Closing the Book on Heartbleed - and Avoiding Future Sad Stories
The Heartbleed vulnerability in OpenSSL forced millions of users to changed passwords and enterprises to rapidly patch thousands of servers.Because of all the publicity there continues to be a lot of CXO-level awareness around cyber security and now is the perfect time to recommend strategies for avoiding or mitigating the next Heartbleed - and there *will* be a next one. There were many lessons learned during Heartbleed than can be used to bolster your plans and your presentations to management to gain funding.
In this SANS Special webcast, John Pescatore, SANS Director of Emerging Security Trends will present an overview on the details around Heartbleed and an update on the current status, risks and industry efforts around software security. He will then moderate a panel of vendor experts in a discussion around lessons learned from dealing with Heartbleed and best practices for mitigating or shielding the risks due to vulnerabilities in open source and other third party software. Panelists will include Joanna Burkey, TippingPoint DVLabs Manager, and Joe Sechman, Manager, Software Security Research for HP.
RecordedMay 14 201461 mins
Your place is confirmed, we'll send you email reminders
Taking your Security Operations Center (SOC) to the next level has never been more critical. Organizations around the globe are investing heavily in cyber defense capabilities to protect their most critical assets. Don’t miss this webinar to explore key findings from the 2017 State of Security Operations report on cyber defense organizations’ capabilities and maturity. Learn what the most successful SOCs in the world are doing right, regional trends in the maturity of cyber defense capabilities and best practices to apply within your organization. Get the latest information on:
• Opportunities in automation
• Threat hunt teams and whether they are working
• New compliance regulations impacting SOCs
Register now and gain insight on the next steps your business can take to mature security operations in 2017.
With more security threats than ever before, organizations are looking to new ways to secure, manage and monitor their environments. The cost and scope associated with this issue are huge. Security environments have traditionally been closed, sealed and ‘secured’ by nature; but as organizations look to solve problems, they are embracing the idea of adopting open standards and architectures.
By embracing new, innovative and open standards, security organizations can look to solve complex problems in a modern new way. Explore how you can expand and grow your capabilities with simplicity, and more importantly in a predictable and cost-effective way.
This webinar will cover the evolving approach to help you solve security issues with modern open architecture solutions. Using the right approach and the right technologies are important to addressing requirements of log data storage, analysis, analytics and advanced security monitoring. Learn why integration is key and where ArcSight comes in.
Chip Mesec, Product Manager and Sam Pierre, Product Marketing Manager, Hewlett Packard Enterprise
The challenge with detecting malware is that it easily gets past traditional security solutions, placing your DNS infrastructure in harm’s way before you even notice it’s there. Hear how DNS operates and malware utilizes the DNS protocol to communicate with outside threats and exfiltrate data from an enterprise.
This webinar is ideal for IT and security managers who have limited experience with DNS or malware but are interested in how threats use this often overlooked protocol.
Viewers will learn:
•Practical strategies to protect your enterprise from bad DNS traffic
•Best practices for securing your DNS infrastructure
Travis Grandpre, HPE Director of ArcSight Product Marketing and Justin Kelso, HPE ArcSight
As organizations scale, having a robust security posture is critical. To achieve this, organizations rely on intelligent security operations. Visibility plays a crucial part in this. This means having visibility across boundaries, not just across networks and IT, but also into operational data and IoT devices.
Join this presentation to learn:
•What's needed to enable visibility into millions of events per second
•How to provide context to the collected data
•Role of machine learning in real-time correlation and analytics
•How to prioritize security analyst tasks, optimize resources and save time
Discover the capabilities powering intelligent security operations that enable you to track alerts and investigate threats at the speed of the attacker.
Scott Johnson, Director of Product Management, Fortify
Organizations moving at DevOps speed can easily integrate security testing into their Software Development Life Cycle (SDLC) workflow. Join this presentation to discover how built-in application security testing can become a seamless part of your coding process.
Viewers will learn:
- How integrations spanning all stages of development, deployment and production enable application security testing into the development tool chain
- How to empower your developers to test for security vulnerabilities earlier, build better code and secure your software
Connectors sound like a simple way of getting data from point A to point B. But that understates the tremendous power built into and delivered by connectors. This technical webinar discusses innovations in connectors to help customers detect threats originating from their cloud apps such as Office365, AWS and Box. Get an introduction to Quick Flex, the next-generation parser creation tool that makes connector upgrades quick and easy. Learn about the separation of the parser from the framework and its availability on HPE Security ArcSight Marketplace.
Have you been planning on establishing hunting capabilities but just can’t seem to get it started? Check out this webinar to gain a clearer understanding on hunt teams and their effectiveness. This webinar will deep dive into successes and most importantly lessons learned from Hewlett Packard Enterprise’s own journey with leveraging emerging capabilities and hunting techniques with customers. From solving data ingestion challenges to detecting bank heists, learn from HPE’s years of building hunt teams. Get a broader view of the ecosystem of breach hunting technology so you can execute your own successful hunt strategy.
Sue Barsamian, SVP and GM, HPE Security Products and Chandra Rangan, Vice President, Marketing, HPE Security Products
Get your questions answered and hear how the Spin-Merge benefits our abilities to deliver software for your security needs.
On September 7, Hewlett Packard Enterprise announced plans for a spin-off and merger of our Software business unit with Micro Focus, a global software company dedicated to delivering and supporting enterprise software solutions. The combination of HPE’s software assets with Micro Focus will create one of the world’s largest pure-play enterprise software companies. We will remain focused on helping you get the most out of the software that runs your business.
Join two of our HPE Software Enterprise Security leaders to hear firsthand about the recently announced spin-merge. Gain direct insight into what it means for you. This is a big opportunity for us to deliver even more of the Application Security, Data Security & Encryption, and SIEM organizations depend on in our fast moving world. Hear about our security portfolio strategy. Bring your questions and join us on this accelerated journey to success.
Sue Barsamian, SVP and General Manager HPE Security Products
In today’s increasingly connected digital world, your organization needs to adapt to how employees and customers want to use IT to do business. But to embrace innovative IT with confidence, you must protect against the threats that target people, the applications they use, and the devices and data they access. In this session, we will share how building security into the fabric of your IT infrastructure, together with giving Security Operations the tools to address threats intelligently, will enable you to power your business forward with confidence.
The third annual SANS survey on incident response will look at the continuing evolution of incident response, how tactics and tools have changed in the last three years and how security professionals are dealing with increasing numbers and kinds of attacks. The survey report and webcast will also look at key takeaways and recommendations for practitioners and management.
In this session, we will look at emerging trends in addition to survey results. Attendees will learn:
How integrated incident response tools are in the typical organization
What impediments hamper effective incident response
How budget allocations are projected to change over the next 12 months
Improvements planned in the next 12 months
Kerry Matre, Senior Product Marketing Manager, HPE Security & Christian Christiansen, Vice President Security Products, IDC
Disrupt Business of Hacking
Enterprises spend millions protecting themselves from adversaries and attempting to reduce their risk. Are their investments paying off? Hear from industry expert Chris Christiansen what organizations are doing to effectively make themselves less of a target for cyber criminals and how some enterprises make themselves an easier target for their adversaries. Gain insights on how these tactics have evolved over time and get a glimpse of what the future holds.
Join Forrester and HPE Experts discussing why enterprise investments in security aren’t having the desired impact due to reliance on point solutions and treating security as a silo, overlay function. Find out more about how Converged Security can help overcome these challenges:
A use-case driven approach enhancing current security practices
Integrates with existing security methods, creating a ‘security-by-design’ solution
Uses end-to-end collaboration to embed security throughout the IT service value chain
Jewel Timpe, Senior Manager at HPE Security Research
In a world where all devices now have global reach, risk is no longer contained to just one organization. Breaches now have collateral damage and legislation threatens security practitioners in unintended ways. Just as attackers continue to evolve their techniques, defenders must accelerate their approach to detection, protection, response, and recovery as we move into the concept of the digital enterprise.
Jewel Timpe, Senior Manager at HPE Security Research, will highlight our unique perspective on the attack surface. Drawing from the latest findings from the 2016 Cyber Risk Report, this session will provide critical guidance on responding to changing technology, impending regulatory changes, and reducing security threats in an interconnected world.
Expanding on the results of the 2015 SANS Incident Response Survey, the threat hunting survey explores the uses and benefits of threat hunting. Results of the survey will be presented in a two-part webcast.
In Part 1 of the webcast, attendees will gain insight into:
What threat hunting entails
What pitfalls stand in the way of attaining actionable results
What organizations are discovering through threat hunting
Many Security Operations Centers (SOCs) struggle in 3 key areas when it comes to personnel: continuous training, extending retention and measuring effective KPIs. In this talk we introduce the combination of gamification, user experience and machine learning as a concept to address these 3 challenges. We plan to share our real world experience implementing these concepts for the internal SOC at Hewlett Packard Enterprise.
Farshad Ghazi, Global Product Management, HPE Security – Data Security
Data security is one of the most challenging areas facing IT across consumer-transacting businesses today. The mega-breaches in the news are not physical and traditional perimeter security is insufficient. Instead, cyber criminals steal business-critical and customer-confidential data through malware, hacking and attack vectors that exploit security gaps throughout the extended digital enterprise.
The good news is there are standards-based, innovative data-centric technologies that protect sensitive data at rest, in motion and in use. Most important, implementing a data-centric security program does not hamper your organization’s ability to access, move, analyze, and use your data across platforms, to enable business success. CISO’s can mitigate risk while saying ‘yes’ to the business.
Attend this session to gain a deeper understanding of how to get ahead of rapidly evolving cyber-threats to secure sensitive customer and corporate data across your ecosystem.
We often hear that cyber criminals are sophisticated and that they are organized. But what does that mean exactly? What does it mean to our organizations? Hear how HPE is digging into the world of cyber-criminals to understand it and to disrupt it. See how these businesses are organized and when we look closely, see how they look a lot like our businesses. With a value chain that includes finance, marketing, customer and even legal functions, our approach to adversaries’ shifts from one that is basic and rudimentary to one that recognizes these organizations as competitors. We can begin to take these competitors into account when planning for future business innovations. Learn about the most valuable hacking business types, their motivations, and the weaknesses of this underground marketplace so that you can most-effectively protect your enterprise against these adversaries.
Albert Biketi, HPE Security – Data Security; Steve Schlarman, RSA; Charles H. “Hank” Thomas, Booz Allen Hamilton
In 2015 around 40 percent of data breaches were the result of external intrusions, while the remainder were caused by a lack of internal controls/employee actions, lost or stolen devices/documents, and social engineering/fraud. The good news is that the vast majority of security breaches can be prevented by implementing and enforcing basic security best practices with proven technologies.
Join this educational panel webinar to hear experts discuss how to establish a data protection plan and educate employees to maintain PCI compliance, and enforce basic security best practices and leverage technology solutions to prevent data breaches in 2016.
Michael Mackrill, Security & Intelligence Operations Consulting
SIEMs have been around for years and many companies are wondering if they actually got a return on their investment. Meanwhile, multiple vendors are claiming that their latest tool can do everything that a SIEM can and more! Can the SIEM survive?
We believe that the SIEM is not dead. SIEM is evolving. It must be remembered though that a SIEM is a living, breathing creature that must be cared, fed and interacted with in order to thrive. SIEMs have gotten more robust and can be used to interact with other security programs in ways that they couldn’t a few years ago. Companies need to utilize the SIEM as their central pane of glass to see the threats to their environment and use integration with other tools to help ensure the security of their electronic data.
Farshad Ghazi, Global Product Manager, HPE Security – Data Security
Join this webinar to learn how data-centric security brings next generation protection for reducing risk and protecting sensitive information as well as your brand, while enabling Cloud business practices. We’ll discuss how we help customers “accelerate next” and neutralize the possibilities of cloud data breaches. Find out how HPE SecureData for Cloud is a game changer.
Leading Security Intelligence & Risk Management Enterprise Platform
HPE is a leading provider of security and compliance solutions for modern enterprises that want to mitigate risk in their hybrid environments and defend against advanced threats. Based on market leading products, the HPE Security Intelligence and Risk Management (SIRM) Platform uniquely delivers the advanced correlation, application protection, and data security & encryption technology to protect today’s applications and IT infrastructures from sophisticated cyber threats. Visit HPE Enterprise Security at: www.hpe.com/security
Closing the Book on Heartbleed - and Avoiding Future Sad StoriesJoanna Burkey, TippingPoint DVLabs Manager, and Joe Sechman, Manager, Software Security Research for HP[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]61 mins