Webinar Archives
Upcoming Webinars
The Fantastic Four: Metrics you can’t ignore when reducing application-layer risk
Date: Jul 30, 2015

View archived webinar

You’re starting to get the hang of application security as an organization. Maybe you’re testing a few applications, or a few hundred (or thousand). But you have these nagging thoughts in the back of your mind: Are my applications better or worse than everyone else’s — especially my competitors? How can I convince my software suppliers to move faster? And, how am I going to prove to my management — even to the board — that our appsec program is making a difference?

This webinar will provide an overview of the state of software security across different industry verticals, and talk with security experts from some of the world’s leading organizations on the four metrics they use to benchmark their performance, measure success, report up to the board, and motivate development teams to fix vulnerabilities.

You’ll learn

  • How your industry compares to others in the quality, threat landscape, and rate of remediation of its applications 
  • How your peers are measuring the success of their application security programs 
  • What measures can organizations take to reduce risk in their applications
Myths of Cloud Security Debunked!
Date: Jul 23, 2015

View archived webinar

Despite the meteoric rise of cloud based applications and services, as well as its subsequent adoption by a significant number of enterprises, security still remains a major concern for many organizations.  The elephant in the room is the misconception that the cloud is less secure than on-premise capabilities. Gartner eloquently describes this as “more of a trust issue than based on any reasonable analysis of actual security capabilities”.

A recent global study by BT revealed that 76% of large organizations cited security as their main concern for using cloud-based services. 49% admitted being “ very” or “extremely anxious” about the security complications of these services.  However according to Gartner, the reality is “most breaches continue to involve on-premises data center environments”

Where do you stand on this issue?

Join Michael Sutton, Chief Information Security Officer, Zscaler, for a compelling webcast debunking the top myths of cloud security. He will address the following myths:

  1. Cloud-based infrastructure is inherently more vulnerable than a traditional IT infrastructure
  2. Cloud vendors lack transparency when it comes to understanding their security posture
  3. Physical management of data and hardware means better security
  4. Cloud security is difficult to manage
  5. Moving security to the cloud results in a loss of control over the security architecture

Michael will also provide concrete steps you can take to keep your organization safe in today’s cloud and mobile first IT landscape. 

Intelligence-driven Incident Response
Date: Jul 22, 2015

View archived webinar

Cybersecurity teams today are swamped with disparate point tools, manual processes, and minimal access to critical enterprise data.  This existing situation hinders analysts' ability to quickly develop the real-time actionable intelligence that’s necessary for fast, effective cyber incident response.
It’s time to change that to better address today’s advanced threats.

In this webinar, top cybersecurity experts will discuss how incident responders can make faster, better-informed decisions using new tools and techniques applied to existing systems and data.

Attend this 60-minute webinar, which will:

  • Outline why today’s cyber attacks are often able to circumvent traditional defenses
  • Offer an overview of emerging technologies and best practices for turning disparate data sources into actionable intelligence
  • Discuss the effectiveness of these techniques in the context of well-known case studies
  • Provide tips on how to be better prepared to address attacks as they occur, not hours, days, or months later
Winning the War Against Cyber Attackers
Date: Jul 22, 2015

View archived webinar

Despite spending record amounts on IT security technology, enterprises continue to fail in their efforts to expediently stop sophisticated cyber-attacks. Recent studies indicate that most major security compromises take weeks – even months – to discover, and are often found by third parties, rather than the victim organizations. Why do current enterprise defense strategies continue to fall short, and what can IT security teams do to speed the process of detection and remediation?

In this special videocast, two top experts on information security strategy will join Dark Reading senior editor Sara Peters in a frank discussion of methods for improving the detection and containment of cyber-attacks – before they become headline-inducing data breaches.

The experts will explore why threat detection alone is insufficient, debunk current myths around enterprise defenses, and outline the reasons why existing technologies and practices today fail to detect or stop sophisticated cyber-attacks. Just as importantly, the experts will discuss tools and methods for shortening the time between a security compromise and its detection and eradication. Viewers will receive advice and recommendations for speeding the identification of a sophisticated threat, and for blocking or eliminating the threat before critical data is lost.

The Internet of Things, the Software Supply Chain and Cybersecurity
Date: Jul 15, 2015

View archived webinar

The number of connected devices is set to explode, with Gartner forecasting it will reach 25 billion by 2020 – of which 250 million will be connected vehicles.

The Internet of Things (IoT) affects virtually every industry and domain in our society including our homes, health, hospitals, factories and critical infrastructure as well as our planes, trains and automobiles.

We’re not just talking about fitness trackers and smart TVs anymore – IoT-enabled devices now include industrial machinery, patient diagnostic machines and corporate door-locking systems.

And this new binding of the digital and physical worlds means that, for the first time in history, cyberattacks can easily traverse from the digital domain to the physical realm and impact our physical assets and safety. This has been shown in numerous hacks on medical devices as well as in the 2014 cyberattack on a German blast furnace.

As enterprises increasingly rely on digital technology to drive their businesses, CISOs and CIOs must begin to understand the direction and critical implications of cybersecurity for the IoT.

Join Dark Reading for a live-streamed videocast featuring two of the industry’s best-known voices: Chris Eng, VP of Research at Veracode and former NSA engineer; and Josh Corman, CTO of Sonatype and former security strategist at Akamai and IBM Internet Security Systems.

You’ll get first-hand insights into key questions such as:

  • How does the scale and complexity of the IoT lead to changes in the way we develop software applications and assess them for risk?
  • As software increasingly becomes assembled from reusable third-party and open source components and frameworks, how do we minimize risk from the software supply chain?
  • What is a basic cybersecurity checklist for developing secure IoT systems (e.g., encryption, authentication, segmentation, patching mechanisms, etc.)?
  • What are other attack surfaces beyond the endpoint device itself (web and mobile apps, back-end cloud services, etc.)?
  • With so many different platforms and protocols, how do you assess the maturity of suppliers in your supply chain?
  • What role should industry standards and government regulations play?
The New School of Cyber Defense
Date: Jul 09, 2015

View archived webinar

The old school of cyber defense emphasized securing infrastructure and restricting data flows.  But data needs to run freely to power our organizations.  The new school of cyber defense calls for security that is agile and intelligent.  It emphasizes protecting the interactions between our users, our applications and our data.  

The world has changed, and we must change the way we secure it.  Join Frank Mong, VP & General Manager of Security Solutions and hear why you need to secure your:

  • Cloud services
  • Data wherever it is
  • Apps wherever they run
Optimizing Your Security Defenses For Today’s Targeted Attacks
Date: Jun 25, 2015

View archived webinar

Cyber attacks, once designed to infect as many systems as possible, are becoming increasingly targeted and unique. Yet today’s enterprise defenses, originally built to stop those older, broader exploits, aren’t keeping up. What’s your organization’s strategy for stopping targeted attacks? Do you have the tools and skills you need to protect your data?

Join Jon Oltsik, Principal Analyst at Enterprise Strategy Group, along with Ben Johnson, Chief Security Strategist with Bit9 + Carbon Black, as they discuss new strategies for defending enterprise data against targeted attacks.  Jon and Ben will share stories from real customers who are using new and innovative methods for detecting sophisticated exploits, improving layered defenses, and developing customized data protection strategies that are better able to stop targeted attacks. They will also discuss next-generation tools and practices that could give enterprises a leg up on targeted attackers.

Security Threats: Is the Attacker Right in Front of You?
Date: Jun 18, 2015

View archived webinar

Despite the fact that external attacks often get more attention in the media, recent data is proving that the threat posed by malicious, negligent or compromised insiders is indeed significant.

The best way to detect and prevent insider threats is to have in-depth visibility into the internal environment and a means of filtering and prioritizing the massive amount of data available on the network into concise, actionable intelligence.

You’ll learn:

  • How to detect insider threats
  • How to identify suspicious network activity
  • Strategies for managing the insider threat problem from both a business and technical point of view.
  • Different techniques for identifying suspicious activity in large collections of data
  • Tips to incorporate best practices to protect your organization from the insider threat

Insider threats is critical so that you can minimize the amount of data that can be compromised.

Could you find the insider threat if there was one? Would you know what steps to take to determine how much data had been breached? Join this webinar to learn how to detect insider threats and ways to protect against them.

Register & Get "The Reality of Insider Threats" complimentary Infographic Today!

Making the Most Out Of Threat Intelligence Services
Date: Jun 17, 2015

View archived webinar

Threat intelligence services are enabling enterprises to incorporate information about external cyber threats into their IT defense strategies. But as this new category of services evolves and becomes more widely implemented, enterprises are searching for ways to make better use of the wide range of threat data.

What are the primary advantages of using a threat intelligence service? How many such services should enterprises employ, and how can they coordinate the data from multiple services? What are the best practices for interpreting and customizing threat intelligence data, and how can enterprises automate this analysis?

In this informative Dark Reading webcast, experts will offer insights and recommendations on:

  • How to use threat intelligence for maximum benefit
  • How to automate the analysis of threat intelligence data to help identify sophisticated attacks more quickly and efficiently.
Tune in for the Ultimate WAF Torture Test: Bots Attack!
Date: Jun 16, 2015

View archived webinar

Think your Web Application Firewall is ready for the next bot attack? Think again.

Meet John Stauffacher – a world renowned expert in web application security, and the author of Web Application Firewalls: A Practical Approach. John is a certified Network Security and Engineering specialist with over 17 years of experience in IT Security.

But wait… are WAFs the best approach for defending your website against malicious bots? Rami Essaid, Co-Founder and CEO of Distil Networks, doesn’t think so and he’s challenged John to a lab test to prove it. Who will win the battle of the bots? Tune in live to find out!

Key Takeaways:

  • How to optimize your WAF for bot detection and mitigation
  • Why whitelisting is always better than blacklisting
  • WAF best practices plus the one thing you should never do
  • Optimizing web application security based on your vulnerability profile

Attend this webinar and learn practical tips on how to defend your web infrastructure against the OWASP Top 10 as well as brute force attacks, web scraping, unauthorized vulnerability scans, fraud, spam and man-in-the-middle attacks. 

Moving Beyond AV: Closing the Endpoint Security Gap
Date: Jun 02, 2015

View archived webinar

Organization continues to rely upon antivirus as a first line of defense to protect endpoints today. Yet recent attacks have shown that organizations require more than traditional signature-based detection. So why are you still paying for AV? Discover how Bit9 + Carbon Black and Microsoft are working together to help organizations move beyond signature-based detection.

Join EMA Analyst, David Monahan as he explains:

  • Why you need to think differently about nuisance malware and target threats
  • Why antivirus is insufficient to protect organizations from advanced threats
  • What organizations are doing to address this endpoint security gap and improve their security ROI
  • Why open API solutions are critical to a defense-in-depth strategy

If you continue to rely upon antivirus as your primary line of defense, your options will be increasingly limited. This webinar will outline how you can save money and improve security by investing in Bit9 + Carbon Black and Microsoft.

Secure Agile & DevOps: How It Gets Done
Date: May 21, 2015

View archived webinar

There’s no point trying to ignore the elephant in the room. Everyone knows there’s historically been friction between security professionals and development teams. This isn’t because of inherent animosity, but conflicting priorities. Development needs to ship functioning code on time and within budget. Security needs to manage risks to the organization, including risks introduced by new code. One needs to go as fast as possible; the other needs to keep from smashing through the guardrails and flying off the road.

Further complicating the picture, Agile is now the dominant process for code development, with DevOps emerging as a new framework to help the entire organization be just as agile. These two trends radically alter the way we build, test and secure code. More importantly DevOps has the potential to mitigate several problems with secure Agile development, helping foster cooperation and reduce integration issues between security, operations and development. As a result, secure development and deployment practices must fit within Agile and DevOps processes — not the other way around.

Moderated by Dark Reading , this live-streaming videocast features two well-known security and development experts: Chris Wysopal, Veracode CISO & CTO, and Adrian Lane, Securosis CTO, who’s also been a CIO and managed development teams.

This videocast is for both security and development professionals who want to understand how Agile and DevOps driven development alter security integration — and help both teams work together better.

We’ll discuss:

  • Rapid development process evolution, feature prioritization, and how cultural differences can create friction between security and development.
  • Why speed and agility are essential to both sides.
  • How automation and well-defined processes allow security issues to be detected and recovered from earlier in the lifecycle.
  • How to communicate what needs to happen to reduce application-layer risk — without slowing down development or putting developers on the defensive.

Get ready for a lively conversation about pragmatic best practices for embedding security into Agile SDLC and DevOps processes!

The Human Factor 2015: Cybercriminals Go Corporate, and How to Fight Them
Date: May 20, 2015

View archived webinar

The Human Factor Report 2015 reveals that last year was the year attackers “went corporate” by changing their tactics to focus on businesses rather than consumers, exploiting middle management overload of information sharing, and trading off attack volume for sophistication. Organizations that had spent the year training their employees to recognize phishing techniques used by cybercriminals the previous year were not ready for the new delivery methods, email lures and other techniques used by attackers to trick end-users into clicking on links in malicious emails.

Key findings from the report include:

  • Learn how attackers have decreased the time-to-click: 2-out-of-3 end-users click on malicious emails the day they receive them.
  • Understand how and why end-users click on 1-in-25 malicious links in emails: every organization still clicks.
  • See this year’s most popular and effective phishing templates: business-oriented lures such as message notifications and corporate financial notifications.
  • Defend against campaigns that blend in with normal business email traffic and piggyback on legitimate web marketing emails to reach end users and drive clicks.

Users are learning how to recognize email-borne threats but attackers are adapting faster, and as the high-profile data breaches from last year show, the costs of a bad click continue to mount. Attend this webinar to learn more about the latest threats targeting organizations and how to combat them.


Has Your Cyber Security Program Jumped The Shark?
Date: May 19, 2015

View archived webinar

Most enterprise security programs are designed to prevent attackers from getting inside the network. This 30-year-old strategy prevails even though advanced malware regularly evades perimeter defenses. While the hope of a ‘prevention pill for all your ills’ has gone by the way of Fonzie’s waterskies, enterprise security is not a lost cause. Detection is the “new cool.”

Learn how to make your security program relevant in 2015 and beyond. Join technology trend-setter Stephen Newman, VP of Product Management at Damballa, for a live discussion about the use of advanced detection techniques to find unknown and hidden threats. At the end of this webinar you will understand how to:

  • Rate your current tools’ effectiveness versus advanced threats
  • Recognize the difference between preventing attacks and detecting infections
  • Take a forward-thinking approach to stopping data theft after compromise occurs
  • Shift your Tier 2 & Tier 3 security teams from chasing alerts to solving long-term security challenges 
Modern vs Traditional SIEM – What You Need to Know
Date: May 13, 2015

View archived webinar

Security information and event management (SIEM) tools provide a robust collection of data sources that can help companies take a more proactive approach to preventing threats and breaches. However, implementing a SIEM often brings the challenges of a lengthy implementation, costly investment and the need for skilled security analysts to maintain it. Also, many SIEMs have been used in on-premise data centers, so what steps will you need to take if you want your SIEM to move with your data into the cloud?

In this webinar you will learn:

  • The key components to make a traditional SIEM work
  • The characteristics of a modern SIEM
  • Your options for building and investing in a modern SIEM
Why DDoS Attacks Are A More Serious Threat Than Ever
Date: May 05, 2015

View archived webinar

Neustar's annual DDoS Attacks Report presents the latest critical DDoS trending data from real companies across industries.  Learn how companies are ramping up their DDoS protection tactics and why they are working.

  • Hear about current DDoS attack metrics including size and duration
  • Learn why DDoS attacks aren’t just a problem for the IT security team
  • Find out the true costs of DDoS attacks in terms of lost revenue and erosion of brand confidence
  • Optimize your DDoS plan with industry-proven protection tactics

Don’t miss this unique opportunity to learn about the latest DDoS attack trends and how to defend against them. 

Monitoring and Enforcing Security Policy In Cloud Environments
Date: Apr 16, 2015

View archived webinar

Enterprises are deploying cloud services and applications across the enterprise, but using cloud technology can make it difficult to monitor and ensure that data security policies are enforced. In this webcast, cloud security experts will discuss methods and practices for monitoring and securing data in environments that involve multiple cloud providers or applications.

This webcast will help attendees:

  • Gain an understanding of the security vulnerabilities inherent in many cloud services
  • Learn how to monitor data that is in the cloud and identify potential threats
  • Identify and overcome the obstacles associated with creating security policies in multi-provider environments
  • Develop a plan for enforcing those policies across the enterprise
  • Build a strategy for ensuring data security compliance in cloud environments and meet the requirements of compliance auditors

Cloud service providers may offer security capabilities in a variety of form factors, but each enterprise must develop its own policies and strategies that work across provider environments.  This webcast will help you build strategies for enforcing security strategies in your own enterprise, no matter how many service and application providers you employ. 

The Changing Role of the Chief Information Security Officer: What Every CISO Should Know
Date: Apr 14, 2015

View archived webinar

In past years, the job of the enterprise chief information security officer (CISO) was to establish and maintain a security perimeter around corporate data and a strategy for defending it. But today’s CISO is faced with a wide variety of new challenges that the security department has never seen before. While cloud computing, open source, distributed and outsourced software development, bring-your-own-device policies, and other initiatives create “shadow IT” environments that often take control out of the CISO’s hands, the steady barrage of high-volume, high-publicity security breaches in the headlines are putting unprecedented pressures on the CISO’s office. The reality is that today’s CISO is under more scrutiny than ever – including from the board – and yet, he/she has less control over the IT environment than ever before.

How should the CISO – indeed, the entire IT department – respond to these new challenges and pressures?  In a special live videocast on Apr. 14, industry experts will discuss these very questions.

In this special videocast sponsored by Veracode and moderated by Dark Reading, two of the IT security industry’s best-known voices – Chris Wysopal, CTO & CISO of Veracode and Jim Nelms, CISO of The Mayo Clinic – will discuss the changing role of the CISO and how the importance of that role is growing within the organization.

You’ll get first-hand insights on the responsibilities and challenges assumed by today’s CISOs, and how today’s IT security departments are adapting to the new pressures being applied by new technology and attackers. You’ll also get some real-life advice on how your organization can respond to these challenges and how to explain your strategy and risk posture to business executives.

The world of IT security is changing, both for the CISO and for the business. If you want to get a first-hand viewpoint on what these changes may mean for your organization, register to watch this special videocast today! 

Zscaler vs FireEye - Insights from the Experts at Miercom Labs
Date: Apr 08, 2015

View archived webinar

Advanced Persistent Threats (APTs) are sophisticated, stealthy, and extremely difficult to stop - so a number of different approaches to combat them have emerged. That's why Miercom, a leading security testing firm, recently performed a head-to-head security efficacy analysis of all leading network-based breach detection and protection solutions - including FireEye, Checkpoint, Cisco, Fortinet, and Zscaler.

Please join Robert Smithers, CEO of Miercom, and Dan Maier, Sr. Director of Product Marketing at Zscaler for a compelling webcast to discuss the detailed results of head-to-head testing between Zscaler and FireEye.  They will also discuss:

  • The current APT protection landscape
  • Best practices for combating APTs
  • Why cloud-based solutions are better equipped than appliances and hybrid solutions at protecting against APTs
  • How Zscaler outperformed FireEye in both performance and accuracy


Building and Enforcing Mobile Application Security Policy in a BYOD World
Date: Mar 31, 2015

View archived webinar

The rapid proliferation and use of personal and work-related mobile applications is one of the reasons a typical large enterprise may have up to 2000 or more unsafe applications installed in their environment. (^1) In fact, a typical user accesses an average of 24.7 mobile applications per month.,(^2) Worse yet, traditional approaches taken by security teams, such as manually testing and blacklisting or whitelisting applications, are proving inadequate to keep up with the number of applications and rate of change in the mobile landscape.

Come hear guest Forrester Research analyst Tyler Shields and Veracode mobility expert Theodora Titonis discuss the state of securing BYOD and new approaches to secure enterprises.   

In this webinar, you will:

  • Understand the potential risks from unsafe mobile applications
  • Learn common failure points for BYOD initiatives
  • Learn how to use new approaches to keep up with mobile application security

^1: Veracode, "Average Large Enterprise Has More than 2,000 Unsafe Mobile Apps Installed on Employee Devices." March 11, 2015.
^2: Shields, Tyler. "The Future of Mobile Security: Securing the Mobile Moment." Forrester Research, February 17, 2015, p. 2. 

Actionable Network Visibility: Empowering the Security Analyst
Date: Mar 25, 2015

View archived webinar

Today’s threat actors are organized, well-funded, and more sophisticated than ever; with the goal of stealing sensitive data for profit. As such, dedicated security teams are charged with preparing organizations for the most advanced of attacks. Unfortunately, if you can’t see network intruders, you definitely can’t detect or prevent data theft.

Join Kurt Bertone, Chief Security Strategist, Fidelis Cybersecurity and learn more about:

  • The current threat landscape and approaches to advanced threat defense
  • Best practices for defending the network and establishing network resiliency
  • Implementing and executing a cybersecurity defense plan to reduce time to discover threats in your network
  • Actionable visibility empowering analysts to detect and prevent threats across the network 
Finding And Responding To Attacks In The Cloud
Date: Mar 12, 2015

View archived webinar

Enterprises today are adopting cloud services and technology at a rapid pace, seeking to take advantage of the flexibility and cost savings that the cloud provides. But IT and security professionals are deeply concerned about the loss of visibility that the cloud sometimes creates – they are uncertain as to whether or not they will be able to spot potential online threats, or how they will respond to them.

In this webcast, experts on cloud security will discuss methods that enterprises can use to monitor, detect, and respond to security threats in the cloud. They will offer an in-depth discussion on tools that can be used to monitor data and detect anomalies in the cloud, and how to deploy them. They will discuss best practices for working with cloud service providers on how to identify potential attacks, and how to develop an incident response program that works across both the enterprise network and the cloud service. Most importantly, they will discuss the latest threats to cloud services users, and how to stop security information from "falling through the cracks" between the enterprise and the service provider. 

How to Keep Your Company Safe & Out of the Headlines
Date: Feb 26, 2015

View archived webinar

Advanced threats are on the rise, and large-scaled security breaches keep happening, so what can IT security teams do to keep their organizations out of the headlines? Join Mike Horn, Proofpoint’s Vice President of Threat Response Products, as he explains common threat scenarios and how to quickly verify if a user was infected and instantly contain verified threats.

Attend this webinar to learn how to:

  • Address the current security landscape with key security controls
  • Mitigate risks from advanced threats by responding at the speed of your attackers
  • Leverage context, automation and incident management to stop attacks before they become headlines
  • Instantly verify, prioritize and contain advanced threats and targeted attacks  

Register for this webinar to learn how organizations are using advanced threat response solutions to dramatically reduce the time it takes to verify and respond to detected security threats.  

Stop Cyber Attackers in Their Tracks with Adaptive Authentication
Date: Feb 25, 2015

View archived webinar

Join SecureAuth, an innovator of access control solutions, along with Norse Corporation, the leader in live attack intelligence as we take a deeper look at how adaptive authentication techniques can enable your organization to stop attackers in their tracks. With live intelligence data as a part of your authentication workflows, you can easily identify suspicious actors before they enter your network, not after they violate a policy.  

In this webcast we’ll explore:

  • Emerging techniques for adaptive authentication
  • Why leveraging an identity provider delivers the best results for you
  • How you can easily integrate live intelligence into your authentication strategy

Attacks on organizations are in the news every day. How can your organization keep from becoming tomorrow’s headline?  Attend this webcast and find out.

Implementing a Security Maturity Framework: 5 Levels to Improving Your SOC
Date: Dec 16, 2014

View archived webinar

Whether you are a small business or a large organization, having a highly effective security program is critical. Join Bit9 + Carbon Black’s CSO, Nick Levay to learn how you can leverage the Security Maturity Framework to evaluate and improve the effectiveness and efficiency of your security operations team.

Nick Levay, Chief Security Officer, for Bit9 + Carbon Black will discuss:

  • The 5 Step Security Maturity Framework
  • How to utilize a Risk Assessment Matrix to prioritize projects
  • Why governance is critical to an effective SOC
  • Why real world tests are key to a successful and agile SOC

Register now to learn more about how you can utilize the Security Maturity Framework to improve your security operations team.

Security Matters: Threat Assessments for 2015
Date: Dec 11, 2014

View archived webinar

This year has brought profound changes to the security landscape, especially in the area of Distributed Denial of Service (DDoS) attacks. Aside from the traditional saturation objectives of such assaults, DDoS attacks are increasingly used as cyber “smokescreens” to mask more intrusive and more destructive penetration operations. Join Neustar and media leader, Cox Communications, in a forward-looking discussion on what you should consider to safeguard your business in 2015.

During this session, you’ll hear about:

  • 2014 security trends and lessons
  • 2015 DDoS threat assessments
  • Real-world approaches to help keep you safe

Don’t miss this chance to participate in one of the most important conversations you will have this year. Get ready for 2015 by registering today!


The DNS Blind Spot: You haven't been looking at DNS in the past - why start now?
Date: Dec 09, 2014

View archived webinar

The Domain Name System (DNS) is a layer of critical infrastructure for how the Internet works. So, it’s not surprising that IT teams allow DNS’s port 53 to be wide open across all networks and systems. According to our survey, 75% of security practitioners do not filter DNS traffic for malicious Internet connections. And it’s rare that DNS activity is used during incident response. This is surprising given that 97% of advanced malware use DNS as part of the attack.

This DNS blind spot has become a hot topic for many security vendors and security practitioners. As the pioneer in DNS-based security, join OpenDNS CTO, Dan Hubbard, as he explains why it’s critical to monitor DNS and examine it in forensic investigations.

In this webinar, you will:

  • See why nearly every Internet connection over TCP/IP, including connections initiated by malware, starts with a DNS request.
  • Learn how DNS, together with other data sources, reveals where on the Internet attacks were launched in the past and where malicious infrastructures are staged for future attacks.
  • Find out how the majority of attacks today can be prevented or contained using DNS.
How to Speed Up Detection of Advanced Attacks
Date: Dec 03, 2014

View archived webinar

Enterprise cyber security breaches often take weeks or months to identify and remediate, causing untold damage to company data. In this special webcast, top cyber forensics experts discuss the methods you can use to find compromises faster, analyze their impact more effectively, and limit the damage they may cause.

Attend this webinar to learn how to:

  • Determine how cyber attackers obfuscate their attacks to make them difficult to detect
  • Recognize information and patterns in existing logs and security data to help identify an attack
  • Uncover best practices for shortening the time period between detection of an attack and remediation of cyber defenses
  • Gain a better understanding of how to use existing security tools and systems to improve incident response times

Register for this webinar to learn how to better recognize sophisticated attacks and more swiftly respond to them, potentially limiting the damage caused by a cyber attack.

Point of Sales System: Architecture and Security
Date: Dec 02, 2014

View archived webinar

To most people, Point of Sale (POS) systems with integrated payment processing are a black box where magic happens. Financial criminals breach hundreds of merchants each year, displaying a better understanding of how these systems operate than the dealer technicians that install and maintain them. With an understanding of POS architecture, integrated payment processing, and weaknesses in the technology, security professionals can better protect local businesses, major retailers, and developers handling payment card information.

Attend this webinar to:

  • Understand how opportunistic attackers breach small businesses and highly skilled targeted attackers bypass multiple layers of defense at large businesses.
  • Fill in your knowledge gap on point of sale systems and the flow of sensitive card data.
  • Dispel common misconceptions on payment security, attacker methodology, and how to see through security vendor hype.
  • Learn effective and efficient risk mitigation strategies for both opportunistic and targeted attackers.

Register for this webinar to learn why detection and response is paramount to a successful defensive strategy.

How to Best Fight Today’s Threats with Next-Gen Threat Response
Date: Nov 20, 2014

View archived webinar

While many organizations understand that today's advanced threats require purpose-built solutions to detect and stop them, the need to complement next-generation threat detection with next-generation incident response capabilities seems to be less well-understood. Instead, organizations try to carry out incident response with outdated manual processes, resulting in high costs from inefficient operations and unresolved incidents.

Attend this webinar to learn how to:

  • Understand what a typical advanced threat looks like and how to detect it
  • Protect your organization against the next generation of rapidly evolving advanced threats
  • Investigate, verify, prioritize and contain security incidents faster and more efficiently

Register for this webinar to learn how an optimized and streamlined approach accelerates incident response time by up to 20X.

Stay Ahead of the Adversary with Network Security Analytics
Date: Nov 19, 2014

View archived webinar

Threat actors often modify their tactics, but their techniques have a longer lifecycle. With network security analytics you can track events over time, empowering you to stay one step ahead of the adversary.

Attend this webinar to learn how to:

  • Establish the benefits of capturing rich metadata
  • Proactively hunt your adversary with network security analytics
  • Utilize network security analytics to solve current industry-wide problems

Register for this webinar to learn how to use network security analytics to stay ahead of the adversary and protect your corporate sensitive data, intellectual property and sensitive information.

Customer Identity: How to Take A Strategic Approach
Date: Nov 13, 2014

View archived webinar

Customer-focused companies strive to make their content available to an ever-growing number of connected users and devices on a much larger scale than ever before. Fortunately, a new consumer-facing solution is gaining currency and has earned a name unto itself: Identity Relationship Management.

Attend this webinar to learn how to:

  • Seamlessly connect customers, devices & things
  • Build relationships
  • Enhance brand equity & grow revenue

Register for this webinar to learn more about the current digital landscape and the business requirements necessary to stay ahead the curve.

How to Take the Complexity out of Compliance
Date: Oct 30, 2014

View archived webinar

Mainframes are well-known for hosting mission-critical corporate information and production applications for many financial, healthcare, government and retail companies that require highly secure systems and regulatory compliance. Demonstrating compliance for your industry can be complex and failure to comply can result in vulnerabilities, audit failures, loss of reputation, security breaches, and even system shut down. How can you simplify enforcement of security policy and best practices? How can you automate security monitoring, threat detection, remediation and compliance reporting? How can you demonstrate governance, risk and compliance on your mainframe?

Attend this webinar to learn how to:

  • Collect and integrate security-relevant events
  • Automate audit analysis to detect potential threats and remediate risks
  • Demonstrate compliance for Sarbanes-Oxley Act (SOX), Payment Card, Industry Data Security Standard (PCI DSS) and Security TechnicalImplementation Guide (STIG).

Register for this webinar to learn how to extend your modern mainframe to help comply with industry regulations, reduce costs and protect your enterprise, while supporting cloud, mobile, social and big data environments.

How to Secure Your AWS Cloud
Date: Oct 28, 2014

View archived webinar

With AWS cloud adoption rapidly growing, you need to make securing your cloud a priority. A breach in security not only endangers your internal network, but can also put your customers’ data in jeopardy. Learn how to build on the AWS security model to protect your data and applications.

Attend this webinar to learn more about:

  • The latest cloud security threat trends
  • Cloud security best practices
  • Leveraging automation

Register for this webinar to learn more about the key steps to securing your AWS Environment.

Card Trends and Payments Fraud in 2014: What You Need to Know
Date: Oct 23, 2014

View archived webinar

With the pressure to adopt EMV in the U.S., the increase in mobile transactions, and growth in alternative payments such as digital wallets, the payments industry is at a crossroad of change. In 2014, one out of every four transactions is conducted on a mobile device. Alternative payments for e-commerce are expected to grow to a $90 billion market by 2017, according to Forrester Research.

Attend this webinar to learn:

  • The latest in EMV adoption and effects of card-not-present fraud
  • How cybercriminals are reacting to emerging market trends
  • Best practices for managing fraud risk

Register for this webinar to learn about the current state of affairs – and the future of cybercrime and fraud – in the payments industry. 

The cost of inaction—what cyber crime could cost your business
Date: Oct 07, 2014

View archived webinar

The average company in the United States loses $12.7 million annually to cyber crime. Other countries are close behind. These are results from the recently completed Ponemon Institute 2014 Cost of Cyber Crime study. You know the risks, but you need the data to plan your defenses and demonstrate the cost of inaction.

View this webinar with Dr. Larry Ponemon to get the information you need. You’ll learn:

  • What cyber crimes are most common and most costly
  • The hidden internal and external costs you incur
  • What security defenses are most effective in reducing losses
  • How businesses with a strong security posture drive down costs
Cloud Data Encryption Myths Debunked
Date: Sep 30, 2014

View archived webinar

Controlling data encryption and key management is a MUST in the cloud. The Internet of Things. Mobility. The app explosion. Big data. As the Internet continues its dynamic evolution in the cloud, the security threat landscape expands alongside it. And in the middle of it all, data is being delivered, accessed, and stored in more places with more devices. Protecting it is paramount.

Attend this webinar to:

  • Dispel common myths of data encryption (the realities may surprise you)
  • Learn the vital role data encryption and key management play in the cloud
  • See how data encryption and key management fit into a broader security framework

Register for this webinar now to learn about a better, smarter approach to data security in the Cloud.

Top 5 Reasons to Switch to a Better Firewall
Date: Sep 18, 2014

View archived webinar

Your firewall is an important piece of your IT infrastructure, so replacing it is a big deal. But how do you make sure that you buy the right solution for your organization?

Attend this webinar to learn about:  

  • 5 reasons to switch to a better firewall
  • Protection from malware threats that won’t sacrifice performance
  • Opportunities for consolidating protection technologies

Register for this webinar to understand the factors you should consider when selecting your next firewall. 

Data Privacy: 2014 Forrester Survey Results
Date: Sep 17, 2014

View archived webinar

The value of information is rising rapidly.  This holds true for both the enterprises uncovering new insights, and those seeking to steal, manipulate or otherwise misuse sensitive data for personal gain.  Forrester has recently completed a Data Security & Privacy study to determine how business leaders are responding to the threat of sensitive data exposure.  In this new era of increased regulation, frequent data breaches and new technology platforms (including cloud, big data, mobile and others) are we doing enough to protect our most valuable asset? 

Attend this webinar to:

  • Learn about the latest findings from Forrester’s Data Security Survey
  • Hear about newest technologies designed to ensure sensitive data protection
  • Gain insight into the privacy and security perspectives of peers around the world
  • Leave with actionable steps to protect your organization’s most valuable asset

Register for this webinar to learn about Forrester's survey findings on data security and privacy.

Multi-Variant Phishing and the New Reality of Mail-Based Threats
Date: Sep 16, 2014

View archived webinar

Many organizations have recognized the threat posed by phishing and have deployed a combination of technology and training to combat what remains the number one threat vector for most organizations. The recent increase in instances of "multi-variant" phishing are now challenging many of these defenses by leveraging a complex, service-based delivery infrastructure to deliver a variety of payloads to victim computers.

Attend this webinar to learn how to:

  • Understand the phishing tools & techniques used by hackers
  • Protect your users, data and organization
  • Get examples of multi-variant phishing campaigns

Register for this webinar to learn more about multi-variant phishing and how to protect your company.

Protecting Your Data from Third-Party Vulnerabilities
Date: Sep 15, 2014

View archived webinar

Recent major security breaches, including a compromise at the Target retail chain, have demonstrated the potential for cyber attackers to reach their targets through business partners and contractors. In this webcast, experts discuss methods for auditing supplier connections to expose potential vulnerabilities before they are exploited.

  • Discuss the various ways that an enterprise might be compromised through partner connections.
  • Highlight recent attacks and exploits that occur through third-party systems and applications.
  • Offer recommendations on how to check/audit third-party systems and applications to expose potential vulnerabilities.
  • Provide tips on how to partner with third parties to ensure better security across the supply chain.
  • Outline methods for working with partners on incident response in the event that a breach does occur.

Cyber attackers are increasingly seeing opportunities for exploiting weaknesses in the “soft spots” of the supply chain. This webcast will help you find ways to defend your enterprise.

How to Manage Security-Compromised Endpoints
Date: Sep 11, 2014

View archived webinar

Online malware and targeted cyberattacks continue to become more sophisticated. While there are many technologies and practices for detecting such threats, there are few simple answers for remediating systems that have been infected. In this webcast, top experts will discuss steps for remediating infected systems that go beyond simple reimaging of the device.

Attend this webinar, which will:

  • Outline the reasons why today’s cyberattacks often are able to circumvent traditional defenses
  • Provide insight on current technologies and practices for detecting and analyzing new infections
  • Offer an overview of current technologies and best practices for handling infections that evade enterprise defenses
  • Discuss ways to remediate infected systems to go beyond simple reimaging
  • Offer recommendations on implementing incident response and remediation processes that deal with the aftermath of an infection/compromise

Register for this webinar to gain insight on what steps to take after an infection occurs.

From Zero-Day Attacks to exploit kits: How to Contain Advanced Threats
Date: Sep 03, 2014

View archived webinar

Security technology is increasingly sophisticated and continues to evolve quickly – so why do attacks still succeed with such alarming frequency? The threat landscape is quickly evolving. Today’s network-based advanced threats are more diverse, more numerous, more refined, more targeted, and more persistent than ever before.

Attend this webinar to learn how to:

  • Understand the nature of advanced threats and why they are difficult to contain with today’s signature-based tools
  • Understand how to maximize the value of the security systems and solutions they already have in place at the web gateway
  • Step through the various methods of attack ranging from basic data theft, Zero-Day attacks, advanced malware, exploit kits and more

Register for this webinar to learn the key questions you must address to strengthen your defenses against advanced attacks.

How Evolved “419 Scammers” Are Targeting the Enterprise
Date: Aug 28, 2014

View archived webinar

Unit 42, the Palo Alto Networks threat intelligence team, recently released a new research paper titled “419 Evolution" on an attack campaign codenamed "Silver Spaniel." The paper describes a series of attacks against businesses emanating from Nigeria. Individuals formerly associated with 419 scams, which have commonly targeted unsuspecting individuals, are responsible for these attacks. These attackers are now using many of the same tools that cyber crime and espionage groups have deployed in the past, making them an emerging threat to the enterprise. In this live webcast with Q&A, researchers from Unit 42 will share key research takeaways from the report.

Join Unit 42 researchers for a live webcast and Q&A that will focus on these key takeaways:

  • Nigerian criminals are now using easily obtained Remote Administration Tools (RATs) such as NetWire, that provide complete control over infected systems
  • Silver Spaniel attacks are specifically designed to evade traditional antivirus programs
  • Indicators of compromise were observed for the NetWire RAT, and Unit 42 recommends protections you can employ against tools used in these attacks

Attend the webinar to find out what you need to know to protect against these advanced threats.

Stop Malware in its Tracks with Crowd-Sourced Threat Intelligence
Date: Aug 12, 2014

View archived webinar

Threat sharing networks have been around for a long time; however they have typically been "invitation-only", available to only large companies, or those within a particular industry. AlienVault OTX is different. It is one of the first (and most diverse) threat sharing networks, open to everyone.

Attend this webinar to learn:

  • How threat intelligence is gathered and vetted in the Open Threat Exchange
  • How to use the threat data provided by OTX free services
  • Examples of the types of threats you can identify with OTX
  • Best practices to investigate and mitigate threats, including a quick tour of AlienVault USM

Register for this webinar to join AlienVault VP of Product Strategy, Russ Spitler, and Systems Engineer, Tom D'Aquino for a practical session covering how to use crowd-sourced threat intelligence to improve network security.

Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-08-04
GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, an...

Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdwon user, which has unspecified impact and attack vectors.

Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.

Published: 2015-08-04
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.

Published: 2015-08-04
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002...

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!