Industry experts from some of today's top security companies offer their thought leadership, expertise, and information to help tackle current
security threats and challenges.
----
Industry-Sponsored White Paper of February 2016
Overview:
The growing prevalence of cloud technologies requires a new breed of certified security specialist: one that can talk to the C-suite as well as to
the IT department. The cloud, and cloud strategy should not be relegated just to IT. It covers all aspects of a company’s operations and needs input from many sides. A security
specialist must be as well versed in risk assessment as in technology; in strategic thought as much as hands-on ability. As the risks continue to grow, this specialist will instill the
proactive mindset needed for successful corporate use of cloud technology.

Download this Whitepaper to learn:
- Why cloud security strategy belongs on the boardroom table (not only in the IT Department),
- How the growing, changing, cloud requires constant vigilance and security resources,
- Who should be in charge of cloud security,
- Where cloud threats come from; how varied are they, and
- Why the time has come to have credentialed cloud security professionals on the team.
2015 Live Industry Webinar December 16, 2015. Presented by:

Join us for the fourth webinar in the “Digital Identity Insights” educational
webinar series focused on digital identity security, presented in partnership with Thales e-Security.
Digital Certificates - A Critical Line of Defense
Against Cybercrime
Wednesday, December 16, 2015
10:00 am - 11:00 am
Eastern

Digital certificates are a critical line of defense against cybercrime. From authenticating traditional user
endpoints to enabling trusted e-commerce purchases, digital certificates and the public key infrastructure (PKI) that issues them create a high assurance foundation for digital
security when implemented correctly.
Partnering to provide best-in-class PKI solutions, Certified
Security Solutions (CSS) and Thales e-Security invite you to a live webinar
to discuss digital certificate use cases, the security threat landscape and resolutions to dangerous enterprise problems putting your company at risk for costly outages and data
breaches.
Agenda
- "Newest" security technology
- Why it's different today
- Digital certificate use cases
- Security threat landscape
2015 Live Industry Webinar November 19, 2015
Join us for the third webinar in the “Digital Identity Insights” educational webinar series
focused on digital identity security.
PKI for IoT: Not Your Average Enterprise
PKI
Thursday, November 19, 2015
1:00 pm - 2:00 pm Eastern

What you'll learn
Join CSS PKI Professional Services principal consultant, Wayne Harris,
to walk through an overview of IoT, the features and uses of a typical enterprise PKI, reasons why
an enterprise PKI doesn’t work for IoT use cases, and what makes an IoT-specific PKI unique in its components, infrastructure reliability, resiliency, security, trust model, policy,
governance, and cryptography.
2015 On Demand Webinar
Exposing Risky IT Security - Best Practices from the Testing Trenches

Presented by:
Enterprises are racing to shore up on-premises and cloud defenses to avoid being the next security headline. Spending on security
technologies is at an all-time high, but how confident are you in vendor decisions and security architecture you are implementing? High-fidelity testing can replace guesswork-bassed
uncertainly with fact-based confidence.
Join this webinar and learn from top security professionals the best practices for data-driven security decisions that ensure secure and resilient
networks.
You will learn:
- Strategies to make data-driven technology investments
- Importance of realism and scale in application and network staging labs
- Special considerations to test and assess cloud implementations
Register
now to reserve your spot!
2015 On Demand Webinar
The Third Annual
Information Security Survey:
What's top of mind for InfoSec leaders in securing the data center
Presented by:
Join Demetrios Lazarikos (Laz), two-time former CISO, former PCI QSA, and Founder of Blue Lava Consulting, as he presents the findings on securing the data center from his
company’s third annual Information Security survey, based on the responses
from over 300 InfoSec leaders and practitioners.
This discussion will be critical for attendees as they prepare for the annual
RSA conference to learn:
•What’s top of mind for InfoSec executives in securing the data center
•Which technologies they should be evaluating as part of their Information
Security program
Click here to
Register.
Presented by:
With the escalation of data breaches and threat impacts, there is an ever increasing emphasis on integrating threat intelligence tools and technologies into an organization’s security
program. In this presentation, we discuss the challenges and pitfalls associated with creating a true threat intelligence program as well as offer potential solutions for the practitioner to
consider. Recorded February 24, 2015.
Speaker: Kim L. Jones is SVP, Chief Security Officer at Vantiv and has been an intelligence, security, and risk professional for over 25 years. A sought-after
speaker and industry thought leader, Jones has built, refined, and/or managed security programs in the financial services, healthcare, manufacturing, outsourcing, and defense
industries.
Operation SMN - Disruption of "Axiom"
A Prolific Chinese Cyber Espionage Group
On October 28th, on behalf of the Operation SMN Coalition, Novetta published the full technical and behavioral reporting associated with Operation SMN. The latest reports explore the
structure, potential motivations, and tactics of the Axiom threat actor
On October 30th iSight Partners, a coalition member, and
Novetta got together in a webinar to:
- Discuss our visibility into the activities of Axiom group
stretching back multiple years and involving major intrusion campaigns
- Outline the findings of the coalition’s report on Axiom
group – including technical indicators that will assist your organization in assessing potential compromise
- Detail how this coalition worked together to fuse
intelligence on Axiom and correlate their activities
Examine steps your firm can take to protect itself against the
tactics, techniques and procedures used by Axiom and others in the cyber espionage realm.
To register: Click Here.
The
Heartbleed Vulnerability: How to Protect Your Business
Presented by:

Speaker:
Jeff Barto, Trust Strategist, Symantec
Jeff is a trust strategist and advocate in Symantec’s Trust Services and
Website Security Solutions group, and he’s passionate about inspiring and
projecting trust on the internet. Jeff’s experience in product management
within the IT security and mobile space spans 12 years, largely at Symantec and
Hewlett-Packard. Equally a veteran at technology marketing and running customer
contact organizations, Jeff offers a unique and engaging perspective for
maximizing the value – and rewards – of trust and security.
Overview:
With the recently discovered Heartbleed vulnerability, information security
professionals and end users are feeling the pressure and impact to better
protect their information. The task of securing your organization and
information can seem overwhelming. View this recorded webcast to get
step-by-step instructions on how to protect your business and information, and
keep your communications secure.
Learn about:
- What is Heartbleed and the impact it has
- Understand how the vulnerability is
exploited and how you can detect it
- Steps you need to take to secure
information now and going forward
Click
here to
view.
Responding to New SSL Cybersecurity Threats
Presented by:

Speakers:
Kevin Bocek, VP of Security Strategy & Threat Intelligence, Venafi
Kevin brings more than 15 years of experience in security and encryption with
trailblazing startups and market leaders including CipherCloud, IronKey,
nCipher, PGP, RSA Security, Thales, and Xcert.
Gavin Hill, Director, Product Marketing &
Threat Research, Venafi
With over a 15 years of experience in product development and marketing in the
cyber security space, Gavin is particularly adept at identifying where
enterprises are at risk and developing products that mitigate those risks
related to evolving cyber threats.
Overview:
By blindly trusting and failing to properly secure cryptographic keys and
digital certificates, enterprises are leaving open doors to cybercriminals
seeking rogue, root-level access to servers, applications and clouds in order
to steal valuable data. Are you prepared for this type of attack, particularly
in the wake of Heartbleed?
According to new Gartner research, "Organizations without
traffic decryption plans are blind not only to these new sophisticated attacks
but also to any attacks that take place over encrypted connections.”
View this webinar to:
- Understand why current security measures do
not properly protect keys and certificates
- Gain insight into why cybercriminals are
attacking digital trust at ever-increasing rates
- Obtain strategies for responding to attacks
on SSL
Click
here to view.
Remediating
Heartbleed Vulnerability – What You Need to Know
Presented by:

Speakers:
Kevin Bocek, VP of Security Strategy & Threat Intelligence, Venafi
Kevin Bocek brings more than 15 years of experience in security and encryption
with trailblazing startups and market leaders including CipherCloud, IronKey,
nCipher, PGP, RSA Security, Thales, and Xcert.
Mark Miller, Senior Manager, Customer
Support, Venafi
Mark Miller works closely with Venafi customers on responding to and
remediating cybersecurity vulnerabilities. He has over 14 years of experience
with varying security products delivering training, support and IT solutions.
Overview:
The Heartbleed OpenSSL vulnerability impacts more than 50% of the
public facing webservers on the Internet, enabling attackers to extract
valuable private keys, digital certificates and other data.
Failure to immediately remediate results in Heartbleed leaves an
open door in your network, and creates perpetual security vulnerabilities since
attackers can now spoof legitimate websites or decrypt private communications.
For organizations that do not have a system to identify all keys
and certificates used with SSL – whether in the datacenter or in the cloud –
Venafi can help you quickly respond and resolve issues.
View this webinar to learn how to:
- Identify vulnerable systems
- Prioritize affected keys and certificates
for replacement
- Generate new, trusted keys and certificates
- Validate successful replacement and
remediation
Click
here to view.
Preventing Unauthorized Access & Attacks
Presented by:

Speakers:
Patriz Regalado, Product Marketing Manager, Venafi
Patriz Regalado brings over 7 years of network and information security
experience in product marketing and product management to Venafi. At Venafi,
she focuses on evolving mobile security threats and vulnerabilities and
launching new and innovative products that mitigate those risks.
Mark Sanders, Senior Systems Engineer, Venafi
With over 15 years of experience working with the Global 2000 in the network
and security space, Mark Sanders has extensive experience solving complex
enterprise problems. Mark is a senior systems engineer that focuses on customer
advocacy while providing domain and solution expertise.
Overview:
Did you know, 71% of compromised enterprise assets in 2013
involved users and their endpoints?
The shift toward BYOD has led to a rapid increase in the risk of
unauthorized access to critical networks, applications, and data. Today, IT security
has no visibility into the mobile certificates users have access to and lacks a
"kill switch” to quickly respond to certificate-based attacks.
In this webinar, you’ll learn:
- How to gain visibility and control over
mobile access
- Security risks and challenges with mobile
certificates
- How to protect intellectual property with a
mobile "kill switch” that integrates with your existing MDM solution
Click
here to view.
Consumer
Web Portals: Platforms at Significant Security Risk
Presented by:

From online shopping and
banking to accessing personal health information, consumers are moving more of
their personal lives to the Web. Get the latest Forrester Research report and
learn about the top business risks to consumer-facing Web portals and the
latest identity-related technologies that some organizations are already using
or plan to adopt to minimize their exposure.
Click
here to read the whitepaper.
iSIGHT
Partners Research – "Exposing the Malicious Use of Keys and Certificates"
Presented by:

Speakers:
Gavin Hill - Director of Product Marketing and Threat Research, Venafi
With over a 15 years of experience in product development and marketing in the
cybersecurity space, Gavin Hill is particularly adept at identifying where
enterprises are at risk and developing products that mitigate those risks
related to evolving cyber threats. At Venafi he is responsible for the Venafi
Threat Research Center, focusing on Next-Generation Trust Protection.
Katie Bowen - Threat Intelligence Analyst, iSIGHT Partners
At iSIGHT Partners, Katie Bowen is responsible for researching, analyzing and
producing intelligence products and briefings for private sector and government
clients on current and emerging cyber threats.
Overview:
For years, digital trust that is foundational to every business and government
has been established by cryptographic keys and digital certificates. Recently,
this trust has come under attack from cyber criminals. Through theft and
forgery, malicious actors use stolen or compromised keys and certificates to
attack and infiltrate organizations by stealing data and valuable IP. Their
motives are different, as are their tactics and techniques.
In this webinar you will:
- Gain insight into the profiles of malicious
actors
- Understand the current cyber threat
landscape
- Learn about real-world examples of attacks
on keys and certificates
- Understand the exposure to your
organization
Click
here to view.
Forrester Research – Attacks On Trust: The Cybercriminal’s New Weapon
Presented by:

Speakers:
- John Kindervag is a Principal Analyst at Forrester
Research serving Security & Risk Professionals. John is a leading
expert on wireless security, network security, security information
management, and PCI data security. He is a 25-year veteran of the
high-tech world and holds numerous industry certifications, including
CISSP, CEH, QSA, and CCNA.
- Jeff Hudson is the CEO of Venafi, the market leading
cybersecurity company in Next-Generation Trust Protection. Jeff has over
25 years of leadership and management experience in information technology
and security management. He has spent a significant portion of his career
developing and delivering leading-edge technology solutions for financial
services and other Fortune-ranked organizations.
Overview:
Due to the rise of cybercriminal attacks on trust, more and more
organizations are finding themselves vulnerable to data theft and IP loss.
Hackers have learned how to access cryptographic keys and digital certificates
and exploit the trust they provide to infiltrate networks and systems. Current
IT security solutions are unequipped to detect and remediate these types of
costly assaults and compromises.
Our presenters will guide you through both the risks and the
solutions, explaining:
- The rise of trust-based attacks
- Reasons why keys and certificates are
targeted as the weakest link in your defense
- How current security measures are failing
to protect organizations
Click
here to view.
Calculate The Real Costs of Advanced Attacks and
Secure the Budget to Stop Them
Presented by:

Speaker:
- Mike Rothman, Analyst and President,
Securosis
Even with a seemingly robust security posture, organizations are
all too often exposed to breaches because traditional security defenses simply
cannot detect today’s advanced attacks. Remediation is possible, but comes at a
cost.
Join Securosis Analyst Mike Rothman for a live webcast explaining how to
respond to security incidents, model the costs of cyber attacks, and secure the
right budget for a vigorous defense.
Why you should attend:
- Learn how to create a detailed process map
and remediation plan.
- Discover how costs can be modeled to assess
the economic impact of attacks.
- Get the budget you need by learning the
hidden costs of doing nothing - and how to substantiate the ROI of
advanced threat protection.
Click
here to register for the
webinar.
Vulnerability Voodoo: The Convergence of Foundational Security Controls
Presented by:

Speakers:
- Charles Kolodgy, Research Vice President, IDC Security
Products
- Edward Smith, Product Marketing Manager, Tripwire
Join Charles Kolodgy, Research Vice President for IDC's Security
Products, and Edward Smith, Product Marketing Manager at Tripwire, to learn how
Vulnerability Management at "The New Tripwire” benefits you and your
organization. You’ll also learn how an intelligent approach to performance
reporting and visualization enables better decision making.
In this webcast, Charles and Edward will discuss:
- Integrating Vulnerability Management with
other security controls to improve compliance and security posture
- Leveraging Vulnerability Management beyond
the server room to reduce risk across the entire enterprise
- Combining business intelligence from
Vulnerability Management with other security controls to make better
business decisions
Click
here to register for the
webinar.
SANS WhatWorks in Detecting and Blocking Advanced
Threats
Presented by:

Speakers:
- John Pescatore, SANS Director of Emerging Security Trends
- Anonymous, Cyber Security Analyst National Laboratory
With cyber attacks increasing exponentially year over year, you
need to prepare yourself for 2014 with vital information that will help
strengthen your cyber security posture. Learn how a large research organization
ensures effective operations and cybersecurity capabilities, and how advanced
threat protection from FireEye helps get the job done.
In an interview between SANS Director of Emerging Security, John
Pescatore, and a veteran cybersecurity analyst, learn how one agencies desire
to take a more aggressive approach to detecting security incidents prompted
them to look at new threat detection systems.
Today, FireEye proactively
inspects traffic on their high speed networks, and detects malicious events
unseen by other installed network security systems.
Click
here to register for the webinar.
Defending Against Advanced Cyberthreats and
APTs
Presented by:

Advanced persistent threat (APTs) are no longer associated exclusively with government agencies. They're now a very real threat to many
organizations in various industry sectors. Unfortunately, most existing technologies can no longer keep up with the increasing amount of threats perpetrated against them.
This webcast clarifies the nature of APT risks and provides recommendations on how organizations can better protect themselves. Topics
include:
- The 7 Stages of Advanced Threats
- How to Defend Against Advanced Threats
- How Websense is playing a leading role in APT defenses
Register to view the webinar today.
Or download our new whitepaper, "5 Essentials to Protect against APTs.”
Enabling Fast Responses to Security Incidents with Threat Monitoring
Presented by:

Combating today's cybercriminals requires insight into advanced threats and improved responsiveness to the threats that most current defenses
are missing.
As a result, many IT departments are looking for tools that can provide visibility into infected systems, blended attacks, call-home
communications, data exfiltration and other advanced threats. This webcast examines the value of threat monitoring and highlights how the new Websense® TRITON® RiskVision™
solution can quickly improve your security posture without disrupting productivity.
Topics include:
- Why IT needs hands-on tools for threat monitoring
- How targeted attacks operate across the 7 stages of advanced threats
- How
Websense TRITON RiskVision provides unrivaled insight into advanced
threats, data theft and data loss — plus actionable reporting and
malware analysis
Register to view the webinar today.
How a Hacker Breaks An Application with
Vulnerability Chaining
Presented by:

In any given application, vulnerabilities can
range from a minor case of Information Leakage to major Insufficient Authorization/Authentication,
and anywhere in between. With such a wide range of vulnerabilities it is easy
to see how, say, an issue with Insufficient Anti-Automation can be minor.
However, a malicious attacker will more than likely focus on multiple vulnerabilities;
this tactic can exploit seemingly minor vulnerabilities and result in a much
more dangerous exploit. Thus, it is clear that apparently "minor”
vulnerabilities can be used in combination with more "dangerous” finds to
create a truly devastating attack that could compromise an entire application.
Caleb Brinkman - Application Security Researcher, WhiteHat Security
Caleb Brinkman is an application security specialist working in the R&D
engineering department at WhiteHat Security. Caleb has been programming since
before high school with a focus on video games and security.
Click here to
register.
Leveraging
Firsthand Feedback from Hackers to Mitigate Risks
Presented by:

Real
Hacker Methods Revealed
What can the IT security community learn from a "blackhat" who says
he’s decided to go legit?
While many IT security professionals shy away from listening to
anything from the dark side, much can be learned from knowing your adversaries
and what makes them tick.
Join this webinar to learn insights into where your defense
strategy might be at risk and what methods hackers are deploying to thwart
current security measures. We will also cover how this attack information is
used to build defense strategies.
We’ll discuss the following aspects:
- What motivates hackers
- Gain insight to devise better solutions or
to abandon failed technologies
- What attacks are really being used in the
wild
- How the hacker mind sees the world
- How security researchers leverage this attack
intel
- Tracking attacks and deploying protection
strategies
Speakers:
Robert Hansen - Director of Product Management, WhiteHat Security
Robert Hansen (CISSP) is the Director of Product Management at WhiteHat
Security. Mr. Hansen has co-authored "XSS Exploits" and wrote the
eBook, "Detecting Malice." Robert is a member of WASC, APWG, IACSP,
ISSA and has contributed to several OWASP projects.
Matt Johansen - Manager,
WhiteHat Security Threat Research Center (TRC), WhiteHat Security
Matt Johansen is a manager for WhiteHat Security’s Threat Research Center
(TRC). Matt began his career as a security consultant for VerSprite, where he
was responsible for performing network and web application penetration tests
for clients. He then took at role at WhiteHat as an application security
specialist for the TRC and quickly rose through the ranks. He currently manages
more than 40 at the company’s Houston location.
Click
here to register.
What You Don’t Know CAN Hurt You: Eliminating Cyber Security Blind Spots
and Optimizing Incident Response
Presented by:

Click here to register today!
The traditional cyber security infrastructure is riddled with blind spots…open doors for threats we can’t see, because the tools we traditionally
rely on can’t see them. Detecting data leakage your DLP misses, detecting the new malware your IDS and antivirus don’t recognize, and monitoring traveling and telecommuting
employees -- whether they’re logged into your network or not -- are all tremendous challenges for organizations. This is because the traditional cyber security model is piecemeal and
dangerously inefficient. For most organizations, their ability to detect threats ends with their DLP and signature-based prevention and alerting tools. Then when a compromise is
detected, incident responders rely on a variety of disparate tools and meet in person to share and correlate findings.
Join Dale Beauchamp, branch manager in the information assurance and cyber security division of the TSA,
and Jason Mical, vice president of cyber security at AccessData Group as they describe how the cyber security model is evolving and discuss the capabilities that are required
to overcome these detection and response obstacles. Beauchamp and Mical will review and advise on the following:
- Investing in detection and response vs. prevention
- The need for technology that picks up where signature-based prevention and alerting tools leave off
- Achieving rapid response through integrated analysis
- Proactive detection – the final frontier – what it takes to detect unknown threats and malicious insiders before damage is done
- Implementing real-time collaboration among all information security teams with reporting up and down the chain of command
MEET THE PRESENTERS…
Dale Beauchamp, Branch Manager, Focused Operations, Office of Information Technology, Information Assurance and Cyber
Security Division, Transportation Security Administration
Dale Beauchamp, currently serves as Branch Manager, Focused Operations for the Office of Information Technology, Information Assurance and
Cyber Security Division. Dale provides oversight for Computer Network Defense, Forensics, Advanced Persistent Threat and e-Discovery for TSA. Dale previously served as Senior
Forensics and Intrusions Instructor for the Defense Cyber Training Academy. As an instructor for DCITA he developed and delivered courses for federal state and local law agencies
engaged in the investigation of high technology crime and intelligence gathering. Dale has seven years law enforcement experience as a Maryland State Trooper. As a Trooper he was
assigned to the Computer Crime section where he worked as a Computer Forensic Investigator providing, detailed digital forensics analysis support to a host of criminal and
administrative investigations. Dale has a Bachelor of Science degree from the University of Baltimore in Business Administration.
Jason Mical, Vice President of Cyber Security, AccessData Group
As Vice President of Cyber Security, Jason is responsible for the global management of AccessData’s cyber intelligence and incident response
solutions and assists AccessData’s clients with the assessment of IT risk reduction in such areas as electronic intercepts, intrusion analysis, virus detection, incident response, privacy,
asset management, policies, standards and guidelines. Jason also offers his expertise and consulting services to clients and other audiences on issues of electronic, computer and
physical security investigations.
Jason has more than 25 years experience in telecommunications fraud prevention, physical security management and network security
investigations. During his career, he has developed and implemented overall network security, physical security and fraud control programs for several global organizations. He has also
developed security and fraud awareness training seminars used to educate employees, as well as federal, state and local law enforcement officials, and has established and operated
security incident response teams and forensic investigation units for several large enterprise organizations. Jason has been an active member with the FBI Infraguard, United States
Secret Service Electronic Crimes Task Force, ISSA, HTCIA, ASIS, ANSIR and CTIA Fraud Task Forces.
Click here to register today!
Why Java Exploits Remain a Top Security
Risk
Presented by:

Most Java installations — 94 percent — are unpatched or outdated, making them insecure and a popular vehicle for cyberthreats. Yet updating
Java installations is not always an option — it might actually break the mission-critical web applications your employees need to do their jobs.
This webinar will
show you how to increase your organization’s security while maintaining its productivity. It will explain Java’s role in today’s web-connected world and its exposure to being
compromised, plus offer a variety of alternatives and best practices you can employ to mitigate risks.
You will learn:
- How to determine your organization’s exposure to Java exploits.
- Which security measures might address Java’s "zero-day" risks.
- Whether you really need Java on every system, and what your options are.
Cybercriminals are quick to exploit most Java vulnerabilities. Fortunately, you can take steps to identify your options and mitigate the risk. This
webinar will show you how.
View the Webinar today.
On Demand Webinar: Cost of Failed Trust – Attacks of Failed Key & Certificate Management
Presented by:

Speakers:
- Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute
- Jeff Hudson, CEO, Venafi
Overview: APT attackers are using keys and certificates to infiltrate networks and steal data. With
these attacks growing 600% year over year, organizations are woefully unprepared. First-ever research shows these attacks expose you to losses of up to $400 million over two
years.
In this webinar, you will learn:
- Why trust established by keys and certificates is the perfect target of attack
- How keys and certificates are poisoned against your organization
- How the lack of visibility and inability to respond make keys and certificates the ideal APT attack vector
- What strategies can help improve the effectiveness of your APT strategy
Click here to view the webinar.
Interested in showcasing your organization's thought leadership through the ISSA Industry Webinar Sponsorship program?