2012 Global Threats and Trends

John Yeo, EMEA Director, SpiderLabs
In today’s cyber world, it’s no longer a matter of “if” a data breach will occur, but “when.” Organizations around the world, from the local corner store to the global enterprise, all need to understand current data security risks in order to mitigate them.

The Trustwave 2012 Global Security Report identifies the top threats encountered by businesses over the past year. Based on an analysis of Trustwave data sources, including more than 300 incident investigations, 2,000 penetration tests conducted by Trustwave SpiderLabs, and 2 million network and application vulnerability scans, the report provides a roadmap for any organization that needs to improve and update their information security strategy.

The Trustwave 2012 Global Security Report highlights top data security risk areas, offering predictions on future targets based on analysis and perceived trends. By learning from others’ data vulnerabilities, and applying tactical and strategic change outlined in this report, any organization will be better able to reduce data threats and loss.
Jun 21 2012
42 mins
2012 Global Threats and Trends
Join us for this summit:
  • Channel
  • Channel profile
Up Down
  • The Rise of Advanced Malware and Evasive Network Attacks Jun 18 2014 4:00 pm UTC 45 mins
    Networking communication protocols make it possible for the internet to work. Unfortunately, criminals can use those trusted systems to obfuscate malicious data and penetrate your network defenses undetected. An advanced evasion technique (AET) is a method of delivering an exploit or malicious content into a vulnerable target so that the traffic looks normal and security devices will allow it to pass through. By combining attacks using several protocol layers, these advanced evasions bypass most existing security solutions undetected. Join us for a review of these attack techniques and a demonstration.
  • Using Sequence Package Analysis to Detect Terrorism and Sedition Jun 17 2014 5:00 pm UTC 45 mins
    This webinar will demonstrate how Sequence Package Analysis (SPA), a new natural language method that utilizes a corpus of annotated training data comprised of a unique set of feature extractions, may detect early signs of terrorism and sedition. Using an SPA-designed BNF table consisting of sequentially-implicative (as opposed to syntactic) parsing structures, this natural language tool searches social media content and recordings of conversations of suspected terrorists to identify (and measure) collusion, collaboration, affinity with other terror or sedition suspects. Whereas conventional text mining methods are hindered by the speech system’s failure to identify keywords (most suspects intentionally refrain from the use of keywords that pinpoint location, names, dates and time), SPA is designed to work around these obstacles in which users refrain from referring to named entities that are likely to flag their communications as suspicious.
  • Combining Gameification with Behavioural Psychology and Cyber Security Jun 17 2014 9:00 am UTC 45 mins
    Generation Y are well versed in interactive gaming technology as these young people move into the world of employment how can we use gameification techniques to assist the security awareness process.

    What are the benefits and challenges of using gameification to build, develop and train security awareness?

    This talk looks at how three leading organisations have come together to provide the next level of interactive game based learning to improve online safety and security.

    Combining Gameification with Behavioural Psychology and Cyber Security expertise CyberSense™ is setting the benchmark standard in the field of staff on boarding using advanced techniques that will be of interest to organisations concerned about the protection of IP, Commercial Data, fraud and other wider security risks and threats.

    Who should attend this presentation: Executives, HR, IT, Training…indeed anyone with an interest in cyber security awareness training and the latest leading edge technologies in company and individual cyber defence capabilities.
  • How to Reconcile Enterprise Security Policy with Demand for BYOD and SaaS May 29 2014 5:00 pm UTC 45 mins
    Demand for cloud apps and mobility in the enterprise is extremely strong. Today’s savvy employees and business unit managers enable these technologies rapidly and inexpensively. However, coupling BYOD (Bring Your Own Devices) with SaaS applications creates security problems for corporate IT, as legacy security infrastructure can’t inspect this traffic. In this webinar, we will discuss how securely enabling cloud and mobile prevents users from going rogue and transforms hostile forces into a friendly, innovative, productive, and secure collaboration.
  • Information Security Metrics May 20 2014 6:00 pm UTC 45 mins
    There are ways in which you can measure the return on the investment that is a solid information security program and show how information security adds business value. This presentation discusses a standards approach to developing security metrics from measuring key operational and business processes within an organization.
  • Secure File Sharing in the Cloud May 14 2014 5:00 pm UTC 45 mins
    Virtually every business has contemplated moving data to the cloud. For many companies, the risk of storing certain classes of un-encrypted data in the cloud is not acceptable. Encrypting data, however, can hinder your ability to share that information with others.

    What you put in the cloud and how you protect it will largely determine what you, and to some degree, what an adversary can do with it. This webinar will discuss different approaches to sharing encrypted data in the cloud, and highlight the benefits and drawbacks of each model.
  • Building Advanced Endpoint Security May 14 2014 4:00 pm UTC 60 mins
    This webcast will discuss how the endpoint is becoming increasingly attractive as the initial attack vector for breaches. Our speakers will also cover how security teams can more readily identify and define meaningful indicators of compromise.
  • Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control May 14 2014 2:00 pm UTC 45 mins
    Forget the geeky analysis of cloud security; risk is driven by people involved and the approach to adoption. This discussion will tackle the complex issues around data ownership and control in the hands of customers, providers, law enforcement, intelligence agencies and a pantheon of adversaries.

    If data is destiny, then too many people are in charge of your fate.

    We discuss how to get it back.
  • Cloudy With a Lack of Awareness May 14 2014 12:00 pm UTC 45 mins
    Virtually every organisation relies on a standard set of solutions to enable day-to-day operations. These include outsourcing and cloud offerings. It’s right they should – there’s no point re-inventing the wheel every time – and it’s also only normal to expect that the drive to cut costs and increase value will push non-core business processes out of the organisation.

    Growing hyperconnectivity will lead many organisations to increase their dependence on these accepted solutions. However, they will become increasingly unreliable. So are you prepared with alternatives if the things you’ve built your trust around come crashing down?

    This webcast will examine the key areas of potential vulnerability regarding cloud storage, providers and data management, providing key insights into how to manage these vulnerabilities to ensure the maximum benefit and minimum risk.
  • Contain Yourself - Analysis of BYOD Secure Containers May 13 2014 5:00 pm UTC 45 mins
    In today's world, everyone wants access to information from his or her personal mobile device. As a business, this includes your customers and/or employees. What if the information they want access to is highly sensitive? While it's tempting to resist these pressures for security reasons, providing mobile access can be a significant competitive advantage and most importantly keep your customers and employees happy and productive. The reality is that in order to survive in a connected world, we must provide a way to meet these demands without sacrificing security.

    Organizations have begun moving from "managed devices" to a Bring Your Own Device (BYOD) model where company resources can be accessed and stored on unmanaged devices. As you can imagine, there are some inherent risks with this approach due to the organizations inability to enforce policies on personal devices. There is currently a huge market for solutions that allowing enterprises protect their data on unmanaged devices. Enter "Secure Containers” and “Application Wrapping". The basic premise of these solutions is that it allows organizations enforce policies at the application layer rather than the device layer. For example, authentication, remote wipes, lockouts and data encryption can now be enforced on a per application basis. Application Wrapping is a technique, which allows the ability inject their own code into existing iOS applications. Once injected, existing iOS method implementations can be overwritten to enforce these policies. In a nutshell, you can have an existing application and have it wrapped so that it enforces various defined policies and secure it without developers having to manually implement it.
  • Welcome to the Identiverse! The Internet of Things and Cloud Identity May 13 2014 11:00 am UTC 45 mins
    Travel through the Identiverse and discover the importance of identity security in a connected world.

    Benefits of attending:
    • Gain an understanding of the issues of identity security in the Cloud
    • Get a clear picture of the standards that will enable deliver identity security in the real world
    • Be informed about the latest trends affecting managing identities of people and things in the Cloud
  • Cloud Security and Risks: An Ethical Hacker’s View May 13 2014 10:00 am UTC 45 mins
    Preventing loss and theft of data is key to corporate survival. Criminals and competitors don’t want your network - they want your data! Cloud provides them with unprecedented opportunities for theft and fraud. The gaps between partner organisations and the absence of any real possibility of audit and control, gives thieves potential access to corporate information and sensitive data. Peter Wood will show you some real-world threats posed by cloud and suggestions for mitigating the risk.
  • Getting Started with Business Continuity May 7 2014 5:00 pm UTC 60 mins
    From natural disasters to hacking attacks, your business needs a plan to respond to adverse events and keep on going. That’s the goal of Business Continuity and Stephen Cobb helps you lay the groundwork for a successful strategy for your organization.
  • Considerations for Ramping to a Big Data Network Monitoring Architecture, Part 2 May 7 2014 5:00 pm UTC 60 mins
    This is a continuation of our 2-part series on Big Data Visibility with Network Packet Brokers (NPBs).

    Big data techniques and technologies can be powerful tools for scaling network monitoring and forensics. They can also facilitate new use cases for network data, potentially beyond the scope of Operations.

    Gordon Beith, Director of Product Management at VSS Monitoring, will discuss practical considerations for migrating to a Big Data Visibility Architecture, including:
    • Accommodating network volume, velocity and variety using sophisticated hardware preprocessing and APIs
    • Metadata versus flow statistics versus full packet capture – considerations and use cases for each
    • Open versus proprietary formats for storage
    • Pros and cons of integrated capture/storage/analysis solutions versus separate capture/ storage solutions coupled with virtualized analysis probes
    • Addressing retrieval in an “open” forensics model
    • Leveraging a distributed computing framework for processing large-scale data stores
  • Leveraging a Big Data Model in the IT domain, Part 1 Apr 30 2014 5:00 pm UTC 60 mins
    This is part 1 of our 2-part series on Big Data Visibility with Network Packet Brokers (NPBs).

    Even as network data has exploded in volume, velocity and variety, network monitoring solutions have been behind the curve in adopting new technologies and approaches to cost-effectively scale and accommodate a widening virtualization trend. Customers are demanding greater freedom in how applications are deployed and are moving to a consolidated, shared model of data using big data frameworks, such as Hadoop, which enable large-scale processing and retrieval for multiple stakeholders.

    Join Andrew R. Harding, VP of Product Line Management at VSS Monitoring, as he discusses:
    - Big data and its implications for network monitoring and forensics
    - Why network monitoring solutions are lagging from a virtualization standpoint and why this is a problem for network owners
    - How certain traditional network monitoring functions will eventually be offloaded to adjacent technologies
    - How Network Packet Brokers can accelerate the adoption of virtualized probes, “open” storage, and big data technologies within network management / monitoring
    • How a Big Data Visibility architecture can enable network data to become part of the “big data store,” allowing it to integrate with the rest of enterprise data
  • Threat Intelligence is Hot, but is it Fueling Prevention? Apr 30 2014 4:00 pm UTC 45 mins
    Join Patrick Peterson, Founder & CEO of Agari - a 2014 Gartner "Cool Vendor", as he peels back how criminals are penetrating current security controls and describes intelligence that can detect attacks in real-time and provide the ammunition you need to take action. Whether it’s looking for unusual changes in average URL lengths in hyperlinks or statistically anomalous use of certain names in email FROM fields, specific types of intelligence provides high fidelity signal indicating that malicious activity is at work inside your organization, or attempting to penetrate it. Register to learn more about real-time intelligence that drives attack prevention.
  • More than One Target: Point of Sale Malware Campaigns Continue Apr 29 2014 3:00 pm UTC 60 mins
    As additional details on the Target breach - and other retail attacks - leak out, we see that Point of Sale (POS) malware continues to be a significant threat. There are several attack methodologies at play and many forms of new malware, including Dexter, Project Hook, Alina, BlackPoS/Kartoxa, JackPoS, VSkimmer and others. All continue to compromise organizations large and small. In this webinar, Curt Wilson, Senior Research Analyst for Arbor's Security Engineering and Response Team (ASERT) will explore a newly discovered POS attacker’s toolkit, as well as the structure and behavior of typical POS malware and key indicators of compromise.

    Additionally, this talk will review a survey of observed POS infrastructure vulnerabilities that include well-known and lesser- known POS threats that continue to evolve. Attendees should leave with an expanded sense of the threat surface that retailers – including ecommerce organizations – must face. The session will wrap up with an overview of best practices for protecting, detecting, and addressing these evolving threats.

    Attend this webinar to learn about:

    • The various types of POS malware threats and the implications of experiencing an attack

    • The tools and processes that retail IT infrastructure teams need to have in place to protect their organizations from attacks

    • Best practices for dealing with a POS attack; actionable “now what” steps for organizations who have been compromised by POS malware
  • BYOD Challenges, Recommendations & Best Practices from Box Recorded: Apr 24 2014 40 mins
    85% of enterprises permit BYOD, but only 25-30% of them actually have policies and technology to manage these devices. What is your business doing to ensure that the content on that device stays secure, regardless of what device your employees are using? If you are considering moving to a BYOD strategy or are in the midst of doing so, join this webinar to learn how to develop and execute a BYOD plan in your company. We'll talk about major challenges from creating a BYOD strategy and best practices from ensuring that the content on your device stays secure with Box.
  • Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Recorded: Apr 23 2014 49 mins
    Successful organizations run on key metrics and IT security should be no different. But which security metrics should operations, management and the boardroom be focused on? Factories focus on “days without an accident” Is the cyber parallel “days without a breach?”
    What to measure, how to measure, and how to communicate performance is key to improving the security team’s effectiveness and standing within the organization. Information like:
    - Which departments have access to which servers?
    - Who are the privileged users and when are they most active?
    - Where are the assets with vulnerabilities that can be reached from outside?
    - When are security defenses like firewalls likely to maxout?
    Join Dr. Larry Ponemon, Chairman & Founder of the Ponemon Institute, for key results of a new research study on security metrics and change management, and Jody Brazil, Founder, President and CTO of FireMon, for a pragmatic perspective on generating actionable metrics from your network security infrastructure and reducing the risks of relentless change.
  • The New IT - How the World of Work is Changing and What IT Needs to Do to Adapt Recorded: Apr 23 2014 60 mins
    The future of work sees changes to how employees work, how managers lead, and how organizations are structured. However, technology still remains the central nervous system of organizations and things like enables flexible work, collaboration, communication, and BYOD. In short, IT helps organizations be competitive. But how is IT changing in the context of new work behaviors and expectations, a multi-generational workforce, the cloud, globalization, and many of the other trends that are shaping the world of work? Join us in this session as a panel of experts debates and explores how IT is changing and what the future of IT looks like.
Your Resource for Information Security Trends & Education
With over 200,000 members, the Information Security Community is the largest community of infosec professionals in the industry. Let's build a network that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, marketing ... or using information security solutions - this group is for you. Covered topics include compliance, encryption, anti-virus, malware, cloud security, data protection, hacking, network security, virtualization, and more.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: 2012 Global Threats and Trends
  • Live at: Jun 21 2012 4:00 pm
  • Presented by: John Yeo, EMEA Director, SpiderLabs
  • From:
Your email has been sent.
or close
You must be logged in to email this