Adaptive Application Whitelisting 101 – Preventing Modern Attacks
The 2011 Verizon Data Breach Investigations Report cites
- 94% of data records breached leveraged some form of malware
- 60% of all malware is customized, therefore not recognizable by AV
Analysts recommends Application Whitelisting as "foundational" to protect endpoints. Application Whitelisting ensures only authorized software can run, eliminating the threat of malware. Success requires a simple, adaptive approach.
Follow the three R’s for Adaptive Application Whitelisting:
- Real-time Change Detection – to detect configuration changes
- Rules Engine – To automatically trust software
- Reputation Service – to assign trustworthiness to all software
Learn how Fortune 2000 companies are preventing today’s modern attacks.
RecordedAug 23 201159 mins
Your place is confirmed, we'll send you email reminders
Many organizations are feeling the pressure to find privacy compliance solutions as an ever-increasing number of regulatory requirements are being introduced locally, nationally, and globally. In their attempts to demonstrate prompt compliance with multiple regulations, organizations could be speeding past their actual privacy problems. To avoid a “tail wagging the dog” situation with a compliance-driven approach, organizations should focus on examining why these privacy regulations are being introduced in the first place In this webinar, we will discuss common privacy problems facing organizations through examples with an emphasis on the privacy needs of customers over compliance checklists.
In this presentation, you will learn:
The current state and drivers of organizational privacy programs.
How to identify areas of focus within privacy programs based on customer needs which drives compliance requirements.
How to lead discussions with colleagues in support of a customer focused, need-based privacy program at your organization.
Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist
Only ~20% of companies use DMARC, SPF, and DKIM, global anti-domain-spoofing standards, which could significantly cut down on phishing attacks. But even when they are enabled and your domain is more secure, 81% of phishing attacks still continue to sail right through to the end-user.
In this webinar, Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will teach you how to enable DMARC, SPF, DKIM the right way! Then, learn the six reasons why phishing still might get through to your inbox and what you can do to maximize your defenses.
What you’ll learn:
How to enable DMARC, SPF, and DKIM
Common configuration mistakes
How to best configure DMARC and other defenses to fight phishing
Techniques to empower your users to identify and avoid phishing attempts that make it through your surface-level defense
Marcus Fowler, Director of Strategic Threat at Darktrace
AI is sometimes spoken about like something that will, in the future, secure networks. However, AI cyber security is already deployed by numerous companies to detect and autonomously respond to increasingly advanced, fast-moving, and stealthy threats. At the same time, attackers are developing malicious AI, which will be almost impossible to detect. Companies that fail to deploy AI today may find themselves unable to detect the threats of tomorrow. In this session, learn about how the use of unsupervised machine learning allows companies to benefit from cyber AI within weeks, why building trust with security teams is so essential, and use cases of cyber AI beyond threat detection and response.
There is more to community involvement than fun runs and bake sales. Many of the conferences and organizations in the information security community are volunteer run. In our workdays, we rarely get a chance to work on overall career development and yet, we need challenges to improve our technical and nontechnical skills. Join us as we review best practices for volunteering, how to leverage these for career development and how to best engage your employers, or prospective employers.
In a recent CyberSecJobs.Com survey, only 54% of the community said that they knew how to find a job. Of those 54% the top tool for finding a job was asking friends. Finding a job is a full time job. Do you have all of the tools available to you to find your next job? Spend a few moments with Kathleen Smith a Recruiting Marketing expert and hear about the top tips you want to make sure you always have at your fingertips to find your next opportunity.
Lee Waskevich, VP Security Solutions, ePlus & Alex Goldstein, Principal Architect- Cisco Security, ePlus
In today’s rapidly changing IT environment, organizations must be diligent about protecting themselves from evolving cyber threats. Disruptive malware can have a long and lasting effect on business operations and brand reputation. Cisco Umbrella is a cloud security platform that helps stop threats before they reach your network or endpoints. It helps you mitigate remediation costs and breach damage, reduce the time to detect and contain threats, and increase visibility into internet activity across all devices. It is the first line of defense and the simplest security product to deploy, integrating seamlessly into your existing security stack.
In this presentation, we will cover:
*The four tenets of stopping disruptive threats
*Why Cisco Umbrella should be the first stop
*How to assess your organization’s security posture
ePlus believes that making security pervasive across your entire IT landscape positions you for growth and success. By utilizing Cisco Umbrella technology, you gain the visibility you need to stop disruptive threats in their tracks.
Tony UcedaVelez, CEO & Founder, VerSprite Security
The latest talk in managing security programs is the ability to make “shift left” in terms of implementing controls. This concept translates to being able to not apply security controls post-implementation but rather during pre-implementation phases in a System or Software Development Lifecycle. These stages (such as the Definition, Design, or even Development phase) can allow for security requirements to be conceptualized and applied before an Implementation phase. The rise of regulations and demand for more agile engineering practices is forcing CISOs and security programs to develop more sophisticated ways to adhere to security requirements from regulations, internal governance, and clients. This talk will focus on how DevSecOps efforts are changing how we govern security controls via greater automation tools that are readily available to leverage. This talk will also show how the future can support for more cost effective governance models, regardless of industry or size of IT environment.
Organisations in 2019 will be increasingly faced with a hyper-connected world where the pace and scale of change – particularly in terms of technology – will accelerate substantially. Business leaders need to develop cutting-edge ways to deal with new regulation, advanced technology and distorted information.
In this webinar, Steve Durbin, Managing Director, ISF will discuss the threats organisations will be facing in 2019 and how business leaders and their security teams can address them. The emerging cyber threats to lookout for include:
-The increased sophistication of cybercrime and ransomware
-The impact of legislation
-The myth of supply chain assurance
-Smart devices challenge data integrity
About the presenter
Steve Durbin is Managing Director of the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.
Emma Bickerstaffe, Senior Research Analyst and Benoit Heynderickx, Principal Analyst, ISF LTD
Organisations increasingly rely on cloud services, motivated by the benefits of scalability, accessibility, flexibility, business efficiencies and reduced IT costs. However, there are several security implications that organisations need to address, including the challenge of verifying identity and managing access to cloud services.
Cloud services bring added complexity to identity and access management, exacerbated by the distribution of data across a myriad of applications accessed by users from multiple devices and locations. Failure to adequately implement user authentication and access control in the cloud can be exploited by attackers to gain access to users’ credentials, manipulate systems and compromise data.
In this webinar, Senior Research Analyst Dr Emma Bickerstaffe and Principal Analyst Benoit Heynderickx will discuss identity management, access control and user authentication in the cloud environment, and consider how organisations can effectively tackle this security concern.
Brian Bork, Technical Content and Events Lead Learn on Demand Systems
When you think of a cyber range, you probably think about a lot of hardware, a time-consuming set-up and a ton of money. Something that’s difficult to build and maintain, and not easily deployed. Learn on Demand Systems is out to change that. In this webinar, Brian Bork will take you through the ways Learn on Demand Systems empowers you to quickly build, deliver and scaling a new kind of cyber range.
Why Cyber Ranges aren’t out of reach for your company.
The theory behind reimagined cyber ranges.
How to build & deploy repeatable environments.
With the ever-increasing frequency and sophistication of security threats to organisations, business leaders need to have a comprehensive data security strategy to protect themselves. Information security practitioners have to think and plan beyond existing protection capabilities that are aimed at preventing threats only. Today's cyber security strategies need to protect an organisations mission critical assets in a way that is:
‒ balanced, providing a mixture of informative, preventative and detective security controls that complement each other
‒ comprehensive, providing protection before, during and after threat events materialise into security incidents
‒ end-to-end, covering the complete information life cycle.
This will enable organisations to match the protection provided with the sophistication of threats to such mission critical information assets. This webinar will look at past and present models and share ideas on how organisations can ‘future proof’ their strategies to combat next generation threats.
In particular in this webinar, Nick Frost, Principal Consultant at the ISF will discuss what actions can be taken to identify your most critical information assets, and how a modern day cyber security model needs to focus on prevention and detection of a data breach, and how to respond to a breach in order to reduce damage to brand and reputation.
Patrick Grillo, Senior Director, Security Solutions, Fortinet
Although overused, Next Generation Security still means keeping up with the challenges of securing today’s networks. The fundamental rule of keeping up with those challenges is having both a vision and an architecture that provides the foundation, regardless of how the market or the threats themselves change.
This session will focus on what is needed in an evolving security architecture to provide Next Generation Security in a constantly changing environment.
During this presentation, you'll learn about deep learning, the history of artificial intelligence, the history of malware management, and the current approach to eliminating malware threats to the enterprise using AI.
IoT, IIoT, OT... It is likely that for many of us these acronyms are confusing. The fact is that traditional industrial environments, such as utilities and production, have started a digital transformation process which harness these and other technologies to become more efficient, automated and competitive.
Within this transformation from a well-defined and well-controlled industrial ecosystem to a dynamic and open one, lurks a shift in the security challenges, needs and solutions/architecture.
This session will focus on the technologies and challenges digital transformation introduces in industrial environments and how Fortinet’s Security Fabric is deployed in such an environments to provide the required security infrastructure and posture, including demonstration of some simplified use cases.
Data protection has always been important, but with the GDPR deadline looming and data sharing scandals shaking consumer confidence, securing personal data has never been more vital. The GDPR is leading businesses across the world to evaluate, and in many cases modify their data processing activities in line with upcoming law.
So what if you’ve left it too late? What are the key steps you can take to work towards GDPR compliance, even after deadline day?
Join us in this webinar with Alex Jordan, Senior Analyst at the Information Security Forum as he shares:
-The ISF’s phased approach to GDPR implementation
-Ways to determine the criticality of data and how to protect it appropriately
-The urgent actions that a business can take to get GDPR compliance started
-Common myths surrounding the GDPR, and guidance on cutting through the noise.
The United States spent around $3.5 trillion or 18% of GDP on healthcare. According to FBI, the amount of this spending lost due to fraud, waste, and abuse (FWA) ranged between $90 billion and $330 billion!
This talk will offer practical advice on how to effectively organize and join various healthcare data sources such as claim and clinical data, how to set-up the problem, and how to design an effective machine learning solution to identify FWA leads and expedite investigator review using intuitive visualization to understand the risk factors contributing to those leads.
Payment fraud prevention tools have existed since the end of the 90s and have improved continuously since. In the last 2 to 3 years we have seen a new paradigm come into the space - machine learning.
This new technology is perfectly fitted for identifying fraud and is slowly being adopted by the market. Moving forward, using tools like this will no longer be a choice but rather an obligation for merchants. An obligation, as it will be at the origin of a competitive advantage which goes way beyond fraud prevention and will bleed into business intelligence fields.
In this session, Rodrigo Camacho, CCO at Nethone will walk you through the evolution fraud prevention touching on the following key points;
How the problem is solved by a large part of the industry today
The revolution that is happening in the space today
The halo effect that this revolution is going to have on the rest of business processes
Cyber has become a strategic issue and for many companies is now a business enabler and increasingly a form of competitive advantage. However it is clear that it remains difficult for Board's to get the “right” management information to support their cyber risk discussions and decision making.
So how can Board's ensure that they are asking the right questions when it comes to an organisation’s cyber posture and how can CISOs maintain and improve the Board’s attention in this fast-moving space? This webinar will look at the challenges faced by CISOs and Board members and offer insights into how to successfully approach cyber security at Board level.
About the presenter:
Steve Durbin is Managing Director at the Information Security Forum (ISF). His main areas of specialism include strategy, information technology, cybersecurity and the emerging security threat landscape across both the corporate and personal environments.
Rob Shapland, Principal Cyber Security Consultant, First Base Technologies
How to make your staff your first and last line of defence.
Learn how to:
•Identify your enemy and their tactics
•Discover why technological defences will lose to hackers
•Learn how to make staff genuinely care about security
About Rob Shapland BSc (Hons) OSCP OSWP CRT Principal Cyber Security Consultant, First Base Technologies
Rob Shapland is an ethical hacker with 9 years’ experience conducting penetration tests for hundreds of organisations, from small businesses to major international organisations.
He specialises in simulating advanced cyber attacks against corporate networks, combining technical attacks with his other hobby of dressing up and tricking his way into company headquarters using social engineering techniques.
He is also a regular speaker at events and conferences around Europe, and has appeared on both BBC and ITV as a cyber security adviser. He holds qualifications from SANS, Offensive Security and CREST, and has been trained in social engineering techniques by Chris Hadnagy, one of the world's leading practitioners and researchers.
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.