Today’s security deployments are quickly becoming unmanageable. Multiple user interfaces, too many security policies, and mountains of data from many different sources create the complexity of today’s cyber security environment. Combined with the global shortage of security personnel this situation calls for streamlined management solutions that empower network security administrators to do more with less.
Compliance and security are both top-of-mind issues for electric utilities. The NERC CIP standards mandate controls that protect against malware, provide device monitoring, and enable the detection and response to cyber incidents. This webinar will explore the application of one advanced solution to meet both compliance requirements and security objectives.
The ISA99/IEC 62443 portfolio of standards has emerged as a leading framework for cybersecurity in ICS and SCADA and was referenced in the recent Presidential Framework. Its concepts around segmentation and least-privilege access were developed specifically for SCADA/control system applications. They are simple yet extremely powerful in helping to reduce the risk of compromised uptime and safety due to malicious or unintentional cyber incidents. Hear from ISA99 Managing Director Joe Weiss, Palo Alto Networks SCADA Product Marketing Manager, Del Rodillas, and an Oil & Gas SCADA security practitioner to learn about:
- The essential concepts prescribed by IEC 62443 including zones, conduits, and least-privilege access
- Real world use cases and cyber incidents that highlight the importance of segmentation and role-based access controls
- How to realize the benefits of the IEC62443 framework using the advanced segmentation capabilities of the Palo Alto Networks Security Platform
Whether a Fortune 500, local municipality, or the neighborhood pizza spot, cyber threats from a range of actors and criminals are becoming more of a risk to organizations of every size and purpose. Similarly, whether you are a board member or functional leader within the organization, you have a responsibility to understand the threats and plan for them. Everyone knows cybersecurity is a major risk…but do you know where the real risks to your organization lie? And how to find and react to them?
Security responsibilities cut across many disciplines within a government organization: networking, cyber/network security, desktop, and data center. Sadly, despite the urgency reiterated in very public attacks to government infrastructure, some organizations choose to continue to run their networks in silos, in the blind, failing to work together to secure the network and prevent threats.
In October 2015 the Center for Internet Security will release an updated version of the Critical Security Controls which outline cyber hygiene best practices for defense. One of the focuses of the updated controls is network segmentation. Network segmentation has been a security best practice in many organizations for a very long time, unfortunately many healthcare organizations have yet to embrace the technology as a viable defense. Most institutions know that segmenting systems is the right thing to do, but organizations still most often do not use the defenses at their disposal. With the proliferation of mobile computing, cloud computing, and innovative use for the Internet, no organization should take yesterday's segmentation best practices for granted. Whether it's to isolate highly sensitive data within the data center, to ensure better protection around offices that are in high-risk geographies, or to isolate mobile devices internally, maintaining good segmentation might require a different approach today than just five years ago.
Unit 42 in conjunction with WeipTech, has identified 92 samples of a new iOS malware family that has been named KeyRaider. 225,000 valid Apple accounts with passwords were hacked, causing Unit 42 to believe this to be the largest known Apple account theft caused by malware.
Hear Rene and Nir discuss why tactical security is no longer enough. Enterprises need to apply strategic security to safely enable business applications, and foster an environment of innovation, so that organizations can embrace new technologies in a new and secure manner.
Hear Hatem and Chad discuss advanced security in the software-defined data center, and find out how the partnership between VMware and Palo Alto Networks is addressing the major security challenges organizations face. You’ll also learn why the perimeter network is still so ineffective, how to define security policy and segmentation, and what’s required to prevent breaches.
Ryan discusses Operation Lotus Blossom and how the probable-espionage attacks were delivered via a customized backdoor, Elise. Learn how to recognize the difference between espionage and everyday malware, and find out how context, actionable data, and informed decisions can help keep your organization safe from targeted attacks.
With credit card data theft growing at an alarming rate and undermining consumer confidence, organizations are investing in their network security for PCI compliance – only to realize that being compliant does not mean they're protected against advanced cyberattacks. PCI DSS was established before advanced endpoint technology existed, and patching is no longer the only way to ensure protection from known vulnerabilities.
Microsoft has announced Windows Server 2003 End of Support (EOS) on July 14, 2015. Many businesses will be forced by circumstances to leave these systems in service for some time. Retiring a major enterprise component has always been a challenge for IT departments. In addition to various logistical issues, an out-of-support component is vulnerable to attack and may leave the business vulnerable to significant security and compliance risks.