Hi [[ session.user.profile.firstName ]]

Threat Intelligence on a budget: using Open Source Intelligence (OSINT) wisely

As cyber threats continue to grow in both potency and scale, staying one step ahead of the attackers can make all the difference. Threat intelligence can be a key ally in the fight to not only predict future attacks but also detect current attacks and respond accordingly to minimise impact. Whilst threat intelligence can be costly or difficult to produce, one particular source of threat information is both freely available and rich in content.

During this webinar, Gareth Haken, Senior Analyst at the ISF, will be talking about Open Source Intelligence (OSINT), its applicability to threat intelligence, the potential benefits and also the challenges and pitfalls that it may bring.
Recorded May 14 2020 49 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Gareth Haken, Senior Analyst, ISF
Presentation preview: Threat Intelligence on a budget: using Open Source Intelligence (OSINT) wisely

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Why Secure Email Gateways are not enough: Defending against phishing threats Aug 19 2020 1:00 pm UTC 45 mins
    Cofense Senior Director of Sales Engineering, David Mount and Vice President of Sales Engineering, Andy Spencer
    On Wednesday 19th August at 14:00 BST, the ISF will be joined by Cofense for cybersecurity expert insight into the challenges of defending against sophisticated phishing attacks, specifically, how to defend against the phishing email that evades your secure email gateways.

    Cofense Senior Director of Sales Engineering, David Mount and Vice President of Sales Engineering, Andy Spencer, will be sharing insight into the current threat landscape as seen through the eyes of the end user and how threat actors are getting past security perimeter controls.

    Highlights will include:
    - Insights of various phishing campaigns that evaded SEGs and reached enterprise end users, delivering credential phish and malware.
    - How threat actors are using trusted services, such as online business surveys and document sharing platforms, to evade SEGs.
    - Expert predictions of what we will continue to see through the remainder of 2020.
  • Dark Web Attack Tools and the Role of Bulletproof Hosting Jul 30 2020 2:00 pm UTC 45 mins
    Roman Sannikov, director of cybercrime and underground intelligence, & Dmitry Smilyanets, expert threat intelligence analyst
    Automation has become an essential part of nearly every industry, and criminal enterprises are no exception. With an ecosystem of tools and resources available on the dark web, threat actors no longer need to be well-rounded experts in order to operationalize and monetize their campaigns.

    On Thursday 30th July, 10:00 AM ET / 15:00 BST, we will be joined by Recorded Future for a live webinar exploring the tools and services that threat actors are able to purchase to automate their attacks — with a focus on bulletproof hosting services.

    Recorded Future’s Roman Sannikov, director of cybercrime and underground intelligence, and Dmitry Smilyanets, expert threat intelligence analyst, will discuss:

    •The lifecycle of cyberattacks and how automation amplifies their impact
    •The tools and services threat actors are able to access via underground markets
    •Why bulletproof hosting services are useful to cybercriminals and how they work
    •Examples of the role bulletproof hosting services have played in cyberattacks
    •Mitigation strategies to prevent automated attacks and defend your organization
  • Leadership in the new normal Jul 14 2020 1:00 pm UTC 45 mins
    Shawn Henry, CrowdStrike President and CSO
    On Tuesday 14th July, 14:00 BST, the ISF will be joined by Shawn Henry, CrowdStrike President and CSO, and former FBI Executive Assistant Director.

    Shawn will discuss cybersecurity as an enterprise business risk and why strong leadership is critical in the face of a crisis. After over 30 years in Security, with 20 years of cybersecurity experience, Shawn has been personally involved in investigating and managing the response for some of the biggest cyber breaches in US history. Hear examples from the front lines of cyber incident response, key components of strong leadership during an incident, and effective strategies to manage a crisis.

    Throughout this webinar you will learn:

    •Why strong leadership is critical in the face of a crisis
    •The key components of strong leadership when faced with an incident
    •Stories from the front line of cyber incident response
    •Effective strategies in crisis management
  • How the ISF supports you in protecting trade secrets Jul 8 2020 12:00 pm UTC 30 mins
    Dr Emma Bickerstaffe, ISF Senior Research Analyst
    The Protection of Trade Secrets came into force on 26 April 2019, implementing the EU Trade Secret Directive (2016/943) into domestic legislation. It introduced the first statutory definition of a trade secret, imposing more stringent requirements for business information to be recognised as a trade secret and benefit from protection under EU law.

    Definition of a trade secret
    Under the new legal definition, information must meet the following three requirements to qualify as a trade secret:
    ‒ it is secret in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question;
    ‒ it has commercial value because it is secret;
    ‒ it has been subject to reasonable steps under the circumstances, by the person lawfully in control of the information, to keep it secret.

    In this briefing, Dr Emma Bickerstaffe will highlight how the ISF is supporting Members in meeting the new legal definition of a trade secret. We will also look at how ISF research, tools and methodologies can help you build and implement appropriate measures to protect relevant information.
  • Streamlining Your Cybersecurity Risk Process for Blindspot Elimination Recorded: Jun 30 2020 47 mins
    Alex Heid, Chief Research Officer, SecurityScorecard & Kelly Yang, Senior Risk Manager, Northwestern Mutual
    Streamlining Your Cybersecurity Risk Process for Blindspot Elimination, Scalability and Increased Digital Trust.

    As your organization continues to mature, your cybersecurity risk management process, and its scalability, takes on great importance. In this webinar, we will walk you through effective and measurable ways to prioritize your actions in order to scale your program, develop, and deliver effective internal communication, and instill a more risk-averse company culture.

    On Tuesday 30th June, at 14:00 BST / 09:00 ET, the ISF will be joined by Alexander Heid, Chief Research Officer at SecurityScorecard, and Kelly Yang, Senior Director of Risk Management at Northwestern Mutual, for a live webinar discussing “Streamlining Your Cybersecurity Risk Process for Blindspot Elimination, Scalability and Increased Digital Trust.”

    What you will learn during this webinar:
    •How to streamline your cybersecurity risk management process to scale
    •Effective tips on collaboration with other internal teams/players to eliminate blindspots and create a company culture which focuses on risk and uses it as a measurement of success
    •Ways to increase digital trust, both internally and externally
  • Ransomware Attacks, Don’t be a Victim Recorded: Jun 18 2020 48 mins
    Chris Goettl – Director, Product Management, Ivanti
    What do global IT leaders need to be aware of in our current climate? Has the frequency or profile of attacks changed as a result of a higher number of remote workers?

    Join Chris Goettl, Director, Product Management at Ivanti, to gain visibility into the largest security threats and recent attacks that have taken place around the world. Learn about the three-part ransomware strategy of threat actors. We’ll also showcase strategies that can help your IT team be better prepared for the next major event.

    Throughout this webinar you will:

    1.Discover the recent major threats and attacks that IT needs to be aware of
    2.Hear about a 3-part strategy that threat actors use
    3.Learn strategies to prepare for the next major event.
  • Legal and Regulatory Implications for Information Security Recorded: Jun 16 2020 44 mins
    Dr Emma Bickerstaffe, Senior Research Analyst, ISF
    Emerging technologies and related information security trends are key drivers for regulatory change. Yet legislative development continues to lag behind the speed and scale of technological innovation. Even once legislation is enacted, laws differ in their scope of applicability, level of prescription and the aspects of information security that they cover.

    During this webinar, Emma Bickerstaffe will introduce the ISF’s interactive guide, Legal and Regulatory Implications for Information Security, which covers over 400 pieces of legislation across 18 different jurisdictions. Emma will outline how you can use this research to navigate the various laws and regulations that impact your organisation’s security practices.

    Throughout this webinar, you will learn:
    -Key areas where legal considerations affect information security activities
    -Developments in EU legislation
    -Legal issues associated with emerging technology and trends.
  • Security Intelligence: Predict the Predictable and Manage What’s Not Recorded: Jun 11 2020 49 mins
    Staffan Truvé, Co-Founder & CTO, Recorded Future & Levi Gundert, Senior Vice President Global Intelligence, Recorded Future
    During times of crisis, organizations rely on their security teams to remove layers of uncertainty to help maintain business continuity and stability.

    As operations teams scramble to empower remote workers, opportunistic attackers are doubling down on their efforts. Now more than ever, security teams must emphasize risks over threats.

    Integrating predictive intelligence into the core of your security strategy is the best way to measure, communicate, and mitigate risk during times of great change — while proactively preparing for what’s next.

    On Thursday 11th June at 9:00 AM ET / 2:00 PM BST, Recorded Future Co-Founder and CTO Staffan Truvé, joined by Senior Vice President of Global Intelligence Levi Gundert, will present “Predict the Predictable and Manage What’s Not,” a live webinar outlining:

    oWhat we can learn from 20 plus years of failed security paradigms exacerbated during times of uncertainty
    oHow a risk-based approach can help security teams maximize resources and amplify impact — with a focus on maintaining profitability
    oRecorded Future research on vulnerability exploits and threats linked to geographies and industries impacted by the COVID-19 crisis
  • Threat Intelligence on a budget: using Open Source Intelligence (OSINT) wisely Recorded: May 14 2020 49 mins
    Gareth Haken, Senior Analyst, ISF
    As cyber threats continue to grow in both potency and scale, staying one step ahead of the attackers can make all the difference. Threat intelligence can be a key ally in the fight to not only predict future attacks but also detect current attacks and respond accordingly to minimise impact. Whilst threat intelligence can be costly or difficult to produce, one particular source of threat information is both freely available and rich in content.

    During this webinar, Gareth Haken, Senior Analyst at the ISF, will be talking about Open Source Intelligence (OSINT), its applicability to threat intelligence, the potential benefits and also the challenges and pitfalls that it may bring.
  • Cloud Security 101: Securing Employees in the Office or at Home Recorded: May 12 2020 49 mins
    Neil Thacker, EMEA CISO, Netskope and Ross Asquith, Product Marketing Manager, Netskope
    Organisations everywhere are being forced to deal with a new reality of remote working; and an adoption of cloud applications - particularly those used for collaboration - at a rate and scale that they may not have planned for as part of their Digital Transformation journey.

    Today most of us will be using cloud applications to store and process corporate data, and communicate and collaborate across our organisation. However, it’s worth reminding ourselves of the basics - that a move to the cloud (or the adoption of any new cloud application) introduces new risks and therefore we need to ensure we have mitigating controls.

    Legacy security architectures, such as a hub and spoke model, force remote workers and remote offices to backhaul their cloud and web traffic through a data centre where a traditional secure web gateway (SWG) attempts to manage access and provide protection. The problem is, for most organisations, over 50% of WAN traffic is now destined for the internet and this number increases every year. Backhauling this traffic across the WAN and through the data centre simply wastes bandwidth, and degrades the end user experience.

    Ironically, the traditional SWG being used in the data centre probably doesn’t understand cloud application traffic anyway - and can’t control the activities and data transfers being performed by employees, or protect employees from today’s cloud-enabled threats.

    Join Netskope on this webinar to learn about:

    - Security and compliance considerations when selecting and deploying cloud applications - The additional risks associated with home/remote workers accessing cloud and web - How a Next Generation SWG can provide visibility and control of cloud application usage - Security Transformation, and why it is best achieved using a Secure Access Service Edge (SASE)
  • Third Party Risk Management: How to Conduct a High-Quality Virtual Assessment Recorded: Apr 27 2020 47 mins
    Drew Wilkinson, VP of Customer Success for SecurityScorecard & Jill Czerwinski, Partner, Crowe
    Everyone around the globe is responding to an unfamiliar market landscape where business continuity plans are being tested and stressed. For security teams trying to keep up with not only their own rapidly shifting environment but that of their vendors, third party risk management adds additional layers of complexity. Questions like: Is my supplier capable of delivering what we need? Do their cybersecurity management capabilities remain sound? Should we bring on new vendors to safeguard us against any points of failure?

    In a time where speed is critical and standard operating procedures seem null and void, SecurityScorecard and Crowe will speak to how you can handle vendor assessments online, in a comprehensive manner with confidence. They’ll share how they’ve seen companies pivot and adapt to newly crafted best practices for the current operating environment. Our speakers are veteran subject matter experts in Third Party Risk, Information Security and Data Privacy and have 40+ years of combined industry experience.
    `
    In this session you will learn:
    •The benefits and disadvantages of virtual assessments
    •How to conduct a comprehensive virtual assessment with a fully remote process and framework
    •What pitfalls to avoid in order to ensure a high-quality virtual assessment
  • Phishing and Email Security – Effectively Managing Human Vulnerabilities Recorded: Apr 15 2020 47 mins
    Daniel Norman, Research Analyst, ISF
    In this upcoming ISF Webinar, Daniel Norman, Research Analyst at the ISF, will be discussing the psychological techniques attackers use during phishing campaigns and how organisations can improve phishing training and awareness.

    Nearly all organisations perform some kind of phishing testing on a regular basis, with varying levels of success. Many phishing campaigns are tick-box exercises, are unsuitable and punish behaviour. By understanding attacker techniques we can identify what triggers human behaviour, and thus begin developing phishing training and awareness activities that improve behaviour change.

    This webinar will teach you:
    1. About psychological weaknesses and attacker techniques
    2. Why phishing training is still important
    3. Strengths and weaknesses, and why metrics for success are so difficult.
  • Using Cloud Services Securely: Harnessing core controls Recorded: Mar 25 2020 56 mins
    Benoit Heynderickx, Principal Analyst, ISF
    Cloud computing has evolved at an incredible speed and, in many organisations, has become entwined with the complex technological landscape that supports critical daily operations. Business and security leaders already face many challenges in protecting their existing IT environment; they must now find ways to securely use multiple cloud services.

    In this ISF Webinar, Benoit Heynderickx, Principal Analyst at the Information Security Forum, will discuss the key findings in his research report Using Cloud Services Securely: Harnessing core controls. This report empowers organisations to deploy the right set of security controls and to focus their efforts on the most valuable action that will reduce the likelihood and impact of cloud-related threat events.

    Throughout this webinar, you will learn more about:

    •Critical control areas for securing cloud services
    •Practical experiences and real case scenarios for securing a multi-cloud environment
    •The importance of, and how to deploy and maintain a simple yet effective approach to using cloud services securely.
  • How to Prevent Internal Data Leaks and Protect Personal Data Recorded: Mar 5 2020 49 mins
    Jamie Manuel, VP of Product Management, Titus
    Personal data privacy is becoming a bigger priority in the enterprise and we all bear responsibility for safeguarding our employees, customers, partners, organisational structures, and reputations. Ineffective or nonexistent privacy protection programmes expose organisations to significant risks, both from a financial and legal perspective.

    A recent Titus survey revealed some unsettling data;

    •On average, 22% of emails containing personal data were misidentified by survey respondents
    •30% of respondents did not consider sensitive health information to be personal data
    •13% of respondents did not consider a credit card number to be personal data
    •A company with 1,000 employees might mishandle 2+ million emails/year

    A prime example of how easily sensitive data can be leaked took place recently in the UK, where more than 1,000 notable figures had their home and work addresses posted on a government website. The post was meant to simply highlight people on a new year honors list. Instead, sensitive personal information was made public for about an hour. While some organizations have made efforts to build a culture of privacy, many challenges remain.

    So, what can be done?

    Join Jamie Manuel, Titus VP of Product Management, to discuss best practices around data privacy in the enterprise.

    In this webinar you will learn how to:
    •Use automated technology solutions to prevent internal data leakages
    •Optimize your security ecosystem and avoid workflow bottlenecks
    •Use machine learning to reduce false positives

    Webinar details:
    Thursday 5th March 2020
    1pm GMT (8am EST)
  • Emerging Cyber Threats for 2020 Recorded: Dec 10 2019 47 mins
    Steve Durbin, Managing Director, ISF
    In 2020, the pace and scale of change, particularly in terms of technology, will continue to accelerate substantially. Organisations will find themselves caught in a vortex of economic volatility and political uncertainty far beyond the levels experienced in the past. The key separating component for those who will prosper under these circumstances will be the degree to which they are prepared to meet the challenges.

    In this webinar Steve Durbin, Managing Director, ISF will discuss how business leaders and their security teams can address the prevalent emerging threats in the context of:
    •The Race for Technology Dominance
    •Third Parties, Internet of Things (IoT) and the Cloud
    •Cybercrime
  • Securing the IoT: Taming the Connected World Recorded: Nov 18 2019 40 mins
    Andy Jones, Distinguished Analyst, ISF
    The Internet of Things (IoT) has exploded into the connected world and promises much, from enabling the digital organisation to making domestic life richer and easier.

    On Monday 18th November at 1pm BST, Andy Jones, Distinguished Analyst for the Information Security Forum, will introduce the publicly available briefing paper on the Internet of Things.

    Targeted for those who are engaged with the IoT, either in the deployment of industrial or consumer IoT or in their manufacture or retail this webcast will cover:

    1. definitions of the IoT
    2. technical characteristics
    3. fundamental security issues
    4. emerging security practice
    5. legal and regulatory landscapes
  • Beyond the Phish: A Snapshot of End-User Behaviour Recorded: Oct 23 2019 47 mins
    Gretel Egan, Security Awareness Training Strategist, ProofPoint
    Phishing is one of InfoSec's long-standing threats. But for cybercriminals, email is just one entry point of many. How can you better prepare you and other end users in your organization for cybersecurity threats beyond email-based social engineering?

    During this session, we will share results from the Proofpoint’s Beyond the Phish® Report, which examines end-user understanding of a broad range of cybersecurity topics and best practices. The report features an analysis of data related to nearly 130 million cybersecurity questions and offers insights into employee knowledge levels across 14 categories, 16 industries, and more than 20 commonly used department classifications.

    We’ll share:

    - The importance of assessing and training end-users about cybersecurity threats beyond email-based social engineering
    - The strengths and weaknesses among end-users across 14 cybersecurity topics, highlighting how end-user knowledge levels vary across industries which provides a benchmark to compare readiness within your organization
    - A more holistic view of susceptibility by looking beyond knowledge assessments and training activities to discover how this data can differ from simulated phishing attacks
    - How you can use this information to reduce the risk of successful cyber attacks within your organization
  • Improving cyber risk conversations with the Board Recorded: Oct 16 2019 48 mins
    Simon Marvell, Partner, Acuity Risk Management
    According to McKinsey most IT and security executives use manually compiled spreadsheets to report cyber risk data to their Boards; unsurprisingly many Boards are dissatisfied with the reports they receive. Consequently, Boards struggle to get a sense of the overall cyber risk status of the organisation.

    With global spending on cyber security products and services increasing at 8.7% a year, Boards also need assurance that their budgets are being spent well.

    This webinar will provide practical examples of how, with the introduction of some quantitative risk assessment techniques, security leaders can start to improve their conversations with the Board.

    Specifically, the session will demonstrate:

    •Forecasting future financial loss exposure from cyber events
    •Prioritisation of security programmes in terms of forecast reduction in financial loss exposure
    •Evaluating the RoI of security investment proposals.
    The webinar will conclude with some suggestions on how security leaders can start to introduce these techniques and then evolve them through monitoring and continual improvement.
  • Combining human-centred approaches with AI in information security Recorded: Oct 9 2019 45 mins
    Richard Absalom & Daniel Norman
    In the majority of data breaches, human error is blamed. Humans are frequently regarded as the ‘weakest link’ in information security, but organisations have not aimed to understand the reasons why humans make mistakes and are easily coerced by attackers.

    Organisations can take both human-centred and technological steps to mitigate human fallibility: encouraging good security practice at the same time as deploying intelligent systems that learn and analyse activity and behaviour, providing alerts when an attack is imminent.

    In this webinar, ISF research analysts Daniel Norman and Richard Absalom will:

    •explain why humans are a weak link in security but also a key part of the solution – and how human-centred techniques can help
    •provide clarity on what AI really is, and what it can and cannot do for information security
    •pose questions on the extent to which AI could and should monitor networks and people to provide security.
  • Data Protection 2020 - The risk of personal data exposure Recorded: Oct 1 2019 46 mins
    Stephane Charbonneau, Founder & Chief Technology Officer for Titus
    The risk of exposure of personal data has become a growing concern to organizations globally throughout the last several years. While many organizations have made efforts to build a culture of privacy and perhaps a security ecosystem that supports that, many challenges remain on the execution of mitigating such a concern.
    For those organizations who have yet to build out such a program, and those who have done so unsuccessfully, the question becomes, how can we create a privacy program that works for our business?
    The journey to a robust privacy solution has several requirements.
    Join Stephane Charbonneau, Founder & Chief Technology Officer for Titus to learn:
    •Data Protection 2020, the risk of personal data exposure
    •How to ensure compliance with an ever-changing regulatory mandate landscape
    •How to enable a frictionless user experience and optimized workflow to your end users
    •How to tie the technologies in your privacy ecosystem together to protect your most valuable data.
Live monthly webcasts for CISO’s and business leaders
Steve Durbin, Managing Director of ISF Ltd and ISF analysts will present the ISF webinar series: "In pursuit of the secure organisation..."
We will be sharing thought leadership and practical guidance drawn from ISF Members, which include many of the world’s leading Fortune and Forbes listed organisations) on how to address cyber, information security and risk management issues facing businesses and their security teams.

1. Emerging Cyber Threats (ISF Threat Horizon annual series)
2. The role of the CEO and business leaders in cyber security
3. Being a successful CISO
4. Cyber-attack trends
5. Critical Asset Management
6. Data breach prevention
7. Supply chain
8. Insider Threat and the role of the end user

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Threat Intelligence on a budget: using Open Source Intelligence (OSINT) wisely
  • Live at: May 14 2020 12:00 pm
  • Presented by: Gareth Haken, Senior Analyst, ISF
  • From:
Your email has been sent.
or close