T.E.N. Knowledge Base

ISE® North America 2015

The Case For A Cloud Access Security Broker  > Download Whitepaper
The SaaS era is here. According to Gartner, SaaS and cloud-based business application services revenue will grow from $13.5 billion in 2011 to $32.8 billion in 2016. PwC’s latest Global 100 Software Leaders Report shows that the top software companies in the industry have continued a consistent and growing shift towards Software-as-a-Service (SaaS), growing their revenues by 60% to US$20 billion.

The move towards SaaS applications are helping IT teams become more efficient. It allows them to be able to offload the day-to-day operations and maintenance of applications, so they can focus on helping their business grow. However, with SaaS adoption comes new risks. SaaS applications require a new approach to data governance, risk management and security because of the ubiquitous nature of access, the collaborative nature of SaaS applications, and the myriad of ways that confidential data can be stored within applications.

This paper describes the emergence of a new IT technology category that Gartner defines as Cloud Access Security Brokers, and how Adallom’s cloud access security broker is best positioned to address these requirements.



Company Overview  > Download Whitepaper
CloudPassage Halo provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. The Halo platform is delivered as a service, so it deploys in minutes and scales on-demand. Halo uses minimal system resources, so layered security can be deployed where it counts, right at every workload — servers, instances and containers. Halo is the only platform purpose-built for broadly automated, portable, scalable, on-demand security and compliance



REINVENTING DATA MASKING  > Download Whitepaper
Widespread use of traditional data masking solutions has been limited by the high cost of repeating data masking steps each time data is distributed to development, test, reporting or other copies. Delphix is the first solution to eliminate the distribution challenges of masked data. With Delphix Service-Based Data Masking, sensitive data only needs to be masked once, after which copies and updates can be delivered to any location in minutes. This eliminates compliance-driven pushback to cloud adoption and offshoring. Additionally, application teams get full, fresh, and secure data sets in minutes. Lastly, Delphix reduces the surface area of data exposed to breaches through consolidation and centralized auditing of sensitive data access.



Today’s Risks Require Tomorrow’s Authentication  > Download Whitepaper
As businesses, other types of organizations, and their customers increasingly interact and transact through their laptops and mobile devices, the need to protect their resources and information dramatically increases. Both the number and the seriousness of breaches continue to rise at a steady pace, most of which involve compromised or vulnerable authentication. This white paper discusses the changing landscape and business drivers behind the need for multi-factor solutions.



Five Threat Intelligence Traps TO AVOID  > Download Whitepaper
Recent events, which include gigantic data breaches affecting retailers, health care organizations and government agencies, have shown just how challenging today’s cyberthreat landscape has become. Organiza- tions have to defend themselves against an increasingly diverse set of threats while managing an ever-expanding universe of devices, users and data all fluidly entering and leaving the network. The benefits of including threat intelligence in the defensive arsenal are well established, but in most organiza- tions, it is frequently misunderstood and underutilized.

“Threat intelligence’s primary purpose is to inform business decisions regard- ing the risks and implications associated with threats,” Forrester Research said in a recent paper.

As a concept, threat intelligence makes a lot of sense, as it merges threat in- formation collected from various data sources to identify adversaries, as well as their campaigns, attack patterns and potential threat indicators. Threat intelli- gence doesn’t just combine logs and network artifacts into one feed; it derives information regarding attack techniques and indicators after analyzing a variety of data sources, which can include forward-looking data such as underground sources. With threat intelligence, organizations can develop effective responses against existing and emerging threats.



Definitive Guide to Continuous Network Monitoring  > Download Whitepaper
Today’s enterprise networks are in a perpetual state of flux. The use of mobile devices to access corporate data is skyrocketing. More IT services are being delivered via the cloud than ever before. And users are constantly subscribing to SaaS-based applications, including file sharing applications like Box, Dropbox, and Google Drive, without IT’s consent.

Meanwhile, hardly a day goes by without reports of a major data breach appearing in the trade rags or some high-profile cyberattack being featured on the evening news. But why? Are the bad guys really getting smarter? Or are our existing defenses becoming outdated? Perhaps it’s a bit of both.

Innovations in continuous network monitoring are giving savvy IT security teams a leg up in mitigating risks associated with advanced threats. Unlike legacy vulnerability manage- ment systems that rely on active scanning, continuous network monitoring provides real-time visibility into mobile devices, virtual platforms, cloud applications, and network infrastruc- ture — including their inherent security risks.

If you and your colleagues are tasked with reducing network security risks while maintaining compliance with industry or government regulations, then this book is for you.





Damon Stokes

Damon Stokes
Manager - Governance, Risk, Performance
Blue Cross Blue Shield Blue Care Network of Michigan

Securing the Supply Chain to Protect Millions >Download Presentation
Breaches of Protected Health information and Personally Identifiable Information began occurring long before the recent, well-known, incidents at Target, Home Depot and Anthem. Information breaches that were the result of supplier negligence accounted for over 60% of all affected individuals as reported via the U.S. Department of Health and Human Services Breach Notification mechanism. The project team at Blue Cross Blue Shield Blue Care Network of Michigan sought to ensure customer data was safe from threats to the supply chain through an innovative program. The Supplier Risk Management Program was implemented to identify, mitigate, and address the potential technology security risk introduced by including third parties, providing services, in the normal course of conducting business. Learn how the team was able to protect more than 20 million members, while improving security posture, providing expanding visibility into third party security efforts and strengthening collaboration between BCBS and its supplier base.


Brenda Callaway

Brenda Callaway
Divisional Vice President, Information Security Risk Management
HCSC Health Care Service Corp.
Biography

Building a Better Bridge: Connecting the CISO and the Board > Summary
For a long time, CISOs have been in the spotlight only when a major security event transpires and often as little more than a scapegoat. However, in the age of the mega breach, security is seen as vital to business success and upper level managements is looking to the CISO for assurance. A recent survey revealed that “80 percent of boards discuss cybersecurity at nearly every board meeting.” With security as a growing business priority, it is the perfect opportunity for CISOs to bridge some longstanding gaps between the security vanguard and the boardroom. Join this conversation to learn more about how CISOs can improve your organization’s preparedness through regular C-suite and board engagement and organization-wide threat defense practices.


Bruce Coffing
Senior Vice President - Global Information Security
Bank of America
Biography

Businesses Without Borders: International Information Exchange in a Cloud-based World > Summary
Cloud computing has allowed numerous organizations to share and collaborate with their peers with greater speed and flexibility. However, there are a number security concerns in this new world of businesses without borders. Topics like data security, privacy, access rights management and international security rules and regulations all serve as major hurdles that organizations across all verticals have to tackle in their own way. The notion of trust among cloud based enterprises and their partners is essential, but what else is needed to ensure that a cloud-based information sharing structure can succeed while remaining secure? Join our conversation to discuss security’s role in the new global marketplace and share strategies for security information in a cloud-based world.


John Graham

John Graham
Chief Information Security Officer
Jabil
ISE® Southeast Executive Award Finalist 2012
ISE® Southeast Executive Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Commercial Category

Biography

Help or Hindrance? Looking at the Benefits and Flaws of Encryption-based Security > Summary
Encryption and cryptography can be very powerful security tools when used correctly, but like all security measures, they’re not a panacea. Teams must determine the strength of encryption, who holds the keys and at what level to encrypt (storage, database or application level?) The many options for encryption offer a variety of security advantages, but they each have their own flaws to be considered. These include issues like malicious insiders abusing encryption keys, malware based bypasses, and overall encryption costs. Join our conversation to learn what kinds of encryption and cryptography solutions are best for your organization and how you can combine those solutions with other security methodologies.


Paul Groisman

Paul Groisman
Director of Information Security
Dover Corporation
Biography

No Longer Left to Their Own Devices: Hacking Concerns with the Internet of Things > Summary
For many, the term “Internet of Things” has been little more than a buzzword tossed around over the last few years. However, as more devices gain the ability to connect, communicate with, and remotely manage an incalculable number of networked, automated devices via the Internet, the IoT is finally becoming a reality. Whether it’s a number of automated network devices on a factory floor, a remotely managed series of equipment in a hospital, or even just a collection of highly interconnected devices in a residential home, the elements that make up the IoT are becoming more pervasive by the day, and with them come critical security concerns. Join this conversation to discuss major security concerns with the IoT like ubiquitous data collection, consumer data privacy and new avenues of attack.


name

Gary Hayslip
Deputy Director/CISO
City of San Diego
ISE® West Executive of the Year Award Winner 2015
ISE® North America People's Choice Award Winner 2015

Biography

Attacks on the Move: The Rise of Mobile-based Attacks and Exploits > Summary
The proliferation of mobile devices as essential tools of productivity within the enterprise has brought a similar increase in the frequency of mobile attacks. Chronic vulnerabilities in mobile applications make these devices the perfect conduit for nefarious hackers to steal data and important credentials. Kaspersky Lab reported finding 3.3 times as many malicious mobile programs in Q1 2015 than the final quarter of last year, and there are no signs this trend will slow. Join our conversation to discuss these evolving threats and share best practices for keeping your company data and credentials safe in your employees’ pockets.


Anthony Mannarino
Manager Information Security
Tractor Supply
Biography

Surveying the Regulatory Landscape: Looking at Data Breach Disclosure Legislation and Laws > Summary
The number of lawsuits filed as a result of a data breaches continues to grow with fines reaching massive proportions. As a result, many state legislators have been busy evaluating laws dictating how a company must respond if they have suffered a breach and personal information has been compromised. Currently, no comprehensive federal law exists that puts in place a uniform compliance standard, but this has certainly been a hot button issue as of late. As it stands, companies must comply with a patchwork of 47 different states laws that outline their disclosure requirements in the event of a data breach. As old requirements continue to be revised and new legislature enters the rounds, what kinds of things should those in the information security sector prepare for and how can they make sure their voices are heard in the decision making process? Join our conversation to share your insight.


Steve Opfer

Steve Opfer
Enterprise Sales Director
Cloud Passage

The war on APTs: Will We Ever Win? > Summary
Advanced persistence threats continue to make news headlines on a regular basis. Incidents end with massive costs, and have crippled careers and organizations. An onslaught of new tools and methodologies solely designed to combat APTs have entered the market during the last few years, yet these threats continue to loom as the most significant danger to security teams. An ISACA APT Awareness study conducted in August 2015 revealed that 93.6% of respondents consider APTs to be a “very serious threat” for their companies and the T.E.N. and IDC Salary Survey Report indicates that 12 percent of security executives believe they could lose their jobs in the case of a significant data breach. The fear leaves many wondering – will we ever win? Join our conversation to share your most innovative best practices for combating APTs and discuss with your peers strategies for getting ahead in the ever-evolving threat landscape.


David Rooker

David Rooker
Chief Security Officer
Actian Corporation
ISE® Southeast Executive Award Finalist 2016
Biography

New Vulnerabilities in Old Places: The Potential for Critical Vulnerabilities in Old Code > Summary
The aftermath of major code vulnerabilities like Heartbleed and Shellshock made it clear that insecure code is a perpetual problem. Much of the code that we rely on to run the economic engine that is the Internet, was crafted some 25 years ago using the methodologies and standards of that time. Billions of lines of code need to be reviewed using modern standards and then updated to ensure security. Where does the next big vulnerability exploit lie? Join this conversation to discuss the new vulnerabilities that could be lurking in old code and share insights on your approach to ensuring your company’s software is secure.