SlideShare a Scribd company logo

Scalar Security Roadshow April 2015

Scalar Decisions
Scalar Decisions

Presentations from Scalar's Security Roadshow in Toronto and Vancouver in April of 2015. Featuring Bromium, WhiteHat and LogRhythm.

Technology
1 of 33
Download to read offline
SCALAR SECURITY APRIL 2015 www.scalar.ca
Earlier this month, we had over 150 people join us in Toronto and Vancouver as our technical team demonstrated some of the best security defence technologies on the market today. We focused on defence in three key areas: ENDPOINT APPLICATION NETWORK
WHY? We studied the Canadian market and…
Believe they are winning the Cyber Security war Suffered a breach leading to loss or disclosure of sensitive data Average annual number of attacks Average cost to address a security breach 41% 46% 34 $200,000
High performing organization have 25% less breaches by… DEFENDING
DEFEND THE . . .
DEFEND THE ENDPOINT
WHY BROMIUM? Open anything, from anyone, anywhere…
ANY CO. PLC THEM vs US
Prioritize Focus The key security threat channels are Web and Email. The key threat vectors are web- links and downloaded files. Your security posture is significantly improved by negating the key security issues of users clicking malicious web-links and opening infected attachments. &
Endpoint Isolation Technology Untrusted user tasks and any malware are isolated in a super-efficient micro-VM. All micro-VMs destroyed, eliminating all traces of malware with them.
Interested in learning more about ? Contact us here.
DEFEND THE APPLICATION
WHY WHITEHAT? Application security testing leader with over 30,000 sites under management
• Integrates into your development process • Directly connects to source code repository • Designed for Agile • Your code stays onsite • Verified vulnerabilities avoid false positives • Assesses partial code, as often as needed SAST – “Sentinel Source” Static Testing
• Assesses both iOS and Android applications • Tests native mobile code and server-side APIs • Identifies critical vulnerabilities including OWASP Mobile Top 10 • Verified findings: • Zero false positives reduce overhead for developers • Results prioritized by risk • Covers traffic analysis between client and server-side Sentinel Mobile – Secure Mobile Devices
•Non-intrusive, non-disruptive, 24x7 coverage •Meets and exceeds PCI 6.5/6.6 requirements •Full service and support included in all offerings •Unlimited retests, integration support, and remediation guidance at no additional charge •Persistent, consistent testing and results DAST – Dynamic Application Testing
Application Security Lifecycle Integrated Application Security Lifecycle Software Development Lifecycle SAST
Continuous Testing • Full SDLC coverage: training, development, QA, and production • Stop using Tiger teams! Expert hands-on guidance from the Threat Research Center • 100% verified vulnerabilities, 0 false positives • 150+ security engineers available by phone/email/WebEx Retest, Retest, Retest • Trending of vulnerabilities across time and continuous assessment of deployment How to Remediate Vulnerabilities
Baseline Edition (Static Webpages) • Unauthenticated, Verified Results Standard Edition (Directed/Opportunistic) • Custom configured logins and multi-step sequences • Comprehensive coverage for technical vulnerabilities Sentinel PE (Fully Targeted / High Risk) • Ideal for high impact sites with sensitive user and financial information • Technical and business logic vulnerabilities, complete WASC v2 How Deep to Test?
• Web & PDF Based • Bi-Directional XML API • Integration with popular technologies like Jira, Archer, F5 & Imperva Flexible Reporting
Interested in learning more about ? Contact us here.
DEFEND THE NETWORK
WHY LOGRHYTHM? Global leader in security intelligence and analytics empowering organizations to rapidly detect, respond, and neutralize cyber threats.
Retail Cyber Crime Module • New processes • New authentications • New FIM access events • Any FIM modification event • Any DLD activity • New common event • New network activity Use Case: Detect compromised back office systems Details: Identify suspicious changes on back office systems and the network activity they generate AIE Rules look for:
Data Classification LogRhythm not only structures incoming data, but adds contextual information such as: • Classification • Common Event • Risk Score Reduces time required for analysis and ensure query results are complete Provides deep intelligence on more than 600 different systems, devices, apps, databases, etc… • 20-30 added each quarter
Scenario Building Blocks Log Observed Log Not Observed Log Not Observed Scheduled Threshold Observed Threshold Not Observed Threshold Not Observed Scheduled Unique Value Observed Unique Value Not Observed Unique Value Not Observed Scheduled Whitelist Trend Statistical
The Platform for Security IntelligenceInput Analytics Output
Privileged User Monitoring • New admin activity • Mass object deletion • Users added to privileged group • Recently disabled privileged account activity Use Case: Detect a rogue administrator account Details: Identify when a privileged user is abusing authority, indicating either insider threat activity or compromised credentials AIE Rules look for:
Analytics Modules • Industry experts • Machine data intelligence • Security compliance • Advanced Threat Research Rapid-Time to-Value Knowledge • Embedded expertise • Ready-to-use content • Frequent, automatic updates • Knowledge aligned to organizational goals • Quick benefit recognition • Ongoing additional value
Interested in learning more about ? Contact us here.
Is your company High Performing? Find out in our 2015 Security Study . Download here.
facebook.com/scalardecisions @scalardecisions linkedin.com/company/scalar-decisions slideshare.net/scalardecisions Connect with us!

Recommended

Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6
Scalar Decisions
 
Optimize IT Infrastructure
Optimize IT InfrastructureOptimize IT Infrastructure
Optimize IT Infrastructure
Scalar Decisions
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Decisions
 
Scalar cloud study2016_slideshare
Scalar cloud study2016_slideshareScalar cloud study2016_slideshare
Scalar cloud study2016_slideshare
Scalar Decisions
 
Scalar - a brief introduction
Scalar - a brief introductionScalar - a brief introduction
Scalar - a brief introduction
Scalar Decisions
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
Scalar Decisions
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
centralohioissa
 

Recommended

Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6Cloud Perspectives - Ottawa Seminar - Oct 6
Cloud Perspectives - Ottawa Seminar - Oct 6
Scalar Decisions
 
Optimize IT Infrastructure
Optimize IT InfrastructureOptimize IT Infrastructure
Optimize IT Infrastructure
Scalar Decisions
 
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Security Roadshow: Toronto Presentation - April 15, 2015
Scalar Decisions
 
Scalar cloud study2016_slideshare
Scalar cloud study2016_slideshareScalar cloud study2016_slideshare
Scalar cloud study2016_slideshare
Scalar Decisions
 
Scalar - a brief introduction
Scalar - a brief introductionScalar - a brief introduction
Scalar - a brief introduction
Scalar Decisions
 
Keys to success and security in the cloud
Keys to success and security in the cloudKeys to success and security in the cloud
Keys to success and security in the cloud
Scalar Decisions
 
Jack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security MetricsJack Nichelson - Information Security Metrics - Practical Security Metrics
Jack Nichelson - Information Security Metrics - Practical Security Metrics
centralohioissa
 
Ofer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World CasesOfer Maor - Security Automation in the SDLC - Real World Cases
Ofer Maor - Security Automation in the SDLC - Real World Cases
centralohioissa
 
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
centralohioissa
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
Graeme Wood
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloud
Julian Knight
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
CloudHesive
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption?
Digital Transformation EXPO Event Series
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
Sherry Jones
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
centralohioissa
 
Runecast Analyzer Overview
Runecast Analyzer OverviewRunecast Analyzer Overview
Runecast Analyzer Overview
Stanimir Markov
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Jason Mashak
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
Forcepoint LLC
 
Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption
Dell World
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Cloudflare
 
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Jason Mashak
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mr
ISSA LA
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud Secure
Cprime
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
Yusuf Hadiwinata Sutandar
 
Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-management
Amit Bhargava
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
AlgoSec
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
Digital Bond
 
Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
xband
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
Vladyslav Radetsky
 

More Related Content

What's hot

Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
centralohioissa
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
centralohioissa
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
Graeme Wood
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
Sherry Jones
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Jason Mashak
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Cloudflare
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mr
ISSA LA
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud Secure
Cprime
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
AlgoSec
 

What's hot (20)

Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At OddsJervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Odds
 
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Security and governance in the cloud
Security and governance in the cloudSecurity and governance in the cloud
Security and governance in the cloud
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption? CASB — Your new best friend for safe cloud adoption?
CASB — Your new best friend for safe cloud adoption?
 
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJNIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
NIST Cyber Security Framework: 4 Steps for CIOs - Deloitte CIO - WSJ
 
Robert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software DesignRobert Hurlbut - Threat Modeling for Secure Software Design
Robert Hurlbut - Threat Modeling for Secure Software Design
 
Runecast Analyzer Overview
Runecast Analyzer OverviewRunecast Analyzer Overview
Runecast Analyzer Overview
 
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Runecast: Simplified Security with Unparalleled Transparency (March 2022)
Runecast: Simplified Security with Unparalleled Transparency (March 2022)
 
CASB: Securing your cloud applications
CASB: Securing your cloud applicationsCASB: Securing your cloud applications
CASB: Securing your cloud applications
 
Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption Cloud security: Accelerating cloud adoption
Cloud security: Accelerating cloud adoption
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
 
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)
 
Issa symc la 5min mr
Issa symc la 5min mrIssa symc la 5min mr
Issa symc la 5min mr
 
How to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud SecureHow to Keep your Atlassian Cloud Secure
How to Keep your Atlassian Cloud Secure
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
 
Enterprise policy-management
Enterprise policy-managementEnterprise policy-management
Enterprise policy-management
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 

Similar to Scalar Security Roadshow April 2015

DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513
Tiffeny Price
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
Jyothi Satyanathan
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
Qualys
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
Norm Barber
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 

Similar to Scalar Security Roadshow April 2015 (20)

Complete Endpoint protection
Complete Endpoint protectionComplete Endpoint protection
Complete Endpoint protection
 
MID_SIEM_Boubker_EN
MID_SIEM_Boubker_ENMID_SIEM_Boubker_EN
MID_SIEM_Boubker_EN
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513
 
Smart security solutions for SMBs
Smart security solutions for SMBsSmart security solutions for SMBs
Smart security solutions for SMBs
 
Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
CSO CXO Series Breakfast
CSO CXO Series BreakfastCSO CXO Series Breakfast
CSO CXO Series Breakfast
 
Automating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and ComplianceAutomating Critical Security Controls for Threat Remediation and Compliance
Automating Critical Security Controls for Threat Remediation and Compliance
 
Cyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO DayCyber Security in the market place: HP CTO Day
Cyber Security in the market place: HP CTO Day
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
Karunia Wijaya - Proactive Incident Handling
Karunia Wijaya - Proactive Incident HandlingKarunia Wijaya - Proactive Incident Handling
Karunia Wijaya - Proactive Incident Handling
 
Managed Security Services from Symantec
Managed Security Services from SymantecManaged Security Services from Symantec
Managed Security Services from Symantec
 
Week 09_Cyber security u.pdf
Week 09_Cyber security u.pdfWeek 09_Cyber security u.pdf
Week 09_Cyber security u.pdf
 
How to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVaultHow to Solve Your Top IT Security Reporting Challenges with AlienVault
How to Solve Your Top IT Security Reporting Challenges with AlienVault
 
5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability5 Steps to Reduce Your Window of Vulnerability
5 Steps to Reduce Your Window of Vulnerability
 
Many products-no-security (1)
Many products-no-security (1)Many products-no-security (1)
Many products-no-security (1)
 
Enterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and complianceEnterprise under attack dealing with security threats and compliance
Enterprise under attack dealing with security threats and compliance
 
Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.Cyber Security protection by MultiPoint Ltd.
Cyber Security protection by MultiPoint Ltd.
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​
 

More from Scalar Decisions

More from Scalar Decisions (20)

La transformation numérique de Scalar
La transformation numérique de ScalarLa transformation numérique de Scalar
La transformation numérique de Scalar
 
Digital Transformation
Digital TransformationDigital Transformation
Digital Transformation
 
2017 Scalar Security Study Summary
2017 Scalar Security Study Summary2017 Scalar Security Study Summary
2017 Scalar Security Study Summary
 
2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow2016 Scalar Security Study Roadshow
2016 Scalar Security Study Roadshow
 
Résumé de l’étude sur la sécurité de Scalar 2016
Résumé de l’étude sur la sécurité de Scalar 2016Résumé de l’étude sur la sécurité de Scalar 2016
Résumé de l’étude sur la sécurité de Scalar 2016
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...
 
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.
 
Web scale with-nutanix_rev
Web scale with-nutanix_revWeb scale with-nutanix_rev
Web scale with-nutanix_rev
 
Cloudforms Workshop
Cloudforms WorkshopCloudforms Workshop
Cloudforms Workshop
 
Scalar Case Study: Strong Project Management Helps McMaster University Succes...
Scalar Case Study: Strong Project Management Helps McMaster University Succes...Scalar Case Study: Strong Project Management Helps McMaster University Succes...
Scalar Case Study: Strong Project Management Helps McMaster University Succes...
 
XtremIO
XtremIOXtremIO
XtremIO
 
Hyperconverged Infrastructure: The Leading Edge of Virtualization
Hyperconverged Infrastructure: The Leading Edge of VirtualizationHyperconverged Infrastructure: The Leading Edge of Virtualization
Hyperconverged Infrastructure: The Leading Edge of Virtualization
 
The road to clustered data ontap.
The road to clustered data ontap.The road to clustered data ontap.
The road to clustered data ontap.
 
The Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian OrganizationsThe Cyber Security Readiness of Canadian Organizations
The Cyber Security Readiness of Canadian Organizations
 
Where Technology Meets Medicine: SickKids High Performance Computing Data Centre
Where Technology Meets Medicine: SickKids High Performance Computing Data CentreWhere Technology Meets Medicine: SickKids High Performance Computing Data Centre
Where Technology Meets Medicine: SickKids High Performance Computing Data Centre
 
Cyber Security trends and tactics for 2015
Cyber Security trends and tactics for 2015Cyber Security trends and tactics for 2015
Cyber Security trends and tactics for 2015
 
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am GamesScalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am Games
 
Scalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto PresentationScalar Security Roadshow - Toronto Presentation
Scalar Security Roadshow - Toronto Presentation
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 

Recently uploaded (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Scalar Security Roadshow April 2015

  • 2. Earlier this month, we had over 150 people join us in Toronto and Vancouver as our technical team demonstrated some of the best security defence technologies on the market today. We focused on defence in three key areas: ENDPOINT APPLICATION NETWORK
  • 4. Believe they are winning the Cyber Security war Suffered a breach leading to loss or disclosure of sensitive data Average annual number of attacks Average cost to address a security breach 41% 46% 34 $200,000
  • 5. High performing organization have 25% less breaches by… DEFENDING
  • 8. WHY BROMIUM? Open anything, from anyone, anywhere…
  • 10. Prioritize Focus The key security threat channels are Web and Email. The key threat vectors are web- links and downloaded files. Your security posture is significantly improved by negating the key security issues of users clicking malicious web-links and opening infected attachments. &
  • 11. Endpoint Isolation Technology Untrusted user tasks and any malware are isolated in a super-efficient micro-VM. All micro-VMs destroyed, eliminating all traces of malware with them.
  • 12. Interested in learning more about ? Contact us here.
  • 14. WHY WHITEHAT? Application security testing leader with over 30,000 sites under management
  • 15. • Integrates into your development process • Directly connects to source code repository • Designed for Agile • Your code stays onsite • Verified vulnerabilities avoid false positives • Assesses partial code, as often as needed SAST – “Sentinel Source” Static Testing
  • 16. • Assesses both iOS and Android applications • Tests native mobile code and server-side APIs • Identifies critical vulnerabilities including OWASP Mobile Top 10 • Verified findings: • Zero false positives reduce overhead for developers • Results prioritized by risk • Covers traffic analysis between client and server-side Sentinel Mobile – Secure Mobile Devices
  • 17. •Non-intrusive, non-disruptive, 24x7 coverage •Meets and exceeds PCI 6.5/6.6 requirements •Full service and support included in all offerings •Unlimited retests, integration support, and remediation guidance at no additional charge •Persistent, consistent testing and results DAST – Dynamic Application Testing
  • 18. Application Security Lifecycle Integrated Application Security Lifecycle Software Development Lifecycle SAST
  • 19. Continuous Testing • Full SDLC coverage: training, development, QA, and production • Stop using Tiger teams! Expert hands-on guidance from the Threat Research Center • 100% verified vulnerabilities, 0 false positives • 150+ security engineers available by phone/email/WebEx Retest, Retest, Retest • Trending of vulnerabilities across time and continuous assessment of deployment How to Remediate Vulnerabilities
  • 20. Baseline Edition (Static Webpages) • Unauthenticated, Verified Results Standard Edition (Directed/Opportunistic) • Custom configured logins and multi-step sequences • Comprehensive coverage for technical vulnerabilities Sentinel PE (Fully Targeted / High Risk) • Ideal for high impact sites with sensitive user and financial information • Technical and business logic vulnerabilities, complete WASC v2 How Deep to Test?
  • 21. • Web & PDF Based • Bi-Directional XML API • Integration with popular technologies like Jira, Archer, F5 & Imperva Flexible Reporting
  • 22. Interested in learning more about ? Contact us here.
  • 24. WHY LOGRHYTHM? Global leader in security intelligence and analytics empowering organizations to rapidly detect, respond, and neutralize cyber threats.
  • 25. Retail Cyber Crime Module • New processes • New authentications • New FIM access events • Any FIM modification event • Any DLD activity • New common event • New network activity Use Case: Detect compromised back office systems Details: Identify suspicious changes on back office systems and the network activity they generate AIE Rules look for:
  • 26. Data Classification LogRhythm not only structures incoming data, but adds contextual information such as: • Classification • Common Event • Risk Score Reduces time required for analysis and ensure query results are complete Provides deep intelligence on more than 600 different systems, devices, apps, databases, etc… • 20-30 added each quarter
  • 27. Scenario Building Blocks Log Observed Log Not Observed Log Not Observed Scheduled Threshold Observed Threshold Not Observed Threshold Not Observed Scheduled Unique Value Observed Unique Value Not Observed Unique Value Not Observed Scheduled Whitelist Trend Statistical
  • 28. The Platform for Security IntelligenceInput Analytics Output
  • 29. Privileged User Monitoring • New admin activity • Mass object deletion • Users added to privileged group • Recently disabled privileged account activity Use Case: Detect a rogue administrator account Details: Identify when a privileged user is abusing authority, indicating either insider threat activity or compromised credentials AIE Rules look for:
  • 30. Analytics Modules • Industry experts • Machine data intelligence • Security compliance • Advanced Threat Research Rapid-Time to-Value Knowledge • Embedded expertise • Ready-to-use content • Frequent, automatic updates • Knowledge aligned to organizational goals • Quick benefit recognition • Ongoing additional value
  • 31. Interested in learning more about ? Contact us here.
  • 32. Is your company High Performing? Find out in our 2015 Security Study . Download here.