Webinar Archives
Upcoming Webinars
The Great Debate: The State of Application Security
Date: Jun 30, 2016

View archived webinar

When you attend this video panel you will hear industry experts engage in a lively debate on various topics related to the current state of application security, including their specific viewpoints on how organizations need to understand and manage the current cyber security landscape and the role that software applications play in this new paradigm. 

Attend and you will hear different perspectives on:

  • How proactive or reactive organizations need to be to protect against data breaches
  • Whether branded vulnerabilities are helping or hurting organizations’ abilities to protect themselves against cyberattacks
  • How security and development teams should work together to build secure code

…And more.

Dark Reading Cyber Security Summit: How Cyber Attackers Crack Your Enterprise
Date: Jun 28, 2016

View archived webinar

The goal of this eye-opening virtual event: know your enemy. By attending the sessions in the virtual auditorium and downloading comprehensive content from a wide range of expert resources, How Cyber Attackers Crack Your Enterprise will enable attendees to learn about online criminals’ motivations, tactics, and strategies. Attendees will get an up-close and personal look at what the bad guys are doing today – and how they can improve your enterprise defenses tomorrow.

AGENDA

Keynote - Cyber Attackers: Motives and Methods 
An expert on the latest methods and exploits in online attack provides an overview of the most current ways that criminals target the business. You’ll get insight on how the most sophisticated attackers choose their targets, what they are looking for, and how they extract valuable data from well-defended enterprises and data centers

Keynote - Understanding the Cyber Underworld 
When it comes to stealing your critical business data, it takes a village. Most sophisticated and targeted cyberattacks are not launched by a single individual, but by a whole community of online attackers, each of whom has a specific role to play. In this eye-opening presentation, you’ll get an inside look at how the cybercrime economy works, how its players interact, and how online data theft is becoming big business

Keynote - Anatomy of an Online Attack 
In order to develop an effective cyber defense, enterprises must first understand how sophisticated attackers do their work. In this fascinating presentation, one of the industry’s top penetration testers offers an inside look at how he identifies the vulnerabilities in enterprise defenses -- and how he might exploit those vulnerabilities to steal an organization’s most critical data

Panel - Collecting and Using Threat Intelligence Data 
One of the most effective new weapons available to today’s enterprise cyber defenders is a wide range of threat intelligence feeds and services that promise to warn businesses of impending online threats. But how do these feeds and services work? How can the security team choose the services that work best for a specific enterprise? And how can threat intelligence data change the way the enterprise defends itself? In this informative panel, top experts offer their insights on how to make threat intelligence work most effectively against today’s latest exploits.

Panel - Identifying Your Attacker 
When an enterprise is breached, one of the first things they want to know is who did it – and why. But the answers to such questions can be tricky and elusive. In this insightful panel, top experts discuss the methods that your organization can use to figure out who the attacker is, and how to use that information to develop a better enterprise defense. You’ll hear a range of opinions on how – and whether – you should seek to identify your attackers, how you can make the attribution, and how you can – and can’t – respond once you’ve learned who your attacker might be.

How Cyber Attackers Fool Your Employees – And How To Stop Them
Date: Jun 22, 2016

View archived webinar

Protecting your enterprise data is often referred to as a technology issue, but most cyber attacks begin by fooling a user into doing something, such as unknowingly downloading malware or giving up security credentials. This “social engineering” is the most common way that an online attacker will gain access to your business – and the hardest to defend against, because it exploits everyday human weaknesses, rather than technical vulnerabilities.
 
How do attackers fool your employees via email, Web, phone, and onsite? What are some of the latest methods they use to trick users and employees into breaking security policy? And most importantly, what can your organization do to keep its employees from being taken in?  In this informative Dark Reading webcast, top experts on social engineering will answer these questions and many more. You’ll learn about current social engineering methods and the “human” threats posed by online and physical attackers. You’ll also get insight on how your organization can train and test its users and employees to recognize and turn away these social engineering exploits – before they compromise your business.

The Power of Community Defense and Open API Cyber Security
Date: Jun 21, 2016

View archived webinar

In today’s threat landscape, the only way for you to disrupt attackers and protect your organization is to unite your systems and people, forming a collective defense. In this roundtable webcast Matthew Deren at Belk, Keith McCammon at Red Canary and Jason McFarland, Senior Open Source Engineer at Carbon Black, will come together to discuss the value of leveraging community defense and open APIs in incident response. 

 
In this webinar you’ll learn: 
 
  • The role an open ecosystem plays in next-gen endpoint security 
  • How to leverage APIs to share information across systems 
  • Automation, security process orchestration & more
Is Your Enterprise Data Secure - From the Inside Out?
Date: Jun 15, 2016

View archived webinar

Security shouldn’t start on the outside. Most security strategies attempt to detect and stop the threat actors at the edge and provide limited security between VLANs and limited hardening and detection capabilities on the host itself – two points the threat actors are targeting. Defending the end points is a losing battle. Organizations need to focus on deploying multiple security layers from the inside out and leveraging big data analytics to detect at the host level.

Attend this webinar on June 15th and discover:

  • How battlefield lessons can be applied to cybersecurity layers
  • Why big data is both your friend and foe
  • How to laser in your defense and detection efforts on the data threat actors care about
  • The four steps to implement inside-out security
A human? A bot? Application Firewalls (WAFs) vs. Web Behavior Analytics for Finding The Biggest Threats to Your Web Site
Date: Jun 09, 2016

View archived webinar

This webinar discusses how the biggest problems to your web site aren’t cross-site scripting and SQL injection attacks. The biggest problems are the ones you don’t see; automated bots masquerading as real people browsing through web sites and mobile interfaces.

Traditional web security products directed towards exploits, vulnerabilities and software coding defects don’t look to tell if an automated bot is driving a session meant for people. Only Web Behavior Analytics can determine this.

Attend this webinar for what promises to be a spirited web application security conversation between Eric Ogren, senior security analyst at 451 Research, and Rami Essaid, CEO of Distil Networks.

You will learn:

  • The new threat landscape of Advanced Persistent Bots (APBs)
  • How Web Application Firewalls (WAFs) and Web Behavior Analytics solve different problems
  • The impact bots have on your security results
  • How applied Web Behavior Analytics can protect your business
2016 Underground Hacker Marketplace – It’s a Good Time to Be a Bad Guy
Date: Jun 09, 2016

View archived webinar

Imagine a marketplace where illegal vendors offer hackers a wide range of goods, tools, and training to enable them to exploit or breach unsuspecting individuals, groups or organizations. Now imagine the walls of this marketplace lined with advertisements offering services and information. The point is, the underground marketplace is booming and only getting bigger, more sophisticated, and competitive.

Register to take a journey with James Bettke, SecureWorks Counter Threat Unit (CTU) researcher, Sean O’Connor and Shawn Cozzolino from the SecureWorks CISO Intel team as they walk you through their time spent in the Underground, tracking hackers in numerous forums and marketplaces all over the world.

When you attend this interactive webinar on June 9th, you will walk away with:

  • Notable trends occurring year over year in the underground hacker market 
  • Real examples of goods and services for sale to enable cyber-crime
  • Tips on how to protect data and additional security advice
Meta Data, Big Data and the Coming Tectonic Shift in Security
Date: Jun 02, 2016

View archived webinar

While yesterdays’ security model was largely based on prevention of breaches, tomorrow’s security solutions will increasingly focus on detection of breaches from within followed by containment. This is a large shift both in terms of investment dollars and technologies. Focusing on detection of breaches provides an opportunity to reverse the asymmetry between the attacker and defender and shift the odds of success in favor or the defender. However, a detection based strategy requires building context of the organization’s operating environment, triangulating bad-like behavior against what is normal-like behavior for an organization and trying to identify anomalies that could lead to the presence of malware in the organization. This requires marrying big data type solutions with SIEM type technologies. In this new world of big data for security, the ability to both, generate relevant and increasingly large volumes of data, as well as consume, correlate, index and alert on that data will require powerful and unique solutions that a defender can leverage as the core of their cyber security strategy.

Join Gigamon in this webinar to understand:

  • Where the world of cyber security is going
  • The role of big data solutions in this changing landscape
  • How the defender need to re-think their cyber security strategy
How to Keep Mobile Threats at Bay
Date: Jun 01, 2016

View archived webinar

As smartphones and tablets become more powerful, securing devices and data is critical for enterprise mobility stakeholders. For instance, over 50% of all decision makers in a recent IDC survey experienced security and compliance issues during mobility rollouts. 

With savvy cybercriminals using vulnerabilities in apps, networks, and operating systems to gain control of mobile devices, businesses need security that integrates with existing systems for continuous protection.

Learn how to better protect your business from mobile threats by attending this webinar on June 1, where you will hear:

  • Why comprehensive mobile security is required to keep your devices and data safe
  • How the cloud helps solutions reduce complexity and increase visibility and control
  • What role Check Point plays in preventing advanced attacks on smartphones and tablets
DNS: Are Security and Complexity Really Mutually Exclusive?
Date: May 26, 2016

View archived webinar

DNS is no longer just about network housekeeping. Instead, DNS data has become absolutely crucial to cyber-security, especially as your IP attack surface becomes larger and more fluid—and cyber-criminals get better at evading conventional signature-based detection.

Register now for this insight-packed webinar to:

  • Learn how your peers are evolving their DNS/DDI processes and policies
  • Understand how mobility, cloud, and cybercrime-as-a-service are changing IT security
  • Pose your top IPv6-related questions to subject-matter experts—live and online.

Don’t miss this unique opportunity to quickly up your security game. 

 

The Hidden Enemy: Malvertising and Ransomware
Date: May 25, 2016

View archived webinar

Malvertising is increasing in sophistication and prevalence, and often being used to distribute ransomware. According to the FBI, criminals are netting an estimated $325–500 million a year through these scams. But while the FBI is warning of a rise in ransomware, they are at a loss when it comes to how to handle it: “The ransomware is that good,” says Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”

As malvertising-based infections (including ransomware) in businesses increase, questions will arise on who is accountable – ad networks, site owners, or owners of the ad content? If your company is a victim, and the FBI is just advising to pay the ransom, can you begin to seek legal remedy against the ad networks or content owners that were the vector for the infection?

This webinar give the audience a better understanding of the impact of malvertising and ransomware. It will also tackle some of the biggest misconceptions, latest tactics/incidents, how these attacks are delivered and why your company may be at risk without you even knowing it.

Key takeaways include:

  • The growth in malvertising and malvertising-based ransomware.
  • A better understanding of the tactics and techniques cybercriminals use to deliver and cover up their malvertising campaigns.
  • Tools and solutions to help detect, eliminate, and protect your business.
Building an Effective Defense Against Ransomware
Date: May 24, 2016

View archived webinar

A growing number of enterprises are being hit by attacks of ransomware, in which critical systems or data are maliciously encrypted or threatened until an enterprise victim pays a ransom. 

  • How does ransomware work, and who are the attackers that use it?
  • Should companies pay the ransom if their data is threatened?
  • Most importantly, how can enterprises defend their data against future ransomware attacks?

In this eye-opening webinar on May 24th, security experts will give you deeper insight into this emerging threat, including a look at some current ransomware attacks and best practices for defending against them.

New Threats and Trends In Online Malware
Date: May 18, 2016

View archived webinar

Recently, online attackers have taken their game up a notch – using ransomware, polymorphic malware, and many other new exploits that are frequently able to evade traditional IT defenses.

Attend this informative webcast on Wednesday, May 18 and top experts on online crime will offer you:

  • Insights on the latest exploits and trends in malware development
  • Updates on the newest attacks and the methods used for infecting enterprise systems
  • Methods you can use for detecting, blocking, and rooting out new malware – even when it is designed to elude your current defenses
New Research on DDoS Attacks and Their Threats to Your Business
Date: May 10, 2016

View archived webinar

DDoS attacks continue to remain a clear and present danger for businesses across the globe. Strikes are becoming more complex to detect and defend, and attacks like UDP and DNS reflection are being unleashed at scale – often with multiple attack vectors at once. What are you to do when standard security measures are now obsolete?

It’s important for you to know your enemy as best you can, and in this one hour webinar, the Neustar Security Operations Center (SOC), working on the front line in the fight against DDoS attacks, will present to you the latest research on DDoS attacks mitigated for clients across the globe.

You will gain insights on:

  • The intent of hackers and their attack strategies
  • How attacks are growing in complexity, strength, and frequency
  • How DDoS protection is evolving to help secure businesses
[Enterprise Security] Be the Hunter or the Hunted, The Choice is Yours.
Date: Apr 28, 2016

View archived webinar

Cybersecurity defense strategies have run their course.

If you use a traditional security stack, you need to know that it no longer provides the mission assurance your enterprise needs. And ‘search based’ strategies depending on short lived indicators of compromise are ineffective for identifying polymorphic adversaries.

Attend this Dark Reading webinar on April 28 to discover how Endgame’s “Automate the Hunt” offense strategy is essential to detecting never before seen adversaries that bypass the traditional security stack. Experts will teach you:

  • What is Hunt and who should hunt
  • How to avoid the most common pitfalls when hunting
  • Best practices to hunt effectively

It’s time for you to be the hunter, not the hunted. Start building an ‘offense’ approach into your security program today.

Designing Your Next-Gen Endpoint Security Strategy to Defend Against Modern Threats
Date: Apr 28, 2016

View archived webinar

Today’s security battle is being waged at the endpoint. Attackers are more sophisticated than ever and your data is the target. Traditional prevention strategies have proved to be inadequate against modern threats, and a shift in strategy is needed to keep up.

As your organization sets out to upgrade outdated endpoint security to a Next-Generation Endpoint Security (NGES) solution, you are faced with an overwhelming number of vendors and approaches. So how does one build a next-gen endpoint security strategy?

During this webinar Carbon Black Security Strategist, Rick McElroy,  will cut through the noise and offer a clear description of:

  • The state of the threat landscape and today’s NGES requirements
  • The pros, cons and tradeoffs of varying approaches to NGES
  • Best practices on NGES deployments
  • A requirements checklist for choosing the right NGES solution

Every industry analyst firm is producing research about NGES, and they all reach the same conclusion: every organization needs to upgrade their endpoint security to a modern Next-Generation Endpoint Security solution. Start building your strategy to defend against modern threats.

Weaponize Your Threat Intelligence for Breach Prevention
Date: Apr 26, 2016

View archived webinar

For the online attacker, sophisticated exploits are becoming easier and cheaper than ever to produce. Today’s enterprise faces a dizzying array of advanced cyber threats, many of them targeted directly at a specific organization and undetectable by conventional IT defenses. How can enterprises identify and stop these increasingly-sophisticated attacks – before they become major compromises?

In this eye-opening webinar, experts at Palo Alto Networks will discuss new ways to harness emerging data about new threats – today’s threat intelligence data stream – and use it to develop methods for hunting and stopping sophisticated attacks. By teaching attendees how to “weaponized” their threat intelligence information, Palo Alto Networks will help security professionals to proactively ferret out advanced attacks – in many cases, mitigating or preventing their potential impact on enterprise data.

A Cloud First, Security First Approach to Baking Security into Your Digital and Cloud Initiatives
Date: Apr 21, 2016

View archived webinar

A move to the cloud can help your team scale faster, innovate, and also provide users continuous delivery. And taking a cloud first, security first approach allows you to work tight knit security features and controls into cloud initiatives from the ground up - including AWS security.

Learn how to build your sound security strategy by attending our webinar where we will cover:

  • How the cloud is changing the security paradigm
  • Cloud security analytics and best practices
  • How digital disruption is changing the market landscape
  • How to get deep visibility into AWS Logs
  • Leveraging threat intelligence in the cloud
  • Managing SaaS-based business applications

Sure the thought of putting sensitive company data in a public cloud can be scary - #crazyscary! Kind of like online dating. But the good news is that it doesn't have to be scary or expensive!

How Cloud Identity Management Helps Companies Go Digital
Date: Apr 06, 2016

View archived webinar

While 75% of IT Execs say they are building portals and applications for customers, according to a recent survey, legacy identity and access management (IAM) tools present massive hurdles for user experience and security.

Attend this webinar to learn how cloud-based identity management turns lousy customer experiences into sizzling engagement.

When you join us on April 6th you will learn how to:

  • Align your IAM architecture to support a digital transformation strategy
  • Boost the security of brittle crumbling legacy Identity products
  • Evaluate the unique capabilities of cloud-based identity management
Insights for a More Secure Enterprise against DDoS attacks and other Security Threats
Date: Apr 05, 2016

View archived webinar

DDoS attacks have been legitimized as a weapon of cyber warfare and are increasing used by those with sinister motives in conjunction with other nefarious activities including breach, theft, and destruction. Knowing how to protect your enterprise means knowing the threat. DDoS attacks are widely varied in their construct, lethality, and intent and it is important to understand them to best understand what you need to do to mitigate their impact.

As a tier-one DDoS protection service provider, Neustar fends off thousands of attacks each year from the very large to the dangerously small. In this session with industry analyst IDC, you will get the latest insights on attacks and trends so that you can better detect and defeat the DDoS threats to your business.

Attend this webinar to learn about:

  • How attacks are growing in strength and complexity
  • Why breach should be a foremost concern when experience a DDoS attack
  • How multi-vector attacks pose a real danger to your infrastructure and users
Managing Cloud Security? The 5 Best Practices for a Scaling Environment
Date: Mar 30, 2016

View archived webinar

Security is a top concern when transitioning your company - and most important applications - to the cloud. Protecting your business from internal threats, external attacks, and data loss are important to everyone on the team, regardless of level or role. Most organizations face two primary challenges when trying to achieve cloud security:

  1. Putting together the pieces of the security puzzle—including workload insight, key file tracking, vulnerability management, etc.—into one place quickly, despite your tight real-world constraints of insufficient budgets and limited personal bandwidth.
  2. Making sure you can do #1 accurately and efficiently.

Fortunately, you don’t have to figure all of this out on your own and can benefit from lessons learned by early cloud adopters. Dark Reading invites you to join us for a special one-hour webinar featuring leading experts in cloud security that will show you how to: 

  • Improve your threat visibility
    Better understand what it really takes to mitigate cloud-related threats and fulfill cloud-related compliance reporting requirements. 
  • Reach your security goals
    Hear first-hand how others were able to achieve their desired state of security in less time, with fewer resources -- and with increased adaptability to future changes in their cloud implementation. 
  • Think like an attacker
    Our expert panel will explain how to map your cloud security capabilities to an attacker’s cyber kill chain to keep you one step ahead.
Threat Intelligence Processes are a Journey; Not a Destination
Date: Mar 29, 2016

View archived webinar

A decade ago manual analytics were all the rage. Unfortunately, yesterday’s processes can no longer scale to the threats of today. For example, many organizations are still convinced the answer to threat intelligence is a SIEM and vendor feeds - yet are complacent in allowing analysts to conduct highly repetitive and manual tasks versus enabling them to do what they do best, analyze threats.

Join us for this webinar in which we will demonstrate how the right process paired with the right threat intelligence platform (TIP) are key in automating resource intensive aspects when running a threat intelligence team. Understanding what you are trying to achieve and building processes around that is more efficient and effective in the long run -allowing your organization to save time and money.

Register and attend this webinar to learn how to:

  • Replace inefficiencies with automation so your team can focus on analysis
  • Prioritize the flood of notifications to know when and where to act
  • Use process and platform to maximize the potential of your team
Addressing the New Threat Intelligence Problems of Scale and Relevance
Date: Mar 22, 2016

View archived webinar

Join us for a webinar where we will explain why threat intelligence itself has become a big data problem and how the number of active indicators of compromise has grown into the tens of millions.

If like many organizations you are trying to review indicators manually, you know first-hand how it can be an impossible task.

Or like many others, you're pushing data into a SIEM (Security Information and Event Management) system and trying to get it to perform a task it was never meant to do.

Attend this webinar and you’ll get insight into:

  • Why a task-based distributed security architecture is a natural augmentation for the SIEM
  • Why Threat Intelligence Data should be considered the next big data problem
  • The importance of organizational “relevance” for threat intelligence data
  • The benefit of applying key indicators of compromise to threat models
State of the Phish: Effectively Reducing Phishing and Malware Infections
Date: Mar 17, 2016

View archived webinar

Phishing continues to pose a growing threat to the security of industries of every kind — from financial organizations to government contractors to healthcare firms. Today’s savvy phisher manages to evade even the most significant safeguards through carefully planned, socially engineered email phishing attacks.

In fact, according to Verizon’s Data Breach Investigations Reports, 95% of all espionage attacks and nearly 80% of all malware attacks involve phishing. And people — your internal users — are the largest and most vulnerable point of entry.

In this session we will review high-level findings and insights from the Wombat Security State of the Phish report that was released in January 2016. You will hear about:

  • Feedback from information security professionals on what they see happening with phishing in their organizations and how they are protecting themselves
  • Information on how often, and what types of phish end users are falling for
  • Data and analysis of click and open rates from millions of simulated email phishing campaigns, including: who’s most vulnerable, browser and plugin stats, and platform data across industries

You will also gain actionable advice about running a successful anti-phishing program and learn tactics that several large organizations have used to reduce malware infections and phishing attacks from the wild up to 90%.

Determining Identity with Behavioral Biometrics
Date: Mar 15, 2016

View archived webinar

Despite millions spent each year on security, breaches still persist thanks to the compromised user credentials. How can you make the most of your existing security investments, while ensuring those who access your network are who they say they are?

Join us for an informative webinar where SecureAuth and IDC will cover:

  • The current state of the industry and how adaptive authentication techniques like behavioral biometrics - monitoring keystrokes, mouse movement and gesture patterns - can help detect intrusions before they occur
  • IDC’s forecast on industry trends in the authentication market.
  • Live demo of step up authentication using behavioral biometrics.
People Make the Best Exploits
Date: Mar 09, 2016

View archived webinar

Cybersecurity vendors devote much of their attention to the technical aspects of their task: malware payloads, distribution methods, infection chains, stolen data, and so on. To be sure, these elements are important. But focusing on them too narrowly neglects a simple fact: in the end, people are the targets.

That’s why attacks are still getting through, despite advances in detection and response technology. From email and web to social media and mobile apps, attackers are exploiting the human factor.

Join Proofpoint Director of Threat Intelligence Patrick Wheeler as he discusses The Human Factor 2016 report.

This webinar presents original ?eld research from data gathered by Proofpoint products deployed in customer settings around the world.  Patrick will cover threats in email attachments, social media posts, and URLs.

In this webinar you will see not just who is clicking what—but when, where, and why they are clicking:

  • Who is being targeted, and who is falling victim
  • What attackers are sending, and which lures are working
  • When threats arrive, and when people are most likely to click
From the Front Lines: Enterprise Mobile Security Report 2016
Date: Feb 24, 2016

View archived webinar

Get a look at the current state of enterprise mobile security through the lens of a January 2016 survey of security professionals at large companies across more than fifteen different industries. A highlight from the results is that a large majority of responses indicate it’s certain or likely that their organization has had a data breach as a result of employees using their mobile devices to access the company’s sensitive and confidential information.

Join Larry Ponemon, Founder of the Ponemon Institute and Nick Fisher, Director of Product Marketing at Lookout as they discuss the results from a recently completed joint survey on the economic risks of confidential data on mobile devices.

The discussion will focus around the key findings from the research: 

  • How many security leaders say it’s “certain or likely” that their organization had a data breach as a result of employees using their mobile devices to access the company’s sensitive and confidential information.
  • The number of employees’ mobile devices are believed to be infected with malware at any point in time.
  • The percentage of infected mobile devices are never investigated or triaged.
  • How much mobile security spending by global enterprises is expected to grow in the next 12 months.

Attend this webinar to get insights from the latest research on enterprise mobile security—and where budget and allocation is headed in the next year.

 

 

Application Control Observations and Strategies for Success
Date: Feb 24, 2016

View archived webinar

It's now widely recognized that traditional security solutions are insufficient to protect organizations from advanced threats and targeted attacks. As a result, companies are increasingly looking to adopt a proactive approach to security such as application control to ensure the fidelity and security of intellectual property.

Joel Rising, Solution Architect at Carbon Black will be joined by Phil, Sr. Information Security Engineer at one of Carbon Black’s leading customers in the banking industry. In this informative webinar, you’ll learn the path to success through application control and Phil will share best practices from successful deployments at multiple organizations.

This webinar will cover:

  • Moving from passive to proactive defense
  • Why app control is essential
  • The importance of choosing the right solution  
  • Overcoming organizational barriers
  • Best practices learned from successful deployments 
Surviving 2016: Protecting Your Business From Advanced Cyber Threats
Date: Feb 23, 2016

View archived webinar

While traditional security practices still apply in today’s threat landscape, the advanced threats seen in 2015 make it clear that the basics are no longer enough to protect your company.  With that in mind, join us as we highlight 10 tips for surviving this year—focusing on what to do and what not to do--to prevent cybercrime in 2016. Key takeaways include:

  • Top 5 tips for securing your systems and data
  • Top 5 pitfalls to avoid falling victim to
  • How to evolve your security practices to meet  today’s ever-changing threat landscape
Rethinking Layered Security
Date: Feb 23, 2016

View archived webinar

For years, IT organizations have built their cyber security strategies around “layered defense” – the installation of a wide variety of security tools to stop a wide variety of threats. But as attackers crack the defenses of enterprise after enterprise, many experts have begun to question the layered security concept, and some are developing new ways of thinking about security architecture.

In this eye-opening webcast, top security experts will explain why current layered defense strategies are not working, and offer some real-world thinking around new approaches to enterprise cyber defense.

How Your Applications Can Protect Themselves from Cyber-Threats
Date: Feb 18, 2016

View archived webinar

Applications are a top attack vector for cyber criminals. That’s why application security is evolving to become an integral part of the software development and DevOps processes.

But that’s not enough. To protect the enterprise, you also need to ensure the safety of applications that are already in production.  As classic security defenses have failed to keep pace with the evolving threat landscape, your applications now need to protect themselves against real-time attacks. 

Join Dr. Joseph Feiman, Chief Innovation Officer at Veracode, and Sam King, Chief Strategy Office at Veracode as they explain how these trends will play out, and how you can build powerful and transformative self-protection into your applications as part of a more intrinsically secure DevOps and Security Operations process.

You’ll learn:

  • Why firewalls and other traditional security technologies can’t fully protect applications
  • How Runtime Application Self-Protection (RASP) addresses this key security challenge
  • How RASP-based application self-protection advances DevOps and Security Operations processes
  • How application self-protection is likely to evolve in the future
  • How application security is evolving to becoming an integral part of software development and delivery and operational security processes

Only applications themselves possess the full contextual insight necessary to stop the types of attacks that conventional network security cannot see. 

Be sure to attend this insightful video cast so that you understand how you can help your company capitalize on emerging digital opportunities without exposing yourselves to emerging digital threats.  

The Untold Secrets for Fighting Advanced Persistent Threats
Date: Feb 11, 2016

View archived webinar

APTs are a growing threat across all industries, and the reality is almost any company of any size can suffer catastrophic losses at the hands of highly motivated and well-resourced attackers.

According to a global ISACA study, 66 percent of global organizations believe it’s only a matter of time before their enterprise is hit by an APT, yet only 15 percent believe they are prepared to handle them.

As one of the most attacked organizations in the world, Lockheed Martin has a front row seat in the fight against APTs. Join Justin Lachesky, Cyber Intelligence Analyst at Lockheed Martin and Cybereason CTO, Yonatan Striem-Amit to discuss:

  • The most pressing challenges your company faces when fighting APTs, like excessive false positives, a lack of threat context and poor endpoint visibility.
  • Four steps you can take to combat APTs in your organization, including automating threat detection and implementing behavioral analysis.
  • How to empower your security team in the fight against APTs by adopting automatic threat detection, eliminating alert fatigue and using endpoint data to reveal full attacks.
Building an IT Security Awareness Program That Really Works
Date: Feb 03, 2016

View archived webinar

Most enterprises do some form of IT security awareness training for their end users – but not all of them do it well. Organizations of all types and sizes frequently fail to build programs that truly convince users to change their behavior – and keep enterprise data safe.
 
In this eye-opening webcast, top experts on security training offer insights on what works in security awareness programs – and what doesn’t. You’ll get insights on how to build and deliver a curriculum that makes end users smarter about security – and prevents them from engaging in online practices that could put your corporate data at risk.

Understand Your Attacker: A Practical Guide to Identifying TTPs With Threat Intelligence
Date: Feb 02, 2016

View archived webinar

To effectively combat threats to the enterprise, security teams must understand their organization’s adversaries and the attack tools, techniques, and processes (TTPs) they are wont to weaponize. Threat analysts can create that picture for security teams, ultimately providing a set of actionable recommendations for threat management, by piecing together data from the Web that indicates a threat to the enterprise.

Levi Gundert, Vice President of Information Security Strategy at Recorded Future, will share research on the latest attacker tools, provide architecture recommendations for organizations looking to strengthen security controls, and help analysts use threat intelligence to more quickly and effectively identify threat trends. Attend this webinar to learn how to:

  • Apply methodologies for proactive and strategic source identification and information analysis.
  • Understand vendor information sources.
  • Prioritize threats in a business context.
  • Differentiate between vulnerability management and threat intelligence.
  • Use best practices for working with peer teams to test and strengthen security controls.
How to detect hidden cyberattack communications inside today’s networks
Date: Feb 02, 2016

View archived webinar

Today’s cyber attackers survive by hiding their attack communications from the prying eyes of security. It’s a critical part of their attack arsenal and it lets them patiently manage and propagate attacks throughout your network, undetected.

Tune into this webcast to learn how to detect covert attack communications inside your network. We’ll explain how you can automatically pinpoint active cyber attacks in encrypted traffic as they’re happening – and without decrypting anything.

Here’s what you’ll learn:

  • The latest techniques attackers use to hide their traffic from security.
  • Ways to detect malicious attack communications in hidden tunnels and encrypted traffic.
  • How to find malicious communications within allowed applications.
  • What you need to instantly map cyber threats to network hosts that are under attack.
  • The critical role of real-time automation in prioritizing cyber attacks that pose the highest risk.
  • How to cut through the noise of event logs and alerts to get to the heart of a cyber threat.
Cyber Security: The Business View - A Dark Reading Virtual Event
Date: Jan 26, 2016

View archived webinar

Is your business prepared for a cyber breach?

Join Dark Reading and top cyber security experts for this online event that will offer a comprehensive look at the security-related issues facing today’s businesses – and how you should respond.

AGENDA

KEYNOTE: Understanding Cyber Security’s Impact on Business

Tim Wilson, Editor in Chief, Dark Reading 
Bryan Sartin, Managing Director, RISK Team, Verizon 

A top expert offers an executive-level view on the impact of data breaches, the costs and benefits of investing in IT security technology and skills, and a real-world perspective on how  cyber security fits into the business equation.

KEYNOTE: Your Legal Liability In Cyber Security

Tim Wilson, Editor in Chief, Dark Reading 
Jason Straight, Senior Vice President, Chief Privacy Officer

In this keynote, a top legal expert discusses your liability to customers and partners in a legal breach, how  to avoid security negligence, and your legal standing with cyber insurance companies in the event of a breach.

PANEL: Measuring Real Cyber Security Risk

Kelly Jackson Higgins, Executive Editor, Dark Reading 
John Pescatore, Director, SANS Institute; 
Tom Parker, CTO, Accenture; 
Wade Baker, VP Strategy and Risk Analytics, ThreatConnect

A discussion of the business case for IT security, and how to quantify the risks and costs of your IT security program. We will discuss the costs associated with today’s threats and data breaches, and how you can use threat intelligence and cyber security risk metrics to prioritize costs and defense strategies specifically for your enterprise.

PANEL: Preparing Your Business For a Major Data Breach

Sara Peters, Senior Editor, Dark Reading 
John P. Gelinne, Deloitte Advisory & Captain, US Navy (Ret); 
John H. Sawyer, Managing Security Consultant, InGuardians; 
Roman Brozyna, Chief Information Security Officer, Bit9 + Carbon Black

A quick guide that shows you, step by step, how to build a plan for reacting to a major data breach, including breach detection and remediation, legal liabilities, working with law enforcement, and crisis public relations.

PANEL: How (And Why) Hackers Target Your Business

Marilyn Cohodas, Community Editor, Dark Reading 
David West, Assistant Section Chief, FBI Cyber Division; 
John Terrill, Founder & CEO, Drawbridge Networks; 
Adam Meyer, Chief Security Strategist, SurfWatch Labs

In this panel discussion, experts on cyber threats offer an inside look at the goals of a cyber attack and the methods that hackers use to select and infiltrate targeted companies.

Integrating IT and OT for Safer Operational Processes
Date: Jan 07, 2016

View archived webinar

Security threats against corporate networks are staggering, and the situation is even more compounded for energy companies that safeguard both information technology (IT) and operational technology (OT) systems. With the growth of interconnected networks, use of cloud services and the need to share information 24/7, these traditionally isolated critical infrastructures are rapidly becoming integrated into enterprise environments. As OT control systems continue to modernize, this interconnectivity is putting new pressures on both IT and OT professionals to better manage, secure, and protect the technologies that run our important facility processes, like electrical systems, oil and gas controls, and industrial factories. IT/OT convergence enables better visibility, centralized control, improved situational awareness, increased efficiencies, and a more mature cybersecurity posture across operations – but only if it’s done right.

In this Dark Reading video panel, sponsored by Lockheed Martin, we’ll discuss the role  intelligence and automation can play to simplify the information flow between management and supervisory control systems.

Discussion agenda items include:

  • How to detect and stop the progression of an advanced persistent threat against your IT and OT infrastructures before they can damage your networks – and business credibility
  • What you can do to improve centralized control, safety, and security monitoring for OT platforms
  • How the Lockheed Martin Cyber Kill Chain® method of intelligence-driven defense applies (or doesn’t) for integrated IT/OT systems
  • How to modernize your legacy SCADA software and better integrate your disparate applications
  • Ways to provide real-time information across the converged IT/OT infrastructure to improve business performance and the automation of industrial processes
  • How IoT can help you better integrate components of industrial processes into the enterprise network so they can be more easily monitored and better serviced
How to Build a World-Class Threat Intelligence Capability From Scratch
Date: Dec 15, 2015

View archived webinar

Threat intelligence is a broad subject and the natural tendency is to produce intelligence on any topic or event regardless of its applicability to the company. True success in threat intelligence depends on focusing intelligence efforts to very specific business objectives, which removes the large surface area and leaves only a challenging sliver of ultra-high value to pursue.

This webinar will reveal critical concepts and practical details, where necessary, to produce a world-class threat intelligence capability from scratch.

Why Layered Security Strategies Don’t Work – And What You Can Do About It
Date: Dec 15, 2015

View archived webinar

Every year, enterprises spend record levels of money on new IT security technology – yet major breaches and compromises are more prevalent than ever. The concept of “layered security” – in which enterprises support a wide variety of security technologies in order to discourage attackers – doesn’t seem to be working.

It’s time to rethink IT security – not just the technology, but the way enterprises approach it from a strategic, architectural perspective. There are ways for organizations to build a comprehensive set of defenses – a security architecture – that can not only discourage attackers, but actually prevent them from penetrating your IT environment.

In this webcast, you will learn some of the basics of building a next-generation IT security architecture, including:

  • How the foundational architecture of a next-gen firewall and security platform “matters” in enabling the business, and protecting it against a wide variety of attacks.
  • How the architecture enables unique and specific security scenarios.
  • How the architecture supports a prevention-oriented approach.
Where Badness Lurks: New Threats Demand a New Approach
Date: Dec 10, 2015

View archived webinar

Join DomainTools for a webinar that will show new and innovative ways to map threat infrastructure, which in turn can help you defend your organization against future moves by attackers.

During this discussion, DomainTools will walk you through an analysis of its databases of domain and IP profile data and what was discovered. You'll hear about patterns of concentration of malicious internet activity by top-level domain, registrant email provider, privacy service, and other non-geographic taxonomies.

And, because they have been linked to recent breaches, we give special focus to the role of bulk domain registration agents in the development of attack infrastructure, asking the question: are "domain resellers" intrinsically suspect? We will also discuss how to practically apply the methodology that underlies these findings.

Register and attend this webinar to see:

  • Why open-source intelligence (OSINT) matters and how to use it in adversary analysis
  • New ways of pinpointing--and predicting--hotspots of malicious activity
  • Which bulk domain registration agents are tied to malicious activities
  • A real-life investigation of the adversaries behind a major breach
Operationalizing Threat Intelligence to Battle Persistent Actors
Date: Dec 09, 2015

View archived webinar

We have all heard that threat intelligence can help level the battlefield against advanced persistent threats whether criminal or nation state attackers. But what is Threat Intelligence? How does it fit into your organization’s security operations? And how can you develop your own Threat Intelligence?

Attend this webcast to learn:

  • How to leverage Threat Intelligence to identify potential adversaries and take appropriate action
  • How to develop Threat Intelligence using the Diamond Model
  • How ThreatConnect investigated Chinese state-sponsored threats using the Diamond Model
  • How to operationalize Threat Intelligence using Splunk and ThreatConnect

Join Andy Pendergast, co-author of the Diamond Model and co-founder of ThreatConnect and Monzy Merza, Director of Cyber Research at Splunk to see how you can apply Threat Intelligence to protect your organization and prevent future breaches. During the talk, Andy will share threat intel on a nation state threat and Monzy will do a live demonstration of operationalizing the new Threat Intelligence.

Best Practices for Resilient Inline Security Deployments
Date: Dec 08, 2015

View archived webinar

Today’s threat landscape demands the use of a complex array of proactive security systems and monitoring solutions.  What are the most common and useful security solutions you should consider - next-gen firewalls, web-application firewalls, intrusion prevention systems?

Many of these security tools require inline network deployment.  But why in the face of almost certain cyber-security breach do organizations avoid deploying these best-practice security tools?

Learn to deploy your security defenses like firewalls, intrusion prevention systems (IPS) and others using a safe, yet flexible security framework that improves network uptime, speeds network troubleshooting, and eases network and security maintenance for operations personnel.

  • An overview of security tools and monitoring systems available.
  • The value of proactive inline security systems and why organization fail to use them.
  • Best practices for safely deploying security defenses.
  • Minimizing conflicts between networking and security operations teams.

If you provide your (ISC)2 ID certificate number when you register for the webinar, your CPE credit will automatically be added to your (ISC)2 account within 4-6 weeks.

Hunting For Potential Threats in Your Enterprise
Date: Dec 08, 2015

View archived webinar

Security teams have traditionally been “gatherers” of threat information, installing tools and systems that collect potential indicators of compromise and then waiting for alerts. As attacks become more sophisticated and well-hidden, however, many security teams have begun to implement “hunting” processes that enable IT pros to identify and investigate potential threats *before*  the alarm bells go off.
 
What are the tools and techniques required to implement hunting in your organization? What skills does your team need, and what are the potential benefits of adding these processes to your security practices? In this informative webcast, top experts in IT security research offer an inside look at the hunting process, as well as the tools and data resources you’ll need to make it work in your organization. You’ll also get some advice on the costs and benefits of threat hunting, and how you can use it to lower costs and make your organization’s data more secure.

How to Reduce Risk When You Can’t Instantly Remediate “High” or “Critical” Common Vulnerabilities and Exposures (CVEs)
Date: Nov 19, 2015

View archived webinar

Common Vulnerabilities and Exposures (CVE) notifications provide full scale remediation recommendations, but only offer alternative risk reduction strategies in cases where the full remediation has not yet be made available. 

Security professionals in charge of maintaining and performing security patching and application updates do not have the means to quickly take action per the guidance of newly published CVEs. 

Fortunately, there are some alternative strategies to help reduce the cyber security risk in the interim.

In this webinar we will discuss the recent high and critical CVEs and discuss reasonable, short-term steps that can be implemented to reduce the risk of exposure until a complete remediation can be executed.

Learn additional ways to reduce your risk from these new threats:

  • Bash Bug/Shellshock
  • Outdated Operating Systems
  • IP Disclosure
  • Poodle
Catching Credential Phish
Date: Nov 18, 2015

View archived webinar

Join us for a webinar that will discuss how preventing credential theft in today’s threat landscape requires far more than strong authentication and malware detection. The majority of breaches now start with credential phish, and there is a reason why most advanced threats start with phishing – because it works!

Catching credential phish is still not easy. Email remains the easiest way to reach almost all people, and tools like social media and mobile applications are broadening the attack surface – enabling phishing attacks to be even more complex and targeted. It is more vital than ever for organizations to elevate their ability to stay ahead of cybercriminals.

Proofpoint has unparalleled visibility into the advanced threats, including credential phish and polymorphic attacks, that are aimed at leading global organizations today and solutions that protect the way people work today.

In this webinar, you will learn:

  • The anatomy of credential phish
  • The top phishing lures seen in today’s threat landscape
  • The modern techniques that Proofpoint uses to catch credential phish and empower organizations to protect people from handing over the keys to your corporate data
Making the Most of Threat Intelligence
Date: Nov 17, 2015

View archived webinar

Many enterprises are taking advantage of new streams of IT “threat intelligence” data that offer third-party insight on emerging online attacks and exploits. But how can enterprises choose the best sources for threat intelligence information? How can that data be integrated with internal security data that the organization already has? How can enterprises use threat intelligence data to trigger defensive actions to help protect their data?

In this informative webcast, top security experts will join the editors of Dark Reading to discuss tools, strategies, and techniques for making the best possible use of threat intelligence services and data. The session will offer insight on how to choose the threat intelligence sources that are most relevant to your organization, how to integrate threat data with other security intelligence, and how to “operationalize” threat information so that your people and systems can take swift action to defend against new threats.

Endpoint Protection: What You Need to Know
Date: Nov 12, 2015

View archived webinar

Endpoint protection technologies from blacklists to sandboxes are struggling to detect and contain today’s sophisticated attacks. Hackers are getting away with terabytes of data and the failure of endpoint solutions to protect sensitive systems and data is hurting enterprises’ reputations and profits, and exposing millions of customer records.

In this webinar, we will analyze the role of endpoint security and how different technologies work. We will look at their weaknesses and how attackers exploit them to remain undetected. We’ll discuss how new approaches to threat identification can automate the detection of threat vectors and behaviors,and repair compromised systems using new donor technology.

Join Dark Reading and Triumfant to learn how you can improve your endpoint protection and restore confidence in your information security strategy.

Register and attend this webinar to learn:

  • Why endpoint security remains so important in a defense-in-depth strategy.
  • About the pros and cons of existing endpoint security technologies.
  • How new approaches to threat detection and protection are more effective at detecting and remediating zero-day attacks.
Managing enterprise risk in a mobile world
Date: Nov 10, 2015

View archived webinar

As the majority of data now flows through mobile applications, organizations are now securing smartphones and tablets against more frequent and sophisticated mobile threats, but are left with questions about the right technologies to adopt.

Security technologies that rely on malware signatures have been on the decline for years, and recent studies suggest that scanners detect only about half of new malware samples. More recent “behavioral” technologies are also plagued with a high false-positive rate that doesn’t yield actionable alerts.

Join Tyler Shields, Principal Analyst at Forrester, and Kevin Mahaffey, CTO of Lookout, as they discuss the challenges that enterprises are facing today. They’ll also share tips and tools on how to protect enterprises from advanced mobile threats.

This is a must-attend webinar that will cover the following topics:

  • The key risks that exist today around embracing enterprise mobility
  • Why legacy solutions adapted to mobile don’t work
  • The future of secure enterprise mobility to manage your overall risk posture

Join us for this engaging debate where you can submit your own questions to be discussed live.

How To Talk To Upper Management About IT Security
Date: Nov 10, 2015

View archived webinar

Every day, security professionals are faced with new online threats, new groups of attackers, and new technologies for defending against them. They need new resources and new defenses – but often, the decision makers and budget holders are executives who don’t understand the threats or can’t quantify the risks. This “communications gap” often leaves the IT security team facing a shortage of resources – and unrealistic expectations.


How can IT professionals communicate complex concepts such as security posture, strategies, and risk to business executives? How can they convey emerging dangers – and the need for changes in defense – in ways that will elicit action from the boardroom? And how can they offer insight on the risks faced by the business in a way that’s actionable and quantifiable?


In this informative webcast, top experts in IT security and risk management will offer new insights on how security professionals can communicate on issues such as vulnerabilities, threats, and risk in a way that is both effective and useful for business managers. You’ll get advice on how to present security and risk information in a way that’s accurate and easy to understand. And you’ll get insight on how to speak in “business language” that helps executives recognize IT security needs and requirements – and enable effective business decisions.

Inside Out: Protecting your Company from Insider Threats
Date: Nov 05, 2015

View archived webinar

Insider threats are a very real and costly problem for organizations, but something that few companies are giving sufficient attention. Most businesses consume plenty of resources trying to combat the adversary beating at the door, but the less-obvious threats from insiders can be just as devastating, whether they’re malicious or simply ignorant. And with so much of an organization's valuable information digitized today, it has never been easier to steal sensitive data and cause irrevocable harm to a company.

The problem is, businesses are often reluctant to fund technology and processes that protect against less apparent threats and continue to want to fund perimeter security. For this Dark Reading webinar, we’ve assembled a team of experts to discuss why insider threats matter, and provide comprehensive, effective strategies for rethinking your cybersecurity approach and adjusting resources.

Dark Reading contributing editor Lenny Liebmann will lead a conversation with guest speaker, Andras Cser, vice president and principal analyst at Forrester Research and Ollie Luba, LM Wisdom ITI product owner at Lockheed Martin, as they examine current risk factors all companies must protect against. 

Among the topics we’ll discuss:

  • What’s changed in the past two to three years that’s made insider threats a critical security issue
  • Best practices for protecting against insider threats, including the players, the systems, and approaches
  • Recommendations and predictions for protecting against insider threats as the landscape evolves over the next 12 to 18 months
  • Concrete examples of effective Insider Threat Detection
  • Layered approaches that emphasize analytics across a diverse set of data sources including non-network monitoring indicators
Protecting Sensitive Data on Your Enterprise Network
Date: Nov 04, 2015

View archived webinar

Each enterprise has its own “crown jewels” -- the data that is most sensitive to its business, and most attractive to potential attackers. How do online attackers discover and seek to penetrate this data? How effective are conventional cyber defenses against these attacks?

In this Dark Reading webcast, top security experts will offer insight on methods for attacking an organization’s most sensitive data, particularly via network-based exploits.

You’ll get a look at what works – and what doesn’t – in defending against these attacks, and how other enterprises are coping with the problem. In addition, you’ll get advice on how you can bolster your defenses to protect your most critical data – before your organization becomes another headline.

Register and you will learn:

  • How online attackers target network devices and service provider connections to gain access to corporate data
  • How improperly-configured network systems such as routers and firewalls can leave your enterprise open to data breaches
  • How to use business centric application segmentation and role based access to contain potential attacks and greatly reduce damage if compromise occurs
Shouldn’t an Intrusion Detection System (IDS) Actually Detect Intrusions?
Date: Nov 03, 2015

View archived webinar

In recent years, Intrusion Detection Systems have ceased to live up to their name. As they progressively lose the ability to spot active intrusions, sophisticated cyber attackers are using more evasive and strategic intrusions that spread rapidly through the network – leaving security teams without the proper tools and insight to identify threats that pose the greatest risk to the organization.
 
In this presentation, we will analyze new approaches to intrusion detection, and how they apply to today’s most advanced attacks.

We will cover:

  • The evolution and de-evolution of IDS
  • New technologies and strategies for intrusion detection
  • Integrating intrusion detection into the security architecture
  • Real-world examples of recent attacks and how to detect them in real time
How to Understand and Respond to IT Security Vulnerabilities
Date: Oct 29, 2015

View archived webinar

Every day, IT organizations are deluged with information and warnings about new security vulnerabilities discovered by a wide variety of sources. While well-known security flaws such as Heartbleed affected systems and industries all over the world, lesser-known vulnerabilities might have just as much impact on critical systems in a particular enterprise. And a less critical but unpatched vulnerability may present greater danger than a major flaw that may be easily remedied with a software patch.

How can enterprises translate new vulnerability data into priorities and actions? How should they rank the criticality of these vulnerabilities, and come up with a plan for remediating the ones that are most relevant to their organizations?

In this editorial video webinar, a unique panel of top industry experts will discuss methods for evaluating the relevance and importance of new vulnerabilities, and for developing a remediation process that prioritizes the most critical vulnerabilities in your specific enterprise.

Register and attend this video webinar to get:

  • Insight on where to get vulnerability data, how to sift and correlate that data, and how to create “filters” to help you respond to the most important vulnerabilities first.
  • Insight on how to scan for new vulnerabilities when they are discovered, and how to implement patching and remediation processes that enable your organization to eliminate new vulnerabilities fast.
Using Real-time Threat Intelligence to Protect Patient Data
Date: Oct 28, 2015

View archived webinar

Register and join us on October 28, 2015 at 1pm ET, for a Dark Reading webinar that will share the tricks healthcare security teams are using to fight cyber threats.

KPMG recently reported that 4 out of 5 healthcare payers and providers reported a data breach over the past two years, so it’s no mystery that cyber criminals are seeking to exploit valuable stores of patient data. Given this, you need to be armed to combat these threats with real-time threat intelligence.

Register for this webinar and get insight into:

  • How to apply threat intelligence across the security stack to secure patient data at the source, the endpoints, and servers that house that data
  • How to streamline cyber threat information sharing
  • Significantly accelerating detection of and response to cyber threats that specifically target healthcare providers and payers

Register Now

Jason Garman, Principal Software Architect, Bit9 and Colby DeRodeff, Chief Strategy Officer, ThreatStream will share real world examples of healthcare organizations that have bolstered their security stance using real-time threat intelligence. 

Launch, Detect, Evolve: The Mutation of Malware
Date: Oct 22, 2015

View archived webinar

In order to hit their targets, malware developers need to constantly evolve their tactics. This evolution is frequently done in very small incremental changes to known malware attacks. Today, malicious developers know their malware has a short half-life before detection. In order to optimize their efforts, cyber criminals now modify their “products” just enough to evade detection a little bit longer.

Attend this presentation and learn:

  • New malware tactics researchers and analysts are confronting on a daily basis
  • How cyber criminals are using Crypters to evade detection
  • What you can do to proactively protect your business from future challenges
Build Your Software Securely
Date: Oct 15, 2015

View archived webinar

By now, you are well aware of the implications of building and shipping insecure software. The increasing number of application software security and compliance requirements are becoming more significant within your daily workflow. How do you begin to assess differences in the various programming languages you utilize across your organization? While some industry experts consider certain languages more secure over others, you still need to measure and modify your overall security posture within your development organization to keep pace with a dynamic climate.

This webinar will provide an overview of the software development landscape across different industry verticals. We will talk with secure development experts from Veracode and others on the best practices to measure application portfolio risk, implement practical steps for remediation of software vulnerabilities, and motivate development teams to embed these concepts into the software development lifecycle.

In this webinar, you’ll learn

  • How your development environment compares to others in the quality, threat landscape, and rate of remediation of its applications
  • What the likelihood is of your applications containing serious security risks
  • What measures your organization can take to reduce risk while building its applications
Protecting Your Users From Online Attackers
Date: Oct 13, 2015

View archived webinar

From today’s highly-publicized data breaches to tomorrow’s most stealthy targeted attacks, most online exploits begin at the enterprise network’s weakest point: the end user. Social engineering attacks, phishing, malware, watering holes, in-memory exploits – most cyber threats begin by breaching a single PC, smartphone, or end user account.

What’s the best way to protect your users -- and prevent them from making mistakes that might lead to a broader data breach? What are the best practices and technologies for protecting an endpoint that is constantly evolving? And how can enterprises consistently enforce endpoint security policies that apply to everyone, from the mailroom to the executive suite?

In this informative webcast, top security experts will discuss some of the latest threats faced by enterprise end users today – and what you can do about them. The experts will outline some of the key methods that attackers use to infiltrate the endpoint, and some of the most effective methods for stopping them. In addition, you’ll get some recommendations on how to implement best practices and technologies for protecting the endpoint – in a way that works consistently across locations and devices.

“Businesses @ Work” Report Revealed: How Enterprises Use (and Secure) Cloud and Mobile
Date: Sep 30, 2015

View archived webinar

Join this webinar and hear about the results of a recent “Business @ Work” study conducted by Okta, the leading identity and mobility management company.  This webinar will discuss how the report was compiled and review the key findings, which include leading enterprise applications, mobile adoption by industry and region, and how organizations are leveraging certain security features.

Attend and learn how:

  • Traditional enterprise apps are being ousted by disruptive competition
  • Your peers are adopting the cloud to enable employees to securely connect to business critical applications
  • You can get single sign-on, automated user management, Active Directory integration and multi-factor authentication for web-based applications, both in the cloud and behind the firewall

Don’t miss this in-depth look into how organizations and people work today!

Targeting Events That Matter: The Next Generation of SIEM
Date: Sep 29, 2015

View archived webinar

Today’s IT security organizations are not only fighting cyber attackers – they are fighting a deluge of information from their own systems. Security logs, threat intelligence feeds, cyber forensics tools – all of these emerging systems are creating such a morass of information that many enterprises – including Target – are missing key data that may indicate a major data breach. The result: the bad guys continue to get through and wreak havoc, unfettered.

For many years, the security information and event management (SIEM) system has acted as the conduit for security information. Today’s SIEM systems are evolving rapidly to embrace new capabilities such as behavioral analytics. And security information itself is also evolving: enterprises are adding new event information, such as authentication data, to help detect potential threats sooner and stop attacks *before* they turn into major breaches.

Join security experts from SecureAuth and Comm Solutions an informative webcast in which they discuss the rapid growth of security information, the recent evolution of SIEM systems, and how your enterprise can implement new technologies and best practices that help you manage the wealth of security data you’re collecting – and recognize attacks before they impact your critical data.

Improving Cyber Security Through Next-Generation Network Defenses
Date: Sep 23, 2015

View archived webinar

Enterprises continue to struggle with the many options available for endpoint and application security. But for many attackers, the first goal isn’t a device or an app – it’s your corporate network. The network is the entry point that allows a criminal to move laterally through your enterprise – and access any data, regardless of the hardware involved.

Attacks on the enterprise network are becoming increasingly sophisticated – and a new generation of tools and strategies is available to help combat them. What do the latest network-borne attacks look like? What new methods are cyber criminals using to gain access? And what can IT security and network staff do to combat these latest attacks?

In this informative webcast, top security experts will discuss the latest research on network attacks, and the attackers who launch them. The experts will also discuss emerging methods for defending against these attacks, including next-generation network segmentation methods.

Using Threat Intelligence To Improve Enterprise Cyber Defense
Date: Sep 16, 2015

View archived webinar

Many enterprises are adding threat intelligence feeds and external threat data to their cyber defense arsenal. But how can security teams integrate this new threat information with their own security data to build a stronger defense? How can they mine security intelligence data to find the threats that pose the greatest danger to their specific environments?

Join DomainTools and industry analyst Michael Osterman as they offer insight into the latest trends in threat intelligence, and how enterprises can use that intelligence to measure risk and prioritize their defenses. Osterman will share the results of a new survey on how organizations purchase and use threat intelligence, as well as the pitfalls and payoffs of using threat data wisely. The experts will also offer advice on how domain and DNS-based threat information can help organizations assess risk, assess potential indicators of compromise, and even anticipate and block future attacks.

Attendees will learn:

  • The right and wrong ways to make use of threat intelligence data;
  • Results of a major survey showing how enterprises are implementing threat intelligence services and technology;
  • The pitfalls and payoffs of using threat intelligence;
  • How domain and DNS-based threat data can help organizations see threats coming by detecting, investigating, and acting upon threat indicators.
How Enterprises Are Attacking the Cloud Security Challenge
Date: Sep 16, 2015

View archived webinar

No matter what their size or industry, most enterprises today are employing multiple cloud services and applications. But with their data running across many “clouds” that employ varying approaches to security, how can the enterprise ensure that its data is safe?

Join Dark Reading and CloudPassage for an insightful look at best practices and technologies for securing data in a multi-provider cloud environment. In a webcast featuring cloud security experts Michael Cobb and Sami Laine, Dark Reading and CloudPassage will offer a deep dive into issues such as how to: 

  • Monitor key cloud security indicators 
  • Enforce security policy across multiple cloud services
  • Build an incident response plan that enables internal security teams to work hand-in-hand with cloud service providers
  • Build dashboards that enable the enterprise to monitor security across multiple cloud providers
Protecting E-Commerce In High-Traffic Environments
Date: Sep 15, 2015

View archived webinar

In this important webinar, top security experts will discuss the ways attackers seek to exploit companies at their weakest – and most critical – moments of operation.

Gain insights on the ways that attackers target their exploits during the holiday seasons or other crucial business times, and how adversaries may take advantage of heavy traffic periods to launch malware or sophisticated attacks.

You’ll also get advice on how you can bolster your IT defense strategy to provide additional resources during critical periods and prevent these untimely attacks from affecting your business.

Topics covered will include how to:

  • Understand & avoid social exploits during high-volume periods
  • Create & enforce an internal security policy that works when staffing and time are in short supply
  • Harden your DNS to protect your Internet-based transaction traffic
  • Detect fraudulent transactions quickly
  • Stop Phishing and protect your brand

Register today and join us as we explore ways to ensure 100% uptime even when traffic and threats are at their peak!

Windows Server 2003: How To Avoid Vulnerabilities In A Post-Support World
Date: Aug 27, 2015

View archived webinar
Still running Windows Server 2003 and unsure how you'll pass your next IT compliance audit? With an estimated 2.7 million servers still running Windows Server 2003, many organizations continue to run W2K3 in production but do not yet have a rock solid plan to deal with the never-ending stream of new exploits, vulnerabilities, and zero-day malware that come with running an unsupported operating system. Worse yet, many still do not have strategies for passing their upcoming fall IT compliance audits. In this educational webcast, join Bit9 + Carbon Black Senior Director of Compliance, Chris Strand, for a discussion around what you need to do to keep W2K3 secure and compliant in a post-support world and the solutions and services that are available to help you. There are options beyond upgrading or spending a fortune on Microsoft extended support. Topics will include: Who's Still Running W2K3? - A Look at the Numbers Why You Need A Vulnerability Mitigation Strategy Rapid Implementation Strategies to Stay Compliant How Bit9 Can Help
Understanding The Board’s Perspective On Cybersecurity
Date: Aug 26, 2015

View archived webinar

Following the onslaught of high-profile cyberattacks reported in the past twelve to eighteen months, cyber security has become a more frequent topic in board-level conversations. This has created a need for CISOs to better understand board member perceptions and become more effective at communicating their cybersecurity strategies.

How can CISOs respond to these new challenges and pressures? Using data from an NYSE survey of nearly 200 corporate directors, two of the industry’s best-known voices – Andy Ellis, CSO of Akamai and Chris Wysopal, CTO & CISO of Veracode – will discuss how CISOs can elevate the security conversation to a board-level discussion.

During the live-streamed videocast at 12:00 pm on August 26, sponsored by Veracode and moderated by Dark Reading, Wysopal and Ellis will share recommendations based on their own experiences presenting to boards, ongoing conversations with fellow CISOs and the results of the NYSE survey.

Wysopal and Ellis will also discuss key questions such as:

  • What are board members’ biggest fears regarding cyberattacks?
  • Who do board members hold accountable when a major breach does occur at your company?
  • How do board members prefer information be presented about risk posture and strategies?
  • What metrics are most effective for gaining buy-in for your risk reduction strategy?

The world of IT security is changing, both for the CISO and for the business. By examining the survey results, and discussing Wysopal’s and Ellis’s own experiences, you’ll hear practical tips to help make your boardroom security discussions more productive.

If you want to get a first-hand viewpoint on what these changes may mean for your organization and your career, register to watch this special live-streamed videocast!

Impostors, Rogue Users, And Other Unwelcome Guests On Your Network
Date: Aug 25, 2015

View archived webinar
Today's cyber criminals have one dream: to navigate your enterprise's network like a privileged user. Unfortunately for your business, there is a growing number of exploits that enable these criminals to do just that. And once they're in, it can be hard to tell them from legitimate end users.
The Fantastic Four: Metrics you can’t ignore when reducing application-layer risk
Date: Jul 30, 2015

View archived webinar

You’re starting to get the hang of application security as an organization. Maybe you’re testing a few applications, or a few hundred (or thousand). But you have these nagging thoughts in the back of your mind: Are my applications better or worse than everyone else’s — especially my competitors? How can I convince my software suppliers to move faster? And, how am I going to prove to my management — even to the board — that our appsec program is making a difference?

This webinar will provide an overview of the state of software security across different industry verticals, and talk with security experts from some of the world’s leading organizations on the four metrics they use to benchmark their performance, measure success, report up to the board, and motivate development teams to fix vulnerabilities.

You’ll learn

  • How your industry compares to others in the quality, threat landscape, and rate of remediation of its applications 
  • How your peers are measuring the success of their application security programs 
  • What measures can organizations take to reduce risk in their applications
Myths of Cloud Security Debunked!
Date: Jul 23, 2015

View archived webinar

Despite the meteoric rise of cloud based applications and services, as well as its subsequent adoption by a significant number of enterprises, security still remains a major concern for many organizations.  The elephant in the room is the misconception that the cloud is less secure than on-premise capabilities. Gartner eloquently describes this as “more of a trust issue than based on any reasonable analysis of actual security capabilities”.

A recent global study by BT revealed that 76% of large organizations cited security as their main concern for using cloud-based services. 49% admitted being “ very” or “extremely anxious” about the security complications of these services.  However according to Gartner, the reality is “most breaches continue to involve on-premises data center environments”

Where do you stand on this issue?

Join Michael Sutton, Chief Information Security Officer, Zscaler, for a compelling webcast debunking the top myths of cloud security. He will address the following myths:

  1. Cloud-based infrastructure is inherently more vulnerable than a traditional IT infrastructure
  2. Cloud vendors lack transparency when it comes to understanding their security posture
  3. Physical management of data and hardware means better security
  4. Cloud security is difficult to manage
  5. Moving security to the cloud results in a loss of control over the security architecture

Michael will also provide concrete steps you can take to keep your organization safe in today’s cloud and mobile first IT landscape. 

Winning the War Against Cyber Attackers
Date: Jul 22, 2015

View archived webinar

Despite spending record amounts on IT security technology, enterprises continue to fail in their efforts to expediently stop sophisticated cyber-attacks. Recent studies indicate that most major security compromises take weeks – even months – to discover, and are often found by third parties, rather than the victim organizations. Why do current enterprise defense strategies continue to fall short, and what can IT security teams do to speed the process of detection and remediation?

In this special videocast, two top experts on information security strategy will join Dark Reading senior editor Sara Peters in a frank discussion of methods for improving the detection and containment of cyber-attacks – before they become headline-inducing data breaches.

The experts will explore why threat detection alone is insufficient, debunk current myths around enterprise defenses, and outline the reasons why existing technologies and practices today fail to detect or stop sophisticated cyber-attacks. Just as importantly, the experts will discuss tools and methods for shortening the time between a security compromise and its detection and eradication. Viewers will receive advice and recommendations for speeding the identification of a sophisticated threat, and for blocking or eliminating the threat before critical data is lost.

The Internet of Things, the Software Supply Chain and Cybersecurity
Date: Jul 15, 2015

View archived webinar

The number of connected devices is set to explode, with Gartner forecasting it will reach 25 billion by 2020 – of which 250 million will be connected vehicles.

The Internet of Things (IoT) affects virtually every industry and domain in our society including our homes, health, hospitals, factories and critical infrastructure as well as our planes, trains and automobiles.

We’re not just talking about fitness trackers and smart TVs anymore – IoT-enabled devices now include industrial machinery, patient diagnostic machines and corporate door-locking systems.

And this new binding of the digital and physical worlds means that, for the first time in history, cyberattacks can easily traverse from the digital domain to the physical realm and impact our physical assets and safety. This has been shown in numerous hacks on medical devices as well as in the 2014 cyberattack on a German blast furnace.

As enterprises increasingly rely on digital technology to drive their businesses, CISOs and CIOs must begin to understand the direction and critical implications of cybersecurity for the IoT.

Join Dark Reading for a live-streamed videocast featuring two of the industry’s best-known voices: Chris Eng, VP of Research at Veracode and former NSA engineer; and Josh Corman, CTO of Sonatype and former security strategist at Akamai and IBM Internet Security Systems.

You’ll get first-hand insights into key questions such as:

  • How does the scale and complexity of the IoT lead to changes in the way we develop software applications and assess them for risk?
  • As software increasingly becomes assembled from reusable third-party and open source components and frameworks, how do we minimize risk from the software supply chain?
  • What is a basic cybersecurity checklist for developing secure IoT systems (e.g., encryption, authentication, segmentation, patching mechanisms, etc.)?
  • What are other attack surfaces beyond the endpoint device itself (web and mobile apps, back-end cloud services, etc.)?
  • With so many different platforms and protocols, how do you assess the maturity of suppliers in your supply chain?
  • What role should industry standards and government regulations play?
The New School of Cyber Defense
Date: Jul 09, 2015

View archived webinar

The old school of cyber defense emphasized securing infrastructure and restricting data flows.  But data needs to run freely to power our organizations.  The new school of cyber defense calls for security that is agile and intelligent.  It emphasizes protecting the interactions between our users, our applications and our data.  

The world has changed, and we must change the way we secure it.  Join Frank Mong, VP & General Manager of Security Solutions and hear why you need to secure your:

  • Cloud services
  • Data wherever it is
  • Apps wherever they run
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research – independent consultant Jeremiah Grossman and Black Duck Software’s Mike Pittenger – about the latest wave of vulnerabilities being exploited by online attackers