Global Supply Chain Risk Management: Overview of the State of the Art
If you plan, build, operate, sell or buy anything that includes hardware, software, or online services, then this is the workshop for you! This presentation will cover the state of the art in ICT supply chain security, with an emphasis on managing risk resulting from the product of inter-relationships between system & product development lifecycles across the supply chain derived from the University of Maryland's research in Cyber Supply Chain Security and their Community Framework Initiative. From acquisition to sale, this talk will have something for everyone
In light of recent news about Dridex takedown, AnubisNetworks Labs team would like to take this webinar to share with the community some of the efforts undertaken during this investigation led by the NCA, with our participation, to track this malware and exploit its communication channels.
In March 2015, AnubisNetworks Labs team started analyzing multiple malware samples of the Dridex family which ultimately led to running a fake node inside Dridex botnets.
Dridex has been around since November 2014 and it is an evolution of the malware families known as Bugat, Geodo, Feodo and Cridex. The malware is distributed via email, with a malicious Microsoft Word document as attachment which, once opened, downloads a second stage payload that infects the system.
Primarily targeting homebanking users, it is a malware with various capabilities including man in the browser, keylogger, proxy and VNC. It features a peer-to-peer (P2P) network and uses cryptography on its communication channels.
Dridex botmasters are very active, launching new campaigns against different geographies, hardening the botnet infrastructure with new countermeasures and command and control systems on a regular basis. By hiding inside Dridex, our researchers compiled and gained knowledge about this botnet modus operandi.
In this webinar AnubisNetworks´ security team will share the research done, focusing
Key takeways from this webinar:
· Map Dridex infections of associated botnets;
· Understand the complexity of Dridex communication channels;
Simon Mullis, Global Technical Lead, FireEye; Andy Norton, Senior Architect, FireEye
In this presentation we will discuss the motivations, aspirations and end-goals of the modern-day threat actor.
How can we differentiate them? What commonalities might they share? How do we deal with them?
And finally - but of most importance: How should the reality of the threat actor affect the way we understand, manage and mitigate risk.
Dr. Larry Ponemon, Chairman of the Ponemon Institue & Brett Wahlin, VP and CISO of HP
Cyber Crime cost US companies an average of $15 million in 2015 – a significant increase from a year earlier. It’s a troubling trend unearthed by the Ponemon Institute’s 2015 Cost of Cyber Crime study. You know the risks, but you need the data to plan your defenses and demonstrate the cost of inaction. In this Webinar Dr. Larry Ponemon and
HP CISO Brett Wahlin will explain how to craft an effective preemptive security strategy. You’ll learn:
-What cyber crimes are most common and most costly
-The hidden internal and external costs you incur
-What security defenses are most effective in reducing losses
-How businesses with a strong security posture drive down costs
Simon Bryden, Consulting Systems Engineer, Fortinet
This webinar reviews some of the headline attacks and threat events of 2015, then asks what can be learned from them. After looking at some of the trends and directions that today's attacks are taking, it looks at key challenges facing the enterprise, and how they can be addressed by leveraging the latest developments in security technologies, combined with constantly updated threat intelligence.
Nahim Fazal, Cyber Security Development Manager, Blueliv
With each passing year, the frequency and number of organisations that are hacked increases at a dizzying rate. No industry vertical can ignore this trend. One of the key challenges facing all business is to come to grips rapidly with an ever-changing threat landscape.
How can your organisation understand specifically what threats is being targeted with? In order to answer this question business need to be able to quantify and qualify the threats aligned against them. In essence being able to understand what malicious actor’s know about an organisation and how that knowledge may be deployed in attack campaigns and vectors.
During the course of the webinar session, Blueliv’s Cyber Security Development Manager, Nahim Fazal will present the Blueliv proposal for improving the cyber threat visibility of a business.
- Why the same approach gives the same results
- Actionable intelligence – what does this look like in the real world?
- Reducing your cost and incident response time
The increased complexity and frequency of attacks, combined with reduced effectiveness of detective or preventative control frameworks, elevate the need for organisations to roll out enterprise wide incident response initiatives to ensure rapid containment and eradication of threats.
In this webcast, Don Smith, Technology Director at Dell SecureWorks, describes three organisation’s experience with “APT” actors, examining techniques deployed for intrusion, persistence, lateral expansion and exfiltration.
Don will highlight where changes to the detective or preventative control frameworks could have prevented the attackers from achieving their objectives and outline key steps to building a robust incident response plan.
Webcast takeaways include:
· Real-world examples of APT attacks from the coalface
· The latest tools and techniques that advanced threat actors are using
· Recommendations for preventing and responding to APTs
It’s no secret that there are botnets for hire, groups of computers that can, and are, used against our organizations on a daily basis. But what is the nature of these botnets? What abilities do each of the installed toolkits offer to the attacker? Most importantly how do their capabilities change the defenses necessary to protect yourself?
We’ll cover two of the most recent toolkits that have been seeing wide usage. Learn a little about the people behind the attacks, where the attacks are coming from and what you might expect to see in the near future. You might be a bit surprised at where a lot of the traffic is coming from (hint: it’s closer than you think).
Kai Roer, Creator of the Security Culture Framework
In this webinar I will discuss what security culture is, where it belongs in the organisation, and how good security culture can reduce the likelihood of being breached. I will point to research on culture, human behaviours, and how to motivate people to do the right thing.
Ben Wilson, Senior Director, Product Management, Fortinet
Wireless is now the expected medium of choice for network users. Delivering it successfully can be a challenge especially with multiple different approaches and architectures available. What is right for your organisation? Cloud? Controller? How is it all secured?
This session will discuss 3 main Wi-Fi architecture types, their different advantages, the wired edge, and how to secure it all. Importantly, we will finish with what to consider when making the right choice for your needs.
Darren Argyle, Global Chief Information Security Officer (CISO) for Markit
The use of third parties is unavoidable in today’s global economy. The growing use of third party suppliers and business partners, whilst bringing significant business advantages, also exposes organisations to substantial risk, such as financial loss, reputational damage, regulatory prosecution and fines from major breaches of security. In the last few years we’ve witnessed many of these risks being realised; examples have included major breaches of security and costs to recover escalating into millions of dollars, as a result of the third party supplier being comprised. Changes in regulation, the evolving threat landscape and policy changes globally further complicate matters, generating further risk and expense for business.
Despite considerable efforts from many industries to address these issues, it remains difficult to manage. As well as the risks described, companies perceived as the ‘weakest link’ in the supply chain could end up not having third party contracts renewed. These challenges are discussed in more detail, and some suggestions put forward to help tackle the increasing burden on teams and risk mitigation strategies.
How can companies effectively measure their company’s risk of a data breach? What security metrics are most important when it comes to determining breach risk? How do different types of security compromises, whether botnet infections or brand name SSL vulnerabilities, contribute to an organization’s risk profile? Can you aggregate data to create high-level ratings to measure and report on cybersecurity risk?
Join BitSight’s Chief Technology Officer Stephen Boyer and Senior Data Scientist Jay Jacobs to get these questions answered - and more. This data driven webinar will highlight the extensive analysis that the BitSight Data Science team undertakes to make security signals into concrete risk mitigation actions. Perhaps most importantly, the speakers will give guidance on how security and risk professionals at every level - from the board room to the server room - can drive positive change throughout their organizations.
A recent Forrester Consulting survey revealed that while organizations initially rated all Next Generation Firewall features as high priority during evaluation, only two features were actually used in more than 50% of deployments. Respondents cited configuration challenges, too much noise and slowdown in performance as the primary reasons for using fewer features. In this webcast we will discuss how to get full value out of a next generation firewall:
· Finding an effective, accurate and extensible set of NGFW security features
· Defining, configuring and validating an appropriate set of NGFW policies
· Assessing actual performance of NGFWs
· Monitoring NGFWs on a regular basis
· Responding to the inevitable incident with your NGFW
You're invited to join us on Thursday, Nov. 19, to be among the first to see how ThreatSecure Network, which detects advanced threats and network anomalous behavior, is integrating with Splunk to make powerful big data capabilities a reality for your security team.
The webinar will demonstrate how this integration will enable teams to:
· Decrease the time of incident detection and reporting
· Analyze data and make informed decisions on threat severity via a single interface
· Demonstrate and determine the impact of malware across the network
Richard Sherrard, director of product management, Rogue Wave Software
It’s everywhere. From your phone to the enterprise, open source software (OSS) is running far and wide. Gartner predicts that by 2016, 99 percent of Global 2000 enterprises will use open source in mission-critical software. While it’s free, easy to find, and pushes software to the market faster, it’s vital to understand how to use OSS safely.
Join Richard Sherrard, director of product management at Rogue Wave, for a live webinar reviewing the top five OSS trends of 2015. From OSS discovery, to risk, and governance, we’ll take a deep dive into the trends we’ve noticed this year while providing you with some predictions for 2016.
In this webinar you’ll learn how to:
-Discover the OSS in your codebase to ensure that code is free of bugs, security vulnerabilities, and license conflicts
-Implement controls on OSS usage at your organization
-Create a multitier approach to OSS risk reduction with open source tools, static code analysis and dynamic analysis
Barry Fisher, Sr. Product Marketing Manager, Bobby Guhasarkar, Director or Product Marketing
We know that “What happens in Vegas, stays in Vegas” is not a winning network security strategy. Yet how would you know what happens on the Internet when your employees are off the corporate network? If you’re thinking VPN? Think again. Why would employees VPN when they’re working in Office 365 or Google Docs?
We need visibility everywhere. It is the foundation for security. We also need consistent enforcement of our policies and protections. But we’ve lost both these days, now that employees work anywhere, anytime.
OpenDNS Umbrella restores visibility and enforcement easier than any other solution.
Unlike VPN’ing, we do not add latency, hog memory, or burden the end-user.
Unlike endpoint protections, we block threats before the first victim is hit.
Patrick Foxhoven, VP & CTO of Emerging Technologies, Zscaler, Inc.
The holiday season is approaching and for cyber criminals, this period is typically a feeding frenzy to hunt and exploit vulnerable businesses and employees. The statistics are staggering:
– 64% of organizations report an increase in cyber-crime on cyber Monday*
– 30 million malicious tweets are sent daily*
– Phishing links skyrocket by around 336% during Thanksgiving**
– Organizations get hit with losses of about $500k per hour when compromised***
The overall cost to an organization, including damages to reputation and brand, can be as high as $3.4M per hour. And yet, only 70% of companies take extra precautions in anticipation of these higher risks.*** How confident are you that your employees will not be used as a Trojan horse to compromise more sensitive company information?
Join Patrick Foxhoven, VP & CTO of Emerging Technologies, Zscaler, Inc., for a compelling webcast that will address:
– 5 key ways cyber criminals will target your employees and infiltrate your organization
– Key insights into holiday activity from Zscaler’s Security-as-Service platform
– Tell-tale signs that you have been compromised
– Guidelines and best practices to stay safe this holiday period
*Inc. - How Hackers Will Attack on Cyber Monday
**Huffington Post Tech - Five Ways You'll Be Hacked on Cyber Monday
***Computer Business Review - Cyber Monday attacks could cost organizations up to $3.4m per hour
Araldo Menegon Vice President & Global Managing Director, Financial Services Fortinet & Johna Till Johnson CEO, Nemertes
Enterprise architects sometimes shy away from internally segmentation data centers out of concerns over performance and agility. But implementing internal segmentation need not involve a performance hit. Learn how to approach internal segmentation, including how to avoid the most common pitfalls, and how to integrate segmentation into your broader security strategy. And most of all, learn why you can’t afford not to segment: the benefits it provides in terms of control, compliance, and protection.
Itsik Mantin, Director of Security Research, Imperva
Organizations of all sizes face a universal security threat from today’s organized hacking industry. Why? Hackers have decreased costs and expanded their reach with tools and technologies that allow for automated attacks against Web applications.
This webinar will detail key insights from the Imperva Application Defense Center annual Web Application Attack Report. Attend this webinar for an in-depth view of the threat landscape for the year. We will:
- Discuss hacking trends and shifts
- Provide breach analysis by geography, industry and attack type
- Detail next steps for improved security controls and risk management processes
Christopher Kissel, Industry Analyst at Frost & Sullivan & Seth Goldhammer, Sr. Product Management Director at LogRhythm
The stakes have never been higher as businesses attempt to protect their assets from a barrage of threats that continue to grow in frequency and sophistication. These efforts have traditionally centered on perimeter-based cyber defenses. Intrusion detection and prevention systems (IDS/IPS), antivirus (AV), firewalls, next generation firewalls (NGFW), unified threat management (UTM) platforms, and vulnerability management (VM) are among the technologies used (and needed) to stop miscreants from entering the network.
However, even the most advanced cyber security teams acknowledge that user accounts, systems and networks WILL be compromised, regardless of the prevention measure in place. It’s amidst this reality that organizations are exploring new, more effective ways to detect and respond when the inevitable occurs.
In this webinar we will explore how unified security intelligence is empowering organizations to accelerate their mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) to compromises and avoid material breaches. Chris Kissel, industry analyst from Frost & Sullivan will start with a quick update on the state of SIEM and how next-gen SIEM has evolved to deliver true security intelligence through a number of new capabilities including behavioral analytics, network and endpoint monitoring and analytics, as well as advanced search capabilities.
Attend this webinar if you:
-Are seeking to reduce your organizations meantime-to-detect (MTTR) and meantime-to-respond (MTTR) to cyber threats
-Struggle to find the needle in the haystack of security events
-Believe your current incident response process lacks adequate automation and efficiency
-You have a first-gen SIEM platform deployed and are frustrated by its complexity or feel that you still have significant blind spots
Heidi Shey, Senior Analyst, Forrester Research; Bill Bradley, Director of Product Marketing, Digital Guardian
Data protection has reemerged as a top solution to the increasing number of data breaches. But how do you persuade your leadership team to adopt a new security technology? Join Forrester Research and Digital Guardian as they discuss the steps to build a business case for data protection, where to gain allies throughout the organization, and how to effectively communicate your business case.
Watch this webcast to learn:
· How to establish the success factors for a data protection program
· How to quantify the top line and bottom line benefits of data protection
· Who in the organization, aside from the usual suspects, to get on board early in the project timeline
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.