T.E.N. Knowledge Base

ISE® North America 2018

Allow is the New Block: 10 Requirements for Saying “Yes” to User-led Cloud Services  > Download Whitepaper
Cloud adoption in the enterprise continues to gain momentum with more than 1,000 cloud services used by employees in a variety of environments from retail to healthcare and everything in between. It turns out that fewer than 5% of these cloud services are IT-led with IT having administrative access and the ability to manage the deployment. IT-led cloud services often include suites like Office 365 and Google G Suite and apps like Salesforce, Box, ServiceNow, and dozens of others. While IT-led cloud services often garner most of the enterprise focus, more than 95% of cloud services used by enterprises are user-led and are either shepherded in by lines of business or brought in by individual users that sign up for them because they are easy to access and use. User-led cloud services often fly under the radar of IT and security personnel and they are typically labeled as ‘unsanctioned’ or ‘Shadow IT’.

Given the lack of visibility and control, what does the security team do about user-led cloud usage? Do they take extreme security measures and try to block them using legacy security tools or do they allow their use and hope users do the right thing? This is a difficult decision and presents a catch-22 between extracting value from the cloud and being secure. Let’s take a look at the potential impact resulting from an allow or block decision.

The Security 2025 Project  > Download Whitepaper
As a community, we need to unite and define the new North Star of enterprise security. For the last 20 years, we have reactively implemented monolithic, ineffective solutions that are not integrated and introduce complexity, resource drag, and alert fatigue. How can we challenge ourselves to a new way of thinking? What do we want our security stack to look like by 2025?



Closing the IT Security Gap with Automation & AI in the Era of IoT: Global  > Download Whitepaper
The purpose of this research, sponsored by Aruba, is to understand the reasons for the dangerous gap in modern IT security programs and strategies, a gap that is diminishing the ability of organizations to identify, detect, contain and resolve data breaches and other security incidents. The consequences of the gap can include financial losses, diminishment in reputation and the inability to comply with privacy regulations such as the EU’s General Data Protection Regulation (GDPR).



Attivo Networks - ThreatDefend  > Download Whitepaper
We had intended to include Attivo Networks’ ThreatDefendTM Detection and Response Platform in our deception networks group but after looking pretty closely at it we decided that it is quite a bit more than a deception grid. It is true, of course, that this system includes BOTsink, a deception tool that is both effective and well-known. But BOT- sink is just part of the story. This is a full-fea- tured incident response system.



UEBA and Machine Learning: Automating Data Security Analysis  > Download Whitepaper
Securing electronic data in today’s environment remains a daunting challenge, particularly as technologies including mobility and the cloud continue to increase the complexity of maintaining effective defenses.

For decades, organizations have invested significant resources in creating layered IT security policies and infrastructure. However, as those methods and tools have continued to mature, so has the complexity of related management. While existing methods are adept at determining where issues occur, practitioners are frequently challenged to pinpoint critical incidents and prioritize response, based on the requirement to analyze huge volumes of security data generated by a vast array of sources.

To overcome this hurdle, today’s organizations require more effective analytical capabilities that calculate the precise intersection of sensitive data and user behavior, allowing them to focus on those responsive actions that will directly mitigate emerging data security risks.



20 CRITICAL SECURITY CONTROLS With Qualys Cloud Platform  > Download Whitepaper
The cyber security world is a noisy place. CISOs get bombarded daily with information, including the latest research studies, threat warnings, vendor announcements, industry and regulatory mandates, best practice controls and hacking incident reports.



The Making of the Modern CISO: Evolving Risks, Roles, and Rewards  > Download Whitepaper
Information Security (InfoSec) professionals who thrive to fight cyberattacks may be on a career path to rise to the level of Chief Information Security Officer (CISO). Even now, a fairly significant number shoulder many of the same risks and responsibilities that are inherent to the CISO position.

And the industry needs more prospective candidates who set high personal goals and grow from their experiences. Fortunately, future CISOs are already amassing experiences that inform their work. Get to know the modern CISO and their making. A collection of insights from top CISOs and business experts awaits.



Employee Benefits Organization Reduces Phishing Susceptibility by More Than 89%  > Download Whitepaper
Wombat’s assessments and education modules are core components of the organization’s security awareness and training program

The Challenge
In early 2015, a retirement benefits organization for public employees in the western United States was researching options for security awareness training. As part of that process, the association wanted more insight into its level of phishing susceptibility.