This document contains biographies for two IT security professionals, Justin Kallhoff and Tristan Lawson. Both individuals have extensive certification in various IT security domains such as the CISSP, C|EH, and security-related CompTIA certifications. The document is copyrighted by Infogressive, Inc.
Top Application Security Trends of 2012DaveEdwards12
Learn about the major risks to Cloud and Web-based Applications. What are their weaknesses? How can you deploy them in a more confident fashion and avoid the risks? What can you do to protect these applications without creating a major burden on your end-users and customers. Application Security has become one of the top most priorities of CIOs, CSOs and IT Staff in 2012. Cloud has created a paradigm shift in how we leverage technology. Learn about the power of the Cloud to Secure your applications.
Uncover What's Inside the Mind of a HackerIBM Security
View On-demand Webinar: https://securityintelligence.com/events/uncover-whats-inside-mind-hacker/
A simple software vulnerability can make the bad guys very wealthy. A bustling new market for software vulnerabilities is emerging. An operating system vulnerability can be worth as much as $1 million on the black market.
Ethical Hacker Paul Ionescu aims to put a dent in the bad guys’ pockets by helping developers to “put their hackers’ hats on” and prevent software vulnerabilities.
During this presentation, Paul:
- Demos common software programming flaws
- Discusses notable security breaches that were caused by vulnerabilities such as SQL Injection
- Examines ways to implement software defenses that prevent security flaws from re-emerging
Peter Wood and his team conduct ethical hacking engagements for multi-national organisations in varied business sectors. Peter will address the top three emerging threats, how they affect the attack surface of a typical business and how they can be exploited.
Despite advances in security, hackers continue to break through network defenses. In this hour-long webinar, network security specialist Catherine Paquet will examine the favorite methods and targets of hackers and will introduce you to the different categories of security technologies. In this foundational presentation, you will learn about the benefits of security solutions such as firewalls, VPNs, IPS, identity services and BYOD.
Empowering Application Security Protection in the World of DevOpsIBM Security
Watch on-demand now: https://securityintelligence.com/events/application-security-protection-world-of-devops/
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Development teams are aware of the shifting security challenges they face. However, they're by no means security experts, nor do they have spare time on their hands to learn new tools.
What can development teams do to keep pace with rapidly-evolving application security threats?
The answer lies in automation. By making application security part of the continuous build processes, organizations can protect against these major risks.
In this session, you will learn:
- New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments.
- Best practices for designing and incorporating an automated approach to application security into your existing development environment.
- Future development and application security challenges organizations will face and what they can do to prepare.
What’s the State of Your Endpoint Security?IBM Security
View On-Demand Webinar: https://securityintelligence.com/events/whats-state-endpoint-security/
According to the 2016 State of Endpoint Security Survey just released by the SANS™ Institute:
44% of respondents report that one or more of their endpoints have been breached in the past 24 months
Desktops, laptops and servers are the most compromised endpoints
Login and access credentials are the most commonly exfiltrated information
55% of respondents spend 3 or more hours per compromised endpoint
Over 70% of respondents find it difficult or impossible to determine when an incident has been fully remediated
These statistics encompass a wide set of industries, from financial services to education. So while each network is uniquely built to support your particular business, none is immune from being breached. To protect your data most effectively, you need a way to find the threats that are most relevant to your organization and prioritize them so you can remediate the most critical and lethal ones first.
With the seamless integration of tools such as IBM BigFix and QRadar, you get accelerated risk prioritization and incident response to keep your corporate and customer data secure. Attend this webinar to learn about the state of endpoint security and understand how IBM BigFix and IBM QRadar can help you remediate threats faster.
Top Application Security Trends of 2012DaveEdwards12
Learn about the major risks to Cloud and Web-based Applications. What are their weaknesses? How can you deploy them in a more confident fashion and avoid the risks? What can you do to protect these applications without creating a major burden on your end-users and customers. Application Security has become one of the top most priorities of CIOs, CSOs and IT Staff in 2012. Cloud has created a paradigm shift in how we leverage technology. Learn about the power of the Cloud to Secure your applications.
Uncover What's Inside the Mind of a HackerIBM Security
View On-demand Webinar: https://securityintelligence.com/events/uncover-whats-inside-mind-hacker/
A simple software vulnerability can make the bad guys very wealthy. A bustling new market for software vulnerabilities is emerging. An operating system vulnerability can be worth as much as $1 million on the black market.
Ethical Hacker Paul Ionescu aims to put a dent in the bad guys’ pockets by helping developers to “put their hackers’ hats on” and prevent software vulnerabilities.
During this presentation, Paul:
- Demos common software programming flaws
- Discusses notable security breaches that were caused by vulnerabilities such as SQL Injection
- Examines ways to implement software defenses that prevent security flaws from re-emerging
Peter Wood and his team conduct ethical hacking engagements for multi-national organisations in varied business sectors. Peter will address the top three emerging threats, how they affect the attack surface of a typical business and how they can be exploited.
Despite advances in security, hackers continue to break through network defenses. In this hour-long webinar, network security specialist Catherine Paquet will examine the favorite methods and targets of hackers and will introduce you to the different categories of security technologies. In this foundational presentation, you will learn about the benefits of security solutions such as firewalls, VPNs, IPS, identity services and BYOD.
Empowering Application Security Protection in the World of DevOpsIBM Security
Watch on-demand now: https://securityintelligence.com/events/application-security-protection-world-of-devops/
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Development teams are aware of the shifting security challenges they face. However, they're by no means security experts, nor do they have spare time on their hands to learn new tools.
What can development teams do to keep pace with rapidly-evolving application security threats?
The answer lies in automation. By making application security part of the continuous build processes, organizations can protect against these major risks.
In this session, you will learn:
- New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments.
- Best practices for designing and incorporating an automated approach to application security into your existing development environment.
- Future development and application security challenges organizations will face and what they can do to prepare.
What’s the State of Your Endpoint Security?IBM Security
View On-Demand Webinar: https://securityintelligence.com/events/whats-state-endpoint-security/
According to the 2016 State of Endpoint Security Survey just released by the SANS™ Institute:
44% of respondents report that one or more of their endpoints have been breached in the past 24 months
Desktops, laptops and servers are the most compromised endpoints
Login and access credentials are the most commonly exfiltrated information
55% of respondents spend 3 or more hours per compromised endpoint
Over 70% of respondents find it difficult or impossible to determine when an incident has been fully remediated
These statistics encompass a wide set of industries, from financial services to education. So while each network is uniquely built to support your particular business, none is immune from being breached. To protect your data most effectively, you need a way to find the threats that are most relevant to your organization and prioritize them so you can remediate the most critical and lethal ones first.
With the seamless integration of tools such as IBM BigFix and QRadar, you get accelerated risk prioritization and incident response to keep your corporate and customer data secure. Attend this webinar to learn about the state of endpoint security and understand how IBM BigFix and IBM QRadar can help you remediate threats faster.
Cybercrime Threats in 2012 - What You Need to KnowKaseya
Kaseya is proud to present a webinar by Kaspersky Lab on the latest changes in the cybercrime threatscape and what we have to fear most from today’s cyber criminals.
Join us and you’ll learn:
The biggest threats in cybercrime today
What you should worry about most
Ten tips towards better Internet safety
How to serve up the best security information
Kaspersky is one of the top antivirus companies in the world, with the team of virus analysts who first broke Stuxnet and Flame, two of the biggest cyber threats in history. Kaspersky AV protects over 350 million end points with a presence in over 20 different countries.
Looking at the security landscape for 2013, we predict that previous security investments made by larger, well-funded organizations will serve as a partial deterrent to hackers. However, those same hackers, armed with sophisticated malware and cloaked in a dangerous anonymity provided by the Cloud, will turn their collective eyes to a new, more vulnerable target: small companies. This presentation reveals the four super-sized security trends that will impact business security practices across the globe in 2013.
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...IBM Security
View on-demand: http://event.on24.com/wcc/r/1203107/AF33616D86CFB47663095958218D99E0
Being one step ahead of rapidly evolving, well-organized online cybercrime can seem like a losing battle. However, the key to success is combining sophisticated fraud detection with intelligent access management. Tightly uniting these capabilities in an open platform provides the flexibility to choose the appropriate authentication scheme for the various scenarios leveraging built-in biometrics, seamless authentication and mobile technologies. This smooths the access experience for legitimate users on web and mobile into a quick, frictionless authentication process while preventing fraudulent activity in real-time.
Join us in this IBM webinar where industry experts will discuss IBM’s approach on how to:
Detect fraudulent activity from stolen user credentials or a criminal device
Create risk-based access controls that reduce fraud while improving legitimate customers' activity
Speed deployment, improve business results and reduce cost of fraud protection with an integrated fraud protection gateway
Configuration Tips to Reduce the Risk of IBM i Malware InfectionPrecisely
Not a week goes by that there isn’t a headline regarding a ransomware attack that has affected another organization. Ransomware and other malware can, and has, infected IBM i via a drive mapped to the system using a file share. While you can’t stop someone from falling prey to phishing and clicking on the wrong link, there are steps you can take to reduce the risk of infection. Watch our on-demand webinar with IBM i security experts to learn the IBM i configuration settings you can use to reduce the risk of malware infection.
Register now to learn about:
• Current malware threats and tactics
• How file shares and directory permissions work together to provide access from the network
• Why sharing root (‘/’) puts your entire system at risk
Level Up Your Security with Threat IntelligenceIBM Security
View on-demand webinar: https://securityintelligence.com/events/level-security-threat-intelligence/
As companies struggle to protect valuable data, threat intelligence can provide a much-needed “power up” to help enhance the detection and prevention capabilities of many security solutions like SIEMs, intrusion prevention, and malware and endpoint protection. By adding external context to internal indicators through seamless integration of data and insights, a better view of the network can help decipher the attackers’ playbook.
View this on-demand webinar to learn:
- How to use threat intelligence to improve security decision making
- Why open standards are a must to support security integration
- Best practices for integrating threat intelligence into your security practice
When you work with a lot of companies scrutinizing their security, you get to see some amazing things. One of the joys of being a commercial security consultant working for big name firms, is that you get to see a lot of innovation and interesting approaches to common problems.
However, as great as this is, the discrete projects you work on are usually a small representation of the overall company. When you look at the company in its entirety, a familiar pattern of weakness begins to reveal itself. While some companies are obviously better than others, the majority of companies are actually weak in remarkably similar ways.
My work in the attacker modeled pentest and enterprise risk assessment realms focuses on looking at a company as a whole. The premise is that, this is what an attacker would do. They won’t just try to attack your quarterly code reviewed main web site, or consumer mobile app. They won’t directly attack your PCI relevant systems to get to customer credit card data. They won’t limit their attacks to those purely against your IT infrastructure. Instead – they’ll look at your entire company, and they will play dirty.
In this session, I’ll focus on the things that plague us all (well most of us), and I’ll offer some simple advice for how to try and tackle each of these areas:
– Weaknesses in Physical Security
– Susceptibility to Phishing
– Vulnerability Management Immaturity
– Weaknesses in Authentication
– Poor Network Segmentation
– Loose Data Access Control
– Terrible Host / Network Visibility
– Unwise Procurement & Security Spending Decisions
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
Presented at ISSA Cornerstones of Trust June 6, 2012.
No one wants to be the next cyber casualty. Collectively, organizations spend an enormous amount of resources deploying and managing security solutions to block malware, protect data, and keep critical business services operating.
Yet most organizations remain inadequately protected against evolving and dangerous cyber threats. In this session, we will learn to recognize common network attack scenarios and mitigate the combination of misconfigurations, vulnerabilities, access policy violations and other security gaps that can be exploited by sophisticated attackers.
High-profile breaches at Epsilon, Sony, and other enterprise and government networks have dominated the news lately, raising awareness of the need to design effective security strategies against sophisticated attacks and advanced persistent threats (APTs). Many companies struggle with where to begin to develop an effective plan of cyber defense.
During this session we will walk the audience through several attack scenarios using a visual attack explorer tool, highlighting the combination of security gaps that are often used and how to prevent them. Network modeling, vulnerability analysis, access path analysis, and attack simulation will all be introduced and we will show how these analytical tools can be used to quickly and automatically find exposed areas of a network.
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
View on-demand webinar: http://event.on24.com/wcc/r/1238398/409AE8848D4FF1210B56EC81538788EB
Ransomware is a growing threat impacting organizations across all industries. But not all is lost. There are preventative measures that can be taken to help protect against ransomware attacks, including deploying a next-generation intrusion prevention system (IPS), such as the IBM XGS.
Join our webinar to:
Understand the current threats associated with ransomware
Learn how leading-edge research from IBM X-Force powers the XGS to stop ransomware
Hear how IBM XGS proactively blocked ransomware at a large healthcare insurance organization
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
Quick steps to avoid the blind spots of shadow it- Cloud security enforcer webinar- available on demand here: https://securityintelligence.com/events/quick-steps-avoid-blind-spots-shadow/
Today’s Enterprise faces a number of “blind spot” challenges involving shadow IT and mobile users. With today’s fast paced technology, those blind spots are becoming more visible and easy to avoid. With IBM Cloud Security Enforcer, you can avoid View this webinar to learn:
- How can I discover and eliminate Shadow IT, even on mobile devices?
- How can I leverage existing technology to reduce costs for the company?
- How can I mitigate risk from non-compliance with regulations and security?
- Why do I have to spend additional money and time to integrate vendor products?
The 2013 Security Threat Report recaps what happened in data security in 2012, and what trends are ahead in 2013. For more information, visit: http://bit.ly/VcLfLa
Businesses of all sizes face risks in the everyday acts of using digital technology and the Internet for legitimate purposes. This presentation outlines eight common threats that traditional antivirus alone won't stop, and explains how to protect your organization using endpoint security. For more, visit: http://bit.ly/8Threats_wp
We are delighted to have Gary Miliefsky on our second Hacker Hotshot of 2013! Gary is the Editor of Cyber Defense Magazine, which he recently founded after years of being a cover story author and regular contributor to Hakin9 Magazine. In partnership with UMASS, he started the Cyber Defense Test Labs to perform independent lab reviews of next generation information security products. Gary is also the founder of NetClarity, Inc., which is the world's first next generation agentless, non-inline network access control (NAC) and bring your own device (BYOD) management appliances vendor based on a patented technology which he invented.
This talk will be focused on how to develop secure mobile apps. We will look into specifics regarding mobile development and what are the best practices.
We will make an emphasis on all issues affecting the mobile platform such as protocols, secure storage, secrets, caching, logging, etc.
Introduction to the Current Threat LandscapeMelbourne IT
Do you know what threats are lurking in the shadows? Have you been compromised without even knowing about it? Most companies don't even know if their business has been subjected to attacks and even worse, may have lost sensitive data without knowing about it until it’s too late.
The latest vulnerabilities highlight the extent and depth that hackers are adopting to steal your content or destroy trust in your brand. Our industry experts joining us for the presentation have a wealth of experience in robust security strategies and will be discussing the current online threat landscape, the most prominent approaches to security breaches and what you need to consider to protect your online presence from any potential malicious attacks.
About Melbourne IT:
Melbourne IT Enterprise Services designs, builds and operates custom cloud solutions for Australia’s leading enterprises. Its expert staff help enterprises solve business challenges and build cultures that enable organisations to use technology investments efficiently to improve long-term value. With more than 15 years’ experience in delivering managed outcomes to Australian enterprises, Melbourne IT has been long associated with enabling success. Its certified cloud, consulting, and security experts repeatedly deliver results. Many of the brands you already know and trust rely on Melbourne IT. For more information, visit www.melbourneitenterprise.com.au
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
The enterprise attack surface has exploded in recent years. More users on more devices in more locations are able to access ever more sensitive enterprise applications. The result is that the number of targets for attackers has gone up dramatically.
The expanding attack surface has been dubbed a “Cyber House of Horrors,” as insider risks, aggressive social engineering, exploitation of outdated access controls, and a range of other security issues have come to the fore.
Join Certes Networks and Intellyx for a webinar to explore:
What factors are driving the expansion of the attack surface?
What types of attacks and exploits are taking advantage of these changes?
How are segmentation techniques and access controls evolving in response?
Learn more about how organizations prevented downtime with #BigFix in the wake of #wannacry. References and Use Cases along with a review of our BigFix Solution.
https://www.ibm.com/connect/ibm/ca-en/resources/tomjs/
Cybercrime Threats in 2012 - What You Need to KnowKaseya
Kaseya is proud to present a webinar by Kaspersky Lab on the latest changes in the cybercrime threatscape and what we have to fear most from today’s cyber criminals.
Join us and you’ll learn:
The biggest threats in cybercrime today
What you should worry about most
Ten tips towards better Internet safety
How to serve up the best security information
Kaspersky is one of the top antivirus companies in the world, with the team of virus analysts who first broke Stuxnet and Flame, two of the biggest cyber threats in history. Kaspersky AV protects over 350 million end points with a presence in over 20 different countries.
Looking at the security landscape for 2013, we predict that previous security investments made by larger, well-funded organizations will serve as a partial deterrent to hackers. However, those same hackers, armed with sophisticated malware and cloaked in a dangerous anonymity provided by the Cloud, will turn their collective eyes to a new, more vulnerable target: small companies. This presentation reveals the four super-sized security trends that will impact business security practices across the globe in 2013.
Outsmart Fraudsters: Give Customers Great User Experience While Keeping Fraud...IBM Security
View on-demand: http://event.on24.com/wcc/r/1203107/AF33616D86CFB47663095958218D99E0
Being one step ahead of rapidly evolving, well-organized online cybercrime can seem like a losing battle. However, the key to success is combining sophisticated fraud detection with intelligent access management. Tightly uniting these capabilities in an open platform provides the flexibility to choose the appropriate authentication scheme for the various scenarios leveraging built-in biometrics, seamless authentication and mobile technologies. This smooths the access experience for legitimate users on web and mobile into a quick, frictionless authentication process while preventing fraudulent activity in real-time.
Join us in this IBM webinar where industry experts will discuss IBM’s approach on how to:
Detect fraudulent activity from stolen user credentials or a criminal device
Create risk-based access controls that reduce fraud while improving legitimate customers' activity
Speed deployment, improve business results and reduce cost of fraud protection with an integrated fraud protection gateway
Configuration Tips to Reduce the Risk of IBM i Malware InfectionPrecisely
Not a week goes by that there isn’t a headline regarding a ransomware attack that has affected another organization. Ransomware and other malware can, and has, infected IBM i via a drive mapped to the system using a file share. While you can’t stop someone from falling prey to phishing and clicking on the wrong link, there are steps you can take to reduce the risk of infection. Watch our on-demand webinar with IBM i security experts to learn the IBM i configuration settings you can use to reduce the risk of malware infection.
Register now to learn about:
• Current malware threats and tactics
• How file shares and directory permissions work together to provide access from the network
• Why sharing root (‘/’) puts your entire system at risk
Level Up Your Security with Threat IntelligenceIBM Security
View on-demand webinar: https://securityintelligence.com/events/level-security-threat-intelligence/
As companies struggle to protect valuable data, threat intelligence can provide a much-needed “power up” to help enhance the detection and prevention capabilities of many security solutions like SIEMs, intrusion prevention, and malware and endpoint protection. By adding external context to internal indicators through seamless integration of data and insights, a better view of the network can help decipher the attackers’ playbook.
View this on-demand webinar to learn:
- How to use threat intelligence to improve security decision making
- Why open standards are a must to support security integration
- Best practices for integrating threat intelligence into your security practice
When you work with a lot of companies scrutinizing their security, you get to see some amazing things. One of the joys of being a commercial security consultant working for big name firms, is that you get to see a lot of innovation and interesting approaches to common problems.
However, as great as this is, the discrete projects you work on are usually a small representation of the overall company. When you look at the company in its entirety, a familiar pattern of weakness begins to reveal itself. While some companies are obviously better than others, the majority of companies are actually weak in remarkably similar ways.
My work in the attacker modeled pentest and enterprise risk assessment realms focuses on looking at a company as a whole. The premise is that, this is what an attacker would do. They won’t just try to attack your quarterly code reviewed main web site, or consumer mobile app. They won’t directly attack your PCI relevant systems to get to customer credit card data. They won’t limit their attacks to those purely against your IT infrastructure. Instead – they’ll look at your entire company, and they will play dirty.
In this session, I’ll focus on the things that plague us all (well most of us), and I’ll offer some simple advice for how to try and tackle each of these areas:
– Weaknesses in Physical Security
– Susceptibility to Phishing
– Vulnerability Management Immaturity
– Weaknesses in Authentication
– Poor Network Segmentation
– Loose Data Access Control
– Terrible Host / Network Visibility
– Unwise Procurement & Security Spending Decisions
Anticipate and Prevent Cyber Attack Scenarios, Before They OccurSkybox Security
Presented at ISSA Cornerstones of Trust June 6, 2012.
No one wants to be the next cyber casualty. Collectively, organizations spend an enormous amount of resources deploying and managing security solutions to block malware, protect data, and keep critical business services operating.
Yet most organizations remain inadequately protected against evolving and dangerous cyber threats. In this session, we will learn to recognize common network attack scenarios and mitigate the combination of misconfigurations, vulnerabilities, access policy violations and other security gaps that can be exploited by sophisticated attackers.
High-profile breaches at Epsilon, Sony, and other enterprise and government networks have dominated the news lately, raising awareness of the need to design effective security strategies against sophisticated attacks and advanced persistent threats (APTs). Many companies struggle with where to begin to develop an effective plan of cyber defense.
During this session we will walk the audience through several attack scenarios using a visual attack explorer tool, highlighting the combination of security gaps that are often used and how to prevent them. Network modeling, vulnerability analysis, access path analysis, and attack simulation will all be introduced and we will show how these analytical tools can be used to quickly and automatically find exposed areas of a network.
Failed Ransom: How IBM XGS Defeated RansomwareIBM Security
View on-demand webinar: http://event.on24.com/wcc/r/1238398/409AE8848D4FF1210B56EC81538788EB
Ransomware is a growing threat impacting organizations across all industries. But not all is lost. There are preventative measures that can be taken to help protect against ransomware attacks, including deploying a next-generation intrusion prevention system (IPS), such as the IBM XGS.
Join our webinar to:
Understand the current threats associated with ransomware
Learn how leading-edge research from IBM X-Force powers the XGS to stop ransomware
Hear how IBM XGS proactively blocked ransomware at a large healthcare insurance organization
Cloud security enforcer - Quick steps to avoid the blind spots of shadow itIBM Security
Quick steps to avoid the blind spots of shadow it- Cloud security enforcer webinar- available on demand here: https://securityintelligence.com/events/quick-steps-avoid-blind-spots-shadow/
Today’s Enterprise faces a number of “blind spot” challenges involving shadow IT and mobile users. With today’s fast paced technology, those blind spots are becoming more visible and easy to avoid. With IBM Cloud Security Enforcer, you can avoid View this webinar to learn:
- How can I discover and eliminate Shadow IT, even on mobile devices?
- How can I leverage existing technology to reduce costs for the company?
- How can I mitigate risk from non-compliance with regulations and security?
- Why do I have to spend additional money and time to integrate vendor products?
The 2013 Security Threat Report recaps what happened in data security in 2012, and what trends are ahead in 2013. For more information, visit: http://bit.ly/VcLfLa
Businesses of all sizes face risks in the everyday acts of using digital technology and the Internet for legitimate purposes. This presentation outlines eight common threats that traditional antivirus alone won't stop, and explains how to protect your organization using endpoint security. For more, visit: http://bit.ly/8Threats_wp
We are delighted to have Gary Miliefsky on our second Hacker Hotshot of 2013! Gary is the Editor of Cyber Defense Magazine, which he recently founded after years of being a cover story author and regular contributor to Hakin9 Magazine. In partnership with UMASS, he started the Cyber Defense Test Labs to perform independent lab reviews of next generation information security products. Gary is also the founder of NetClarity, Inc., which is the world's first next generation agentless, non-inline network access control (NAC) and bring your own device (BYOD) management appliances vendor based on a patented technology which he invented.
This talk will be focused on how to develop secure mobile apps. We will look into specifics regarding mobile development and what are the best practices.
We will make an emphasis on all issues affecting the mobile platform such as protocols, secure storage, secrets, caching, logging, etc.
Introduction to the Current Threat LandscapeMelbourne IT
Do you know what threats are lurking in the shadows? Have you been compromised without even knowing about it? Most companies don't even know if their business has been subjected to attacks and even worse, may have lost sensitive data without knowing about it until it’s too late.
The latest vulnerabilities highlight the extent and depth that hackers are adopting to steal your content or destroy trust in your brand. Our industry experts joining us for the presentation have a wealth of experience in robust security strategies and will be discussing the current online threat landscape, the most prominent approaches to security breaches and what you need to consider to protect your online presence from any potential malicious attacks.
About Melbourne IT:
Melbourne IT Enterprise Services designs, builds and operates custom cloud solutions for Australia’s leading enterprises. Its expert staff help enterprises solve business challenges and build cultures that enable organisations to use technology investments efficiently to improve long-term value. With more than 15 years’ experience in delivering managed outcomes to Australian enterprises, Melbourne IT has been long associated with enabling success. Its certified cloud, consulting, and security experts repeatedly deliver results. Many of the brands you already know and trust rely on Melbourne IT. For more information, visit www.melbourneitenterprise.com.au
The cyber house of horrors - securing the expanding attack surfaceJason Bloomberg
The enterprise attack surface has exploded in recent years. More users on more devices in more locations are able to access ever more sensitive enterprise applications. The result is that the number of targets for attackers has gone up dramatically.
The expanding attack surface has been dubbed a “Cyber House of Horrors,” as insider risks, aggressive social engineering, exploitation of outdated access controls, and a range of other security issues have come to the fore.
Join Certes Networks and Intellyx for a webinar to explore:
What factors are driving the expansion of the attack surface?
What types of attacks and exploits are taking advantage of these changes?
How are segmentation techniques and access controls evolving in response?
Learn more about how organizations prevented downtime with #BigFix in the wake of #wannacry. References and Use Cases along with a review of our BigFix Solution.
https://www.ibm.com/connect/ibm/ca-en/resources/tomjs/
클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic - 채현주 보안기술본부장, Openbase :: AWS Sum...Amazon Web Services Korea
스폰서 발표 세션 | 클라우드 환경에서의 SIEMLESS 통합 보안 서비스, Alert Logic
채현주 보안기술본부장, Openbase
클라우드 환경의 다양한 서비스로 인해 자산을 지키는 보안을 위한 작업은 더욱 복잡해지고 있다. 기존 온프라미스에서 해 오던 방식으로 클라우드 보안에 접근하는 것은 비용 및 자원활용 측면에서도 낭비이며, 기술의 발전 속도를 따라가기도 어렵다. 본 세션에서는 클라우드 환경의 보안 특성을 살펴보고 효율적인 보안시스템 구축을 위한 가이드를 제시하며, 아울러 전문적인 보안 지식이나 자체 구축 보안시스템 없이도 즉시 활용할 수 있는 Alert Logic의 보안 서비스를 소개한다.
Re-defining Endpoint Protection: Preventing Compromise in the Face of Advance...IBM Security
Traditional endpoint protection solutions have become the punching bag of security. And for good reason. Traditional solutions, including blacklisting and signature-based antivirus, have not kept pace in combating advanced threats and zero-day attacks. Organizations are left defenseless.
A new approach is needed that understands the lifecycle of today’s advanced attacks, providing capabilities to assess devices, prevent attacks, detect compromise, investigate the incident and finally remediate the environment.
View the full on-demand webcast: https://www.youtube.com/watch?v=Xyw-SV9v9dg
A Closer Look at Isolation: Hype or Next Gen Security?MenloSecurity
This webinar looks at Isolation from different viewpoints. Learn from a Menlo Security customer, along with John Pescatore, Director of Emerging Technologies at SANS Institute, and Kowsik Guruswamy, Menlo Security CTO, as they explore why organizations around the globe are looking at isolation as the means to protect their users from ever-present web and email dangers.
IBM Smarter Business 2012 - IBM Security: Threat landscapeIBM Sverige
IBM Security Systems presents the latest risks and trends from X-Force 2011 Full Year report, and how you can protect your infrastructure from these new evolving threats using Security Intelligence from Q1 Labs and IBM's recently announced Advanced Threat Protection Platform.
Talare: Mikael Andersson, Client Technical Professional, IBM
Besök http://smarterbusiness.se för mer information.
Mobile Payments: Protecting Apps and Data from Emerging RisksIBM Security
Arxan Technologies, FS-ISAC, and IBM joined forces to deliver a presentation on how to protect your applications and data from emerging risks. This session will cover:
- The threat landscape regarding mobile payments
- How cybercriminals can hack your applications
- Comprehensive prevention and protection techniques
Website attacks continue to prevail despite the best efforts of enterprises to fight them. Websites are an ongoing business concern and security must be assured all the time, not just at a point in time. And yet, most websites were exposed to at least one serious vulnerability every day of 2010, leaving valuable corporate and customer date at risk. Why?
In this report, Jeremiah will explore a new way to measure website security, Windows of Exposure, that tracks an organization’s current and historical website security posture. Window of Exposure is a useful combination of vulnerability prevalence, how long vulnerabilities take to get fixed, and the percentage of them that are remediated. By carefully tracking these metrics, an organization can determine where resources would be best invested.
Using data from WhiteHat’s 11th Website Security Statistics Report, based on assessments of over 3,000 websites, Grossman will reveal the most secure (and insecure) vertical markets and the Windows of Exposure of each. Find out how your industry ranks, and the top ten vulnerabilities plaguing your peers. Learn how to determine which metrics are critical to increasing their remediation rates, thereby limiting their Window of Exposure. The good news is that companies that take this approach are increasing remediation rates by 5 percent per year.
You have spent a ton of money on your security infrastructure. But how do you string all those things together so you can achieve your goals of reducing time to response, detecting, preventing threats. And most importantly, having your security team serve your business and mission. Learn how to organize your security resources to get the best benefit. See a live demonstration of operationalizing those resources so your security teams can do more for your organization.
The ever-escalating threats to your business posed by ransomware and all forms of malware cannot be ignored. Cyber-criminals are employing every technology and tactic available to defeat your security systems and then go completely unnoticed as they systematically penetrate and catalog your systems and data to methodically prepare for a coordinated, carefully orchestrated, multipronged attack. The IBM i can be a rich target of valuable data for these bad actors.
Malware attacks are active, not static. Traditional automated scanning, alerting and remediation practices are no longer enough. Instead, the focus needs to be upon securing critical assets and data stores using a multi-layered defensive approach. In practical terms, this means employing every possible security tool and tactic available, in a coordinated, programmatic way.
Join us for this on-demand webinar to better understand:
o The risks of relying on an “identify and remediate” approach to malware
o A different approach to more effectively prevent malware
o How a multi-layered security strategy can protect IBM i from malware threats
Hiding in Plain Sight: The Danger of Known VulnerabilitiesImperva
While a lot of attention is devoted to the mitigation of previously unknown attack methods ("0 days"), many of today's high-profile breaches are caused by "Known Vulnerabilities" in the application's components, also referred to as "vulnerabilities in third-party components." Attackers are quickly moving to exploit applications built with vulnerable components and are inflicting serious data loss and/or hijacking entire servers in the process. The rising popularity of third-party components in application development enables attackers to quickly and repeatedly locate and exploit vulnerabilities in application components - making these attacks widespread and extremely hazardous. This presentation will: (1) explore the recent growth of "Known Vulnerabilities" and examine the scope of the problem (2) examine how attackers are able to quickly "weaponize" these vulnerabilities for immediate profit (3) reveal techniques for limiting the damage resulting from "Known Vulnerabilities" exploitation.
Is your security solution having trouble keeping up? Explore what a modern security solution looks like—built to tackle the evolving threat landscape while adapting to today’s global, mobile workforce.
Vulnerability Management is a thankless and continuous process. We are going to discuss the process and ways to achieve the goal of being patched and secure that constantly moves.
What do we mean by the M&M analogy as it applies to IT Security?Overall, IT organizations are doing a reasonable job at securing servers in DMZs, with the exception of web applicationsUnfortunately we witness a completely different scenario when we investigate assets beyond the DMZ. Internal assets are way out-dating on patching, end-of-lifed O/S, no hardening, weak passwords etc.Attackers have moved away from attacking services in the DMZ to client-side applications
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
For targeted orgs, signatures will do very little to stop attacks.Also, you don’t have to be a bank or big retail to be subject to attack, 28% are purely random opportunistic.28% were specifically targeted by attackers. Another 28% drive by – happened to surf to site and saw a vulnerability present. Fishing websites etc.The 44% are not fully targeting, but if they find a target that is easy. They stumble upon the opportunity. Cast a wide net looking for easy to pluck targets. Then focus their attention on exploiting the vulnerability found.Opportunistic Random – Searching for websites vulnerable to SQL Injection, I’ll take any that respondOpportunistic Directed – Searching for websites vulnerable to SQL Injection, refine list to direct exploit to a defined listRandom Opportunistic: Attacker(s) identified the victim whilesearching randomly or widely for weaknesses (i.e., scanning largeaddress spaces) and then exploited the weakness.Directed Opportunistic: Although the victim was specificallyselected, it was because they were known to have a particularweakness that the attacker(s) could exploit.Fully Targeted: The victim was first chosen as the target and thenthe attacker(s) determined a way to exploit them.Found at the Verizon Business Report
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
Today’s environment has changed. More people will need to be involved to effectively manage vulnerabilitiesEnter the idea of Vulnerability Management, enabling more people to work together on a common goal, efficiently and effectively eliminating vulnerabilities
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
Discuss vulnerability SCANNING vs. vulnerability MANAGEMENT the value is in organizing, tracking, reporting, delegating, prioritizing, and efficient remediating vulnerabilities
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update serversAmazing when you show an executive their email, company crown jewels, and playback phone conversations of his/hers how much they listen.
What is Managements perception of vulnerability management?Typical responses – we’d like to do it but we don’t have time/staffWe would like a solution in place but we don’t have the budgetWe don’t have the skillsManagement doesn’t see the riskThat will never happen to usThat’s why we have a FWWe have windows update servers
Commercial Solutions are Affordable even for SMB!A entry level package of for a solution we promote is $3000 for unlimited scanning for up to 30 internal IP’s and 6 external.To have a consultant scan periodically would cost ~$20 per IPIf you don’t purchase a full solution, at least a quarterly scan would let you prioritize remediation efforts every 3 months.
Rate Vulnerabilities by potential and criticality Categorize risks based on technology and importance of asset Simple to track progress of remediation Ability to group assetsFrequent updates Authenticated scansCustom ReportingThe Bottom Line:How to find it, confirm it, fix it and prioritize it
Vulnerability Management is a thankless and continuous process. We are going to discuss the process and ways to achieve the goal of being patched and secure that constantly moves.