How will Pen Testing Hold Up Against Red Teaming, Bug Bounties and Increased Automation....
Penetration testing has competition. The discipline is, in some areas, being supplemented with – or even replaced by – red teaming, bug bounty programs and increased automation. This session examines the future of penetration testing in light of the alternative disciplines and asks questions about which approach to choose in which scenario.
RecordedSep 12 201860 mins
Your place is confirmed, we'll send you email reminders
It’s a basic truth: You can’t secure what you can’t see.™ The more you know about your network, assets and risk posture, the less likely you are to be attacked. Each unknown device extends the attack surface and can leave your converged network vulnerable. Are you ready to mitigate this risk with 100% device visibility?
Join us on this webinar to learn how to achieve visibility of assets and devices, mitigate common risks in increasingly complex environments and operate efficiently and securely in the “security 4.0” era.
•Reduce business risk and disruption from security incidents and breaches
•Improve the accuracy of your risk assessments through accurate device intelligence
•Increase IT and OT security operations productivity
In today’s competitive business landscape and knowledge-based economy, we all rely on technology to be more productive and make our lives easier.
Organisations thrive when they trust their workforce to collaborate on valuable IP & work with critical systems. Perhaps, in their eagerness, some overlook the importance of verifying user trust with technology. This can leave an organisation open to the risk of losing data that is sensitive to the employees, customers and the business.
In a recent study of senior IT decision makers, 54% felt their organisations’ customers were more likely to care about cybersecurity compared to general employees, contractors/freelancers & third party vendors (35% – 36%).
As a result, it’s important for the security team to have the tools and policies in place to automatically monitor and quickly triage any risks that come with high levels of trust, to ensure the early detection of insider threats and ability to respond before an incident occurs.
In this webinar you will learn:
•Why increasing trust within the workplace is key for business success
•Why trust without verification can be a significant risk
•How to build trust through visibility and early detection of insider threats
Moderator: Dan Raywood Speakers: Nick Scholz, Nathan Wenzler
Digital transformation has revolutionized business and today's workforce, creating a significant cultural shift. Millennials and younger professionals now expect the hottest new tools that allow them to work how they want - from agile project management and ‘everywhere file access,’ to cloud-based collaboration and complete mobile availability.
These features bring about many benefits, but ask a modern security team and they’ll tell you about the struggle to provide solutions that offer the quick access, seamless collaboration and outstanding ease-of-use workers want whilst also maintaining high levels of compliance and a steady security risk profile.
The challenge is real, and you need real-world experience to face it successfully. In this webinar, we will look at how to enable a strategy that permits such levels of agility whilst remaining secure.
•How a world-class security strategy can enable collaboration
•The types of collaboration tools being requested now, and how to secure them
•How to deal with Shadow IT
•Maintaining the balance of creativity and security
For any organization, making sure that the security team have the required skills to face down threats is critical. But how do you know for sure which skills are present, and which are missing?
While there are indicators to help you answer these questions, solid metrics have been missing for a long time. How do you measure what skills have been learned? In this webinar we will look at how frameworks can aid an organization in overcoming these challenges.
• What the ideal frameworks are that you should follow
• Why organizations are adopting them to help their cyber teams identify weaknesses within their cyber ecosystem, and discover blind spots which may not originally have been apparent.
• How to use frameworks to bolster workforce development, using it as a tool to map out career progression
• How frameworks can underpin a robust cyber strategy and assist implementation of new tool, techniques and technology.
SaaS, web and mobile applications are increasingly being built on application programming interfaces (APIs). Attacks targeting these APIs have become more prevalent and vulnerabilities in APIs continue to be disclosed, both leading to high profile breaches and negative headlines. The problem is compounded by many organizations continuing to rely on traditional security approaches designed to protect applications that were fundamentally different from those being developed today, as APIs have proliferated across environments to enable modern applications.
In this webinar, we will explore how enterprises need to adopt a proactive ‘monitor and respond’ approach rather than focusing solely on secure perimeters and access controls, and discuss how to prevent an attacker from exploiting unique API vulnerabilities.
Understanding the complexity of modern APIs, and how attackers can exploit them.
How to maintain a current catalog of APIs including where sensitive data is exposed and transmitted.
The importance of learning the unique logic and behavior of each API at a granular level to identify and stop malicious activity.
How security and development teams can improve workflows to improve API security
Steps in building an effective security strategy for modern web applications
In this age of fast, automated attacks, responding with speed and precision is crucial to stop attackers gaining a foothold. The most advanced cyber-threats can move laterally through an organization’s network and cause significant damage before a human team has a chance to respond. Humans simply cannot keep up with increasingly sophisticated and destructive machine-speed attacks. Many security teams are stuck with firefighting and ad-hoc incident response. As a result, experts are increasingly turning to AI to respond to threats autonomously.
In this webinar, we will examine how advances in AI and automation mean companies can start trusting autonomous response solutions to contain threats until the security team has time to conduct root cause analysis instead of fighting just the symptoms.
The security industry has come a long way from black-and-white IPS systems that grind operations to a halt because of being much too restrictive in their actions. Today’s AI systems can subtly, surgically and non-intrusively contain and combat threats until the human security team can catch up.
· A look at the current state of play of the threat landscape
· How automation in security has evolved
· How AI is offering a fundamentally different solution to the challenges facing businesses todayhttps://www.brighttalk.com/css/6/css/images/datepickercalendar.gif
The perimeter has shifted. Your users directly access cloud applications from everywhere and data no longer reside only in datacenters. Digital transformations like SD-WAN, IoT and cloud make securing your infrastructure, applications and data complicated. SD-WAN enabled branches directly connect to the internet, but they don’t have the ability to replicate a full HQ security stack. IoT leads to an explosion of non-standard devices using non-standard protocols, making them harder to secure. Every new change doesn’t equal need for a new security tool.
What’s needed is a scalable, simple and integrated security approach that leverages existing infrastructure that organizations already own. The Domain Name System (DNS) is critical to the fabric of the internet and any IP based communication, serving as the perfect foundation for security because it is simple to deploy, ubiquitous in networks, is needed anyway for connectivity and can scale to the size of the Internet.
Join this webinar to learn how leveraging DNS as a foundational security architecture for digital transformations can:
•Protect your brand by securing your traditional networks and transformations like SD-WAN, Cloud and IoT
•Reduce time and cost of your enterprise threat defense
•Automate responses and provide data to the rest of the ecosystem
While many companies regularly run phishing simulations on their employees, evidence about this approach’s effectiveness is divisive. In addition, the culture of fear it engenders (by shaming those who fail) can be counterproductive, leaving your overtaxed security team to sift through mountains of reported phish attempts that are actually spam.
In this webinar, we will look at security awareness training as a whole, discuss the effectiveness of the phishing simulation test as a key component and review alternate approaches to training that may have better results.
- If running a phishing simulation exercise is worth it
- Alternative (or complementary) awareness training methods
- How training for compliance and training for security can produce different results
Bringing an idea from prototype to product involves challenges, including the need to comply with international standards and government regulations. This is especially true in industries such as construction, pharmaceutical and transportation, where lives are at stake. Regulatory and compliance requirements help create safer, more reliable products. Moreover, well-defined standards for interfaces, protocols and architecture elements add granularity, enable collaboration between manufacturers and are instrumental in creating global ecosystems.
Standards and compliance assure a level of quality and interoperability, but from a malicious agent’s point of view, they level the playing field in terms of attack surface. An attacker that finds a design flaw in a standard such as the HTTP suite or a security vulnerability can leverage the system’s widespread use to expand the reach of an attack campaign.
In this webinar, we’ll discuss:
•How compliance and standardization can amplify the spread of malware and increase the damage rendered by security vulnerabilities
•Why the automotive industry is an intriguing example of how the old-fashioned notion of ‘security by obscurity’ can efficiently contain potential harm
It is one year since GDPR came into force and the regulation became the data protection standard for European businesses.
Since then, fears that huge monetary penalties would become the norm have not come into fruition and there have been few headlines about businesses struggling to comply.
However, research continues to claim that businesses are not actually compliant with the regulation, that the cost to comply can still be prohibitive and that for many organizations exactly how to comply remains a mystery.
In this webinar, we will assess the first year under the rule of GDPR, explore what we have learned and cut through some of the hype from before and after the deadline.
•What have we learned from the first year of GDPR, and what has changed?
•Are businesses still failing to comply with GDPR, and if so, why?
•What does GDPR look like for the UK following Brexit?
Moderator: Dan Raywood, Speaker: Gary Cox, Omer Farooq
The Domain Name System (DNS) plays a critical role in modern network connectivity. Unfortunately, it is also a central part of many cyber-attacks as DNS is involved in more than 90% of malware/ransomware and nearly half of all data exfiltration incidents.
So how exactly how do cybercriminals use DNS to carry out attacks? In this webinar we will examine the many ways cybercriminals exploit the unique properties of DNS.
• The various phases in the intrusion kill chain and how DNS is used in each phase
• The technical mechanisms behind DNS reconnaissance, protocol anomalies, exploits, hijacking, command and control (C&C) communications, DGA threats and more
• How DNS-based attacks work—through real word examples, including malware, phishing campaigns, and advanced persistent threats (APTs)
Moderator: Dan Raywood Speakers: Rory Duncan, Jenn Black, Darren Thomson
Is cloud security your top priority, or it is languishing somewhere on a never-ending to do list?
A user-driven cloud revolution has left IT and security professionals struggling to establish visibility of data and services, and unable to regain control of the risks associated with dispersed data and multiple cloud identities. So how should organizations regain control and begin putting the “frogs back into the box” for multi-cloud security?
In this webinar, we will look at how to get ahead with cloud, build a ‘cloud culture’ into your business, underpinned by a platform approach to avoid further complicating the picture to get the most from the cloud, whilst also managing the challenges of data everywhere, multiple cloud identities, mobile connections and global compliance.
What are the common pitfalls for multi-cloud security and how to avoid them?
Why and how to establish visibility of what has been deployed to the cloud
When to mirror on-premise security controls in the cloud
How to establish threat protection in a multi-cloud environment
Moderator - Dan Raywood, Speakers - Andrew Noonan, Torry Crass
In this webinar, we will look at the concept of why device visibility poses such a challenge for business, what is getting in the way and why OT and IT convergence has added an extra consideration.
•How your security strategy benefits from better device visibility
•How compliance and risk management can be optimised
•Unifying device visibility and control for IT and OT environments
•Ways to improve the effectiveness of existing tools
With every purchase comes new technology, and that has to be patched, reconfigured and monitored for its lifetime of use.
With the advent of IaaS and cloud services, questions arise about how long an organization should continue to use legacy systems, how to get the most out of them and, more importantly, how to ensure they are kept secure.
In this session learn:
•Strategies for understanding and assessing the threats and challenges that surround legacy systems
•How to effectively manage legacy systems in your network
•What the future has in store for legacy systems in the enterprise
A part of an organization’s security awareness training is the capability to run phishing tests on its staff. However, questions can frequently arise about how this should be done, with what regularity and the possible ethical issue of what should be done with those who ‘fail’ the test.
This session will explore:
•What makes an effective staff phishing test strategy, and why
•How often you should test staff
•How to deal with the results of staff phishing tests and apply them to the further development of employee training