Webinar Archives
Upcoming Webinars
The Untold Secrets for Fighting Advanced Persistent Threats
Date: Feb 11, 2016

View archived webinar

APTs are a growing threat across all industries, and the reality is almost any company of any size can suffer catastrophic losses at the hands of highly motivated and well-resourced attackers.

According to a global ISACA study, 66 percent of global organizations believe it’s only a matter of time before their enterprise is hit by an APT, yet only 15 percent believe they are prepared to handle them.

As one of the most attacked organizations in the world, Lockheed Martin has a front row seat in the fight against APTs. Join Justin Lachesky, Cyber Intelligence Analyst at Lockheed Martin and Cybereason CTO, Yonatan Striem-Amit to discuss:

  • The most pressing challenges your company faces when fighting APTs, like excessive false positives, a lack of threat context and poor endpoint visibility.
  • Four steps you can take to combat APTs in your organization, including automating threat detection and implementing behavioral analysis.
  • How to empower your security team in the fight against APTs by adopting automatic threat detection, eliminating alert fatigue and using endpoint data to reveal full attacks.
Building an IT Security Awareness Program That Really Works
Date: Feb 03, 2016

View archived webinar

Most enterprises do some form of IT security awareness training for their end users – but not all of them do it well. Organizations of all types and sizes frequently fail to build programs that truly convince users to change their behavior – and keep enterprise data safe.
In this eye-opening webcast, top experts on security training offer insights on what works in security awareness programs – and what doesn’t. You’ll get insights on how to build and deliver a curriculum that makes end users smarter about security – and prevents them from engaging in online practices that could put your corporate data at risk.

Understand Your Attacker: A Practical Guide to Identifying TTPs With Threat Intelligence
Date: Feb 02, 2016

View archived webinar

To effectively combat threats to the enterprise, security teams must understand their organization’s adversaries and the attack tools, techniques, and processes (TTPs) they are wont to weaponize. Threat analysts can create that picture for security teams, ultimately providing a set of actionable recommendations for threat management, by piecing together data from the Web that indicates a threat to the enterprise.

Levi Gundert, Vice President of Information Security Strategy at Recorded Future, will share research on the latest attacker tools, provide architecture recommendations for organizations looking to strengthen security controls, and help analysts use threat intelligence to more quickly and effectively identify threat trends. Attend this webinar to learn how to:

  • Apply methodologies for proactive and strategic source identification and information analysis.
  • Understand vendor information sources.
  • Prioritize threats in a business context.
  • Differentiate between vulnerability management and threat intelligence.
  • Use best practices for working with peer teams to test and strengthen security controls.
How to detect hidden cyberattack communications inside today’s networks
Date: Feb 02, 2016

View archived webinar

Today’s cyber attackers survive by hiding their attack communications from the prying eyes of security. It’s a critical part of their attack arsenal and it lets them patiently manage and propagate attacks throughout your network, undetected.

Tune into this webcast to learn how to detect covert attack communications inside your network. We’ll explain how you can automatically pinpoint active cyber attacks in encrypted traffic as they’re happening – and without decrypting anything.

Here’s what you’ll learn:

  • The latest techniques attackers use to hide their traffic from security.
  • Ways to detect malicious attack communications in hidden tunnels and encrypted traffic.
  • How to find malicious communications within allowed applications.
  • What you need to instantly map cyber threats to network hosts that are under attack.
  • The critical role of real-time automation in prioritizing cyber attacks that pose the highest risk.
  • How to cut through the noise of event logs and alerts to get to the heart of a cyber threat.
Cyber Security: The Business View - A Dark Reading Virtual Event
Date: Jan 26, 2016

View archived webinar

Is your business prepared for a cyber breach?

Join Dark Reading and top cyber security experts for this online event that will offer a comprehensive look at the security-related issues facing today’s businesses – and how you should respond.


KEYNOTE: Understanding Cyber Security’s Impact on Business

Tim Wilson, Editor in Chief, Dark Reading 
Bryan Sartin, Managing Director, RISK Team, Verizon 

A top expert offers an executive-level view on the impact of data breaches, the costs and benefits of investing in IT security technology and skills, and a real-world perspective on how  cyber security fits into the business equation.

KEYNOTE: Your Legal Liability In Cyber Security

Tim Wilson, Editor in Chief, Dark Reading 
Jason Straight, Senior Vice President, Chief Privacy Officer

In this keynote, a top legal expert discusses your liability to customers and partners in a legal breach, how  to avoid security negligence, and your legal standing with cyber insurance companies in the event of a breach.

PANEL: Measuring Real Cyber Security Risk

Kelly Jackson Higgins, Executive Editor, Dark Reading 
John Pescatore, Director, SANS Institute; 
Tom Parker, CTO, Accenture; 
Wade Baker, VP Strategy and Risk Analytics, ThreatConnect

A discussion of the business case for IT security, and how to quantify the risks and costs of your IT security program. We will discuss the costs associated with today’s threats and data breaches, and how you can use threat intelligence and cyber security risk metrics to prioritize costs and defense strategies specifically for your enterprise.

PANEL: Preparing Your Business For a Major Data Breach

Sara Peters, Senior Editor, Dark Reading 
John P. Gelinne, Deloitte Advisory & Captain, US Navy (Ret); 
John H. Sawyer, Managing Security Consultant, InGuardians; 
Roman Brozyna, Chief Information Security Officer, Bit9 + Carbon Black

A quick guide that shows you, step by step, how to build a plan for reacting to a major data breach, including breach detection and remediation, legal liabilities, working with law enforcement, and crisis public relations.

PANEL: How (And Why) Hackers Target Your Business

Marilyn Cohodas, Community Editor, Dark Reading 
David West, Assistant Section Chief, FBI Cyber Division; 
John Terrill, Founder & CEO, Drawbridge Networks; 
Adam Meyer, Chief Security Strategist, SurfWatch Labs

In this panel discussion, experts on cyber threats offer an inside look at the goals of a cyber attack and the methods that hackers use to select and infiltrate targeted companies.

Integrating IT and OT for Safer Operational Processes
Date: Jan 07, 2016

View archived webinar

Security threats against corporate networks are staggering, and the situation is even more compounded for energy companies that safeguard both information technology (IT) and operational technology (OT) systems. With the growth of interconnected networks, use of cloud services and the need to share information 24/7, these traditionally isolated critical infrastructures are rapidly becoming integrated into enterprise environments. As OT control systems continue to modernize, this interconnectivity is putting new pressures on both IT and OT professionals to better manage, secure, and protect the technologies that run our important facility processes, like electrical systems, oil and gas controls, and industrial factories. IT/OT convergence enables better visibility, centralized control, improved situational awareness, increased efficiencies, and a more mature cybersecurity posture across operations – but only if it’s done right.

In this Dark Reading video panel, sponsored by Lockheed Martin, we’ll discuss the role  intelligence and automation can play to simplify the information flow between management and supervisory control systems.

Discussion agenda items include:

  • How to detect and stop the progression of an advanced persistent threat against your IT and OT infrastructures before they can damage your networks – and business credibility
  • What you can do to improve centralized control, safety, and security monitoring for OT platforms
  • How the Lockheed Martin Cyber Kill Chain® method of intelligence-driven defense applies (or doesn’t) for integrated IT/OT systems
  • How to modernize your legacy SCADA software and better integrate your disparate applications
  • Ways to provide real-time information across the converged IT/OT infrastructure to improve business performance and the automation of industrial processes
  • How IoT can help you better integrate components of industrial processes into the enterprise network so they can be more easily monitored and better serviced
How to Build a World-Class Threat Intelligence Capability From Scratch
Date: Dec 15, 2015

View archived webinar

Threat intelligence is a broad subject and the natural tendency is to produce intelligence on any topic or event regardless of its applicability to the company. True success in threat intelligence depends on focusing intelligence efforts to very specific business objectives, which removes the large surface area and leaves only a challenging sliver of ultra-high value to pursue.

This webinar will reveal critical concepts and practical details, where necessary, to produce a world-class threat intelligence capability from scratch.

Why Layered Security Strategies Don’t Work – And What You Can Do About It
Date: Dec 15, 2015

View archived webinar

Every year, enterprises spend record levels of money on new IT security technology – yet major breaches and compromises are more prevalent than ever. The concept of “layered security” – in which enterprises support a wide variety of security technologies in order to discourage attackers – doesn’t seem to be working.

It’s time to rethink IT security – not just the technology, but the way enterprises approach it from a strategic, architectural perspective. There are ways for organizations to build a comprehensive set of defenses – a security architecture – that can not only discourage attackers, but actually prevent them from penetrating your IT environment.

In this webcast, you will learn some of the basics of building a next-generation IT security architecture, including:

  • How the foundational architecture of a next-gen firewall and security platform “matters” in enabling the business, and protecting it against a wide variety of attacks.
  • How the architecture enables unique and specific security scenarios.
  • How the architecture supports a prevention-oriented approach.
Where Badness Lurks: New Threats Demand a New Approach
Date: Dec 10, 2015

View archived webinar

Join DomainTools for a webinar that will show new and innovative ways to map threat infrastructure, which in turn can help you defend your organization against future moves by attackers.

During this discussion, DomainTools will walk you through an analysis of its databases of domain and IP profile data and what was discovered. You'll hear about patterns of concentration of malicious internet activity by top-level domain, registrant email provider, privacy service, and other non-geographic taxonomies.

And, because they have been linked to recent breaches, we give special focus to the role of bulk domain registration agents in the development of attack infrastructure, asking the question: are "domain resellers" intrinsically suspect? We will also discuss how to practically apply the methodology that underlies these findings.

Register and attend this webinar to see:

  • Why open-source intelligence (OSINT) matters and how to use it in adversary analysis
  • New ways of pinpointing--and predicting--hotspots of malicious activity
  • Which bulk domain registration agents are tied to malicious activities
  • A real-life investigation of the adversaries behind a major breach
Operationalizing Threat Intelligence to Battle Persistent Actors
Date: Dec 09, 2015

View archived webinar

We have all heard that threat intelligence can help level the battlefield against advanced persistent threats whether criminal or nation state attackers. But what is Threat Intelligence? How does it fit into your organization’s security operations? And how can you develop your own Threat Intelligence?

Attend this webcast to learn:

  • How to leverage Threat Intelligence to identify potential adversaries and take appropriate action
  • How to develop Threat Intelligence using the Diamond Model
  • How ThreatConnect investigated Chinese state-sponsored threats using the Diamond Model
  • How to operationalize Threat Intelligence using Splunk and ThreatConnect

Join Andy Pendergast, co-author of the Diamond Model and co-founder of ThreatConnect and Monzy Merza, Director of Cyber Research at Splunk to see how you can apply Threat Intelligence to protect your organization and prevent future breaches. During the talk, Andy will share threat intel on a nation state threat and Monzy will do a live demonstration of operationalizing the new Threat Intelligence.

Best Practices for Resilient Inline Security Deployments
Date: Dec 08, 2015

View archived webinar

Today’s threat landscape demands the use of a complex array of proactive security systems and monitoring solutions.  What are the most common and useful security solutions you should consider - next-gen firewalls, web-application firewalls, intrusion prevention systems?

Many of these security tools require inline network deployment.  But why in the face of almost certain cyber-security breach do organizations avoid deploying these best-practice security tools?

Learn to deploy your security defenses like firewalls, intrusion prevention systems (IPS) and others using a safe, yet flexible security framework that improves network uptime, speeds network troubleshooting, and eases network and security maintenance for operations personnel.

  • An overview of security tools and monitoring systems available.
  • The value of proactive inline security systems and why organization fail to use them.
  • Best practices for safely deploying security defenses.
  • Minimizing conflicts between networking and security operations teams.

If you provide your (ISC)2 ID certificate number when you register for the webinar, your CPE credit will automatically be added to your (ISC)2 account within 4-6 weeks.

Hunting For Potential Threats in Your Enterprise
Date: Dec 08, 2015

View archived webinar

Security teams have traditionally been “gatherers” of threat information, installing tools and systems that collect potential indicators of compromise and then waiting for alerts. As attacks become more sophisticated and well-hidden, however, many security teams have begun to implement “hunting” processes that enable IT pros to identify and investigate potential threats *before*  the alarm bells go off.
What are the tools and techniques required to implement hunting in your organization? What skills does your team need, and what are the potential benefits of adding these processes to your security practices? In this informative webcast, top experts in IT security research offer an inside look at the hunting process, as well as the tools and data resources you’ll need to make it work in your organization. You’ll also get some advice on the costs and benefits of threat hunting, and how you can use it to lower costs and make your organization’s data more secure.

How to Reduce Risk When You Can’t Instantly Remediate “High” or “Critical” Common Vulnerabilities and Exposures (CVEs)
Date: Nov 19, 2015

View archived webinar

Common Vulnerabilities and Exposures (CVE) notifications provide full scale remediation recommendations, but only offer alternative risk reduction strategies in cases where the full remediation has not yet be made available. 

Security professionals in charge of maintaining and performing security patching and application updates do not have the means to quickly take action per the guidance of newly published CVEs. 

Fortunately, there are some alternative strategies to help reduce the cyber security risk in the interim.

In this webinar we will discuss the recent high and critical CVEs and discuss reasonable, short-term steps that can be implemented to reduce the risk of exposure until a complete remediation can be executed.

Learn additional ways to reduce your risk from these new threats:

  • Bash Bug/Shellshock
  • Outdated Operating Systems
  • IP Disclosure
  • Poodle
Catching Credential Phish
Date: Nov 18, 2015

View archived webinar

Join us for a webinar that will discuss how preventing credential theft in today’s threat landscape requires far more than strong authentication and malware detection. The majority of breaches now start with credential phish, and there is a reason why most advanced threats start with phishing – because it works!

Catching credential phish is still not easy. Email remains the easiest way to reach almost all people, and tools like social media and mobile applications are broadening the attack surface – enabling phishing attacks to be even more complex and targeted. It is more vital than ever for organizations to elevate their ability to stay ahead of cybercriminals.

Proofpoint has unparalleled visibility into the advanced threats, including credential phish and polymorphic attacks, that are aimed at leading global organizations today and solutions that protect the way people work today.

In this webinar, you will learn:

  • The anatomy of credential phish
  • The top phishing lures seen in today’s threat landscape
  • The modern techniques that Proofpoint uses to catch credential phish and empower organizations to protect people from handing over the keys to your corporate data
Making the Most of Threat Intelligence
Date: Nov 17, 2015

View archived webinar

Many enterprises are taking advantage of new streams of IT “threat intelligence” data that offer third-party insight on emerging online attacks and exploits. But how can enterprises choose the best sources for threat intelligence information? How can that data be integrated with internal security data that the organization already has? How can enterprises use threat intelligence data to trigger defensive actions to help protect their data?

In this informative webcast, top security experts will join the editors of Dark Reading to discuss tools, strategies, and techniques for making the best possible use of threat intelligence services and data. The session will offer insight on how to choose the threat intelligence sources that are most relevant to your organization, how to integrate threat data with other security intelligence, and how to “operationalize” threat information so that your people and systems can take swift action to defend against new threats.

Endpoint Protection: What You Need to Know
Date: Nov 12, 2015

View archived webinar

Endpoint protection technologies from blacklists to sandboxes are struggling to detect and contain today’s sophisticated attacks. Hackers are getting away with terabytes of data and the failure of endpoint solutions to protect sensitive systems and data is hurting enterprises’ reputations and profits, and exposing millions of customer records.

In this webinar, we will analyze the role of endpoint security and how different technologies work. We will look at their weaknesses and how attackers exploit them to remain undetected. We’ll discuss how new approaches to threat identification can automate the detection of threat vectors and behaviors,and repair compromised systems using new donor technology.

Join Dark Reading and Triumfant to learn how you can improve your endpoint protection and restore confidence in your information security strategy.

Register and attend this webinar to learn:

  • Why endpoint security remains so important in a defense-in-depth strategy.
  • About the pros and cons of existing endpoint security technologies.
  • How new approaches to threat detection and protection are more effective at detecting and remediating zero-day attacks.
Managing enterprise risk in a mobile world
Date: Nov 10, 2015

View archived webinar

As the majority of data now flows through mobile applications, organizations are now securing smartphones and tablets against more frequent and sophisticated mobile threats, but are left with questions about the right technologies to adopt.

Security technologies that rely on malware signatures have been on the decline for years, and recent studies suggest that scanners detect only about half of new malware samples. More recent “behavioral” technologies are also plagued with a high false-positive rate that doesn’t yield actionable alerts.

Join Tyler Shields, Principal Analyst at Forrester, and Kevin Mahaffey, CTO of Lookout, as they discuss the challenges that enterprises are facing today. They’ll also share tips and tools on how to protect enterprises from advanced mobile threats.

This is a must-attend webinar that will cover the following topics:

  • The key risks that exist today around embracing enterprise mobility
  • Why legacy solutions adapted to mobile don’t work
  • The future of secure enterprise mobility to manage your overall risk posture

Join us for this engaging debate where you can submit your own questions to be discussed live.

How To Talk To Upper Management About IT Security
Date: Nov 10, 2015

View archived webinar

Every day, security professionals are faced with new online threats, new groups of attackers, and new technologies for defending against them. They need new resources and new defenses – but often, the decision makers and budget holders are executives who don’t understand the threats or can’t quantify the risks. This “communications gap” often leaves the IT security team facing a shortage of resources – and unrealistic expectations.

How can IT professionals communicate complex concepts such as security posture, strategies, and risk to business executives? How can they convey emerging dangers – and the need for changes in defense – in ways that will elicit action from the boardroom? And how can they offer insight on the risks faced by the business in a way that’s actionable and quantifiable?

In this informative webcast, top experts in IT security and risk management will offer new insights on how security professionals can communicate on issues such as vulnerabilities, threats, and risk in a way that is both effective and useful for business managers. You’ll get advice on how to present security and risk information in a way that’s accurate and easy to understand. And you’ll get insight on how to speak in “business language” that helps executives recognize IT security needs and requirements – and enable effective business decisions.

Inside Out: Protecting your Company from Insider Threats
Date: Nov 05, 2015

View archived webinar

Insider threats are a very real and costly problem for organizations, but something that few companies are giving sufficient attention. Most businesses consume plenty of resources trying to combat the adversary beating at the door, but the less-obvious threats from insiders can be just as devastating, whether they’re malicious or simply ignorant. And with so much of an organization's valuable information digitized today, it has never been easier to steal sensitive data and cause irrevocable harm to a company.

The problem is, businesses are often reluctant to fund technology and processes that protect against less apparent threats and continue to want to fund perimeter security. For this Dark Reading webinar, we’ve assembled a team of experts to discuss why insider threats matter, and provide comprehensive, effective strategies for rethinking your cybersecurity approach and adjusting resources.

Dark Reading contributing editor Lenny Liebmann will lead a conversation with guest speaker, Andras Cser, vice president and principal analyst at Forrester Research and Ollie Luba, LM Wisdom ITI product owner at Lockheed Martin, as they examine current risk factors all companies must protect against. 

Among the topics we’ll discuss:

  • What’s changed in the past two to three years that’s made insider threats a critical security issue
  • Best practices for protecting against insider threats, including the players, the systems, and approaches
  • Recommendations and predictions for protecting against insider threats as the landscape evolves over the next 12 to 18 months
  • Concrete examples of effective Insider Threat Detection
  • Layered approaches that emphasize analytics across a diverse set of data sources including non-network monitoring indicators
Protecting Sensitive Data on Your Enterprise Network
Date: Nov 04, 2015

View archived webinar

Each enterprise has its own “crown jewels” -- the data that is most sensitive to its business, and most attractive to potential attackers. How do online attackers discover and seek to penetrate this data? How effective are conventional cyber defenses against these attacks?

In this Dark Reading webcast, top security experts will offer insight on methods for attacking an organization’s most sensitive data, particularly via network-based exploits.

You’ll get a look at what works – and what doesn’t – in defending against these attacks, and how other enterprises are coping with the problem. In addition, you’ll get advice on how you can bolster your defenses to protect your most critical data – before your organization becomes another headline.

Register and you will learn:

  • How online attackers target network devices and service provider connections to gain access to corporate data
  • How improperly-configured network systems such as routers and firewalls can leave your enterprise open to data breaches
  • How to use business centric application segmentation and role based access to contain potential attacks and greatly reduce damage if compromise occurs
Shouldn’t an Intrusion Detection System (IDS) Actually Detect Intrusions?
Date: Nov 03, 2015

View archived webinar

In recent years, Intrusion Detection Systems have ceased to live up to their name. As they progressively lose the ability to spot active intrusions, sophisticated cyber attackers are using more evasive and strategic intrusions that spread rapidly through the network – leaving security teams without the proper tools and insight to identify threats that pose the greatest risk to the organization.
In this presentation, we will analyze new approaches to intrusion detection, and how they apply to today’s most advanced attacks.

We will cover:

  • The evolution and de-evolution of IDS
  • New technologies and strategies for intrusion detection
  • Integrating intrusion detection into the security architecture
  • Real-world examples of recent attacks and how to detect them in real time
How to Understand and Respond to IT Security Vulnerabilities
Date: Oct 29, 2015

View archived webinar

Every day, IT organizations are deluged with information and warnings about new security vulnerabilities discovered by a wide variety of sources. While well-known security flaws such as Heartbleed affected systems and industries all over the world, lesser-known vulnerabilities might have just as much impact on critical systems in a particular enterprise. And a less critical but unpatched vulnerability may present greater danger than a major flaw that may be easily remedied with a software patch.

How can enterprises translate new vulnerability data into priorities and actions? How should they rank the criticality of these vulnerabilities, and come up with a plan for remediating the ones that are most relevant to their organizations?

In this editorial video webinar, a unique panel of top industry experts will discuss methods for evaluating the relevance and importance of new vulnerabilities, and for developing a remediation process that prioritizes the most critical vulnerabilities in your specific enterprise.

Register and attend this video webinar to get:

  • Insight on where to get vulnerability data, how to sift and correlate that data, and how to create “filters” to help you respond to the most important vulnerabilities first.
  • Insight on how to scan for new vulnerabilities when they are discovered, and how to implement patching and remediation processes that enable your organization to eliminate new vulnerabilities fast.
Using Real-time Threat Intelligence to Protect Patient Data
Date: Oct 28, 2015

View archived webinar

Register and join us on October 28, 2015 at 1pm ET, for a Dark Reading webinar that will share the tricks healthcare security teams are using to fight cyber threats.

KPMG recently reported that 4 out of 5 healthcare payers and providers reported a data breach over the past two years, so it’s no mystery that cyber criminals are seeking to exploit valuable stores of patient data. Given this, you need to be armed to combat these threats with real-time threat intelligence.

Register for this webinar and get insight into:

  • How to apply threat intelligence across the security stack to secure patient data at the source, the endpoints, and servers that house that data
  • How to streamline cyber threat information sharing
  • Significantly accelerating detection of and response to cyber threats that specifically target healthcare providers and payers

Register Now

Jason Garman, Principal Software Architect, Bit9 and Colby DeRodeff, Chief Strategy Officer, ThreatStream will share real world examples of healthcare organizations that have bolstered their security stance using real-time threat intelligence. 

Launch, Detect, Evolve: The Mutation of Malware
Date: Oct 22, 2015

View archived webinar

In order to hit their targets, malware developers need to constantly evolve their tactics. This evolution is frequently done in very small incremental changes to known malware attacks. Today, malicious developers know their malware has a short half-life before detection. In order to optimize their efforts, cyber criminals now modify their “products” just enough to evade detection a little bit longer.

Attend this presentation and learn:

  • New malware tactics researchers and analysts are confronting on a daily basis
  • How cyber criminals are using Crypters to evade detection
  • What you can do to proactively protect your business from future challenges
Build Your Software Securely
Date: Oct 15, 2015

View archived webinar

By now, you are well aware of the implications of building and shipping insecure software. The increasing number of application software security and compliance requirements are becoming more significant within your daily workflow. How do you begin to assess differences in the various programming languages you utilize across your organization? While some industry experts consider certain languages more secure over others, you still need to measure and modify your overall security posture within your development organization to keep pace with a dynamic climate.

This webinar will provide an overview of the software development landscape across different industry verticals. We will talk with secure development experts from Veracode and others on the best practices to measure application portfolio risk, implement practical steps for remediation of software vulnerabilities, and motivate development teams to embed these concepts into the software development lifecycle.

In this webinar, you’ll learn

  • How your development environment compares to others in the quality, threat landscape, and rate of remediation of its applications
  • What the likelihood is of your applications containing serious security risks
  • What measures your organization can take to reduce risk while building its applications
Protecting Your Users From Online Attackers
Date: Oct 13, 2015

View archived webinar

From today’s highly-publicized data breaches to tomorrow’s most stealthy targeted attacks, most online exploits begin at the enterprise network’s weakest point: the end user. Social engineering attacks, phishing, malware, watering holes, in-memory exploits – most cyber threats begin by breaching a single PC, smartphone, or end user account.

What’s the best way to protect your users -- and prevent them from making mistakes that might lead to a broader data breach? What are the best practices and technologies for protecting an endpoint that is constantly evolving? And how can enterprises consistently enforce endpoint security policies that apply to everyone, from the mailroom to the executive suite?

In this informative webcast, top security experts will discuss some of the latest threats faced by enterprise end users today – and what you can do about them. The experts will outline some of the key methods that attackers use to infiltrate the endpoint, and some of the most effective methods for stopping them. In addition, you’ll get some recommendations on how to implement best practices and technologies for protecting the endpoint – in a way that works consistently across locations and devices.

“Businesses @ Work” Report Revealed: How Enterprises Use (and Secure) Cloud and Mobile
Date: Sep 30, 2015

View archived webinar

Join this webinar and hear about the results of a recent “Business @ Work” study conducted by Okta, the leading identity and mobility management company.  This webinar will discuss how the report was compiled and review the key findings, which include leading enterprise applications, mobile adoption by industry and region, and how organizations are leveraging certain security features.

Attend and learn how:

  • Traditional enterprise apps are being ousted by disruptive competition
  • Your peers are adopting the cloud to enable employees to securely connect to business critical applications
  • You can get single sign-on, automated user management, Active Directory integration and multi-factor authentication for web-based applications, both in the cloud and behind the firewall

Don’t miss this in-depth look into how organizations and people work today!

Targeting Events That Matter: The Next Generation of SIEM
Date: Sep 29, 2015

View archived webinar

Today’s IT security organizations are not only fighting cyber attackers – they are fighting a deluge of information from their own systems. Security logs, threat intelligence feeds, cyber forensics tools – all of these emerging systems are creating such a morass of information that many enterprises – including Target – are missing key data that may indicate a major data breach. The result: the bad guys continue to get through and wreak havoc, unfettered.

For many years, the security information and event management (SIEM) system has acted as the conduit for security information. Today’s SIEM systems are evolving rapidly to embrace new capabilities such as behavioral analytics. And security information itself is also evolving: enterprises are adding new event information, such as authentication data, to help detect potential threats sooner and stop attacks *before* they turn into major breaches.

Join security experts from SecureAuth and Comm Solutions an informative webcast in which they discuss the rapid growth of security information, the recent evolution of SIEM systems, and how your enterprise can implement new technologies and best practices that help you manage the wealth of security data you’re collecting – and recognize attacks before they impact your critical data.

Improving Cyber Security Through Next-Generation Network Defenses
Date: Sep 23, 2015

View archived webinar

Enterprises continue to struggle with the many options available for endpoint and application security. But for many attackers, the first goal isn’t a device or an app – it’s your corporate network. The network is the entry point that allows a criminal to move laterally through your enterprise – and access any data, regardless of the hardware involved.

Attacks on the enterprise network are becoming increasingly sophisticated – and a new generation of tools and strategies is available to help combat them. What do the latest network-borne attacks look like? What new methods are cyber criminals using to gain access? And what can IT security and network staff do to combat these latest attacks?

In this informative webcast, top security experts will discuss the latest research on network attacks, and the attackers who launch them. The experts will also discuss emerging methods for defending against these attacks, including next-generation network segmentation methods.

Using Threat Intelligence To Improve Enterprise Cyber Defense
Date: Sep 16, 2015

View archived webinar

Many enterprises are adding threat intelligence feeds and external threat data to their cyber defense arsenal. But how can security teams integrate this new threat information with their own security data to build a stronger defense? How can they mine security intelligence data to find the threats that pose the greatest danger to their specific environments?

Join DomainTools and industry analyst Michael Osterman as they offer insight into the latest trends in threat intelligence, and how enterprises can use that intelligence to measure risk and prioritize their defenses. Osterman will share the results of a new survey on how organizations purchase and use threat intelligence, as well as the pitfalls and payoffs of using threat data wisely. The experts will also offer advice on how domain and DNS-based threat information can help organizations assess risk, assess potential indicators of compromise, and even anticipate and block future attacks.

Attendees will learn:

  • The right and wrong ways to make use of threat intelligence data;
  • Results of a major survey showing how enterprises are implementing threat intelligence services and technology;
  • The pitfalls and payoffs of using threat intelligence;
  • How domain and DNS-based threat data can help organizations see threats coming by detecting, investigating, and acting upon threat indicators.
How Enterprises Are Attacking the Cloud Security Challenge
Date: Sep 16, 2015

View archived webinar

No matter what their size or industry, most enterprises today are employing multiple cloud services and applications. But with their data running across many “clouds” that employ varying approaches to security, how can the enterprise ensure that its data is safe?

Join Dark Reading and CloudPassage for an insightful look at best practices and technologies for securing data in a multi-provider cloud environment. In a webcast featuring cloud security experts Michael Cobb and Sami Laine, Dark Reading and CloudPassage will offer a deep dive into issues such as how to: 

  • Monitor key cloud security indicators 
  • Enforce security policy across multiple cloud services
  • Build an incident response plan that enables internal security teams to work hand-in-hand with cloud service providers
  • Build dashboards that enable the enterprise to monitor security across multiple cloud providers
Protecting E-Commerce In High-Traffic Environments
Date: Sep 15, 2015

View archived webinar

In this important webinar, top security experts will discuss the ways attackers seek to exploit companies at their weakest – and most critical – moments of operation.

Gain insights on the ways that attackers target their exploits during the holiday seasons or other crucial business times, and how adversaries may take advantage of heavy traffic periods to launch malware or sophisticated attacks.

You’ll also get advice on how you can bolster your IT defense strategy to provide additional resources during critical periods and prevent these untimely attacks from affecting your business.

Topics covered will include how to:

  • Understand & avoid social exploits during high-volume periods
  • Create & enforce an internal security policy that works when staffing and time are in short supply
  • Harden your DNS to protect your Internet-based transaction traffic
  • Detect fraudulent transactions quickly
  • Stop Phishing and protect your brand

Register today and join us as we explore ways to ensure 100% uptime even when traffic and threats are at their peak!

Windows Server 2003: How To Avoid Vulnerabilities In A Post-Support World
Date: Aug 27, 2015

View archived webinar
Still running Windows Server 2003 and unsure how you'll pass your next IT compliance audit? With an estimated 2.7 million servers still running Windows Server 2003, many organizations continue to run W2K3 in production but do not yet have a rock solid plan to deal with the never-ending stream of new exploits, vulnerabilities, and zero-day malware that come with running an unsupported operating system. Worse yet, many still do not have strategies for passing their upcoming fall IT compliance audits. In this educational webcast, join Bit9 + Carbon Black Senior Director of Compliance, Chris Strand, for a discussion around what you need to do to keep W2K3 secure and compliant in a post-support world and the solutions and services that are available to help you. There are options beyond upgrading or spending a fortune on Microsoft extended support. Topics will include: Who's Still Running W2K3? - A Look at the Numbers Why You Need A Vulnerability Mitigation Strategy Rapid Implementation Strategies to Stay Compliant How Bit9 Can Help
Understanding The Board’s Perspective On Cybersecurity
Date: Aug 26, 2015

View archived webinar

Following the onslaught of high-profile cyberattacks reported in the past twelve to eighteen months, cyber security has become a more frequent topic in board-level conversations. This has created a need for CISOs to better understand board member perceptions and become more effective at communicating their cybersecurity strategies.

How can CISOs respond to these new challenges and pressures? Using data from an NYSE survey of nearly 200 corporate directors, two of the industry’s best-known voices – Andy Ellis, CSO of Akamai and Chris Wysopal, CTO & CISO of Veracode – will discuss how CISOs can elevate the security conversation to a board-level discussion.

During the live-streamed videocast at 12:00 pm on August 26, sponsored by Veracode and moderated by Dark Reading, Wysopal and Ellis will share recommendations based on their own experiences presenting to boards, ongoing conversations with fellow CISOs and the results of the NYSE survey.

Wysopal and Ellis will also discuss key questions such as:

  • What are board members’ biggest fears regarding cyberattacks?
  • Who do board members hold accountable when a major breach does occur at your company?
  • How do board members prefer information be presented about risk posture and strategies?
  • What metrics are most effective for gaining buy-in for your risk reduction strategy?

The world of IT security is changing, both for the CISO and for the business. By examining the survey results, and discussing Wysopal’s and Ellis’s own experiences, you’ll hear practical tips to help make your boardroom security discussions more productive.

If you want to get a first-hand viewpoint on what these changes may mean for your organization and your career, register to watch this special live-streamed videocast!

Impostors, Rogue Users, And Other Unwelcome Guests On Your Network
Date: Aug 25, 2015

View archived webinar

Today’s cyber criminals have one dream: to navigate your enterprise’s network like a privileged user. Unfortunately for your business, there is a growing number of exploits that enable these criminals to do just that. And once they’re in, it can be hard to tell them from legitimate end users.
How do you know when an impostor is on your network? What tools and techniques do they use to gain user credentials and capabilities? More importantly, how can you detect unauthorized users and lock them out – before they steal your data? In this timely webcast, three top security experts will discuss the methods that attackers use to assume a trusted identity on enterprise networks, and how they behave once they gain access. The panel will also discuss methods you can use to identify behaviors and actions that might tip off a malicious user – and enable you to stop them before they can exfiltrate sensitive information.

The Fantastic Four: Metrics you can’t ignore when reducing application-layer risk
Date: Jul 30, 2015

View archived webinar

You’re starting to get the hang of application security as an organization. Maybe you’re testing a few applications, or a few hundred (or thousand). But you have these nagging thoughts in the back of your mind: Are my applications better or worse than everyone else’s — especially my competitors? How can I convince my software suppliers to move faster? And, how am I going to prove to my management — even to the board — that our appsec program is making a difference?

This webinar will provide an overview of the state of software security across different industry verticals, and talk with security experts from some of the world’s leading organizations on the four metrics they use to benchmark their performance, measure success, report up to the board, and motivate development teams to fix vulnerabilities.

You’ll learn

  • How your industry compares to others in the quality, threat landscape, and rate of remediation of its applications 
  • How your peers are measuring the success of their application security programs 
  • What measures can organizations take to reduce risk in their applications
Myths of Cloud Security Debunked!
Date: Jul 23, 2015

View archived webinar

Despite the meteoric rise of cloud based applications and services, as well as its subsequent adoption by a significant number of enterprises, security still remains a major concern for many organizations.  The elephant in the room is the misconception that the cloud is less secure than on-premise capabilities. Gartner eloquently describes this as “more of a trust issue than based on any reasonable analysis of actual security capabilities”.

A recent global study by BT revealed that 76% of large organizations cited security as their main concern for using cloud-based services. 49% admitted being “ very” or “extremely anxious” about the security complications of these services.  However according to Gartner, the reality is “most breaches continue to involve on-premises data center environments”

Where do you stand on this issue?

Join Michael Sutton, Chief Information Security Officer, Zscaler, for a compelling webcast debunking the top myths of cloud security. He will address the following myths:

  1. Cloud-based infrastructure is inherently more vulnerable than a traditional IT infrastructure
  2. Cloud vendors lack transparency when it comes to understanding their security posture
  3. Physical management of data and hardware means better security
  4. Cloud security is difficult to manage
  5. Moving security to the cloud results in a loss of control over the security architecture

Michael will also provide concrete steps you can take to keep your organization safe in today’s cloud and mobile first IT landscape. 

Winning the War Against Cyber Attackers
Date: Jul 22, 2015

View archived webinar

Despite spending record amounts on IT security technology, enterprises continue to fail in their efforts to expediently stop sophisticated cyber-attacks. Recent studies indicate that most major security compromises take weeks – even months – to discover, and are often found by third parties, rather than the victim organizations. Why do current enterprise defense strategies continue to fall short, and what can IT security teams do to speed the process of detection and remediation?

In this special videocast, two top experts on information security strategy will join Dark Reading senior editor Sara Peters in a frank discussion of methods for improving the detection and containment of cyber-attacks – before they become headline-inducing data breaches.

The experts will explore why threat detection alone is insufficient, debunk current myths around enterprise defenses, and outline the reasons why existing technologies and practices today fail to detect or stop sophisticated cyber-attacks. Just as importantly, the experts will discuss tools and methods for shortening the time between a security compromise and its detection and eradication. Viewers will receive advice and recommendations for speeding the identification of a sophisticated threat, and for blocking or eliminating the threat before critical data is lost.

The Internet of Things, the Software Supply Chain and Cybersecurity
Date: Jul 15, 2015

View archived webinar

The number of connected devices is set to explode, with Gartner forecasting it will reach 25 billion by 2020 – of which 250 million will be connected vehicles.

The Internet of Things (IoT) affects virtually every industry and domain in our society including our homes, health, hospitals, factories and critical infrastructure as well as our planes, trains and automobiles.

We’re not just talking about fitness trackers and smart TVs anymore – IoT-enabled devices now include industrial machinery, patient diagnostic machines and corporate door-locking systems.

And this new binding of the digital and physical worlds means that, for the first time in history, cyberattacks can easily traverse from the digital domain to the physical realm and impact our physical assets and safety. This has been shown in numerous hacks on medical devices as well as in the 2014 cyberattack on a German blast furnace.

As enterprises increasingly rely on digital technology to drive their businesses, CISOs and CIOs must begin to understand the direction and critical implications of cybersecurity for the IoT.

Join Dark Reading for a live-streamed videocast featuring two of the industry’s best-known voices: Chris Eng, VP of Research at Veracode and former NSA engineer; and Josh Corman, CTO of Sonatype and former security strategist at Akamai and IBM Internet Security Systems.

You’ll get first-hand insights into key questions such as:

  • How does the scale and complexity of the IoT lead to changes in the way we develop software applications and assess them for risk?
  • As software increasingly becomes assembled from reusable third-party and open source components and frameworks, how do we minimize risk from the software supply chain?
  • What is a basic cybersecurity checklist for developing secure IoT systems (e.g., encryption, authentication, segmentation, patching mechanisms, etc.)?
  • What are other attack surfaces beyond the endpoint device itself (web and mobile apps, back-end cloud services, etc.)?
  • With so many different platforms and protocols, how do you assess the maturity of suppliers in your supply chain?
  • What role should industry standards and government regulations play?
The New School of Cyber Defense
Date: Jul 09, 2015

View archived webinar

The old school of cyber defense emphasized securing infrastructure and restricting data flows.  But data needs to run freely to power our organizations.  The new school of cyber defense calls for security that is agile and intelligent.  It emphasizes protecting the interactions between our users, our applications and our data.  

The world has changed, and we must change the way we secure it.  Join Frank Mong, VP & General Manager of Security Solutions and hear why you need to secure your:

  • Cloud services
  • Data wherever it is
  • Apps wherever they run
Security Threats: Is the Attacker Right in Front of You?
Date: Jun 18, 2015

View archived webinar

Despite the fact that external attacks often get more attention in the media, recent data is proving that the threat posed by malicious, negligent or compromised insiders is indeed significant.

The best way to detect and prevent insider threats is to have in-depth visibility into the internal environment and a means of filtering and prioritizing the massive amount of data available on the network into concise, actionable intelligence.

You’ll learn:

  • How to detect insider threats
  • How to identify suspicious network activity
  • Strategies for managing the insider threat problem from both a business and technical point of view.
  • Different techniques for identifying suspicious activity in large collections of data
  • Tips to incorporate best practices to protect your organization from the insider threat

Insider threats is critical so that you can minimize the amount of data that can be compromised.

Could you find the insider threat if there was one? Would you know what steps to take to determine how much data had been breached? Join this webinar to learn how to detect insider threats and ways to protect against them.

Register & Get "The Reality of Insider Threats" complimentary Infographic Today!

Making the Most Out Of Threat Intelligence Services
Date: Jun 17, 2015

View archived webinar

Threat intelligence services are enabling enterprises to incorporate information about external cyber threats into their IT defense strategies. But as this new category of services evolves and becomes more widely implemented, enterprises are searching for ways to make better use of the wide range of threat data.

What are the primary advantages of using a threat intelligence service? How many such services should enterprises employ, and how can they coordinate the data from multiple services? What are the best practices for interpreting and customizing threat intelligence data, and how can enterprises automate this analysis?

In this informative Dark Reading webcast, experts will offer insights and recommendations on:

  • How to use threat intelligence for maximum benefit
  • How to automate the analysis of threat intelligence data to help identify sophisticated attacks more quickly and efficiently.
Tune in for the Ultimate WAF Torture Test: Bots Attack!
Date: Jun 16, 2015

View archived webinar

Think your Web Application Firewall is ready for the next bot attack? Think again.

Meet John Stauffacher – a world renowned expert in web application security, and the author of Web Application Firewalls: A Practical Approach. John is a certified Network Security and Engineering specialist with over 17 years of experience in IT Security.

But wait… are WAFs the best approach for defending your website against malicious bots? Rami Essaid, Co-Founder and CEO of Distil Networks, doesn’t think so and he’s challenged John to a lab test to prove it. Who will win the battle of the bots? Tune in live to find out!

Key Takeaways:

  • How to optimize your WAF for bot detection and mitigation
  • Why whitelisting is always better than blacklisting
  • WAF best practices plus the one thing you should never do
  • Optimizing web application security based on your vulnerability profile

Attend this webinar and learn practical tips on how to defend your web infrastructure against the OWASP Top 10 as well as brute force attacks, web scraping, unauthorized vulnerability scans, fraud, spam and man-in-the-middle attacks. 

Secure Agile & DevOps: How It Gets Done
Date: May 21, 2015

View archived webinar

There’s no point trying to ignore the elephant in the room. Everyone knows there’s historically been friction between security professionals and development teams. This isn’t because of inherent animosity, but conflicting priorities. Development needs to ship functioning code on time and within budget. Security needs to manage risks to the organization, including risks introduced by new code. One needs to go as fast as possible; the other needs to keep from smashing through the guardrails and flying off the road.

Further complicating the picture, Agile is now the dominant process for code development, with DevOps emerging as a new framework to help the entire organization be just as agile. These two trends radically alter the way we build, test and secure code. More importantly DevOps has the potential to mitigate several problems with secure Agile development, helping foster cooperation and reduce integration issues between security, operations and development. As a result, secure development and deployment practices must fit within Agile and DevOps processes — not the other way around.

Moderated by Dark Reading , this live-streaming videocast features two well-known security and development experts: Chris Wysopal, Veracode CISO & CTO, and Adrian Lane, Securosis CTO, who’s also been a CIO and managed development teams.

This videocast is for both security and development professionals who want to understand how Agile and DevOps driven development alter security integration — and help both teams work together better.

We’ll discuss:

  • Rapid development process evolution, feature prioritization, and how cultural differences can create friction between security and development.
  • Why speed and agility are essential to both sides.
  • How automation and well-defined processes allow security issues to be detected and recovered from earlier in the lifecycle.
  • How to communicate what needs to happen to reduce application-layer risk — without slowing down development or putting developers on the defensive.

Get ready for a lively conversation about pragmatic best practices for embedding security into Agile SDLC and DevOps processes!

The Human Factor 2015: Cybercriminals Go Corporate, and How to Fight Them
Date: May 20, 2015

View archived webinar

The Human Factor Report 2015 reveals that last year was the year attackers “went corporate” by changing their tactics to focus on businesses rather than consumers, exploiting middle management overload of information sharing, and trading off attack volume for sophistication. Organizations that had spent the year training their employees to recognize phishing techniques used by cybercriminals the previous year were not ready for the new delivery methods, email lures and other techniques used by attackers to trick end-users into clicking on links in malicious emails.

Key findings from the report include:

  • Learn how attackers have decreased the time-to-click: 2-out-of-3 end-users click on malicious emails the day they receive them.
  • Understand how and why end-users click on 1-in-25 malicious links in emails: every organization still clicks.
  • See this year’s most popular and effective phishing templates: business-oriented lures such as message notifications and corporate financial notifications.
  • Defend against campaigns that blend in with normal business email traffic and piggyback on legitimate web marketing emails to reach end users and drive clicks.

Users are learning how to recognize email-borne threats but attackers are adapting faster, and as the high-profile data breaches from last year show, the costs of a bad click continue to mount. Attend this webinar to learn more about the latest threats targeting organizations and how to combat them.


Has Your Cyber Security Program Jumped The Shark?
Date: May 19, 2015

View archived webinar

Most enterprise security programs are designed to prevent attackers from getting inside the network. This 30-year-old strategy prevails even though advanced malware regularly evades perimeter defenses. While the hope of a ‘prevention pill for all your ills’ has gone by the way of Fonzie’s waterskies, enterprise security is not a lost cause. Detection is the “new cool.”

Learn how to make your security program relevant in 2015 and beyond. Join technology trend-setter Stephen Newman, VP of Product Management at Damballa, for a live discussion about the use of advanced detection techniques to find unknown and hidden threats. At the end of this webinar you will understand how to:

  • Rate your current tools’ effectiveness versus advanced threats
  • Recognize the difference between preventing attacks and detecting infections
  • Take a forward-thinking approach to stopping data theft after compromise occurs
  • Shift your Tier 2 & Tier 3 security teams from chasing alerts to solving long-term security challenges 
Modern vs Traditional SIEM – What You Need to Know
Date: May 13, 2015

View archived webinar

Security information and event management (SIEM) tools provide a robust collection of data sources that can help companies take a more proactive approach to preventing threats and breaches. However, implementing a SIEM often brings the challenges of a lengthy implementation, costly investment and the need for skilled security analysts to maintain it. Also, many SIEMs have been used in on-premise data centers, so what steps will you need to take if you want your SIEM to move with your data into the cloud?

In this webinar you will learn:

  • The key components to make a traditional SIEM work
  • The characteristics of a modern SIEM
  • Your options for building and investing in a modern SIEM
Why DDoS Attacks Are A More Serious Threat Than Ever
Date: May 05, 2015

View archived webinar

Neustar's annual DDoS Attacks Report presents the latest critical DDoS trending data from real companies across industries.  Learn how companies are ramping up their DDoS protection tactics and why they are working.

  • Hear about current DDoS attack metrics including size and duration
  • Learn why DDoS attacks aren’t just a problem for the IT security team
  • Find out the true costs of DDoS attacks in terms of lost revenue and erosion of brand confidence
  • Optimize your DDoS plan with industry-proven protection tactics

Don’t miss this unique opportunity to learn about the latest DDoS attack trends and how to defend against them. 

Monitoring and Enforcing Security Policy In Cloud Environments
Date: Apr 16, 2015

View archived webinar

Enterprises are deploying cloud services and applications across the enterprise, but using cloud technology can make it difficult to monitor and ensure that data security policies are enforced. In this webcast, cloud security experts will discuss methods and practices for monitoring and securing data in environments that involve multiple cloud providers or applications.

This webcast will help attendees:

  • Gain an understanding of the security vulnerabilities inherent in many cloud services
  • Learn how to monitor data that is in the cloud and identify potential threats
  • Identify and overcome the obstacles associated with creating security policies in multi-provider environments
  • Develop a plan for enforcing those policies across the enterprise
  • Build a strategy for ensuring data security compliance in cloud environments and meet the requirements of compliance auditors

Cloud service providers may offer security capabilities in a variety of form factors, but each enterprise must develop its own policies and strategies that work across provider environments.  This webcast will help you build strategies for enforcing security strategies in your own enterprise, no matter how many service and application providers you employ. 

The Changing Role of the Chief Information Security Officer: What Every CISO Should Know
Date: Apr 14, 2015

View archived webinar

In past years, the job of the enterprise chief information security officer (CISO) was to establish and maintain a security perimeter around corporate data and a strategy for defending it. But today’s CISO is faced with a wide variety of new challenges that the security department has never seen before. While cloud computing, open source, distributed and outsourced software development, bring-your-own-device policies, and other initiatives create “shadow IT” environments that often take control out of the CISO’s hands, the steady barrage of high-volume, high-publicity security breaches in the headlines are putting unprecedented pressures on the CISO’s office. The reality is that today’s CISO is under more scrutiny than ever – including from the board – and yet, he/she has less control over the IT environment than ever before.

How should the CISO – indeed, the entire IT department – respond to these new challenges and pressures?  In a special live videocast on Apr. 14, industry experts will discuss these very questions.

In this special videocast sponsored by Veracode and moderated by Dark Reading, two of the IT security industry’s best-known voices – Chris Wysopal, CTO & CISO of Veracode and Jim Nelms, CISO of The Mayo Clinic – will discuss the changing role of the CISO and how the importance of that role is growing within the organization.

You’ll get first-hand insights on the responsibilities and challenges assumed by today’s CISOs, and how today’s IT security departments are adapting to the new pressures being applied by new technology and attackers. You’ll also get some real-life advice on how your organization can respond to these challenges and how to explain your strategy and risk posture to business executives.

The world of IT security is changing, both for the CISO and for the business. If you want to get a first-hand viewpoint on what these changes may mean for your organization, register to watch this special videocast today! 

Zscaler vs FireEye - Insights from the Experts at Miercom Labs
Date: Apr 08, 2015

View archived webinar

Advanced Persistent Threats (APTs) are sophisticated, stealthy, and extremely difficult to stop - so a number of different approaches to combat them have emerged. That's why Miercom, a leading security testing firm, recently performed a head-to-head security efficacy analysis of all leading network-based breach detection and protection solutions - including FireEye, Checkpoint, Cisco, Fortinet, and Zscaler.

Please join Robert Smithers, CEO of Miercom, and Dan Maier, Sr. Director of Product Marketing at Zscaler for a compelling webcast to discuss the detailed results of head-to-head testing between Zscaler and FireEye.  They will also discuss:

  • The current APT protection landscape
  • Best practices for combating APTs
  • Why cloud-based solutions are better equipped than appliances and hybrid solutions at protecting against APTs
  • How Zscaler outperformed FireEye in both performance and accuracy


Building and Enforcing Mobile Application Security Policy in a BYOD World
Date: Mar 31, 2015

View archived webinar

The rapid proliferation and use of personal and work-related mobile applications is one of the reasons a typical large enterprise may have up to 2000 or more unsafe applications installed in their environment. (^1) In fact, a typical user accesses an average of 24.7 mobile applications per month.,(^2) Worse yet, traditional approaches taken by security teams, such as manually testing and blacklisting or whitelisting applications, are proving inadequate to keep up with the number of applications and rate of change in the mobile landscape.

Come hear guest Forrester Research analyst Tyler Shields and Veracode mobility expert Theodora Titonis discuss the state of securing BYOD and new approaches to secure enterprises.   

In this webinar, you will:

  • Understand the potential risks from unsafe mobile applications
  • Learn common failure points for BYOD initiatives
  • Learn how to use new approaches to keep up with mobile application security

^1: Veracode, "Average Large Enterprise Has More than 2,000 Unsafe Mobile Apps Installed on Employee Devices." March 11, 2015.
^2: Shields, Tyler. "The Future of Mobile Security: Securing the Mobile Moment." Forrester Research, February 17, 2015, p. 2. 

Actionable Network Visibility: Empowering the Security Analyst
Date: Mar 25, 2015

View archived webinar

Today’s threat actors are organized, well-funded, and more sophisticated than ever; with the goal of stealing sensitive data for profit. As such, dedicated security teams are charged with preparing organizations for the most advanced of attacks. Unfortunately, if you can’t see network intruders, you definitely can’t detect or prevent data theft.

Join Kurt Bertone, Chief Security Strategist, Fidelis Cybersecurity and learn more about:

  • The current threat landscape and approaches to advanced threat defense
  • Best practices for defending the network and establishing network resiliency
  • Implementing and executing a cybersecurity defense plan to reduce time to discover threats in your network
  • Actionable visibility empowering analysts to detect and prevent threats across the network 
Finding And Responding To Attacks In The Cloud
Date: Mar 12, 2015

View archived webinar

Enterprises today are adopting cloud services and technology at a rapid pace, seeking to take advantage of the flexibility and cost savings that the cloud provides. But IT and security professionals are deeply concerned about the loss of visibility that the cloud sometimes creates – they are uncertain as to whether or not they will be able to spot potential online threats, or how they will respond to them.

In this webcast, experts on cloud security will discuss methods that enterprises can use to monitor, detect, and respond to security threats in the cloud. They will offer an in-depth discussion on tools that can be used to monitor data and detect anomalies in the cloud, and how to deploy them. They will discuss best practices for working with cloud service providers on how to identify potential attacks, and how to develop an incident response program that works across both the enterprise network and the cloud service. Most importantly, they will discuss the latest threats to cloud services users, and how to stop security information from "falling through the cracks" between the enterprise and the service provider. 

How to Keep Your Company Safe & Out of the Headlines
Date: Feb 26, 2015

View archived webinar

Advanced threats are on the rise, and large-scaled security breaches keep happening, so what can IT security teams do to keep their organizations out of the headlines? Join Mike Horn, Proofpoint’s Vice President of Threat Response Products, as he explains common threat scenarios and how to quickly verify if a user was infected and instantly contain verified threats.

Attend this webinar to learn how to:

  • Address the current security landscape with key security controls
  • Mitigate risks from advanced threats by responding at the speed of your attackers
  • Leverage context, automation and incident management to stop attacks before they become headlines
  • Instantly verify, prioritize and contain advanced threats and targeted attacks  

Register for this webinar to learn how organizations are using advanced threat response solutions to dramatically reduce the time it takes to verify and respond to detected security threats.  

Stop Cyber Attackers in Their Tracks with Adaptive Authentication
Date: Feb 25, 2015

View archived webinar

Join SecureAuth, an innovator of access control solutions, along with Norse Corporation, the leader in live attack intelligence as we take a deeper look at how adaptive authentication techniques can enable your organization to stop attackers in their tracks. With live intelligence data as a part of your authentication workflows, you can easily identify suspicious actors before they enter your network, not after they violate a policy.  

In this webcast we’ll explore:

  • Emerging techniques for adaptive authentication
  • Why leveraging an identity provider delivers the best results for you
  • How you can easily integrate live intelligence into your authentication strategy

Attacks on organizations are in the news every day. How can your organization keep from becoming tomorrow’s headline?  Attend this webcast and find out.

Register for Dark Reading Newsletters
White Papers
Latest Comment: nice one good
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.