T.E.N. Knowledge Base

ISE® West 2017

Bolstering Trust in the Email Ecosystem  > Download Whitepaper
Email is inexpensive, instant and ubiquitous. Email has become deeply entrenched as our favorite tool for sharing, collaborating, coordinating and archiving. Forget the telephone or social media, when it comes to consumers and companies communicating, email holds an unshakeable dominance.



2017 Study on Mobile and IoT Application Security  > Download Whitepaper
Ponemon Institute is pleased to present the ndings of the 2017 Study on Mobile and Internet of Things Application Security sponsored by IBM and Arxan Technologies. The purpose of this research is to understand how companies are reducing the risk of mobile apps and Internet of Things (IoT) in the workplace. The risks created by mobile apps have been well researched and documented. This study reveals how companies are unprepared for risks created by vulnerabili- ties in IoT apps.



On the Radar: Attivo Networks offers deception, vulnerability assessment, and response automation  > Download Whitepaper
Attivo Networks develops technology for threat deception, with products for network and endpoint, as well as threat visibility/vulnerability assessment and incident response. Its deception capability works across a company’s user network, data center, cloud infrastructure, remote office/branch office (ROBO), industrial control systems (ICS), Internet of Things (IoT), and point-of-sales (POS) networks. Decoys can be made to look like a wide variety of targets, including a human-machine interface (HMI) device in operational technology (OT), an IoT node, or a POS terminal.



Ransomware on the Rise: An Enterprise Guide to Preventing Ransomware Attacks  > Download Whitepaper
Ransomware isn’t new. In fact, it’s 30-years-old. What IS new is ransomware’s sudden rise as a favored attack by cyber criminals. Cyber crime has become a lucrative business and, unfortunately, ransomware has become an integral attack method that many organizations are ghting a losing battle against.



Best Practices for Privileged Identity Management in the Modern Enterprise  > Download Whitepaper
Data breaches continue to be top of mind for organizations large and small. Three key dynamics are making that challenge much harder — the cloud, the growing sophistication of attackers, and dramatic growth in outsourced services. In this paper, we explore the modern enterprise — a hybrid organization with infrastructure spread across on-premises data centers as well as hosted in the cloud and one where IT functions are split between internal and 3rd-party administrators. We look at these and related trends impacting our data security and speci cally, best practices on how to manage and govern privileged user access to mitigate these risks.



The Fidelis Platform Overview  > Download Whitepaper
Modern attacks make it through the rewall and penetrate the perimeter. Security operations teams lack the complete, visibility-enhancing and automated technology to both see and respond to these kinds of modern and advanced compromises. Instead, they have patchwork systems strung together that create more work and complexity than solutions. We have changed all that.



Enterprise Phishing Susceptibility and Resiliency Report  > Download Whitepaper
Welcome to PhishMe’s 2016 Enterprise Phishing Susceptibility and Resiliency report. The report we published in 2015 focused solely on susceptibility, only telling half of the story. Now, with over 5 million active installations of PhishMe ReporterTM across the globe, we can publish statistically significant metrics about the rate and accuracy of humans reporting phishing emails. We are excited to share this data as it has been missing from phishing studies in the past. Armed with this new data, we hope that security organizations focus their attention on the ratio of Report-To-Click instead of dwelling on susceptibility metrics.



Jason Lish

Jason Lish
Executive Vice President and Chief Security Officer
Alight Solutions
ISE® West Executive of the Year Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Financial Category
ISE® Central Executive Award Finalist 2018

Biography

Security Talent Today & Tomorrow  > Download Presentation
Investment in Cyber Security has increased dramatically over the last few years and in turn, many companies are still struggling to fill much need roles with qualified security talent. Earlier this year, the 2017 Global Information Security Workforce Study estimated that the job gap is growing, with the projected shortage reaching 1.8 million professionals by 2022. While the gap is not news, the fact that it is growing should be a huge concern to an already exhausted workforce. The shortage itself has been linked to everything from employers demanding too many skills in new hires, poor compensation for the required skillsets, lack of effective education options, and inefficient recruiting processes. So how should companies address the issue? Join Jason Lish as he examines the industry need for finding and retaining the right security talent, key skillsets needed to improve the security industry, and how current InfoSec professionals can ensure they’re continually improving themselves to ensure a more secure future.


Sancheti_Hardik

Hardik Sancheti
Senior Manager, Identity Management Infrastructure
Seagate

Balancing Security and Business: Building a Next Gen SSO Program  > Download Presentation
Upon moving to a zero trust security model, the team at Seagate decided to replace their previous SSO infrastructure to support this new model. The NextGen Single Sign-On (SSO) program sought to solve one of the issues of the previous SSO infrastructure regarding potential vulnerabilities to a malicious insider who could acquire users’ SSO cookie in a “watering hole” attack. The project replaced Seagate’s SSO infrastructure with a secure platform that supports risk-based authentication and robust federation. The infrastructure was deployed across two data centers and two disaster recovery sites and included migrating over 150 applications and 50 federations (SSO across two or more domains / companies) with positive impact to Seagate’s business. Join our conversation to learn how the Seagate team was able to not only sole the “watering hole” issue, but also enhance overall security and access management capabilities by implementing end-to-end SSL, risk-based authentication and session assurance as well as better align the infrastructure to business initiatives for SSO, mobile, social and cloud integrations.


Ocegueda_Luis

Luis Ocegueda
Senior Security Engineer
Walmart
Biography

A Framework for a Secure Future  > Download Presentation
Walmart operates one of the largest cloud environments and leverages the open source tool OneOps to manage applications and operating systems. The OneOps Security Framework is an integration that allows applying security best practices and configurations to any application or operating system automatically at deployment to save time while meeting security and compliance requirements. The OneOps Security Framework project has helped teams meet security objectives seamlessly thus saving thousands of man-hours on configuration, testing, implementation, and remediation. The framework has also been made available to all industry users of OneOps through Walmart’s open source initiate. Join our conversation to learn how the Walmart team leveraged their OneOps management tools to develop a process for testing new configurations, apply configurations prior to deployment, and force application and operating system configurations or updates at deployment time.


tim smith

Tim Smith
Sr. IT Manager of End User Computing and Corporate Information Security
Western Union
Biography

Building a Blueprint for Better Mobile Security  > Download Presentation
Western Union is a huge proponent of empowering their end users via mobile devices, and in 2016 they wanted to make sure they had a strong mobile threat defense solution in place that would properly safeguard their employee’s mobile devices and data. To accomplish this, they required a solution which provided protection across the most common mobile threat vectors- malware, malicious networks, and OS/configuration vulnerabilities- and which was easy to deploy and manage, offered in-depth reporting and analysis, protected devices in real-time, and could mitigate threats automatically. Join our conversation to learn how Western Union was able to deploy an effective and easy to use mobile security solution that helped them empower a safe but mobilized workforce.


Thusu_Arjun

Arjun Thusu
Senior Vice President & CSO
YapStone
Biography

Securing What You Share: Improving Your Third-Party Security  > Summary
When organizations start working with third-party vendors, they have to consider a variety of security concerns. These vendors often have access to valuable, sensitive corporate data, yet according to a 2016 study by the Ponemon Institute, more than one third of companies don’t believe these vendors would tell them if they had a data breach. Additionally, About 60% of respondents said they felt vulnerable because they were sharing sensitive data with third parties that might have weak security policies. While including data privacy and security procedures in third-party contracts to ensure vendors have appropriate measures in place to protect company data has become commonplace, it is difficult to evaluate how the vendor is protecting data from unauthorized access, use, and disclosure, and to know whether the vendor has appropriate contractual terms in place with downstream, who may also have access to your data. This disconnect creates a high-risk area for all industries as more and more data loss through third-party vendors results in a breakdown of trust and communication. To help prevent potential damages, organizations need to develop plans for working with third parties that involve data mapping vendors, contract specificity, and regular data audits.


Al Ghous

Al Ghous
Sr Director, Cyber Security
GE Digital

The Internet of Things Is Here and Growing, But Are You Ready for It?  > Summary
The once nebulous Internet of Things has slowly but surely become a more defined and pressing issue for Information Security professionals as more organizations begin to adopt the IoT into their business structure. Gartner predicts that in the year 2020, 25 billion ‘things’ worldwide are connected to the internet with a collective economic value of two trillion dollar. While that still leaves current InfoSec professionals some time to adapt to a more pervasive Internet of Things, the question remains; “How ready is your organization for IoT adoption now?” Does your organization have the right skillsets and capabilities in place now to start investing in IoT related projects? Aside from all the innovative, technical and business skills needed, perhaps the greatest skill needed is the ability to understand what missing factors are in the organization’s capabilities.


Selim Aissi
Chief Security Officer
Ellie Mae
ISE® West Executive Award Finalist 2015
ISE® North America Executive Award Finalist 2015 - Commercial Category

Biography

Security from the Inside: Combating Insider Threats  > Summary
While the popular view of most security threats tends to be of outsiders, the last few years have also seen an increasing emphasis on threats to the enterprise from the inside. Insider threats can range from something as simple as a negligent employee who clicks on a bad email link to a disgruntled employee with privileged access to sensitive data and portions of the enterprise. A 2016 survey on insider threats by Bitglass revealed that one in three organizations interviewed had experienced insider attacks, with 56% saying they have gone up in the past year. Organizations are starting to see improvements in detecting insider threats however. In the same survey, 64% of the respondents said they can now detect breaches within a week, compared to the previous year where only 42% were able to do so. While there have been some improvements in dealing insider threats, there still remains a strong need for a more vigilant and proactive approach to identifying, isolating, and mitigating damage from these kinds of attacks.


Caleb Sima

Caleb Sima
Managing Vice President, Cyber Security
Capital One Financial
Biography

Engineering a Social Solution: Protecting Your Enterprise from Social Engineering Attacks  > Summary
Social engineering attacks, which rely on human interaction and fraudulent behavior to trick people, have become one of the fastest growing security threats for enterprises today. While more traditional attacks prey on technology-based system vulnerabilities, like software bugs and misconfigurations, social engineering attacks target human vulnerabilities by using deception to trick targeted victims into performing harmful actions. Whether it’s a spear phishing, consumer phishing, business email compromise (BEC) or even ransomware, there are a myriad number of attack types that proliferated at an alarming rate in just the last year. Moreover, Agari’s 2016 Email Security: Social Engineering Report found that 60% of surveyed security leaders said their organizations were or may have been victim of at least one targeted social engineering attack in the past year. Additionally, 65% of those who were attacked say that employees' credentials were compromised as a result of the attacks and financial accounts were breached in 17% of attacks. As threat actors continue to employ these types of attacks, organizations must begin taking the necessary countermeasures to prevent the extensive damage they can cause.