Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing the Impact of a Breach
Encryption has been viewed as the ultimate way to protect sensitive data for compliance. But it has also been considered very complex to implement. Today, encryption is essential to meet compliance objectives, and has become much simpler to implement. The challenge is knowing when and where to use encryption, how it can simplify compliance, what controls need to be in place, and the options for good encryption key management. This session will cover the options for encryption and key management, what each provides, and their requirements. Encryption and key management topics include application-level encryption for data in use, network encryption of data in motion, and storage encryption for data at rest.
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
Infosecurity ISACA North America Expo and Conference will debut in New York City’s Javits Convention Center 20-21 November 2019. The event will leverage ISACA’s Cybersecurity Nexus (CSX) community and solutions with Infosecurity Group, Reed Exhibition’s immersive event series staged worldwide for the infosecurity industry.
Download Event Brochure
ISACA will bring experience developed since the 2015 launch of its CSX Conferences, expert workshop series, certification preparation sessions, and latest developments related to the CSX Training Platform, all to the new event programming. Infosecurity, which entered the North American conference arena in 2017, will build on its strengths in industry expositions, media, immersive learning and leadership networks.
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008.
http://www.codegate.org/
Many executives are concerned about the security of their data and network infrastructure. Join us and learn where your organization may have security gaps or be out of state or federal compliance. In this seminar, we will discover how a combination of good policies and the implementation of good, solid solutions can help you meet compliance requirements, and protect and secure your organization or business.
What i learned at the infosecurity isaca north america expo and conference 2019Ulf Mattsson
Infosecurity ISACA North America Expo and Conference will debut in New York City’s Javits Convention Center 20-21 November 2019. The event will leverage ISACA’s Cybersecurity Nexus (CSX) community and solutions with Infosecurity Group, Reed Exhibition’s immersive event series staged worldwide for the infosecurity industry.
Download Event Brochure
ISACA will bring experience developed since the 2015 launch of its CSX Conferences, expert workshop series, certification preparation sessions, and latest developments related to the CSX Training Platform, all to the new event programming. Infosecurity, which entered the North American conference arena in 2017, will build on its strengths in industry expositions, media, immersive learning and leadership networks.
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
NetIQ was a Platinum sponsor for “Plugging the Leaks: Finding and Fixing the IT Security Holes in Your Enterprise,” a virtual trade show (VTS) produced by Information Week Magazine and Dark Reading.
This was our presentation deck: "Proven Practices to Protect Critical Data" presented by Matt Mosley, Senior Product Manager, and Matt Ulery, Director of Product Management during a live presentation. They explored some of the most significant problems facing security teams tasked with protecting critical data. And, they will reveal some of the most effective approaches and technology that can be used to quickly identify real threats.
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008.
http://www.codegate.org/
Many executives are concerned about the security of their data and network infrastructure. Join us and learn where your organization may have security gaps or be out of state or federal compliance. In this seminar, we will discover how a combination of good policies and the implementation of good, solid solutions can help you meet compliance requirements, and protect and secure your organization or business.
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
Cyber terrorists are sophisticated, organized and disruptive to your business. How prepared are you? Explore the landscape of malicious actors most likely to strike your business and what you can do about it.
The views / opinions / assumptions expressed in this presentation/resource is for educational & research purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this material, nor anyone else affiliated in any way, is liable for your actions.
The purpose of this presentation is to share what is happening in cyber and what is possible...
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
Presentation to the Science and Technology Committee of the American Bar Association on legal issues associated with employers enabling employee Bring Your Own Device policies.
The trends continue to point upward for data incidents and 2013 is becoming a pace setter. The shifting regulatory landscape promises to add further complications for companies struggling to prepare for and respond to data privacy incidents.
This webinar will feature two leading data breach experts who have performed a two year trend analysis across hundreds of cases to offer a powerful and up-to-date perspective on what has happened and their predictions for the future. It will also cover how these factors are shaping regulations which are in turn influencing decision-making in the C-Suite.
Our featured speakers for this timely webinar will be:
-Bill Hardin, Director of Data Privacy Response & Investigations, Navigant
-Jennifer Coughlin, Privacy and Data Security Attorney, Nelson, Levine
-Gant Redmon, Esq. General Counsel and VP of Business Development, Co3 Systems
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Emerging application and data protection for multi cloudUlf Mattsson
Emerging Application and Data Protection for Multi-Cloud
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data - how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
Digital businesses are difficult to launch and run even without the challenge of security. And yet, digital business strategies are also being used by hackers to systematically go after lucrative targets. Following up on our release of the 2015 NTT Group Global Threat Intelligence Report, this executive summary highlights key findings from the report that affect today’s digital businesses.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
Cyber terrorists are sophisticated, organized and disruptive to your business. How prepared are you? Explore the landscape of malicious actors most likely to strike your business and what you can do about it.
The views / opinions / assumptions expressed in this presentation/resource is for educational & research purposes only. Do not attempt to violate the law with anything contained here. Neither the author of this material, nor anyone else affiliated in any way, is liable for your actions.
The purpose of this presentation is to share what is happening in cyber and what is possible...
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
Presentation to the Science and Technology Committee of the American Bar Association on legal issues associated with employers enabling employee Bring Your Own Device policies.
The trends continue to point upward for data incidents and 2013 is becoming a pace setter. The shifting regulatory landscape promises to add further complications for companies struggling to prepare for and respond to data privacy incidents.
This webinar will feature two leading data breach experts who have performed a two year trend analysis across hundreds of cases to offer a powerful and up-to-date perspective on what has happened and their predictions for the future. It will also cover how these factors are shaping regulations which are in turn influencing decision-making in the C-Suite.
Our featured speakers for this timely webinar will be:
-Bill Hardin, Director of Data Privacy Response & Investigations, Navigant
-Jennifer Coughlin, Privacy and Data Security Attorney, Nelson, Levine
-Gant Redmon, Esq. General Counsel and VP of Business Development, Co3 Systems
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Emerging application and data protection for multi cloudUlf Mattsson
Emerging Application and Data Protection for Multi-Cloud
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data - how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers. The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value. This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
Digital businesses are difficult to launch and run even without the challenge of security. And yet, digital business strategies are also being used by hackers to systematically go after lucrative targets. Following up on our release of the 2015 NTT Group Global Threat Intelligence Report, this executive summary highlights key findings from the report that affect today’s digital businesses.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
Provides an introduction to the Futurex SKI9000 Secure Key Injection solution as well as an overview of DUKPT, the most widely use type of key in retail point of sale devices. this s
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014Amazon Web Services
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
On Thursday 10th November 2016, in The Hague, the Netherlands, Trilateral Research carried out an Ethics and Privacy Impact Assessment (EPIA) workshop as part of the iTRACK project. iTRACK will create an open-source real-time tracking and threat detection system providing intelligent decision support to civilian humanitarian missions for the purpose of better protection, and more efficient and effective operations.
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
This session will discuss the options available for encrypting data at rest and key management in AWS. It will focus on two primary scenarios: (1) AWS manages encryption keys on behalf of the customer to provide automated server-side encryption; (2) the customer manages their own encryption keys using partner solutions and/or AWS CloudHSM. Real-world customer examples will be presented to demonstrate adoption drivers of specific encryption technologies in AWS. Netflix Jason Chan will provide an overview of how NetFlix uses CloudHSM for secure key storage.
SpringOne Platform 2016
Speaker: Justin Smith; Director, Pivotal
Credential hygiene is a perennial concern in all distributed computing systems. It’s certainly of utmost importance in cloud-native platforms. It’s common practice to encrypt credentials for storage and distribution, but they ultimately need to be made available as cleartext to the application that requires them. In this talk, we will discuss the options available and best practices for these sensitive operations. Topics include: key encrypting keys, hardware security modules, and relatively new and promising advances in muti-party computation.
On 4 October 2016, as part of the GDPR Workshop series, the Brussels Privacy Hub hosted a workshop on implementation of the EU GDPR and Privacy Impact Assessment. Trilateral delivered a joint presentation by Rowena Rodrigues and Julia Muraszkewicz, exploring some of the challenges associated to DPIAs and EPIAs. The presentation was based upon two of Trilateral’s research projects: SATORI and iTRACK.
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
Personal data privacy will be the most prominent issue affecting how businesses gather, store, process, and disclose data in public cloud. Businesses have been inundated with information on what recent privacy laws like GDPR and CCPA require, but many are still trying to figure out how to comply with them on a practical level. Many companies are focusing on data privacy from the legal and security side, which are foundational, but are missing the focus on data. The good news is that these data privacy regulations compel businesses to get a handle on personal data — how they get it, where they get it from, which systems process it, where it goes internally and externally, etc. In other words, the new norms of data privacy require proactive data management, which enables organizations to extract real business value from their data, improve the customer experience, streamline internal processes, and better understand their customers.
The new Verizon Data Breach Investigations Report (DBIR) provides perspectives on how Criminals simply shift their focus and adapt their tactics to locate and steal the data they find to be of most value.
This session will discuss Emerging Application and Data Protection for Multi-cloud and review Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation.
• Learn New Application and Data Protection Strategies
• Learn Advancements in Machine Learning
• Learn how to develop a roadmap for EU GDPR compliance
• Learn Data-centric Security for Digital Business
• Learn Where Data Security and Value of Data Meet in the Cloud
• Learn Data Protection On-premises, and in Public and Private Clouds
• Learn about Emerging Application and Data Protection for Multi-cloud
• Learn about Emerging Data Privacy and Security for Cloud
• Learn about New Enterprise Application and Data Security Challenges
• Learn about Differential privacy, Tokenization, Homomorphic encryption, and Privacy-preserving computation
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
Is your current state really threat ready?
Amit Walia, Senior Vice President, General Manager of Data Integration and Security at Informatica, shares how to protect data from the inside and the outside from the 2015 Informatica Government Summit.
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
With the amount of personal and sensitive customer information needed to accurately ensure a client, it’s no wonder the Insurance industry is a target for data security threats.
While all businesses across every industry are at risk, there are a few things that make the insurance industry particularly attractive – and susceptible – to data breaches and cyber-attacks.
- The sheer volume of information available
- The highly sensitive nature of the information
- Large amounts of unstructured data
In this webinar, our speakers illustrated the state of art, including the technical and legal framework, to protect your most relevant information from cyberattacks. You will learn:
- How to define a roadmap that optimizes the impact of cyber security expenditure
- How to adopt a general risk management approach to identify Cyber security risks
- What are the most relevant technologies available today to protect your data
Symantec Data Loss Prevention. Las tendencias mundiales nos muestran que el mayor porcentaje de perdida y robo de datos responde a la falta de visibilidad y el error en el manejo de los mismos. Conozca como prevenirse.
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
The landscape of threats to sensitive data is changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to adapt to the shifts around them.
What’s needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
In this webinar, Protegrity CTO and data security thought leader Ulf Mattsson integrates new information from the Verizon 2014 Data Breach Investigation Report (DBIR) into his analysis on what is driving data breaches today, and how we can prevent them in the future.
KEY TOPICS INCLUDE:
• The changing threat landscape
• The effects of new technologies on breaches
• Analysis of recent breaches, including Target
• Compliance vs. security
• The importance of shifting from reactive to proactive thinking
• Preparing for future attacks with new technology & techniques
The good, the bad and the ugly of the target data breachUlf Mattsson
The landscape of threats to sensitive data is rapidly changing. New technologies bring with them new vulnerabilities, and organizations like Target are failing to react properly to the shifts around them. What's needed is an approach equal to the persistent, advanced attacks companies face every day. The sooner we start adopting the same proactive thinking hackers are using to get at our data, the better we will be able to protect it.
This webinar will cover:
Data security today, the landscape, etc.
Discuss a few recent studies and changing threat landscape
The Target breach and other recent breaches
The effects of new technologies on breaches
Shifting from reactive to proactive thinking
Preparing for future attacks with new techniques
The 7 Colors provide a comprehensive approach to information security by covering various dimensions and considerations. Each color represents a specific aspect that organizations need to address to ensure robust protection of their information assets.
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
This webinar will provide more information on the importance of information security and how you can take security well beyond compliance, an approach on building strong information security, privacy and data governance programs, and the importance of strong data governance in relation to privacy and information security requirements.
The webinar covers
• Information Security
• Importance Of Information Security Today
• Taking Information Security Beyond A Compliance First
• Importance Of Data Governance In Information Security
• Privacy
• Changing And Evolving Privacy Requirements
• Importance Of Data Governance In Privacy
• Data Governance And Data Privacy
• Data Privacy - Data Processing Principles
Presenters:
Moji is a Senior Business Process Analyst working with GemaltoThales, a leading firm in the IT industry. Moji has over fifteen years of experience in leading projects to improve processes, create and implement processes leading to increased revenue generation and eliminate redundancies.
She has a zeal for adding value and increasing revenue for organizations. Moji is very passionate about Data Privacy and its application in business and consumer rights.
Hardeep Mehrotara has 20+ years of senior leadership experience in Information Technology and Cyber Security working for public and private organizations building security programs from the ground up. He has been featured on Canadian television as a cyber expert and provided advice to various communities on implementing cybersecurity strategy, best practices and controls. He has been a co-author on numerous leading industry security control frameworks, technical benchmarks and industry best practice standards.
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/aQcS5-RFIEY
Website link: https://pecb.com/
90 % av alla dataintrång fokuserar på data i databaser. Det är där ditt företags känsliga och åtråvärda information finns. I 38 % av dessa intrång tar det minuter att få ut känsligt data, samtidigt som det för hälften av intrången tar månader eller mer innan de upptäcks. Dave Valovcin, från IBM WW Guardium Sales, berättar om hur du kan skydda din känsliga data.
Presentation by Larry Clinton, President of the Internet Security Alliance (ISA) to the 66th Annual Fowler Seminar on Oct 12 2012 titled Evolution of the Cyber Threat - A Unified Systems Approach.
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
BrightTALK webinar January 14 2015
The biggest challenge in this new paradigm of the cloud and an interconnected world, is merging data security with data value and productivity. What’s required is a seamless, boundless security framework to maximize data utility while minimizing risk. In this webinar, you’ll learn about value-preserving data-centric security methods, how to keep track of your data and monitor data access outside the enterprise, and best practices for protecting data and privacy in the perimeter-less enterprise.
Art Hathaway - Artificial Intelligence - Real Threat Preventioncentralohioissa
Throughout history we've seen opposing forces skillfully pit strengths against weaknesses until, ultimately, one side succumbs. Holding a position takes considerably more effort than does a single, offensive surge, and attackers are counting on it. The very nature of the cybersecurity attacks we face today are in direct response to the shortcomings of the available tools, knowledge and approaches. The only problem is that we must evolve our defenses as fast as (or faster) than their offenses, and the odds are greatly in their favor. Imagine a football game – with no time limits – determined by your opponent’s first undefended scoring play. Game over. Hmmm…I wonder how that one ends?
Facing next-generation challenges requires a next-generation approach – preferably one that requires no change to your current production environment, never tires, continually evolves, doesn't rely on humans and is 99%+ accurate regardless of Internet connectivity. We'll discuss a solution that shifts the balance in your favor by leveraging artificial intelligence to predict and prevent against malware-born threats so you don't have to.
Automation: Embracing the Future of SecOpsIBM Security
Join Mike Rothman, Analyst & President of Securosis and Ted Julian, VP of Product Management and co-founder of IBM Resilient, for a webinar on common automation use cases for the Security Operations Center (SOC).
Security Orchestration, Automation and Response (SOAR) tools are garnering interest in enterprise security teams due to tangible short-term benefits.
Watch the recording: https://event.on24.com/wcc/r/2007717/385A881A097E8EFCE493981972303416?partnerref=LI
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
The fourth annual Ponemon report on The Cyber Resilient Organization in 2019, sponsored by IBM Security, focuses on the key trends that make an organization cyber resilient and how cyber resilience has changed since the first report launched in 2015.
Hosted by Larry Ponemon of the Ponemon Institute and Maria Battaglia, IBM Security, these two industry experts answer the questions, what has improved in the cyber security space over the past 4 years? What do organizations still struggle with? And which groups are improving and how?
This webinar will take you through the barriers of becoming cyber resilient and dive into report topics such as implementing automation, aligning privacy and cyber security, and what it takes to become a cyber resilient “High Performer” in 2019.
Listen to the on-demand webinar at: https://event.on24.com/wcc/r/1975828/97089502D02EFD9478B85676EB67266C?partnerref=FM1
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
Data breach and Cybersecurity incident reporting regulations are becoming more widespread. The introduction of GDPR in May 2018, with its 72-hour reporting requirement, resulted in organizations having to review their incident response processes and more regional and industry-specific regulations are being introduced all the time. Security Operations and Privacy teams need to be aligned to meet these new requirements. Technology such as Security Orchestration and Automation is also being adopted to collaborate on the investigation and remediation of security incidents.
This webinar, hosted by Privacy experts from Ovum and IBM, will look at how technology can close the gap between Privacy and Security to reduce the time to contain incidents and maintain compliance with complex breach laws.
View the recording: https://event.on24.com/wcc/r/1930112/BE462033358FFF36C4B27F76C9755753?partnerref=LI
Integrated Response with v32 of IBM ResilientIBM Security
Email integration is an important tool in the IR process. Email ingestion allows alerts to be consumed from external tools that do not have available APIs. Email-driven phishing attacks are also one of the most common investigations for most security teams. A key capability v32 of the Resilient platform is a complete overhaul of the email connector. This updated email capability, now integrated into the core Resilient platform, simplifies the ability of IR teams to capture email-borne malware of phishing attacks and generate incidents and artifacts.
View the corresponding webinar to learn how the new features in the v32 release can help improve your integrated response to attacks and how native email integration can be leveraged as part of workflows and playbooks. You'll also learn what to expect with the updated look and feel of the Resilient platform and significant updates to the Privacy Module to support global regulations.
View the recording: https://ibm.biz/Bd2Yvt
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
In IBM Resilient’s sixth-annual year-in-review and predictions webinar, our all-star panel of security experts will discuss and debate the stories that defined the industry in 2018 and offer their predictions for what to expect in 2019.
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
IBM Resilient customers are building versatile, adaptable incident response playbooks and workflows with expanded functions and community applications – recently released on the IBM Security App Exchange.
With the new IBM Resilient community, you can collaborate with fellow security experts on today’s top security challenges, share incident response best practices, and gain insights into the newest integrations.
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
Security Operation Centers (SOCs) today are complex environments. They often have too many separate tools, uncoordinated analysts in the response process, and confusion around alert prioritization. Because of this, SOCs consistently struggle responding to the most urgent incidents.
The integration between IBM Resilient and Carbon Black helps SOCs overcome these challenges. IBM Resilient’s Intelligent Orchestration combined with Carbon Black Response provides a single view for all relevant response data and streamlines the entire security process. This makes it simpler for analysts to quickly and efficiently remediate cyberattacks.
Join experts Chris Berninger, Business Development Engineer, Carbon Black, and Hugh Pyle, Product Manager, IBM Resilient, for this webinar, to learn:
- How the IBM Resilient-Carbon Black integration works within your SOC to accelerate incident response improvement
- Strategies to implement Intelligent Orchestrate and automation into your incident response process
- Actions that can be taken today for maximizing the effectiveness of your SOC
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
To keep pace with cyberattacks, organizations have long sought ways to operationalize security and respond faster to threats. But with increasingly complex IT environments and a growing skills shortage, doing so is easier said than done.
That’s where Intelligent Orchestration can help. Intelligent Orchestration integrates your existing security tools and guides SOC analysts through a fast and laser-focused response by combining case management, human and cyber intelligence, and incident response orchestration and automation.
Are You Ready to Move Your IAM to the Cloud?IBM Security
Many companies are considering moving their current identity and access management (IAM) implementations to the cloud, or they are looking at the cloud for their new IAM use cases. This might be driven by the threat of attacks via identities, increasing compliance mandates, expanding needs of end users for frictionless data access or improving the total cost of ownership.
View this presentation and watch the corresponding webinar to help you determine whether your organization is ready to move to IDaaS.
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
Although the majority of organizations subscribe to threat intelligence feeds to enhance their security decision making, it's difficult to take full advantage of true insights due to the overwhelming amounts of information available. Even with an integrated security operations portfolio to identify and respond to threats, many companies don't take full advantage of the benefits of external context that threat intelligence brings to identify true indicators of compromise. By taking advantage of both machine- and human-generated indicators within a collaborative threat intelligence platform, security analysts can streamline investigations and speed the time to action.
Join this webinar to hear from the IBM Security Chief Technology Officer for Threat Intelligence to learn:
How the IBM Security Operations and Response architecture can help you identify and response to threats faster
Why threat intelligence is a fundamental component of security investigations
How to seamlessly integrate threat intelligence into existing security solutions for immediate action
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
Businesses and governments alike are experiencing an alarming rate of malicious activity from both external and internal actors.
Not surprisingly, mission-critical mainframe applications make for desirable targets with large repositories of enterprise customer sensitive data. Mainframe environments are increasingly at risk opening accesses through the internet, mobile initiatives, big data initiatives, social initiatives, and more to drive the business forward. Additionally, there are some security challenges that are specific to the mainframe - traditional protection methods are no longer enough, insider threats are also on the rise, mainframe environments could be more vulnerable with reliance on privilege users to administer security, silo-ed mainframe IT management, limited ownership visibility, and lack of uniformed security management across the enterprise.
View this on-demand webcast to learn more about specific mainframe data protection challenges, top tips for protecting sensitive data, and key data protection capabilities that you should consider to address these challenges.
Register here for the playback: https://event.on24.com/wcc/r/1461947/D9664CC82EC641AA58D35462DB703470
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
When your cyber security is under attack, knowing who is behind your threats and what their motives are can help you ensure those threats don't become a reality. But cyber threat actors conduct their threats through a variety of means and for a variety of reasons. That's why it is critical to analyze a variety of data sources and proactively hunt those threats that are lying in wait. This webinar will illustrate how the IBM i2 QRadar Offense Investigator app enables analysts to push event data from QRadar directly into IBM i2 Analyst's Notebook, where users can apply a variety of visual analysis techniques across a disparate data sources, to build a more comprehensive understand of those threats and hunt them.
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
Understand the impact of today's security breaches by attending our June 26th webinar which will discuss the 2017 Ponemon Cost of a Data Breach study.
Join Ponemon Institute and IBM Security Services on June 26th for a webinar discussing the impact of today’s security breaches based on the latest release of the 2017 Cost of Data Breach Study.
Register for IBM Security Services Webinar highlighting Ponemon Institute 2017 Cost of Data Breach Study The 12th annual Cost of Data Breach Study conducted by Ponemon Institute and sponsored by IBM Security Services calculates the real costs, implications and probabilities of security breaches faced by global organizations.
This webinar will present global findings highlighting trends across 11 countries and 2 regions. Attendees will have access to industry experts for live Q/A and will walk away with key insights, cost reducing strategies, investments and proactive best practices to reduce impact to their businesses in preparation for the next breach.
Join IBM Security Services and Larry Ponemon, founder of the Ponemon Institute, as he walks through the results and methodology of the 2017 Cost of Data Breach Study.
WannaCry Ransomware Attack: What to Do NowIBM Security
View on-demand webinar: http://bit.ly/2qoNQ8v
What you need to know and how to protect against the WannaCry Ransomware Attack, the largest coordinated cyberattack of its kind. WannaCry has already crippled critical infrastructure and multiple hospitals and telecommunications organizations, infecting 100s of thousands of endpoints in over 100 countries. In this on-demand webinar, we discuss the anatomy of this unprecedented attack and IBM Researchers share expert insights into what you can do now to protect your organization from this attack and the next one.
How to Improve Threat Detection & Simplify Security OperationsIBM Security
Over 74% of global enterprise security professionals rate improving security monitoring as a top priority. Monitoring must be done efficiently within a security operations center (SOC) to combat increased threats and a limited supply of trained security analysts.
While the vendor landscape for security solutions is rapidly evolving, many early point solutions and first generation SIEMs are not keeping pace with the changing needs of security operations. A new class of platforms has emerged that combine advanced analytics and flexible deployment options. Join this exclusive webinar featuring Forrester Research to learn:
Characteristics of modern security platforms that have evolved from point solutions and basic SIEMs
Criteria to consider when evaluating vendors and solutions
The advantages of an integrated security platform that incorporates cognitive capabilities and augmented intelligence
Organizations are supporting more devices than ever and unified endpoint management is growing rapidly. More than half of organizations will adopt this approach by 2020.
This infographic demonstrates the impact of mobility, Internet of Things (IoT), and artificial intelligence on the future of business transformation.
To learn more, read the complete Forrester report, "Mobile Vision 2020" at https://ibm.co/2pxhisB.
Retail Mobility, Productivity and SecurityIBM Security
Displaying key findings from the Mobility Trends in the Retail Sector research report prepared by Enterprise Strategy Group (ESG) and IBM, this infographic affords valuable context to retail organizations in planning a better tomorrow.
IBM X-Force Incident Response and Intelligence Services (X-Force IRIS) can help you cross the incident response chasm, build a holistic program and better prepare you to deal with and thwart the security challenges your organization faces.
To learn more, read the white paper on best practices for improving your incident response processes: http://ibm.co/2lLdC2k.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
2. Please Note
•IBM‟s statements regarding its plans, directions, and intent are subject to change or
withdrawal without notice at IBM‟s sole discretion.
•Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.
•The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract.
•The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user‟s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
2
7. Compliance means alignment with global regulations
Canada: Personal Information Protection& Electronics Document Act
USA: Federal, Financial & HealthcareIndustry Regulations & State LawsMexico: E-Commerce Law
Colombia:
Political Constitution – Article 15Brazil: Constitution, Habeas Data& Code of Consumer Protection & Defense
Chile: Protection of Personal Data ActArgentina: Habeas DataAct
South Africa: Promotion of Accessto Information ActUnited Kingdom: Data ProtectionAct
EU:
ProtectionDirective
Switzerland: Federal Law onData Protection
Germany: Federal Data Protection Act & State Laws
Poland:
Polish Constitution
Israel: Protection ofPrivacy Law
Pakistan:
Banking CompaniesOrdinance
Russia: Computerization & Protection of Information/ Participation in Int’l Info Exchange
China Commercial Banking Law
Korea: 3 Acts for Financial Data PrivacyHong Kong: Privacy Ordinance
Taiwan: Computer-ProcessedPersonal Data Protection LawJapan: Guidelines for theProtection of ComputerProcessed Personal Data
India: SEC Board of India ActVietnam: Banking Law
Philippines: Secrecy of BankDeposit ActAustralia: Federal PrivacyAmendment Bill
Singapore: Monetary Authority ofSingapore Act
Indonesia: Bank SecrecyRegulation 8
New Zealand: Privacy Act
7
9. Audit Requirements
COBIT (SOX)
PCI-DSS
ISO 27002
Data Privacy & Protection
Laws
NIST
SP 800-53 (FISMA)
1. Access to Sensitive Data
(Successful/Failed SELECTs)
2. Schema Changes (DDL) (Create/Drop/Alter Tables, etc.)
3. Data Changes (DML)
(Insert, Update, Delete)
4. Security Exceptions
(Failed logins, SQL errors, etc.)
5. Accounts, Roles & Permissions (DCL) (GRANT, REVOKE)
The Compliance Mandate –What do you need to monitor?
9
DDL = Data Definition Language (aka schema changes)
DML = Data Manipulation Language (data value changes)
DCL = Data Control Language
10.
11. What is Account Data?
•Cardholder Data (may store)
Primary Account Number (PAN)
Cardholder Name
Expiry Date
Service Code
•Sensitive Authentication Data (may not store)
Security Code
Magnetic Stripe / Chip Data
PIN/ PIN Block
15. Cryptography is fundamental to Compliance
•Key exchange for communication session keys
•Data is transit is protected using single-use keys
•Data at rest –Keys are long lived
Establishes Privacy of Data in Motion and Data at Rest
•Being able to encrypt or decrypt proves you are in possession of the key
•Certificates provide additional identity information
Establishes Identity
•Data Integrity is provided through keyed-hashes
•Hashes provide integrity checking for data in transit
Protects against Unauthorized Changes
•Digital signatures create undeniable authorship
Assigns Ownership to the Data or Message
15
16. Encryption Mitigates Risk
“If a covered entity chooses to encryptprotected health information, and subsequently discovers a breach of that encrypted information, the covered entity will not be required to provide breach notificationbecause the information is not considered „„unsecured protected health information‟‟ as it has been rendered unusable, unreadable, or indecipherable to unauthorized individuals.” Excerpt from US HITEC law -Breach Notification for Unsecured Protected Health Information (Aug 2009) Encryption changes the rules on disclosure
18. Market Drivers and Trends
Source: 2013 Global Encryption Trends Study –Thales & PonemonInstitute
Companieswith Encryption Strategies are overtaking those who don‟t
19. Market Drivers and Trends
Human Erroris #1 Threat
Source: 2013 Global Encryption Trends Study –Thales & PonemonInstitute
20. Market Drivers and Trends
Encryption Usage is no longer just about compliance
Source: 2013 Global Encryption Trends Study –Thales & PonemonInstitute
21. Market Drivers and Trends
Encryption Usage is no longer just about compliance
21
Source: 2013 Global Encryption Trends Study –Thales & PonemonInstitute
22. Market Drivers and TrendsSource: 2014 Cost of Data Breach Study –IBM & PonemonInstitute
23. Market Drivers and Trends
Source: 2014 Cost of Data Breach Study –IBM & PonemonInstitute
24. Why Should All Data at Rest be Encrypted?
•Addresses Standards
-Privacy breach disclosure laws
-Protection of financial data
•Keeps sensitive information confidential
-Insider threat
-Lost/stolen tape or disk
-Disk being repaired (Solid-state disks fail in a read-only state)
•Simplifies end-of-life-of-media scenarios
-Destroy the key and the data is unusable
-Cryptographic Erasure (NIST SP800-88)
-Reducing media disposal costs
25. The Traditional Approach is Changing…. Security is no longer controlled and enforced through the network perimeter
Trusted Intranet
Online Banking Application
Employee Application
DMZ
Untrusted Internet
26. …. With Mobile and Cloud There Is No PerimeterSecurity must be centered on applications and transactions
Online Banking Application
InvestmentAPI Services
Employee ApplicationDeliver Mobile AppConsume Apps and ServicesLeverage Public Clouds
Trusted Intranet
DMZ
Untrusted Internet
27. …. and becoming Mobile
27
In 2000In 2012
6billion
mobile subscribers worldwide
87% of the world’s population
720 million
mobile subscribers worldwide
12%
of the world’s population
28. Motivation and sophistication is evolving rapidly
28 M O T I V A T I O N S O P H I S T I C A T I O NNational Security, Economic Espionage
Notoriety, Activism, Defamation
HacktivistsLulzsec, AnonymousMonetary Gain
Organized crime
Zeus, ZeroAccess, BlackholeExploit Pack
Nuisance, Curiosity
Insiders, Spammers, Script-kiddiesNigerian 419 Scams, Code Red
Nation-stateactors, APTsStuxnet, Aurora, APT-1
29. Weak security has a significant impact on your brand
29
Costs $52,646per minute
Lasts 19.7 minutes
Minor event
chance of happening69%
Lasts about 2 hours
Costs $38,069per minute
Moderate event
chance of happening*
37%
*The IBM 2013 Global Study on the Economic Impact of IT Risk Study.
Lasts about 7.5 hours
Costs $30,995per minute
Substantial event
chance of happening*
23%
Most security breaches go undetected for eight months
31. Collaborative IBM teams monitor and analyze the changing threat landscapeCoverage
20,000+ devices under contract
3,700+ managed clients worldwide
15B+ events managed per day
133monitored countries (MSS)
1,000+ security related patents
Depth
17Banalyzed web pages & images
40M spam & phishing attacks
76Kdocumented vulnerabilities
Billionsof intrusion attempts daily
Millions of unique malware samples
33. Increasing risk of attack can undermine CAMS initiatives
SQL injection
Watering hole
Physical access
Malware
Third-party software
DDoSSpear phishing
XSS
Undisclosed
Attack types
Note: Size of circle estimates relative impact of incident in terms of cost to business
Source: IBM X-ForceThreat Intelligence Quarterly –1Q 2014
2011
Year of the breach
2012
40% increase
2013
500,000,000+ records breached
61%
of organizations say data theft and cybercrime are their greatest threats
2012 IBM Global Reputational Risk & IT Study
$3.5M+
average cost of a data breach
2014 Cost of Data Breach, Ponemon Institute
34. What is the impact of a data breach
and
Where are customers most affected?
36. has become a new playground for attackers
Social Media top target for attacks and mobile devices are expanding those targets
-Pre-attack intelligence gathering
-Criminals selling accounts
-Campaigns enticing user to click on malicious links
37. The Cloud is bringing greater opportunity…
•To Users
•To Business
•To Thieves…. How Do We Solve This?
38. Encryption shouldnotaffect performanceEncryption shouldbe Transparent
Operations management of encryption and key management shouldbe negligible
Encrypted systems shouldleverage investments in high availability and security
Centralize Key Management
First Principles for Encryption and Key Management
39. Disk and Tape options in IBM Self-Encrypting StorageDS8870
DS3500
XIV
N seriesTS3500 libraryTS1140 drive
LTO6 driveTS3310 libraryGPFS
Self-encrypting solutions that protect Data-at-Rest
40. Self-Encrypting Devices
Security Key Lifecycle Manager (SKLM)
• SKLM is a Key Distribution and
Management software solution
• Uses standard protocols
(i.e. KMIP: Key Management
Interoperability Protocol)
• Provides centralized key mgmt for
self-encrypting drives (tape, disk)
• Light-weight & highly-scalable
• SKLM helps customers keep data
private, compliant, and encryption
keys well-managed
• Helps customers maintain
alignment with best practices and
compliance
KMIP
Cloud file systems
(GPFS, Netezza, etc.)
Databases
Smart Meter
Infrastructures
Switches /
Networking
Disk Storage Arrays
e.g. DS8000, DS5xxx, XIV, …
Enterprise Tape Libraries
e.g. TS11xx, TS2xxx, TS3xxx,
SKLM
42. Reaching security maturity 13-09-17
Security Intelligence
Predictive Analytics, Big Data Workbench, Flow Analytics
SIEM and Vulnerability Management
Log Management
Advanced Fraud Protection
People
Data
Applications
Infrastructure
Identity governance
Fine-grained entitlements
Privileged user management
Data governance
Encryption key management
Fraud detection
Hybrid scanning and correlation
Multi-facetednetwork protection
Anomaly detection
Hardened systems
User provisioning
Access management
Strong authentication
Data masking / redaction
Database activity monitoring
Data loss prevention
Web application protection
Source code scanning
Virtualization security
Asset management
Endpoint / network security management
Directorymanagement
Encryption
Database access control
Applicationscanning
Perimeter security
Host security
Anti-virus
Optimized
Proficient
Basic
43. Security challenges are a complex, four-dimensional puzzle…
Applications
Web
Applications
Systems Applications
Web 2.0
Mobile
Infrastructure
Datacenters
PCs
Laptops
MobileCloudNon-traditional
Data
At rest
UnstructuredStructured
People
Attackers
Suppliers
Consultants
Partners
Employees
Outsourcers
CustomersEmployees
Unstructured
Structured
In motion
CustomersMobile Applications
44. …that requires a new approach that combinesencryption with Security Intelligence
Collect and Analyze EverythingDataBasic- control
Applications
Bolt-on
Infrastructure
Thickerwalls
Insight
Now
People
Administration
Then
Smarterdefenses
Built-inLaser- focused44
55. Find out more on IBM Security:
“Discover how to stop attackers with Big Data Analytics” with our CTO Sandy Bird, Security Keynote Session, Tues 1.45pm
Visit the IBM Security Zone and talk to our experts @ the EXPO Center
Keep up to date with our latest news: @IBMSecurity& @RickCipher
Analysis and Insight for Information Security Professionals: SecurityIntelligence.com/author/rick-robinson
56. We Value Your Feedback!
•Don‟tforget to submit your Insight session and speaker feedback! Your feedback is very important to us –we use it to continually improve the conference.
•Access the Insight Conference Connect tool to quickly submit your surveys from your smartphone, laptop or conference kiosk.
56