Attacks targeting the application layer are on the rise. The 2019 Application Security Risk Report by the Micro Focus Fortify Software Security Research team covers the industry trends and insights in the application security landscape.
Fortify on Demand analysis shows broad vulnerability in apps. 4 out of 5 tested web applications had at least one critical or high severity issue. Furthermore, 61% of tested apps had critical or high vulnerabilities not covered by the OWASP Top 10 2017.
In this webinar, we share results from our research:
• The attacks to watch out for in 2019
• How effective are the controls for application layer vulnerabilities?
• Privacy, Policy, and Standards
• Vulnerabilities in Open Source Dependencies
• Best practices to protect your business
Join us for the key takeaways of the 2019 Application Security Risk Report.
RecordedSep 25 201962 mins
Your place is confirmed, we'll send you email reminders
Zero Trust is a multi-disciplined approach to security. If you haven’t approached it that way, you may be disappointed with the results. We believe that identity powers security—and it isn’t any different when we think about Zero Trust. It is critical to consider identity when delivering a Zero Trust infrastructure, because the more you know about identities and their relationships, the better you can deliver verified activities across your ecosystem.
Join us for this webinar to discover how Micro Focus Identity and Access Management solutions can contribute to your Zero Trust initiatives.
Brent Jenkins, Jimmy Rabon and Dylan Thomas, Micro Focus
The Micro Focus Fortify 20.1 release, available now, provides a continued march towards the key strategic initiatives of the product suite with accelerated language support, providing end users with actionable results, continuing to expand our open source solution with Sonatype, hybrid delivery methods and shifting application security left. These initiatives and updates to the products support why Fortify was not only named a leader in the Gartner Magic Quadrant for Application Security Testing for the 7th consecutive year, but also named #1 for Enterprise organizations in Gartner’s Critical Capabilities report.
In this webinar we will cover the newest and best features of Fortify Software Security Center, Fortify Static Code Analyzer, Fortify WebInspect, and Fortify WebInspect Enterprise. These added features, along with the current capabilities, prove why Micro Focus Fortify leads the market for Application Security.
Jim Gerken, Director, Identity Practice, Novacoast and Kent Purdy, Product Marketing Manager, Micro Focus
A quick review of the Zero Trust landscape reveals a lack of focus on what organizations need to do to maintain user engagement while they upgrade their security model. The security challenge is to protect digital resources that span across diverse environments without inhibiting usability. If not done right, Zero Trust security has the potential to inhibit people getting their work done, or worse when applied to your digital customers, may push them away to a competitor.
In this webinar, we will cover the top challenges that Zero Trust places on organizations that recognize the importance of productivity and ease of doing business digitally.
• Zero Trust – means the least privilege, users have bare minimum access
• Users bump up and down their access dynamically – on-demand access is key
• Context changes and Trust is recalculated constantly – automation enables this
Stephen Cohen, Senior Systems Engineer, Micro Focus
Microsoft Office 365 offers customers a wide range of products and services with one monthly subscription fee. However, their one size fits all approach to digital archiving and compliance might not be suitable for everyone.
Join this webinar to learn:
• How Micro Focus Retain Unified Archiving and eDiscovery can augment governance across all your digital communications
• Provide coverage across more internal, mobile, and social communication platforms
• Decrease costs and improve usability and performance for multiple user bases
Andras Cser, VP, Principal Analyst, Forrester, Kent Purdy, Product Marketing & Troy Drewry, Sr Product Mgr, Micro Focus
As an organization's hybrid-cloud environment continues to expand far and wide beyond their control, the need for a zero-trust model is becoming mandatory. This higher level of digital security morphs identity verification from onetime event to a model where nothing consuming protected information is trusted by default.
In this webinar, Andras Cser, VP, Principal Analyst with Forrester, and Kent Purdy and Troy Drewry of Micro Focus discuss how the zero-trust security model has forced a new paradigm onto authentication implementations as well as best-practices to secure all of your environment.
Of course, criminals and other malicious actors are taking advantage of COVID-19. Of course. Anything is fair game to this crowd of bad actors. On top of dealing with unprecedented numbers working from home, Security Operations now must deal with the most unscrupulous group who are ramping up their attacks and targeting some of the most vulnerable amid the chaos.
When a change of this magnitude happens, you hope you’re set up to adjust, and fast. If you don’t, either your workforce is caught flat-footed, or you’re vulnerable.
These are both bad outcomes.
That’s why speed and agility are not just for Olympians (who will sadly miss the 2020 games - here’s hoping it’s just a one-year delay!). If you have the right technology setup, where it requires minimal overhead and gives the most flexibility, you give yourself a fighting chance to adjust quickly and safely, keeping folks working remotely where possible, and minimizing business slowdown.
Join Jeremy Lahners and Mario Daigle as they talk about the current Security Operations climate, new attack methods that are emerging, maybe do a little venting, and share ideas from successful customers that have managed to stay safe and productive.
Jon Taylor, Frans van Buul, Michael Coleman and Harley Adams, Micro Focus Fortify
Getting an Application Security program started takes a cultural shift, process changes, and a set of tools that don’t disrupt the speed and innovation of your software team. While many organizations have begun their AppSec journey, scaling those efforts from just a few applications to possibly thousands of applications per day come with a completely new set of challenges and issues. How can your organization make this transition from few to many with the current security resources, tools and expertise you have?
Join Micro Focus Fortify in this webinar, “Keys to Scaling an AppSec Program” to learn:
• The challenges in Scaling AppSec
• Common mistakes made by organizations today
• The keys to success in scaling
• How Fortify assists organizations grow and mature their AppSec programs
Nick Nikols, Vice President, Strategy, Micro Focus
Almost every security breach includes users as a target, source, or associated party. Organizations need to come to an understanding (quickly) that there cannot be, under any circumstances, an interruption or degradation of the user experience for internal users or customers. This is a critical element to the organization’s success. To do so, security teams will need to make security invisible and assume that everyone or every thing is not trusted until proven otherwise.
As a result, Zero Trust security is the new benchmark that organizations are setting their sights on. However, depending on who is talking about it, there is a significant difference in what constitutes a Zero Trust architecture. In turn, this creates a level of confusion in the market. Zero Trust workforce initiatives need to begin by focusing on identity, access, and data.
In this discussion, we will cover where Zero Trust is today and what we believe Zero Trust will become in the future—Adaptive Trust.
Stephen Cohen, Senior Systems Engineer, Micro Focus and Mark Carlin, Vice President of Sales, TeleMessage
People today are more connected, some say over-connected, than ever before. We are empowered with myriad ways of communicating with business partners, friends, and family.
Increasingly, legislative and regulatory changes require mobile device communications in the public and private sectors to be archived and produced upon request. Examples in the public sector include the Texas Public Information Act and Florida’s Government in the Sunshine law. The SEC and FINRA regulate mobile communications in the financial arena. Legal discovery obligations span public and private sectors.
Government and private organizations need to keep pace. The question is: How?
Join Stephen Cohen, Senior Systems Engineer at Micro Focus, and Mark Carlin, Vice President of Sales at TeleMessage, on Tuesday, May 5 at 10 a.m. PT and learn how to:
• Take advantage of a vast set of intuitive and powerful archiving features
• Gain better visibility across your organization’s digital communications
• Improve early case assessment performance
Paul Reid, Interset Technology Strategist, Micro Focus and Scott Taschler, Director of Product Marketing, CrowdStrike
How can you swiftly uncover and respond to elusive threats such as advanced attacks and insider threats? With the combination of Interset user and entity behavioral analytics (UEBA) and rich CrowdStrike endpoint data, enterprises like yours can now identify critical threats by learning the normal, unique behavior of every entity and detecting the most unusual or suspicious behaviors using endpoint logs.
Join us for this webinar on Tuesday, April 28 to find out more:
• Learn how Interset can leverage CrowdStrike Falcon sensor data to detect and respond to threats in your organization.
• Get an inside look into our cloud-to-cloud integration. We’ll show you real-world examples of UEBA and EDR working together to give security teams the context they need to detect signs of credential access, discovery, lateral movement, or data exfiltration quickly and effectively.
• Learn how Interset and CrowdStrike help protect businesses from threats in the time of COVID-19 and changing landscapes.
Brent Jenkins, Micro Focus Fortify and Curtis Yanko, Sonatype
It's really no secret that organizations are developing faster, doing more builds and releasing more frequently. In order to keep up with this business demand, most applications aren't built completely from scratch. Developers utilize third party, or open source components as building blocks, so they can focus their time and energy on the parts of the application that are specific to their business logic or competitive features. With an average growth of 75% over the last two years, open source component usage continues to increase at a rapid pace.
Over the past 15 years, thousands of companies such as Apple, JP Morgan Chase, and most notably, Equifax, have suffered breaches because of these open source components. This makes Software Composition Analysis (SCA) a “must-have” AppSec capability.
Join Micro Focus Fortify and Sonatype in this webinar, “Why Open Source Use is Common and Problematic” to learn:
• The State of Open Source Consumption
• The Risk Involved
• Why Software Composition Analysis is a “must-have”
• How Micro Focus Fortify and Sonatype are solving the problem
Hear the latest developments on Content Manager first hand from David Gould (WW Senior Director, Secure Content Management Solutions). In addition, see a special preview demonstration of upcoming features presented by Helen Barnes. Followed by a Q&A session.
Rick Dunnam, Orasi/Saltworks and Brent Jenkins, Eric Echols and Stan Wisseman, Micro Focus
Many people believe that development and security teams have competing priorities that often become the biggest barrier to the success of an application security program. Developers are usually resistant to their organization creating an AppSec program for fear of being slowed down in delivering their code. This negative mindset about security is often due to security professionals dictating rules, workflows and tools on developers instead of creating strong partnerships, common goals, and tools that seamlessly integrate with the development toolchain.
Join Micro Focus in this webinar to learn:
• Tips on creating partnerships with your devs
• Why developers are the key to your appsec program success
• Tools and Integrations vital to keeping developers engaged with security
• Use case of how one organization was able to reduce this friction
Emrah Alpa, Sr. Product Manager, ArcSight Global Content, Micro Focus
Achieving harmony in a chaotic SOC environment is notoriously difficult. But harmony is critical to effective threat detection and mitigation within your SOC.
Join this webinar to see how success on the dancefloor is surprisingly similar to success in a SOC… you should start slow, then build over time (in the correct order) to achieve harmony. If you define the known threats and write rules to catch them, you’ll be left with a smaller subset of unknown threats. Hunt those down, and they’ll become known. Then, repeat the process.
The MITRE ATT&CK Framework can be an extremely useful tool to accomplishing these goals. We’ll show you how, and will give you the insights you need to start building a self-defending enterprise.
Is there really going to be a live-DJ’ing experience?
Yes. Mr Alpa will start the show with a minimalistic melody and slowly build up to reach a groovy tune in about 30 seconds from start to finish.
Why learn about the MITRE ATT&CK Framework?
A SOC is not just a set of tools or perfectly tuned rules and algorithms. Time and people are your most important assets. Train your SOC team using a common language. Then, measure your defense posture, and your SOC maturity, using that same language.
MITRE ATT&CK Framework is the common language unifying ALL InfoSec and Ops teams worldwide. It is an encyclopedia that can be used by all your security teams, enabling your organization to write prescriptive/actionable steps against all cyber threats.
Who is Emrah Alpa?
Mr. Alpa is a diehard cyber warrior. In his own words, he defends castles and builds defenses. As a recognized Thought Leader & Evangelist with 20 years of InfoSec experience, he brings forward something you can't put on paper: a passion for what he does, and a burning sense of mission.
So please join us for this webinar to discuss “DJ MITRE” and the untold secrets of its real-world SOC implementations.
The speed and complexity of software development is rapidly increasing. Development teams have little to no time to ensure these applications are secure, even while the biggest and most severe data breaches that have affected both the public and private sectors all operate at the application layer.
Ensuring your applications are secure doesn't have to be a cumbersome process, though. With the right program and tools, you can improve or start your organization's security initiative without getting in the way of developers' productivity.
This webinar discusses the journey from scanning one application to building a mature program scanning thousands of applications.
View this webinar and you will learn:
•How people and process are crucial for success
•Why integration is essential for speed
•How to automate the process in a CI/CD pipeline
Michael Mychalczuk, Dir. Product Mgmt, Security Operations and Mario Daigle, VP Product Mgmt, Analytics, Micro Focus
As Security Operations Centers (SOCs) face an ever escalating war to find, train, and keep talented security professionals, the need for more efficient “Next Generation” security operations solutions becomes increasingly important.
But what exactly does “Next Generation” mean? You’ve heard the term before, but is it more than just a buzzword?
Join us in this webinar as we look into what “Next Generation” means in terms of Security Operations programs and how organizations can effectively manage risk in the midst of the industry’s ongoing Talent War. Our SecOps experts will make this a candid discussion into the legitimate challenges for SOCs today and how those challenges will continue to affect organizations over the next 3 – 5 years. We’ll also cover how Micro Focus is working to help your SOC address those issues through the power of layered and informed analytics.
California's Consumer Privacy Act of 2018 took effect on January 1, 2020. The law gives California residents the right to know what data companies collect about them and how that information is shared. Consumers will also have the authority to prohibit companies from selling their data.
The bill bears similarities to the EU’s General Data Protection Regulation (GDPR) but it is no clone, so even if you currently must comply with GDPR, the CCPA will be different. And, by the way, it's not the only privacy law at the state level.
This 20/20 webcast would look at recent privacy acts across the country and how it might affect the way U.S. businesses handle privacy concerns going forward.
Nurettin Erginoz, Director of Field Services, ATAR Labs and AdarshChandra Rai, Micro Focus
In the face of more data, increasing threats, and a fragmented security ecosystem, the next-gen SOC must be tech-driven and people-enhanced in order to stay ahead of attacks from inside and outside of the organization. Equipped with critical capabilities such as real-time correlation, user and entity behavioral analytics (UEBA), and security orchestration and automation (SOAR), the next-gen SOC fosters a proactive security posture that enables it to detect, investigate, and respond to known and unknown threats—at speed and at scale.
Instead of relying on disparate security point tools, the next-gen SOC leverages a natively integrated solution that offers fast and comprehensive threat detection, automates manual processes such as event analysis, and enables faster response. This creates a human/machine team where threat leads can be prioritized via human/machine driven analysis and security analysts/threat hunters can investigate leads with a unique contextual understanding.
This session is planned to demonstrate an End-to-End Integration of the ArcSight Family with Interset and Partner solution ATAR Labs – one of our SOAR integration partners.
Tim Sedlack, Charles Davis and Lacy Gruen, Micro Focus
As Linux continues its rise to a more dominant cloud deployment resource, it is critical for organizations that are adopting cloud-based solutions such as Azure and Office 365 to apply stricter policy controls to their Linux systems. Many are challenged with maintaining standard authentication, configuration, and policy controls for cloud-based Linux resources such as VMs, servers, apps, and services. Resources that are unmanaged or undermanaged can create compliance challenges and expose the organization to greater risk due to bad actors exploiting their deficiencies. Because cloud resources can be quickly and easily provisioned, it is easy to overlook security holes and inconsistencies.
Join us to discover how you can use the newest Micro Focus AD Bridge solution to leverage your existing AD infrastructure to centralize and normalize how you manage authentication, configuration, and policy across all Linux resources. The result is fully secured and managed Linux VMs in the cloud.
Why attend this session?
• Learn how to solve your Linux VM authentication, security, and policy challenges
• Find out how to standardize configuration using policy across your OS, apps, and services
• Discover how normalizing policy across the enterprise simplifies compliance audits
• See a demo of the industry’s first AD Bridge solution to extend to cloud-based Linux
Did you know that there’s a 96% shortfall in trained security analysts in the world? Organizations struggle to provide effective on-boarding and users find it difficult to understand the new security applications and processes.
Micro Focus Fortify and ArcSight are leaders in the IT security domain. Our Adoption Readiness Tool (ART) delivers structured on-boarding, continuous enablement, and quick access to support content that boosts the user adoption of your security operations team.
Reserve your seat for our webinar where you will learn about:
• The 3 key ingredients to boost user adoption rates of your security software
• Effective on-boarding with Fortify and ArcSight simulation-based training
• Best practices for documenting security operating procedures and runbooks
• Customer success stories
You will also see live demos, showing how to auto-generate Try-Me simulations, product demonstration videos, and step-by-step runbooks.
Work Smart and start using ART
Can’t make it to any of the live sessions? Register your seat to receive the presentation materials and recording of the live session. Micro Focus ART is a Software Education product and our consultants are specialists in implementing enablement and adoption programs. Learn more at www.microfocus.com/training and feel free to contact us if you have any questions, at https://microfocus.viewcentral.com/events/uploads/microfocus/contact.html.
Visit the ART product page for more information here, www.microfocus.com/software/art,
and try a sample from our simulation-based training here, https://inter.viewcentral.com/events/uploads/microfocus/art-demos.html.
With the industry’s broadest set of integrated Security, Risk, and Governance solutions, combined with deep domain expertise and industry-leading analytics, Micro Focus is uniquely suited to help organizations take a holistic approach to protecting identities, apps, and data. Very few vendors can assure security and governance professionals that they are protecting against breaches, guarding the privacy of individuals and their data, and complying with regulatory and jurisdictional regulations – at scale, with ease, insight and confidence. Visit Micro Focus Security, Risk, & Governance at: https://www.microfocus.com/en-us/trend/security-risk-governance.