Hi [[ session.user.profile.firstName ]]

Recent Research Findings in Endpoint Security, Endpoint Mgmnt

This presentation highlights findings from recent Aberdeen Group benchmark research in the areas of endpoint security, endpoint management, and endpoint encryption. What are the top-performing companies doing differently than everyone else to improve security and sustain compliance at a lower total cost?
Recorded Dec 8 2009 31 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Derek E. Brink, VP & Research Fellow for IT Security, Aberdeen Group
Presentation preview: Recent Research Findings in Endpoint Security, Endpoint Mgmnt

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Implementing a Business-Driven Security Strategy Recorded: Oct 17 2013 66 mins
    Dave Anderson (Voltage Security), Derek Brink (Aberdeen Group)
    **At the end of the session we're giving away a $2,950 guest pass to the Cyber Security & Digital Forensics Exchange (http://www.cyber-securityexchange.com). The pass is for the entire 3 day event, and includes meals and two night hotel accommodation. The winner will be chosen at random. To be entered into the draw you must attend this live webcast.**

    Today’s corporate leaders face multiple challenges, including the need to innovate in extremely competitive business climates, address highly dynamic regulatory and compliance challenges, and secure the enterprise against a wide barrage of new and evolving sophisticated threats. Security is a major consideration in the way that business and information technology systems are designed, built, operated, and managed. Organizations often take a bottoms-up approach to security and continually build on top of their existing security investments. This technology-centric approach often creates an excessively complex and disjointed security infrastructure that is difficult to manage and prone to operational inefficiencies which can escalate IT costs.

    The need to be able to integrate security with business functions and operations exists more than ever. A Business-Driven approach can achieve end-to-end security that supports business goals such as driving innovation and reducing organizational costs, as well as operational requirements to address compliance measures, protect against internal and external threats, and prioritize the security risk management activities that make the most sense for their organization. In this webcast presentation we will address how to implement a solid Business-Driven security strategy within your organization.
  • Security in the Software Development Lifecycle Recorded: Nov 15 2012 34 mins
    Derek Brink, VP and Research Fellow IT Security and GRC, Aberdeen Group
    Aberdeen’s research finds that companies who pay attention to security for developed applications – if they pay attention at all -- leverage three distinct strategies:

    Inspection (“Find and Fix”)
    Additional layers of protection (“Defend and Defer”)
    Prevention (“Secure at the Source”)

    The trends towards a more dynamic user experience and integration with back-end services are powering even more complex web applications – a rise in enterprise mobile applications as well. All of which makes deciding which approach(es) to use for application security is a multifaceted business decision – one part context, one part judgment, and one part philosophy.

    Embedding security from the beginning of the software development lifecycle is not for everyone, but Aberdeen’s research confirms that it does yield the best results. This presentation provides insights into the benefits and tradeoffs of addressing security as part of the software development lifecycle.
  • Panel Session: Mobile App Security Strategies for Financial Services Recorded: Nov 14 2012 46 mins
    Kevin Morgan, CTO, Arxan Technologies; John Steven, Internal CTO, Cigital; James Lynn, Practice Principal, HP Fortify
    This panel will tackle the unique challenges faced by businesses in Financial Services as they try to enter the growing mobile app market. We will bring together perspectives from vendors and researchers focusing on the topic and end users implementing the solutions and dealing with the day-to-day challenges.

    Moderator: Derek Brink, Research Fellow, Aberdeen Group
    Kevin Morgan, CTO, Arxan Technologies;
    John Steven, Internal Chief Technology Officer, Cigital
    James Lynn, Practice Principal - Fortify on Demand & Mobile Security Services, HP Enterprise Security
  • BYOD and Video: Analyst Q&A Recorded: Nov 6 2012 15 mins
    Andrew Borg and Derek Brink, Aberdeen Group
    In this short video session, Aberdeen analysts Andrew Borg and Derek Brink address questions about their recent research in the area of Bring Your Own Device (BYOD) and IT Security.
  • The Hidden Costs of BYOD Recorded: Sep 24 2012 30 mins
    Andrew Borg, Research Director, Aberdeen Center of Excellence for Mobility
    BYOD's rapid adoption is widely discussed, but a thorough examination of its actual cost to the organization has been lacking. Expanding mobile access to the greatest number, within the constraints of capital equipment budgets, is one of the undeniable benefits of a well-managed policy. But BYOD also brings significant challenges: the increasing power and complexity of devices adds to the cost of support; cost controls are disaggregated; and new risks regarding security and compliance.

    Aberdeen Group describes a best practices approach to address these concerns, derived from its recent study of more than 560 organizations in 45 countries.
  • Right to Choose vs. Right to Wipe: The Division Triggered by BYOD? Recorded: Sep 24 2012 13 mins
    Derek E. Brink, CISSP, VP & Research Fellow for IT Security, Aberdeen Group
    "Right to Choose" vs. "Right to Wipe" – which sounds like a polarizing election-year issue – refers to the tension between enterprise end-users wanting to use their own smartphones and tablets to access enterprise resources, and enterprise IT departments wanting to ensure that they can centrally lock / erase / wipe enterprise data if the device is lost or stolen.

    This presentation summarizes an Aberdeen Group analysis of more than 430 organizations, which indicates that end-users are actually most productive and most satisfied when they have the freedoms of BYOD, but within certain boundaries and protections.
  • What's Stopping You? Removing the Barriers and Migrating to the Cloud Recorded: May 24 2012 58 mins
    Derek Brink, Aberdeen; John Howie, CSA; Pravin Kothari, CipherCloud; Adam Swidler, Google
    Are your cloud concerns valid? This panel will focus on identifying the major perceived barriers to business adoption of cloud computing from the perspectives of security, compliance, privacy and policy. The goal is to separate founded and unfounded concerns and help IT security professionals and C-level executives make educated cloud decisions for their business.


    Derek Brink, Vice President and Research Fellow, IT Security and IT GRC, Aberdeen Group (moderator)
    John Howie, COO, Cloud Security Alliance
    Pravin Kothari, Founder and CEO, CipherCloud
    Adam Swidler, Sr. Product Marketing Manager, Google
  • DLP, the Ideal Referee: Let the Game Go On! Recorded: Apr 5 2012 34 mins
    Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group
    In its fifth annual study on best practices in data loss prevention (DLP), Aberdeen analyzed and compared the results from more than 600 organizations which have adopted one of four distinct approaches to the operational use of DLP technologies. The best approach, in terms of balancing enterprise risk and reward, is like the ideal referee in sports: one that makes good calls and enforces the rules regarding safety and fair play, but generally doesn't get in the way of the people playing the game.
  • Consumerization of IT: Enforcing Policies Without the Pain Recorded: Mar 15 2012 55 mins
    Derek Brink, Aberdeen Group; Patrick Wheeler, Trend Micro: Mary Siero, Innovative IT LLC; Benjamin Robbins, Palador
    Consumerization of IT and BYOD represent an opportunity and a challenge for businesses. At the crux of the issue is the tension between enterprise IT professionals who are tasked with establishing and enforcing policies and end-users who care about mobility and freedom anytime, anywhere. This webinar will explore how establishing the right BYOD policy can help a company embrace the consumerization of IT while keeping their enterprise secure.

    Derek Brink, VP, Aberdeen Group; Patrick Wheeler, Sr. Marketing Manager Endpoint Security, Trend Micro: Mary Siero, CEO, Innovative IT LLC; Benjamin Robbins, Principal, Palador
  • Securing Your Applications - From Testing to True Software Assurance Recorded: Nov 10 2011 38 mins
    Derek Brink, VP & Research Fellow, Aberdeen Group
    So you've successfully gotten started with your application security initiative -- now what? How do you take securing your applications to the next level?

    Characteristics of the companies achieving top performance in application security include:

    - Start from a solid foundation of testing
    - Start small (e.g., with a proof-of-concept) and then expand by building on your success
    - Establish a risk-based approach on what vulnerabilities to address and when
    - Partner between the IT Security and Application Development teams to expand your program beyond testing to create a true software assurance program

    Research from Aberdeen Group confirms that bringing about a systemic change across the entire software development lifecycle -- i.e., to become "secure at the source" -- yields the best results.

    In addition to the use of several enabling tools and technologies -- including application vulnerability scanning, penetration testing, manual source code reviews, static source code analysis and verification, and dynamic source code analysis and verification -- this webinar will review the "people and process" capabilities that most strongly differentiate the top performers.
  • Too Trusted to Fail: Attacks on SSL Server Certificate Infrastructure in 2011 Recorded: Oct 25 2011 23 mins
    Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group
    Two publicly disclosed attacks on the infrastructure for issuing SSL Server Certificates made headlines in 2011 – in large part based on the evidence that they were part of a state-sponsored effort to hijack the trust of legitimate domain names, and thereby gather private or sensitive information from its unsuspecting citizens. From the perspective of the countless enterprises that rely upon the global foundation of trust provided by SSL Server Certificates, however, the three key implications should be a renewed preference for top quality Certification Authorities, a continued shift toward higher assurance EV SSL Server certificates, and a higher priority for assessing the risk of current certificate revocation mechanisms.
  • More on EV SSL Server Certificates: Where is the Growth? Recorded: Oct 25 2011 14 mins
    Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group
    Extended Validation (EV) SSL Server Certificates are designed to address the need to increase end-user confidence in transacting online, by establishing a higher level of assurance that they are on a legitimate web site and that their personal data is being encrypted while in transit. Aberdeen's research and analysis indicates that the strongest near-term growth for EV SSL Server Certificates will come from Small businesses (<$50M in annual revenue), particularly in the EMEA and Asia / Pacific geographies.
  • EV SSL Server Certificates: Looking Up to the Other "Green" IT Recorded: Oct 25 2011 14 mins
    Derek E. Brink, Vice President and Research Fellow for IT Security, Aberdeen Group
    Perhaps one of the most overlooked areas for improved key management involves deployments of SSL Server Certificates and Extended Validation (EV) SSL Server Certificates – the latter which require a more rigorous vetting process to confirm the identity of the requesting site owner before being issued.

    Aberdeen's research shows that leading performers were 1.7-times more likely than lagging performers to have current deployments of EV SSL Server Certificates, providing their end-users with a higher level of assurance of a legitimate web site and greater confidence in conducting online transactions.
  • Adapt or Die: Threats, Vulnerabilities and Your Networks and Data Recorded: Sep 14 2011 49 mins
    Derek E. Brink, Aberdeen Group; Michael Stute, Global DataGuard; Dwayne Melancon, Tripwire; Gary Golomb, RSA NetWitness
    The threat landscape is escalating, and the nature of vulnerabilities and threats is changing. If your strategy has been to assume that your organization is immune, you may want to consider the latest evidence to adapt.

    At a blended business/technical level, this panel will discuss:
    • Techniques currently being used by attackers
    • Emerging vulnerabilities and threats
    • Strategies and solutions currently available
    • Examples of effective and cost-efficient tools

    Derek E. Brink, Vice President & Research Fellow, Aberdeen Group (Moderator)
    Michael Stute, CTO, Global DataGuard
    Dwayne Melancon, Head of Products and Product Strategy, Tripwire
    Gary Golomb, Sr. Research and Development Engineer, RSA NetWitness
  • OWASP Panel: New Web Application Threats and Ways to Secure Them Recorded: Mar 16 2011 46 mins
    Dennis Groves, Founder of OWASP; Sebastien Giora, OWASP ; Justin Clarke, OWASP; David Campbell, OWASP; Derek Brink, Aberdeen
    Join an expert panel of OWASP leaders as they discuss new web application threats and give their insights on ways to secure them for your business.
  • Worries of 2011 – What to look out for and how to tackle them Recorded: Dec 7 2010 48 mins
    Derek Brink, Vice President & Research Fellow, Aberdeen Group
    Worries of 2011 – What to look out for and how to tackle them
  • The State of In-Security Recorded: Nov 5 2010 43 mins
    Derek Brink, Vice President & Research Fellow, Aberdeen Group
    In a study of more than 160 organizations, Aberdeen found that respondents annually spend an average total of $2,150,000 in IT Security-related activities: $870,000 invested in their IT Security initiatives, plus an additional $1,280,000 in costs related to IT Security incidents that were not avoided in spite of these investments. This works out to approximately $220 per employee per year, or roughly 0.2% of annual revenue – less than many companies spend on complimentary tea and coffee. But how have some companies successfully optimized the balance between their annual investments in IT Security initiatives, and the additional financial impact of IT Security-related costs not avoided – the very essence of a risk-based approach?
  • Leveraging Logs, Information and Events Recorded: Aug 20 2010 34 mins
    Derek Brink, Aberdeen Group, VP & Research Fellow for IT Security
    Companies of all sizes are trying to make sense of the incredible volume of data that is being generated by their computing infrastructure and their existing security solutions. Much like the children ice-skating game of "crack the whip", Aberdeen's research indicates that closing the performance gap between leaders and laggards in the front-end – i.e., collecting and managing the data (log management) – helps to accelerate the progress needed in the back-end – i.e., interpreting the data and taking action (security information and event management). Before (or after) the presentation, individuals interested in comparing their own organization's strategies, capabilities and use of technologies with those of the Best-in-Class (top 20%) as seen in Aberdeen's benchmark research are invited to visit a complimentary, easy-to-use online assessment tool at http://assessment.aberdeen.com/BF3G7hKBmi/index.aspx .
  • Content-Aware: Aberdeen's 2010 Data Loss Prevention Report Recorded: Aug 5 2010 46 mins
    Derek E. Brink, CISSP; Aberdeen Group, Vice President and Research Fellow for IT Security
    Aberdeen's fourth annual study on data loss prevention –published on June 30, 2010 – presents the challenges, strategies, best practices and year-over-year comparisons of Best-in-Class organizations in safeguarding their sensitive data using content-aware data loss prevention technologies. The presentation will show how the companies achieving top results successfully use content-aware technologies to identify sensitive data across multiple channels, and how they use a range of remediation options to enforce their established policies. In doing so, they also experienced the benefits of fewer incidents of data loss or data exposure, fewer audit deficiencies, and lower operational cost.
  • Email / Web Security in the Cloud: More Secure! Less Expensive! Recorded: Jul 20 2010 28 mins
    Derek E. Brink, Vice President & Research Fellow, IT Security, Aberdeen Group
    Drawing on the findings from multiple benchmark studies on best practices in content security and security software as a service, Aberdeen’s analysis shows that users of cloud-based email security had substantially better results than users of on-premise email security implementations in the critical areas of security, compliance, reliability and cost. Compared to companies using on premise email security solutions, users of cloud-based email security solutions had 47% fewer incidents of spam / malware, 65% fewer audit deficiencies, 50% less security-related downtime, and 11% lower total cost per end-user per year for email security. Results for web security in the cloud were simlar.
Highlights from fact-based research and analysis on cybersecurity
What separates "Best-in-Class" (top 20%) organizations from their "Industry Average" (middle 50%) and "Laggard" (bottom 30%) counterparts when it comes to various topics in IT Security? Aberdeen's unique, fact-based approach to market research provides a framework for end-user organizations to benchmark their own strategies, capabilities and use of enabling technologies against companies with top performance. Areas of coverage in Aberdeen's IT Security practice include topics in Identities and Access, Data Protection, IT Infrastructure Security (including Endpoints, Delivery Platforms, Applications and Databases, Networks, and Storage), Physical Infrastructure Security, Policies, and Security GRC (Governance, Risk Management, and Compliance). Complimentary access is provided to the full benchmark research reports, for a limited time after initial publication.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Recent Research Findings in Endpoint Security, Endpoint Mgmnt
  • Live at: Dec 8 2009 5:00 pm
  • Presented by: Derek E. Brink, VP & Research Fellow for IT Security, Aberdeen Group
  • From:
Your email has been sent.
or close