"Best Practices for DDoS Protection"

"DDoS attacks have been around for more than a decade, and in that sense they are old news. However, what a DDoS attack actually is has been constantly changing. There are several persistent misconceptions about DDoS attacks and DDoS defense that leave too many organizations vulnerable today. One misconception is that a DDoS attack is all about size. While certainly true, modern DDoS attacks can enormous, DDoS today is more frequently targeting your applications and security infrastructure, such as your firewall and IPS. Another misconception is that DDoS defense is an either-or proposition. You handle it in the cloud through a provider, or you have DDoS defense on premise. In fact, one layer of protection is not protection at all.

Join us for a session that will cover:
• An overview of the current attack landscape and implications
• Best practice defense against modern DDoS attacks
• Lessons learned by global enterprises struck by attacks"
Watch Now


For years, security and business managers have known that identity and access management (IAM) must be driven by business requirements. But typically, IAM processes are too IT-centric, and don't meet the needs of the business. In addition, traditional IAM systems have consistently been prohibiti


"Cyber Essentials – what is it and why do you need it?"


"Cyber Essentials was launched in June 2014 as part of the UK Government's National Cyber Security Strategy. The Cyber Essentials scheme sets a baseline for UK cyber security and provides an independent assessment of the essential security controls that organisations need to have in place to mitigate risks from the most common forms of internet-borne threats. CREST was engaged by CESG, the information security arm of GCHQ, to develop the assessment framework that supports the Government's Cyber Essentials scheme. In this webinar, Ian Glover will discuss why we need Cyber Essentials; who it is for, what it is (and what it isn’t); and how it works. He will also review how it has been received by industry more than a year since its launch and what the future holds for the scheme."

Legal Requirements in Third Party Cyber Risk Management

"In recent years, third party cyber risk management has become increasingly challenging as businesses become interconnected. Major breaches caused by insecure third parties have raised public awareness of the problem. New legal requirements are shaping the way that organizations build and monitor their third party cyber risk management programs. Join Jake Olcott, VP of Business Development at BitSight, Lisa Sotto, Partner at Hunton & Williams LLP, and Robert Metzger, Shareholder at Rogers Joseph O'Donnell as they discuss some of the legal precedents and requirements in this emerging field. Attendees will learn about: - Existing and evolving legal obligations to manage the cyber risk of third parties and vendors in industries like retail, healthcare, defense, and finance. - Issues that lawyers face in helping organizations manage third party cyber risk, including negotiating contract requirements for breach notification, assessing written questionnaires, and performing on-site vendor risk assessments. - Emerging ""standards of care"" for third party cyber risk management"

Let's Make the Threat of Data Theft Irrelevant

"Every day, billions of files and emails are created, used and shared between employees at enterprises all over the world. The mobile and cloud revolutions enable people to use data anywhere, from any device - causing organizations to completely lose the ability to control, let alone protect, their sensitive data. So they try to contain data, enclose it and block it – even at the risk of disrupting business workflows and collaboration with partners and customers. All only find out that it’s next to impossible to seal off every entry and exit point to the organization; that a breach can still happen at any given moment; and that insiders and privileged users can always by-pass security measures. But what if the problem of controlling sensitive organizational data, preventing it from leaking out becomes irrelevant? Data Immunization makes it so - by focusing on the data itself rather than the perimeter. Data Immunization means embedding classification, encryption and usage rights to files and emails from the moment of creation. The immunization is persistent throughout the entire lifecycle of the data. Even if the organization is breached, or if files find their way to the wrong hands - either by malice or mistake – the data is fully protected and rendered unusable to unauthorized users. This is how Data Immunization makes the problem of security breaches and data leakage completely irrelevant."

Practices for Enhancing Data Security

"Modern software development practices dominated by component-based engineering and short development cycles have largely been a catalyst for rapid advancements in technology. These practices, however, have also resulted in an epidemic of known vulnerabilities baked into third-party software components of IoT applications and devices. These widespread security flaws, many of which are critical in nature, often remain unnoticed or unaddressed throughout the software or device lifecycle, posing significant risks to the people and organizations that rely on them. As software continues to permeate the ever-expanding Internet of Things, software vulnerabilities represent a greater and greater threat. IoT devices, like traditional computers, run on software that is susceptible to malicious attacks. As more devices become connected, understanding how to identify and manage security vulnerabilities within widely used third-party software components is critical for all stakeholders, including manufacturers and end-users"