Autopsy of a Data Breach – Common Mistakes that Lead to Breaches
In July 2013 the US Department of Energy suffered a breach caused by a known vulnerability in one of the applications used to store personal data from employees and their family members. A total of 104,000 records were exposed. Following the incident, the department investigated the chain of events that led to the breach.
The case illustrates some of the common challenges that organizations face when attempting to maintain the security of their technology environments.
The challenges include: fragmented infrastructures and heterogeneous environments; competing priorities between business units; unclear lines of responsibility and undocumented processes; lack of urgency and awareness over cyber security issues and the skills to assess risk; inadequate authority; and ineffective internal communication and coordination.
The in-depth scrutiny of the causes and consequences of this breach gives us the opportunity to reflect upon the challenges we face within our own organization. A case such as this shows that, while basic security principles seem obvious and easy to implement – and many of us assume they are in place – reality can sometimes prove to be very different to theory and best practice recommendations.
Join us, when we analyze the case and the data showing the importance of maintaining an overview and control over IT environments.
-Insights into the common challenges that organizations face when implementing an IT security strategy
-Data on the cost and consequences of data breaches
-Best practices for implementing a security baseline
-The importance of vulnerability intelligence to support risk assessment
-The importance of mitigating actions to avoid security breaches
- Q&A session
RecordedFeb 4 201447 mins
Your place is confirmed, we'll send you email reminders
Kelley Mak, Analyst, Forrester Research and Marcelo Pereira, Product Marketing Manager, Flexera Software
Vulnerability management is a necessary instrument for threat and risk reduction in enterprise environments. Yet, many organizations struggle to put a program in place that provides value to the enterprise beyond baseline compliance requirements. This is often due to challenges in three key areas of vulnerability management: discovery, prioritization, and remediation.
In this webinar, guest speaker, Forrester Research’s Kelley Mak, will provide insight on how enterprises can activate the full potential of their vulnerability management programs. Together with Flexera Software’s Marcelo Pereira, he will discuss how to combine principles of vulnerability management to other areas of operations management to efficiently improve security baseline.
John Pescatore, Director of Emerging Security Trends at SANS, Dylan Hudak and Marcelo Pereira from Flexera Software
Despite the awareness that patching plays an important role in every organizations security, we continue to see incidents in which software vulnerabilities are a root cause, or enabler of security breaches. We believe that a different perspective to patch management is the key to prioritize patching, reducing work load and improving the security baseline for organizations.
This webinar is for those in charge of scoping, supporting and executing patch management strategies. We talk about patch management in the context of security and will show how our solution, Corporate Software Inspector, can help organizations extend the scope of their Microsoft System Center implementation to prioritize patching of non-Microsoft applications.
One of the biggest challenges organizations face when trying to reduce the attack surface for cybercriminals and hackers is the lack of visibility and control over their IT environments, devices and applications. The ever growing number of software vulnerabilities makes it even more critical to leverage data from Software Asset Management (SAM) programs to help reduce security risk.
In this webinar, you will hear how to leverage existing SAM data sources such as discovery and inventory data, unlicensed and unauthorized software, along with vulnerability intelligence data, to drive mitigation of security risk through effective reduction of the attack surface.
Kasper Lindgaard – Director of Secunia Research at Flexera Software
Every year, Secunia Research at Flexera Software releases a review of the global vulnerability landscape, based on their large vulnerability database and data from the Personal Software Inspector user base.
The data in this research provides security professionals around the world with perspective on the impact and evolution of the threat landscape and what has trended throughout the year.
In this webinar, Director of Secunia Research at Flexera Software, Kasper Lindgaard will discuss the data presented in the Vulnerability Review 2016 and answer questions. The review itself is released on March 16.
-The number of vulnerabilities and zero-days detected in 2015
-How quick vendors are to respond to vulnerabilities
-Which programs have the most vulnerabilities
Amar Singh, Chair of ISACA's UK Security Advisory Group, Executive Board Member UK National MBA in Cyber Security
If you think pentesting is sexy, think again. Pentesting is mostly pointless if you have don't have the foundational backing of vulnerability information. Amar makes a bold claim and that is that Vulnerability scanning can be as important and sometimes more fun than running a pentest with some free tools. Yes, hacking maybe fun but if you really want to lower your risk exposure you need to get on top of vulnerabilities. Come and listen to Amar Singh as he shares the secrets of how to make your security assessments delivery maximum value within the shortest period of time.
Marcelo Pereira, Product Marketing Manager at Flexera Software
As we enter 2016, there is one certainty we all can have: we will continue to see costly breaches using well known vulnerabilities.
In this webinar, Marcelo Pereira will talk about the challenges that stop organizations implementing simple security best practices and suggest New Year’s resolutions related to Software Vulnerability Management that can help reduce the attack surface for cybercriminals and hackers.
Marcelo Pereira, Product Marketing Manager & Peter Jancso, Product Manager
Flexera Software just released Vulnerability Intelligence Manager 2016 - the first of the former Secunia products to be released under the Flexera Software brand.
Join us for an introduction and demo of Vulnerability Intelligence Manager 2016 and learn how the intelligence from Secunia Research and the functionality of the product can help your organization effectively reduce the attack surface for cybercriminals and hackers!
There is a critical relationship between Software Asset Management (SAM) and cyber security. Both disciplines require at their foundation the accurate and continual discovery and inventory of software assets within an organization's environment. Today IT asset management and security teams (and projects) are usually siloed within organizations, increasing the likelihood that security threats will slip through the gap. For instance, discovery and inventory of software assets are critical to both asset management and security teams - but are currently undertaken separately in most organizations.
Organizations able to leverage asset management insights combined with vulnerability data to rapidly address the most relevant cybersecurity threats will be ahead of the game. They can more effectively reduce the attack surface for cybercriminals and hackers. That means they will be also better prepared to identify and respond to breaches.
Join Flexera Software’s VP and Chief Architect, Santeri Kangas to hear about how these two disciplines can help organizations be more efficient and more secure.
Marcelo Pereira, Product Marketing Manager at Flexera Software
This webinar is focused on a strategic view of risk mitigation:
Vulnerabilities in commercial software remain one of the most common attack vectors for security incidents and data breaches, either as the entry point for hackers or the enabler of privileges escalation inside networks.
Despite awareness of the risk, and the fact that most software vulnerabilities have a fix the day they are made public, organizations continue to fail to execute mitigation actions. The consequence is that we continue to see costly breaches affecting businesses around the globe.
In this webinar, Marcelo will talk about how the use of vulnerability intelligence can be a game changer to help organizations become better at mitigating the risk of software vulnerabilities.
-Fresh data related to software vulnerabilities
-The challenge of prioritizing mitigation
-How the use of vulnerability intelligence can help support consistent risk reduction
Marcelo Pereira, Product Marketing Manager at Flexera Software
This webinar is for business leaders who wish to understand vulnerabilities on commercial software and how they can impact organizations:
Software vulnerabilities remain one of the most common attack vectors for security incidents and data breaches, either as the entry point for hackers or as the enabler of privileges escalation inside networks.
This webinar demystifies software vulnerabilities, shows how they relate to the wider ecosystem and demonstrates how this knowledge can be used to define strategies and improve security.
-What is a software vulnerability
-How a software vulnerability becomes a threat
-A glimpse of how threats multiply
-How closing vulnerabilities impacts risk reduction
Amar Singh, Chair of ISACA's UK Security Advisory Group, Exec. Board Member & Consultant to UK's National MBA in Cyber Sec.
Wishful thinking or a cursory security assessment may have worked in the past but dealing with persistent and advanced threats requires an equally sophisticated and mature approach.
While APT’s are on the rise and the use of zero-day vulnerabilities can be one of the weapons for such attacks, reality is that the large majority of incidents – advanced or not – occur using known vulnerabilities. Resolving these is, therefore, paramount to reducing the attack surface for cyber criminals.
Join Amar as he shares his tips on adopting a mature and continuing vulnerability management process that can help organizations reduce risk and be better prepared to respond to APT’s.
Kelley Mak, Researcher, Forrester Research & Santeri Kangas, CTO, Secunia
Cybersecurity incident disclosures and vulnerability warnings continue to be released at an alarming and fatiguing rate, and there aren’t any signs of breach activity slowing down. Vulnerability management is more important than ever, yet staying on top of vulnerabilities poses a major challenge for security and risk (S&R) professionals.
In this webinar, guest speaker, Forrester Research’s Kelley Mak, will provide insight on how S&R pros can repair their strained or broken vulnerability management processes and move past low impact checkbox scanning to proactive, risk-based assessments.
Following Kelley Mak’s presentation on the changes in vulnerability management, Secunia’s CTO Santeri Kangas will present Secunia’s take on the challenges of vulnerability management and how the Secunia VIM, our Vulnerability Intelligence Manager, helps organizations address those challenges.
The era of digital business is bringing a lot of opportunities for organizations. At the same time, it is bringing new challenges for those in charge of securing companies’ assets: customer data, intellectual property, and infrastructure.
The digital business environment requires a new approach to security. An approach that focuses on supporting the business to achieve its desired outcomes while ensuring that what really matters is protected from the reach of hackers and criminals.
In this webinar we will look into two distinct areas of IT: Enterprise Application and Mobility and the vulnerability landscape around those to discuss some of the challenges security professionals are facing today.
Globally, we are seeing an increase in Advanced Persistent Threats (APT) and targeted attacks. And while the strategy applied to choosing which organizations and assets to target is increasingly sophisticated, the methods are the same as always: exploiting well-known vulnerabilities that could have been mitigated with simple and fundamental controls.
In this webinar, Secunia’s new CTO Santeri Kangas will use real-life examples to demonstrate how hackers actually exploit vulnerabilities, and illustrate the risk organizations are effectively accepting, when they neglect the fundamentals of IT security. Kangas also discusses how organizations can strengthen their resilience to attacks that exploit publicly known vulnerabilities, and explain why business leaders are central players in saving the company bacon: they need to get behind the efforts to get security fundamentals right.
You have System Center 2012 Configuration Manager implemented in your environment, and you are realizing great results with it. However, can you take it a bit further to gain even more benefits? You sure can, and Cireson can help. In this session, Wally will introduce you to the Cireson Remote Manage app, which can assist your help desk in supporting their clients, as well as Cireson Asset Management, which can provide full asset management capabilities that leverage your Configuration Manager investment.
Attend this session and learn:
· How the Cireson Remote Manage app can assist your help desk analyst in supporting their customers
· How to enhance asset management capabilities of Configuration Manager with Cireson’s Asset Management capabilities to provide financial and business data tied into your software and hardware assets
· How to manage 3rd party software with ConfigMgr and how Secunia can enhance that process
Andrei Vilcan, Head of Information Security, Banca Transilvania
In this webinar, Andrei Vilcan will present his approach to Information Security and how he and his team work to mitigate the risk of Advanced Persistent Threat attacks at Banca Transilvania.
He will introduce the aspects of the multi-layered approach to the Information Security strategy he is in charge of implementing, the challenges he faces and his achievements so far.
As a Secunia CSI user, he will share how the solution helps him in one of the key areas of his strategy: security patch management.
About Andrei: Andrei is Head of Information Security at Banca Transilvania. He has 23 years of experience in IT Management, the past 6 of which is in IT Security. He works to protect his organization’s assets, including customer data, to ensure that the business can operate without disruptions.
Marcelo Pereira, Business Development and Analyst Relations, Secunia
Managing risk must start with reducing the cracks and holes through which unwelcome visitors can gain access to any valuables you want to protect.
Software vulnerabilities are often the entry points used by cybercriminals to get into organizations and escalate attacks. For that reason, having a comprehensive overview and accurate information on software vulnerabilities is one of the critical factors to assess risk and prioritize the actions that will have a strong and consistent impact on reducing the attack surface.
The immediate result of managing software vulnerabilities is the proactive reduction of risk, but there is another, often overlooked, benefit for organizations. Less cracks and holes means less noise for those who monitor environments for incidents and are responsible for responding to them. The outcome is improved accuracy, faster responses and lower cost.
In this webinar we explain the intelligence that goes into managing software vulnerabilities, how it differs from basic information about vulnerabilities and how organizations can benefit from intelligence to become more secure.
Fundamentals to reduce risk through vulnerability and asset management
Managing and securing software assets through the entire asset lifecycle is key to the overall security of organizations across the globe. In this channel, Flexera Software shares knowledge, research and experience about software licensing, compliance and vulnerability management to help you overcome the challenges you face in managing and securing your assets.
Speakers include in-house technical and process specialists, customers and industry thought leaders who will talk about a variety of topics and present timely information and data on software vulnerabilities and software asset management.
Whether a datacenter refresh or new build, IT is moving toward all-flash storage for their business critical cloud infrastructure, and consolidating their secondary storage for all other workloads. But with a growing number of vendor choices, whom can you trust to provide a complete storage solution, from primary through secondary? Pure Storage and Cohesity have partnered to develop tight integration between all-flash primary and hyperconverged secondary storage platforms, to simplify your overall storage environment.
Join experts from Pure Storage and Cohesity to learn:
-Which of your secondary workloads, including data protection, file archive, and test/dev, can be consolidated into Cohesity
-How the integration between Pure and Cohesity simplifies day to day operations
-Why many Pure and Cohesity joint customers bet on this combination - and are taking advantage of their investment.
Sunil Moolchandani, Director of Product Management, Cohesity
Ravi Venkat, Data Center Architect, Pure Storage
Every company today is a technology company. This trend has opened up new possibilities for every organization in any industry. Imagine if media companies let consumers experience scenes from their favorite TV show with augmented reality. Imagine if IT played an active role in retooling high-cost training and simulation environments with virtual reality.
Join Bill Briggs, CTO at Deloitte, and Ross Mason, Founder and VP of Product Strategy at MuleSoft, to learn what organizations and your business can look like in the future and how you can start today to make the imaginative possibilities into a reality.
Attendees will learn:
– How virtual and augmented reality, artificial intelligence, microservices, and the Internet of Things will disrupt businesses in the next 18-24 months
– How the digital future of businesses will impact the way IT plays a role within enterprises
– How companies can leverage API-led connectivity to build application networks that set the foundation for making the future into a reality sooner
Ransomware protection has been top of mind of many of our clients. Join our senior consultant and security expert, Artom Harchenko, for a walkthrough of how to use Microsoft security technologies to prevent a successful ransomware attack. In the case of a breach, learn about telltale signs of ransomware presence in order to protect your corporate data. Artom will be presenting a sample architecture as well as an overview of the technologies involved in ransomware protection.
Load balancing and what load balancers can do are undergoing significant changes as enterprises seek to deploy cloud-native applications in data centers and public clouds. According to Gartner, “Application-centric personnel are driving a return to lightweight, disaggregated load balancers, creating challenges and opportunities for I&O leaders.”
Simultaneously, Network Function Virtualization (NFV) is now reaching mainstream enterprises with the Cisco Cloud Services Platform (CSP) 2100. Avi Networks and Cisco CSP integrate to provide a turn-key solution for the rapid deployment of application services such as load balancing, analytics, and autoscaling on an elastic NFV platform, without requiring any additional expertise. The joint solution ensures that administrators can efficiently roll out elastic, high-performance, load balancing and application monitoring capabilities.
Join Avi Networks and Cisco guest speaker, Gunnar Anderson to learn how enterprises now have an opportunity to take advantage of software-defined load balancing and NFV quickly and easily using:
• Standard x86 servers
• Virtualized/software-based functions
• API-driven approach
• Elastic scaling to millions of SSL TPS
Everybody is joining the microservices bandwagon and only some enterprises truly see the benefits of adopting microservices. The real challenge is not only cultural adoption but also a question of choosing the right technical tools to enable and secure your microservices.
In this webinar we'll provide practical guidance on building and deploying a microservice architecture for speed, scale and safety.
Join this webinar to learn:
- Key considerations of enabling microservices within your enterprise
- How DevOps fits in the microservices lifecycle and how to align team culture
- How to use an API gateway for securing and governing your microservice architecture
Every one of our PPM customers is pursuing the same end goal – how to deliver the highest value to the organization. Working with hundreds of customers, we have learned that the answer requires a comprehensive approach across multiple disciplines. To drive bigger results and achieve greater PPM maturity, organizations need to improve PPM leadership, governance, change management, product management, development, support and other disciplines.
Please join us for this presentation that discusses how to achieve PPM excellence by building competencies across disciplines in-house with the option of augmenting that approach with Application Managed Services for CA PPM.
High Definition Video is prevalent in our everyday lives. From the board room to the classroom, the sports bar to the sports stadium, the demand for dynamic audio-visual content is rapidly increasing. Traditional methods of transporting content to displays are a thing of the past. This presentation explores technologies and methods for connecting A/V sources to HD displays using twisted pair cabling and provides guidance for successful deployment.
By attending this presentation, you will learn:
- Cabling system requirements needed to support a high density digital AV distribution environment
- Alternative methods and equipment that can be used to extend the reach of an HDMI connection
* One BICSI CEC will be provided after viewing this presentation up until April 15, 2017*
Digital transformation is moving at lightning speed. Join OutSystems CEO Paulo Rosado and a panel of battle-proven experts from PWC, HaelthTech, and Thrivent as they dish out best practices for planning, launching, and expanding your digital transformation journey without crashing.
Every organization’s Agile transformation is different, however there are key landmines that can cause an organization’s Agile transformation to struggle. Join Andy Jordan, ProjectManagement.com as he discusses how you can avoid seven common Agile transformation mistakes and put your organization on the right path with Agile.
This session is approved for 1 Project Management Institute (PMI) PMP PDU Credit.
Digital transformation is a top business priority and it includes embracing consumer trends around mobility. However, recent stats on the state of mobile app development in the enterprise are dismal. Gartner has also concluded that the enterprise mobile app journey is a complicated one for IT.
All too often mobile apps fail before they’re off the ground because companies try to do too much, too quickly. The road to digital transformation – and mobile – is a journey, not a race.
Join Tom Ku, VP Enterprise Mobility and hear him share our recommendation around breaking this journey down into digestible, easy to rollout and test steps before achieving ultimate mobile nirvana!