Organizations are adopting cloud services at a very fast pace, driven by the cost effectiveness, speed/time to market and better performance and availability cloud adoption provides. However the security of data and access in the cloud is still a major cause for concern. Even if the organization is comfortable with a cloud service provider’s security posture, they are often surprised to find they are ultimately responsible for securing their own data. Fortunately security event and information management (SIEM) solutions are able to extend information and access controls to cloud in addition to physical and virtual environments. This webinar will dive into the various options available to organizations to help them ensure a secure cloud services environment.
It’s no secret that there are botnets for hire, groups of computers that can, and are, used against our organizations on a daily basis. But what is the nature of these botnets? What abilities do each of the installed toolkits offer to the attacker? Most importantly how do their capabilities change the defenses necessary to protect yourself?
We’ll cover two of the most recent toolkits that have been seeing wide usage. Learn a little about the people behind the attacks, where the attacks are coming from and what you might expect to see in the near future. You might be a bit surprised at where a lot of the traffic is coming from (hint: it’s closer than you think).
Kai Roer, Creator of the Security Culture Framework
In this webinar I will discuss what security culture is, where it belongs in the organisation, and how good security culture can reduce the likelihood of being breached. I will point to research on culture, human behaviours, and how to motivate people to do the right thing.
A traditional penetration test is a snapshot of vulnerabilities for an environment that is in constant flux. The snapshot may also be an incomplete picture, addressing only a portion of a more complex system. To give a view of real business risk, can we link the vulnerabilities to real-world threats and, more importantly, vice versa? Wouldn’t it be better to start with the threats and work forward down the kill chain to the target? How feasible is it to take up-to-date threat intelligence and use that to scope our penetration tests? Peter Wood will try to answer these questions and provide a strategy better suited to today’s attacks.
Ben Wilson, Senior Director, Product Management, Fortinet
Wireless is now the expected medium of choice for network users. Delivering it successfully can be a challenge especially with multiple different approaches and architectures available. What is right for your organisation? Cloud? Controller? How is it all secured?
This session will discuss 3 main Wi-Fi architecture types, their different advantages, the wired edge, and how to secure it all. Importantly, we will finish with what to consider when making the right choice for your needs.
Darren Argyle, Global Chief Information Security Officer (CISO) for Markit
The use of third parties is unavoidable in today’s global economy. The growing use of third party suppliers and business partners, whilst bringing significant business advantages, also exposes organisations to substantial risk, such as financial loss, reputational damage, regulatory prosecution and fines from major breaches of security. In the last few years we’ve witnessed many of these risks being realised; examples have included major breaches of security and costs to recover escalating into millions of dollars, as a result of the third party supplier being comprised. Changes in regulation, the evolving threat landscape and policy changes globally further complicate matters, generating further risk and expense for business.
Despite considerable efforts from many industries to address these issues, it remains difficult to manage. As well as the risks described, companies perceived as the ‘weakest link’ in the supply chain could end up not having third party contracts renewed. These challenges are discussed in more detail, and some suggestions put forward to help tackle the increasing burden on teams and risk mitigation strategies.
How can companies effectively measure their company’s risk of a data breach? What security metrics are most important when it comes to determining breach risk? How do different types of security compromises, whether botnet infections or brand name SSL vulnerabilities, contribute to an organization’s risk profile? Can you aggregate data to create high-level ratings to measure and report on cybersecurity risk?
Join BitSight’s Chief Technology Officer Stephen Boyer and Senior Data Scientist Jay Jacobs to get these questions answered - and more. This data driven webinar will highlight the extensive analysis that the BitSight Data Science team undertakes to make security signals into concrete risk mitigation actions. Perhaps most importantly, the speakers will give guidance on how security and risk professionals at every level - from the board room to the server room - can drive positive change throughout their organizations.
A recent Forrester Consulting survey revealed that while organizations initially rated all Next Generation Firewall features as high priority during evaluation, only two features were actually used in more than 50% of deployments. Respondents cited configuration challenges, too much noise and slowdown in performance as the primary reasons for using fewer features. In this webcast we will discuss how to get full value out of a next generation firewall:
· Finding an effective, accurate and extensible set of NGFW security features
· Defining, configuring and validating an appropriate set of NGFW policies
· Assessing actual performance of NGFWs
· Monitoring NGFWs on a regular basis
· Responding to the inevitable incident with your NGFW
You're invited to join us on Thursday, Nov. 19, to be among the first to see how ThreatSecure Network, which detects advanced threats and network anomalous behavior, is integrating with Splunk to make powerful big data capabilities a reality for your security team.
The webinar will demonstrate how this integration will enable teams to:
· Decrease the time of incident detection and reporting
· Analyze data and make informed decisions on threat severity via a single interface
· Demonstrate and determine the impact of malware across the network
Richard Sherrard, director of product management, Rogue Wave Software
It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely.
Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016.
In this webinar you’ll learn how to:
-Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts
-Implement controls on OSS usage at your organization
-Create a multitier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis
Barry Fisher, Sr. Product Marketing Manager, Bobby Guhasarkar, Director or Product Marketing
We know that “What happens in Vegas, stays in Vegas” is not a winning network security strategy. Yet how would you know what happens on the Internet when your employees are off the corporate network? If you’re thinking VPN? Think again. Why would employees VPN when they’re working in Office 365 or Google Docs?
We need visibility everywhere. It is the foundation for security. We also need consistent enforcement of our policies and protections. But we’ve lost both these days, now that employees work anywhere, anytime.
OpenDNS Umbrella restores visibility and enforcement easier than any other solution.
Unlike VPN’ing, we do not add latency, hog memory, or burden the end-user.
Unlike endpoint protections, we block threats before the first victim is hit.
Patrick Foxhoven, VP & CTO of Emerging Technologies, Zscaler, Inc.
The holiday season is approaching and for cyber criminals, this period is typically a feeding frenzy to hunt and exploit vulnerable businesses and employees. The statistics are staggering:
– 64% of organizations report an increase in cyber-crime on cyber Monday*
– 30 million malicious tweets are sent daily*
– Phishing links skyrocket by around 336% during Thanksgiving**
– Organizations get hit with losses of about $500k per hour when compromised***
The overall cost to an organization, including damages to reputation and brand, can be as high as $3.4M per hour. And yet, only 70% of companies take extra precautions in anticipation of these higher risks.*** How confident are you that your employees will not be used as a Trojan horse to compromise more sensitive company information?
Join Patrick Foxhoven, VP & CTO of Emerging Technologies, Zscaler, Inc., for a compelling webcast that will address:
– 5 key ways cyber criminals will target your employees and infiltrate your organization
– Key insights into holiday activity from Zscaler’s Security-as-Service platform
– Tell-tale signs that you have been compromised
– Guidelines and best practices to stay safe this holiday period
*Inc. - How Hackers Will Attack on Cyber Monday
**Huffington Post Tech - Five Ways You'll Be Hacked on Cyber Monday
***Computer Business Review - Cyber Monday attacks could cost organizations up to $3.4m per hour
Araldo Menegon Vice President & Global Managing Director, Financial Services Fortinet & Johna Till Johnson CEO, Nemertes
Enterprise architects sometimes shy away from internally segmentation data centers out of concerns over performance and agility. But implementing internal segmentation need not involve a performance hit. Learn how to approach internal segmentation, including how to avoid the most common pitfalls, and how to integrate segmentation into your broader security strategy. And most of all, learn why you can’t afford not to segment: the benefits it provides in terms of control, compliance, and protection.
Itsik Mantin, Director of Security Research, Imperva
Organizations of all sizes face a universal security threat from today’s organized hacking industry. Why? Hackers have decreased costs and expanded their reach with tools and technologies that allow for automated attacks against Web applications.
This webinar will detail key insights from the Imperva Application Defense Center annual Web Application Attack Report. Attend this webinar for an in-depth view of the threat landscape for the year. We will:
- Discuss hacking trends and shifts
- Provide breach analysis by geography, industry and attack type
- Detail next steps for improved security controls and risk management processes
Christopher Kissel, Industry Analyst at Frost & Sullivan & Seth Goldhammer, Sr. Product Management Director at LogRhythm
The stakes have never been higher as businesses attempt to protect their assets from a barrage of threats that continue to grow in frequency and sophistication. These efforts have traditionally centered on perimeter-based cyber defenses. Intrusion detection and prevention systems (IDS/IPS), antivirus (AV), firewalls, next generation firewalls (NGFW), unified threat management (UTM) platforms, and vulnerability management (VM) are among the technologies used (and needed) to stop miscreants from entering the network.
However, even the most advanced cyber security teams acknowledge that user accounts, systems and networks WILL be compromised, regardless of the prevention measure in place. It’s amidst this reality that organizations are exploring new, more effective ways to detect and respond when the inevitable occurs.
In this webinar we will explore how unified security intelligence is empowering organizations to accelerate their mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) to compromises and avoid material breaches. Chris Kissel, industry analyst from Frost & Sullivan will start with a quick update on the state of SIEM and how next-gen SIEM has evolved to deliver true security intelligence through a number of new capabilities including behavioral analytics, network and endpoint monitoring and analytics, as well as advanced search capabilities.
Attend this webinar if you:
-Are seeking to reduce your organizations meantime-to-detect (MTTR) and meantime-to-respond (MTTR) to cyber threats
-Struggle to find the needle in the haystack of security events
-Believe your current incident response process lacks adequate automation and efficiency
-You have a first-gen SIEM platform deployed and are frustrated by its complexity or feel that you still have significant blind spots
Heidi Shey, Senior Analyst, Forrester Research; Bill Bradley, Director of Product Marketing, Digital Guardian
Data protection has reemerged as a top solution to the increasing number of data breaches. But how do you persuade your leadership team to adopt a new security technology? Join Forrester Research and Digital Guardian as they discuss the steps to build a business case for data protection, where to gain allies throughout the organization, and how to effectively communicate your business case.
Watch this webcast to learn:
· How to establish the success factors for a data protection program
· How to quantify the top line and bottom line benefits of data protection
· Who in the organization, aside from the usual suspects, to get on board early in the project timeline
Rob Sobers & Michael Buckbee - Engineers Masquerading as Marketers
With Varonis DatAnywhere, you can give your employees secure remote access while leveraging your existing storage infrastructure, permissions, and Active Directory.
Join this FREE webinar where we’ll discuss:
The risks of trusting corporate data on a 3rd party cloud server
Methods you can use to detect and block cloud use on your network
How to give employees mobile device access and file-sync that:
Uses your existing infrastructure
Keeps data on your file servers
Enforces existing permissions (e.g. NTFS and AD)
Tyler Moffitt, Webroot Senior Threat Research Analyst
2015 has been a huge year for malware. Learn about highlights and revelations from Black Hat 2015, specifically how the windows software update services can be hacked, the future of biometrics, and the progress of scams and other victim-initiated payments like ransomware.
We will also discuss the spikes we've seen from phishing attacks this year and what it means for an end user.
The enterprise-computing environment is rapidly transitioning to support an increasing demand for unmanaged mobile devices, remote workers, partners, and vendors to easily access corporate resources. With resources distributed in "the cloud,” traditional enterprise authentication methods are not effective for unmanaged devices, and passwords alone are insufficient as a security access control.
Meanwhile, consumer-facing businesses are using device intelligence to implement strong authentication technologies without adding challenges to the user. Leveraging the same intelligence used to fight credit card fraud, account takeover and other fraudulent behaviors across the globe, iovation's device intelligence empowers organizations to make adaptive, real-time decisions using risk context, including:
Has this device already been explicitly authorized for this account on a previous visit?
Has this device been associated with cyber criminal activity or linked to other devices or users that have been?
Is this device exhibiting anomalous behavior or other risk indicators that suggest the use of evasion techniques or existence of malware?
Learn how to implement strong 2-factor authentication methods without giving your employees, partners, and vendors a poor user experience.
Once a user has been granted the permissions to access data and applications, how can we close the loopholes that may allow the user to access data in an inappropriate manner or ignore policy? Using today's ABAC (Attribute Based Access Control) standards, you can programmatically and systematically close the lid to Pandora's box and ensure accesses are only occurring where and when they should by an authorized user. We'll discuss ways to use existing technologies to close the gap between password management, identity access management and application based policies to control all access.
Your Resource for Information Security Trends & Education
With over 200,000 members, the Information Security Community is the largest community of infosec professionals in the industry. Let's build a network that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, marketing ... or using information security solutions - this group is for you. Covered topics include compliance, encryption, anti-virus, malware, cloud security, data protection, hacking, network security, virtualization, and more.