T.E.N. Knowledge Base

TAKING CONTROL OF THE DIGITAL AND MOBILE USER AUTHENTICATION CHALLENGE  > Download Whitepaper
More websites, more mobile devices, more user accounts. It all adds up to more passwords and more access pathways. Traditional password strategies just aren’t keeping pace with the evolving landscape, where identity is increasingly a critical threat vector. The challenge is complex, complicated not just by rapidly changing user needs, but also by the information they need to access and the devices they use. This Technology Dossier examines the growing demands on authentication systems and the issues IT is struggling with to protect digital assets and retain control, while achieving the desired user experience.

Identity and Access Intelligence: How Big Data and Risk Analytics Will Revolutionize IAM  > Download Whitepaper
In recent years Identity and Access Management (IAM) solutions have made great advances in helping enterprises increase the efficiency of user account provisioning and more effectively manage IT audits. Yet in too many cases these enterprises still discover orphan accounts, people with inappropriate or excessive access to confidential and sensitive data, “privileged users” with unnecessary permissions, employees with toxic combinations of entitlements (violating segregation/separation of duty rules), and individuals violating corporate policies.

A vision for cyber security detection analytics  > Download Whitepaper
Organizations are in the midst of considering how Big Data can assist in their plans to detect advanced cyber adversaries. Many are starting to build Big Data infrastructure and feed it both structured and unstructured data, but few have determined exactly what they will do with the data after they have collected it. This paper outlines the vision of what to do with all this security data; a vision for detecting advanced adversaries through pairing Big Data and data science.

The Problem with Privileged Users  > Download Whitepaper
Today’s users need easy “anytime, anywhere” access to information and services so they can do their jobs. The technologies needed to deliver that simplicity have become increasingly complex, and someone has to be there to keep it all running. These administrators (or super users) need “privileged” access to everything within the system in order to troubleshoot, resolve issues and maintain that immediate level of access. This privileged access is necessary, but it can pose some serious problems. Today’s increasingly complex environments require many administrators, from users with “root-level” access to key systems to Active Directory (AD) managers. And if you’re like most companies, you may have more of these privileged users than you think.

NARROWING THE SECURITY GAP WITH AUTOMATED CONFIGURATION ASSESSMENT  > Download Whitepaper
In this guide, Qualys describes internal risks to IT security and three best practices to control incorrect configurations. Critical components to this include automation of assessments and prioritization of risks. By using the automation technology in Qualys Policy Compliance, organizations can ensure the safety of sensitive data and IT while meeting mandates for compliance.

Rapid7 Vulnerability Management Buyer's Guide  > Download Whitepaper
With increasingly complex IT environments, vulnerability scans can produce an overwhelming amount of information. Filtering through results to find the true risks that matters to your business can be a challenging and time-consuming task. A good VM solution does more than just scanning – it also helps you to prioritize vulnerabilities to drive effective risk reduction. That's why we've created this buyer's guide, with an easy-to-use checklist, to help you determine your requirements for selecting an effective vulnerability management solution for your organization.

Why You Need to Protect Your Customers’ Online Experience in Real Time  > Download Whitepaper
This white paper focuses on the increasing level of threat that any Web or mobile app customers faces and what companies must do to protect them. It also provides a brief overview of RiskIQ, the sponsor of this paper, and its relevant offerings.

Symantec Security Intelligence  > Download Whitepaper
So essentially, you’re caught between Internet-addicted users who are demanding even more exibility and freedom—and smart, organized criminals who are fully prepared to pounce on all the new risks and vulnerabilities they create. It’s a perfect storm. Our industry has never experienced anything quite like it. So now the question is, what are you going to do about it?

HUNTING DOWN AND FIGHTING AGAINST EMERGING CYBER THREATS  > Download Whitepaper
In this paper, we’ll explore the current state of cyber security – the good, the bad, and the ugly. We’ll examine how Tanium delivers essential capabilities for incident responders to hunt down and investigate threat indicators rapidly and then take swift mitigating actions – within seconds, and at scale. We’ll showcase real-world use cases to demonstrate how you can turn the tables on cyber attackers – at less cost, in less time, and more simply than ever before. And better yet, we’ll show you how you can fight back.

Malware, Zero Day and Advanced Attack Protection Analysis  > Download Whitepaper
Miercom conducted a Security Efficacy Analysis of network-based breach detection and Zero Day and Advanced Persistent Threat (APT) protection solutions that utilize threat emulation. The assessment included products from vendors, Zscaler and FireEye.

The Balancing Act: Managing Expectations Across the Enterprise > Download Presentation
Ongoing breaches and reports of cyber espionage have brought Information Security center stage with executive management, boards of directors and customers alike. The business expects the CISO to manage an agile, high-performing security program, yet consistently fails to adequately underwrite or provide the range of resources necessary to meet growing demands. Now expected to be a transformative leader, CISOs are struggling to balance new perceptions when such a disconnect exists between expectations and reality. Just as managing the complexity of the threat environment mandates a solution-based, multi-layer approach, so does navigating the complex relationships necessary to bridge the gaps between security and the enterprise. During this presentation, learn how to work with various business units and departments to build and empower your leadership team, so that you can better manage the heavy burden of defending your organization against the unrelenting array of cyber threats.

You wanted a seat at the table… now what?  > Download Presentation
As the role of CISO has continued to mature, the leaders selected for the role are being asked to advise on a wider range of topics that increasing involve understanding all manner of risk. Technology is inexorably embedded in every aspect of the business and in order to remain relevant we must be providing our business partners with the tools they need to understand risks they accept. We must enable the goals of the business and to help set an appropriate risk appetite that balances the business need with the security objective.

Security Overhaul – Building a World Class, Multi-dimensional Protection Program
In recent years, several major U.S. retailers have been victim to megabreaches causing significant loss, interrupting business operations and causing immeasurable damage to brand reputation. This served as an impetus for Belk, the nation’s largest family-owned retailer, to launch a full scale, multi-dimensional project to protect its card processing system, network perimeter and significantly enhance the store’s controlled environment. The project, which spanned a six-month period, achieved PCI and SOX compliance, initiated board-level reporting and launched a security awareness campaign touching more than 20,000 employees. Learn how the security team at Belk was able to integrate and implement multiple solutions into a single, robust, rapidly deployed security project in order to significantly improve the company’s security environment and simultaneously instill security as an integral part of corporate culture.

Ensuring Accountability through Project TAPOUT  > Download Presentation
The Healthways security team needed a better way to hold various internal groups and third parties accountable for security protocol. Although the data was there, they struggled to find an external tool that made follow-up easy for users, while ensuring corrective response occurred within the required timeframe – a problem faced by many enterprise security organizations. The team instead collaborated to build an in-house web application and database to enhance a purchased solution that facilitated adequate documentation around vulnerability management and reduced the remediation time by greater than 200%. Learn how the team undertook this resourceful endeavor to improve communication, expedite patching efforts and more efficiently protect the critical information and assets of millions of users across the globe.

BotRadar – Invisible Protection from Malicious Attacks  > Download Presentation
An increase in brute force password attacks and phishing attempts resulted in automated account lockouts for EarthLink employees and customers, placing unnecessary strain on call centers and causing negative user experiences. The security team sought to add an invisible layer of protection that would collect, analyze and take automated action on suspicious behaviors at great speed in order to protect users without impacting business operations. Implementing the three-phase, collaborative and cross-functional project, not only improved user experience, but also resulted in a 92% reduction in account lockouts and an 80% reduction of customer support calls saving nearly $200,000 annually. Learn how the team worked with multiple business units to modify and enhance home-grown technology that protects more than one million users by thwarting approximately 10 million new attacks every day.

Real Life War Games: Avoiding the High-profile Mega Breach  > Read Summary
In 1983, the idea of hacking into a computer system was science fiction, but today it is a terrifying – almost daily – reality. Most organizations underestimate their risk and vulnerability to cyber attacks, yet hacker activity is intensifying. More than 700 security breaches have been reported during 2014 alone, several of which have been high-profile, significant incidents compromising the private data of millions of people, costing millions of dollars, consuming excessive amounts of time to remediate and in some cases destroying careers. Now, large-scale breaches such as Sony, Target, P.F Chang’s, JPMorgan Chase and Home Depot are a weekly occurrence. With more incidents and more variation than ever before, the only question is – who will be next?

The New CISO: Agent of Change  > Read Summary
CISOs need to be Agents of Change in order to lead successful information security programs. They are no longer just operating in the familiar technical spheres of influence. Now expected to be a business enabler, a CISO must lead efforts to build consensus for security as a priority in the enterprise by selling the Board, the C-suite and others on the benefits of a proactive approach. Despite driving a “Program of Change” CISOs often overlook the business marketing skills and activities that are essential when it comes to gaining budget and program approval. Today’s CISOs need to understand branding and establish a “go-to-market” plan in order to “sell” their Security Program.

Social Engineering: Can Organizations Win the Battle?  > Read Summary
Gone are days of mass emails with misspelled messages. Criminals today are doing more reconnaissance than ever before – aided by social networks -- to craft targeted emails that trick people into opening malware-rigged attachments or divulging passwords and sensitive information. The threat is highly targeted and sophisticated and intended to cause strategic harm, financial loss, reputation damage and technical breaches. And it’s proving costlier than ever. With recent breaches, the imperative to counter social engineering takes on a whole new level of urgency. While some organizations develop employee-awareness training or solicit pen testing, or use some combination of the two, these preventive tactics can only go so far. Adopting a "know thy data" approach -- in terms of what it is, how valuable it is and where it is -- and then focusing on securing it may be the key to surviving the onslaught of attacks.

Cyber Threat Intelligence: A Gold Mine of Value  > Read Summary
An intelligence capability empowers organizations to identify potential threats and vulnerabilities in order to minimize the ‘threat attack window‘ and limit the amount of time an adversary gains access to the network before they are discovered. Organizations that operate with an intelligence-led mindset understand that threat intelligence is the ‘mechanism’ that drives cyber security investment and operational risk management. The number of cyber threat intelligence providers continues to increase and the idea of threat intelligence is gaining widespread acceptance. While increased awareness of the cyber security threat is a positive trend, many organizations still need to put in place the fundamentals of intelligence management to gain real value from threat intelligence. This will be a crucial for instilling confidence in board members – and ensure that the organizations are equipped to leverage the gold mine of value that can be extracted from cyber threat intelligence.