management and threat intelligence perspective. They’ll answer your questions on both the “what” and the “why” of the new mandate, and you’ll learn:
· the key changes that are part of the PCI DSS 3.0
· what is driving those changes and why they’re needed
· steps you can take to prepare your organization for the new mandate
RecordedOct 10 201352 mins
Your place is confirmed, we'll send you email reminders
Nathan Wenzler, Principal Security Architect at AsTech Consulting
It’s that time of year again: RSA Conference 2017 is upon us. The trends in the security industry are moving more quickly than ever, and the newest methods of preventing cyberattacks have quickly shifted away from solely building walls of defense and into analytics of the data gathered about your network and the way users and attackers use it.
But what about the tried and true methods for thwarting hackers like traditional Vulnerability Management programs? Many organizations have allowed their VM programs to languish and become ineffective because it’s often seen as too old of a technology and too difficult to make successful.
But that’s only because they’ve really never done it right.
Join Nathan Wenzler, Principal Security Architect at AsTech Consulting, to learn why Vulnerability Management is still a critically key component to a successful security program.
This discussion will highlight:
- The issues that lead companies to ignore their VM programs
- Real-world examples and case studies of solutions you can use to resurrect one of the best tools in your security arsenal
About the Presenter:
Nathan Wenzler is the Principal Security Architect at AsTech Consulting, a leading information security consulting firm. Wenzler has nearly two decades of experience designing, implementing and managing both technical and non-technical solutions for IT and Information Security organizations.
The National Credit Union Administration (NCUA) requires every credit union to protect their members’ personal, private data. But with a host of mandates and a range of technology options, where should credit union IT administrators begin? Encryption and key management can address a number of the requirements set out in these guidelines. Together they can help credit unions become compliant and can keep customer data safe.
Join our live webinar "Navigating the National Credit Union Administration (NCUA) Privacy Guidelines:
Securing Customer Records with Encryption and Key Management" on February 7th to learn about:
•Which specific guidelines concern customer information at rest and in transit
•How encryption and key management addresses these requirements
•The benefits of a centralized encryption management
Dr. Branden Williams; Smrithi Konanur, HPE Security; Kevin Eberman, Mineraltree; Asma Zubair, WhiteHat Security
In today’s digital landscape, it’s much easier for criminals to access sensitive payment card data, not only gaining direct access to a consumer’s available funds, but also their personal identity. With cyber attacks becoming much more advanced, the PCI DSS standard has been forced to adapt to address these new threats.
However, PCI compliance is something that any organization can successfully achieve. The requirements of PCI DSS are clear, but it takes work to accomplish compliance across an organization. On this webinar our panel will discuss some best practices, and solutions that provides your business with an easy, cost effective and highly automated way to achieve compliance with PCI DSS in 2017.
Noise is the enemy of breach detection and response. After a major data breach it is often the case that signs of an attacker existed, but were buried in thousands of other security alerts that were mainly false positives.
With machine learning, meaningful signs of an attack are more easily detected and isolated, so a security operator can focus on precisely the right issue.
This session will examine:
- The problem of noise
- The role of machine learning in sifting through vast amounts of data to get to the fidelity needed to detect an attacker
- Best practices for including machine learning in your security operations
Tom Gorup, Director of Security Operations at Rook Security
With the growing number of newly-released, longtime-funded automation tools and platforms, it’s clear that network security operations automation has reached an inflection point. While automation promises to provide significant value to security and network operations teams, along with hopes and promises comes concerns about limitations, potential failures, and critical oversights—especially when it comes to automating incident response. These limitations don’t stem from a lack of APIs, compute power, or the advancement of machine learning or artificial intelligence, but rather from the tools that are doing the detection, notification, and remediation.
Security operations expert Tom Gorup addresses short- and long-term automation challenges and provides analysis on why investments should be focused on arming people with more assistive technology, rather than attempting to remove humans from the equation entirely.
About the Presenter:
As Director of Security Operations for Rook Security, Tom Gorup oversees Managed Security Services and develops proprietary security operations management tools and services for organizations ranging from Fortune 100 firms to fast-growing startups. Prior to joining Rook, Tom served 6 years in the U.S. Army. As an Infantry Squad Leader, Tom served two tours in Iraq and Afghanistan, where he received a Purple Heart alongside several other awards for actions on the battlefield. Tom is GCIA certified, a participant in the GIAC mentor program and advisory board, Indiana Infragard Sector Specialist, and on the NexTech advisory board.
John Bambenek, Threat Systems Manager, Fidelis Cybersecurity
Those defending against cyberattacks are overwhelmed by the shear volume of incidents to respond to. It is so bad that it has been said there may be as many as 1 million unfilled cybersecurity jobs. Machine learning and automation is often heralded as a way to deal with this problem so that many incidents can be dealt with requiring pressing a button. While there is much promise is machine learning there are also many perils that need to be considered. Attackers know how we defend ourselves and they do use our defenses against us.
This talk will cover some of the open-source tools and techniques available for organizations to use to defend themselves while keeping in mind how attackers could undermine our efforts.
Josh Downs, BrightTALK (moderator); Dan Webb, James Brown, Oliver Pinson-Roxburgh & David Howorth, Alert Logic
Digital transformation is changing the business landscape for every organisation, with the way new technologies can unlock competitive advantage, enable efficiently, agility and enhance customer experiences. The cloud is where this innovation is happening and enabling this transformation, but when you take advantage of its possibilities, it’s crucial that you secure your cloud applications and workloads.
If you’re building applications or migrating workloads to the cloud, you’re probably like most organisations – trying to determine what security controls are needed, and how to integrate workload security without slowing down innovation or needing to add dedicated security staff – which these days is harder to find and more expensive to keep.
During this panel discussion you will hear from industry experts as they discuss what steps and considerations should be taken when moving to any cloud. Where are the responsibilities of security and how do you maintain visibility and control over your data, including:
- Why when moving business critical applications to the cloud you require a different approach to security?
- Best Practices for minimizing risk in your cloud adoption
- Filling the Cloud Security IT Skills Gap
- Managing the Challenges of the Cloud under EU GDPR
Ted Julian, VP of Product Management, IBM Resilient
Faced with an avalanche of alerts, insufficient staffing, and a bewildering regulatory environment it's no wonder that most organizations struggle to respond effectively to cyber attacks. Successfully resolving attacks requires fast, intelligent, and decisive action - organizations need to have an orchestrated plan in place before an attack occurs. Indeed, the best organizations leverage an orchestrated response capability to achieve cyber resilience, the ability to weather the inevitable cyber attacks as just another part of doing business.
Join IBM Resilient’s Ted Julian, VP of Product Management to explore the latest incident response methodology and technology. Can automation really save the day? Or are the naysayers correct that the automation cure is worse than the disease itself? From instant escalation, to automatic enrichment, to guided mitigation, Ted will explore the latest incident response techniques and share what works and what doesn't. Attendees will gain a framework for understanding their incident response capability and a maturity model for evaluating opportunities for orchestration / automation.
Stuart Davis, Director, Mandiant & David Grout, Systems Engineering Director, FireEye
Protecting against data loss is a key focus of any organisation’s information security program. However it is not always that easy to put long term initiatives in place with consistent monitoring and response effectiveness to mitigate against advanced attacks where intellectual property may be the target.
In this webinar Stuart and David will explain how effective incident response, long term monitoring and threat intelligence can help deal with data protection against advanced persistent threats (APTs) in this modern age of cyber warfare.
The sad truth is that Invaders are trying to breach your defenses every day. With five out of every six large organizations being targeted by advanced attackers, protecting your data is a smart way to keep you from becoming tomorrow’s headline.
So what does data protection mean? A comprehensive approach allows the right people to access the right data, anywhere, by controlling access, monitoring its flow, and keeping it out of the wrong hands.
We will explain how Symantec technology addresses this approach and how you will benefit from:
•Grant and ensure access only for authorized users with strong, multi-factor authentication, on any device, including BYOD.
•Watching over data wherever it lives—in the cloud, on premise, in motion, and at rest.
•Preventing data loss with unified policy controls to encrypt or block vulnerable information before it leaves the gate.
Warning - this is not just another GDPR webinar. Join Amar Singh in his popular and interactive webinars and deep-dive into this special Cyber Incident Planning & Response webinar where we share and discuss the following:
* - What are the key components to automate in incident management to enable GDPR compliance.
* - Four important questions a CISO or Manager must ask to manage an incident successfully.
* - Understand Process Automation for Incident Orchestration.
* - How you can, using the technology and processes, build a lean, effective and knowledge Security team with or without a Security Operations Centre.
* - Data Protection and Incident Response for the non-technical manager.
* - How and why it's critical that middle and senior management, working with technical teams, get involved in delivering effective cyber incident planning & response.
You’ve heard a lot about using artificial intelligence and machine learning to change the odds in your favor in cyber-attacks. Unfortunately it turns out that the bad-guys have great AI too, and with each click they can stealthily adapt, morphing into a new hard-to-detect form. But what if we apply learning in real time, on every endpoint, and allow the endpoints to collaborate to identify the threat?
In this talk Simon Crosby, co-founder and CTO of Bromium, will explore how this new approach can give defenders the edge in an era of targeted attacks.
About the Presenter:
Simon Crosby is a co-founder and CTO of Bromium Inc. – the pioneer of micro-virtualization, which enables PCs to defend themselves by design from all malware. Previously Simon was CTO, Data Center & Cloud at Citrix Systems, which acquired XenSource, where he was co-founder and CTO. He was formerly a Principal Engineer at Intel where he led strategic research on platform security and trust, and founder & CTO of CPlane Inc., a pioneer in Software Defined Networking. He was a faculty member in the Computer Laboratory at the University of Cambridge, UK from 1994-2000. He holds a PhD in Computer Science from the University of Cambridge, UK, and is author of more than 50 peer reviewed papers and patents.
Shimon Oren, Head of Cyber-Intelligence at Deep Instinct
2016 has been yet another record breaking year in many aspects of the cyber security and malware world. We will look at some of the trends and vectors that have materialized or strengthened in 2016 and will carry into 2017.
Join Shimon N. Oren, Deep Instinct’s Head of Cyber-Intelligence, to learn about the evolution of malware and cyber threats in the previous year. From ransomware, through cross platform campaigns, to file-less attacks we will review and give examples of the newest concepts and campaigns that will shape this year’s play ground between hackers and the cyber-industry.
About the Presenter:
Shimon Noam Oren is the head of Cyber-Intelligence at Deep Instinct. Prior to joining Deep Instinct Shimon served for 14 years as an officer in the Israel Defense Force's elite cyber unit. With a background that includes a wide range of cyber security and intelligence positions, Shimon successfully led multifunctional teams of engineers, analysts, hackers and security professionals in various settings and operations. Some of his other accomplishments during his tenure in the military include developing new methods and tools for researching and analyzing cyber-attacks and leading a product management team in charge of a series of innovative cyber collection products. Shimon has worked extensively with a variety of industry, defense and intelligence partners and agencies in North America and Europe, and was awarded the President of Israel Award for outstanding service.
Cris Thomas (aka Space Rogue), Strategist at Tenable Network Security
Today’s attack surface is expanding and the network is becoming increasingly complex thanks in large part to the ephemeral nature of assets, including mobile devices, cloud, IoT, web apps, containers and virtual machines.
‘Space Rogue’ (aka Cris Thomas), strategist at Tenable Network Security, will look at the findings of the Tenable 2017 Global Cybersecurity Assurance Report Card and discuss strategies for staying ahead of sophisticated cyberattacks in the modern IT landscape.
Sven Krasser, Igor Baikalov, Stephan Jou, Engin Akyol, and Sean Martin
Artificial Intelligence and Machine Learning are becoming more pervasive in the cybersecurity space, but it is not the panacea everyone thinks it is. Lacking real case studies, many vendors must resort to simulated data and made-up scenarios to demonstrate their product capabilities. Moderator Sean Martin, Editor in Chief of ITSP Magazine, will ask the expert panelist to share their insights as to how AI and/or ML can be used to help address a variety of cybersecurity risks.
Leading into this actionable advice, the panel will provide additional insights, including:
• The difference is between AI and ML
• How AI and ML can be used for good … and evil
• What the future of AI and ML looks like
Sean Martin, Editor in Chief of ITSP Magazine
• Sven Krasser, Chief Scientist at CrowdStrike
• Igor Baikalov, Chief Scientist at Securonix
• Stephan Jou, CTO of Interset
• Engin Akyol, Co-Founder & CTO of Distil Networks
From Haitian folklore to George A. Romero’s Dawn of the Dead, the use of Zombies in fictional settings has experienced a strong resurgence in recent years. With fact mirroring fiction, the real world has also faced the terror of dealing with a rise of mindless automatons capable of creating mass devastation on an international scale.
We are of course talking about the rise of Botnets.
Come join us for an interactive presentation with chief zombie-wrangler, Ronan Lavelle, on the insidious rise of this threat looking at recent attacks, the link in growth to insecure IoT devices and just what we can do to combat them.
This webinar is perfect for cyber professionals those who want to:
- stop data loss by defending against botnets
- better respond to incidents and remediate
- reduce attack surfaces and counter threats
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.
PCI 3.0 is Coming – Are you Ready?Michael Aminzade, Director of Field Operations and Chris Hague, Managing Consultant, Trustwave SpiderLabs[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]51 mins