Combating Advanced Threats in the Power & Utilities Industry
Webinar Series on Cyber Security in Critical Infrastructure.
We are delighted to invite you to FireEye’s webinar for the power and utilities industry, taking place on Tuesday 17th December.
This 40 minute session offers you the opportunity to hear from, and interact with, cyber security specialists with unique insight into the power and utilities industry.
This, the first in our Critical Infrastructure webinar series, hosted by Gene Casady, Chief Security Advisor, FireEye APJ, is designed to equip you with the latest industry information on Cyber Threats and the Cyber Landscape for Critical Infrastructure.
- The Advanced Threat Landscape in the Power & Utilities Industry – Observations and Challenges
- Building an Enterprise Strategy to Defend Against Advanced Persistent Threats
- Leveraging IT/OT Convergence to Layer in Security for the Power and Utilities Industry
- Fallacies of Critical Infrastructure Policy Compliance in Ensuring Cyber Security
Critical Talks with Gene Casady
A Special Webinar Series on Critical Infrastructure
a 30 mins session with 10 minutes Q&A
RecordedDec 17 201343 mins
Your place is confirmed, we'll send you email reminders
With confidential data under attack on many fronts, it is time to look at how encryption can protect data access and what your business could be doing to employ encryption, from servers to endpoints to removable media.
Nicholas J. Percoco, Director – Information Protection, KPMG
This presentation will take a look at the current state of the payment industry and provide experienced-based insight into why this industry continues to become a victim of data breaches. We’ll discuss short comings associated with the current controls employees by many merchants and payment processors and what new tactics can be applied to provide attack mitigations.
In today’s world of advanced persistent threats, security professionals need to implement new methods and strategies to gain the upper hand in protecting their business. Thinking like an attacker isn't really good enough. However, incorporating hacker methodologies & tools will give security teams the situational awareness and intelligence needed to respond quickly to new & previously unknown threats.
Thinking like an attacker isn't good enough, nor are traditional solutions, as smart adversaries already know which technologies they'll disable on your system. However, incorporating the right hacker-like methods and tools can give security teams a new level of situational awareness and context needed to respond quickly to targeted, persistent threats.
Attendees will learn a new approach consisting of four fundamentals: Detect, Remediate, Analyze and Resist. The presentation will provide detailed information including how to:
• Use attacker technology and tools against adversaries to detect their presence on all endpoints
• Incorporate the same stealth techniques that attackers use to remain hidden from you - so you can monitor them
• Leverage forensics at the point of attack to better understand the overall threat
• Use big data analytics to collect and analyze behavioral data across the enterprise
Rocky DeStefano, VP Strategy and Technology, Click Security
Advanced adversaries refining techniques hourly against a highly complex and constantly evolving enterprises with a Security team that is overwhelmed at a disadvantage immediately causes a chasm in overall Risk for most organizations. Learn how the best teams create more defensible state through enhanced visibility and advanced analytics in order to reduce the risk gap and quickly close any window of opportunity for an attacker.
Jay SCARAMAZZO, CIPM, CIPP/E, CIPP/US, CIA, CISA, CRISC, CRMA, ACDA, CSPO, CIFE, MBA
Data Encryption has been spoken about for years, but finally ENCRYPTION importance has come front-page. From the recent Snowden NSA Affair to major data breaches at Target, companies now have no choice but to consider securing their data at the source.
This presentation will introduce you to your responsibilities in providing your customers with the Due Diligence (Risk Control and Executive Management Oversight) and Due Care (Continuous Monitoring through Security Practices, Procedures, Policies, Processes and Standards) that their personal data deserves.
ESET security researcher Lysa Myers reports on developments in healthcare IT system security that she observed attending the recent HIMSS conference in Orlando. Find out what is being done to better protect patient data privacy.
Dr. Ron Ross, Computer Security Division, Information Technology Laboratory
In this webinar, Ron answers the question, "how do we provide for the common defense in the digital age?" With continuous advances in technology, this question can pose a big problem for organizations developing or modifying a security strategy.
Join Ron as he covers the basics of defense against the most problematic vulnerabilities, the tools at your disposal to fight them, and a T.A.C.I.T security strategy that you can implement today in your organization.
Davi Ottenheimer, Senior Director of Trust, EMC Corporation
The rising scale and complexity of IT has opened more opportunities than ever for abuse and attack. Can our latest advances in data science and software-based environments also redefine threat and risk management options? This presentation highlights examples of new and innovative approaches that successfully have reduced risk even across different-sized organizations.
Privacy risk mitigation is not just regulatory compliance. The public is setting the tone for what is appropriate for information that is not yet regulated. And it is within that space, the unregulated space, where the big risks and career opportunities lay. Tune in to hear how privacy is an emerging disruptive force in infosec.
Michael Shaulov, co-founder and CEO of Lacoon Mobile Security
Hear from mobile security experts how mobile attacks are perpetrated and what can be done to stop them. Michael Shaulov, co-founder and CEO of Lacoon Mobile Security, will discuss the current mobile threat landscape and the anatomy of emerging iOS and Android attacks. He will explain why existing security solutions are simply not equipped to protect enterprises from the emerging advanced mobile threats facing most enterprises today. Shaulov will also provide the new requirements for security in this mobile age and detail the capabilities needed to effectively detect and mitigate the wide variety of mobile threat vectors. Attendees should walk away from this presentation with a clear understanding of the risks they are facing and how they can effectively manage and embrace mobility, without fear.
John Masserini, VP & Chief Security Officer, MIAX Opt and Bruce Tolley, Phd, VP Solutions and Technical Marketing, Solarflare
At this webinar attendees will learn the top five audit, compliance and security challenges facing IT managers and network architects today and hear an overview of the solutions available to identify and respond to these challenges. No single solution can address the rigorous requirements for audit and compliance as well as the dynamic nature of the security threats facing enterprise and service provider networks. This webinar will review three practical use cases that can be implemented immediately, offer tips to help you evaluate both "bump in the wire" and "bump in the stack" best-in-breed products, and discuss how to integrate various products with security information and event management (SIEM) systems. Attendees will leave this session with a clear understanding of the top five things they can do to improve network monitoring and security in their network.
A portion of this webinar includes a presentation by John Masserini, VP & Chief Security Officer, MIAX Options titled, "Advanced Intelligent Threat Management"
Advanced Intelligent Threat Management is the ability to leverage the multitude of public & private sources into a cohesive threat indicator. By analyzing the various threat indicators and understanding the reliability of those sources and how to integrate them into the overall risk profile. By using Open Source big data tool suites, you are able to determine, in near-real time, the potential impact of an threat has to your specific organization. This presentation will give a brief, high level overview of the technologies and approaches to leveraging existing systemic information and external threat indicators to develop a more proactive security program.
Winn Schwartau, CEO, The Security Awareness Company
The Show Must Go On! How Stevie Wonder, Paul Simon, Bob Marley and Charlie Daniels prepared me for the Security Industry. This highly entertaining and relevent presentation maps the skills needed in my first career as a recording engineer for live productions to best practices for cyber security incident reporting and escalation. A great case for interdisciplinarianism.
Our cyber-security education system fails to train adequately. We don’t teach history – to our own detriment. We don’t create a foundation of actionable knowledge, instead relying on book knowledge. We don’t explore interdisciplinary synergies and we have failed to embrace failure as a well-earned skill set. In the music business, we had to deal with constant failures, beginning with equipment malfunctions in our DIY world. We had to be able to fix on the fly and deal with the human foibles of musicians and unions (i.e., users).
Join me in looking at decades of technology and how so much of we have all learned in “Prior Lives” can be the live lessons for how we deal with information security.
Richard Moulds, Thales e-Security VP of Strategy and Product Marketing
Addressing virtually any of the current security mega-trends – government surveillance, privacy regulation, BYOD, cloud computing and big data - drives the need for more cryptography across core systems infrastructure and critical business applications. Whether encrypting sensitive data, strengthening IDs and credentials or digitally signing documents and software the actual security benefits you gain depend heavily on how you manage your cryptographic keys. Key management is not a simple task and it carries with it serious business continuity issues, real operational costs and is frequently a point of scrutiny for auditors. The days of using spreadsheets and thumb drives for managing cryptographic keys are numbered.
During this session we will look at the types of keys that organizations have to manage, and how the key management challenge varies across multiple use cases in the enterprise. We’ll cover developments in the area of key management technologies, new standards that are emerging and preview the results of a global survey on the use of encryption and key management practices.
45% of data breaches reported in 2013 were from the medical and healthcare sector. ESET researcher Lysa Myers looks at information security in the healthcare industry and how we can do better when it comes to protecting the privacy of patient data.
Manish Gupta, SVP of Products, FireEye; Dave Merkel, CTO and VP of Products, Mandiant
On January 2, FireEye announced that it had acquired Mandiant, the leading provider of security incident response management solutions, creating a united front against cyber threats.
In a live webinar with FireEye and Mandiant executives, learn why traditional security technologies are unable to address today's threat landscape and why complete, continuous threat protection requires real-time detection, contextual threat intelligence, and rapid incident response.
Why you should attend:
•Learn about the FireEye acquisition of Mandiant.
•Understand today's threat landscape, including the damage being caused from new advanced techniques.
•Discover how FireEye and Mandiant together stop advanced attacks at the earliest phases of the attack lifecycle.
Stephen Cobb, Sr. Security Researcher, ESET North America
With consumers and customers more concerned than ever about their data privacy, you need to be sure your business is doing enough to protect personally identifiable information (PII). ESET security and privacy expert Stephen Cobb explains how smart privacy strategies not only protect your company, but win you more business.
Arbor’s 9th Annual Worldwide Infrastructure Security Report (WISR) gives IT security professionals a rare view into the most critical security challenges facing today’s networks. This annual report is designed to help you make more informed decisions about your enterprise network security strategies in 2014 and beyond. Find out what types of attacks are top of mind for enterprises today and gain insight into the growth of application layer DDoS attacks and advanced targeted attacks.
Join this web seminar to learn:
- The growth of DDoS attacks against enterprise networks and mobile devices
- How an increase in DNS attacks led to enterprise website outages
- How some of the largest network operators are handling advanced targeted attacks on a network levelJoin this web seminar to learn:
- The growth of DDoS attacks against enterprise networks and mobile devices
- How an increase in DNS attacks led to enterprise website outages
- How some of the largest network operators are handling targeted attacks on a network level
Cliff Neve, Vice President of the Hacker Academy and MAD Security
Join Cliff Neve. Vice President of the Hacker Academy and MAD Security, to discuss some points that prove problematic when it comes to leading your team and implementing a cyber security framework. Topics discussed include:
--Gaining Executive Level Buy-In
--Balancing operations and Security
--Creating a Sense of Urgency
--Making every employee a sensor
--Winning at the Budget Game
Cliff brings a lot of experience from many different angles to this webinar. Over his military career he held such leadership positions as Deputy CIO of the White House Communications Agency, Chief of Staff at Coast Guard Cyber Command, and Assistant Program Manager for C4ISR for the $24B Coast Guard Acquisition effort.
Didier Godart, Author of the PCI 30 Seconds Newsletter and Nate Crampton, Product Marketing Manager, Rapid7
Get the “must know” details about PCI DSS 3.0 from one of the original authors of PCI DSS 1.0. PCI expert, Didier Godart, explains:
Which changes are most significant
How the changes will impact you & what actions you need to take
How to incorporate the updates into your priorities
The latest changes to PCI DSS 3.0 involve clarifications, additional guidance, evolving requirements, better documentation and scoping, and importantly –necessary action from IT and security teams.
Jeff Kalwerisky, VP of Information Security & Technical Training at CPE Interactive, Inc.
The National Security Agency (NSA) are acknowledged world-class experts on encryption technology. Yet, Edward Snowden, a junior consultant working for the Agency, managed to bypass all security to download and steal many gigabytes of highly classified information. This session will examine how it all went wrong for the vaunted NSA and what enterprises can learn about using encryption to protect their own sensitive information.
Cybersecurity knowledge center with focus on Social Media Security
This channel is ideal for Information Security professionals interested in exploring emerging cybersecurity threats, primarily those stemming from social networking platforms.
UKI is an information technology and information security training provider and the creator of the industry’s most comprehensive Social Media Security Training and Certification program powered by CompTIA. For the past 15 years, UKI has been the preferred training partner for the Department of Defense, Federal Agencies, DOD Contracting Partners, and Fortune 500 companies. For more information, visit http://www.ultimateknowledge.com