Defining and Justifying an Advanced Security Program

As the cyber threat landscape evolves, lawmakers are prompting organizations to protect their networks and handle sensitive information more mindfully with cyber security and breach notification laws that are stricter, carry higher penalties and result in further enforcement.

Companies are spending more time and resources managing cyber security risks—but where should organizations focus their time, talent and spend? And how does a multinational organization navigate these complex regulatory requirements?

Join Ron Bushar, VP and CTO of Government Solutions at FireEye, Michael Trevett, Director of Professional Services at FireEye Mandiant, and Heather Sussman, Partner at Ropes & Gray, as they share their security and legal expertise:

• Executive perspectives on the impact changing security regulations has on how organizations are thinking about cyber security
• Regional overviews of existing and upcoming regulations in North America, EMEA, and APAC
• Impact of GDPR on regional business landscapes since its formal release in May
• Influence of the SEC’s recent interpretive guidance on security risks and incident disclosures
• Best practices for making cyber security a strategic priority and a competitive advantage


Also don't miss "Leading with Threat Intelligence – How to Select the Right Security Provider," the first webinar in this two-part series aimed to help you be better prepared for what's to come in 2019. Register Now - https://www.brighttalk.com/webcast/7451/342393

Today’s sophisticated attackers often hide within the noise of abundant alerts generated by a myriad of security products. Limited budgets, a shortage of skilled security staff, and rigid regulatory requirements make it difficult for organizations to effectively identify and understand these threats—negatively affecting risk-based decision making and asset protection.

Effective cyber security requires an understanding of who is likely to target you, and how they operate.

As security leaders and executives turn to service providers to evaluate their security maturity, manage business risks and build sustainable security programs, they often ask ‘how do I select the right security partner for my organization?’

Join Nick Flores, Security Consulting Director at FireEye Mandiant, as he shares insights and expertise on:

• Selecting the right service provider for your organization
• Realizing limitations of providers who apply traditional and compliance-focused approaches
• Working with providers who intimately monitor attackers across the evolving threat landscape
• Understanding the role of cyber threat intelligence in effective cyber security services
• Asking the right questions of your security providers to enable critical business decisions

Also, don't miss "Navigating Today’s Global Cyber Regulations – Regional Perspectives," the second webinar in this two-part series aimed to help you be better prepared for what's to come in 2019. https://www.brighttalk.com/webcast/7451/337259

As cyber threats continue to proliferate and expand, so does the arsenal of tools organizations employ to protect against the attackers. With most security solutions equipping to solve only narrow problems, it has become the norm for organizations to deploy an unbearable amount of technologies. Join Misha Sokolnikov, Director of Product Marketing, FireEye as he provides:

• An overview of why security solutions today are not integrated and cause complexity, inefficiencies and excessive alert noise
• The tactics that threat actors use to take advantage of disjointed, complex security technologies
• The most critical threat vectors and how the consolidation and integration of security tools can help you improve your security posture

Register Now!

Cyber threats plague the financial services industry:
• Advanced persistent threat (APT) actors seek to support economic reforms and reach state goals
• Financial threat actors seek financial gain through the direct theft of funds or the sale of stolen information
• Disruptive threat actors and hacktivists seek to gain publicity, divert banks' attentions, or demonstrate a political motive

Any one of these threats would increase activity in an industry, but the presence of all three likely accounts for the large number of intrusions in financial services organizations.

Join us for a live video panel and get executive insights for critical topics relevant to the financial services industry, including the:
• Nature of threats, as well as their motivations and tactics, techniques and procedures (TTPs)
• Ripple effect consequences of geopolitics
• Cost of a breach and importance of risk awareness in the boardroom
• Need to keep GDPR a high priority

Mandiant responded to an incident in 2017 at a critical infrastructure organisation where an attacker deployed malware designed to manipulate industrial safety systems. The targeted systems provided emergency shutdown capability for industrial processes. This malware, called TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers.

Join David Grout, our Technical Director for South EMEA, for a live session and get insights into the technical framework details and the potential outcomes.

In many ways, public cloud is more secure than a traditional data center. And yet, assets on the public cloud are still being compromised just as those stored in traditional data centers. Mandiant, the industry leader in incident response consulting, estimates that 15 percent of all of its incident response involves public cloud assets. So, if the cloud is more secure, why is it still getting hacked?

In this session, we will discuss
• the challenges in Cloud Security
• how to design an effective strategy to tackle them

Ransomware, application exploits, advanced persistent threats, all put your data, customer information and intellectual property in more danger than ever, putting your company’s reputation and revenue at risk. Even if you are able to protect yourself against today’s threats, you cannot stand still. Threats and threat actors are constantly evolving. You need to understand how the threats are evolving and what you need to do to protect yourself.

In this expert panel discussion with Colin Connor Director, Threat Intelligence and Cyber Forensics at AT&T, Seth Summersett, Chief Scientist at FireEye and Jim Waggoner, Sr. Director of Product Management for Endpoint Security at FireEye, learn how threats are evolving, how companies are becoming more proactive in the response to the threats and how technology is changing to provide greater protection, detection and response to the emerging threats.

Due to the combination of growing cyber risks threatening critical assets of organizations today, and firmer security regulations enforced by lawmakers across the globe, security leaders are increasingly taking steps improve their risk management processes and key stakeholder communication—to enable better decision-making around security domains and necessary investments.

This includes adoption of new risk management methods to generate realistic risk forecasts, effective metrics techniques, and a clear roadmap for capability improvements.

Join Matthew Keane, Sr. Director of Strategic Services at FireEye, Travis Fry, Sr. Consultant at FireEye, and Michelle Visser, Partner at Ropes & Gray, as they share their security and legal expertise on:

• Security risks across the complete cyber attack lifecycle, not only detection and response
• A simple and proven method for approaching the risk reality facing all organizations
• The rising cyber security insurance market and how it will affect risk management efforts
• Influence of new regulatory requirements and the SEC’s interpretive guidance on disclosure issues
• Using threat intelligence to ensure risk management efforts are based on real-world threats and ongoing adversary activities, not hypothetical or academic scenarios
• Best practice exercises to test your incident response plan based on real-world experiences
• Techniques for effectively reporting risk and capability needs to a Board-level audience

Despite the continued focus on security and cyber-risk, most organisations demonstrate poor alignment between the business and security in the consideration of risk. This disconnect can start right at the beginning of a business process, where security is often not involved early enough (or at all) in strategic projects. Boardroom visibility of security threats is often weak, while the nature of security threats means that a continuous reassessment of risk is required, but rarely occurs.

This webinar explores the gap between security and business risk, and examines the opportunities for alignment in Digital Trust, as a prerequisite for digital transformation.

How prepared are you and your organization to respond to a data breach?
Executives and their teams in PR/Communications, Cybersecurity, IT, (external) Legal Counsel, and others, should all be intimately aware of the Breach Response Plan and practice their tasks regularly through a Cyber Breach Simulation, or Tabletop Exercise.

Ropes & Gray and Mandiant have joined forces to help you evaluate your organization’s ability to respond effectively to a cyber incident before it occurs. The Tabletop Exercise uses gameplay techniques to assess your cyber crisis processes, tools and proficiency from legal, governance and technical perspectives. During the exercise, multiple scenarios based on real-world experience are simulated in a roundtable environment, allowing Ropes & Gray to provide concrete legal advice to your organization based on the results, including advice on potential enhancements to your organization’s cyber breach and incident response preparedness that Mandiant and Ropes & Gray identify through the exercise.

About Ropes & Gray
Ropes & Gray privacy & cybersecurity attorneys have advised and assisted clients in responding to cyberincidents of multiple shapes and sizes, including many of the largest incidents in history, and apply that extensive background to counsel clients on cybersecurity incident preparedness.

About Mandiant
Mandiant, a FireEye company, has over 14 years of near-daily interaction with organized, persistent attackers and threat groups around the world. Mandiant consultants spend hundreds of thousands of hours annually working with organizations of all sizes to remediate security breaches, identify vulnerabilities and provide guidance on closing security gaps.

Threat intelligence has the power to enhance an organization’s security effectiveness, improve its time-to-response, and reduce business risk. No matter where an organization is on the continuum of security operations maturity, threat intelligence can provide significant value. The question is, what is the best way to maximize that value? What advantages can you gain through simple process or technology changes to ensure that you’re ready to respond quickly to the threats that matter? Come hear from our experts about what threat intelligence can do for you, and hear from a FireEye customer who has made this journey, transforming its security operations to be intelligence-led.

IoT devices have become a mainstream part of our lives. IoT devices are no longer just consumer devices, rather they are interwoven in different parts of corporations.

The August 2016 Mirai botnet attack has shown that security in IoT is required to have overall security. The lack of security in IoT devices not only affects users, but also affects the society in a larger scale. Manufactures of these devices need to follow a set of guidelines to ensure secure developments and deployments.
Moreover, device consumers such as corporations should be aware of their attack surface.

Join us for a live webinar as we address the top security and privacy issues in IoT devices, the threats that are targeting them and recommendations for possible solutions.

With numerous market-leading companies making negative data breach headlines this year, and attackers constantly evolving their techniques, tactics and procedures, it seems there’s no longer a case of ‘if’ an organisation will be breached, but instead ‘when’.

“Do you know how your team will respond to and remediate a cyber-attack?”, is an increasingly pertinent question that all C-suite leaders should be able to answer—and more importantly, have a role in finding that answer to ensure their organisation’s cyber-security posture and incident response (IR) plan is built for success.

Join and contribute to the conversation as Judith Moore, Director & Partner, Corporate and Crisis at FleishmanHillard Fishburn, Mark Deem, Partner at Cooley LLP and Mike Trevett, UKI Director at Mandiant discuss:

•How to identify security maturity improvement areas before, during and after a breach
•Why constantly-evolving threats require organisations to periodically revisit their crisis communication plans
•What actions organisations should take to ensure they can effectively protect their reputation in the event of a breach
•Which key strategic communication tactics should be considered when reporting a breach

Artificial intelligence (AI) is a transformative technology that provides organizations with better cyber defense tools but also helps adversaries improve methods of attack. Organizations need to understand how AI will impact cyber security before they rely on it for their defenses.
Watch this webinar as we discuss:
• How AI tools can be used for offensive and defensive purposes in the cyber domain
• Changing geopolitical landscape as threat actors develop and implement AI capabilities
• Enhancement of a businesses’ defensive capabilities through AI technology
• How FireEye uses machine learning to bolster its internal defenses and tools

Most approaches to the global cyber security problem are usually focused locally inside separate organisations, who struggle to look out across the global landscape and effectively respond. National responses from government capabilities can be challenged by capacity and jurisdiction to truly understand the global threat environment, and to effectively respond. This presentation will highlight how FireEye utilises its various capabilities and threat focused teams from all parts of the business to build a cohesive global detection and response capability for the biggest global threats.

This presentation will outline how we tactically respond within our internal capability teams, and across our customer base of 67 countries and how we keep the media, our customers and our government partners informed on the latest information. How we scale quickly to respond to WannaCry or NotPetya to ensure our Community Protection mandate is relentless maintained is an impressive story. This presentation will highlight how our FireEye technology arm and FireEye's subsidiary companies of Mandiant and iSight work seamlessly together in a global cyber threat event to bring our best against the world's most advanced cyber threat actors.

Executive Vice President and Chief Marketing Officer, Vasu Jakkal, shares what you can expect from the Cyber Resilience Virtual Summit. Learn why the intelligence-led approach matters and what you need to know to prepare, defend and protect your organization from a breach.

In a recent congressional hearing on “Understanding Cybersecurity Threats to America’s Aviation Sector,” Representative John Ratcliffe, stated “Cybersecurity is National Security.”

As threat actors continuously seek to do malicious harm, cybersecurity must increasingly play a larger role in national aviation security to mitigate risks and solve for resilience. Join Christopher Porter, the chief intelligence strategist at FireEye, as he shares the topics he covered from his expert congressional testimony. This webinar will highlight:

• Case studies focused on threats specific to the aviation industry, including insight on global disruptions FireEye analysts have observed
• A unique perspective on program gaps that exist between federal, state and local government, and the private sector
• Hidden dependencies in aviation, such as threats to critical infrastructure that can cascade into disruptions of aviation operations
• Ways in which FireEye Threat Intelligence can help inform program strategy and investment prioritization

Register Now

This webinar is part of BrightTALK's Privacy Insights Series and National Cyber Security Awareness Month (NCSAM).

With the proliferation of the Internet of Things into every sphere of our lives, it's now more important than ever to understand the security and privacy risks associated with connected devices. With smart home devices, office tools, children's toys, even medical devices being vulnerable to cyber attacks, becoming cyber aware should be a key priority for everyone.

Join privacy and cyber security experts for an interactive panel roundtable discussion on:
- The privacy and security vulnerabilities and risks stemming from IoT devices
- The basic safety measures you can deploy to protect your home and workplace against cyber threats
- Best practices for privacy and security safeguards
- What to do in the event of a breach
- What the future of privacy looks like

Speakers:
- Elena Elkina, Partner at Aleada Consulting
- Parnian Najafi Borazjani, Senior Analyst, FireEye
- Ondrej Krehel, Digital Forensics Lead, CEO & Founder, LIFARS
- John Bambenek, VP Security Research & Intelligence, ThreatSTOP

Audience members are encouraged to send questions to the speakers to be answered during the live session.

Cyber threats plague the financial services industry:
• Advanced persistent threat (APT) actors seek to support economic reforms and reach state goals
• Financial threat actors seek financial gain through the direct theft of funds or the sale of stolen information
• Disruptive threat actors and hacktivists seek to gain publicity, divert banks' attentions, or demonstrate a political motive

Any one of these threats would increase activity in an industry, but the presence of all three likely accounts for the large number of intrusions in financial services organizations.

Join us for a live video panel and get executive insights for critical topics relevant to the financial services industry, including the:
• Nature of threats, as well as their motivations and tactics, techniques and procedures (TTPs)
• Ripple effect consequences of geopolitics
• Cost of a breach and importance of risk awareness in the boardroom
• Need to keep GDPR a high priority