Advanced Malware Communications: What Every Security Professional Should Know
During the course of 2012, FireEye monitored hundreds of thousands of infected enterprise hosts, intercepting millions of callbacks. By capturing details of both advanced and more generic malware attacks and monitoring callback activity, a great deal can be learned about an attacker’s intentions, interests and geographic location. This talk will detail:
- How does malware typically operate?
- Why do traditional defenses fail to stop advanced attacks?
- Which verticals and countries are prime targets?
- What are typical attacker tools, such as RATs, used in malware attacks?
- What strategies do leading enterprises use to mitigate the threat of malware?
RecordedApr 17 201348 mins
Your place is confirmed, we'll send you email reminders
As organizations continue to ramp-up their migration to cloud-based environments, they will need to account for the associated security and control risks. There are hidden dangers and blind spots that arise through the use of virtualization technology in the data center. These hidden dangers and blind spots become more prevalent as business-critical applications are increasingly deployed on the public cloud. This is a problem considering that an organization’s operations are dependent on a cloud environment that inherently has a huge visibility gap.
Many are now making the necessary changes to keep data secure in the cloud. This talk will focus on how to pragmatically accomplish cloud security through increased emphasis on cloud network visibility and cloud access security brokers. Enterprises that can properly implement appropriate cloud network visibility and cloud access security brokers will experience a third fewer security failures. Learn about practical steps and tools that you can use for accomplishing cloud security in your organization.
While autonomous driverless cars are still a work-in-progress connected cars and the IoT are becoming the norm. Whether that relates to communications infrastructure, on-board services for vehicle management, or mobile device connectivity, more and more new cars come equipped as standard with some sort of "connected" element. Typically the cost of new technology is in the buying price, but with modern cars it could be insurance hikes, loss of privacy, or even loss of life.
Ken Munro, Partner and Security Consultant and Pen Test Partners, breaks down the key technologies and examines the security implications for drivers, insurers and manufactures alike.
Viewers will learn about:
- The attack surface that a connected car presents
- What those attacks look like
- The implications for everyday drivers
- What manufacturers need to be doing
Oliver Pinson-Roxburgh, EMEA Director of Solutions Architecture
Europe’s General Data Protection Regulation (GDPR) will come into effect on 25th May 2018, leaving all organisations that process the data of EU residents with less than 18 months to meet the stringent requirements of the regulation. Organisations must implement a cloud security strategy that supports compliance and minimises their organisation’s exposure to the new breach notification requirements and financial penalties, as high as 20 million Euros or 4% of total annual turnover.
Still figuring out how your organisation is going to comply? What actionable steps you should be taking today? Look no further. Join Oliver Pinson-Roxburgh, EMEA Technical Director from Alert Logic for an in-depth discussion about GDPR, highlights include:
- Cutting through the ambiguity and focusing on the key cloud security considerations
- Data breach responsibilities and what that means to your organisation
- What is the role and expectation of your cloud provider when it comes to GDPR
- Insight into real-life case studies
Register for this must-attend webinar as we provide you with a way to help reduce risk and keep the regulators happy.
New threats and new defenses constantly challenge the rules for managing security across third party cloud services. In this webcast, you will learn 7 strategies for how to structure and adapt the complex commercial agreements to assure both vendors and customers new risks are being controlled.
Hassham Idris, Cyber Security GRC, ISMS and Program Delivery Expert
The snowballing complexity of the business and technology risks, introduction of new regulations and ever increasing compliance requirements have made it vital for every enterprise to set up a proficient Governance, Risk and Compliance (GRC) framework.
This webinar will emphasise on the essential GRC elements that organizations must adopt in order to protection business critical assets and exploit new opportunities with confidence.
Contrary to the fear around malicious insiders and external hackers, the Information Commissioner's Office recently reported that the most common data security incidents reported to them are all due to inadvertent human error (incidents like misaddressed emails and laptops being left on trains).
In the face of game-changing regulatory changes like GDPR, it's crucial that information security and data protection professionals prioritise addressing the most prevalent risks first, not the ones that appear the scariest.
This webinar is ideal for any security professionals looking to understand the regulatory and data protection landscape; reduce vulnerabilities; respond to threats more effectively and remediate breaches more effectively.
Jay Coley, Sr. Director Security Strategy and Planning EMEA, Akamai Technologies
With DDoS cyber attacks rapidly increasing in both size and speed, as well as attacks that are crafted for a specific application or service, it’s never been so critical to ensure your basic availability is sound. Mitigation services can no longer be ‘one size fits all’. Organisations now need a tailored platform for the specific application or service to ensure 100% availability. Without availability ensured then other security overlays are meaningless.
This webinar will look at attack trends and case studies and provide top tips on how to stay ‘always on’ in the face of cyber attacks.
Professor Michael Mainelli, FCCA FCSI FBCS (Z/Yen Group Limited)
Mutual distributed ledger (MDL) identity schemes could empower people with personal data storage and management, permission frameworks for access by third parties such as banks insurers or governments, and even distributed reputation ratings.
Such applications could reduce financial fraud, costs, and crime, and increase returns, confidence, and security. MDLs are uniquely supportive of controlled distribution and sharing of digitally-signed documentation and could form the backbone to identity and authentication systems worldwide. In fact, some claim that identity authentication infrastructure is the ‘killer app’ for MDLs rather than payments.
While anti-money-laundering/know-your-customer/ultimate-beneficial-ownership processes are arduous for high-net-worth individuals, about 2.4 billion poor people worldwide lack official identification, about 1.5 billion over the age of 14.
This webinar will examine how MDLs might aid both rich and poor.
Third-party website resources and code play an integral role in the online economy. They enable interactive sites that allow people to transact with their banks; shop online, watch movies or television, share photos, videos, documents and much more. Unfortunately, these resources also represent exploitable infrastructure that sits outside the control of an organisation's IT security team. As a result third party web components have become fertile ground for launching attacks and distributing malware. Addressing this challenge requires looking at security from a new perspective.
In this webinar we will explore the different kinds of third party code that organisations host on their sites along with their security implications. We’ll show how an outside-in approach to security can provide the controls organisations require while at the same time protecting their customers and employees.
Aurélie Perez, Senior Security Consultant at Orange Cyberdefense
Are cybercriminals using the dark web to buy and sell your customer and employee data, intellectual property and malware? Highly specialist expertise, big data tools and Artificial Intelligence are essential to detect and mitigate the threats to your enterprise.
Learn about the techniques used to:
• Conduct undercover surveillance on the dark web to discover mentions of your industry, brand, and data
• Find data from a security breach at your enterprise
• Stop stolen user account credentials from being used to breach trusted systems
• Track emerging exploit kits and vulnerabilities
Mainstream search engines are unable to penetrate and index these hidden parts of the Internet. Access to sites is often restricted to cybercriminals who are recommended by a current member. Meanwhile, the cost of cybercrime is forecast to hit $6 trillion annually by 2021 according to Cybersecurity Ventures. It’s an issue that can’t be ignored.
Ross Brewer, VP & MD, LogRhythm & Josh Downs, Community Manager, BrightTALK
Research shows that 76% of companies suffered a data breach in 2016, so it’s now almost inevitable that hackers will gain access to your company and your sensitive data.
Security professionals are now looking to deal with breaches faster, to keep their company off the front page and with heavy GDPR fines on the horizon, they’re wise to do so…
Organisations are fearful of damaging data breaches but unsure of the best course of action to protect themselves from major cyber incidents. Whilst a large per cent of businesses focus on building up perimeter defences, not enough are concentrating on monitoring their own network for the best chance to detect threats and mitigate them before significant damage is done.
Tune into this in-depth one-on-one interview to learn:
- More about the threatscape and the dangers to your organisation
- The influence that GDPR will have and steps you need to take
John Kindervag, Vice President and Principal Analyst at Forrester
The rising tide of successful cyberattacks against organizations has made it clear that traditional approaches for defining trust levels, stopping lateral movement and enforcing advanced security controls within a data center are no longer effective. The Zero Trust approach advocated by Forrester provides guiding principles for achieving a robust and secure data center security architectures. However, choice of the security platform, design considerations and effective use of advanced security capabilities play a crucial role in implementing a successful Zero Trust enabled data center.
In this webinar, guest speaker John Kindervag, Vice President and Principal Analyst at Forrester will talk about the steps to achieving a Zero Trust data center.
Topics covered in this webinar will include:
- 5 Steps to achieving Zero Trust enabled data centers.
- Extending Zero Trust design principles across hybrid cloud deployments
- Security policy considerations and guidelines for implementing Zero Trust enabled data centers.
The National Credit Union Administration (NCUA) requires every credit union to protect their members’ personal, private data. But with a host of mandates and a range of technology options, where should credit union IT administrators begin? Encryption and key management can address a number of the requirements set out in these guidelines. Together they can help credit unions become compliant and can keep customer data safe.
Join our live webinar "Navigating the National Credit Union Administration (NCUA) Privacy Guidelines:
Securing Customer Records with Encryption and Key Management" on February 7th to learn about:
•Which specific guidelines concern customer information at rest and in transit
•How encryption and key management addresses these requirements
•The benefits of a centralized encryption management
Josh Downs, BrightTALK (moderator); Dan Webb, James Brown, Oliver Pinson-Roxburgh & David Howorth, Alert Logic
Digital transformation is changing the business landscape for every organisation, with the way new technologies can unlock competitive advantage, enable efficiently, agility and enhance customer experiences. The cloud is where this innovation is happening and enabling this transformation, but when you take advantage of its possibilities, it’s crucial that you secure your cloud applications and workloads.
If you’re building applications or migrating workloads to the cloud, you’re probably like most organisations – trying to determine what security controls are needed, and how to integrate workload security without slowing down innovation or needing to add dedicated security staff – which these days is harder to find and more expensive to keep.
During this panel discussion you will hear from industry experts as they discuss what steps and considerations should be taken when moving to any cloud. Where are the responsibilities of security and how do you maintain visibility and control over your data, including:
- Why when moving business critical applications to the cloud you require a different approach to security?
- Best Practices for minimizing risk in your cloud adoption
- Filling the Cloud Security IT Skills Gap
- Managing the Challenges of the Cloud under EU GDPR
Your Resource for Information Security Trends & Education
With over 280,000 members, the Information Security Community is the largest community of cybersecurity professionals in the industry. Let's build a network that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, marketing ... or using information security solutions - this group is for you. Covered topics include compliance, encryption, anti-virus, malware, cloud security, data protection, hacking, network security, virtualization, and more.
Advanced Malware Communications: What Every Security Professional Should KnowAli Mesdaq, Sr. Security Researcher; Rob Rachwald, Sr. Director of Market Research, FireEye[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]47 mins