Uncontrolled Privilege Creep – The Danger Within

Manage webcast
McAfee and Avecto
“Privilege Creep” is defined as the gradual dissemination of admin rights for standard users. While organizations enable privileged accounts to meet specific business requirements, “privilege creep” exposes the company to malware risk, compliance litigation and increased operational costs.

This session discusses the hidden internal dangers of “privilege creep”. It offers an integrated approach to solving the “privilege creep” problem including:

• How to introduce granular levels of control improving security, productivity and achieving compliance
• Using McAfee ePO to provide reports and audit trails of privileged activity
• Ensuring user productivity and experience within the standard user function
Aug 14 2012
39 mins
Uncontrolled Privilege Creep – The Danger Within
Join us for this summit:
  • Channel
  • Channel profile
  • Hackers, Attackers, and Criminals -The never ending, dynamic and evolving threat Jul 8 2015 3:00 pm UTC 45 mins
    Carlos A. Fernandes, CISSP, CEO, Agile Cybersecurity Solutions
    Cybercrime continues to increase, with nearly 100% of Forbes Global 2000 companies reporting data breaches within the last 12 months.
    It is estimated that over 200 nations have Intelligence capabilities and their #1 target is the United States. Cyber tools, used for exploitation, can also be used for cyber attacks. These capabilities are being built by the 1,000s. The result is that most US corporations have been penetrated. Furthermore, most network security appliances may stop a novice attack but they are no match for a sophisticated threat actor. The presentation will explore the evolving threat, why we should care, and what we can and cannot do to counter this never ending, dynamic and evolving threat.
  • Data Immunization: A New Approach to Protect Against the Insider Threat Jul 8 2015 3:00 pm UTC 45 mins
    Eyal Manor, VP Product Management, Secure Islands
    Organizations spend millions to protect data from outside threats, but are investing far less to protect themselves against attacked from inside. Security experts agree that there is currently no way of completely block hacks or prevent insiders from leaking information. But is the situation completely hopeless?

    This session will present a new paradigm for keeping sensitive data safe by classifying and protecting it at the source. How to enhance the performance of DLP? How to enable collaboration and BYOD in a secure manner? How can you track all organizational data and pinpoint risk? How can you make the threat of data theft and loss irrelevant?

    Join our session to learn the answer.
  • Cloud Attack: Unsharing Your Business in The Cloud Jul 8 2015 3:00 pm UTC 45 mins
    Jason Hart, VP Cloud Solutions - Gemalto
    In this presentation we will examine real cases that show how vulnerable cloud and virtual environments can be without the correct controls. You will see how easily controls can be bypassed and compromised, why software keys are simply not good enough, and how your personal life threatens your business and work life. Join us on July 8th to learn what we call, unsharing your data.
  • Myth or Reality: Insider Threat Victims DON'T Have Their Heads in the Cloud Jul 8 2015 2:00 pm UTC 45 mins
    Evelyn de Souza, Data Governance Workgroup Chair, Cloud Security Alliance & Data Privacy and Compliance Leader, Cisco Systems
    We can safely predict that an insider threat targeting cloud will be the cause of a major data breach over the next 12 months. While cloud insider threats consistently rank as a top concern, they have not been decomposed and mitigated like enterprise exploits. We will uncover threat vectors and behavioural traits and present new techniques for discovering and mitigating cloud insider threats. This webcast will also include a breakdown and comparison of different cloud models.

    Attendees will also learn:

    • Techniques for reconstructing audit trails to help with the deconstructing of an insider threat

    • Ways to quickly recover from the effects of an insider threat to minimize business disruption and impact
  • Complex Incident Response Investigations: How to Minimise Breach Impact Jul 8 2015 1:00 pm UTC 60 mins
    Rafe Pilling, Senior Security Researcher, Dell SecureWorks
    How prepared are you for a data breach?

    With the threat environment growing more complex, and the rise in advanced and targeted attacks, how does your response plan hold up? Threat actors have changed their tactics; so must you.

    During this webcast, Rafe Pilling, Senior Security Researcher for Dell SecureWorrks Counter Threat Unit (CTU), will share advice based on real-world examples to help ensure your organisation is infinitely better prepared to respond to a security breach.

    Key topics covered include:

    · A view of the evolving threat landscape and how this could impact you

    · Examples of critical mistakes Dell SecureWorks has viewed in real-world cases

    · Developing a robust incident response plan

    · Maximising the value of current controls and improving your overall security posture
  • Insider Threats – Real Problems and Real Solutions Jul 8 2015 10:00 am UTC 45 mins
    Peter Wood, CEO, First Base Technologies
    Malicious attacks and accidental breaches by insiders present a real threat to organisations of all types. Insiders are uniquely positioned with legitimate access to data, networks and premises, allowing them to effectively bypass firewalls and intrusion detection systems. Pete and his team have conducted hundreds of simulated insider attacks and have found common themes emerge, regardless of business sector or size of business. In this presentation, discover the critical weaknesses that insiders exploit and the key, practical steps to defending against the insider threat.
  • Data-centric Security & Encryption: Keeping Your Critical Data Safe Jul 7 2015 4:45 pm UTC 45 mins
    Albert Biketi, VP & GM, HP Security, Atalla
    Data’s coming at us at a pace never before imagined. Without data-centric protection that secures your sensitive information throughout its entire lifecycle, you’re at risk. The use of data-centric security and encryption solution from HP Atalla and HP Security Voltage can help you rest assured that your data remains inaccessible, even if captured, lost, or stolen. Data breaches are inevitable – get prepared. Join this webinar to learn how to best protect your structured and unstructured data at rest, in motion, and in the cloud. Data-centric security will help you neutralize the potential damage from security breaches.
  • Verisign iDefense 2015 Cyber Threats and Trends Jul 7 2015 3:00 pm UTC 45 mins
    Dee Richartz, Technology Strategist, Verisign & Rob Coderre, Director – Product Management, i-Defense
    Our personal and professional attack surfaces have never been greater, and they are only expected to grow as organizations and individuals continue to increase their reliance on the digitally connected world for a variety of tasks.

    Throughout 2014, and into 2015, Verisign iDefense® Security Intelligence Services observed cyber criminals increasing their focus on attacking point-of-sale (PoS) systems and developing and deploying new banking malware. Global events continue to drive a higher frequency and severity of hacktivist activities and pro-state cyber operations. Vulnerable legacy and open-source operating systems continued to complicate the security of critical networks.

    This report presents an overview of the key cyber security trends Verisign has noted and expects to see throughout the remainder of 2015. It features conclusions drawn from Verisign iDefense research and analysis covering cyber-crime, hacktivism and vulnerabilities.
  • The first 24 hours after a breach Jul 7 2015 3:00 pm UTC 45 mins
    Ondrej Krehel, CTO and Founder, LIFARS, LLC
    This session will be about the process that takes place once a data breach occurs. The pressure is extremely high and various teams have to come together in this time of emergency, including incident response team, the board and the executive management, the PR team, risk management and legal. Goals are to strategize and minimize the damage, contain the threat, and ensure that the business continues running in spite of a major incident and at the same time public concerns and pressure are addressed in an efficient manner.

    Talk points:

    Getting the call
    Arriving on scene (first observations and attacker profile analysis)
    Crisis management with key internal tenants
    Evidence collection and preservation, digital forensic investigation and analysis
  • BYOx - Again! Jul 7 2015 1:00 pm UTC 45 mins
    Steve Durbin, Managing Director, ISF Ltd
    As the trend of employees using smartphones and tablets as corporate access devices in the workplace grows, businesses of all sizes continue to see information security risks being exploited. These risks stem from both internal and external threats including mismanagement of the device itself, external manipulation of software vulnerabilities and the deployment of poorly tested, unreliable business applications.

    During this webinar Steve Durbin, Managing Director of ISF, will explain why it is important for organisations to embrace these new technologies to develop and deploy effective enterprise-wide strategies and to safeguard their data.
  • Detecting Malicious Insiders Through Behavioural and Operational Analytics Jul 7 2015 12:00 pm UTC 45 mins
    Vinoth Sivasubramanian, CISO, Alaacart
    Combating insider threats is an extremely daunting task. Even more challenging is to unearth and defend crimes that could be committed by potential malicious insiders who are organized and enjoy a high degree of trust. This presentation shall discuss the current state of insider threats, the detection mechanisms available, why they are not enough and also suggest practical methods that can help detect and prevent potential frauds. Elucidated through a case study, this presentation shall walk you through on how we developed and implemented a framework using BIG DATA technology, user attributes and proven methods of behavioral science to unearth potential malicious insiders. With a detection rate of 90 percent, this is a highly adaptable model and gets easily integrated within your SIEM/Incident management and delivers great Return on Investment.
  • Promoting an Information Security Culture Jul 7 2015 12:00 pm UTC 45 mins
    Shan Lee, Head of Information Security, Just Eat
    Shan Lee is the Head of Information Security at JUST EAT Plc where he is passionate about promoting a "Security Culture" in what is a fast moving and rapidly expanding, multinational environment.

    In this presentation he will touch upon the following subjects: security culture, awareness, education, and the problems around the real threat being the (non-malicious) employees that don't even realise their online behaviour is a problem.
  • CyberSecurity: It's time to be prepared - Cyber Defence Strategies & Cyber Resil Jul 7 2015 10:00 am UTC 45 mins
    Tarun Samtani CISSP, Information Security Architect, Ebuyer UK
    It's not about IF, but WHEN - This statement has been over hyped by media and Sales people love it as they want to sell you something. There is a lot of negative news around cyber security and rightly because Data breaches have become a part of our daily news. BUT 90% of the breaches could have been avoided according to a recent report by Online Trust Alliance 2015 had best practices and security controls been applied correctly.

    So what can we do about it?

    From this webinar, I would like to bring some cyber defence strategies into play which i have been researching on lately. There is no silver bullet to Cyber Security. "You dont need another Security product".

    Prepare for the worse by having a sound cyber resilience strategy in place.

    Takeaways from this webinar -

    a) Best Practice - Defence in Depth
    b) Cyber Defence strategy models
    c) Cyber Resilience Framework
  • Into the breach: Lessons learned from targeted attacks Jul 7 2015 10:00 am UTC 45 mins
    Stuart Davis, Director, Mandiant
    This presentation will highlight lessons learned from many years of responding to targeted attacks by nation state actors and other groups. We will highlight why adversaries continue to successfully compromise their targets at-will, and provide insight to the investigative techniques and security controls that can keep-pace with attacker methodologies. (Hint: there are no silver bullets, and buying more security widgets is not always the answer to these challenges!) We’ll discuss the benefits, and potential pitfalls, of the emerging market for “threat intelligence”. Finally, we'll take the risk of predicting the future and provide some thoughts on how targeted attacks and state-sponsored threats may continue to evolve.

    - Identify frequently-missed blind-spots and operational failures that help attackers persist in a compromise environment
    - Discover how to better utilise existing resources and technologies to reduce the time gaps between successful compromise, detection, and remediation
    - Identify which approaches to remediation have been most successful at driving attackers out of a compromised environment and limiting the likelihood of re-compromise
    - Understand how targeted and state-sponsored attackers are evolving their methodologies in response to increased exposure and analysis
    - Learn practical ways in which threat intelligence can be utilised to detect and respond to attackers
  • SIEM Detection & Response Cases Recorded: Jun 30 2015 32 mins
    Tom Clare, Director, Arctic Wolf
    Before tackling a SIEM project to improve detection and response, learn from these case studies as their scenario likely matches yours. To firebreak your network brings together technologies, processes and people in the right balance across four phases. More than a security point solution or another box, you need to turn craft into a discipline to improve detection and response.

    Learn from your peers about the following:
    - Before environment and issues
    - Transition effort, cost and impact
    - After environment and benefits
    - Best practices for managed SIEM
    - Your network and next steps
  • Risk Mitigation Services in Cyber Insurance Underwriting Recorded: Jun 30 2015 57 mins
    Tracie Grella, Advisen; Neeraj Sahni, FINEX; Ira Scharf, BitSight Technologies
    Cyber insurance is becoming an increasingly competitive market. In order to differentiate their offerings, underwriters are beginning to offer unique risk mitigation services to their insureds. But with all the noise in this space, how do risk managers find and choose the policy that is best for them?

    In this webinar hosted by Advisen, Tracie Grella, Global Head of Professional Liability at the world's largest insurer, AIG, Neeraj Sahni, Vice President, FINEX North America—Cyber and Technology Risks at Willis, and Ira Scharf, General Manager of Cyber Insurance at BitSight Technologies, to learn how underwriters, brokers and technology firms are working together to bring risk mitigation services to their clients

    Join this webinar to learn:

    - How cyber coverage has evolved
    - How the insurance market is bringing value related to cyber risks
    - How risk mitigation services lower expected costs and help insurers do a better job of underwriting
    - Why risk mitigation services and cyber insurance create a safer cyber ecosystem
  • DDoS Attacks: More Dangerous to You; Never Easier to Launch Recorded: Jun 30 2015 56 mins
    Christina Richmond, Program Director, IDC and Joe Loveless, Product Marketing, Neustar
    If your organization cannot afford downtime from DDoS attacks, join this timely discussion from Neustar, with special guest perspective from IDC’s Christina Richmond. Explore the complexity and purpose behind today’s attacks and what you can do to defend your Internet presence. You will learn:

    · What the DDoS threat environment looks like today
    · Why “smokescreening” is a particular danger
    · Where attacks can have impact across your organization
    · How you can take steps to thwart DDoS threats
  • Modern Data Center High Performance Firewall: The Benefit of Hardware Innovation Recorded: Jun 30 2015 51 mins
    Jose Grandmougin, Fortinet Director of System Engineering
    Enterprise data centers are evolving to deliver higher performance and agility, driven by rapid adoption of mobility/BYOD, big data, cloud and SaaS. At the same time, data center security needs to guard against ever more sophisticated attacks, while keeping up with rapidly increasing bandwidth requirements.

    In this session Jose Grandmougin, Fortinet Director of System Engineering, will focus on the absolute need for high performance, hardware based firewalls in today’s data center and why yesterday’s data center firewalls cannot meet today’s challenges.
  • Panel: Information Security Policy Management for the IOT Recorded: Jun 26 2015 51 mins
    Expert Panel
    Our expert panel will discuss upcoming trends and best practices in infosec policy management for the IOT. The panel will include:

    Jennifer Bisceglie, CEO, Interos Solutions
    Robert Brese, Executive Partner, Gartner
    Ryan Gillis, VP of Cybersecurity and Global Policy, Palo Alto Networks
    Gary Hayslip, CISO, City of San Diego, Co-Chair, CyberTECH
    Paul Rosenzweig, Principal, Red Branch Consulting
  • Next Generation Firewalls Will Change How You Protect Your Organization Recorded: Jun 25 2015 41 mins
    John Kindervag, VP, Principal Analyst, Forrester
    Join Forrester Vice President, Principal Analyst, John Kindervag and Fortinet to learn about how next generation firewalls (NGFW) are changing the way organizations protect themselves. Get a look at the latest research on how IT professionals are using NGFWs to combat today’s threat environment and the requirements for an effective NGFW.
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Uncontrolled Privilege Creep – The Danger Within
  • Live at: Aug 14 2012 5:00 pm
  • Presented by: McAfee and Avecto
  • From:
Your email has been sent.
or close
You must be logged in to email this