Securing Your Point of Sale Systems: Stopping Malware and Data Theft

•Download as PPTX, PDF•

0 likes•978 views

Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack. During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems. •3 Critical Entry Points to POS System Attacks •Impacts to an Organization •Top 3 Security Measures to Minimize Risk

Technology

Securing Your Point
of Sale Systems
Stopping Malware and
Data Theft
Chris Merritt | Solution Marketing
Source: http://www.wired.com/threatlevel/2014/01/target-hack/

February 20, 2014

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Today’s Agenda

Setting the Stage
Three Attack Vectors
Impacts on Organizations

Top Security Measures to Minimize Risk

Setting the Stage
• Focus on POS Systems, but …
» Need to consider other fixed function
assets which abound, such as ATMs,
kiosks, self-checkout, etc.
» Need to consider the entire chain,
including “back office” assets such as
servers, workstations, etc.

• Focus on Retail Sector, but …
» Need to consider other sectors where POS
systems and other fixed function assets are
heavily used, such as the Healthcare and
Financial sectors

3
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Threat Environment

Source: Store Systems Security | Preparing for the Paradigm Shift– by IHL Group (Aug-2013)

5
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Threat Environment

Source: Store Systems Security | Preparing for the Paradigm Shift– by IHL Group (Aug-2013)

6
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Targeted Assets

Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)

7
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Targeted Assets

Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)

8
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Targeted Assets

Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)

9
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Targeted Assets

Source: 2013 Data Breach Investigations Report – by Verizon (Apr-2013)

10
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Breach Timeline

11
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Security Alerts

12
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Security Alerts

13
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Security Alerts

14
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Three Attack Vectors
Physical Attack
» Examples: Tampering, Beacons
» Impacts Front Line Assets

Network Attack
» Examples: Hacking, Malware
» Impacts Front Line and Back Office
Assets

Supply Chain Attack
» Examples: Hacking, Malware
» Impacts Back Office Assets

15
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

US Breach Data (2005 – 2013)

X-axis = Year

Y-axis = Breach Count

17
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Bubble size = Breach Size

Breaches by Organization Type (2005 – 2013)

18
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Records by Organization Type (2005 – 2013)

19
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Data Breach Costs

20
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Defense-in-Depth
• Multiple layers of Security Controls
» Redundancy in case
Failure or Exploitation
» Covers People, Process
and Technical Controls
» Seeks to delay attack

• Endpoint security threats
too complex
» Need multiple technologies
/ processes

• Successful risk mitigation
© Creative Commons / Fidelia Nimmons
» Starts with solid Vulnerability
Management
» Add other Layered Defenses, beyond traditional Blacklist approach
» Consider both Network and Physical Vectors

22
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Practical Defense-in-Depth

23
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Practical Defense-in-Depth

24
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Practical Defense-in-Depth
Whitelisting

25
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Breach Timeline (IS)

26
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Breach Timeline (Ideal)

27
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Additional Information
Free Security Scanner Tools
» Application Scanner – discover all the apps
being used in your network
» Device Scanner – discover all the devices
being used in your network
https://www.lumension.com/resources/
premium-security-tools.aspx

Free Trial (virtual or download)
http://www.lumension.com/endpoint-managementsecurity-suite/free-trial.aspx

Reports
» Targeted Threat Protection for POS Systems
https://www.lumension.com/Media_Files/
Documents/Marketing---Sales/Datasheets/
Lumension-Endpoint-Security---Point-ofSale.aspx
» Tolly Reports on Application Control vs.
Antivirus Performance at http://www.tolly.com/
Server: ~/DocDetail.aspx?DocNumber=213121
Client: ~/DocDetail.aspx?DocNumber=213126

28
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Global Headquarters
8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255

1.888.725.7828
info@lumension.com

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Viewers also liked

Real World Defense Strategies for Targeted Endpoint Threats

Lumension

Organizations around the world are losing intellectual property and customer data to cyber criminals at mind-boggling rates. How is this happening? For 5 consecutive years, the annual State of the Endpoint Report, conducted by Ponemon Institute, has surveyed IT practitioners involved in securing endpoints. This year’s report reveals endpoint security risk is more difficult to minimize than ever before. What are IT pros most concerned about heading into 2014? From the proliferation of mobile devices, third party applications, and targeted attacks/APTs, endpoint security risk for 2014 is becoming more of a challenge to manage. Larry Ponemon of the Ponemon Institute reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2014 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn: •IT perspective on the changing threat landscape and today’s Top 5 risks; •Disconnect between perceived risk and corresponding strategies to combat those threats; •Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain

Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk

Lumension

Thanks to you, the audience at UltimateWindowsSecurity, for the 2014 Survey. It was a great success with over 600 respondents! I appreciate all of you who took the time give me your thoughts. You’ve provided some great ideas for real training for free™ in the coming year and I’ve learned which topics are most important to you. That’s going to benefit all of us. In this presentation, we'll present our findings. We’ll talk about the community’s top goals for 2014, which topics you recommended I cover in 2014 and what our community sees as the greatest security concerns for 2014. And we’ll discuss other trends emerging from the data. Find out about the top trends, such as: SIEM – What are the top SIEM solutions? What is the UWS community’s top 3 biggest challenges with log/monitoring/security analytics? Endpoint Security – How widely is application whitelisting being used and what is driving its adoption? Which endpoint security technologies really work and which are just hype? Mobile Devices – Are employee owned mobile devices supported at your organization? Is your biggest concern with mobile devices malware, data loss, compliance? The Cloud – How widely are your peers embracing the cloud? Is your organization’s security policy, technology and training keeping up with the move to the cloud? Advanced Security Topics – What are your peers doing about “big data”? What about endpoints as sensors, and other new security approaches? This will be a fact-filled and fascinating presentation on where we are and where we are going on a host of different security fronts. Don’t miss it.

2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...

Lumension

2014 BYOD and Mobile Security Survey Preliminary Results

Lumension

Security expert Randy Franklin Smith from Ultimate Windows Security, shows you a technical and pragmatic approach to mobile security for iOS and Android. For instance, for iOS-based devices, he talks about: • System security • Encryption and data protection • App Security • Device controls Randy also discusses Android-based devices. While Android gets its kernel from Linux, it builds on Linux security in a very specialized way to isolate applications from each other. And learn about iOS and Android mobile device management needs: Password and remote wipe capabilities are obvious but there’s much more to the story. And you’ll hear Randy's list of top-10 things you need to secure and manage on mobile devices in order to protect access to your organization’s network and information.

Top 10 Things to Secure on iOS and Android to Protect Corporate Information

Lumension

Careto: Unmasking a New Level in APT-ware

Lumension

2014 Data Protection Maturity Survey: Results and Analysis

Lumension

Windows XP is Coming to an End: How to Stay Secure Before You Migrate

Lumension

Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...

Lumension

Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015. • Protecting Endpoints: How the attack surface has changed, and the impact to your defense strategy • Anti-Malware: The best ways to deal with today’s malware and effectively protect your endpoints from attack • Endpoint Hygiene: Why you can’t forget the importance of ensuring solid management of your endpoint devices • BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization • The Most Important Buying Considerations in 2015

2015 Endpoint and Mobile Security Buyers Guide

Lumension

Today, everything has to be patched. From desktop and laptop to server and every operating system in between. With compliance, what we have to pay attention to is what’s actually out there on our network – not just what you wish were there. Servers (Windows, UNIX and Linux)Even Windows-centric environments have at least a few UNIX or Linux servers that need to be secure and patched. Linux and UNIX servers often fulfill critical functions with few and short maintenance windows. These can be a real pain point for admins who specialize in Windows or are managed by an entirely different admin. Desktops (Windows and Macs)Maybe you are responsible for desktops instead of servers. Again it’s not just a Windows story any more. More and more people are opting for Macs instead of Windows. Watch the vulnerability lists and you’ll see that Macs need patching too. The kicker though is the 80/20 rule. If at least 80% of the computers on your network are Windows and the remaining 20% are everything else – it’s a safe bet, given the maturity and ease of WSUS, that 20% of your patching effort goes to Windows but 80% of your effort is consumed with patching all the different flavors of UNIX, Linux and your Mac computers. We need one system to manage all our patches and one pane of glass to prove compliance from data center to desktop. Believe it or not System Center 2012 R2 provides the infrastructure to do just that – it just needs a little help. Last time we showed you how you can patch 3rd party apps on Windows through System Center Update Manager. This time we’ll show you how you can patch non-Windows systems using the new System Center clients for UNIX, Linux and Mac.

Using SCCM 2012 r2 to Patch Linux, UNIX and Macs

Lumension

Viewers also liked (11)

Real World Defense Strategies for Targeted Endpoint Threats

Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk

2014 Security Trends: SIEM, Endpoint Security, Data Loss, Mobile Devices and ...

2014 BYOD and Mobile Security Survey Preliminary Results

Top 10 Things to Secure on iOS and Android to Protect Corporate Information

Careto: Unmasking a New Level in APT-ware

2014 Data Protection Maturity Survey: Results and Analysis

Windows XP is Coming to an End: How to Stay Secure Before You Migrate

Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps...

2015 Endpoint and Mobile Security Buyers Guide

Using SCCM 2012 r2 to Patch Linux, UNIX and Macs

Similar to Securing Your Point of Sale Systems: Stopping Malware and Data Theft

Cyber crime is pervasive and here to stay. Whether you work in the Public Sector, Private Sector, are the CEO for a Fortune 500 Company or trying to sustain a SMB everyone is under attack. This February, President Obama, issued an executive order aimed at protecting critical business and government infrastructure due to the scale and sophistication of IT security threats that have grown at an explosive rate. Organizations and Government agencies have to contend with industrialized attacks, which, in some cases, rival the size and sophistication of the largest legitimate computing efforts. In addition, they also have to guard against a more focused adversary with the resources and capabilities to target highly sensitive information, often through long-term attack campaigns. Many security executives are struggling to answer questions about the most effective approach.

Breaking down the cyber security framework closing critical it security gaps

IBM Security

Using Threat Intelligence to Address Your Growing Digital Risk

SurfWatch Labs

Cyber attacks are reaching pandemic levels. State-sponsored groups and organized crime are successfully stealing valuable intellectual property—including critical infrastructure and operational readiness information, businesses’ and consumers’ financial data—often without anyone realizing the attack has occurred! But preparedness cannot be delegated solely to the IT department. The involvement of the entire enterprise, armed with an understanding of the highly dynamic landscape, is vital for warding off potential threats. Author: David Etue, VP of CorpDev Strategy, SafeNet Watch the webcast on demand: https://www.brighttalk.com/webcast/6319/75109

Cyber Security Management in a Highly Innovative World

SafeNet

Hacking the Helpdesk, Craig Clark

Service Desk Institute

Hacking the Helpdesk: Social Engineering Risks

Craig Clark ITIL, CIS LI,EU GDPR P

Most cybersecurity professionals know the CIS Top Five Critical Security Controls. Yet, the evidence that they are effective is slim. Using data on cyber-incidents, researchers looked at the attack paths used by adversaries and determined what controls could have disrupted these attack paths. The result is a new set of critical controls that organizations should implement on a priority basis. Learning Objectives: 1: Understand evidence-based approach to selecting controls. 2: Understand why the “new top five” controls were selected. 3: Chart a pathway to implementing the new top five controls. (Source: RSA Conference USA 2018)

Evidence-Based Security: The New Top Five Controls

Priyanka Aash

MYTHBUSTERS: Can You Secure Payments in the Cloud?

Kurt Hagerman

Cyberthreat Defense Report Edge 2017-cdr-report

E.S.G. JR. Consulting, Inc.

CyberEdge Group's fourth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,100 IT security decision makers and practitioners conducted in November 2016, the report delivers countless insights IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.

Cyberthreat Defense Report 2017 by Impreva

Ghader Ahmadi

WhiteHat Security’s Website Security Statistics Report provides a one-of-a-kind perspective on the state of website security and the issues that organizations must address in order to conduct business online safely. Website security is an ever-moving target. New website launches are common, new code is released constantly, new Web technologies are created and adopted every day; as a result, new attack techniques are frequently disclosed that can put every online business at risk. In order to stay protected, enterprises must receive timely information about how they can most efficiently defend their websites, gain visibility into the performance of their security programs, and learn how they compare with their industry peers. Obtaining these insights is crucial in order to stay ahead and truly improve enterprise website security. To help, WhiteHat Security has been publishing its Website Security Statistics Report since 2006. This report is the only one that focuses exclusively on unknown vulnerabilities in custom Web applications, code that is unique to an organization, and found in real-world websites. The underlying data is hundreds of terabytes in size, comprises vulnerability assessment results from tens of thousands of websites across hundreds of the most well-known organizations, and collectively represents the largest and most accurate picture of website security available. Inside this report is information about the most prevalent vulnerabilities, how many get fixed, how long the fixes can take on average, and how every application security program may measurably improve. The report is organized by industry, and is accompanied by WhiteHat Security’s expert analysis and recommendations. Through its Software-as-a-Service (SaaS) offering, WhiteHat Sentinel, WhiteHat Security is uniquely positioned to deliver the depth of knowledge that organizations require to protect their brands, attain compliance, and avert costly breaches.

WhiteHat Security Website Statistics [Full Report] (2013)

Jeremiah Grossman

Information security for small business

BDPA Charlotte - Information Technology Thought Leaders

This webinar presents a best-practices framework on assessing your risks, using the National Institute of Standards and Technology (NIST) privacy risk assessment methodology. Matt Eshleman, Community IT Innovators’ CTO and resident cybersecurity expert, will teach you how to Understand the cybersecurity threats facing nonprofits perform a basic assessment using our NIST survey tool understand the recommendations budget for risk prevention engage nonprofit executives in supporting proactive cybersecurity create an actionable road map with next steps for your organization Over the last few months, many organizations began to use personal computers and devices for work, quickly set up cloud file sharing platforms, put the entire remote office on Slack or Teams, or moved to using Zoom for conference calls. Even if we did our best to implement thoughtful security protocols and train new users on new tools, circumstances have made measured approaches to cybersecurity difficult. Your practices are probably out of sync with your security needs. You know your nonprofit organization is at risk. But do you know how to manage cybersecurity risk? Now is the time to better manage risks by reviewing your cybersecurity stance and (re)training your users on security best practices.

Nonprofit Cybersecurity Risk Assessment Basics

Community IT Innovators

Biznesa infrastruktūras un datu drošības juridiskie aspekti

ebuc

Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...

Jay Kesan

OSB50: Operational Security: State of the Union

Ivanti

Does IT Security Matter?

Luke O'Connor

Threat management continues to be a hot topic within cybersecurity, and rightfully so. Understanding the evolving technical and behavioral threat landscape and adapting mitigation controls is the key to proactive risk management. Actionable threat intelligence is critical to enabling effective threat management. It provides visibility into the temperature within the threat actor community, what they are doing and how they are doing it (tactics techniques and procedures (TTPs)). The challenge is sorting through the volumes of threat data to identify what’s relevant and actionable. This document is intended to communicate how threat intelligence can be used to reduce business risk. The audience is security, compliance and IT professionals interested in proactive risk management.

Satori Whitepaper: Threat Intelligence - a path to taming digital threats

Dean Evans

nist_small_business_fundamentals_july_2019.pptx

JkYt1

Using an Open Source Threat Model for Prioritized Defense

EnclaveSecurity

Introduction to Incident Response Management

Don Caeiro

Similar to Securing Your Point of Sale Systems: Stopping Malware and Data Theft (20)

Breaking down the cyber security framework closing critical it security gaps

Using Threat Intelligence to Address Your Growing Digital Risk

Cyber Security Management in a Highly Innovative World

Hacking the Helpdesk, Craig Clark

Hacking the Helpdesk: Social Engineering Risks

Evidence-Based Security: The New Top Five Controls

MYTHBUSTERS: Can You Secure Payments in the Cloud?

Cyberthreat Defense Report Edge 2017-cdr-report

Cyberthreat Defense Report 2017 by Impreva

WhiteHat Security Website Statistics [Full Report] (2013)

Information security for small business

Nonprofit Cybersecurity Risk Assessment Basics

Biznesa infrastruktūras un datu drošības juridiskie aspekti

Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...

OSB50: Operational Security: State of the Union

Does IT Security Matter?

Satori Whitepaper: Threat Intelligence - a path to taming digital threats

nist_small_business_fundamentals_july_2019.pptx

Using an Open Source Threat Model for Prioritized Defense

Introduction to Incident Response Management

More from Lumension

Last time it was Adobe’s code signing servers. This time it’s 2.9 million (let’s just call it 3) customers’ data and lots and lots of source code – including that of Acrobat. Adobe products already require constant patching but offer no enterprise level solution for patching. In this presentation by Ultimate Windows Security, we’ll present why this will likely lead to more and we’ll look at what we know about this latest Adobe breach. But more importantly I’ll show what you can do in advance to protect yourself against zero-day exploits in Adobe products and programs. After all this won’t be the last time a software vendor is hacked. In this day and age we have to protect ourselves from the failures of our software providers. I’ll present 3 ways you can go on the offensive to protect yourself from the constant vulnerabilities discovered in Adobe Reader, Acrobat, Flash and Oracle Java. Here’s what we’ll discuss: *Alternatives to Adobe and Java *Different ways to containing vulnerable apps in a sandbox * Using advanced memory protection technologies to detect and stop buffer overflows and other memory based attacks Patching and AV only helps you close the window on hacker opportunity. To prevent the window from opening in the first place you have to prevent untrusted code from ever running in the first place. That requires application whitelisting and memory protection against code injection – a growing menace that bypasses controls based on file system and EXE scanning. That’s why Lumension is sponsoring this event. I think you’ll be interested seeing 2 of their end-point security technologies that will help protect you from the new exploits on their way as a result of this hack as well as the constant stream of exploits discovered every day. This is going to be a really cool presentation with practical tips that you can apply. Learn how to protect your systems from other software vendor vulnerabilities.

Adobe Hacked Again: What Does It Mean for You?

Lumension

APTs: The State of Server Side Risk and Steps to Minimize Risk

Lumension

2014 Ultimate Buyers Guide to Endpoint Security Solutions

Lumension

The European Union’s proposed new data protection regulation aims to update Europe’s data protection laws and to provide a more consistent data protection framework across the Continent. But the new regulation, which replaces the EU’s existing data protection directive and member states’ data protection laws, will put some new demands on organisations holding personal data. Breach disclosure and “the right to be forgotten” will force businesses to update their data protection and retention policies. This presentation will: - Review the current EU laws, and contrast them with laws in other parts of the world; - Examine the arguments for strengthening data protection in Europe, and the likely outcomes; - Look at what security teams should already be doing to put themselves ahead of legislative changes; - Outline strategies and technologies organisations need to meet current and future data protection requirements - Help infosecurity teams to explain the changes – and their consequences – to their boards

Data Protection Rules are Changing: What Can You Do to Prepare?

Lumension

Just over a decade ago, the outcry over Microsoft’s security problems reached such a deafening level that it finally got the attention of Bill Gates, who wrote the famous Trustworthy Computing memo. Today, many would say that Microsoft leads the industry in security and vulnerability handling. Now, it’s Java that’s causing the uproar. But has Oracle learned anything from Microsoft in handling these seemingly ceaseless problems? I’ll start by reviewing the wide-ranging Java security changes Oracle is promising to make. They sound so much like the improvements Microsoft made back with Trustworthy Computing that I’m amazed it hasn’t been done before! We’ll move on to discuss what you can do now to address Java security in your environment. One of the banes of security with Java is the presence of multiple versions of Java, often on the same computer. Sometimes you really need multiple versions of Java to support applications with version dependencies (crazy, I know). But other times, multiple copies of Java are there “just because.” In this webinar, we’ll talk about the current Java mess and how you can get out of it, including: Assessment. We’ll discuss ways and tools for cataloging what versions of Java are actually out there on your endpoints. Identification. We’ll look at methods for identifying which versions are actually required by your users; for instance, I’ll show you how you might use Process Tracking and File Access events in the Windows Security Log to see which Java files are being accessed, by whom, and by which programs. Disabling. Can you just disable Java? Maybe not for everyone, but what if you could disable it for certain roles within your company that make up 25% – or even 75% – of your workforce? That would be worth it. We’ll explore how you might go about such a measure. Hardening. We’ll dive into the technical details of hardening Java and reducing your Java attack surface, where possible. Filtering. Another way to reduce your Java risk is by filtering Java content at your gateway. Again not full coverage control – but what is? Patching. Then, we’ll delve into the Java patching nightmare. Depending on self-updaters on each endpoint, is could be a recipe for disaster, and I’ll explain why. Basically the only way out of the Java mess is a 3rd party solution that can perform centralized patch management and remediation and that’s where our sponsor, Lumension, will come in.

Java Insecurity: How to Deal with the Constant Vulnerabilities

Lumension

Bring Your Own Device (BYOD) is a popular topic in 2013. Trying to understand the security risks and prepare strategies to either adopt, or decide against BYOD for security and data control reasons is the challenge. The 160,000 member Information Security Community on LinkedIn conducted the survey "BYOD & Mobile Security 2013" to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend. With 1,600 responses, some interesting insights and patterns into BYOD were uncovered.

BYOD & Mobile Security: How to Respond to the Security Risks

Lumension

Do you want to know how ‘best-of-breed’ enterprises prioritize their IT risk? Join Richard Mason, Vice President & Chief Security Officer at Honeywell, whose team is responsible for global security, during a roundtable discussion with Pat Clawson, Chairman & CEO of Lumension and Roger Grimes, Security Columnist & Author. Uncover strategies beyond traditional antivirus signatures and learn a more holistic approach to effective risk management. Find out ‘how’ and ‘why’ you can make security a prioritized function within your organization. Join this expert panel webcast to learn how to: 1)Understand your business audiences and evaluate their risk tolerance 2)Leverage reputation management services that are appropriate for your organization 3)Utilize realistic change management to secure prioritized data depositories

3 Executive Strategies to Reduce Your IT Risk

Lumension

APTs have become a major topic of conversation – and in some cases, a critical threat – among IT security departments. But the technology and motivation behind APTs has changed significantly since the introduction of Stuxnet, continuing to evolve rapidly to avoid detection. In this special Dark Reading presentation, a leading expert on the origins and directions of APTs will discuss the changing nature of these sophisticated threats – and how you can prepare your enterprise security environment to detect and mitigate these complex and dangerous attacks.

The Evolution of Advanced Persistent Threats_The Current Risks and Mitigation...

Lumension

Businesses large and small continue to struggle with malware. Traditional approaches to malware protection, like standalone anti-virus, are proving themselves unfit for the task. Kevin Beaver, Independent Information Security Expert dives into: • How to get a better grasp of the weaknesses in endpoint security • Examining whether or not anti-virus is effective • A comparison between a proactive versus reactive approach to fighting the malware fight.

Defending Your Corporate Endpoints How to Go Beyond Anti-Virus

Lumension

In 2012 we found out that the BYOD environment and consumerization of the workplace had turned traditional notions of corporate IT upside down. The 2013 Data Protection Maturity Report will highlight how organizations have managed this trend over the last year and what steps are being taken in 2013 to further enhance data security. Find out how IT teams are developing a holistic model that encompasses policy, education, technology and enforcement. Within this slide deck, we look at each of data protection trends, helping you define your organization’s best practice guide to address the top concerns. We will also be showing you how you can gauge the maturity of your security systems, allowing you to plug any holes before your valuable data starts to leak through them.

2013 Data Protection Maturity Trends: How Do You Compare?

Lumension

What are IT pros most concerned about heading into 2013? The annual State of the Endpoint Report sponsored by Lumension and conducted by Ponemon Institute reveals APTs and mobile devices pose the biggest security threat to organizations in the coming year. Unfortunately, respondents also demonstrated a disconnect between their identified risk and planned security spend as well as a significant need for improved internal collaboration. This presentation by Larry Ponemon of the Ponemon Institute and Paul Zimski of Lumension reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2013 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn: •IT perspective on today’s Top 3 risks; •Disconnect between perceived risk and corresponding strategies to combat those threats; •Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain

Greatest IT Security Risks of 2013: Annual State of the Endpoint Report

Lumension

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats The weaponisation of software has ushered in a new era of cyber attacks. But with 99% of organizations not prepared for this new front line of cyber-warfare, what does this spell for your business? • Gain a detailed overview of the next generation of threats out there • Understand how to detect key threats and attacks before they develop a stranglehold on your business • Implement the right integrated strategy to keep you safe from cybercriminals on today’s front line

Weaponised Malware & APT Attacks: Protect Against Next-Generation Threats

Lumension

Well-organized, highly sophisticated cyber attacks continue to make headlines, hitting major U.S. banks and global companies like Adobe to name a few. In support of October as National Cyber Security Awareness Month, Lumension CEO Pat Clawson, Prolexic CEO Scott Hammack, security industry expert and author, Richard Stiennon and industry analyst and webcast moderator Eric Ogren will share their unique insight into these recent news-making attacks and what they mean for enterprises everywhere. Learn: •The latest, seemingly extraordinary attacks; •How these attacks could escalate to the point where they matter to you and; •What you should be doing to secure against them.

Sensational Headlines or Real Threats? What New Attacks Mean For You.

Lumension

This presentation by Randy Franklin Smith from Ultimate Windows Security reviews, “Stopping the Adobe, Apple and Java Software Updater Insanity”. He shares tips and caveats for dealing with the most common software updaters from Adobe, Apple and Oracle. But the bottom line is that we all need centralized patch management and he’ll explore the important requirements and architectural issues you should be aware of in this space.

Stopping the Adobe, Apple and Java Software Updater Insanity

Lumension

The proliferation of USB flash drives and other removable storage devices has increased the porosity of the network perimeter. This has resulted in sensitive corporate and customer data leaking through the corporate firewall, exposing the organization to data loss, data theft and malware propagation. Understanding the powerful data protection tools available to your organization can help you mitigate these risks, while still enabling the flexible and managed use of these productivity devices.

Best Practices in Device Control: An In-Depth Look at Enforcing Data Protecti...

Lumension

News of the Flame attack has spread faster than wildfire. While the attack effected only a small number of Endpoints, Flame signifies a new level of cyber threat that all IT security professionals need to understand in-depth. View these presentation slides by IT Security expert, Randy Franklin Smith, as he walks you through the fascinating nuts and bolts of Flame and explains the technical details about how it worked and what lessons can be learned. • Learn the technical details about how Flame worked • How Flame was more than just sophisticated encryption exploits • Take away lessons on how to defend against APTs Take an in-depth look into the entire attack which featured more than just encryption exploits. Randy explores social engineering, removable devices and more.

Dousing the Flame: How This Tom Clancy-Esque Attack Worked and What Should ...

Lumension

The U.S. has not denied their role in the use of weaponized malware and already, other countries are jumping on board. India recently announced they are empowering government agencies to carry out similar such actions. State-sponsored malware attacks are officially out of the shadows and mainstream for organizations and end users alike. In fact, Google recently announced an alert service for gmail users for “state sponsored attacks”. How exactly did we get to this point and what are the factors and threats that you need to be aware of?

Welcome to the Age of Weaponized Malware. What Does it Mean to Your Enterprise?

Lumension

How Mature is Your Data Protection? 3 Steps to Effective Data Security.

Lumension

With the availability of Lumension® Endpoint Management and Security Suite (L.E.M.S.S.) v7.2 just around the corner, it’s time to take a deep dive into the new capabilities available for your organization implement to improve your IT risk and systems management. Learn the Top 11 NEW capabilities in L.E.M.S.S. and how you can effectively implement and take advantage of these capabilities in L.E.M.S.S. – both existing and new in v7.2 – to improve your security by leveraging modules and add-ons within LEMSS.

Effectively Utilizing LEMSS: Top 11 Security Capabilities You Can Implement T...

Lumension

More from Lumension (19)