Cómo evitar que la legislación retrase iniciativas empresariales
La adopción del software como servicio (SaaS por sus siglas en inglés) está avanzando mucho más rápido de lo esperado. Sin embargo, a medida que avanza la adopción del SaaS, las empresas se están dando cuenta de que deben también hacer frente a numerosas responsabilidades jurídicas y legislativas de cumplimiento con respecto a los datos. Estas responsabilidades representan un desafío, ya que no son fáciles de solucionar o, por otra parte, podrían ralentizar su adopción de aplicaciones SaaS y potencialmente también su capacidad de innovar.
• Cómo las empresas pueden sacar el máximo partido de las aplicaciones SaaS y, a la vez, cumplir con las complejas normativas referentes a los datos, sin que ello afecte la utilidad de la aplicación SaaS. También cómo proteger sus datos más confidenciales y beneficiarse de todas las ventajas de su aplicación SaaS sin entorpecer su funcionalidad, como por ejemplo, a la hora de buscar, organizar y reportar sus datos confidenciales.
• Diferentes métodos de ofuscación de datos como la “tokenización de los datos” y el “cifrado de los datos”; y los detalles para responder y demostrar su cumplimiento con las normativas referentes a los datos en los entornos SaaS.
• Si puede confiar en el cifrado de una aplicación de un proveedor de SaaS para cumplir con los requisitos normativos de su empresa relativos a los datos, concretamente cuando se cifran los datos únicamente estando almacenados. ¿Sabe cuáles son las implicaciones de implementar una administración de claves y quién controla las claves del cifrado?
RecordedNov 8 201660 mins
Your place is confirmed, we'll send you email reminders
In this week’s Cyber Security Brief podcast, we mark the one-year anniversary of the introduction of the General Data Protection Regulation – more commonly known as GDPR. To mark the introduction of GDPR, Brigid O’Gorman talks to Zoltan Precsenyi, Symantec’s director of GDPR strategy. We discuss the impact of the introduction of GDPR on companies and members of the public, whether or not the regulation is fulfilling its stated purpose, and the new data protection and privacy challenges that are likely to face companies in the future.
Failure is an essential component of success. Ask any “successful” person and, assuming they’re being honest, they’ll tell you it’s what they learned when things went wrong that proved most valuable of all. That and the grit to pick themselves up – and press on, year after year.
Whilst there are many lessons we have to learn ourselves, in an ideal world we’d be able to learn from someone else’s mistakes. This is especially useful in cyber security, where there’s millions, or even billions, at stake and breaches can have serious implications for national security.
The majority of the 3,000 security decision makers surveyed as part of this research, across three countries, would agree. More than half (51%) say failure is a critically important part of the process of improving cyber security measures.
Join Darren Thomson, EMEA CTO, Symantec, Dr Chris Brauer Goldsmiths University and Richard Brinson, CEO Savanti to find out how to turn disaster into success.
On this week’s Cyber Security Brief podcast, we chat about our report looking into the Internet Research Agency's disinformation campaign targeting the 2016 US presidential election. We also talk about the apparent retirement of the operators behind GandCrab, and red faces in both the New Zealand government and the Dutch Data Protection Authority.
On this week’s Cyber Security Brief podcast, it's episode 50! We discuss the EU’s bug bounty program, bad password security practice, and why “secure” websites are becomingly increasingly untrustworthy. We also chat about the start-up that hacked its own customers’ cryptocurrency wallets – in order to safeguard their funds, a further update on the RDP vulnerability we’ve discussed previously, and how the Spanish soccer league La Liga was misusing its mobile app. Finally, the story of how Radiohead called the bluff of a ransomware criminal.
Jon Oltsik, Sr. Analyst, ESG and Bob Shaker, Adam Glick and Steve Meckl from Symantec
Plagued by sophisticated threats, increasing workloads, and an ever-expanding attack surface, security teams are turning to Endpoint Detection & Response (EDR) tools and Managed Endpoint Detection and Response (MEDR) services.
Join ESG and Symantec as we discuss how organizations are using solutions to improve their threat detection and response efforts.
- Trends impacting threat detection efforts
- How organizations are using EDR and MEDR solutions
In this week’s Cyber Security Brief podcast, we discuss the drama that ensued when Samsung tweeted about scanning their smart TVs for malware, a city in Canada lost CA$500,000 to a BEC scam, and three universities in the U.S. revealed in the same week that they were hit by data breaches. Also, we discuss new research just published by Symantec into the Waterbug/Turla group, and two different Android threats that were in the news this week.
Brian Duckering, Sr. Mobile Security Specialist, Symantec
As enterprises begin to recognize the need for greater visibility into mobile threats and are increasingly pressed to protect their organizations from such threats, primary concerns still seem to be focused around what threats a solution can identify – malware, phishing, network attacks and much more.
While this is a starting point, there are other elements, characteristics, and abilities that have a far greater impact on the protection of an organization’s sensitive assets, information, and data that are not discussed often enough.
Join Brian Duckering c and Jeff Louisma as they explore the less-discussed topics of a mobile security strategy that everyone should understand – before it’s too late.
• Focus on high user acceptance rates - poor adoption rates can make a good solution worthless.
• Provide security on managed & unmanaged devices - equally effective security should be available for mobile devices and use cases.
• Protection of sensitive data and systems should take place in real time - relying on third-party solutions or human intervention could be too late.
• Resource demand should be minimal - maintaining and updating the solution should be efficient and require minimal resources.
On this week’s Cyber Security Brief podcast, Candid Wueest and Dick O’Brien discuss Transport for London’s plans to start collecting data about the customers using its Wi-Fi, and what that might mean for people’s privacy. Also, the ongoing repercussions of the ransomware attack that hit the U.S. city of Baltimore, including revelations about the use of the EternalBlue tool by the attackers, plus an update on activity surrounding the BlueKeep RDP vulnerability that was patched by Microsoft a few weeks ago. Also this week, the teen who appeared in court in Australia charged with hacking Apple, and the latest Bitcoin scams doing the rounds online.
In this week’s Cyber Security Brief podcast, we discuss the government employee who was charged with using his work IT systems to mine cryptocurrency, how Google is scanning your emails to collect information about your purchases, and the proof of concept exploits that have been created for the BlueKeep bug. We also chat about ransomware “recovery” services that are just paying the ransom, the dismantling of the GozNym network, and how Intel CPUs have been impacted by new MDS side-channel attacks.
On this week’s Cyber Security Brief podcast, we discuss our newly-released research into the Buckeye espionage group, and its use of Equation group tools prior to the Shadow Brokers leak. Dick O’Brien is joined by Symantec analyst Sylvester Segura to discuss the findings and to share more details about Symantec’s investigation into this activity. Also this week, we chat about the growing threat of targeted ransomware, and look at what the UK government is planning to do to improve the security of IoT devices.
Daniel Frey (Sr. Manager, Prod Marketing) and Anand Visvanathan (Dir. Prod Management)
Misconfigurations of cloud services can lead to gaping holes in your cloud environment and present low hanging fruit for attackers. Cloud users need a proactive, automated approach to monitoring and securing the cloud control plane.
In this webinar, you’ll learn:
• How as a user you can tackle the most pressing problems that face some companies during their cloud journey
• Configuration Errors: Monitor changes happening to cloud services in real-time and maintain your “gold standard” security posture.
• Painstaking Triage: Automate the remediation process to handle any security issues for both inline as well as offline workflows.
On this week’s Cyber Security Brief podcast, we discuss our recently published research into the Beapy cryptojacking worm, which is using the EternalBlue exploit to spread, and is primarily impacting enterprises in China. We also talk about data breaches, the dangers your set-top box might pose, why some GPS apps need to upgrade their security, and what the Emotet criminals are up to now.
Robert Arandjelovic, Director Product Marketing, Symantec
As companies move their applications and operations from on-prem data centers to the cloud, a variety of security concerns become more complex.
Applying security controls to servers outside of the physical control of IT means depending on web services and remote management. And since your data might not be in a single cloud – one benefit of cloud computing is spreading your data among multiple physical servers – data management can be difficult.
This webcast will look at how data is managed, performance is monitored and analytics are collected and normalized across the cloud infrastructure. It will also look at how security operations are managed and executed in this ever-changing environment.
Sharad Ghag, Principal Product Manager, Symantec Corporation
The number of security vulnerabilities discovered over the last few years has rapidly increased. 2018 was a record setting year with a total of 14,760 – more than double the amount from just 2 years earlier. In addition, many of the recent breaches have been due to known software vulnerabilities that had a patch available but had not yet been applied by the organization leaving them dangerously exposed. Identifying vulnerabilities, knowing which ones pose the greatest risk, and performing remediation is a major challenge for many organizations.
Please join us for a special webcast where we will discuss and demo how to quickly and efficiently identify, prioritize, and remediate vulnerabilities using Symantec Control Compliance Suite Vulnerability Manager.
On this week’s Cyber Security Brief podcast, we discuss the conviction of two members of the Bayrob gang – and the role Symantec played in their capture and conviction. Also, the founder of Silk Road 2.0 is sentenced to jail time in the UK, the personal data of thousands of law enforcement personnel is reportedly published online by a hacking group, and we discuss the Windows Tiles sub-domain takeover. Finally, when you’re talking to your smart speaker, who hears what you say?
Are you storing sensitive data and running business-critical operations in AWS? The news is full of stories about data exposure or loss involving misconfigurations, misuse, or compromised accounts in AWS. Analysts are urgently advising organizations to get automated controls and centralized management in place to secure their IaaS operations.
As a result, IT organizations are increasingly looking for security providers for solutions to provide visibility, behavior monitoring, access controls, data security, and threat protection for AWS.
Get security in place fast! Join us to learn how Symantec CloudSOC CASB can help you:
- Monitor activity and security configurations
- Control access and prevent risky changes or privileged misuse
- Detect malicious insiders and compromised accounts
- Keep S3 buckets private and secure confidential data with DLP
- Defend S3 buckets from advanced malware threats
On this week’s Cyber Security Brief podcast, we discuss our new research into the privacy of your hotel booking details, and how we found that two in three hotel websites leak guest booking details and allow access to personal data. We also have an update on the case of the Chinese national who tried to gain access to President Trump’s Mar-a-Lago resort while carrying a malware-laden thumb drive. We also discuss a complaint against audio equipment maker Sonos in the UK alleging it is coercing customers into surrendering an excessive amount of personal information, and the discovery of a dark marketplace called Genesis that is selling the digital fingerprints of thousands of people.
Office 365 has captured the imagination of many organisations, offering a wide range of productivity applications in a single platform. However, as organisations race to the cloud they realise that solving the security challenges may not be as straightforward as they hoped.
The Office 365 platform encompasses communication, content creation and distribution applications stored in a cloud environment that’s open to all (any user, any device). In short, this single platform reflects the full range of security challenges that any organisation faces, so no wonder security deserves a deeper think.
Join Sunil Choudrie, a Security Strategist from Symantec where he will discuss:
- Office 365 Security implications
- Key considerations for organisations that have moved to Office 365
- Key considerations for organisations planning to move to Office 365
Symantec protects information wherever it’s stored or accessed. from your company’s most important information to your family photos.Everything we do begins with what we’ve learned about keeping people’s information secure.
We operate a worldwide cyberintelligence threat network that positions us to proactively address where you’re most vulnerable. This network captures worldwide security intelligence data that gives Symantec analysts unparalleled sources of data to identify and analyse, to deliver protection and provide informed commentary on emerging trends in attacks, malicious code activity, phishing and spam.