EMC XtremIO and EMC Isilon scale-out architectures make them an ideal fit to handle the demanding Splunk requirements around intensive workloads. EMC brings the same enterprise-class data services to Splunk that earned them best of breed status across the board in area such Scale-Out NAS storage, data protection, compliance and performance tiering.
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
On April 15, 2015, Scalar hosted our Security Roadshow in Toronto where we'll be focused on defence in three key areas - endpoint, application, and network. Led by our team of experts, these quick-fire, interactive sessions will arm you with the knowledge you need to improve your cyber security posture in some of the most common areas of vulnerability.
Defend the Endpoint with Bromium
Bromium is a new security protection tool for the host that relies on task-based virtualization. In this demo we'll look at how Bromium runs and protects the endpoint. We'll invite 0days from the audience and bring our own to show how the system really works. Much like how each virtual server is contained in a hypervisor, with Bromium each individual task on a host is contained in its own task-based virtual container. If you’ve ever looked at the Windows Task Manager, or the output of a Unix ‘ps’ process list, imagine if each group of processes, that makes up the task, was contained in its own hypervisor. That can be 40-50 tasks or more, each isolated in its own little hypervisor with no real access to the host.
Why is task virtualization helpful? By keeping each task in its own hypervisor, Bromium gives you a bottoms-up view of each individual task’s behaviour – without impacting system performance. If each process is contained in its own hypervisor, it’s easy to see when a process begins spawning other activities or creating any unusual traffic. Basically, it can very easily identify anything shifty. This is the most granular level of inspection you can get at a host level – Bromium is there at the very beginning when the virus begins to execute.
Defend the Application with WhiteHat
In this session we will look at a newer approach to application security and penetration testing, which combines persistent and automated testing processes to continuously monitor applications for vulnerabilities, as well as deep inspection of the business logic by trained specialists. This approach exceeds newer PCI 3 requirements and provides ongoing assurance that web application vulnerabilities are quickly detected and tracked to remediation.
We'll walk through the WhiteHat Security client management portal and discuss the WhiteHat methodology that can now be used, by you, to leverage the 150+ application specialists at WhiteHat to build a continuous application assessment process for your company's active web applications and software development teams.
Defend the Network with LogRhythm
As the security landscape changes, Security Information and Event Management (SIEM) tools that detect and investigate security breaches and threats have become increasingly complex to implement, integrate, and support. Inefficient solutions leave organizations slow to defend against and respond to complex attacks.
LogRhythm’s Security Intelligence Platform has removed the complexity from SIEM, while leveraging real-time threat intelligence with behavioural an
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments. The talk will focus on three different organizations at different maturity levels and how security automation processes were applied and adapted to fit their development lifecycle.
EMC XtremIO and EMC Isilon scale-out architectures make them an ideal fit to handle the demanding Splunk requirements around intensive workloads. EMC brings the same enterprise-class data services to Splunk that earned them best of breed status across the board in area such Scale-Out NAS storage, data protection, compliance and performance tiering.
Scalar Security Roadshow: Toronto Presentation - April 15, 2015Scalar Decisions
On April 15, 2015, Scalar hosted our Security Roadshow in Toronto where we'll be focused on defence in three key areas - endpoint, application, and network. Led by our team of experts, these quick-fire, interactive sessions will arm you with the knowledge you need to improve your cyber security posture in some of the most common areas of vulnerability.
Defend the Endpoint with Bromium
Bromium is a new security protection tool for the host that relies on task-based virtualization. In this demo we'll look at how Bromium runs and protects the endpoint. We'll invite 0days from the audience and bring our own to show how the system really works. Much like how each virtual server is contained in a hypervisor, with Bromium each individual task on a host is contained in its own task-based virtual container. If you’ve ever looked at the Windows Task Manager, or the output of a Unix ‘ps’ process list, imagine if each group of processes, that makes up the task, was contained in its own hypervisor. That can be 40-50 tasks or more, each isolated in its own little hypervisor with no real access to the host.
Why is task virtualization helpful? By keeping each task in its own hypervisor, Bromium gives you a bottoms-up view of each individual task’s behaviour – without impacting system performance. If each process is contained in its own hypervisor, it’s easy to see when a process begins spawning other activities or creating any unusual traffic. Basically, it can very easily identify anything shifty. This is the most granular level of inspection you can get at a host level – Bromium is there at the very beginning when the virus begins to execute.
Defend the Application with WhiteHat
In this session we will look at a newer approach to application security and penetration testing, which combines persistent and automated testing processes to continuously monitor applications for vulnerabilities, as well as deep inspection of the business logic by trained specialists. This approach exceeds newer PCI 3 requirements and provides ongoing assurance that web application vulnerabilities are quickly detected and tracked to remediation.
We'll walk through the WhiteHat Security client management portal and discuss the WhiteHat methodology that can now be used, by you, to leverage the 150+ application specialists at WhiteHat to build a continuous application assessment process for your company's active web applications and software development teams.
Defend the Network with LogRhythm
As the security landscape changes, Security Information and Event Management (SIEM) tools that detect and investigate security breaches and threats have become increasingly complex to implement, integrate, and support. Inefficient solutions leave organizations slow to defend against and respond to complex attacks.
LogRhythm’s Security Intelligence Platform has removed the complexity from SIEM, while leveraging real-time threat intelligence with behavioural an
Jack Nichelson - Information Security Metrics - Practical Security Metricscentralohioissa
So exactly how do you integrate information security metrics into action in an organization and actually achieve value from the effort. Learn what efforts are currently underway in the industry to create consensus metrics guides and what initial steps an organization can take to start measuring the effectiveness of their security program.
Ofer Maor - Security Automation in the SDLC - Real World Casescentralohioissa
How can we really automate secure coding? Agile, DevOps, Continuous Integration, Orchestration, Static, Dynamic - There's an endless feed of Buzzwords, but how can we turn this into a practice that really works? In this session we will review real world examples of building a successful automation process for delivery of secure software in fast paced development environments. The talk will focus on three different organizations at different maturity levels and how security automation processes were applied and adapted to fit their development lifecycle.
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
If you’re implementing Office 365, Box, Salesforce, Google Apps – or virtually any SaaS application – and concerned about balancing security, compliance, and privacy, this is a session you can’t afford to miss. Join Bob Gilbert, Netskope’s Chief Evangelist and the author of the popular white paper, No Tradeoffs: Cloud Security and Privacy Don’t Need to Be at Odds: How Netskope Supports Privacy by Design, for a lively and interactive session featuring:
Cloud security best practices for business & IT leaders
Overcoming the shadow IT "chicken or egg" compliance dilemma
Dr. Cavoukian's Privacy by Design framework, how it applies to SaaS and how Cloud Access Security Brokers can help
Real-world case studies for balancing security and privacy in cloud security
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
Collaboration often drives how we work especially when our workforce is mobile, when it is working off premises and serving clients in the field. Our employees adopt cloud solutions to communicate, exchange ideas and files, and to collaborate without our knowledge…this approach keeps security officers sleepless not only in Seattle but also in Columbus…
This presentation is an overview of Office 365 functionality, security and compliance (reporting) capabilities to manage information privacy, security and compliance risks, and related documentation. Office 365 email security and management, SharePoint collaboration platform and Azure Active Directory reporting will be reviewed. This is a business/technical (not in depth technical) presentation to help business / technical audience understand the security and functionality of Office 365 solution when considering cloud solutions adoption.
An examination of NHS England's journey to the cloud with a particular focus on security and governance issues related to the NHS & UK Government.
Please note that there are additional notes in the presentation including some additional explanation of the slides.
CASB — Your new best friend for safe cloud adoption?
The explosive growth of cloud adoption, “cloud first” initiatives and BYOD have created security and compliance blind spots.
Forcepoint’s session examines the growing popularity of the Cloud Access Security Broker as a means to assist security leaders to support business innovation and manage cloud risk.
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats.
Runecast Analyzer uses the VMware Knowledge Base to analyze the vSphere configuration and logs. It exposes potential issues before they cause major outages. Runecast also uses the vSphere Security Hardening guides and Best Practices to scan your VMware infrastructure for compliance.
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Jason Mashak
Your best future-proofing starts now. Discover, manage, audit and remediate across your hybrid cloud – all via one patented platform. Runecast customers report time savings of 75-90%, security compliance audit readiness, and greatly increased uptime. Enable your IT Security and Operations teams with a single platform for discovering and resolving IT problems you don't yet know about. Ask us about the Runecast Challenge!
Runecast enables organizations with immediate proactive results and ROI in the areas of Cloud Security Posture Management (CSPM), Kubernetes Security Posture Management (KSPM), Governance, Risk Management and Compliance (GRC), IT Operations Management (ITOM), Vulnerability Assessment/Management, Configuration Management and more.
Cloud security: Accelerating cloud adoption Dell World
Organizations now have an opportunity to more rapidly overcome their security concerns by using third-party cloud platforms. In this session, Dell SecureWorks security experts discuss the Shared Security Responsibility model, how organizations need to think about security architecture in the cloud, and new Dell SecureWorks services that are helping organizations plan, architect, manage and respond to threats in the cloud.
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCCloudflare
Join this webinar with guest speaker Christopher Rodriguez, Research Manager of Cybersecurity Products for IDC and Cloudflare, recently named a Leader in the IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Vendor Assessment (Doc #US43699318, March 2019).
In this webinar, you will learn:
- Why defending against only volumetric layer 3 and 4 attacks will leave you vulnerable to other emerging DDoS attack vectors
- What economic and technological shifts are making DDoS more harmful and more evasive
- Why bot management should be considered in every DDoS mitigation strategy
- Which types of companies in North America are highly targeted and why
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)Jason Mashak
Take proactive control of security and efficiency in your IT environment. Runecast reveals any misconfigurations to simplify configuration management, hardware compatibility and uptime. Proactive remediation of issues means no longer needing an entire team working overtime to put out fires. And you can scratch 'vulnerability management' off the to-do list via automated real-time best practice and security compliance audits.
The Atlassian Cloud suite of collaborative tools is becoming the central nervous system for many organizations. Along with the multiple benefits in productivity, innovation, and collaboration that Atlassian Cloud brings, it also introduces new considerations and challenges in securing the organization’s data, mitigating security risks, and avoiding a potentially damaging breach.
In this webinar, you will learn about native security features and configuration elements to reduce your security risks in Atlassian cloud. We will cover key permissions and access controls, governance process and structure, and how to audit your usage.
Join Cprime’s Brandon Huff, VP of Technology, and Lisa Barton, Director of Delivery Services-Atlassian, for a deeper dive into the fascinating world of Atlassian Cloud security.
We will explore:
- Atlassian Security features to reduce your risk
- Configuration that supports access and data management
- The importance and structure around Atlassian governance
- Auditing and compliance features
Managing risk and vulnerabilities in a business contextAlgoSec
Cyber attacks have a direct impact on the bottom line, yet most organizations lack the visibility and understanding to manage IT risk from the business perspective. This presentation is from a webcast where a panel of experts examined how to shift from viewing IT risk in bits and bytes to having an impact on critical applications in the data center.
- Learn why and how more organizations are beginning to move ownership of IT risk to the business
- Understand how to aggregate and score vulnerabilities associated with data center applications and their associated physical or virtual servers
- Learn about the integration between Qualys and AlgoSec that enables business stakeholders to “own the risk”
Jervis Hui - No Tradeoffs: Cloud Security & Privacy Don't Need To Be At Oddscentralohioissa
If you’re implementing Office 365, Box, Salesforce, Google Apps – or virtually any SaaS application – and concerned about balancing security, compliance, and privacy, this is a session you can’t afford to miss. Join Bob Gilbert, Netskope’s Chief Evangelist and the author of the popular white paper, No Tradeoffs: Cloud Security and Privacy Don’t Need to Be at Odds: How Netskope Supports Privacy by Design, for a lively and interactive session featuring:
Cloud security best practices for business & IT leaders
Overcoming the shadow IT "chicken or egg" compliance dilemma
Dr. Cavoukian's Privacy by Design framework, how it applies to SaaS and how Cloud Access Security Brokers can help
Real-world case studies for balancing security and privacy in cloud security
Robert Brzezinski - Office 365 Security & Compliance: Cloudy Collaboration......centralohioissa
Collaboration often drives how we work especially when our workforce is mobile, when it is working off premises and serving clients in the field. Our employees adopt cloud solutions to communicate, exchange ideas and files, and to collaborate without our knowledge…this approach keeps security officers sleepless not only in Seattle but also in Columbus…
This presentation is an overview of Office 365 functionality, security and compliance (reporting) capabilities to manage information privacy, security and compliance risks, and related documentation. Office 365 email security and management, SharePoint collaboration platform and Azure Active Directory reporting will be reviewed. This is a business/technical (not in depth technical) presentation to help business / technical audience understand the security and functionality of Office 365 solution when considering cloud solutions adoption.
An examination of NHS England's journey to the cloud with a particular focus on security and governance issues related to the NHS & UK Government.
Please note that there are additional notes in the presentation including some additional explanation of the slides.
CASB — Your new best friend for safe cloud adoption?
The explosive growth of cloud adoption, “cloud first” initiatives and BYOD have created security and compliance blind spots.
Forcepoint’s session examines the growing popularity of the Cloud Access Security Broker as a means to assist security leaders to support business innovation and manage cloud risk.
Robert Hurlbut - Threat Modeling for Secure Software Designcentralohioissa
Threat modeling is a way of thinking about what could go wrong and how to prevent it. Instinctively, we all think this way in regards to our own personal security and safety. When it comes to building software, some software shops either skip the important step of threat modeling in secure software design or, they have tried threat modeling before but haven't quite figured out how to connect the threat models to real world software development and its priorities. In this session, you will learn practical strategies in using threat modeling in secure software design and how to apply risk management in dealing with the threats.
Runecast Analyzer uses the VMware Knowledge Base to analyze the vSphere configuration and logs. It exposes potential issues before they cause major outages. Runecast also uses the vSphere Security Hardening guides and Best Practices to scan your VMware infrastructure for compliance.
Runecast: Simplified Security with Unparalleled Transparency (March 2022)Jason Mashak
Your best future-proofing starts now. Discover, manage, audit and remediate across your hybrid cloud – all via one patented platform. Runecast customers report time savings of 75-90%, security compliance audit readiness, and greatly increased uptime. Enable your IT Security and Operations teams with a single platform for discovering and resolving IT problems you don't yet know about. Ask us about the Runecast Challenge!
Runecast enables organizations with immediate proactive results and ROI in the areas of Cloud Security Posture Management (CSPM), Kubernetes Security Posture Management (KSPM), Governance, Risk Management and Compliance (GRC), IT Operations Management (ITOM), Vulnerability Assessment/Management, Configuration Management and more.
Cloud security: Accelerating cloud adoption Dell World
Organizations now have an opportunity to more rapidly overcome their security concerns by using third-party cloud platforms. In this session, Dell SecureWorks security experts discuss the Shared Security Responsibility model, how organizations need to think about security architecture in the cloud, and new Dell SecureWorks services that are helping organizations plan, architect, manage and respond to threats in the cloud.
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCCloudflare
Join this webinar with guest speaker Christopher Rodriguez, Research Manager of Cybersecurity Products for IDC and Cloudflare, recently named a Leader in the IDC MarketScape: Worldwide DDoS Prevention Solutions 2019 Vendor Assessment (Doc #US43699318, March 2019).
In this webinar, you will learn:
- Why defending against only volumetric layer 3 and 4 attacks will leave you vulnerable to other emerging DDoS attack vectors
- What economic and technological shifts are making DDoS more harmful and more evasive
- Why bot management should be considered in every DDoS mitigation strategy
- Which types of companies in North America are highly targeted and why
Optimize & Secure Your Hybrid Cloud with Runecast (September 2021)Jason Mashak
Take proactive control of security and efficiency in your IT environment. Runecast reveals any misconfigurations to simplify configuration management, hardware compatibility and uptime. Proactive remediation of issues means no longer needing an entire team working overtime to put out fires. And you can scratch 'vulnerability management' off the to-do list via automated real-time best practice and security compliance audits.
The Atlassian Cloud suite of collaborative tools is becoming the central nervous system for many organizations. Along with the multiple benefits in productivity, innovation, and collaboration that Atlassian Cloud brings, it also introduces new considerations and challenges in securing the organization’s data, mitigating security risks, and avoiding a potentially damaging breach.
In this webinar, you will learn about native security features and configuration elements to reduce your security risks in Atlassian cloud. We will cover key permissions and access controls, governance process and structure, and how to audit your usage.
Join Cprime’s Brandon Huff, VP of Technology, and Lisa Barton, Director of Delivery Services-Atlassian, for a deeper dive into the fascinating world of Atlassian Cloud security.
We will explore:
- Atlassian Security features to reduce your risk
- Configuration that supports access and data management
- The importance and structure around Atlassian governance
- Auditing and compliance features
Managing risk and vulnerabilities in a business contextAlgoSec
Cyber attacks have a direct impact on the bottom line, yet most organizations lack the visibility and understanding to manage IT risk from the business perspective. This presentation is from a webcast where a panel of experts examined how to shift from viewing IT risk in bits and bytes to having an impact on critical applications in the data center.
- Learn why and how more organizations are beginning to move ownership of IT risk to the business
- Understand how to aggregate and score vulnerabilities associated with data center applications and their associated physical or virtual servers
- Learn about the integration between Qualys and AlgoSec that enables business stakeholders to “own the risk”
This slide deck highlights the continued growth and evolution of Core Security Technologies and helps introduce an entirely new product for enterprise security testing andmeasurement - CORE INSIGHT Enterprise.
Automating Critical Security Controls for Threat Remediation and ComplianceQualys
Trends like the increased use of cloud computing by businesses and their vendors introduce new complexities in reducing risk and assessing security across the supply chain. Demonstrating continuous risk reduction and compliance with internal policies and external regulations, fixing violations and configuration drift, centrally managing exceptions, and documenting progress are all common challenges.
The Center for Internet Security’s (CIS) Critical Security Controls (CSCs) were selected and prioritized by leading security experts to stop today’s most common and serious cyber threats. By implementing these controls, organizations can improve their security posture and reduce the risk of threats to critical assets, data, and network infrastructure.
In this webcast SANS Senior Analyst John Pescatore and Tim White, Director of Product Management for Qualys Policy Compliance (PC), discuss how you can achieve continuous security and compliance, and leverage Qualys solutions to address all 20 CSCs.
The presentation encompasses:
• An overview of the CIS Critical Security Controls, including ongoing updates
• Success patterns organizations have demonstrated for using the controls to their advantage
• How an automation can reduce the staffing load to determine whether controls are in place and effective
• How to prioritize remediation efforts
• Real-world examples of recent attacks that leveraged misconfigured systems
Watch the on-demand webcast: https://goo.gl/j6Posx
Cyber Security in the market place: HP CTO DaySymantec
Cyber Security in the market place overview presented at HP CTO Day,covering: the current cyber-security threats to Enterprise Businesses and Government Departments, along with the board-level concerns and priorities for investment in systems and services to protect and secure their information.
David Cass discusses the role of security and how best practices can be used to accelerate cloud adoption and success.
Learn more by visiting our Bluemix Hybrid page: http://ibm.co/1PKN23h
Speaker: David Cass (Vice President, Cloud and SaaS CISO)
Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues.
In part 12 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including:
Where are we now and Where are we going?
Current Cyberrisks
• Data Breach and Cloud Misconfigurations
• Insecure Application User Interface (API)
• The growing impact of AI and ML
• Malware Attack
• Single factor passwords
• Insider Threat
• Shadow IT Systems
• Crime, espionage and sabotage by rogue nation-states
• IoT
• CCPA and GDPR
• Cyber attacks on utilities and public infrastructure
• Shift in attack vectors
How to Solve Your Top IT Security Reporting Challenges with AlienVaultAlienVault
Watch this on-demand webast to learn how to acheive security compliance with AlienVault Unified Security Management (USM): https://www.alienvault.com/resource-center/webcasts/how-to-solve-your-top-it-security-reporting-challenges-with-alienvault?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
Learn how you can take your on-premises and cloud security to the next level with a free online demo at: https://www.alienvault.com/products/usm-anywhere/demo?utm_medium=Social&utm_source=SlideShare&utm_campaign=solve-it-compliance-usm-webinar
5 Steps to Reduce Your Window of VulnerabilitySkybox Security
Skybox Security offers advice and an immediately actionable plan to help you reduce your window of vulnerability and attack surface on your critical network infrastructure.
A Security hole in an application can cause not only major financial loss but also loss of customer confidence, trust and reputation severely impacting the business. This webinar looks at well-established industry practices to identify and secure applications from breaches while adhering with regulatory compliances.
Decrypting the security mystery with SIEM (Part 1) Zoho Corporation
Decrypting the security mystery with SIEM - Part I
1. EventLog Analyzer, your complete security arsenal
2. Sealing securityloopholes: Getting to know vulnerable ports, devices, and more.
3. Combating attacks with EventLog Analyzer
a. Mitigating brute force attacks
b. Stopping the rise of ransomware
c. Containing SQL injection attacks
4. Proactively preventing insider attacks
a. Monitoring privileged user activities
5. Securing physical, virtual, and cloud environments
6. Adhering to stringent compliance rules with the integrated compliance management
Similar to Scalar Security Roadshow April 2015 (20)
Companies realize, to be successful, they must transform and deliver an enriched and full experience for both customers and the employees by:
• Integrating the entire business to deliver the results the customer and employee want, at every touch point.
• Establishing a frictionless enterprise platform, governed by a new, flexible operating model with adaptive and easily configurable processes and systems.
Digital Transformation: Enriching the user experience through strategy, process, people, and technology.
Highlights of the 2017 Scalar Security Study – The Cyber Security Readiness of Canadian Organizations. The third annual Scalar Security Study examines the cyber security readiness of Canadian organizations and the trends in dealing with growing cyber threats.
Presentation from the 2016 Scalar Security Study Roadshow, highlighting the findings from the second annual Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, which examines trends among Canadian organizations in dealing with growing cyber threats.
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
Executive Summary of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016/
2016 Scalar Security Study: The Cyber Security Readiness of Canadian Organiza...Scalar Decisions
Highlights of the 2016 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2016. The full report can be downloaded at: scalar.ca/security-study-2016
Disrupting the Malware Kill Chain - What's New from Palo Alto Networks.Scalar Decisions
Simon Wong and Chris Cram, Scalar security experts, discuss how Palo Alto Networks technology disrupts the entire malware kill chain. Attendees will also gain insight on flexible deployment options to better serve their mobile users, and how to get the most out of their Palo Alto Networks deployment.
CloudForms is a comprehensive IaaS cloud management platform that improves your virtual and cloud infrastructures with advanced capacity planning and resource management features.
Scalar & RedHat present a technical session to learn about CloudForms as the experts in cloud management!
Discussion Topics:
Red Hat and the Open Hybrid Cloud
Cloud Management & Orchestration using Cloud Forms
XtremIO finally delivers the breakthrough scale-out architecture, consistent performance, data reduction, thin provisioning, and manageability you’ve been waiting for in an enterprise flash array.
Hyperconverged Infrastructure: The Leading Edge of VirtualizationScalar Decisions
Hyper-convergence is today's leading edge of virtualization. Technologies have entered the market that have greatly simplified the deployment and maintenance of virtualized workloads. In this session, we will discuss the complexity associated with these types of highly virtualized environments and the modern approaches to reducing it.
Presentation from Scalar and NetApp discussing why CDOT is the promised land of storage and the future of NetApp, followed by a walk-through of the path to CDOT by one of Scalar's technical thought leaders.
The Cyber Security Readiness of Canadian OrganizationsScalar Decisions
Highlights of the 2015 Scalar Security Study, The Cyber Security Readiness of Canadian Organizations, published February 2015. The full report can be downloaded at: http://hubs.ly/y0tFbr0
Where Technology Meets Medicine: SickKids High Performance Computing Data CentreScalar Decisions
Case study look at the work Scalar conducted on the High-Performance Computing Data Centre at the Hospital for Sick Children (SickKids). The system is able to do 107 trillion calculations per second - one of the largest systems dedicated to health research.
Scalar Customer Case Study: Toronto 2015 Pan Am/Parapan Am GamesScalar Decisions
Toronto will soon host the largest international multi-sport Games in Canada, when more than 7,600 athletes from 41 countries across the Americas will compete at the TORONTO 2015 Pan Am/Parapan Am Games. Understandably,
IT security is top of mind for the Organizing Committee (known as TO2015). The event will rely on a number of applications and web portals, which include an interactive volunteer portal, athlete accreditation management
tools and a travel logistics site. Securing the data centre where these applications reside is of critical importance, ensuring risks are mitigated, threats are prevented and regulatory requirements are met.
Gartner recently released a report on IT security priorities for the remainder of 2014. Amongst respondents, network security, application security, endpoint security, and security services all ranked highly.
Together with our event partners Cisco, F5, and Bromium, Scalar brings you solutions to these problems, as well as a full presentation on our managed security services portfolio.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
2. Earlier this month, we had over 150 people join us in Toronto and
Vancouver as our technical team demonstrated some of the best
security defence technologies on the market today. We focused on
defence in three key areas:
ENDPOINT APPLICATION NETWORK
4. Believe they are winning the Cyber Security war
Suffered a breach leading to loss or disclosure of
sensitive data
Average annual number of attacks
Average cost to address a security breach
41%
46%
34
$200,000
10. Prioritize Focus
The key security
threat channels are
Web and Email.
The key threat
vectors are web-
links and
downloaded files.
Your security posture
is significantly
improved by negating
the key security issues
of users clicking
malicious web-links
and opening infected
attachments.
&
11. Endpoint Isolation Technology
Untrusted user tasks and any malware
are isolated in a super-efficient micro-VM.
All micro-VMs destroyed, eliminating
all traces of malware with them.
15. • Integrates into your development process
• Directly connects to source code repository
• Designed for Agile
• Your code stays onsite
• Verified vulnerabilities avoid false positives
• Assesses partial code, as often as needed
SAST – “Sentinel Source” Static Testing
16. • Assesses both iOS and Android applications
• Tests native mobile code and server-side APIs
• Identifies critical vulnerabilities including OWASP Mobile Top 10
• Verified findings:
• Zero false positives reduce overhead for developers
• Results prioritized by risk
• Covers traffic analysis between client and server-side
Sentinel Mobile – Secure Mobile Devices
17. •Non-intrusive, non-disruptive, 24x7 coverage
•Meets and exceeds PCI 6.5/6.6 requirements
•Full service and support included in all offerings
•Unlimited retests, integration support, and
remediation guidance at no additional charge
•Persistent, consistent testing and results
DAST – Dynamic Application Testing
19. Continuous Testing
• Full SDLC coverage: training, development, QA, and production
• Stop using Tiger teams!
Expert hands-on guidance from the Threat Research Center
• 100% verified vulnerabilities, 0 false positives
• 150+ security engineers available by phone/email/WebEx
Retest, Retest, Retest
• Trending of vulnerabilities across time and continuous assessment
of deployment
How to Remediate Vulnerabilities
20. Baseline Edition (Static Webpages)
• Unauthenticated, Verified Results
Standard Edition (Directed/Opportunistic)
• Custom configured logins and multi-step sequences
• Comprehensive coverage for technical vulnerabilities
Sentinel PE (Fully Targeted / High Risk)
• Ideal for high impact sites with sensitive user and financial information
• Technical and business logic vulnerabilities, complete WASC v2
How Deep to Test?
21. • Web & PDF Based
• Bi-Directional XML API
• Integration with popular technologies like Jira, Archer, F5 & Imperva
Flexible Reporting
24. WHY LOGRHYTHM?
Global leader in security intelligence
and analytics empowering
organizations to rapidly detect,
respond, and neutralize cyber threats.
25. Retail Cyber Crime Module
• New processes
• New authentications
• New FIM access events
• Any FIM modification event
• Any DLD activity
• New common event
• New network activity
Use Case: Detect compromised back office systems
Details: Identify suspicious changes on back office systems and the
network activity they generate
AIE Rules look for:
26. Data Classification
LogRhythm not only structures incoming data, but adds contextual
information such as:
• Classification
• Common Event
• Risk Score
Reduces time required for analysis and ensure query results are complete
Provides deep intelligence on more than 600 different systems, devices,
apps, databases, etc…
• 20-30 added each quarter
27. Scenario Building Blocks
Log Observed
Log Not Observed
Log Not Observed Scheduled
Threshold Observed
Threshold Not Observed
Threshold Not Observed
Scheduled
Unique Value Observed
Unique Value
Not Observed
Unique Value Not Observed
Scheduled
Whitelist
Trend
Statistical
29. Privileged User Monitoring
• New admin activity
• Mass object deletion
• Users added to privileged group
• Recently disabled privileged
account activity
Use Case: Detect a rogue administrator account
Details: Identify when a privileged user is abusing authority,
indicating either insider threat activity or compromised credentials
AIE Rules look for:
30. Analytics Modules
• Industry experts
• Machine data intelligence
• Security compliance
• Advanced Threat Research
Rapid-Time
to-Value
Knowledge
• Embedded expertise
• Ready-to-use content
• Frequent, automatic
updates
• Knowledge aligned to
organizational goals
• Quick benefit recognition
• Ongoing additional value