T.E.N. Knowledge Base

ISE® Northeast 2016

Webinar Replay – Sharing Enterprise Content Beyond the Firewall  > More Information
Webinar Replay – Securing Information in Motion  > More Information
Ovum Report: Data Privacy Laws  > More Information


Deception as a Security Discipline: Going on the Offensive in the Cybersecurity Battlefield  > Download Whitepaper
In reality, the idea of keeping attackers completely out of the network is fundamentally flawed. As human error is, by nature, prone to occur, and attackers will continue to get more sophisticated and targeted in their tactics, even the “castle with the tallest walls and largest moats” can be penetrated. A different approach is needed; one that has been used for decades to beat attackers at their own game. Rather than watching every movement and action on the network, and correlating with “known good” behaviors to assess maliciousness, set traps that mimic the attackers’ targets, and lay bait to lure the attackers into these “no way out” traps. At its core, deception, as this approach is called, is about tricking a foe into engaging and revealing itself—the antithesis of the foe’s intent—and without the foe realizing that it has been discovered.



Enterprise Cyber Risk Management – Protecting IT Assets that Matter  > Download Whitepaper
Protecting IT assets is a complicated business. With so many moving parts and concerns, it’s no wonder how quickly security teams can be overwhelmed by the threats and vulnerabilities barraging their enterprises every day.



SECURING ORACLE NON-PRODUCTION DATA  > Download Whitepaper
This paper explores Oracle security. What is it? What does it mean for you and your data? And how should you approach creating consistent and structured controls to protect all your Oracle databases? You’ll see that securing the data in a database can take a lot of work and planning but imagine how much easier it would it be to use an established provisioning process to clone almost all of the security and audit trail settings that are already designed and deployed on production to non-production databases. While Delphix carries over virtually all of the security settings from production, I will show where a small set of parameters are not covered and then I will outline the steps you need to quickly and easily add these security settings to your cloned databases and also how to tackle context based security such as speci c IP Addresses.



THE DEFINITIVE GUIDE TO DATA LOSS PREVENTION  > Download Whitepaper
As security professionals struggle with how to keep up with non-stop threats from every angle, a 10+ year old technology, data loss prevention (DLP) is hot again. A number of macro trends are driving the wider adoption of DLP. But as we looked at the resources out there, we couldn’t nd one source that could provide all the essential information in one place. So we created this guide to provide answers to the most common questions about DLP all in an easy to digest format.



The Total Economic ImpactTM Of Globalscape Enhanced File Transfer  > Download Whitepaper
Globalscape commissioned Forrester Consulting to conduct a Total Economic ImpactTM (TEI) study and examine the potential return on investment (ROI) enterprises may realize by deploying Enhanced File Transfer (EFT). The purpose of this study is to provide readers with a framework to evaluate the potential financial impact of Enhanced File Transfer on their organizations, to leverage the managed secure file transfer solution to improve their ability to serve their customers, employees, and partners. To better understand the benefits, costs, and risks associated with an EFT implementation, Forrester interviewed Globalscape customers with multiple years of experience using EFT. The customers had used EFT to provide secure file transfer environments in a scalable and cost-effective manner, all while complying with various regulatory and compliance measures.



HPE Security Research: Cyber Risk Report 2016  > Download Whitepaper
Welcome to the Hewlett Packard Enterprise (HPE) Cyber Risk Report 2016. In this report we provide a broad view of the 2015 threat landscape, ranging from industry-wide data to a focused look at di erent technologies, including open source, mobile, and the Internet of Things. The goal of this report is to provide security information leading to a better understanding of the threat landscape, and to provide resources that can aid in minimizing security risk.



How illusive networks Beat the Most Advanced Attackers When the Odds Were Stacked Against Them  > Download Whitepaper
Not all Red Team exercises are created equal. This was confirmed by illusive networks in a recent Red Team showdown with a Fortune 50 global technology leader (GTL). The Capture the Flag exercise was conducted on a subset of the GTL’s own network and their Red Team took advantage of every opportunity it found to stack the odds against illusive networks’® Deceptions Everywhere® technology. The Red Team exercise was conducted between January 25, 2016 and February 29, 2016. This gave the Red Team plenty of time to work through the five predesigned subnets to discover one of the success paths to the final objective. The illusive defense team monitoring the game observed various instances in which the Red Team, comprised of 6 experienced attackers, used tools and techniques that were outside the scope of the game. Just as in the real world, attackers will do anything to win. The Red Team’s willingness to bend the rules of the game was a challenge for the illusive networks® Deceptions Everywhere® cyber-defense solution.



Five Steps to Develop a Successful Insider Threat Detection Program  > Download Whitepaper
WHAT ARE THE BIGGEST SECURITY THREATS TO YOUR ORGANIZATION’S DATA? RECENT MEDIA ATTENTION TO HIGH-PROFILE CYBERATTACKS WOULD LEAD AN ORGANIZATION TO THINK EXTERNAL THREATS ARE ITS ONLY CONCERN. UNFORTUNATELY, THIS MISPERCEPTION ALLOWS ONE OF THE BIGGEST THREATS TO YOUR ORGANIZATION’S DATA TO STAY COMPLETELY UNDER THE RADAR—THE THREAT OF INSIDERS. EMPLOYEES, CONTRACTORS, SUPPLIERS, AND EVEN TRUSTED BUSINESS PARTNERS WHO HAVE AUTHORIZED, YET UNCONTROLLED, ACCESS TO SYSTEMS AND/OR SENSITIVE INFORMATION ALL HAVE THE OPPORTUNITY TO DO IRREVOCABLE HARM TO A COMPANY.



Identity-Powered Security: Balance user convenience with reduced organizational risk  > Download Whitepaper
Identity and access management is disconnected from security management in many IT organizations. Traditionally, identity and access management has focused on getting business users the right access to do their jobs, regardless of complexity from cloud and mobile apps, while security teams have focused on defending the organization from external and internal threats.

But both want the same thing – to protect sensitive information from misuse or theft using a method that is transparent and convenient for users. And both teams have capabilities that would be useful for the other.



AUTOMATING CYBERCRIME WITH SENTRY MBA  > Download Whitepaper
Sentry MBA is an automated attack tool used by cybercriminals to take over user accounts on major websites. With Sentry MBA, criminals can rapidly test millions of usernames and passwords to see which ones are valid on a targeted website. The tool has become incredibly popular — the Shape Security research team sees Sentry MBA attack attempts on nearly every website we protect.



Jay Wright Jay Wright
Information Security Officer
Citigroup Inc.
Biography

Help or Hindrance? Looking at the Benefits and Flaws of Encryption-Based Security  > Summary
Encryption and cryptography can be very powerful security tools when used correctly, but like all security measures, they’re not a panacea. Teams must determine the strength of encryption, who holds the keys, and at what level in their system they should implement encryption (storage, database, application level, etc). The many options for encryption offer a variety of security advantages, but they each have their own flaws to consider. Issues like malicious insiders abusing encryption keys, malware based bypasses, and overall encryption costs should all be taken into account. Join our conversation and learn what kinds of encryption and cryptography solutions are best for your organization, and how you can combine those solutions with other security procedures.


Linda Angles

Linda Cooper Angles
Chief Information Security Officer
FXall, A Thomson Reuters Company
Biography

No Longer Left to Their Own Devices: Hacking Concerns with the Internet of Things  > Summary
For many, the term “Internet of Things” has been little more than a buzzword tossed around over the last few years. However, as more devices gain the ability to connect, communicate with, and remotely manage an incalculable number of networked, automated devices via the Internet, the IoT is finally becoming a reality. Whether it’s a number of automated network devices on a factory floor, a remotely managed series of equipment in a hospital, or even just a collection of highly interconnected devices in a residential home, the elements that make up the IoT are becoming more pervasive by the day, and with them come critical security concerns. Join this conversation to discuss major security concerns with the IoT like ubiquitous data collection, consumer data privacy, and new avenues of attack.


Frank Aiello

Frank Aiello
Chief Information Security Officer
American Red Cross
ISE® Northeast People's Choice Award Winner 2016
ISE® Northeast Executive Award Finalist 2016

Biography

Protecting Data: Keeping the Keys to the Kingdom Out of the Hands of Hackers  > Summary
Breaches invariably involve data loss (for example: Anthem, JPMC, and Target), so finding the best practices to prevent them should be an essential part of your organization. Protection of data can be done at multiple network levels and can involve encryption, masking, or tokenization. The many options for data security offer a variety of security advantages, but they each have their own flaws to take into consideration. These include issues like malicious insiders abusing encryption keys, malware-based bypasses, and overall costs. Join our conversation to learn what kinds of secure data solutions are best for your business requirements; why and when to use each solution; and how you can combine solutions to minimize risk.


Donna Nemecek

Donna Nemecek
VP, Manager Technology Risk Assurance & Senior Information Risk Officer
BNY Mellon
ISE® Northeast Executive Award Finalist 2013
Biography

Businesses Without Borders: International Information Exchange in a Cloud-Based World  > Summary
Cloud computing has allowed numerous organizations to share and collaborate with their peers with greater speed and flexibility than ever before. However, there are a number security concerns in this new world of businesses without borders. Areas such as data security, privacy, access rights management, and international security rules and regulations all serve as major hurdles that organizations across all verticals have to tackle in their own way. Maintaining trust among cloud-based enterprises and their partners is essential, but what else is needed to continually ensure that a cloud-based, information-sharing structure can succeed while remaining secure? Join our conversation to discuss security’s role in the new global marketplace and share strategies for securing sensitive information in a cloud-based world.