Understanding Vulnerabilities to Better Mitigate Threats

Steve Povolny, Senior Security Researcher, HP DVLabs
Vulnerabilities that exist in today’s commercial and custom software are the primary target for attackers. The most severe of these vulnerabilities are those that can result in remote code execution – that is an attacker can take complete control of another system for the purposes of stealing information, defacing property or just causing trouble. In this session, Brian Gorenc, will demonstrate how to analyze a vulnerability and the steps required to weaponize it. Centering on a vulnerability in a Microsoft application, the demo will show you how an attacker can quickly move from proof-of-concept to remote code execution. The discussion will also include thoughts on mitigation strategies for reducing risk.
Jun 21 2012
45 mins
Understanding Vulnerabilities to Better Mitigate Threats
  • Channel
  • Channel profile
Up Down
  • The Security of Big Data: An Enterprise Perspective Apr 17 2014 3:00 pm UTC 45 mins
    Everyone knows that there are risks associated with moving enterprise data to a Cloud and everyone knows the huge potential that the analytics of Big Data can bring especially when using the Cloud, but what happens when these two converge.

    The presentation will discuss some of the security and privacy challenges associated with Big Data in the Cloud and will present a number of key initiatives that the ODCA have done to support enterprises that wish to take this step.
  • Building Your Backup and Recovery Checklist Apr 16 2014 5:00 pm UTC 60 mins
    Join backup and recovery experts to find out how to build your backup and recovery requirements checklist. By the end of this session, you’ll learn how you can:

    -Cut storage requirements by up to 80%
    -Save on storage costs and performance hits to your network.
    -Leverage near-instant recovery technology for protected virtual machines or servers.
    -Automate application-aware backups and testing for data corruption.
  • The Cybersecurity Framework is here, now what? Apr 16 2014 5:00 pm UTC 60 mins
    Now that NIST has published Version 1.0 of the Framework for Improving Critical Infrastructure Cybersecurity, the long awaited CSF, what are the implications for companies? How can the CSF help your business improve its defenses? Cameron camp investigates.
  • Beyond attack signatures: Leveraging realtime analytics to pinpoint threats Apr 16 2014 4:00 pm UTC 45 mins
    Today’s security event monitoring and correlation tools are under enormous pressure. Security Analysts are inundated with data, but rather than being given insight, it is more difficult than ever to sort through and locate the real events that need attention. The next generation of security tools purports to process much larger and a greater variety of data sets, run deep-dive analytics in real-time, and rely more on intelligence than attack signatures. But what does this actually mean?

    How do I collect the right data?
    What kinds of new detections can I do?
    How do I get enough context to overcome false positives?
    How do I automate more of my security intelligence, or the intelligence of others?
    What should I look for in a solution?
    How is this different from my SIEM, IDS/IDS, and Advance Malware Detection products?

    These, and other questions, will be addressed to shed light on what has quickly become a market space of tremendous promise, but currently shrouded in confusion.
  • Re-defining Network Security Performance: Beyond Just Firewalls Apr 16 2014 3:00 pm UTC 60 mins
    Today’s IT professionals need security firewalls that do more than just packet filtering and stateful inspection. It’s critical that network pros redefine which metrics will actually ensure their security solutions will not be a performance bottleneck. This webinar digs into today’s firewall solutions, exploring their capabilities and providing pointers for selecting the solution that best meets IT security and performance requirements.

    What You Will Learn
    Why packet filtering and IPS aren’t the only performance metrics that matter
    The performance impact of running multiple security services
    How to select in-line security products that meet today’s multi-function security needs
  • How do you find a needle in a haystack? Uncover Big Data Security Analytics Recorded: Apr 15 2014 38 mins
    Advanced targeted cyber attacks have hit some of the world’s largest businesses. The attacks weren't blocked because they don’t match any known attack signature. Each one is unique, custom created to penetrate the target network and steal data.

    A new video featuring Gartner Distinguished Analyst, Neil MacDonald, and HP’s Eric Schou, explains how Big Data Security Analytics can help find and block targeted cyber attacks. View it to learn:

    How advanced targeted cyber attacks are different from traditional threats
    How Big Data techniques can spot attacks when traditional defenses fall short
    What you should be doing now to take advantage of Big Data Security Analytics
  • Using SIEM and Big Data to detect invisible threats Recorded: Apr 10 2014 51 mins
    The alarming rise of advanced persistent threats (APTs) makes security analytics around Big Data an imperative. In light of the challenges of converting Big Data into actionable information with first generation SIEMs, security professionals have become skeptical about the ability to use SIEM beyond compliance needs. Yet, today’s advanced SIEM technology takes threat detection, understanding and response to a whole new level. Join us to learn how to use next generation SIEM technology to specifically detect security threats within an ocean of Big Data. Discover how the latest technologies in security analytics such as the quad-correlation methods of rules, statistics, risk, and history can help your organization execute SIEM best practices in detection with intelligence, integration, and ease.
  • Intro to Box Recorded: Apr 9 2014 29 mins
    Join us for our Intro to Box series, a monthly discussion of the latest in the world of enterprise IT, content collaboration, cloud technology, and Box. We'll cover an overview of Box, how businesses like yours are changing the way they work with Box and other cloud technologies, and walk through a demo of the latest and greatest in the product. The sessions will be led by Box product experts, and you might even get a guest appearance from one of our fearless leaders.
  • Panel: In Search of Usable Network Security Recorded: Apr 9 2014 61 mins
    The Internet, as a communication medium, has been evolving. This evolution, unfortunately, has brought with it growth in Internet-based attacks, and corresponding growth in security technologies to fight these attacks. But, with this growth in security technologies, unintended complexity for security professionals has intensified. Join our roundtable as we endeavor to identify the factors contributing to security management complexity and how enhanced manageability tools can help.
  • Proactive Protection through Real Time Intelligence Recorded: Apr 9 2014 29 mins
    Outdated security approaches and stagnant, inaccurate data put your users at risk from today’s sophisticated cyber-attacks. Join us to learn about Webroot BrightCloud Security Services, and discover why companies such as RSA, F5, and Cisco have incorporated them into their solutions. We will also demonstrate how Webroot correlates disparate data on IPs, URLs, Files and Apps to provide highly accurate, next generation threat intelligence that enables our partners to proactively combat today’s advanced, and even previously unknown, threats in real time.
  • Big Data = Big Problems Recorded: Apr 9 2014 49 mins
    Big data has gone beyond a buzzword for businesses and is rapidly becoming embedded in the way organisations operate and make decisions. Highlighted as one of the key areas for attention in the latest ISF Threat Horizon 2016 report, Big data analytics can also mislead when decisions are based on faulty, skewed, incomplete or poorly analysed data sets, resulting in missed opportunities as organisations enter the wrong markets, or enter the right markets with the wrong products. It’s also possible that the same data sets can lead to different conclusions in different parts of the world as a result of cultural bias. Further complicating matters, attackers will target data analytics tools to ensure decisions are skewed.

    This webcast will look at the implied threats to Big Data and offer ways of communicating the challenge of effective Big Data analysis and decision making to senior management.
  • Cyber Crime and the Insider Threats in Data Security Recorded: Apr 8 2014 48 mins
    Whether driven by opportunism, greed, a desire for revenge, or a combination of all three, company insiders exploit their positions of trust to obtain access to their organization’s most valued digital assets. Moles, opportunists, contractors, disgruntled employees, and ex-IT personnel—all currently pose a greater risk to corporate intellectual property than state-sponsored hacking and APTs, both in frequency and in damage caused. Hear from Kroll Managing Director Jonathan Fairtlough about the challenges related to insider investigations, and how policies and proof-points can be implemented to lessen the chances of insider-driven data damage.
  • 7 habits of highly *ineffective* Big Data security Recorded: Apr 8 2014 57 mins
    It’s an inconvenient truth that proven and well-understood data security methods were designed to work with relational database management systems. Over the decades, certain habits became second nature to security-minded IT professionals. But many of these habits are now fundamentally incompatible with Big Data/NoSQL environments.

    This presentation will walk you through the data security implications of key differences between NoSQL and relational databases. You’ll leave the session knowing:
    signs that Big Data/NoSQL may be coming to your organization
    7 security habits that expose Big Data to a breach...or cause major delays/rework
    how early adopters are making new security habits in the era of Big Data
  • Understanding Software Vulnerabilities Recorded: Apr 8 2014 33 mins
    Thousands of vulnerabilities are disclosed every year, by vendors/researchers discovering software vulnerabilities for remediation and security, as well as by cybercriminals seeking vulnerabilities to sell or exploit.

    Relaying the right threat intelligence to the right stakeholders and initiating the right threat response is a challenging task for security professionals, more so now because enterprise environments have become complex hotbeds of new technologies, business models and ways of storing/sharing information.

    This webinar deconstructs software vulnerabilities, shows how they relate to the wider ecosystem and demonstrates how this knowledge can be used to define strategies and improve security.

    Key takeaways:

    - The impact of software vulnerabilities on organizations
    - The importance of vulnerability research for the overall security of individuals and organizations
    - The importance of trusted sources for vulnerability information
  • Big Data Security Demystified Recorded: Apr 8 2014 48 mins
    The presentation will discuss both the promises and challenges presented by big data analytics to information security. To help take advantage of the former without the penalty of the latter, we will learn about the building blocks of a big data security solution and explore the most cost-effective uses of big data analytics to enhance security.
  • Cyberskills Shortage: Where is the cyber workforce of tomorrow? Recorded: Apr 2 2014 59 mins
    Numerous studies show a serious shortage of qualified people to fill the cyber jobs of today, particularly those that require security knowledge and skills. Stephen Cobb looks at the implications and the steps being taken to improve cyber education and training.
  • Cybersecurity Evolution: What’s Hype and What’s Not Recorded: Mar 28 2014 48 mins
    Using the latest research and their own best practices, ThreatTrack Security will walk you through the latest security trends and predictions for upcoming threats in 2014. We will discuss real threats and solutions and talk about what turned out to be just speculation.
  • Who is Protecting Consumers from Cyberattack and Who's Not? Recorded: Mar 28 2014 40 mins
    Agari's quarterly TrustIndex Report analyzes the email security practices of 131 companies across 11 industries to determine who is at the highest risk for cyberattack and who is taking action to prevent attacks and protect consumers. Join Patrick Peterson, former Cisco cybercrime research fellow and Founder & CEO of Agari, as he talks through key findings from the Q4 2013 Report. Here's a sneak peek - did you know that Health Care is riskier than any other sector? Could you guess that you are safer clicking on emails from your favorite etailer than your favorite retailer? Register to learn more.
  • Windows XP: A Feast for Cyber Attackers? Recorded: Mar 28 2014 49 mins
    Get to know the impact of legacy systems on the security in the organisations.

    Come April 2014, Microsoft will stop releasing patches and bug fixes for Windows XP—which means the operating system will be more vulnerable to security risks and viruses. For organisations not ready to move away from Windows XP, there are key questions and implications they have to face:

    1.How will Windows XP hold up against cyber-attacks and viruses
    2.How much more vulnerable will the Windows XP systems be?
    3.Should organizations be worried if there are only a small group Windows XP installations?
    4.What if the other security controls are tight?

    Join us to understand these issues at our live webinar "Windows XP: A Feast for Cyber Attackers?" on Friday, 28 March 2014.

    In this session, Vivek Chudgar, Director of Mandiant Security Consulting Services, will explore these questions with you, and explain the options available should one choose to continue with Windows XP after April 2014.
    This session is open to both technical managers and business professionals interested to understand the impact of legacy systems on the overall security of the organisation environment.

    Register now for this webinar.
  • So, You Want to be a Computer Security Consultant Recorded: Mar 27 2014 49 mins
    This webinar will review the things that are missing in many of the people who want to become a computer security consultant. Many people start off at the Application Layer (layer 7), in this webinar we will discuss the importance of establishing a solid security foundation; we will look at the three main components to build this foundation. Those are:
    During the webinar we will discuss mastering the power of the command line and the importance of understanding the traffic at the lowest level … the packet! We will also look at some simple but important protocol analysis techniques.
    The webinar is an introduction to the Core Concepts course that was developed to provide those entering the fascinating world of computer security consulting, a foundation prior to embarking on this journey. The more solid foundation of skills you have the better you will be prepared as a consultant or security professional.
Your Resource for Information Security Trends & Education
With over 200,000 members, the Information Security Community is the largest community of infosec professionals in the industry. Let's build a network that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, marketing ... or using information security solutions - this group is for you. Covered topics include compliance, encryption, anti-virus, malware, cloud security, data protection, hacking, network security, virtualization, and more.
Try a powerful marketing platform for your videos and webinars. Learn more  >

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Understanding Vulnerabilities to Better Mitigate Threats
  • Live at: Jun 21 2012 9:00 pm
  • Presented by: Steve Povolny, Senior Security Researcher, HP DVLabs
  • From:
Your email has been sent.
or close
You must be logged in to email this