Industry experts from some of today's top security companies offer their thought leadership, expertise, and information to help tackle current security threats and challenges.

----

Industry-Sponsored White Paper of February 2016

Overview:

The growing prevalence of cloud technologies requires a new breed of certified security specialist: one that can talk to the C-suite as well as to the IT department. The cloud, and cloud strategy should not be relegated just to IT. It covers all aspects of a company’s operations and needs input from many sides. A security specialist must be as well versed in risk assessment as in technology; in strategic thought as much as hands-on ability. As the risks continue to grow, this specialist will instill the proactive mindset needed for successful corporate use of cloud technology.

 Download this Whitepaper to learn:

1. Why cloud security strategy belongs on the boardroom table (not only in the IT Department),
2. How the growing, changing, cloud requires constant vigilance and security resources, 
3. Who should be in charge of  cloud security,
4. Where cloud threats come from; how varied are they, and
5. Why the time has come to have credentialed cloud security professionals on the team.

Join us for the fourth webinar in the “Digital Identity Insights” educational webinar series focused on digital identity security, presented in partnership with Thales e-Security.

Digital Certificates - A Critical Line of Defense
Against Cybercrime

Wednesday, December 16, 2015
10:00 am - 11:00 am Eastern

Digital certificates are a critical line of defense against cybercrime. From authenticating traditional user endpoints to enabling trusted e-commerce purchases, digital certificates and the public key infrastructure (PKI) that issues them create a high assurance foundation for digital security when implemented correctly.  

Partnering to provide best-in-class PKI solutions, Certified Security Solutions (CSS) and Thales e-Security invite you to a live webinar to discuss digital certificate use cases, the security threat landscape and resolutions to dangerous enterprise problems putting your company at risk for costly outages and data breaches. 

Agenda

• "Newest" security technology
• Why it's different today
• Digital certificate use cases
• Security threat landscape

2015 Live Industry Webinar November 19, 2015

Join us for the third webinar in the “Digital Identity Insights” educational webinar series
focused on digital identity security.

 PKI for IoT: Not Your Average Enterprise PKI

Thursday, November 19, 2015

1:00 pm - 2:00 pm Eastern

What you'll learn

Join CSS PKI Professional Services principal consultant, Wayne Harris, to walk through an overview of IoT, the features and uses of a typical enterprise PKI, reasons why an enterprise PKI doesn’t work for IoT use cases, and what makes an IoT-specific PKI unique in its components, infrastructure reliability, resiliency, security, trust model, policy, governance, and cryptography.

2015 On Demand Webinar 

Exposing Risky IT Security - Best Practices from the Testing  Trenches

Presented by:

Enterprises are racing to shore up on-premises and cloud defenses to avoid being  the next security headline. Spending on security technologies is at an all-time high, but how confident are you in vendor decisions and security architecture you are implementing? High-fidelity testing can replace guesswork-bassed uncertainly with fact-based confidence. 

Join this webinar and learn from top security professionals the best practices for data-driven security decisions that ensure secure and resilient networks.

You will learn:

• Strategies to make data-driven technology investments
• Importance of realism and scale in application and network staging labs
• Special considerations to test and assess cloud implementations

Register now to reserve your spot!

2015 On Demand Webinar 

The Third Annual Information Security Survey: What's top of mind for InfoSec leaders in securing the data center

Presented by:

Join Demetrios Lazarikos (Laz), two-time former CISO, former PCI QSA, and Founder of Blue Lava Consulting, as he presents the findings on securing the data center from his company’s third annual Information Security survey, based on the responses from over 300 InfoSec leaders and practitioners.

This discussion will be critical for attendees as they prepare for the annual RSA conference to learn:

    •What’s top of mind for InfoSec executives in securing the data center

    •Which technologies they should be evaluating as part of their Information Security program

 Click here to Register.

2015 On-Demand Webinar

Intelligence Redux: Injecting Threat Intelligence into Your Security Organization

Presented by:

With the escalation of data breaches and threat impacts, there is an ever increasing emphasis on integrating threat intelligence tools and technologies into an organization’s security program. In this presentation, we discuss the challenges and pitfalls associated with creating a true threat intelligence program as well as offer potential solutions for the practitioner to consider. Recorded February 24, 2015.

Speaker: Kim L. Jones is SVP, Chief Security Officer at Vantiv and has been an intelligence, security, and risk professional for over 25 years. A sought-after speaker and industry thought leader, Jones has built, refined, and/or managed security programs in the financial services, healthcare, manufacturing, outsourcing, and defense industries.

Click here to Register

Operation SMN - Disruption of "Axiom"

A Prolific Chinese Cyber Espionage Group

On October 28th, on behalf of the Operation SMN Coalition, Novetta published the full technical and behavioral reporting associated with Operation SMN. The latest reports explore the structure, potential motivations, and tactics of the Axiom threat actor

On October 30th iSight Partners, a coalition member, and Novetta got together in a webinar to: 

• Discuss our visibility into the activities of Axiom group stretching back multiple years and involving major intrusion campaigns
• Outline the findings of the coalition’s report on Axiom group – including technical indicators that will assist your organization in assessing potential compromise
• Detail how this coalition worked together to fuse intelligence on Axiom and correlate their activities

Examine steps your firm can take to protect itself against the tactics, techniques and procedures used by Axiom and others in the cyber espionage realm.

To register: Click Here.

The Heartbleed Vulnerability: How to Protect Your Business

Presented by:

Speaker:

Jeff Barto, Trust Strategist, Symantec
Jeff is a trust strategist and advocate in Symantec’s Trust Services and Website Security Solutions group, and he’s passionate about inspiring and projecting trust on the internet. Jeff’s experience in product management within the IT security and mobile space spans 12 years, largely at Symantec and Hewlett-Packard. Equally a veteran at technology marketing and running customer contact organizations, Jeff offers a unique and engaging perspective for maximizing the value – and rewards – of trust and security.

Overview:

With the recently discovered Heartbleed vulnerability, information security professionals and end users are feeling the pressure and impact to better protect their information. The task of securing your organization and information can seem overwhelming. View this recorded webcast to get step-by-step instructions on how to protect your business and information, and keep your communications secure.

Learn about:

• What is Heartbleed and the impact it has
• Understand how the vulnerability is exploited and how you can detect it
• Steps you need to take to secure information now and going forward

Responding to New SSL Cybersecurity Threats

Speakers:

Kevin Bocek, VP of Security Strategy & Threat Intelligence, Venafi
Kevin brings more than 15 years of experience in security and encryption with trailblazing startups and market leaders including CipherCloud, IronKey, nCipher, PGP, RSA Security, Thales, and Xcert.

Gavin Hill, Director, Product Marketing & Threat Research, Venafi
With over a 15 years of experience in product development and marketing in the cyber security space, Gavin is particularly adept at identifying where enterprises are at risk and developing products that mitigate those risks related to evolving cyber threats.

Overview:

By blindly trusting and failing to properly secure cryptographic keys and digital certificates, enterprises are leaving open doors to cybercriminals seeking rogue, root-level access to servers, applications and clouds in order to steal valuable data. Are you prepared for this type of attack, particularly in the wake of Heartbleed?

According to new Gartner research, "Organizations without traffic decryption plans are blind not only to these new sophisticated attacks but also to any attacks that take place over encrypted connections.”

View this webinar to:

• Understand why current security measures do not properly protect keys and certificates
• Gain insight into why cybercriminals are attacking digital trust at ever-increasing rates
• Obtain strategies for responding to attacks on SSL

Click here to view.

Remediating Heartbleed Vulnerability – What You Need to Know


Presented by:

Speakers:

Kevin Bocek, VP of Security Strategy & Threat Intelligence, Venafi
Kevin Bocek brings more than 15 years of experience in security and encryption with trailblazing startups and market leaders including CipherCloud, IronKey, nCipher, PGP, RSA Security, Thales, and Xcert.

Mark Miller, Senior Manager, Customer Support, Venafi
Mark Miller works closely with Venafi customers on responding to and remediating cybersecurity vulnerabilities. He has over 14 years of experience with varying security products delivering training, support and IT solutions.

Overview:

The Heartbleed OpenSSL vulnerability impacts more than 50% of the public facing webservers on the Internet, enabling attackers to extract valuable private keys, digital certificates and other data.

Failure to immediately remediate results in Heartbleed leaves an open door in your network, and creates perpetual security vulnerabilities since attackers can now spoof legitimate websites or decrypt private communications.

For organizations that do not have a system to identify all keys and certificates used with SSL – whether in the datacenter or in the cloud – Venafi can help you quickly respond and resolve issues.

View this webinar to learn how to:

• Identify vulnerable systems
• Prioritize affected keys and certificates for replacement
• Generate new, trusted keys and certificates
• Validate successful replacement and remediation

Preventing Unauthorized Access & Attacks

Presented by:

Speakers:

Patriz Regalado, Product Marketing Manager, Venafi
Patriz Regalado brings over 7 years of network and information security experience in product marketing and product management to Venafi. At Venafi, she focuses on evolving mobile security threats and vulnerabilities and launching new and innovative products that mitigate those risks.

Mark Sanders, Senior Systems Engineer, Venafi
With over 15 years of experience working with the Global 2000 in the network and security space, Mark Sanders has extensive experience solving complex enterprise problems. Mark is a senior systems engineer that focuses on customer advocacy while providing domain and solution expertise.

Overview:

Did you know, 71% of compromised enterprise assets in 2013 involved users and their endpoints?

The shift toward BYOD has led to a rapid increase in the risk of unauthorized access to critical networks, applications, and data. Today, IT security has no visibility into the mobile certificates users have access to and lacks a "kill switch” to quickly respond to certificate-based attacks.

In this webinar, you’ll learn:

• How to gain visibility and control over mobile access
• Security risks and challenges with mobile certificates
• How to protect intellectual property with a mobile "kill switch” that integrates with your existing MDM solution

Consumer Web Portals: Platforms at Significant Security Risk

Presented by:

iSIGHT Partners Research – "Exposing the Malicious Use of Keys and Certificates"

Presented by:

Speakers:

Gavin Hill - Director of Product Marketing and Threat Research, Venafi
With over a 15 years of experience in product development and marketing in the cybersecurity space, Gavin Hill is particularly adept at identifying where enterprises are at risk and developing products that mitigate those risks related to evolving cyber threats. At Venafi he is responsible for the Venafi Threat Research Center, focusing on Next-Generation Trust Protection.

Katie Bowen - Threat Intelligence Analyst, iSIGHT Partners
At iSIGHT Partners, Katie Bowen is responsible for researching, analyzing and producing intelligence products and briefings for private sector and government clients on current and emerging cyber threats.

Overview:

For years, digital trust that is foundational to every business and government has been established by cryptographic keys and digital certificates. Recently, this trust has come under attack from cyber criminals. Through theft and forgery, malicious actors use stolen or compromised keys and certificates to attack and infiltrate organizations by stealing data and valuable IP. Their motives are different, as are their tactics and techniques.

In this webinar you will:

• Gain insight into the profiles of malicious actors
• Understand the current cyber threat landscape
• Learn about real-world examples of attacks on keys and certificates
• Understand the exposure to your organization

Speakers:

• John Kindervag is a Principal Analyst at Forrester Research serving Security & Risk Professionals. John is a leading expert on wireless security, network security, security information management, and PCI data security. He is a 25-year veteran of the high-tech world and holds numerous industry certifications, including CISSP, CEH, QSA, and CCNA.
• Jeff Hudson is the CEO of Venafi, the market leading cybersecurity company in Next-Generation Trust Protection. Jeff has over 25 years of leadership and management experience in information technology and security management. He has spent a significant portion of his career developing and delivering leading-edge technology solutions for financial services and other Fortune-ranked organizations.

Overview:

Due to the rise of cybercriminal attacks on trust, more and more organizations are finding themselves vulnerable to data theft and IP loss. Hackers have learned how to access cryptographic keys and digital certificates and exploit the trust they provide to infiltrate networks and systems. Current IT security solutions are unequipped to detect and remediate these types of costly assaults and compromises.

Our presenters will guide you through both the risks and the solutions, explaining:

• The rise of trust-based attacks
• Reasons why keys and certificates are targeted as the weakest link in your defense
• How current security measures are failing to protect organizations

Calculate The Real Costs of Advanced Attacks and Secure the Budget to Stop Them

Presented by:

Speaker:

• Mike Rothman, Analyst and President, Securosis

Even with a seemingly robust security posture, organizations are all too often exposed to breaches because traditional security defenses simply cannot detect today’s advanced attacks. Remediation is possible, but comes at a cost.

Join Securosis Analyst Mike Rothman for a live webcast explaining how to respond to security incidents, model the costs of cyber attacks, and secure the right budget for a vigorous defense.

Why you should attend:

• Learn how to create a detailed process map and remediation plan.
• Discover how costs can be modeled to assess the economic impact of attacks.
• Get the budget you need by learning the hidden costs of doing nothing - and how to substantiate the ROI of advanced threat protection.

Vulnerability Voodoo: The Convergence of Foundational Security Controls

Presented by:

Speakers:

• Charles Kolodgy, Research Vice President, IDC Security Products
• Edward Smith, Product Marketing Manager, Tripwire

Join Charles Kolodgy, Research Vice President for IDC's Security Products, and Edward Smith, Product Marketing Manager at Tripwire, to learn how Vulnerability Management at "The New Tripwire” benefits you and your organization. You’ll also learn how an intelligent approach to performance reporting and visualization enables better decision making.

In this webcast, Charles and Edward will discuss:

• Integrating Vulnerability Management with other security controls to improve compliance and security posture
• Leveraging Vulnerability Management beyond the server room to reduce risk across the entire enterprise
• Combining business intelligence from Vulnerability Management with other security controls to make better business decisions

Presented by:

Speakers:

• John Pescatore, SANS Director of Emerging Security Trends
• Anonymous, Cyber Security Analyst National Laboratory

With cyber attacks increasing exponentially year over year, you need to prepare yourself for 2014 with vital information that will help strengthen your cyber security posture. Learn how a large research organization ensures effective operations and cybersecurity capabilities, and how advanced threat protection from FireEye helps get the job done.

In an interview between SANS Director of Emerging Security, John Pescatore, and a veteran cybersecurity analyst, learn how one agencies desire to take a more aggressive approach to detecting security incidents prompted them to look at new threat detection systems.

Presented by:

Advanced persistent threat (APTs) are no longer associated exclusively with government agencies. They're now a very real threat to many organizations in various industry sectors. Unfortunately, most existing technologies can no longer keep up with the increasing amount of threats perpetrated against them.

This webcast clarifies the nature of APT risks and provides recommendations on how organizations can better protect themselves. Topics include:

• The 7 Stages of Advanced Threats
• How to Defend Against Advanced Threats
• How Websense is playing a leading role in APT defenses

Presented by:

Combating today's cybercriminals requires insight into advanced threats and improved responsiveness to the threats that most current defenses are missing.

As a result, many IT departments are looking for tools that can provide visibility into infected systems, blended attacks, call-home communications, data exfiltration and other advanced threats. This webcast examines the value of threat monitoring and highlights how the new Websense® TRITON® RiskVision™ solution can quickly improve your security posture without disrupting productivity.

Topics include:

• Why IT needs hands-on tools for threat monitoring

• How targeted attacks operate across the 7 stages of advanced threats

• How Websense TRITON RiskVision provides unrivaled insight into advanced threats, data theft and data loss — plus actionable reporting and malware analysis

In any given application, vulnerabilities can range from a minor case of Information Leakage to major Insufficient Authorization/Authentication, and anywhere in between. With such a wide range of vulnerabilities it is easy to see how, say, an issue with Insufficient Anti-Automation can be minor. However, a malicious attacker will more than likely focus on multiple vulnerabilities; this tactic can exploit seemingly minor vulnerabilities and result in a much more dangerous exploit. Thus, it is clear that apparently "minor” vulnerabilities can be used in combination with more "dangerous” finds to create a truly devastating attack that could compromise an entire application.

Caleb Brinkman - Application Security Researcher, WhiteHat Security
Caleb Brinkman is an application security specialist working in the R&D engineering department at WhiteHat Security. Caleb has been programming since before high school with a focus on video games and security.

Presented by:

Click here to register today!

The traditional cyber security infrastructure is riddled with blind spots…open doors for threats we can’t see, because the tools we traditionally rely on can’t see them. Detecting data leakage your DLP misses, detecting the new malware your IDS and antivirus don’t recognize, and monitoring traveling and telecommuting employees -- whether they’re logged into your network or not -- are all tremendous challenges for organizations. This is because the traditional cyber security model is piecemeal and dangerously inefficient. For most organizations, their ability to detect threats ends with their DLP and signature-based prevention and alerting tools. Then when a compromise is detected, incident responders rely on a variety of disparate tools and meet in person to share and correlate findings.

Join Dale Beauchamp, branch manager in the information assurance and cyber security division of the TSA, and Jason Mical, vice president of cyber security at AccessData Group as they describe how the cyber security model is evolving and discuss the capabilities that are required to overcome these detection and response obstacles. Beauchamp and Mical will review and advise on the following:

• Investing in detection and response vs. prevention

• The need for technology that picks up where signature-based prevention and alerting tools leave off

• Achieving rapid response through integrated analysis

• Proactive detection – the final frontier – what it takes to detect unknown threats and malicious insiders before damage is done

• Implementing real-time collaboration among all information security teams with reporting up and down the chain of command

MEET THE PRESENTERS…

Dale Beauchamp, Branch Manager, Focused Operations, Office of Information Technology, Information Assurance and Cyber Security Division, Transportation Security Administration

Dale Beauchamp, currently serves as Branch Manager, Focused Operations for the Office of Information Technology, Information Assurance and Cyber Security Division. Dale provides oversight for Computer Network Defense, Forensics, Advanced Persistent Threat and e-Discovery for TSA. Dale previously served as Senior Forensics and Intrusions Instructor for the Defense Cyber Training Academy. As an instructor for DCITA he developed and delivered courses for federal state and local law agencies engaged in the investigation of high technology crime and intelligence gathering. Dale has seven years law enforcement experience as a Maryland State Trooper. As a Trooper he was assigned to the Computer Crime section where he worked as a Computer Forensic Investigator providing, detailed digital forensics analysis support to a host of criminal and administrative investigations. Dale has a Bachelor of Science degree from the University of Baltimore in Business Administration.

Jason Mical, Vice President of Cyber Security, AccessData Group

As Vice President of Cyber Security, Jason is responsible for the global management of AccessData’s cyber intelligence and incident response solutions and assists AccessData’s clients with the assessment of IT risk reduction in such areas as electronic intercepts, intrusion analysis, virus detection, incident response, privacy, asset management, policies, standards and guidelines. Jason also offers his expertise and consulting services to clients and other audiences on issues of electronic, computer and physical security investigations.

Jason has more than 25 years experience in telecommunications fraud prevention, physical security management and network security investigations. During his career, he has developed and implemented overall network security, physical security and fraud control programs for several global organizations. He has also developed security and fraud awareness training seminars used to educate employees, as well as federal, state and local law enforcement officials, and has established and operated security incident response teams and forensic investigation units for several large enterprise organizations. Jason has been an active member with the FBI Infraguard, United States Secret Service Electronic Crimes Task Force, ISSA, HTCIA, ASIS, ANSIR and CTIA Fraud Task Forces.

Click here to register today!

Presented by:

Most Java installations — 94 percent — are unpatched or outdated, making them insecure and a popular vehicle for cyberthreats. Yet updating Java installations is not always an option — it might actually break the mission-critical web applications your employees need to do their jobs.

This webinar will show you how to increase your organization’s security while maintaining its productivity. It will explain Java’s role in today’s web-connected world and its exposure to being compromised, plus offer a variety of alternatives and best practices you can employ to mitigate risks.

You will learn:

• How to determine your organization’s exposure to Java exploits.

• Which security measures might address Java’s "zero-day" risks.

• Whether you really need Java on every system, and what your options are.

Cybercriminals are quick to exploit most Java vulnerabilities. Fortunately, you can take steps to identify your options and mitigate the risk. This webinar will show you how.

View the Webinar today.

On Demand Webinar: Cost of Failed Trust – Attacks of Failed Key & Certificate Management

Presented by:

Speakers:

• Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute
• Jeff Hudson, CEO, Venafi

Overview: APT attackers are using keys and certificates to infiltrate networks and steal data. With these attacks growing 600% year over year, organizations are woefully unprepared. First-ever research shows these attacks expose you to losses of up to $400 million over two years.

In this webinar, you will learn:

• Why trust established by keys and certificates is the perfect target of attack
• How keys and certificates are poisoned against your organization
• How the lack of visibility and inability to respond make keys and certificates the ideal APT attack vector
• What strategies can help improve the effectiveness of your APT strategy