T.E.N. Knowledge Base

ISE® Southeast 2016

Security Everywhere: A Growth Engine for the Digital Economy  > Download Whitepaper
Ever-expanding connectivity as a result of modern networks is transforming our world. We’ve seen this for some time with the widespread adoption of cloud computing which has created a digital economy that is fueling new business opportunities through greater speed, efficiency, and agility. Building on the power of the cloud, the Internet of Everything (IoE) is generating unprecedented opportunities for networked connections among people, processes, data, and things and is presenting a $19 trillion global opportunity to create value.

We are now facing a similar evolution with respect to security. To capture opportunities made possible by new digital business models and the IoE, businesses of all sizes must also engage in a secure way. To do this, security must be everywhere—embedded into the heart of the intelligent network infrastructure and spanning throughout the extended network. Security needs to be as pervasive as the IoE itself.



CloudPassage Company Overview  > Download Whitepaper
CloudPassage Halo provides instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds. The Halo platform is delivered as a service, so it deploys in minutes and scales on-demand. Halo uses minimal system resources, so layered security can be deployed where it counts, right at every workload — servers, instances and containers. Halo is the only platform purpose-built for broadly automated, portable, scalable, on-demand security and compliance.



Preventing Insider Threats with UBA  > Download Whitepaper
Insider threats refer to security risks caused by malicious users within a corporate network. This type of attack is different from one caused by a compromised credential, where an external hacker has used valid, stolen account credentials to impersonate an employee and access a network. In the case of a malicious insider, the user typically is acting with intent and likely knows that he is breaking policy and potentially the law.



Data Transfer Automation in a High-Volume, Enterprise Environment  > Download Whitepaper
Learning how to manage large amounts of data in a high-volume environment is a common issue for many industries, from healthcare to financial services to retail, as the vast amount of data collected from customers or partners alone can be extensive. Managing data is not just about collecting and storing it though; it needs to be done in a timely, secure, and compliant way, which can be a challenge for many organizations.

A managed file transfer (MFT) solution with advanced data transfer automation capabilities is a highly cost efficient and time effective way to manage data, no matter how great the volume, variety, or complexity. Through event-driven automation, a company can offload its data with little to no human interaction, from system to system or person to system. Rather than manually delivering data, you can deliver that data automatically, as it is needed, and protect it in the process.



Data-Centric Protection: Enabling Business Agility While Protecting Data Assets  > Download Whitepaper
Corporate, government and other enterprises are under relentless attack by cyber criminals determined to steal business-critical data and confidential customer and third-party information. Whether for the purpose of identity theft, corporate espionage or other malicious ends, hordes of hackers running the gamut from organized crime groups to sovereign government organizations are working around the clock, around the globe to penetrate data stores in virtually every industry sector.

Year after year, organizations have struggled to thwart these criminals and the existential risks they pose to business enterprises. Yet, vulnerabilities continue to abound and the associated attacks are more pervasive, more sophisticated and more damaging than ever. And, that damage can affect an organization’s reputation, bottom line, and impact business success for years.



Data Privacy Laws: Cutting the Red Tape  > Download Whitepaper
National governments are enacting new, stringent data privacy laws to protect citizen data, guard national security interests, and potentially provide a boost to local industries. This rush to protect sensitive and personally identifiable information threatens current business strategies, practices, and processes widely used by organizations that operate internationally. To explore the impact of evolving data privacy regulations and data sovereignty, Ovum was commissioned in Q3 2015 by Intralinks to conduct an international survey of 366 IT decision-makers.



Know Your Adversary: An Adversary Model for Mastering Cyber-Defense Strategies  > Download Whitepaper
Cybersecurity continues to grow as one of the hottest markets to invest in today, but remains one of the most misunderstood fields in information technology. The relentless headlinegrabbing data breaches are causing unprecedented spending in cybersecurity technologies and people, which in turn is driving more new companies and investment in cybersecurity, launching ever more new products.



Advanced Endpoint Protection (AEP)  > Download Whitepaper
Advanced Endpoint Protection (AEP) is a very competent anti-malware tool that really focuses on the task at hand: protecting the endpoint from malware threats. It does this by encapsulating the endpoint application in a virtual environment and allowing malicious files to detonate, but containing the attack so that not even the most advanced zero-day can escape. That’s a pretty strong statement, but Invincea lives up to it because the tool has no need for signatures or traditional heuristics.



Just-In-Time Malware Assembly: Advanced Evasion Techniques  > Download Whitepaper
In the game of cat and mouse between threat actors and the information security community, every new advancement in security technology and technique leads to an effort by adversaries to solve or evade it. Anti-virus led to the rise of polymorphic malware and malware factories. Web URL filters and proxy blacklists resulted in burner domains and the use of compromised whitelisted sites for malware hosting. Network IDS / IPS led to encrypted command and control traffic and off-network attacks against end users.



Vulnerability Management Begins at the Endpoint  > Download Whitepaper
As mobility and the global network infrastruc- ture expands, the need for security assess- ment and policy compliance is essential. Qualys offers some insight on how CIOs, CSOs and CTOs can stay ahead of evolving global network security and the next phase of in- novation in security assessment.



INTELLIGENCE DRIVEN IDENTITY AND ACCESS MANAGEMENT  > Download Whitepaper
The way organizations manage access to their critical applications and data is quickly becoming unwieldy and overly complicated. That’s because traditional identity and access management (IAM) solutions, which were supposed to help organizations guard their IT systems and networks against unsafe access, were built on outdated assumptions to meet outdated requirements. First, the user population is no longer just made up of on-premises employees, but also includes partners, vendors, customers, and clients – all of whom require access to corporate applications. Next, devices are no longer just corporate desktops, but also include corporate and personal laptops, tablets, and mobile phones. Finally, this increase in the number and types of users and access methods has created an “identity crisis” at many organizations – where their systems are unable to manage and unify this disparate information, resulting in fragmented user profiles and multiple digital identities.



Symantec Cynic™  > Download Whitepaper
This white paper is intended for CIOs, CISOs, and security professionals tasked with protecting their organization from targetted attacks and advanced threats. This paper gives an overview of the new Symantec CynicTM technology introduced with and used by Symantec Advanced Threat Protection.



Server Security: Virtualization and Cloud Changes Everything  > Download Whitepaper
This Technology Spotlight highlights how cloud computing and virtualization have transformed the way organizations should view server security. Although organizations have considerable interest in endpoint and perimeter network security, the modern data center, which includes physical, virtual, and often cloud servers, remains a valuable but neglected component of the infrastructure that must be protected. Importantly, most enterprises using the cloud will be deployed in a hybrid architecture for the foreseeable future, with workloads in the data center as well as the cloud. The key is that the security used to protect servers, regardless of where they are located, must be efficient in the context in which it is deployed in order to not degrade overall server performance. This paper defines what server security is, examines how and why the server security market is growing, and highlights the capabilities of Trend Micro in this strategically important area.



Haddon Bennett

Haddon Bennett
Chief Information Security Officer
Change Healthcare
Biography

The TITAN in the Arena  > Download Presentation
Healthcare data is quickly becoming one of the most lucrative targets for cybercriminals. Protecting that data is paramount to Change Healthcare’s ongoing success in the financial and administrative healthcare industry. The TITAN Project has allowed Change Healthcare to utilize threat intelligence and distribute threat indicators quickly to 15 different information security technologies. TITAN’s ROI includes the cost savings of not having to hire 4+ FTE’s to manually apply this threat intelligence data to these various tools. TITAN has improved operations tremendously by allowing the team to analyze security incidents and events reported by a wide variety of sources, and report new threat vectors from seemingly isolated incidents.


John Graham

John Graham
Chief Information Security Officer
Jabil
ISE® Southeast Executive Award Finalist 2012
ISE® Southeast Executive Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Commercial Category

Biography

Streamlining Through Better Cybersecurity Controls  > Download Presentation
Jabil’s strategy is one of focusing cybersecurity controls where there is a specific business need. Their program has constructed, and maintains, a base level of controls globally, and then by building from these base level control solutions, processes, and people, they align a higher level of controls to address specific customer needs. The business effect of this position is strong, as in the past, the customer would raise an incident, stop manufacturing production, and lead a full scale forensic investigation to try and identify how / where data had leaked. This in turn aligns total cost of ownership, to the correct business division & specific business need. Jabil has seen solid success with their model in the past 24 months. Join our conversation to learn how this strategy has allowed Jabil to effectively reduce the time of potential interrupts to minutes vs. what was many hours & days of effort.


Tony Spurlin

Tony Spurlin
VP & CSO
Windstream
ISE® North America People's Choice Award Winner 2005

Combatting Web-Based Vulnerabilities the Rugged Way  > Download Presentation
Cox Automotive has hundreds of sophisticated, internet facing applications managed by multiple software development teams who continually add new and enhanced features to improve the quality and efficiency of the customer experience. As developers build new capabilities into applications to make them easier to use and more feature-rich for customers, they also risk introducing weaknesses that could be exploited. To combat this issue, Cox Automotive implemented a comprehensive application security program, integrating cloud-based static application security testing and in-house dynamic application security testing with its agile software development lifecycle (SDLC). As a result, Cox Automotive reduced application security vulnerabilities by 20% in the first year while cutting the amount of application rework by 60% to accelerate more secure solutions into production. This also enabled the company to strengthen its competitive advantage and lower costs.

Tony Spurlin

Tony Spurlin
VP & CSO
Windstream
ISE® North America People's Choice Award Winner 2005

Protecting Data - the Hacker’s Target  > Summary
Cox Automotive has hundreds of sophisticated, internet facing applications managed by multiple software development teams who continually add new and enhanced features to improve the quality and efficiency of the customer experience. As developers build new capabilities into applications to make them easier to use and more feature-rich for customers, they also risk introducing weaknesses that could be exploited. To combat this issue, Cox Automotive implemented a comprehensive application security program, integrating cloud-based static application security testing and in-house dynamic application security testing with its agile software development lifecycle (SDLC). As a result, Cox Automotive reduced application security vulnerabilities by 20% in the first year while cutting the amount of application rework by 60% to accelerate more secure solutions into production. This also enabled the company to strengthen its competitive advantage and lower costs.


Carlos Batista

Carlos Batista
Group Vice President, Security Operations & Intelligence
SunTrust Banks
Biography

The war on APTs: Will We Ever Win?  > Summary
Advanced persistent threats continue making regular headlines. Breaches result in massive costs, reputational damage, and loss of intellectual property -- crippling careers and organizations. An onslaught of new tools to combat APTs has entered the market, but advanced threats still remain a significant risk for most businesses. An ISACA APT Awareness study in August 2015 revealed that 94% of respondents were at least somewhat familiar with APTs. Meanwhile, the T.E.N. and IDC Salary Survey Report indicates that 12% of security executives believe they could lose their jobs in the case of a significant data breach. This fear leaves many wondering – will we ever win? Join our discussion to learn how your peers are innovating to combat APTs and share your own strategies for getting ahead in the ever-evolving threat landscape.


Dave Summitt
Chief Information Security Officer
Moffitt Cancer Center & Research Institute
ISE® Southeast People's Choice Award Winner 2017
Biography

Businesses Without Borders: International Information Exchange in a Cloud-based World  > Summary
Cloud computing has allowed numerous organizations to share and collaborate with their peers with greater speed and flexibility. However, there are a number security concerns in this new world of businesses without borders. Topics like data security, privacy, access rights management and international security rules and regulations all serve as major hurdles that organizations across all verticals have to tackle in their own way. The notion of trust among cloud based enterprises and their partners is essential, but what else is needed to ensure that a cloud-based information sharing structure can succeed while remaining secure? Join our conversation to discuss security’s role in the new global marketplace and share strategies for security information in a cloud-based world.


Wayne Proctor

Wayne Proctor
VP, Information Security
WestRock Company
ISE® Southeast Executive Award Finalist 2005

No Longer Left to Their Own Devices: Hacking Concerns with the Internet of Things  > Summary
For many, the term “Internet of Things” has been little more than a buzzword tossed around over the last few years. However, as more devices gain the ability to connect, communicate with, and remotely manage an incalculable number of networked, automated devices via the Internet, the IoT is finally becoming a reality. Whether it’s a number of automated network devices on a factory floor, a remotely managed series of equipment in a hospital, or even just a collection of highly interconnected devices in a residential home, the elements that make up the IoT are becoming more pervasive by the day, and with them come critical security concerns. Join this conversation to discuss major security concerns with the IoT like ubiquitous data collection, consumer data privacy, and new avenues of attack.


Gene Scriven

Gene Scriven
Chief Information Security Officer
ACI Worldwide
ISE® Southeast People’s Choice Award Winner 2008
ISE® Southeast Executive Award Finalist 2008

T.E.N. Success Story

Help or Hindrance? Looking at the Benefits and Flaws of Encryption-based Security  > Summary
Encryption and cryptography can be very powerful security tools when used correctly, but like all security measures, they’re not a panacea. Teams must determine the strength of encryption, who holds the keys and at what level to encrypt (storage, database or application level?) The many options for encryption offer a variety of security advantages, but they each have their own flaws to be considered. These include issues like malicious insiders abusing encryption keys, malware based bypasses, and overall encryption costs. Join our conversation to learn what kinds of encryption and cryptography solutions are best for your organization and how you can combine those solutions with other security methodologies.