Technology Overload? Why Just Buying New Tools Is Not the Way to Better Security
Can you stand in front of your CEO or Board and guarantee them that all the investments they have signed off for Information Security will protect them from the APTs or Hackers or the latest Malware? Can you? Have you invested in all the best tools, software, systems & devices AND are still not really confident if they all work together to find that one piece of malware that you know may cost your company millions of dollars in reputation and fines?
Don't spend a penny (or dollar) more on any new technology until you hear Amar's take on why all the tools, systems, devices are pretty much useless unless you have, as they say, "all your ducks in a row"
Breaking the mold of the typical CISO, Amar Singh is making a mark in the global InfoSec community as a leading, innovative, and benchmark-setting Information Security C-Level Executive. Amar brings a unique fusion of pragmatism, practicality, with a healthy dose of proportionate paranoia to his work and is commanding the Information Security and assurance space with his inspiring approach to Information Security Governance, Risk & Compliance.
Amar is also known for offering cutting-edge Solutions for all aspects of IT Security & Information Assurance development, from design and planning to creation of overall infrastructure and processes. Amar is a long time CISSP (33055), holds UK Security Clearance, and has several Industry certifications including ISACA's CRISC, Management of Risk Practitioner, ITIL, Certified Ethical Hacker and many others.
Patrick Grillo, Senior Director, Security Solutions, Fortinet
Advanced Threat Protection is built on the principle of Prevention, Detection and Mitigation. However, if the different technologies within each of these areas operate independently, there will be gaps between the different elements, gaps that can and will be exploited during an attack.
This session will focus the concept of bringing together all of the elements of Advanced Threat Protection to form a holistic, collaborative solution that encompasses all of the network.
Amar Singh, Chair of ISACA's UK Security Advisory Group, Exec. Board Member & Consultant to UK's National MBA in Cyber Sec.
Wishful thinking or a cursory security assessment may have worked in the past but dealing with persistent and advanced threats requires an equally sophisticated and mature approach.
While APT’s are on the rise and the use of zero-day vulnerabilities can be one of the weapons for such attacks, reality is that the large majority of incidents – advanced or not – occur using known vulnerabilities. Resolving these is, therefore, paramount to reducing the attack surface for cyber criminals.
Join Amar as he shares his tips on adopting a mature and continuing vulnerability management process that can help organizations reduce risk and be better prepared to respond to APT’s.
Jeff Melnick, Manager of Sales Engineering, Netwrix Corporation
According to Verizon’s “2015 Data Breach Investigation Report,” the cyberattacks are becoming increasingly sophisticated. Cybercriminals have been successful in creating new techniques and deceptive tactics that outpace security efforts. Under these conditions, what would be your approach to dealing with security threats?
Join us for a live webinar session and discover how auditing can help mitigate the risk of data breaches and solidify your security strategy overall. During the session, we will talk about:
- The latest data breaches and their ramifications;
- How auditing complements threat-defense mechanisms;
- What should be audited and why.
Today’s cyber attacks have become increasingly more sophisticated, requiring organisations to embrace an agile and ever more adaptive approach to their cyber security strategy. Join our webinar as we discuss the changing landscape of advanced threats in EMEA, look into the anatomy of APTs and explain why conventional security methods are no longer equipped to deal with these advanced attacks. In addition, we’ll share insights into real-life case studies of advanced threat actors using zero-day attacks and how an adaptive defense model allows FireEye to quickly respond, detect and remediate such attacks.
Jason Creasey, Information Security Consultant, Jerakano
Jason will introduce some of the major challenges associated with monitoring and logging cyber security events, highlighting the need to identify indicators of compromise at a much earlier stage and in a more consistent, insightful manner.
He will present a cyber-security monitoring framework, emphasising the benefits of taking a balanced, intelligence-led approach, based on fundamental log management and situational awareness. He will then look at what a cyber-security incident actually is and outline how to prepare for and respond to a cyber-security incident effectively – ensuring that it is properly followed up - helping to reduce the frequency and impact of future cyber security incidents.
Finally, Jason will introduce a cyber-security incident response maturity model, showing how you can measure the maturity of a cyber-security incident response capability.
The growing sophistication and evasiveness of cyber threats have redesigned the paradigms of the information security landscape. Since traditional signature-based technologies alone cannot keep the pace with advanced threats, a breed of new technologies has been developed to fill the gap in what seems an endless arms race against malware creators. In the same time, the volatility of the perimeter, direct consequence of the growing adoption of cloud services, dramatically broadens the vulnerability surface of the organizations, requiring a new approach for the CISOs in terms of both technologies and policies.
In this webcast we will analyse the current threat landscape related to advanced malware, demonstrating that, unlike what is commonly believed, it is not necessarily related to state-sponsored operations, but it is frequently used even in opportunistic attacks (and in several cases also available as a P/SaaS model).
After showing the characteristics that make a malware “advanced” (evasion at the endpoint and network level, polymorphism, etc), the webcast will outline the foundations of a multi-layered approach needed to detect, contain and mitigate the threats posed by advanced threats.
Ginny Turley, Director of North American Marketing
While network security encompasses both the physical and software preventative measures to prevent and monitor unauthorized accesses or misuse of a computer network, the adoption of a password management policy and strategy can be foundational to the prevention of unauthorized uses of network resources. In many cases, simple password management is the weakest link. In this webcast, we'll explore what needs to be done to strengthen this important and oft overlooked aspect of network security and discuss password synchronization, and self-reset functions that can save time and money - and a lot of post-it notes as well.
Diana Garcia, Customer Onboarding and Training Manager, PhishMe
As spear phishing continues to be one of the top security threats, enterprises have looked to user training programs to bolster their defenses. One of the main challenges security awareness professionals face is implementing a phishing training program which shows continuous improvement and value to their organization. How do you start and build upon a training program to showcase continuous success?
The key to implementing an effective program is to focus on the biggest threats and leverage behavioral metrics to drive your program. During this webinar, Diana Garcia, Manager, Customer Onboarding and Training, will cover:
-How do you implement a phishing awareness program and run it continuously?
-What are the key elements of a successful program and what does it look like?
-How do you show the value this program and your trained users add to the security organization?
Araldo Menegon, Global Managing Director, Financial Services, Fortinet and John Bryant, CTO of Options
Fortinet protects the most valuable assets of the largest financial services institutions across the globe. Learn how they provide high-performance protection against cyber-threats by hearing from security experts and key customers.
David Dufour | Senior Director of Security Architecture
Traditional cybersecurity approaches aren’t effective in the world of IoT with the vast disparity in device capabilities, resource constraints and architectural designs. This diversity has created an environment where attacking the IoT infrastructure of an organization will become more common place. This presentation will discuss what can be done in the near term to help protect against attacks on the varying device types and their ecosystems.
Andrew Hay, Director of Security Research, OpenDNS & Meg Diaz, Product Marketing Manager, OpenDNS
Many have hypothesized about the security impact of the “Internet of Things” (IoT) for enterprises, but for the first time, we have actual data on the potential security risks introduced by these devices—and the results may surprise you!
Andrew Hay, Director of Security Research at OpenDNS, conducted a multi-month study on the prevalence of IoT devices in enterprise networks. In this webcast, Andrew will walk through the key findings, including:
The prevalence of IoT devices—even in the most regulated industries—and which devices are most commonly found
Where IoT hosting infrastructure is located on the internet
Vulnerabilities found in IoT hosting infrastructure
Implications to consider for your security program
How to gain IoT visibility in your enterprise network
- See more at: https://www.opendns.com/enterprise-security/resources/webcasts/internet-of-things-in-the-enterprise-the-data-behind-the-risks/#sthash.INikZJu0.dpuf
In this cloud DLP webcast, “Cloud Security Alliance and Elastica: Revealing Shadow Data”, Jim Reavis, CEO of CSA, and Elastica delve deeply into the Elastica Q2 2015 Shadow Data Report and share insights into how organizations can unlock the full business potential of cloud apps and the sensitive corporate data stored in them, while staying secure and compliant.
In addition, Ben Munroe from Cisco shares his insights into how Cisco is addressing the cloud data loss prevention problem.
Looking beyond Shadow IT, this webcast examines:
• What types of sensitive data are typically found in cloud sharing apps (PHI, PCE, and PII)
• Which vertical industries have the riskiest exposures (Hint: its healthcare) and what steps can be taken to mitigate the these risks.
• Why managing Shadow Data is the next critical step in protecting cloud apps beyond just controlling Shadow IT.
• How to build an effective cloud app security architecture that provides visibility, control, and remediation.
You can’t defend against something you don’t understand. Most network attacks are actually easy to understand if you have the right background. Join SolarWinds’ Mav Turner to review the basics of network security. He will discuss key concepts and core networking technology necessary for a solid foundation to secure your infrastructure.
Technology trends such as cloud, mobile, and collaboration help businesses boost growth and competitiveness but each brings it own set of security gaps that give attackers a clear path to slip malware into the network, evade detection, and steal valuable information.
In 2014, global malware attacks increased by 136%. Attackers launch twice as many unique attacks. These are trying times for every organization as it faces elevated risk from the latest threats and cyber-criminals bent of greed and nefarious deed. Join us as security experts look at some of the latest security challenges and discusses the building block of developing a resilient security defense system to help you effectively combat evolving threats as they emerge.
You will learn how to better protect your networks as well as yourself with solutions that reduce work for IT and security teams.
In this webinar, you will:
1. get up to speed on the current threat landscape
2. discover ways to take advantage of modern-day network security tools and services for ongoing protection against new threats
3. learn why it truly counts to have a nimble threat research and response team working for you
4. and why it truly makes a big difference to have multiple layers of threat protection to bolster your security posture
Mark Allen, Technical Sales Engineer and Bjorn Hovd, Technical Sales Engineer
They may be the oldest tricks in the book, but SQL injection and cross-site scripting (XSS) attacks still put a hurt on thousands of web applications every year, impacting millions of users—your users and customers. SIEM solutions are essential in finding these exposures quickly, by collecting and correlating data to spot patterns and alert you of an attack. Join us for this demo to learn more about how these attacks work and how AlienVault USM gives you the built-in intelligence you need to spot trouble quickly.
How these attacks work and what you can do to protect your network
What data you need to collect to identify the warning signs of an attack
How to identify impacted assets so you can quickly limit the damage
How AlienVault USM simplifies detection with built-in correlation rules & threat intelligence
Its taken decades for the leading financial services firms to establish trusted relationships with their customers - but that trust can be shattered in seconds with the click of a fraudulent email. Don't let cybercriminals misuse your brand, creating spoofed emails purporting to be from you, attacking your customers.
Learn to identify how fraudsters are impersonating financial services communications and what you can do to take back control of your email communications - so that the only emails your customers receive are the ones you are legitimately sending.
Mike Woodward, Program Director of Data, BitSight Technologies
Some cyber security analysts called 2014 “the year of the retail breach” due to major breaches affecting major American retailers and leading to millions of compromised customer records. Cyber security has continued to grab the headlines over the past year, as major breaches have affected companies across all industry sectors, from healthcare to finance.
Join this webinar to learn more about the security performance of six major industry sectors: finance, government, retail, utilities/energy, healthcare and education. Mike Woodward, Program Director of Data will reveal interesting insights into the performance of each industry based on BitSight’s proprietary Security Ratings data.
Attendees will learn:
- What are Security Ratings and how are they developed
- How and why does security performance vary across different industries
- Which industry sectors are still vulnerable to Heartbleed, POODLE and FREAK
- What botnets are trending across different industry segments
Michael Osterman, President, Osterman Research, Inc.
File sharing is the single most common activity on corporate networks and between companies, and email is still the most-used channel for file sharing. It’s easy, it’s ubiquitous, and it gets the information to its destination with a single click. So what’s the problem with sharing files via email?
Register today to hear Michael Osterman, President of Osterman Research, and Peter Brown, Director of Product Marketing, Intralinks, review:
•The drawbacks and costs of relying on email for file sharing
•The problems organizations face when employees turn to consumer-grade file sharing tools as a solution
•The steps that organizations should consider for enterprise collaboration
All registrants will receive a complimentary copy of the Osterman Research report “The Critical Need for Enterprise-Grade File Sync and Share Solutions,” including data from an in-depth survey on file sharing practices.
Matt Johansen, Director of Security Services & Research, WhiteHat and Jonathan Kuskos, Manager TRC Europe Ltd, WhiteHat Secur
Every year, our adversaries gain more intelligence and the number of attacks on our applications increase. The damage of these attacks are costly to organizations, reaching millions of dollars a year. The Top 10 Web Hacks Webinar, now in its ninth year, represents exhaustive research conducted by a panel of experienced security industry professionals.
In this webinar, you will learn:
•The top web hacks, ranked by your peers and a panel of industry experts
•How to protect your organization against these attacks
•Industry wide research on new advanced attack techniques
For Certified Members and Information Security Professionals Globally
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.