Industry experts from some of today's top security companies offer their thought leadership and expertise to help tackle current security threats and challenges.
Defending Against Advanced Cyberthreats and APTs
Advanced persistent threat (APTs) are no longer associated exclusively with government agencies. They're now a very real threat to many organizations in various industry sectors. Unfortunately, most existing technologies can no longer keep up with the increasing amount of threats perpetrated against them.
This webcast clarifies the nature of APT risks and provides recommendations on how organizations can better protect themselves. Topics include:
Register to view the webinar today.
- The 7 Stages of Advanced Threats
- How to Defend Against Advanced Threats
- How Websense is playing a leading role in APT defenses
Or download our new whitepaper, "5 Essentials to Protect against APTs.”
Enabling Fast Responses to Security Incidents with Threat Monitoring
Combating today's cybercriminals requires insight into advanced threats and improved responsiveness to the threats that most current defenses are missing.
As a result, many IT departments are looking for tools that can provide visibility into infected systems, blended attacks, call-home communications, data exfiltration and other advanced threats. This webcast examines the value of threat monitoring and highlights how the new Websense® TRITON® RiskVision™ solution can quickly improve your security posture without disrupting productivity.
- Why IT needs hands-on tools for threat monitoring
- How targeted attacks operate across the 7 stages of advanced threats
Register to view the webinar today.
- How Websense TRITON RiskVision provides unrivaled insight into advanced threats, data theft and data loss — plus actionable reporting and malware analysis
How a Hacker Breaks An Application with Vulnerability Chaining
In any given application, vulnerabilities can range from a minor case of Information Leakage to major Insufficient Authorization/Authentication, and anywhere in between. With such a wide range of vulnerabilities it is easy to see how, say, an issue with Insufficient Anti-Automation can be minor. However, a malicious attacker will more than likely focus on multiple vulnerabilities; this tactic can exploit seemingly minor vulnerabilities and result in a much more dangerous exploit. Thus, it is clear that apparently "minor” vulnerabilities can be used in combination with more "dangerous” finds to create a truly devastating attack that could compromise an entire application.
Caleb Brinkman - Application Security Researcher, WhiteHat Security
Caleb Brinkman is an application security specialist working in the R&D engineering department at WhiteHat Security. Caleb has been programming since before high school with a focus on video games and security.
Click here to register.
Leveraging Firsthand Feedback from Hackers to Mitigate Risks
Real Hacker Methods Revealed
What can the IT security community learn from a "blackhat" who says he’s decided to go legit?
While many IT security professionals shy away from listening to anything from the dark side, much can be learned from knowing your adversaries and what makes them tick.
Join this webinar to learn insights into where your defense strategy might be at risk and what methods hackers are deploying to thwart current security measures. We will also cover how this attack information is used to build defense strategies.
We’ll discuss the following aspects:
- What motivates hackers
- Gain insight to devise better solutions or to abandon failed technologies
- What attacks are really being used in the wild
- How the hacker mind sees the world
- How security researchers leverage this attack intel
- Tracking attacks and deploying protection strategies
Robert Hansen - Director of Product Management, WhiteHat Security
Robert Hansen (CISSP) is the Director of Product Management at WhiteHat Security. Mr. Hansen has co-authored "XSS Exploits" and wrote the eBook, "Detecting Malice." Robert is a member of WASC, APWG, IACSP, ISSA and has contributed to several OWASP projects.
Matt Johansen - Manager, WhiteHat Security Threat Research Center (TRC), WhiteHat Security
Matt Johansen is a manager for WhiteHat Security’s Threat Research Center (TRC). Matt began his career as a security consultant for VerSprite, where he was responsible for performing network and web application penetration tests for clients. He then took at role at WhiteHat as an application security specialist for the TRC and quickly rose through the ranks. He currently manages more than 40 at the company’s Houston location.
Click here to register.
Defend Against Modern Botnet Attacks
Live Event: Wednesday, July 31, 2013, 2:00 pm ET
Modern Botnets are menacing vehicles for executing volumetric DDoS, spam, and phishing attacks that devastate the revenues and reputations of organizations worldwide.
To defend against these advanced attacks, enterprises, government agencies, and service providers must understand how Botnets have evolved and how today’s centralized large-scale threats spread and operate.
Along with recognizing the signatures of command and control centers, IT professionals must:
- Proactively challenge security defenses to ensure systems and services can detect and respond to attacks quickly
- Simulate realistic threat scenarios with good and bad traffic
- Launch a battery of attacks across all phases of a Botnet lifecycle
Speaker: Tim Wickham - Systems Engineer, Security Products, Ixia
Tim joined Ixia during its acquisition of BreakingPoint in 2012 having spent nearly seven years specializing in information security and L4-7 technology testing. Prior to that, he worked at TippingPoint, which has since been acquired by HP, as a Systems Administrator, Network Engineer, Security Engineer and Director of Operations for Japan/Korea.
Make sure you attend "Defend Against Modern Botnets” for an update on malicious activities and latest strategies for assessing and strengthening your company’s defenses. Click here to register. *Please note: You will need to use your Registration Password IxWebin when prompted.
How Blue Shield of California Successfully Controls Trust and Risk
Mike Wolf, Senior Security Architect, Blue Shield of California
Overview: At the RSA Conference 2013 in San Francisco, Mike Wolfe, Senior Security Architect at Blue Shield of California, shared the steps his company took to dramatically update their PKI infrastructure and trust-instrument controls in order to improve security and reduce risk.
When it comes to trust management, he says, "You don’t know what you don’t know, and what you don’t know can definitely hurt you.”
Find out how Blue Shield of California:
- Built a PKI infrastructure with a high level of assurance
- Documented processes and assigned responsibilities
- Reduced security risk across the enterprise
- Defined a security roadmap for the future
Live Panel Webcast: Quick Wins and Top Tips for DLP Success
Protecting data has become "job one" in today’s organizations. Data loss and data theft are simply too costly and disruptive to ignore. Yet because data loss prevention (DLP) projects can be complex, time consuming and expensive, they have come to be viewed as a "necessary evil."
It doesn’t have to be that way. With the correct approach, DLP can be rolled out quickly and effectively, providing meaningful protection in months, not years.
Join an expert panel for this Websense® Office of the CSO webcast to get an insider’s view on preventing data loss effectively, affordably and readily.
Date/Time: Tuesday, July 23, 2013, 10 a.m. PDT
Our Expert Panel:
- Rich Mogull - Analyst & CEO, Securosis
- Jason Clark - Chief Security & Strategy Officer, Websense, Inc.
- Neil Thacker - Information Security & Strategy Officer, Websense, Inc.
What You Don’t Know CAN Hurt You: Eliminating Cyber Security Blind Spots and Optimizing Incident Response
Date: June 24, 2013
Time: 10 a.m. PT / 1 p.m. ET
Click here to register today!
The traditional cyber security infrastructure is riddled with blind spots…open doors for threats we can’t see, because the tools we traditionally rely on can’t see them. Detecting data leakage your DLP misses, detecting the new malware your IDS and antivirus don’t recognize, and monitoring traveling and telecommuting employees -- whether they’re logged into your network or not -- are all tremendous challenges for organizations. This is because the traditional cyber security model is piecemeal and dangerously inefficient. For most organizations, their ability to detect threats ends with their DLP and signature-based prevention and alerting tools. Then when a compromise is detected, incident responders rely on a variety of disparate tools and meet in person to share and correlate findings.
Join Dale Beauchamp, branch manager in the information assurance and cyber security division of the TSA, and Jason Mical, vice president of cyber security at AccessData Group as they describe how the cyber security model is evolving and discuss the capabilities that are required to overcome these detection and response obstacles. Beauchamp and Mical will review and advise on the following:
- Investing in detection and response vs. prevention
- The need for technology that picks up where signature-based prevention and alerting tools leave off
- Achieving rapid response through integrated analysis
- Proactive detection – the final frontier – what it takes to detect unknown threats and malicious insiders before damage is done
- Implementing real-time collaboration among all information security teams with reporting up and down the chain of command
MEET THE PRESENTERS…
Dale Beauchamp, Branch Manager, Focused Operations, Office of Information Technology, Information Assurance and Cyber Security Division, Transportation Security Administration
Dale Beauchamp, currently serves as Branch Manager, Focused Operations for the Office of Information Technology, Information Assurance and Cyber Security Division. Dale provides oversight for Computer Network Defense, Forensics, Advanced Persistent Threat and e-Discovery for TSA. Dale previously served as Senior Forensics and Intrusions Instructor for the Defense Cyber Training Academy. As an instructor for DCITA he developed and delivered courses for federal state and local law agencies engaged in the investigation of high technology crime and intelligence gathering. Dale has seven years law enforcement experience as a Maryland State Trooper. As a Trooper he was assigned to the Computer Crime section where he worked as a Computer Forensic Investigator providing, detailed digital forensics analysis support to a host of criminal and administrative investigations. Dale has a Bachelor of Science degree from the University of Baltimore in Business Administration.
Jason Mical, Vice President of Cyber Security, AccessData Group
As Vice President of Cyber Security, Jason is responsible for the global management of AccessData’s cyber intelligence and incident response solutions and assists AccessData’s clients with the assessment of IT risk reduction in such areas as electronic intercepts, intrusion analysis, virus detection, incident response, privacy, asset management, policies, standards and guidelines. Jason also offers his expertise and consulting services to clients and other audiences on issues of electronic, computer and physical security investigations.
Jason has more than 25 years experience in telecommunications fraud prevention, physical security management and network security investigations. During his career, he has developed and implemented overall network security, physical security and fraud control programs for several global organizations. He has also developed security and fraud awareness training seminars used to educate employees, as well as federal, state and local law enforcement officials, and has established and operated security incident response teams and forensic investigation units for several large enterprise organizations. Jason has been an active member with the FBI Infraguard, United States Secret Service Electronic Crimes Task Force, ISSA, HTCIA, ASIS, ANSIR and CTIA Fraud Task Forces.
Click here to register today!
Why Java Exploits Remain a Top Security Risk
Most Java installations — 94 percent — are unpatched or outdated, making them insecure and a popular vehicle for cyberthreats. Yet updating Java installations is not always an option — it might actually break the mission-critical web applications your employees need to do their jobs.
This webinar will show you how to increase your organization’s security while maintaining its productivity. It will explain Java’s role in today’s web-connected world and its exposure to being compromised, plus offer a variety of alternatives and best practices you can employ to mitigate risks.
You will learn:
- How to determine your organization’s exposure to Java exploits.
- Which security measures might address Java’s "zero-day" risks.
- Whether you really need Java on every system, and what your options are.
Cybercriminals are quick to exploit most Java vulnerabilities. Fortunately, you can take steps to identify your options and mitigate the risk. This webinar will show you how.
View the Webinar today.
On Demand Webinar: Cost of Failed Trust – Attacks of Failed Key & Certificate Management
- Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute
- Jeff Hudson, CEO, Venafi
Overview: APT attackers are using keys and certificates to infiltrate networks and steal data. With these attacks growing 600% year over year, organizations are woefully unprepared. First-ever research shows these attacks expose you to losses of up to $400 million over two years.
In this webinar, you will learn:
- Why trust established by keys and certificates is the perfect target of attack
- How keys and certificates are poisoned against your organization
- How the lack of visibility and inability to respond make keys and certificates the ideal APT attack vector
- What strategies can help improve the effectiveness of your APT strategy
to view the webinar.
- Chris Neely, EMEA Technical Director, Venafi
- Bill Hohle, PS Principal Consultant, Venafi
- Mark Miller, Customer Success Senior Manager, Venafi
Overview of presentation: You carefully protect information with the best security technologies, but data remains only as secure as the encryption keys and certificates that safeguard it. Do you know how many certificates your organization has, where they are and how they’re managed?
This webinar will give you an understanding of Enterprise Key and Certificate Management (EKCM) and with case studies from your peers, will help you to understand how to:
- Maximize system availability and avoid outages
- Secure critical information
- Achieve and maintain compliance
- Recover quickly from CA compromise
- Reduce costs
Venafi is the inventor of and market leader in Enterprise Key and Certificate Management (EKCM) solutions. Venafi delivered the first enterprise–class solution to automate the provisioning, discovery, monitoring and management of digital certificates and encryption keys—from the datacenter to the cloud and beyond—built specifically for encryption management interoperability across heterogeneous environments. Venafi products reduce the unquantified and unmanaged risks associated with encryption deployments that result in data breaches, security audit failures and unplanned system outages.Click here
to view the webinar.
Discover the Cost of Failed Trust: Attacks That Could Cost You $400 Million
Every enterprise is potentially risking upwards of $400 million from attacks against cryptographic keys and digital certificates—yet few enterprises are managing these critical resources.
Rather than learn about these emerging attacks by falling victim yourself, discover them in Ponemon Institute’s First Annual Cost of Failed Trust Report.
The ground-breaking report unearths a vast vulnerability—thousands of unmanaged keys and certificates—that hackers are already exploiting. Discover the critical cloud technology that you need to secure. Learn about a common, but easily-preventable attack against trust.
Download the report
The New York Times fell for a spear-phishing attack. Could your organization?
You’ve probably read the news: The New York Times recently acknowledged it had been under attack by China-based hackers for months. In its own report, the newspaper noted, "[investigators] suspect the hackers used a so-called spear-phishing attack.”
"Would I be able to recognize a spear-phishing attack?” That's what employees—and especially executives—are asking. They want to know how to ensure that a seemingly harmless email doesn’t put them in the headlines.
Find out how to protect yourself against spear-phishing and other advanced threats.
Then take the Operation Spear Phish Challenge
to test your knowledge.
Forrester Research: Kill Your Data To Protect It From Cybercriminals Whitepaper
As cybercriminals have become more skilled and sophisticated, the effectiveness of traditional perimeter-based security controls have become eroded. As a result, encryption has become a strategic cornerstone for security and risk management.
This whitepaper shares best practices about how you can make cybercriminals bypass your network and look for less robustly protected targets, and addresses why key and certificate management is becoming the benchmark for effective security and compliance.
Download now to learn:
- Why valuable data should be encrypted to remove the hacker’s threat
- Why key management is the most important component of your enterprise encryption strategy
- Best practices and standards for managing encryption keys across your infrastructure (data center, cloud, mobile)
- Next steps for security and compliance risk remediation
Download Kill Your Data to Protect it From Cybercriminals
and protect your data from cybercriminals and your organization from failed security audits.
Forrester Research: Why Encryption Key Management is the New Strategic Milestone
Join speaker John Kindervagg of Forrester Research, Inc. and Jeff Hudson of Venafi for an informative on-demand webinar, "Emerging Threats and Ubiquitous Encryption."
This webinar shares best practices and real-world case studies, and addresses why key and certificate management is becoming the benchmark for effective security and compliance.
View now to learn:
1. Why valuable data should be encrypted to remove the hacker's threat
2. Why key management is the most important component of your enterprise encryption strategy
3. How the world's leading, Fortune-ranked organizations address key management
4. Best practices and standards for managing encryption keys across your infrastructure (data center, cloud, mobile)
5. Next steps for security and compliance risk remediation
View this valuable webinar now and protect your data from cybercriminals and your organization from failed security audits.
As an added bonus, view now, and you'll also receive access to a July 2012 Forrester Research, Inc., report from John Kindervag, Principle Security and Risk Analyst,"Kill Your Data to Protect it From Cybercriminals".
7 Security Trends to Watch Out for in 2013
Information security continues to grow more complex, and 2013 will be no exception. Using data from the Websense Threatseeker network, which gathers information from over 900 million global endpoints and analyzes up to 5 billion content requests per day, our Security Labs™ team developed these 7 predictions to provide insight into key threats to prepare for in 2013. We encourage you to use these 7 predictions to review your current defenses and identify security gaps in 2013 and beyond.
Our 7 predictions include:
- Why more cross-platform threats will be targeted at mobile devices
- How legitimate mobile app stores will host more malware in 2013
- Why government-sponsored cyber-attacks will likely increase
All webinar attendees will also receive a copy of the full 2013 Predictions Report, which also includes spotlight articles on Mobile Security, Email Security and Java Exploits.
Click hereto view this free webcast.
DLP 3.0 Redefining Data Protection in the Age of Combined Threats
Date: Wednesday, January 30, 2013
Time: 12 Noon EST
DLP 3.0 defines data protection in terms of the combined risks and threats that companies must be able to identify, measure, and mitigate in order to protect their most critical data. Companies who do not or cannot take this foundational and holistic approach to data protection are at serious risk to experience a breach and suffer the expensive consequences.
In this web seminar you will learn:
- DLP 3.0, what has changed and what you must know
- Effective strategies for building a DLP 3.0 program
- The technology requirements for DLP 3.0
- Your Next Steps in meeting the DLP 3.0 challenge
to register for this webinar.
How to Reduce Your Organization’s Exposure to Phishing
Date/Time: Friday, December 14, 2012, 2 p.m. (EDT)
Speakers: Christian Kirsch, Product Marketing Manager, Rapid7 and Joe Dubin, Product Manager, Rapid 7
Phishing is often the initial attack vector of a data breach. Many organizations already conduct end-user trainings and implement technical security controls to protect their data. The challenge is to know how much the organization is exposed to phishing and which countermeasures actually reduce risk.
In this webinar for IT and security professionals, Christian Kirsch and Joe Dubin discuss how you can reduce your organization’s exposure to phishing attacks by gaining quick insight of risks and addressing them on technical and training levels.
You will learn about:
- Simulating a phishing attack to get a fast overview of your risk exposure.
- Identifying where your organization is the most vulnerable.
- Providing security awareness training and tweaking technical controls based on your insights.
to register for this free webcast.
BYOD Accelerated: What You Need to Know to Keep Your Mobile Devices Secure
Date/Time: Thursday, November 29, 2012, 2 p.m. (EDT)
Speaker: Saj Sahay, Senior Director of Product Marketing, Mobilisafe, Rapid7
The Bring Your Own Device trend is coming fast and furious - according to Gartner Research, over 800,000,000 mobile devices were sold in 2011, and that is expected to grow to over 1 billion in 2012. Enabling BYOD is a known driver of employee productivity, but it also creates significant organizational security risk. Eliminating these risks is now a top concern for most organizations, but there are inherent complexities with the mobile ecosystem, evolving employee behavior, and lack of adequate knowledge of mobility at most organizations that make securing mobile devices a difficult undertaking.
Join Rapid7 on Thursday, November 29 at 2:00 p.m. EST for a free webcast on the top challenges with securing mobile devices. The webcast will address top security concerns and challenges including controlling user behavior, mobile device vulnerability patching, dealing with lost or stolen devices and managing multiple device platforms.
The presentation will also include a live demonstration of Mobilisafe, Rapid7’s mobile risk management solution.Register Now - Space is Limited!
Data Breach 2012: Preparation, Response and Effective Communication with the C-Suite
Data breaches abound in 2012 and security professionals have done a good job raising awareness in the C-Suite, but more can be done. This presentation gives you an overview of some of the more noteworthy breaches this year, discusses trends, the legal landscape, how to plan for a breach and get buy-in from the C-Suite.
Speaker: Tom Hibarger is Managing Director in the Washington, DC office of Stroz Friedberg, a digital risk management and investigations firm. Prior to joining Stroz Friedberg, Mr. Hibarger was an Assistant U.S. Attorney in Washington, DC, most recently serving as the Chief of the Criminal Division. Prior to that, Mr. Hibarger was a Computer Hacking and Intellectual Property (CHIP) prosecutor. He is a member of the Georgetown University Law Center Cybersecurity Law Institute Advisory Board and recently lectured at the 2012 Virginia Information Technology Legal Institute on Ethical Issues Related to Cybersecurity.
Interested in showcasing your organization's thought leadership through the ISSA Industry Webinar Sponsorship program?
Please contact Vendor Relations at ISSA International Headquarters.