Chartered with securing both the PII of over 250,000 physicians and a vast amount of highly valued intellectual property amidst a rapidly evolving threat landscape, Paul Lynch, Director of Data Security and Networks at the American Board of Internal Medicine (ABIM), recognized the need to move beyond a traditional SIEM, and employ a more holistic approach to Security Intelligence.
Every business that operates a cardholder environment to transact with its customers is required to maintain compliance to the PCI DSS international standard for security. Penalties for lack of compliance have become costly yet compliance does not equal security.
Mobile Devices has seen unprecedented growth since their introduction and now form an integral part of our daily lives. Yet, many Enterprises have not fully embraced mobile as part of their strategy because of too many unanswered questions.
Organizations continue to face the ongoing challenges of securing a continually evolving network perimeter. Organized crime has shifted to the digital underworld.
Cyber threat investigators discuss privileged account vulnerabilities found in most serious security breaches.
Application control is more than whitelisting-It's monitoring, visibility, protection & default deny
Application Control technology is more than just whitelisting. Organizations have found significant value via full visibility into server and desktop environments by continuously monitoring and observing application behavior.
Many organizations over invest in network security solutions—relying on traditional antivirus to secure their endpoints.
Security teams are sharply focused on bringing security to applications and meeting compliance requirements in the delivery of these applications and services.
There now are more mobile devices on the planet than humans, and cyber criminals are targeting them at an increasing rate.
News about data breaches in the healthcare sector continues unabated.
Google has advised that Chrome will gradually sunset SHA-1 cryptography, which is used in the signing process of SSL certificates.
id you know that forty-six percent of IT knows or suspects employees are using their individual, non-IT approved cloud accounts to store corporate data?
Attackers are becoming increasingly skilled at planting malicious code on websites frequented by their desired targets, commonly called "watering hole" attacks.
Critical datacenter assets are at the heart of financial services (and many other industries) enterprise networks. Unfortunately, it's still too easy for attackers to get into the datacenter through an insider, a partner, a side server, virtualization, or even a development environment.
We're in the age of the customer. Empowered buyers are demanding a new level of customer obsession, and bring-your-own-everything is accelerating.
A recent study, conducted by the Ponemon Institute, and commissioned by Raytheon, has revealed some interesting facts related to the adoption and barriers to mobile device usage in the workplace.
Moving enterprise apps to the cloud is becoming a very attractive option for organizations striving to cut IT costs while improving agility and scalability.
Do you feel alone? No resources? No help? If you are like many security practitioners faced with a mountain of tasks each day and a small (or non-existent) team to help, prioritization and efficiency are key.
The ISA99/IEC 62443 portfolio of standards has emerged as a leading framework for cybersecurity in ICS and SCADA and was referenced in the recent Presidential Framework.
Retail organizations have long been the target of financially-motivated crime. According to Verizon, 92% of the retail breaches they've studied were committed by external actors.
WordPress is the most-used content management system (CMS) in the world. More than 60 million websites, or 22.9% of the internet, use WordPress for content creation.
Healthcare IT professionals deal with an increasing array of critical security issues that involve privacy, BYOD and network access, managing live-saving medical devices, and ensuring compliance federal regulations.
Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those within a particular industry.
As the volumes of data in organizations continue to surge, being able to effectively protect sensitive information is becoming increasingly difficult.
Often, the best way to make sure something works is to try it out. When it comes to network security, trying it out before an attacker does is an excellent idea.
On July 9, 2014, the Cybersecurity Information Sharing Act (CISA) passed the Senate Intelligence Committee in a 12-3 vote. The legislation encourages threat information sharing between government and the private sector
Employees are an organization's greatest asset and greatest risk. With a single click an employee can devastate a business by transferring or damaging huge amounts of data.
Have you ever wondered how the bad guys actually get control of a system? And, how they convert that system into a data-syphoning droid?
Attacks are highly sophisticated, well-funded, and persistently targeting enterprise environments. Perimeter security is no longer effective at preventing these types of threats as attackers easily and efficiently land on company endpoints.
During this webinar Christopher Strand, Senior Director of Compliance at Bit9 + Carbon Black and Mordecai Kraushar, Director of Audit at CipherTechs will review how the update to PCI DSS 3.0 will impact your systems and cybersecurity.
Real-world intelligence has been used for thousands of years to thwart an enemy's intentions. With the evolving sophistication of cyber threats growing at a rapid pace, today, internet and network connectivity has become the lifeblood of enterprise operations.
These are trying times for IT professional. Each and every day you face the risk of your network being hacked by the newest zero-day threat. Recently, it was the HeartBleed bug and then the IE vulnerability.
The number of identities that an organization must control and secure is exploding as companies support the evolution of business.
Today's cyber threats hide in plain sight amidst your network traffic, making them nearly impossible to defend against.
Join the Dell SecureWorks Counter Threat (CTU) Special Operations team to dig deeper into the threat groups responsible for recent, targeted intrusions.
Your organization has a 50% likelihood of experiencing an insider incident despite deep investments in IT security. Insider threats include fraud, theft of intellectual property, data breaches and leaks, or malicious damage to IT resources.
Most businesses realize they are at-risk for becoming a victim of a targeted attack. But they still face an uphill battle to secure management buy-in and suitable resource prioritization.
Right now, Web attackers are amassing a global arsenal of knowledge and resources that is allowing them to expanding their reach well beyond financial services to virtually every industry, everywhere.
Advanced Persistent Threats (APTs) are being used to compromise organizations around the globe with increasing sophistication, persistence, and evasive attack methods.
Cybersecurity, or more accurately cybersecurity breaches, have been in the headlines for months now. Headlines aside, threats are increasing in number while also becoming more sophisticated.
Two of the oldest and most common attacks used against web applications, SQL injection attacks and cross-site scripting attacks (XSS), continue to impact thousands of websites and millions of users each year.
There are increasing numbers of new or revised regulations and mandates being imposed on organizations around the world that are pushing for the adoption of Security Information and Event Management (SIEM) technologies and services.
Privileged account credentials play a critical role in all advanced and insider attacks. In this webinar, we will deconstruct five of the most publicized breaches of 2013 and analyze the role of privileged accounts.
Yesterday's mobile security approaches - managing the device or deploying non-intuitive containerized apps - do not work with today's mobile initiatives.
There's no question that mobile devices are making an impact to how and where we work. However, the risks that mobile devices face continues to grow, which drives a corresponding set of requirements for security.
Most organizations realize it's no longer a matter of 'If' their organization will be breached but 'When'.
The mobile device is rapidly becoming the new desktop for employees. This shift, combined with the trend of BYOD, is driving exponential growth in the number of digital identities associated with an individual.
Compromise can happen in seconds and containment can take weeks. For enterprises, it's no longer a matter of if you will be breached, but rather a matter of when.
Windows XP is scheduled for "End of Life" in April 2014 yet XP is still the 2nd most widely used PC operating system in the world—estimates suggest that nearly 35% of PCs are still running XP.
The announcement in February 2014 by the White House of a Framework for the development of cybersecurity standards follows the announcement one year earlier by the White House of a Presidential Executive Order describing the Government's overall policy toward the cybersecurity on our nation's critical infrastructure.
Targeted attacks, or APTs, can be complex and affect organizations of all sizes, across all industries. But that doesn't mean their detection and prevention has to be complex too. With constant confusion around ATAs and APTs, a staggering 68% of IT Managers admit they don't know what an APT is.
Addressing Identity and Access Management with a Unified Open source Identity and Access Management Suite
Many IT organizations today are tasked to manage a complex landscape that includes a mix of SaaS applications and on-premise applications being accessed by various user populations; employees, customers, mobile workers, etc.
Let's face it, it's no longer a matter of 'If' your organization will be breached, but 'When' (if it hasn't already happened and you just don't know it). The key question is 'How can you gain better visibility sooner to the signs that you've been breached?'
Today's advanced persistent threats (APTs) evade traditional security controls with techniques such as SSL encryption and require an integrated, simple and automated approach that can detect and defend at each stage of an attack.
Today's Network Access Control (NAC) technology has evolved well beyond that of allowing or denying network admission. The latest generation of NAC solutions addresses numerous security and compliance applications, but more so, help organizations enhance operational awareness, efficiency and use of their existing network and security infrastructure.
Join Dave Shackleford, founder of Voodoo Security and former CSO of Configuresoft, and Nick Levay, CSO of Bit9, to discuss why endpoint visibility and control is crucial to the security operations center. In this webcast you will learn how security teams can more readily define and identify meaningful indicators of compromise.
Face it, your users want to use any application while at work, yet they may not be aware of the associated business and security risks. Filesharing, remote access, video and social networking applications are all rampant on most every network we analyze. Commonly found among those applications are very sophisticated threats hiding in plain sight, acting like normal traffic, using SSL, FTP, and RDP to steal data.
To meet strategic objectives for growth and business transformation initiatives, more and more enterprises are externalizing key business functions to the Cloud, and to SaaS in particular. But how effectively are enterprises and securing and managing these deployments? How are your peers doing in managing actual usage and user management, providing end-user support, and extending identity management of external service providers?
Discover the latest mobile threat trends on iOS and Android platforms and the key to mobile application security.
The first step to defeating advanced threats is understanding the sophisticated techniques malware and exploits are using to evade detection and slip past traditional security controls. We will share a detailed review of the cyber kill-chain, including each step used to compromise hosts, with data from real attacks and specific anecdotes.
Devastating—that's the best way to describe the impact of not having a strong database security initiative. Did you know that 35% of all cyber attacks today occur without enterprises ever knowing that such an attack took place? It only takes 30 seconds to steal your data - making it humanely next to impossible to stop these sophisticated attacks. Your company's most sensitive financial and customer information is stored in databases, Hadoop and NoSQL platforms that are vulnerable. It's time to increase protection and defend your sensitive data
It isn't difficult to set up security for the wireless router in your basement: Change the SSID, pick a strong password and perhaps install VPN software for remote access. But, securing wireless networks in a business environment is much more demanding.
For a decade or more, large organizations anchored their endpoint security defenses with traditional AV software. Unfortunately, this is no longer an appropriate strategy - endpoint security now depends upon layered defenses, continuous monitoring, and security analysis. This webinar will outline the current state of endpoint security and offer product and strategy recommendations to help CISOs reinforce their endpoint security defenses and intelligence in response to modern threats.
Is your IT security program keeping pace with the rate of change in today's complex world of hybrid IT, BYOD, BYOA? With the rapid adoption of SaaS applications, the movement to a fully mobile workforce, and the cosumerization of IT, a security manager's job has never been more challenging. End users and the business are placing more sophisticated demands on IT. Compliance and security threats persist. Legacy IAM technologies are not able to scale to meet the dynamic user populations and their access needs. And, security teams must continue to ensure all the right controls are in place to meet governance, security and compliance requirements.
Criminal organizations and hostile governments increasingly target the unsecured mobile devices of mobile workers. Enterprises need to defend against today's complex and evolving cyberthreats and go beyond simple mobile device management.
When it comes to file sharing, understanding what vendors are really offering when they mention terms such as security, policy, cloud, and encryption is critical to your business. Employees are self-provisioning a variety of free or very low cost tools designed for consumer file sharing in order to get their jobs done. However, most of these tools do not have the safeguards such as strong encryption, active policy and data segregation to protect your corporate data and ensure compliance. Join our team of industry experts, as they discuss secure enterprise file sharing, and discover:
Companies have amassed an arsenal of security tools to enable a defense-in-depth strategy. Best practices dictate the use of SIEM, VA, encryption, patching, DLP, MDM and other security tools - but this can create silos of controls and data. Given network, device, access and threat dynamics, how can IT be more efficient and effective to identify and resolve exposures and attacks? This webinar brings together a panel of experts to discuss use cases and techniques to enable continuous monitoring and mitigation, as well as examine how the ForeScout ControlFabric™ Platform allows for an exchange of information and automated controls to better leverage information security investments and resources.
The national and economic security of a nation depends on the reliable functioning of critical infrastructure. The physical and electronic elements comprising critical infrastructure are increasingly and inextricably interwoven. Enemies of the state and others who would benefit from the disruption of critical infrastructure realize this and can turn to advanced cyber-attacks as means to achieve their end. On Oct 10th, in support of President Obama's Executive Order 13636, the National Institute of Standards and Technology (NIST) will publish the final Preliminary Cybersecurity Framework in the Federal Register for public debate.
Cybercrime continues to grow in scope and scale, with losses to consumers and businesses across numerous sectors in many countries.
In previous surveys this year, we've examined various aspects of one of the most pressing issues facing the IT security industry today: Advanced Persistent Threat (APTs). This webcast, sponsored by Lumension, presents findings from the newest research uncovered by our readers on server security. Find out what the research has uncovered about the state of server side security in 2013, how we can analyze these risks, and the protocols that can be taken during potential compromises.
Today's digital identities are at the heart of the most insidious online attacks. And as the mobile evolution expands at an amazingly swift rate, the collision of sensitive digital identities and mobile computing introduces new security challenges and opportunities.
Understanding and knowing your data is the foundation for information protection. Defining your data — is the first part of a three-part framework called the Data Security And Control Framework that Forrester created to help Security & Risk (S&R) professionals adapt to the new data economy. Data discovery and classification are two essential, yet often overlooked, initiatives that lay the foundation for protecting data.
The question of whether to have a Managed Security Service Provider (MSSP) manage your security infrastructure or purchase a Security Information and Event Management (SIEM) product and manage it yourself, can be difficult to determine on your own. This webcast will identify the pros and cons of an on-premise SIEM and an MSSP approach, as well as provide an overview of financial, operational and organizational considerations that purchasers of security solutions may wish to consider.
It's Not a Question of IF, It's a Question of WHEN For decades, we have played the game; staying ahead of the hacker trying to get their hands on our most valuable asset - our data. We invested in firewalls, anti-virus, VPN, IPS all to build an impenetrable wall to safeguard that very same data. Our drive to the cloud has made us more vulnerable to the release of confidential data because it is impossible to protect a perimeter that no longer exists. Join us for this informative webcast that will introduce a new way of looking at security which advocates protecting the target rather than the vector. We call this "Secure the Breach."
Windows XP is scheduled for "End of Life" in April 2014 yet XP is still the 2nd most widely used PC operating system in the world—estimates suggest that nearly 40% of PCs are still running XP. Many organizations cannot move from XP by April 2014 due to application compatibility issues, cost, staffing resources and other issues. The most significant issue facing organizations with XP PCs is operating securely when there are no more security patches from Microsoft.There is now an alternative that allows organizations to move from XP on their own timeline, while staying secure using XP on into the future: ExtendedXP from Arkoon.
Healthcare IT must satisfy a myriad of compliance mandates, enable employee and non-employee caregiver use of latest personal mobile and medical devices, and protect network operations and sensitive information - all while optimizing resources and costs? How are innovative security professionals supporting patient care priorities while mitigating access, privacy and endpoint compliance threats? Join Larry Whiteside Jr., former CISO of Spectrum Health and ForeScout as this expert/practitioner panel examines unique IT challenges and trends, visibility and control gaps, and innovative security technologies to deliver efficient services and reduce risks.
When it comes to protecting your organization's confidential information, including intellectual property (IP), a single click by just one end-user can lead to a disastrous result: a data breach, or a great result: data protection.
Cybercrime continues to grow at a furious rate with new attack techniques becoming even more sophisticated. With limited budgets, resources and experience it can be extremely challenging to stay on top of the evolving threat landscape.
As organizations continue to move critical operations online, distributed denial of service (DDoS) attacks are increasing in frequency, sophistication and range of targets. This presentation will cover examples of recent high-profile, multi-layered DDoS attacks to illustrate how new attack vectors, such as the Domain Name System (DNS), are now commonly being targeted by cyber criminals and hacktivists. Attendees will learn about the growing complexity of DDoS attacks and recommendations for mitigation before they damage a company's infrastructure, revenue and reputation. Additionally, best practices for DDoS mitigation will be covered along with general tips for DDoS preparedness.
Protection from malware, advanced threats and data theft requires continuous threat defenses before, during and after the point of click. At each stage of the advanced threat life cycle, important defense architectures and processes must be deployed for maximum detection, protection and forensic analysis.
In 2013, information security is still rapidly changing and evolving at a pace few can keep up with. Organizations have significantly more complex infrastructures, while still supporting legacy applications and systems. We have staggering quantities of data (security included) to sort through and retain. Major data breaches and sophisticated compromise scenarios dominate the news and security blogs alike.
The threat of Targeted Persistent Attacks (TPAs) continues to grow and nearly every day there is another headline about an organization being breached and critical data stolen. Organizations must ask themselves "Can endpoint security products that are based on a signature/reputation based approach identify and stop targeted attacks launched by well-funded, motivated, sophisticated attackers?" If your organization was targeted and penetrated by an APT attack, would you know?
Why are so many enterprises rushing to implement network access control (NAC) now? Watch this webcast to learn about the many uses of NAC.
Trust is essential for building a sustainable business. Security is essential for building trust. To build that trust in electronic networks, security needs to be built into a suitable framework, rather than being bolted on in a piecemeal fashion. As those networks become ever more open with the take up of innovative new technologies, it makes sense to move security up into the network.
Trusted insiders not only have access to sensitive corporate data, they also have unprecedented access to mediums with which to move that data. DLP solutions provide a security barrier keeping sensitive data within the organization. But intent insiders can find a way around, making the ability to watch for, detect and alert on new breaches critical to making your Data Leak Prevention strategy even more effective.
Bring your own device (BYOD) is becoming the rule rather than the exception which has created a new set of challenges for IT. A BYOD strategy can help you get a grasp on your mobile devices. But with the right security solution, it can also save you time, money, and the sanity of your help desk.
Big Data Security Analytics - Trends, Tactics and Practical Applications for Advanced Threat and Breach Detection
In this webinar, Jon Oltsik, Senior Principal Analyst at ESG, will discuss a recent ESG research report titled "The Emerging Intersection of Big Data and Security Analytics". He will highlight how Big Data and Security Analytics are coming together to address increasingly sophisticated cyber threats and risks, and how large enterprise organizations are anticipating and planning for this convergence. Seth Goldhammer, Director of Product Management at LogRhythm, will share how some organizations are leveraging real-time Big Data security analytics to detect breaches and advanced threats with SIEM 2.0.
Your employees are the primary target of attack by a variety of adversaries bent on doing your organization harm. This is a fact that simply cannot be challenged based on the last 24-36 months worth of breach disclosures. Spear-phishing has been at the root of virtually every major attack disclosed during this time - whether the RSA breach, the recent campaign disclosed by Kaspersky labeled "Red October," the "Nitro" attacks, attacks against the energy sector, etc, etc. When spear-phishing isn't used, other techniques aimed at the user such as watering hole attacks are employed. We've got a user problem on our hands that we need to rapidly solve.
Cyber Security Disruptors: Verisign iDefense Insight on Current and Emerging Cyber Disrupters for the Enterprise Security Practitioner
Each year, iDefense covers the subject of cyber security disruptors in preparation for its annual "Cyber Threats and Trends" report. This annual presentation covers the disruptive abilities of new technologies that could fundamentally change the security threat environment for enterprise organizations. The webcast will re-evaluate previously identified disruptors, and will introduce some recent disruptors that iDefense believes have the potential to impact enterprise cyber security practitioners and their networked environments now or in the near future. Topics covered will include:
In today's business environment Security and Compliance initiatives are more important than ever -- across virtually all industries. 90% of organizations believe that they have lost confidential documents in the past year. The cost of a corporate data breach can lead to loss of hundreds of millions of dollars, non-compliance with Federal and State laws and loss of credibility and trust from customers, employees and partners. Recently, an Infotrends study found that only 52% of companies have scanning policies and worse, only 34% have document management systems in place.
Firewall deployments in large organizations can easily get out of control - and become rife with unnecessary risk. Inappropriate access is granted readily. Constant change complicates policy implementation. A real-time, enterprise-wide picture of network security posture is a distant dream. Only by automating tedious manual processes at the operations, management and compliance levels of the organization can security teams regain control and better protect their information. This requires consolidated, real-time data of the security infrastructure and a scalable, distributed solution that provides fast, flexible analysis and reporting.
Let's face it, it's no longer a matter of 'If' your organization will be breached, but 'When' (if it hasn't already happened and you just don't know it). The key question is 'How can you gain better visibility, sooner to the signs that you've been breached or that you're the target of an advanced threat?' In this webinar, John Kindervag, Forrester principal analyst for security and risk, will discuss how the combination of Big Data security analytics and network analysis and visibility (NAV) capabilities provide the necessary extra ingredients for SIEM to move from merely a compliance reporting platform to delivering situational awareness and "INTEL" to: • Detect breaches and threats in near real-time • Help stop intrusions • Prevent the exfiltration of data
Customer data. Corporate financials. HR records. Strategic M&A plans. These are all part of the ecosystem of data that you have to protect. How effective are your current processes in delivering this protection? If traditional security technologies actually delivered the promised level of protection, why is there a constant stream of companies still getting breached, losing their customer data, and failing audits?
Why are so many enterprises rushing to implement network access control (NAC) now? Watch this webcast to learn about the many uses of NAC, including techniques to:
5 Proven Practices to Address Security & Compliance in Cloud Applications Like Salesforce, Google Apps, and Office 365
Many organizations aren't just moving to the cloud, they're sprinting! But too often, concerns about security and compliance emerge and projects end of being delayed, and in a few cases, even cancelled all together. What are the proven practices that organizations are employing to address security and compliance concerns and keep cloud application projects moving forward?
This webcast examines security for "Big Data" environments, reviewing built-in protections and weaknesses of these systems. Our goal is to educate Big Data users on security problems they face with pragmatic advice on how to secure these environments.
One of the biggest challenges for IT Security departments is the threat of authorized users causing inadvertent data breaches. Confidential data sent to the wrong people can result in embarrassing headlines, lost business, and large financial penalties.
Tens of thousands of organizations from across the globe depend on Websense to secure web, data, and email content. Websense provides a unified content security platform, allowing its customers to take advantage of powerful new communication, collaboration, and Web 2.0 business tools while protecting them from advanced persistent threats. All this helps to prevent the loss of confidential information and enforce Internet use and security policies.
Given the alarming growth and unpredictability of distributed denial of service (DDoS) attacks, the availability of an organizations' critical Web systems depends on its ability to adapt and scale across the entire online infrastructure.
Sign up to our newsletters
SC Magazine Articles
- Impact of Linux bug 'grinch' spans servers, workstations, Android devices and more
- More than 100K WordPress sites compromised by malware due to plugin vulnerability
- Phishing email contains Word doc, enabling macros leads to malware infection
- Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk
- White House calls Sony hack a "serious national security matter," gov't mulls proper response
- Neverquest botnet furthers crimeware-as-a-service biz for fraudsters
- Solo attacker likely responsible for phishing campaign, delivering Zeus variant
- Telecommunications companies on the line with FTC, FCC for cramming schemes
- The 10 POS malware families this holiday season
- White House calls Sony hack a "serious national security matter," gov't mulls proper response