Defining and Justifying an Advanced Security Program

Due to the evolution of today’s cyber threat landscape, lawmakers are paying closer attention to how organizations protect their networks and sensitive information they handle.

Around the globe, cyber security and breach notification laws are becoming stricter, carrying higher penalties and resulting in further enforcement. Companies are finding themselves devoting more time and resources to managing cyber security risks—but where should organizations be focusing their time, talent and spend? And how does a multinational organization navigate these increasingly complex regulatory requirements?

Join Ron Bushar, VP & CTO of Government Solutions at FireEye, Michael Trevett, Director of Professional Services at FireEye Mandiant, and Heather Sussman, Partner at Ropes & Gray, as they share their security and legal expertise surrounding:

• Executive perspectives on the impact changing security regulations has on how organizations are thinking about cyber security
• Regional overview of existing and upcoming regulations in North America, EMEA, and APAC
• How GDPR has affected regional business landscapes since its formal release in May
• Influence of the SEC’s recent interpretive guidance on security risks and incident disclosures
• Best practices for making cyber security a strategic priority and a competitive advantage


Register Now

As cyber threats continue to proliferate and expand, so does the arsenal of tools organizations employ to protect against the attackers. With most security solutions equipping to solve only narrow problems, it has become the norm for organizations to deploy an unbearable amount of technologies. Join Misha Sokolnikov, Director of Product Marketing, FireEye as he provides:

• An overview of why security solutions today are not integrated and cause complexity, inefficiencies and excessive alert noise
• The tactics that threat actors use to take advantage of disjointed, complex security technologies
• The most critical threat vectors and how the consolidation and integration of security tools can help you improve your security posture

Register Now!

Cyber threats plague the financial services industry:
• Advanced persistent threat (APT) actors seek to support economic reforms and reach state goals
• Financial threat actors seek financial gain through the direct theft of funds or the sale of stolen information
• Disruptive threat actors and hacktivists seek to gain publicity, divert banks' attentions, or demonstrate a political motive

Any one of these threats would increase activity in an industry, but the presence of all three likely accounts for the large number of intrusions in financial services organizations.

Join us for a live video panel and get executive insights for critical topics relevant to the financial services industry, including the:
• Nature of threats, as well as their motivations and tactics, techniques and procedures (TTPs)
• Ripple effect consequences of geopolitics
• Cost of a breach and importance of risk awareness in the boardroom
• Need to keep GDPR a high priority

Mandiant responded to an incident in 2017 at a critical infrastructure organisation where an attacker deployed malware designed to manipulate industrial safety systems. The targeted systems provided emergency shutdown capability for industrial processes. This malware, called TRITON, is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers.

Join David Grout, our Technical Director for South EMEA, for a live session and get insights into the technical framework details and the potential outcomes.

In many ways, public cloud is more secure than a traditional data center. And yet, assets on the public cloud are still being compromised just as those stored in traditional data centers. Mandiant, the industry leader in incident response consulting, estimates that 15 percent of all of its incident response involves public cloud assets. So, if the cloud is more secure, why is it still getting hacked?

In this session, we will discuss
• the challenges in Cloud Security
• how to design an effective strategy to tackle them

Ransomware, application exploits, advanced persistent threats, all put your data, customer information and intellectual property in more danger than ever, putting your company’s reputation and revenue at risk. Even if you are able to protect yourself against today’s threats, you cannot stand still. Threats and threat actors are constantly evolving. You need to understand how the threats are evolving and what you need to do to protect yourself.

In this expert panel discussion with Colin Connor Director, Threat Intelligence and Cyber Forensics at AT&T, Seth Summersett, Chief Scientist at FireEye and Jim Waggoner, Sr. Director of Product Management for Endpoint Security at FireEye, learn how threats are evolving, how companies are becoming more proactive in the response to the threats and how technology is changing to provide greater protection, detection and response to the emerging threats.

Due to the combination of growing cyber risks threatening critical assets of organizations today, and firmer security regulations enforced by lawmakers across the globe, security leaders are increasingly taking steps improve their risk management processes and key stakeholder communication—to enable better decision-making around security domains and necessary investments.

This includes adoption of new risk management methods to generate realistic risk forecasts, effective metrics techniques, and a clear roadmap for capability improvements.

Join Matthew Keane, Sr. Director of Strategic Services at FireEye, Travis Fry, Sr. Consultant at FireEye, and Michelle Visser, Partner at Ropes & Gray, as they share their security and legal expertise on:

• Security risks across the complete cyber attack lifecycle, not only detection and response
• A simple and proven method for approaching the risk reality facing all organizations
• The rising cyber security insurance market and how it will affect risk management efforts
• Influence of new regulatory requirements and the SEC’s interpretive guidance on disclosure issues
• Using threat intelligence to ensure risk management efforts are based on real-world threats and ongoing adversary activities, not hypothetical or academic scenarios
• Best practice exercises to test your incident response plan based on real-world experiences
• Techniques for effectively reporting risk and capability needs to a Board-level audience

Despite the continued focus on security and cyber-risk, most organisations demonstrate poor alignment between the business and security in the consideration of risk. This disconnect can start right at the beginning of a business process, where security is often not involved early enough (or at all) in strategic projects. Boardroom visibility of security threats is often weak, while the nature of security threats means that a continuous reassessment of risk is required, but rarely occurs.

This webinar explores the gap between security and business risk, and examines the opportunities for alignment in Digital Trust, as a prerequisite for digital transformation.

How prepared are you and your organization to respond to a data breach?
Executives and their teams in PR/Communications, Cybersecurity, IT, (external) Legal Counsel, and others, should all be intimately aware of the Breach Response Plan and practice their tasks regularly through a Cyber Breach Simulation, or Tabletop Exercise.

Ropes & Gray and Mandiant have joined forces to help you evaluate your organization’s ability to respond effectively to a cyber incident before it occurs. The Tabletop Exercise uses gameplay techniques to assess your cyber crisis processes, tools and proficiency from legal, governance and technical perspectives. During the exercise, multiple scenarios based on real-world experience are simulated in a roundtable environment, allowing Ropes & Gray to provide concrete legal advice to your organization based on the results, including advice on potential enhancements to your organization’s cyber breach and incident response preparedness that Mandiant and Ropes & Gray identify through the exercise.

About Ropes & Gray
Ropes & Gray privacy & cybersecurity attorneys have advised and assisted clients in responding to cyberincidents of multiple shapes and sizes, including many of the largest incidents in history, and apply that extensive background to counsel clients on cybersecurity incident preparedness.

About Mandiant
Mandiant, a FireEye company, has over 14 years of near-daily interaction with organized, persistent attackers and threat groups around the world. Mandiant consultants spend hundreds of thousands of hours annually working with organizations of all sizes to remediate security breaches, identify vulnerabilities and provide guidance on closing security gaps.

Threat intelligence has the power to enhance an organization’s security effectiveness, improve its time-to-response, and reduce business risk. No matter where an organization is on the continuum of security operations maturity, threat intelligence can provide significant value. The question is, what is the best way to maximize that value? What advantages can you gain through simple process or technology changes to ensure that you’re ready to respond quickly to the threats that matter? Come hear from our experts about what threat intelligence can do for you, and hear from a FireEye customer who has made this journey, transforming its security operations to be intelligence-led.

IoT devices have become a mainstream part of our lives. IoT devices are no longer just consumer devices, rather they are interwoven in different parts of corporations.

The August 2016 Mirai botnet attack has shown that security in IoT is required to have overall security. The lack of security in IoT devices not only affects users, but also affects the society in a larger scale. Manufactures of these devices need to follow a set of guidelines to ensure secure developments and deployments.
Moreover, device consumers such as corporations should be aware of their attack surface.

Join us for a live webinar as we address the top security and privacy issues in IoT devices, the threats that are targeting them and recommendations for possible solutions.

With numerous market-leading companies making negative data breach headlines this year, and attackers constantly evolving their techniques, tactics and procedures, it seems there’s no longer a case of ‘if’ an organisation will be breached, but instead ‘when’.

“Do you know how your team will respond to and remediate a cyber-attack?”, is an increasingly pertinent question that all C-suite leaders should be able to answer—and more importantly, have a role in finding that answer to ensure their organisation’s cyber-security posture and incident response (IR) plan is built for success.

Join and contribute to the conversation as Judith Moore, Director & Partner, Corporate and Crisis at FleishmanHillard Fishburn, Mark Deem, Partner at Cooley LLP and Mike Trevett, UKI Director at Mandiant discuss:

•How to identify security maturity improvement areas before, during and after a breach
•Why constantly-evolving threats require organisations to periodically revisit their crisis communication plans
•What actions organisations should take to ensure they can effectively protect their reputation in the event of a breach
•Which key strategic communication tactics should be considered when reporting a breach

Artificial intelligence (AI) is a transformative technology that provides organizations with better cyber defense tools but also helps adversaries improve methods of attack. Organizations need to understand how AI will impact cyber security before they rely on it for their defenses.
Watch this webinar as we discuss:
• How AI tools can be used for offensive and defensive purposes in the cyber domain
• Changing geopolitical landscape as threat actors develop and implement AI capabilities
• Enhancement of a businesses’ defensive capabilities through AI technology
• How FireEye uses machine learning to bolster its internal defenses and tools