Website Threats: It’s Not All About the Hacker Anymore
Website Security Series Part 3
The external threat landscape is evolving; web-based malware and legitimate website hacking is continuing to fluctuate as we learn and adapt our network defence strategies, or externalise our infrastructure to mitigate risk. However, do these initiatives around protection extend to our customers?
Every organisation has a web presence and increasingly this presence is not just for broadcasting corporate brands and products; it is used to collect and socialise personal information from customers and constituents and process regulated financial transactions.
In this session Symantec will discuss:
- Top threats that target customer identities
- How the Trust model of SSL has survived the last 18 months
- Why the Internet’s top brands are moving to Always-On SSL
- Why not all SSL certificate infrastructures are created equal and how this can influence business growth
- How to manage an expanding cryptography infrastructure effectively
Mike Smart is the Senior Manager of International Product and Solutions at Symantec.
In his role, Mike is responsible for driving Symantec’s Trust Services business across International and emerging markets. He joined Symantec in 2012 from SafeNet where he was Director of Products and Solutions in EMEA.
Mike has a strong history in the SMB and Enterprise IT Security arena and has been at the forefront of introducing new technologies and solutions to the market in areas such as Cloud Security Solutions, Information Leakage Detection and Prevention and Unified Threat Management. Mike is an active member of the UK’s Get Safe Online not-for-profit organisation which provides a leading source of unbiased, authoritative information on protection against fraud, identity theft, viruses and many other problems encountered online.
RecordedJun 21 201240 mins
Your place is confirmed, we'll send you email reminders
Tom Brewster, TechWeek; David Willson, Titan Infosecurity Group; Vladimir Jirasek, Cloud Security Alliance; Paul Brettle, HP
How do you respond when your organisation has been breached and law enforcement is unable to help?
More and more companies are turning from a reactive response to breaches to a proactive one: preventing a breach before it happens and hacking back. This panel session will feature 4 experts discuss these topics in-depth, from its technical to legal implications.
Jason Hart, SafeNet; Gargi Mitra Keeling, VMware; Jofre Palau, Vodafone; Patrick McBride, Xceedium, Leonor Martins, SafeNet
As companies migrate to the virtual datacenter, executives must deal with security, audit, and visibility of their environment which has grown beyond their physical datacenter. Because of this, hesitancy remains and many questions are still being asked. What is a next-gen datacenter? What changes as businesses take steps toward a hybrid datacenter? When they move to a virtualized environment, how does their data remain secured and in their control? Will encrypting data in this environment achieve visibility and control of who is accessing it? Plus despite more knowledge on virtual risks, cloud services are still being purchased without authentication, adopting cloud first and then thinking about security second. So how can organisations win the struggle with authentication in the cloud?
Join your fellow professionals for this lively and insightful discussion providing a complete vision on virtual risks in a virtual world. Then understand a way to manage risk, maintain compliance, accelerate and protect business from evolving security threats.
Social business represents a new transformational opportunity for organizations. After initial forays into external social media, many companies are now discovering the value of applying social approaches, internally as well as externally. Social business can create valued customer experiences, increase workforce productivity and effectiveness and accelerate innovation. But many companies still wrestle with the organisational and cultural challenges posed by these new ways of work.
Join this webinar to hear the proven results from easily integrating social into your everyday tools to improve your business.
About the speaker:
Chris Moore is a Social Business Specialist for IBM Collaboration Solutions. He has 7 years experience and knowledge of Collaboration and Exceptional Web Experience technologies; including IBM Notes, Domino, Sametime, Connections, Docs and Web Experience Suites.
Paul Wallace, Director of Product, Stingray, Riverbed Technology
Public cloud providers offer better uptime and business continuity than most organisations can achieve on their own, despite well-publicised outages. But failing to plan for an outage, means you are planning to fail. At the center of this argument is the concept of designing for resilience: organisations should not hide from failure, but rather expose themselves to it early and often, in a way that allows them to learn quickly and build the right infrastructure to build reliability in an unreliable world.
Join Paul Wallace, Director of Product at Riverbed Technology, as he discusses strategies that will help you design for resilience and security, and learn how to:
* Prepare for unplanned cloud outages
* Build a globally resilient cloud application
* Avoid some of the most common mistakes when faced with a cloud outage
Cyber-risk is one of today’s most high profile business risks. While good cyber-mitigation strategies can reduce this risk, it cannot be eliminated – defences will be breached. The organisation’s ability to respond to and recover from these breaches – its cyber-resilience – is fundamental to its risk management strategy. This session examines cyber risk, the pervasiveness of cyber-incidents and the key steps in building a cyber-resilience strategy.
About the speaker:
Alan Calder is chief executive of IT Governance, the single-source provider of books, tools, training and consultancy for IT governance, risk management and compliance.
He is a leading author on information security and IT governance issues. Alan is the co-author (with Steve Watkins) of the definitive compliance guide, ‘IT Governance: An International Guide to Data Security and ISO27001/ISO27002’.
Eoin Keary, OWASP Global Board. CTO BCC Risk Advisory Ltd
The premise behind this talk is to challenge both the technical controls we recommend to developers and also our actual approach to testing.
We continue to rely on a “pentest” to secure our applications. Why do we think it is acceptable to perform a time-limited test of an application to help ensure security when a determined attacker may spend 10-100 times longer attempting to find a suitable vulnerability? How can we expect developers to listen to security consultants when the consultant has never written a line of code? Why are we still happy with “Testing security out” rather than the more superior “building security in”?
This talk is sure to challenge the status quo of web security today.
About the speaker:
Eoin is international board member and vice chair of OWASP, The Open Web Application Security Project (owasp.org). During his time in OWASP he has lead the OWASP Testing and Security Code Review Guides and also contributed to OWASP SAMM, y and the OWASP Cheat Sheet Series.
Eoin Keary is the CTO and founder of BCC Risk Advisory Ltd. (www.bccriskadvisory.com) an Irish company who specialise in secure application development, advisory, penetration testing, Mobile & Cloud security and training.
Eoin has led global security engagements for some of the world’s largest financial services and consumer products companies. He is a well-known technical leader in industry in the area of software security and penetration testing.
Stephan Hadinger, Solutions Architect, Amazon Web Services
Understand how to create an elastic data center and connect existing networks and application assets to resources in the cloud. AWS will discuss technologies such as VPC and Direct Connect and common use cases from Enterprise customers.
Ryan Shuttleworth, Technical Specialist, Amazon Web Services
In this presentation AWS will talk about some of the transformations that Cloud computing brings to the delivery of IT infrastructure and how enterprises can leverage these changes to create cost efficient, agile and customer focused systems.
Peter Wood, First Base Technologies; Giles Hogben, CSA; Christian Papathanasiou, OWASP; Jason Steer, FireEye
How prepared are you to detect a breach? Advanced malware, persistent threats and zero-day targeted attacks are causing problems for organisations of all sizes, as traditional security measures have become ineffective in keeping them secure.
This panel will explore how organisations can benefit from advanced techniques to defend themselves against APTs. These include big data analytics, real-time threat monitoring and direct exposure. There will be a case study on the recent APT1 report discovered by Mandiant.
Is your service desk only good for a quick peck on the cheek, is it a lifetime commitment, or do you avoid it at all costs?
How can you ensure that your customers see the service desk as a long term and enriching business relationship and not just a basic commodity, or only the last port of call with their Technology issues?
This session looks at key elements of IT Services and front line Service Desk features that are needed to ensure that technology is delivered and appreciated as a value-add and not just seen as a necessary but unwanted cost. This will include all the elements you need for a Service desk makeover to attract new admirers.
Steve Durbin, Vice President, Information Security Forum
Recently highlighted as being one of the top 5 threats for 2013 by the ISF, this webinar maps out how you can respond to the ‘consumerisation’ challenge today – whatever stage you are at – based on current efforts to formulate good practice at leading ISF Member organisations around the world. It offers independent guidance on how to plan your security response not only in terms of how your people use mobile devices, but also in terms of protection solutions, provisioning and support, and meeting statutory requirements.
About the speaker:
Steve Durbin is Global Vice President of the Information Security Forum (ISF). He is a regular speaker and chair at global events and is quoted in the Financial Times, Wall Street Journal, Forbes, Deutsche Presse, Süddeutsche Zeitlung, CIO Forum, ZD Net, and Information Week.
Steve has considerable experience working in the technology and telecoms markets and was previously senior vice president at Gartner. He is also currently chairman of the Digiworld Institute senior executive forum in the UK, a think tank comprised of Telecoms, Media and IT leaders and regulators.
BYOD is no longer a consideration, it’s a reality. Every day over 2 million new wireless devices are being activated and these devices will show up on you network. And while most wireless vendors are talking about the potential security risks, which are considerable, almost no one is discussing the impact the sheer numbers of devices will have on your networks performance.
A recent Gartner study did and stated that ‘By 2015, 80% of newly installed wireless networks will be obsolete because of a lack of proper planning’. Many administrators still designing for coverage, when capacity limits are the true Achilles heel of wireless deployments. This session will discuss the varied client types and their capabilities, best practices to address growing device densities and how both impact overall network performance. IT administrator looking at a BYOD deployment or even just a wireless upgrade will gain valuable insight from this presentation.
Perry Correll is a Senior Technologist as well as the Director of Product Marketing at Xirrus. His extensive networking background extends from original Ethernet Thicknet technology, through the switching revolution and now is involved in pushing advancements in Wi-Fi technology to displace wired solutions. Previous roles included technologist and management roles at Cabletron, Xylan and Alcatel.
David Cuthbertson, Managing Director, Square Mile Systems
As networks, servers and applications all increase in complexity, how do you make it simpler and less costly to manage changes and improve performance? We’ll cover practical steps needed to develop the knowledge sets needed to support major transformation projects, as well as improving end to end IT management processes. Ideal for anyone who has found that mapping their IT infrastructure dependencies needs more than one white board!
Security is only as good as the response it generates. This talk will highlight how organisations need to redevelop their incident response strategies and move away from reactive responses to proactive ones. This includes detecting potential attacks as early as possible and ideally before they happen. The webinar will cover strategies, tools and techniques that those responsible for incident response can implement to better improve their security posture.
About the speaker:
Brian Honan is an independent security consultant based in Dublin, Ireland. Brian founded and heads IRISSCERT which is Ireland's first CERT. He also lectures on information security in University College and sits on the Technical Advisory Board for a number of innovative information security companies. Brian is author of the books "ISO 27001 in a Windows Environment" and "The Cloud Security Rules", is regularly published in a number of industry recognised publications and serves as the European Editor for the SANS Institute's weekly SANS NewsBites, a semi-weekly electronic newsletter.
Peter Wood, Partner & CEO, First Base Technologies
We love technology. You can buy solutions that will stop intruders, prevent malware and make data loss a thing of the past. Or can you? Why, despite spending millions on hardware and software, do we continue to be at the mercy of criminals? Because we ignore the real purpose of computers: to help people share and use information. We complain about the insecurity of BYOD, cloud and social networking, but fail to exploit our best defence. Let's change the paradigm and focus on people as the solution, not the problem.
About the Speaker:
Peter is a world-renowned security evangelist, speaking at conferences and seminars on ethical hacking and social engineering. He has appeared in documentaries for BBC television, provided commentary on security issues for TV and radio and written many articles on a variety of security topics.
Peter has worked in the electronics and computer industries since 1969. He has extensive experience of communications and networking, with hands-on knowledge of many large-scale systems. He founded First Base Technologies in 1989, providing information security consultancy and security testing to commercial and government clients. Peter has hands-on technical involvement in the firm on a daily basis, working in penetration testing, social engineering and awareness.
Peter Judge, NetMedia Europe; Marvin Wheeler, ODCA; Lawrence Lamers, DMTF; Josh Townsend, VMUG
Virtualization has created obvious benefits for organizations deploying it. But why stop there? Taking your virtualization projects and expanding them to include a private cloud deployment will result in even greater benefits: scalability, security, agility and more. Join this panel of experts as they discuss common obstacles in moving to a private cloud, how it affects the services you provide and how you can get there in your own infrastructure.
In this live webinar, Riverbed Technology's Paul Wallace will discuss how you can integrate your ADC platform with automated provisioning and capacity management, using new tools for software-defined application delivery which can:
- Unbox your application delivery network, and extend your application stack
- Cut the cost of application delivery in virtual and cloud environments
- Simplify your application lifecycle through automation and application integration
- Enable access to application-level ADC capabilities and Layer 7 services
John Keppler, Computer Society; Peter Wood, First Base Technologies; Jagdeep Singh, Financial Times; Will Bechtel, Qualys
Threats from hackers and cyber-terrorists are increasing at a phenomenal rate. Consequently, private and public organizations are now in a heightened state of alert with concern about protecting their system infrastructure integrity and data security. In recent years, government agencies and customers have dramatically increased their requirements and scrutiny of corporate security process and procedures.
It is important for all IT professionals to develop a comprehensive understanding of the underlying principles for designing, engineering, and managing secure applications.
Attend this session and learn from industry experts how to know better your threats, efficiently secure the network, host and applications and incorporate security into your software development process.
Will Bechtel, Director of Product Management, Qualys
This presentation will review some of the reasons why web application security is so important. Citing data from the Verizon Data Breach Investigations Report which identified web applications as one of the primary attack and data loss vectors.
Next, an overview of a conventional scanning program will be outlined as well as how a cloud based service can enable organizations to develop a best practice program that moves the scanning into the software development life cycle (SDLC). We’ll show how this helps organizations find and fix web application vulnerabilities earlier in the life cycle, which lowers both the risk as well as the cost associated with addressing the security issues.
Monthly Webinars around the evolving world of Technology
Watch free webinars and videos in the Webrecruit IT Channel for the latest news, best practices and analysis from the IT world. From cloud computing to data centres, information security to IT service management, these webinars will be presented by industry experts from leading organisations. Tune in live to participate in polls and ask your questions to the speakers, or watch immediately afterwards on demand.