Tag Archives: Security

Analyst Webcast: Why Your Vulnerability Management Strategy Is Not Working and What to Do About It – April 24, 2019 10:30am US/Eastern

This post was originally published on this site

Speakers: Jake Williams and Eric Olson

Vulnerability management has become a critical component of a holistic information security program, yet enterprises continue to be breached, in part due to a lack response to known vulnerabilities, such as effective patching.

The state of attacks is changing and vulnerability management must change with it. While many organizations understand that annual scans aren’t enough, they still struggle with prioritizing resources to address vulnerabilities.

In this SANS webcast, certified instructor Jake Williams will address todays effective vulnerability management. Attendees will learn about:

  • Prioritizing the application of patches
  • Mapping security controls to assets
  • Threat modeling to understand attack chains
  • Gap analysis to prioritize new security controls

Register now and be among the first to receive the associated white paper written by Jake Williams.

Special Webcast: Take Back Control of Your DNS Traffic – April 24, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Martin Walter, Dave Shackleford and Zoltan Deak

DNS is wide open for attackers. Security teams are under pressure to enforce consistent protections for millions of new malicious domains while keeping up with advanced tactics like DNS tunneling. How can you take back control of your DNS traffic and prevent these threats?

Join SANS and Palo Alto Networks experts to learn:

  • How real-world threats found by Unit 42 use DNS for command-and-control and data theft.
  • Challenges our customers face in addressing DNS-based attacks.
  • Best practices for protecting DNS traffic to keep your organization safe.

Youll also get your questions answered in our live Q&A when you join us for this interactive session. Learn what you should be doing to protect your DNS traffic todayand how to stay ahead of emerging tactics.

Analyst Webcast: Increasing Visibility with Ixias Vision ONE™ – April 24, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Serge Borso and Taran Singh

Visibility into network structures and endpoints is vital to security and intelligence operations. Ixias Vision ONE is a device that enables organizations to gain visibility into threats and manage security operations within a single platform.

In this webcast, SANS Analyst Serge Borso reviews the platform and how it provides enhanced security through a single platform. Specifically, attendees will learn about the products ability to:

  • Use packet brokers to capture, filter and aggregate L2-L7 monitoring data for better and faster analysis
  • Maximize the efficiency of your inline security tools
  • Deploy application-level intelligence to turn data into actionable information
  • Reduce operational costs with easy management from a single pane of glass

Register for this webinar today and you will be among the first to receive the associated whitepaper written by SANS Analyst and product reviewer Serge Borso.

Analyst Webcast: Increasing Visibility with Ixias Vision ONE – April 24, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Serge Borso and Taran Singh

Visibility into network structures and endpoints is vital to security and intelligence operations. Ixia’s Vision ONE is a device that enables organizations to gain visibility into threats and manage security operations within a single platform.

In this webcast, SANS Analyst Serge Borso reviews the platform and how it provides enhanced security through a single platform. Specifically, attendees will learn about the products ability to:

  • Use packet brokers to capture, filter and aggregate L2-L7 monitoring data for better and faster analysis
  • Maximize the efficiency of your inline security tools
  • Deploy application-level intelligence to turn data into actionable information
  • Reduce operational costs with easy management from a single pane of glass

Register for this webinar today and you will be among the first to receive the associated whitepaper written by SANS Analyst and product reviewer Serge Borso.

Analyst Webcast: SANS Top New Attacks and Threat Report – April 19, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: John Pescatore

Each year, the annual RSA Conference in San Francisco features top SANS instructors presenting their look at the new attack techniques currently in use and their projections for future exploits. This fast-paced panel–moderated by Alan Paller and featuring James Lyne, Ed Skoudis and Johannes Ullrich–is one of the highest-rated keynote sessions at the conference.

In this webcast, SANS Director of Emerging Technologies John Pescatore will highlight:

  • The top new attacks and threats as defined in that presentation
  • Deeper insight into overall cybersecurity trends on both the offensive and defensive sides
  • Advice from SANS on the steps enterprises must take to evolve critical skills, processes and controls to mitigate current and future risks

Be among the first to receive the associated whitepaper written by John Pescatore, SANS Director of Emerging Technologies.

Special Webcast: New Year, Same Magecart: The Continuation of Web-based Supply Chain Attacks – April 18, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Yonathan Klijnsma

Since 2015, RiskIQ has been tracking, naming and documenting the threat now publicly known as Magecart. Having publicized on the major breaches of Ticketmaster, British Airways and Newegg amongst others, RiskIQ has always had a unique insight into this threat and its evolution.

In this talk, we’ll go through the evolution of how we got to web-based skimmers from the ‘typical’ breaches of payment data in bulk. We’ll break down:

  • How the first criminal group figured out how to perform web-skimming
  • What mistakes they made
  • How their initial developments started this explosive growth of web-skimming

In addition, we’ll explain in detail the unique aspects to certain groups, but especially the way skimming attacks (and the skimmers themselves) work and how organizations can help protect themselves to it.

Special Webcast: Resolved: How to protect your organization when your perimeter fails – April 18, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Tom Gillis and John Pescatore

As Information and IT Security professionals, you know that reducing your organizations risk has become more difficult than ever. The protections you put in place around your applications and data have to be maintained at the speed of your application development teams, while navigating a managerial nightmare of disparate products, interfaces, and processes. Yet the ways your organization is under attack are more varied and virulent than ever.

To complicate matters further, your applications have evolved from monolithic entities on a single server to collections of highly distributed services hosted across distributed environments. And that increases your organizations attack surface exponentially. Its time for a different approach that takes into account the new realities of your organizations environment and its threats.

In this webinar, VMware SVP/GM of Networking and Security, Tom Gillis, will introduce the service-defined firewall, and how its privileged position inside the perimeter protects your modern applications while stopping attackers before they can do any damage.

Drupal Releases Security Updates

This post was originally published on this site

Original release date: April 17, 2019 | Last revised: April 18, 2019

Drupal has released security updates to address multiple vulnerabilities in Drupal Core. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal’s security advisories SA-CORE-2019-005 and SA-CORE-2019-006 and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.

Special Webcast: Why You Need Private PKI – April 17, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Jonathan Goldberger, Matt Soderlund

An unprecedented number of attackers thrive on improperly secured devices. As a result, you are tasked with making sure everything on the network is authenticated to enable trusted communications. This challenge is exponentially more difficult with the commercialization of IT through cloud computing and mobile devices. Learn how Unisys Managed PKI service provides critical PKI infrastructure and services necessary to secure machines, network and mobile devices, virtual servers, and the Internet of Things.

Cisco Releases Security Updates

This post was originally published on this site

Original release date: April 17, 2019

Cisco has released a security update to address vulnerabilities in multiple Cisco products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Cisco Security Advisory page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.