Open Source Adoption in Enterprises - The Risks, and How to Mitigate

In simple cybersecurity language - Vulnerability Management is all about identifying and fixing critical security vulnerabilities in your IT infrastructure. But it is easier said than done due to the following 2 main challenges:

1. WHAT are the right vulnerabilities to fix?
There is a deluge of information regarding vulnerabilities, threats and exploits out there, and it is a struggle to know what is relevant to my context. My organization. CVSS scores don't necessarily reflect the criticality to my assets.

2. HOW to fix them quickly?
Once you manage to identify the right vulnerabilities to fix, the challenge is to get it done quickly, given the large set of assets and dependencies on multiple distributed teams to fix things.

It is like we are always running to catch-up - the typical hamster wheel of Vulnerability Management - you are continuously working hard, but never get there, no matter how hard you try. And before you complete one cycle, the next one hits you!

In this webinar we will talk about the challenges in more detail and how using a combination of vulnerability intelligence, analytics, AI and smart workflows, you can make it work for you, so that you can get off that hamster wheel once and forever.

Topic
As per Google and Boston Consulting Group, globally digital payments are expected to increase 3.3X to 4.2 $trillion by 2020, up from 1.2 $trillion in 2015. Digital payments which account for just 8% of retail payments currently is expected to jump to 18-24% by 2020.

There are no doubts that we are at the beginning of an exciting era of transformations in the digital banking space because there are many important trends around us that is fueling this shift. Examples - the increase in the number of smart phones and mobile internet usage, entry of non traditional/new players into the fintech space, more demanding customer base, enabling country/government regulations like the recent "demonetisation" exercise in India.

One thing that is a major concern in the minds of consumers, companies and agencies, and currently having a high potential to become the party spoiler is the topic of Cyber Security.

In this webinar we will cover the latest trends in security risks when it comes to digital banking, and how to mitigate them.

A must-attend for Security, IT and Product Dev leadership catering to the Banking, Insurance and Financial Services Industry.

Agenda
1. Current Trends in Digital Banking
2. Typical Digital Banking Portfolio
3. Mobile Banking - Security Risks and Best Practices
4. API Banking - Security Risks and Best Practices

Topic
In this webinar, we will cover how to develop a centralized issue management solution leveraging RSA Archer to integrate, manage and visualize overall risk postures of applications, systems and devices.

Given the threat landscape reality, it is hard to find organizations that have not been doing anything about it, but are you doing the "right" things?

Management of security issues in a large enterprise usually translates to dealing with several different tools like baseline control testers, vulnerability scanners, and SAST/DAST (Static/Dynamic Application Security Testing) tools. These tools are typically operated by various independent teams that churn out a deluge of reports on a periodic basis. These could be overwhelming to the system administrators.

Multitudes of systems and multitudes of fixes have to compete with lack of time, lack of resources, compatibility issues and lack of visibility. It is very difficult for the application owners and security teams to get an overall sense of risk exposure, and what to prioritize from a risk mitigation perspective.

We will be sharing some of the best practices in the industry gained by working with some of the best security-first organizations in the world.

Vulnerability Management is one of the first chapters in security, yet something that most of us still struggle with.

Our favorite is this one liner from the Verizon 2016 Data Breach Investigations Report. "Vulnerability management has been a Sisyphean endeavor for decades" (as per Greek mythology - Sisyphean was a king who was cursed to roll a large boulder up a hill, only to watch it come back to hit him, repeating this action for eternity.)

Unlike in the Greek times, today there is lot of data that can help. In-fact there is an overwhelming quantity of vulnerability and threat information available. The challenge is what to do with it in order to help mitigate risk better.
How do you pick the ones that are relevant to your specific case, How you action upon it and How you manage your remediation cycle before the next one hits you.

It is a game where the odds are always stacked up against you and you are always running to catch-up, to be repeated again in the next cycle.

How to change this ?

In this webinar we talk about Vulnerability Intelligence, and why and how it can help make Analytics really work in managing your vulnerability management cycles better.

The Pharmaceutical sector is one of the top targets for data threats. According to a 2015 survey by Crown Records Management, a global consulting company, 2/3rd of pharma companies have suffered serious data breaches while 1/4th have been hacked!

The primary reason for the threat is Intellectual Property (IP). The pharmaceutical sector is rich in intellectual property (IP) and research & development (R&D) of new drugs and medicines, the loss of which can significantly impact a company’s future. IPs targeted could be multiple across drug discovery programs, clinical development programs, drug registration applications, molecular formulae, patient records, production processes, manufacturing records, quality assurance and compliance data.

Also compromises in trial information or quality of product can seriously dent credibility of the company's brand and products. It can also lead to serious penalization by regulatory authorities.

Today, given that Indian pharma companies are an integral part of the global pharmaceutical ecosystem, they are not insulated from what is happening globally as can be seen from the recent happenings.

As per ASSOCHAM study, India's domestic drug formulations market is likely to cross $20 billion by 2018-2019 from a level of about $11 billion in 2013-2014.

A 2015 survey by KPMG related to India's Cyber-crime said that 44% of respondents believed that the pharma sector was a target for cyber-criminals. The primary reason being financial (65% respondents), but the close next was corporate espionage (46% respondents).

As obvious, there are outside threats, but also insider and business partner threats, because this industry has some of its most sensitive data often scattered across locations, sometimes with multiple partners.

In this webinar, learn about information risks in the pharma industry, and how to mitigate them by focusing on very specific areas.

The popularity of Open Source Software (OSS) Technologies in the recent years has greatly impacted the development and innovation of software.

The typical enterprise and application stack is made up of over 50% open source technologies. This mass adoption has helped every organization increase developer productivity and software production, as well as speed up the adoption of new technologies.

While many companies take advantage of OSS to improve their products and infrastructure, they often lag behind in the management and support of the OSS technologies they use. However, due to the fact that an organization's process involves hundreds to thousands of OSS components, errors and vulnerabilities are likely to arise and affect the enterprise's process, risk profile and DevOps productivity.

In order to mitigate the possible risks posed by these vulnerabilities, organizations, software executives and risk analysts need to understand the underpinnings of their infrastructure in order to be ready to repel attacks and threats.

Most organizations are only aware of 2% of their OSS usage. Organizations and enterprises must establish an efficient and effective process for choosing, managing and remediating the OSS they base their company's success on.

In this webinar, We will provide guidance for understanding the fundamental framework, important issues and concerns in Open Source adoption within the Enterprise, and share expert thoughts and practical tips in maximizing the benefits of using open source technologies and the best practices in managing security and legal risks.

Key Takeaways
1. Open Source basics
2. Choosing commercial and Open Source (OSS) Technologies
3. Security Risks and Challenges
4. Opportunities and Threats
5. OSS Tools and Work Process
6. Recent Trends and Developments

A must-attend webinar for senior leadership in IT and technology.

Today, the need to deploy security controls for managing digital identities and associated access is pretty well understood and expressed across industries and geographic regions.

There is enough literature in the public domain emphasizing why IAM is a must and what all can go wrong if a specific product is not implemented. While product centric material is available in plenty, there is limited guidance available for information security professionals to prepare themselves and their organizations for IAM, neutral of the product.

“68% of the security leaders claim they ran successful IAM programs; the top reason attributed to the success is detailed planning and preparation.”

As part of preparation and planning for IAM program, information security professionals need to understand the concepts and approach to tackle several pertinent matters.

In this webinar we will take you through a step by step approach from a practitioner’s perspective, covering all these concerns and the related topics

If you have been tracking the Cyber Security News lately, one thing is for sure - Cyber Attacks are imminent and it is a matter of time when you will be the next one to come under an attack, if not already.

What Robert Mueller, Former Director of FBI said in RSA Conference in March 2012 is still very relevant.
"I am convinced that there are only two types of companies: those that have been hacked and those that will be. ” and what he says further makes it worse "And even they are converging into one category: companies that have been hacked and will be hacked again."

Cyber attacks are no more a work of lone warriors or a group of hackers but involve cyber crime syndicates, collaborating and pumping large amount of money, precision, knowledge, expertise and persistence. Their capabilities are equal if not better than state sponsors.

Data says that cyber security incidents affects all kinds of organizations - small, medium or large and across all industries - financial, telecom, utility, health care, education and more. Organizations fail to detect and respond to security incidents due to weak monitoring capabilities and lack of expertise, tools and procedures.

In this webinar we will look at the cause and effect of the problem, analyze preparedness and learn how you can better prepare, detect, respond and recover from cyber attacks.

Key Learning
1.The threat landscape and how existing monitoring and response capabilities are ineffective in detecting and responding to advanced attacks
2. Lifecycle and speed of an attack and how early detection can help in responding and managing losses
3. Blueprint for an effective (and vendor neutral) Incident Management Program