Then and Now – Securing the 3 Most Common Threat Vectors
Signature based antivirus is failing. Due to the sheer volume of malware, traditional endpoint solutions are getting bigger, clogging down systems and are ultimately ineffective against today’s threats. This presentation focuses on the three vectors of vulnerability that companies must diligently secure: Traditional Endpoints, Mobile Endpoints, and Web access. These are the arenas in which malware authors look to expose and attack, stealing personal information, monetary assets and other intellectual property. We will demonstrate how Webroot's common underlying technology platform, the Webroot Intelligence Network, which leverages cloud collective intelligence can make real-time behavioral determinations and deliver real-time protection with unprecedented speed and accuracy.
RecordedOct 22 201345 mins
Your place is confirmed, we'll send you email reminders
Governments continue to try to regulate cyberspace, often with little effective impact. Security professionals struggle to design and operate infrastructure that will comply with rules written with Semantically Intentional Ambiguous Meaning (SIAM). Learn from the classrooms of one of the world's great universities the new methods for navigating those challenges and putting in place rules that are effective for managing infrastructure.
Candid Wueest, Principal Threat Researcher, Symantec
Financial institutions are increasingly facing attacks on multiple fronts.
Cyber criminals continue to target online banking using malware to hijack customer transactions and banking sessions. While there has been an overall drop in infections related to these consumer threats, financial institutions are now facing new types of attacks in the form of large-scale financial heists.
Attack groups such as Fin7 and Lazarus are deliberately targeting financial institutions in audacious attacks that are reaping large rewards. They are using living off the land and fileless attack tactics similar to APT groups. But also extortion with DDoS attacks or business email compromise (BEC) scams are increasingly bothering financial corporations.
In this webcast on the current financial threat landscape, Symantec takes a look at the most prevalent and significant financial threats.
In this webcast we will review:
- The top threats facing financial institutions with statistics and examples
- Explore the most common techniques employed in financial attacks
- Provide case studies of the most high-profile financial attacks of the past 12 months
Dynamic, volatile, innovative. Cloud security is all of these and more. How can cloud service vendors turn the constant parade of new threats into a continuing opportunity to increase customer loyalty? How can customers gain trust in their service vendors despite the parade? Learn how in this webcast.
Effective responses to modern IT risks requires a transition from cyber security to cyber defense. This presentation introduces analysis based on proven military tools to understand, assess, and defend against cyber-attack. See how Petya worked its way in, and how to defend against it. Take away valuable tools and frameworks to develop your defenses.
Griff is trained as a Canadian Infantry Officer and is a graduate of the Johnson-Shoyama Graduate School of Public Policy. After a two-year stint as a Strategic Policy Analyst at the Treasury Board Secretariat in Ottawa, he moved to London where he completed a Master’s Degree at the LSE. Unable to find “real” work, he got into software development as a Scrum Master, leading the development of a web based application. This experience fostered an interest in cybersecurity, and Griff went on to a boutique start-up providing application security to Fortune 500 companies. Frustrated by the disconnect between technologies and poor analysis within cyber security, Griff founded cyber defense firm Damrod Analysis in 2017. He is London based, where he and his wife are expecting their first child shortly.
What have we learned from 2017's biggest breaches and how will we deal with 2018's emerging threats? Attempting to look both backward and forward over the cyber landscape, Peter Wood will review lessons learned and apply them to the evolving threatscape.
As organizations continue to ramp-up their migration to cloud-based environments, they will need to account for the associated security and control risks. There are hidden dangers and blind spots that arise through the use of virtualization technology in the data center. These hidden dangers and blind spots become more prevalent as business-critical applications are increasingly deployed on the public cloud. This is a problem considering that an organization’s operations are dependent on a cloud environment that inherently has a huge visibility gap.
Many are now making the necessary changes to keep data secure in the cloud. This talk will focus on how to pragmatically accomplish cloud security through increased emphasis on cloud network visibility and cloud access security brokers. Enterprises that can properly implement appropriate cloud network visibility and cloud access security brokers will experience a third fewer security failures. Learn about practical steps and tools that you can use for accomplishing cloud security in your organization.
Cloud computing is an increasingly vital element of information security. It’s used to protect sensitive data; for identity and access management; for network security and to aid with incident response. However it’s not without it’s own set of risks and has been hit in the past with significant and newsworthy breaches.
Join this interactive Q&A panel with top cloud and security experts as they discuss the future of the cloud and considerations to take for protecting sensitive data when it's held in the Cloud.
Technology will underpin all aspects of modern society by 2019, profoundly impacting the way people live and work. Business leaders face a stark dilemma; should they rush to adopt new technology and risk major fallout if things go wrong; or wait and potentially lose ground to competitors. Organisations that are well informed about emerging technologies and corresponding threats will be best placed to make winning decisions.
In this webinar, Steve Durbin, Managing Director, ISF, will examine the threats that organisations will be dealing with over the next two years and will provide advice on the best ways of handling them.
If your processing and data is in the cloud, how can you deliver assurance, compliance and governance? How do you find the flaws and soft spots that criminals will exploit? From browser to database, through human factors and end points, this presentation will take a threat-based approach to securing the cloud.
Ahmed Banafa, Lecturer and IoT Expert, College of Engineering, San Jose State University
As the Internet of Things (IoT) adds more and more devices to the digital fold every day, organizations of all sizes are recognizing the IoT's potential to improve business processes and, ultimately, accelerate growth.
Meanwhile, the number and variety of IoT solutions has expanded exponentially, creating real challenges. Chief among them: the urgent need for a secure IoT model for performing common tasks such as sensing, processing, storing information, and communicating. But developing such a model involves overcoming numerous hurdles.
Of course, there are multiple ways of looking at the IoT. For instance, the system view divides the IoT into blocks, such as connected things, gateways, network services, and cloud services, while the business view consists of platform, connectivity, business model, and applications. But one common thread connects all these views: security is paramount
IoT applications and devices is the next wave of technology, but security is a big concern. This webinar will explain the convergence of IoT and Blockchain technology.
Lisa Forte, Cyber Protection Officer, South West Police Cyber Crime Unit
The South West Regional Cyber Crime Unit are involved in fighting cyber crime along with other national and international law enforcement agencies.
As such they see certain traits, methodologies and vulnerabilities over and over again. Lisa Forte, the Cyber Protect Officer for the Unit, will be explaining how businesses should adapt their thinking to "see what the hackers see" to better defend themselves against the threat she sees every day.
Lisa will also be talking about the importance of planning and war gaming out cyber attack scenarios. The businesses that have a plan are the businesses that survive to tell the tale. Lisa will be using real life cases that the Cyber Crime Unit have dealt with to highlight how quickly things can go wrong as well as providing some simple steps businesses can apply to reduce their vulnerability.
Lisa Forte is the Cyber Protection Officer for the South West Police Cyber Crime Unit. Her role involves helping businesses of all shapes and sizes defend against the ever growing cyber threat. Prior to working in the Cyber Crime Unit Lisa worked in intelligence for Counter Terrorism agencies in the UK.
Join this interactive webinar presentation with Bart Parys, Threat Intelligence Analyst at PwC to learn more about:
- The history of ransomware
- How it came to be, how it works and its purpose
- How you can protect yourself and your organisation from this threat.
This presentation will focus not only on technology, but also the human factor in ransomware protection.
About the Presenter
Bart is a lead researcher in PwC's cyber threat intelligence team, responsible for tracking cyber threat actors, their latest toolsets and methodologies. He has particular familiarity with ransomware, crimeware and any other malware and malware analysis in general.
Josh Downs, BrightTALK; David Cook, Eversheds Sutherland; Jonathan Wright, Commvault & Jason Kent, AsTech Consulting
- Protecting Data in the Age of Ransomware -
2017 was a bumper year for Ransomware; with WannaCry & notPetya grabbing headlines around the world and instilling fear in the hearts of security professionals around the globe.
With GDPR regulations on the horizon and potentially huge fines for badly protected and breached data, security professionals need to improve their defensive stature and ensure that their organisation's data is fully protected from end to end.
This roundtable discussion will discuss how to best protect your data so if it falls into the wrong hands, you won't end up on the front of the worlds' papers!
Topics for discussion:
- Why ransomware should still be top of your list of concerns in 2018
- Methods to protect your organisation's sensitive data
- Steps to take if your organisation does suffer a damaging breach
Craig Scoon, Consultant in the Risk Advisory Service at Deloitte
There are many challenges for data privacy legislation within a boundary-less cloud computing and World Wide Web environment. Despite its importance, there is limited research around data privacy law gaps and alignment, and the legal side of the security ecosystem seems to constantly be playing catch-up.
This research is supported by STRATUS (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud) (https://stratus.org.nz),
Ekta Mishra, Research Analyst of CSA and David Siah, Country Manager of TrendMicro Singapore
Cloud as the enabler of Internet of Things (IoT) and data analytics, the incorporation of cloud computing is critical for the successful implementation of these leading-edge technologies. Countries and organizations moving towards Industry 4.0 are highly dependent on cloud computing, as it is the basis for this revolutionary transition. However, complications and confusion arising from regulations (or lack thereof) surrounding cloud usage hinder cloud adoption.
During this webcast, we will discuss some of the findings from the CSA “State of Cloud Adoption in Asia Pacific (APAC) 2017” report and examine the availability and affordability of cloud computing in the APAC region.
Minatee Mishra, Software Architect & Lead of the Security Centre of Excellence, Philips HealthTech
Healthcare industry would be one of the major adopters of IoT. What are the security challenges of healthcare industry? How does IoT change the security equation in healthcare?
Minatee leads the Security Center of Excellence (ScoE) in Philips HealthTech and has been instrumental in setting up the SCoE within Philips. The SCoE , which is a central organization responsible for doing cutting edge work in the field of security testing, doing secure code analysis , finding the vulnerable components within the software and more. Minatee has been in the field of software for 18 years right from designing and architecting systems to securing in systems, She has a bachelors in electrical engineering from NIT and Masters from IIT Kharagpur. She holds CISSP, GCIH, CEH certifications. She has been a speaker at various forums/conferences like RSA, RISC, NullCon, BPM etc.
"Prepare, Respond, Assess" … "Prevent, Detect, Respond" … Security professionals are awash in a myriad of buzzwords triads and theoretical frameworks.
Let's look at a practical model that has tangible meaning for practitioners, based on the Attack Lifecycle, and encompassing modern security capabilities to drive the outcome of not suffering any business impact resulting from a breach.
We are excited to bring you an updated version of our hugely popular webinar, "Petya, notPetya or Goldeneye - The Lies, the Truth and What's Coming Next". Traditional ransomware, for the want of a better word, is boring and truthfully a fairly opportunistic way to make money. Guess what, criminal gangs don't believe in opportunistic attacks that may make them money. They want a certain assurance of success and importantly, they want big bucks.
Modern ransomware is going to be able to deliver this and more to anyone who can pay top dollar.
Join global CISO and cybersecurity expert, Amar Singh, as he shares his insights and experience on the murky world of cyber crime and ransomware and how you can be better prepared to manage this growing threat.
Fraud detection is a classic adversarial analytics challenge: As soon as an automated system successfully learns to stop one scheme, fraudsters move on to attack another way. Each scheme requires looking for different signals (i.e. features) to catch; is relatively rare (one in millions for finance or e-commerce); and may take months to investigate a single case (in healthcare or tax, for example) – making quality training data scarce.
This talk will cover a code walk-through, the key lessons learned while building such real-world software systems over the past few years. We'll look for fraud signals in public email datasets, using IPython and popular open-source libraries (scikit-learn, statsmodel, nltk, etc.) for data science and Apache Spark as the compute engine for scalable parallel processing.
David will iteratively build a machine-learned hybrid model – combining features from different data sources and algorithmic approaches, to catch diverse aspects of suspect behavior:
- Natural language processing: finding keywords in relevant context within unstructured text
- Statistical NLP: sentiment analysis via supervised machine learning
- Time series analysis: understanding daily/weekly cycles and changes in habitual behavior
- Graph analysis: finding actions outside the usual or expected network of people
- Heuristic rules: finding suspect actions based on past schemes or external datasets
- Topic modeling: highlighting use of keywords outside an expected context
- Anomaly detection: Fully unsupervised ranking of unusual behavior
Apache Spark is used to run these models at scale – in batch mode for model training and with Spark Streaming for production use. We’ll discuss the data model, computation, and feedback workflows, as well as some tools and libraries built on top of the open-source components to enable faster experimentation, optimization, and productization of the models.
Your Resource for Information Security Trends & Education
With over 280,000 members, the Information Security Community is the largest community of cybersecurity professionals in the industry. Let's build a network that connects people, opportunities, and ideas. If you are involved in purchasing, selling, designing, marketing ... or using information security solutions - this group is for you. Covered topics include compliance, encryption, anti-virus, malware, cloud security, data protection, hacking, network security, virtualization, and more.