Find out what you need to know about PCI DSS compliance.
The Payment Card Industry Data Security Standard (PCI DSS) was created to help prevent credit card fraud and security vulnerabilities and threats. Any business that process, stores or transmits payment card data must validate compliance with the PCI DSS.
Led by a Trustwave expert, this webinar will help you:
•Understand the 12 requirements of PCI DSS
•Identify your responsibilities as a merchant
•Know how to get started
This webinar will be useful for anyone beginning the compliance process or looking to better understand the PCI DSS.
RecordedApr 5 201243 mins
Your place is confirmed, we'll send you email reminders
It seems every 3-5 years, the industry has new terms to discuss the state of security and guide security investments. The "Assume Breach" strategy caused us to think “Well, if I can’t stop attackers coming in, I have to assume they are already inside my network.” This led the market to change security focus on more detection and response, but the hackers already know what to do to hide. The "Assume Breach" strategy alone is a losing one. It must be combined with a Proactive Data Breach Prevention strategy.
In this webinar, we will discuss the balance needed between the two strategies and focus on the strengths of a proactive one.
We will look at:
-Thinking like the Attacker
-Securing Data Where It Lives
John Cartrett, Director, Trustwave SpiderLabs Americas
With a 67% increase in security breaches over the last five years, and an average cost of a data breach clocking in at $3.86 million, you can never be too careful in your approach to security. - Per Accenture
A strong security posture is a careful blend of the right people, processes, and technology aligning to ensure you remain one step ahead of the ever-evolving threat landscape, increasing attack surfaces and potential vulnerabilities resulting from digitization initiatives.
From remote employees connecting to an unsecured Wi-Fi network or unintentional violations of security policies to unpatched software or a previously undetected malware file, seemingly innocuous risks can maneuver their way around your existing tools--no matter how robust.
Amplifying your current security tech stack with human-led testing and simulated attacks provides heightened visibility into your environment, identifying these gaps before a bad actor can exploit them.
In this session, we'll be discussing:
Using red teaming engagements to confirm security efficacy
Employing blue and purple team exercises to amplify existing security protocols
How human-led testing differs from penetration testing and automated tools
Join the Trustwave SpiderLabs team to better understand the vital role human-led testing and adversarial-simulation (red, blue and purple teaming) plays in maintaining a mature, layered security posture.
Muktadir Khan - EMEA Engineer Director, Patrick Bayle - Cortex Systems Engineer Manager, Matthew Rhodes - EMEA Cortex Manager
Join Palo Alto Networks and Trustwave SOAR SME’s in a roundtable discussion as they explore the current market for SOAR, the challenge facing businesses and how together, their collaboration to enable a unique XSOAR offering.
• Why SOAR?
• How can Trustwave help?
• Solving the perpetual effort
• Cyber vs. Operational Use Cases
• XSOAR ROI
Ed Williams, David Bacon & Damian Hicklin - Directors at Trustwave
In 2020 we saw a huge leap forward in digital transformation, with digital transformation comes risk, with risk comes opportunity for malicious users.
Join us as we discuss the ever-evolving threat landscape from three different perspectives: Pen Testing, Digital Forensics (DFIR) and Threat Detection (TDRC).
We discuss security trends, what to do and where to focus on during these fast paced and difficult times.
This will be a live panel discussion and Q&A.
Featuring insights from:
Ed Williams – Director, Trustwave’s SpiderLabs, EMEA
David Bacon – Director, Director Digital Forensics and Incident Response, Trustwave’s SpiderLabs EMEA
Damian Hicklin - UK&I Practice Director, Consulting & Professional Services
Panelists from: Dept. of Children & Family Services, NatWest Markets, Nyotron, and Trustwave
2020 was the worst year on record for breaches. E.g. there were 2,935 publicly reported breaches in the first three quarters of 2020. According to a recent report from Risk Based Security, the number of records exposed in 2020 was up to 36 billion.
What can enterprises learn from this and do to better protect their data? Is breach prevention even possible?
Hear from the experts on what the new normal for organizations looks like, the cybersecurity best practices to adopt and what's in store for the rest of 2021.
The topics up for discussion will include:
- Cybersecurity in the new normal
- How attackers have take advantage of the pandemic
- Critical steps to take on the path to preventing data breaches
- Why data protection and cybersecurity should not be separate functions
- Best practices and solutions for breach detection and response
- Lessons from the field and recommendations for CISOs
Ashton D'Cruz, Director, CAO, CGO, CISO & Head - CC&S Governance, NatWest Markets Plc, INDIA
Allen Ohanian, CISO, Department of Children & Family Services
Nir Shafrir, VP, Global Field Engineering and Customer success at Nyotron
Andrew Kempster, Principal Consultant Incident Response/Digital Forensics at Trustwave
John Cartrett Director of Trustwave SpiderLabs North America and Ed Williams Director of Trustwave SpiderLabs EMEA
There is nothing like having first-hand access to what our experts learned through a combined total of more than 30 years in the field. Watch now to witness a live simulation that will cover ransomware installation, forcing reboots through group policy preferences, and how encryption technology works.
As the Covid19 pandemic ripped across the globe impacting our health, politics and our ability to continue to work, companies have been forced to shut down or otherwise present an opportunity for remote work. For some companies, that impact may have seemed minimal, due to already having a remote workforce. For others, the task of enabling remote work came with a lot of technical problems, support issues, and quite a few mistakes along the way. This type of chaotic situation, is exactly what the predatory threat actors of today are looking for. The mass confusion can lend itself to unauthorized bypass, internal reconnaissance and eventually, exfiltration of critical data.
During these critical moments it is absolutely vital to assess your critical assets, understand how your threat landscape has changed and perform routine threat hunts to identify anomalous behavior or unauthorized changes introduced to the environment.
Ed Williams, EMEA Director of SpiderLabs; Elliot Dellys, Director of Strategic Consulting for Trustwave EMEA
Join Ed and Elliot for a lively discussion covering common issues in cloud migration planning and execution, misconfiguration of sensitive repositories, managing an increased attack surface area, and tips for ensuring your migration journey is built for success – with security as a foundation, not an extension.
Ed Williams and Elliot Dellys have very different backgrounds, but regularly encounter the same phenomenon: organisations want to migrate to the cloud (or already have!) but are unsure of the risks it poses to their organisation. Drawing on over 20 years of collective experience, Ed provides deep technical insight into the most common issues his penetration testers exploit in the cloud while Elliot provides commentary on the oft-overlooked human, governance and regulatory considerations.
Travis Lee, Director Product Management & Mark Trinidad, Senior Product Manager
Your most critical and sensitive data lives in databases. Your customers, users or consumers not only expect you to protect it, you are required to by law
Data privacy cannot be met without proper data security. Long gone are the days when you could simply monitor database activity and react tactically to threats. Today’s security leaders realize that risks are constantly changing and evolving, therefore data security controls must be able to continuously assess risk posture and remediate against evolving threats. Attend this webinar to learn three critical strategies for getting ahead of data risks:
-Developing a continuous database risk assessment process
-Reducing access to data
-Using focused database monitoring to continuously harden your attack surface
Mark Whitehead, Vice President, SpiderLabs NA, Trustwave & Ulf Mattsson, Head of Innovation, TokenEx
New regulations are consistently coming to market that will have an impact on how we consume cybersecurity solutions.
Join Mark Whitehead, Director, SpiderLabs NA, Trustwave for an exclusive and informative video interview to learn more about:
- The challenges, risks and security gaps of the new regulations
- The hurdles that each new regulation and framework will present
- What the U.S. Department of Defense’s Cyber Maturity Model Certification (CMMC) is exactly
- What steps should companies be taking to prepare for CMMC
- What companies can do to succeed given the changing landscape
This video interview will be broadcast LIVE from San Francisco during the 2020 RSA Conference.
Terence Jackson (Thycotic), Ziv Mador (Trustwave), Mark Bagley (Verodin) & Chris Morales (Vectra)
Adversaries are growing in numbers and sophistication is regularly employing automation while AI and machine learning continue to be successful in various different attacks.
Join this panel of industry leaders and security experts to learn more about cyber attacks and how to protect your organization in 2020. Viewers will learn about:
- What the experts are seeing when it comes to successful and profitable breaches
- How businesses can be successful in stopping attackers in their tracks
- Expert recommendations for improving security in 2020 and beyond
This panel will be broadcast LIVE during RSA Conference in San Francisco.
Terence Jackson, Chief Information Security Officer, Thycotic
Ziv Mador, VP, Security Research at Trustwave SpiderLabs
Mark Bagley, VP Products, Verodin
Chris Morales, Head of Security Analytics, Vectra
Raj Mallempati (CloudKnox Security) | Chris Schueler (Trustwave) | Tim Choi (Proofpoint) | Nathan Wenzler (Moss Adams)
How are organizations handling security for their multiple clouds and applications? Join cloud and security leaders in an interactive discussion to learn about:
- Multi-cloud reality
- Addressing your cyber risk
- Managing vulnerabilities, detecting breaches and responding to incidents
- Automating security tasks across multiple clouds and applications
- Recommendations for improving enterprise cloud security
- Raj Mallempati, COO, CloudKnox Security
- Chris Schueler, Senior Vice President of Managed Security Services, Trustwave
- Tim Choi, VP, Product Marketing, Proofpoint
- Nathan Wenzler, Senior Director of Cybersecurity, Moss Adams
Brian Hussey, VP of Cyber Threat Detection and Response at Trustwave & Mark Whitehead, VP of Trustwave SpiderLabs
The threat landscape continues to evolve with new breaches leveraging both old and new Tactics Techniques and Procedures (TTP)s.
Hear from Brian Hussey, Vice President of Cyber Threat Detection and Response and Mark Whitehead, Vice President SpiderLabs to learn about the threats the Trustwave SpiderLabs elite security team identified during red team and threat hunt engagements and how to prevent against the growing threat landscape. Hussey and Whitehead will also discuss recommendations and best practices for a cybersecurity posture that can withstand the increased focus on cybersecurity when it comes to regulation and compliance.
If your organization is looking to better understand the cybersecurity maturity model certification (CMMC), data privacy regulations like CCPA and how to move to an adaptive security posture, don’t miss this session.
The primary goal for any security professional today is to present less of a target-rich environment for the slew of cyber swindlers aiming to compromise critical assets. However, as businesses continue to scale, leveraging multiple clouds to upgrade their operations, larger sets of dispersed data are expanding the battleground and presenting overwhelming challenges from a data protection standpoint.
One effective method that more businesses are wising up to is penetration testing, which allows them to locate the root of many problems before attackers do. To be successful against your adversary, you have to think like them, and penetration testing allows for this to happen.
To aid pen testing professionals, the Trustwave SpiderLabs team is always at work developing new ways to make their jobs easier and more productive.
Dubbed AttackSurfaceMapper, the tool is intending to speed up and simplify the reconnaissance process for pen testers, allowing them to focus on the exploitation process a bit more, according to Andreas Georgiou, security consultant at Trustwave, and one of the tool’s creators.
By taking a single IP address or domain, AttackSurfaceMapper analyzes it by using passive OSINT techniques and effective reconnaissance methods. This results in hard, actionable data that security professionals can use to spend more time on the testing, and less time on manually performing reconnaissance.
In the full video interview above, Trustwave outlines what you need to know about this open-source tool and how it can benefit your security efforts today.
Through the Trustwave Fusion platform, security leaders and their teams now have deep visibility into their network by connecting the digital footprint of their business to a security cloud made up of Trustwave’s data lake, advanced analytics, and actionable threat intelligence.
In this video, Trustwave Vice President of Americas for Managed Security Services, Jesse Emerson, breaks down the platform's benefits for security organizations across industries.
Most IT roles tend to involve long hours and high stress levels, but with breaks between projects. The reality of a cybersecurity professional, however, is that their job is never fully complete. Much like an air traffic controller or a law officer, just one oversight can result in detrimental consequences. The constant pressure of identifying new threats, contending with persistent adversaries around the clock, and assessing how third parties and introduction of new technologies may impact risk is psychologically taxing. Furthermore, it may weaken the enterprise cyber resiliency.
Join this Q&A interview live from Black Hat to learn more about:
- Burnout in cybersecurity
- The effect of AI and behavioral analytics on burnout
- Industry shortage of security expertise and how to address it
- How to alleviate day-to-day cybersecurity stress
Frank Downs, Director/SME Cybersecurity Practices, ISACA
Chris Schueler, Senior Vice President of Managed Security Services, Trustwave
Sachin Deodhar, Technical Director of Threat Intelligence, APAC Region, Trustwave SpiderLabs Fusion Center
From an incident responder perspective, the cyber threat landscape today, and in the coming years, appear forbidding and treacherous.
With the rise in the adversaries’ use of sophisticated trojans to target organizations with techniques to bypass two-factor authentication, destructive malware to thwart forensics, and living off the land techniques to evade attack vendor and persist longer we are compelled to develop equally innovative means to combat such threats.
In this webinar you will understand the emerging (attackers') tactics, techniques, and procedures (TTPs) that pose serious challenges to current defense paradigms; in particular:
1. Examine ATMITCH campaign targeting financial institutions with a focus on subverting and compromising ATM terminals.
2. Understand the complex and sophisticated Emotet Trojan wreaking havoc on the Financial Sector.
3. Understand limitations of blocking PowerShell and how adversaries can run "PowerShell without PowerShell".
4. Come to terms with the fact that two-factor authentication is broken. We will describe one technique using a reverse proxy as a man-in-the-middle for two-factor authentication bypass and account takeover.
Mark Weatherford (vArmour), Azi Cohen(WhiteSource) | Mark Whitehead (Trustwave) | Joseph Kucic (Cavirin Systems)
Tune in for this exclusive panel on the key factors for a successful security strategy. This is a Part 1 of 2 CISO panels during Black Hat exploring the ever-changing role of the CISO, the factors influencing their success and the elements needed to build a more cyber resilient enterprise.
Join top cyber security executives for an interactive Q&A roundtable discussion on:
- The changing role of CISO
- Why cybersecurity should be a key priority
- Key resources every CISO needs
- How to recruit, develop and retain security talent
- Why investing in your security culture matters
- Biggest cyber security challenges and how to overcome them
The session is being brought to you in partnership with ITSPmagazine and will be streamed LIVE from Las Vegas during Black Hat.
Mark Whitehead (Trustwave) & Mari Galloway (Women's Society of Cyberjutsu)
Join Mark Whitehead, Director, Spider Labs Americas at Trustwave for an exclusive interview at Black Hat 2018 in Las Vegas on the latest cyber threats and trends in cybersecurity. Some of the topics up for discussion will include:
- What are the 3-5 top cyber threats CISOs are worried about in 2018? What's new on the threatscape?
- How to improve cybersecurity? Key areas to focus on. Top recommendations for CISOs.
- Data breaches affecting millions of users are on the rise. What are the security controls / policy changes / tech solutions businesses should implement to prevent breaches and detect them faster?
- What are the biggest threats to security coming from the IoT? Are you worried about cyberwarfare? How should we be protecting our critical infrastructure?
- Cybercrime is on the rise. How can businesses defend against ransomware, phishing, social engineering, and other cyber-attacks? Is investing in technology enough, or should the focus also be on cyber awareness education for employees.
- There is chronic shortage of skilled cyber security workforce in the US and worldwide. How are businesses coping with the lack of cyber talent in the age of cyber-attacks? Is AI/ML helping alleviate the problem? How does diversity (or lack thereof) play into all of this?
- What career path will be most advantageous to people starting their cybersecurity career?
- Can you explain testing maturity models as it relates to test organizations conduct to test their security posture?
- How do you properly scope testing?
- How do you test in cloud and hybrid environments?
- Can you explain the compliance vs security mindset?
Thanassis Diogos, Managing Consultant, Incident Response EMEA at Trustwave
Cybercriminals are setting their sights on hospitality businesses across the U.S. and Europe with unprecedented malware attacks known as Carbanak, as part of precise and difficult-to-stop APT-style operation that we code-named 'Grand Mars'.
Our Trustwave SpiderLabs team of incident responders and researchers have spent months analyzing Grand Mars and its elements, and unlocking strategies that can be used to identify and mitigate this insidious campaign – which may soon spread to e-commerce and retail organizations as well.
Join our webinar where the author of the report will be sharing the findings including:
•How the attackers make initial entry and force infection
•How they achieve persistence
•How they perform lateral movements
•Which malicious files they use
•Which signs indicate you’ve been compromised
•Which countermeasures you should apply immediately
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than 2.7 million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective data protection, risk management and threat intelligence. Trustwave is a privately held company, headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit www.trustwave.com.