On Demand Endpoint Management, Security and Compliance Webcasts

Best-in-Class Approach to Protecting and Managing Endpoints: How do you Rate?

In today’s current economic and threat landscape, the rise of financially motivated and sophisticated cybercriminals and insider threats, evolving compliance measures and increasing IT budget pressures have presented organizations with a new challenge - how to effectively protect and manage endpoints while reducing costs. In this webinar, Aberdeen Group Vice President and Research Fellow, Derek Brink, highlights findings from Aberdeen Group’s latest report, “Endpoint Security, Endpoint Management: The Cost-Cutter’s Case for Convergence”, including:

  • “Best-in-Class” approaches to protecting and managing endpoint systems
  • Economic advantages realized by organizations with top performance
  • Key methods for optimizing, automating and streamlining security and operational processes used by “Best-in-Class” organizations

Click here to download it now »

UK Government Data Handling - A Clear Direction for the Future

A large data breach incident within the last year opened the floodgates to press coverage, concern, a lack of public confidence in the government’s data handling ability and also ensured that a spotlight would shine on any other government department if and when they suffered a similar data security breach. In response, ‘The Data Handling Procedures in Government’ report (“the Report”) sets out clear and mandatory procedures to be followed by all UK government employees that have access to - and responsibility for - citizen data. Individual departments now have a responsibility to show compliance on their progress in meeting the requirements of the new Data Handling procedures and electronic data must be stored and shared in a way that ensures the protection of this information while also improving the government’s provision of services such as healthcare, benefits, child welfare and law enforcement.

In this webinar, Nigel Stanley, security practice leader at Bloor Research and Andrew Clarke, International SVP at Lumension will discuss the current data handling landscape, share an NHS case study and some recommended steps to ensuring the protection of citizens’ data, including:

  • Know Your Environment
  • Manage Known Risk
  • Prevent Unknown Threats
  • Prevent Removable Device Misuse
  • Protect Mobile Devices

Click here to download it now »

Reducing IT TCO with Effective Endpoint Security Management

In today’s economic environment, financially motivated threats that target sensitive information and business systems are on the rise, while IT budgets face greater pressures. Threats to vital information over the past year have grown by 50% and the impact to an organization’s bottom line is significant – the average cost of a data breach is now $6.6 million, with lost business directly accounting for more than two-thirds of that cost.  

To stay competitive in today’s environment, you must maximize the value of your security investment and effectively protect and manage endpoints to ensure compliance with government regulations and industry standards and reduce IT operational costs.

In this Lumension audiocast, you will learn:

  • The findings from Aberdeen Group's latest report “Endpoint Security, Endpoint Management: The Cost Cutter’s Case for Convergence”
  • About the economic advantages realized by organizations with top performance
  • Which endpoint security management technologies are used by “Best-in-Class” organizations
  • Key recommendations to improve your security and ultimately reduce IT TCO

Click here to download it now »

6 Critical Elements to Ensure Pain-Free FISMA Compliance

Federal CISOs note compliance as one of their top three priorities with significant time spent on addressing compliance issues. This is exacerbated by the complexity of today’s IT environment, including physical and virtual environments, multiple operating systems and applications supported, and the mobility of data and users. A FISMA compliance approach that relies on a manual and labor-intensive process can produce mountains of paper and elec¬tronic documents that become quite burdensome to manage and ultimately don't ensure a secure network. It’s no surprise then, that in a recent ISC2 survey, while FISMA is generally viewed as having had a positive effect, two in five CISOs believe it has become misdirected or is a time-wasting exercise.

In this Lumension webcast with keynote speaker Michael Rasmussen of Corporate Integrity, you will learn:

  • The 6 critical elements necessary to reduce the burden of FISMA compliance processes, improve security and optimize resources
  • How to apply these critical elements to achieve economical FISMA compliance

Click here to download it now »

Four Practical Steps to Minimizing Insider Risk

In today's increasingly collaborative and always-accessible working environment, organizations are challenged to balance the need to put information at the fingertips of productive workers with the responsibility to preserve the privacy and integrity of sensitive data stores. Data still flows freely through unsecured endpoints, USB storage devices, P2P networks and Web 2.0 applications. And this fast-and-loose atmosphere has bred uncertainty about and antipathy toward organizational data policies. Well-meaning-but-clueless insiders continue to use unauthorized and illegal applications and removable devices that puts data at risk and malicious insiders have more options at their fingertips to steal data than ever before.

This webcast examines:

  • The new risk drivers enabling data loss
  • What types of data is leaving organizations
  • Four steps to minimizing these risks

Click here to download it now »

Social Media: How to Reduce Your Web 2.0 Risks

Today, over 95 percent of companies are now using social media tools such as Twitter and Facebook. The use of Web 2.0 has opened new risk channels for the bad guys to take advantage of users’ trust to further gain control of their sensitive information. In this video presentation, Security and Forensic Analyst Paul Henry will review the implications of everyday use of social media, the latest risks these Web 2.0 applications bring into your organization and how to manage them effectively.

Click here to download it now »

Think New: Intelligent Whitelisting

The explosion in malware and vulnerabilities over the last several years has narrowed the usefulness of traditional security approaches. While still important, it can no longer remain the mainstay of the modern security program. A shift is needed, and whitelisting seems to be the answer to beat the hackers at the rising malware game. In this presentation you will learn about the latest innovations that operationalize application whitelisting across dynamic business environments and deliver more effective endpoint security above and beyond standalone anti-malware technologies.

Click here to download it now »

6 Keys to Securing Critical Infrastructure and NERC Compliance

With the computer systems and networks of electric, natural gas, and water distribution systems now connected to the Internet, the nation's critical infrastructure is more vulnerable to attack. A recent Wall Street Journal article stated that many utility IT environments have already been breached by spies, terrorists, and hostile countries, often leaving bits of code behind that could be used against critical infrastructure during times of hostility.1 The U.S. Cyber Consequence Unit declared that the cost of such an attack could be substantial: "It is estimated that the destruction from a single wave of cyber attacks on U.S. critical infrastructures could exceed $700 billion USD - the equivalent of 50 major hurricanes hitting U.S. soil at once."

Vulnerability and exposure of utilities' critical infrastructures originate from the Supervisory Control and Data Acquisition (SCADA) and Distribution Automation (DA) systems that communicate and control devices on utility grids and distribution systems. Many of these systems have been in operation for years (sometimes for decades), and are not designed with security in mind. Regulatory bodies have recognized the many security issues to critical infrastructure and have begun to establish and enforce requirements in an attempt to shore up potential exposures. One such regulation is NERC CIP, which includes eight reliability standards consisting of 160 requirements for electric and power companies to address. And as of July 1, 2010, these companies must be "auditably compliant" or else they risk getting slapped with a $1 million per day, per CIP violation.

In this webcast, a roundtable of industry experts highlight:

  • The security and compliance challenges facing utilities today
  • The six critical elements to achieving economical NERC CIP compliance
  • How utilities can secure critical infrastructure in today's networked environment

Click here to download it now »

Data Privacy and Security - Where are Regulations Headed

The marjority of US states now have data breach notification laws in force with others considering legislation in the coming year. On the international stage, Canada, the United Kingdon, India and Australia have either published or are considering national data breach standards and laws. Other issues such as identity theft, RFID and electronic health records (EHR) are receiving even greater security from regulators. The top minds on privacy and security regulation offer their perspectives as to what to expect in the US and around the world in the coming years.

Click here to download it now »

Four Steps to Qualifying for Power Rebates

In today's challenging economic environment, cost reduction is a key strategy to stay competitive. Yet, many organizations are not taking advantage of the cost saving opportunities around reducing power consumption and the further rebates that may be available through local power companies.

In fact, depending on where your organization is based, it could be eligible for energy rebate programs which provide savings up to $15 per PC. That’s on top of the savings you could achieve by effectively incorporating power management policies into your IT operations. In this 30 minute webcast, Andrea Bolz, solution marketing manager with Lumension, highlights the four steps to qualify for these potential rebates.

Click here to download it now »

Endpoint Security Fundamentals - Part 1 - Finding and Fixing the Leaky Buckets

In today's mobile, always on business environment, as information moves further away from the corporate boundaries to the endpoints, cyber criminals have more opportunities than ever before to gain unauthorized access to valuable data. Endpoints now contain the crown jewels, including financial records, medical records, trade secrets, customer lists, classified information, etc. – which fuels the on-demand business environment, but also creates a dilemma for security professionals.

This is the first of a three part webcast series on Endpoint Security Fundamentals where we will examine how to build a real-world defense-in-depth security program - one that is sustainable and one that does not impede business productivity. In Part One of this series, Finding and Fixing the Leaky Buckets, Mike Rothman, Analyst and President of Securosis, and Jeff Hughes, Director of Solution Marketing with Lumension, examine:

  • The fundamental steps you should take before implementing security enforcement solutions
  • How to effectively prioritize your IT risks, so that you are focusing on what matters most
  • How to act on the information that you gather through your assessment and prioritization efforts
  • How to get some "quick wins" and effectively communicate with your senior management

Click here to download it now »

PCI DSS Compliance and Security - Harmony or Discord

The Payment Card Industry Data Security Standard (PCI DSS) provides data protection requirements for organizations that process card payments. These requirements evolve over time and have even become adopted by some US states, including Minnesota, Nevada, and Washington. While organizations that fully comply with PCI DSS are considered secure credit-card processors, compliance and security are not one and the same.

An organization can be compliant and still experience a security breach – look no further than Heartland Payment Systems and RBS WorldPay. Both had achieved PCI DSS compliance at one point, only to suffer massive data breaches that cost tens of millions of dollars. So what good is compliance? What is the difference between compliance and security? And how can organizations effectively move beyond PCI DSS compliance to ensure the security of all their critical information?

In this roundtable discussion, with Michael Rasmussen of Corporate Integrity, EC Suite's Director of Information Systems, William Bell and Lumension’s Director of Solution Marketing, Chris Merritt, we examine:

  • The evolving threat and compliance landscape
  • How to use compliance as a catalyst for developing and implementing an effective security program
  • The six critical elements to achieving effective and economical PCI DSS compliance
  • How one organization is going beyond PCI DSS compliance and further enhancing its security of information

Click here to download it now »

Creating Your Natural Advantage by Integrating Desktop Power Management and Patch Management

PCs account for about one-third of all IT energy consumption - with roughly $4 billion wasted each year globally in electricity costs by PCs, monitors, and laptops being left on when not in use. Clearly, as electricity prices are rising amid the ongoing tough economy, one of the most powerful ways that IT managers can save significant amounts of money for the organizations they serve is electricity savings via PC power management.

Unfortunately, such power-reduction measures often mean that PCs that are offline or in sleep mode many not get the necessary patches or software upgrades they need. The trick is to integrate effective PC power management alongside the ability to improve patch management practices. Do this, and you’ve not only reduced IT operational expenses, but you’ve simultaneously bolstered your overall security infrastructure in one fell swoop.

By watching this webcast, you will learn:

  • How to maximize operational efficiencies via simultaneous power and patch management
  • Real-world integration challenges and considerations
  • How to maintain a seamless and positive end-user experience
  • Tech tips and best practices for implementation
  • How to leverage rebate opportunities from local utility companies
  • And much more.

Click here to download it now »

Key Strategies to Address Rising Application Risk in Your Enterprise

Endpoint risk has shifted from operating system to third party application vulnerabilities, which now account for more than two-thirds of all endpoint vulnerabilities. These third party applications also take twice as long as operating systems for most organizations to patch[1], which is why the SANS Institute now ranks patching client-side software as the top IT security priority.

Cybercriminals have taken notice of this shift. Even as organizations have improved patch management processes for their operating systems and vendors have plugged many of the security gaps within their platforms, the un-patched vulnerabilities for third party applications and software provides attackers with many new options to exploit – there are at least 2.7 billion un-patched applications running on machines within the U.S. alone, and 98 percent of Windows machines have at least one un-patched application.[2]

In this webcast, we’ll examine how to:
  • Identify and assess the vulnerabilities that create the most IT risk for your organization
  • Automate policy enforcement to ensure continuous patch management for operating systems and applications - in both physical and virtual environments
  • Layer your security approach with prioritized IT risk mitigation, antivirus and application whitelisting

[1] SANS Institute
[2] Secunia Half Year Report 2010

Click here to download it now »

Protecting Your Information in the New Wikileaks Era

In today's era of Wikileaks, protecting information - especially as it relates to insider risks - requires a heightened sense of urgency. Information access is a privilege that is oftentimes misused or abused from insiders and targeted by sophisticated cybercriminal syndicates. The trick to protecting information in today's always-on environment without hindering productivity requires solid policy and a strong, yet flexible, layered technical enforcement strategy. In this webcast, you will learn best practices for protecting sensitive information from both inside and outside the corporate walls.

Click here to download it now »

Endpoint Device Control in Windows 7 and Beyond

This webcast moderated by Randy Franklin Smith, editor of Ultimate Windows Security, goes in-depth on key endpoint device control capabilities to look for in Windows environments. In this webcast, you will:

  • Explore native Windows features like Device Installation Restrictions and learn how to define device whitelists
  • Find out how native functionality stacks up against real world requirements
  • Learn where you may need a more robust endpoint security solution to fill gaps
  • Get a full picture of where Windows functionality leaves off and 3rd party solutions pick up

This webcast also includes a demonstration of the award-winning Lumension® Device Control.

Click here to download it now »

Endpoint Security Fundamentals - Part 2 - Leveraging the Right Enforcement Controls

In today's mobile, always on business environment, as information moves further away from the corporate boundaries to the endpoints, cyber criminals have more opportunities than ever before to gain unauthorized access to valuable data. Endpoints now contain the crown jewels, including financial records, medical records, trade secrets, customer lists, classified information, etc. – which fuels the on-demand business environment, but also creates a dilemma for security professionals.

This is the second of a three part webcast series on Endpoint Security Fundamentals where we examine key enforcement controls that you should look to implement to minimize IT risk and improve your overall security. In Part Two of this series, Leveraging the Right Enforcement Controls, Mike Rothman, Analyst and President of Securosis, and Jeff Hughes, Director of Solution Marketing with Lumension, examine:

  • How to automate the update and patch management process across applications and operating systems to ensure all software is current
  • How to define and enforce standardized and secure endpoint configurations
  • How to effectively layer your defense and the evolving role that application whitelisting plays
  • How to implement USB device control and encryption technologies to protect data

Click here to download it now »

Endpoint Security Fundamentals - Part 3 - Building the Endpoint Security Program

In today's mobile, always on business environment, as information moves further away from the corporate boundaries to the endpoints, cyber criminals have more opportunities than ever before to gain unauthorized access to valuable data. Endpoints now contain the crown jewels, including financial records, medical records, trade secrets, customer lists, classified information, etc. – which fuels the on-demand business environment, but also creates a dilemma for security professionals.

This is the third of a three part webcast series on Endpoint Security Fundamentals where we take the steps and enforcement controls discussed from Chapters 1 and 2 of the series and discuss how to meld them into a program. In Part Three of this series, Building the Endpoint Security Program, Mike Rothman, Analyst and President of Securosis, and Jeff Hughes, Director of Solution Marketing with Lumension, examine:

  • How to manage expectations and define success
  • How to effectively train your users about policies and how to ensure two-way communication to evolve policies as needed
  • How to effectively respond to incidents when they occur to minimize potential damage
  • How to document and report on your overall security and IT risk posture

Click here to download it now »

The Role of Application Control in a Zero Day Reality

Welcome to the world of security in 2011, when there doesn't seem to be enough time to plan your patches and update your defenses. But if you change your strategy, you can raise your security defense game.

The problem: In today's always on, Web 2.0-connected work environment, end users often download unwanted and unknown applications without much concern for potential risk. Coupled with the fact that around 1.6 million new malware signatures are appearing every month and a rising tide of zero-day attacks, IT managers need to raise their security defenses game. But whilst traditional endpoint security solutions are designed to deal with known attack vectors, there is no signature for zero-day threats.

The solution: Application control/whitelisting allows organisations to block unknown and unauthorised applications from executing by default and prevent zero-day attacks automatically. While application control has traditionally been used more in static environments, it has evolved to provide IT and end users with the necessary flexibility in even the most dynamic endpoint environments, improving security without impacting productivity.

Click here to download it now »

The True Cost of AV - How to Ensure More Effective and Efficient Endpoint Security

Today, more than 2 million new malware signatures are identified each month. And more organizations are falling prey to "zero-day" attacks – malware for which an anti-virus signature does not exist. It's no surprise that roughly half of the organizations surveyed in a 2010 Ponemon Institute study reported an increase in their IT operating expenses - a main driver of that cost increase was malware. Traditional anti-virus simply can't keep up in the malware arms race and relying on it as your primary defense will prove costly.

This webcast examines:

  • The true cost of anti-virus in terms of PC performance, network bandwidth, IT helpdesk costs, prevention of malware and more
  • Why application whitelisting is a better approach to defend against rising targeted attacks
  • How application whitelisting has evolved to provide a new level of intelligence that delivers more effective security and necessary flexibility to improve productivity - in even rapidly changing endpoint environments

Click here to download it now »

Why Patch Management is Still the Best First Line of Defense

Vulnerabilities are on the rise - especially from third party, non-Microsoft applications, which according to Secunia’s latest report have four times more vulnerabilities than Microsoft applications[1]. And cybercriminals have taken notice, exploiting these vulnerabilities at a faster rate than ever before. Today more than 2 million malware signatures are identified each month and traditional anti-virus defenses simply can’t keep up. Even the major anti-virus vendors have concluded that stand-alone anti-virus no longer provides an effective defense and that additional layers of security technology are needed to address the rising volume and sophistication of threats that are taking advantage of vulnerabilities.

Watch this webcast to learn:
  • Why you can't forget about older vulnerabilities
  • How to reduce exposure from both OS and 3rd party application vulnerabilities
  • The challenges with reliance upon "free&wuot; patching tools and native updaters
  • Why patch management should be considered as the core of an effective depth-in-defense endpoint security approach

Click here to download it now »

Using Intelligent Whitelisting to Effectively and Efficiently Combat Today's Endpoint Malware

Endpoint security risks – especially from endpoint targeted malware - are worse than ever and there is no single silver bullet to the rescue. Instead you must implement a defense-in-depth approach that goes beyond standalone anti-virus, which has proven to be decreasing in its effectiveness against today’s targeted and blended attacks. The signature-based model of classic AV and the teams and infrastructure behind it are increasingly stretched to keep up with the pace and sophistication of today’s financially motivated malware developers

To get real defense-in-depth against endpoint malware that is effective AND efficient for today’s IT environment and business, you need a third, proactive layer - application whitelisting, which prevents un-trusted code from executing in the first place. Historically, application whitelisting has been more widely adopted in static, server environments, but this technology has evolved to become operationally efficient in even the most dynamic, endpoint environments.

This webcast examines the innovative, intelligent and flexible approach of “intelligent” whitelisting – what it is, why it is a necessary security defense and how it addresses the traditional challenges of stand-alone application whitelisting solutions. A demonstration of Lumension Intelligent Whitelisting is also provided, showing the integrated solution workflow that combines multiple defense layers of patch management, anti-virus and application whitelisting with a trusted change engine.

Click here to download it now »

Stronger Security and IT Operational Excellence

How to Achieve Both from Your Endpoint Management and Security Suite

Today's IT network is more distributed and virtual than ever with the increased use of remote endpoints and cloud-based applications. And increasingly sophisticated malware is targeting these endpoints and applications. As point-based endpoint security technologies are added to mitigate each new challenge, so increases the cost and complexity of managing your overall IT environment. In fact, 50 percent of IT professionals now cite endpoint complexity as a number one risk factor.

In this webcast, you will learn:

  1. Strategies that enable IT operations and security to effectively break down the traditional silos to reduce IT risk and improve overall productivity;
  2. How to centralize management and visibility of your entire endpoint environment – across physical and virtual machines, online and offline systems, and a variety of operating systems and applications;
  3. How to ensure an effective defense-in-depth security approach;
  4. Key capabilities to look for in an endpoint management and security suite;
  5. Cost benefits of consolidating best-of-breed endpoint operations and security technologies into one unified solution.

Click here to download it now »

How to Enable Local Admin Access - Without the Risk

In today's Windows environment, end users are accustomed to having local administrator privileges which allow them to download a variety of applications and potentially misconfigure their PCs. While standard wisdom may be to simply solve the problem by revoking local administrator rights on users' systems, the reality is that this may not be an option at all organizations. And removing local admin rights doesn't address applications such as Google Chrome or browser plug-ins for which admin access isn't required.

Fortunately, there's hope for IT administrators seeking to gain control over the Windows environment while still offering local admin rights to the user base – through application whitelisting. With application whitelisting, IT can gain power over what types of applications their users install and limit their access to under-the-hood controls that determine how well configured the machine remains.

In this webcast, we'll examine:

  • Why revoking local admin rights won't solve the problem of unwanted and malicious applications
  • How to promote productivity through local admin access while achieving control over configuration changes
  • Additional benefits of application whitelisting, including the prevention of zero-day attacks

Click here to download it now »

Why Application Control is Vital for IT Security

Ensuring that your enterprise IT infrastructure is secure is a challenging job even under ideal conditions. Using endpoint security, deploying firewalls and keeping your servers and clients patched with the latest security updates can only go so far. Over the last few years, an increasing number of attacks have been aimed at attacking vulnerabilities in third-party applications. IT administrators would be wise to discover, analyze, and either patch or remove third-party applications as yet another aspect of a cohesive security posture. In this security webinar, Windows IT Pro Industry News Analyst and security columnist Jeff James and Chris Merritt, director of solution marketing for Lumension, will discuss some tips and best practices for managing and securing third-party applications in your IT environment.

Click here to download it now »

Windows 7 AppLocker - Understanding its Capabilities and Limitations

With the rising volume of uncontrolled software and malware running on endpoints, organizations are implementing application whitelisting technology to regain control of their IT environments. Windows 7 AppLocker provides an additional layer of security to control unknown, unwanted and malicious apps, but for heterogeneous IT environments additional capabilities are needed to secure the many applications users and the enterprise now rely on. Join UltimateWindowsSecurity.com editor Randy Franklin Smith as he examines:

  • Features of Windows 7 AppLocker to help address the issue of unwanted or malicious applications
  • Limitations of AppLocker and how its capabilities stack up to increasing endpoint security demands
  • How Lumension has evolved application whitelisting to go beyond AppLocker and traditional whitelisting technologies to improve security and usability for dynamic endpoint environments

As part of this webcast, you will see live demonstrations of both AppLocker and Lumension® Intelligent Whitelisting™

Click here to download it now »

The Security Mistakes End Users Make

Because you can't always be there for them

Social networks, local admins, unpatched software, missing USBs: the causes of security problems in your business are often not just the big stuff that tries to get inside the firewall, it's the little problems that are already on the inside.

  • Could your traditional security architecture be solving the wrong problems?
  • Would a new approach to your current security plug the gaps more efficiently?
  • How much do we need to trust and train our users?
  • The Register's Tim Phillips is joined by security specialist Mike Rothman from Securosis, Paul Zimski from security specialist Lumension, and Andy Buss from Freeform Dynamics, who will reveal the results of the latest Register reader research that addresses these security dilemmas.

Click here to download it now »

Practical Steps For Integrating and Managing Endpoint Security

Securing endpoints is the toughest area of information security right now as they face more malware and more sophisticated attacks.  And endpoints are typically loaded with software from multiple vendors, each with their own patch deployment problems. Protecting endpoints is more difficult since there are so many of them and since they are often disconnected for long periods of time and under the control of end-users who often have administrator level authority. 

Successful, long term endpoint protection takes a coordinated, comprehensive approach that optimizes your efforts and investments of time and money.  In this webinar we look at practical steps for comprehensive, coordinated endpoint protection in today’s environment and cover issues like the need for:

  • Integration and consolidated management for core endpoint security technologies
  • Centralized patch management for multiple software vendors and platforms
  • Scalability in terms of endpoint quantity and granularity or different endpoint types and profiles
  • Integration with Active Directory to leverage organization and policy information
  • Visibility into endpoint discovery, agent status and operation
  • Wake On LAN capability to coordinate system security maintenance with power management and green initiatives

Also find out about the range of endpoint security threats and the technologies available to deal with them.  After the presentation, Lumension demonstrates how their integrated, endpoint management and security solution suite helps you meet these requirements. 

Click here to download it now »

The Shifting State of Endpoint Risk - Key Strategies to Implement in 2012

In the State of endpoint Risk study, sponsored by Lumension and conducted by Ponemon Institute, organizations are finding that our reliance on productivity tools, combined with inadequate collaboration and resource restrictions for security, are creating a perfect storm for hackers.

In this webcast, we will examine the evolving IT risk environment and recommendations to more effectively and cost-efficiently secure your endpoints. Learn about:

  • How organizations are creating a perfect storm for hackers
  • The Top 3 new threats to the workplace
  • Perceived risks and corresponding strategies to combat today's evolving endpoint environment

Click here to download it now »

E is for Endpoint - 6 Strategies for Highly Effective IT Pros

We all like the idea of a silver bullet—a single, simple solution to a complex problem. But there's no silver bullet when it comes to information security. Though some IT professionals have clung to the vain hope that antivirus (AV) alone would do the trick, others have come around to the need for a layered, defense-in-depth approach to endpoint security. But today's endpoints demand even more protection. Endpoint security now requires a new way of thinking that goes beyond just battling threats to actually enabling operational improvement.

Join this webcast, led by expert IT security panelists as you learn:

  • The most common attack vectors in today's IT environment
  • Six steps to help you think different about endpoint security
  • Secrets to an effective defense-in-depth approach

Panelists: Richard Steinnon-Chief Research Analyst at IT-Harvest, Paul Henry-Security & Forensics Analyst and Paul Zimski-VP Lumension

Click here to download it now »

Combating Threats with Workstation Configuration Management

In this webcast learn why Randy Franklin Smith from Ultimate Windows Security stands up for group policy as the "right" way to configure the bulk of workstation security settings. But for endpoint configuration management to be secure, efficient and compliant, group policy is only part of the answer. Randy will discuss the need for status visibility and reporting. In addition, there are many areas that group policy does not address; he'll provide multiple examples of commands and configuration tweaks commonly required to secure endpoints for which there's no corresponding settings within group policy. Please join him for this real training for free™ event.

Click here to download it now »

How to Achieve a Best-in-Class Approach to Data Protection

Mobile devices are now proliferated throughout the enterprise, holding valuable sensitive company data. As an IT Professional, it would be wise to develop a checklist of items that includes not only the securing of tablets and smartphones and other endpoints, but also policy, education and enforcement procedures.

Watch this webcast by Computing UK to learn what items should be on your data security checklist, and how to sell the plan to the business.

Click here to download it now »

Developing Patch Management Best Practices

In today’s complex networking environment using patch and vulnerability management as the principal component of your risk mitigation strategy, and taking prudent measures to establish a best practices approach, can help reduce costs and risks in the long term. Learn the recommended steps to cure your patch management headache as we dive into a technical discussion of what the critical items to address.

Click here to download it now »

Endpoint Security Compliance Top 19 Questions Auditors Ask

If you're being audited, a little preparation can save you a world of pain. Learn the top 4 areas to address as Randy Franklin Smith from Ultimate Windows Security provides guidance for audits that are focused on endpoint security compliance.

Click here to download it now »

How to Implement the Vital Layers on Your Endpoints

IT security professionals rank third-party application vulnerabilities as the greatest security risk of 2012. And yet malware continues to exploit these – and other – vulnerabilities to breach our defenses. Clearly there’s a disconnect between knowing the problem and solving it. Yet it does not have to be this way, if we intelligently apply adequate protections against the exploitation of these vulnerabilities.

Join this webcast, led by expert IT security panelists, to learn:
  • What are the vital layers of your endpoint defense.
  • How to thwart exploitation of your endpoint OS, configuration and 3rd-party application vulnerabilities.
  • How to prevent unknown applications from executing on your systems.

Click here to download it now »

Developing Best Practices to Application Whitelisting

As IT professionals know, endpoint security needs are evolving: new vulnerabilities are disclosed every day, new malware creation is exploding, and traditional AV signatures cannot keep up. You know that patch management and AV are necessary – but not sufficient – layers of endpoint defense. Intelligent application whitelisting is an important addition to your risk mitigation strategy, and taking prudent measures to establish a best practices approach can help reduce costs and risks in the long term. Watch this webcast to learn the recommended steps to check unknown executables on your endpoints as we dive into a technical discussion of what the critical items to address:

  • Prepare – properly laying the groundwork for implementing application whitelisting is crucial to ultimate success.
  • Lockdown – preventing unwanted or dangerous changes while providing necessary flexibility to support business needs.
  • Manage – maintaining the environment as application, end user and business needs develop.

Click here to download it now »

Effectively Utilizing LEMSS 7-2 - Top 11 Security Capabilities You Can Implement Today

With the availability of Lumension® Endpoint Management and Security Suite (L.E.M.S.S.) v7.2 just around the corner, it’s time to take a deep dive into the new capabilities available for your organization implement to improve your IT risk and systems management.

Learn the Top 11 NEW capabilities in L.E.M.S.S. and how you can effectively implement and take advantage of these capabilities in L.E.M.S.S. – both existing and new in v7.2 – to improve your security by leveraging modules and add-ons within LEMSS.

Click here to download it now »

How Mature is Your Data Protection? 3 Steps to Effective Data Security

With the BYOD movement overwhelming IT, and the convergence between personal devices and the corporate networks set to increase, the ability to restrict-and-ban the network is doomed to failure. Worse, they may be counterproductive to the business. Instead, IT teams must look at security in a different way, developing a holistic model that encompasses policy, education, technology and enforcement.

During this webcast we look at each of these aspects, helping you define your organization’s best practice guide. We will also be showing you how you can gauge the maturity of your security systems, allowing you to plug any holes before your valuable data starts to leak through them.

Click here to download it now »

Welcome to the Age of Weaponized Malware

The U.S. has not denied its role in the use of recently discovered weaponized malware and already, other countries are entering this arena as India recently announced the empowerment of its government agencies to carry out state-sponsored malware attacks. These state-sponsored malware attacks officially out of the shadows and mainstream for organizations and end users alike. In fact, Google recently announced an alert service for gmail users for "state sponsored attacks". How exactly did we get to this point and what are the factors and threats that you need to be aware of?

Watch this complimentary webcast led by IT security industry experts Richard Stiennon and Paul Henry, as they answer the following questions:

  • How did we get to this point?
  • Why should the enterprise care?
  • What should the enterprise do?

Click here to download it now »

Dousing the Flame

How This Tom Clancy-Esque Attack Worked and What Should You Really Do to Protect Against It

News of the Flame attack has spread faster than wildfire. While the attack effected only a small number of Endpoints, Flame signifies a new level of cyber threat that all IT security professionals need to understand in-depth.

View these presentation slides by IT Security expert, Randy Franklin Smith, as he walks you through the fascinating nuts and bolts of Flame and explains the technical details about how it worked and what lessons can be learned.

  • Learn the technical details about how Flame worked
  • How Flame was more than just sophisticated encryption exploits
  • Take away lessons on how to defend against APTs

Take an in-depth look into the entire attack which featured more than just encryption exploits. Randy explores social engineering, removable devices and more.

Click here to download it now »

How to Guard Healthcare Information with Device Control and Data Encryption

The need to protect digitized health information is a top priority in the healthcare industry. HIPAA and the HITECH Act put pressure on your organization to maintain the privacy and security of patient data, with the potential legal liability for non-compliance. So how does your healthcare organization meet or exceed industry best practices in guarding healthcare information?

Watch this on-demand webcast as Eric Ogren, President of The Ogren Group, and Chris Merritt, Solution Marketing Director at Lumension come together to take you through:

  • What PHI breaches are currently documented by the US Department of Health and Human Resources (HHS) and why these breaches are occurring
  • How a healthcare organization can mitigate costs with encryption technologies
  • What to look for in device control and full disc encryption solutions

Click here to download it now »

Best Practices for Device Control and Data Encryption a Technical Webcast

The proliferation of USB flash drives and other removable storage devices has increased the porosity of the network perimeter. This has result in sensitive corporate and customer data leaking through the corporate firewall, exposing the organization to data loss, data theft and malware propagation. Understanding the powerful data protection tools available to your organization can help you mitigate these risk, while still enabling the flexible and managed use of these productivity devices.

Join this webcast to learn the practical steps to guide you in the deployment of devices control and encryption technology as we dive into a technical discussion of what the critical items to address, including:

  • Laying the Groundwork for Data Security
  • Preparing for Technical Enforcement
  • Enforcing Your Data Protection Policies
  • Managing Your Secure Environment

Click here to download it now »

Stopping the Adobe - Apple - Java Software Updater Insanity

Horror movies are so cliché. Perhaps a new sub-genre devoted to the horde of software updaters you find on each PC would be much more compelling. It’s out of control today. As soon as Microsoft got their act together on security updates, the bad guys turned to third party apps. It’s bad enough for consumers (who are fed up - just google “software update HEdoublehockiesticks”) let alone enterprises. When you have a lot of PCs and they all try to download a 100mb update at the same time, your network will suffer. To say nothing of the lack of control you have over whether users prevent important updates from being installed. In this age of APTs you can’t leave a single PC unpatched and vulnerable.

In this on-demand webcast, Randy Franklin Smith from Ultimate Windows Security will deal with this whole topic. He will share tips and caveats for dealing with the most common software updaters from Adobe, Apple and Oracle. But the bottom line is that we need centralized patch management and he’ll explore the important requirements and architectural issues you should be aware of in this space. Russ Ernst is a software update expert; his team at Lumension eat, sleep and breath software updates because they have package them all up and make them reliably deploy via their Patch and Remediation solution.

Click here to download it now »

Code Signing Debacle 2-0 - A Hacked Adobe Server and Its Impact on Us All

Adobe's code-signing infrastructure got hacked and now you have to worry about some really bad software out there that your computers will think are valid, safe applications from Adobe. One of them is pwdump which gets Windows passwords. Ever since Flame, Randy Franklin Smith from Ultimate Windows Security, has been saying that if Microsoft's update infrastructure got hacked, it was only be a matter of time before another vendor’s did too. And that’s what this is all about. The methods are different, but both boil down to exploiting mistakes Microsoft and Adobe made in their PKI used to sign code. The reason this is so impactful to an organization, is that it allows the bad guys to trick your systems into running malicious code that looks like it came from Adobe – but you get that right? It really stinks though because no matter how good you maintain your systems, you are still at the mercy of the security of your software vendors.

Watch this webcast on-demand to learn:

  • How can you stop this particular threat?
  • How can you deploy some strategic technologies and controls to address the risk of compromised code signatures and vendor update infrastructures?
  • How can you preemptively control your exposure to the mistakes of your software vendors and/or when they get hacked? (In all fairness no one is safe from getting breached.)

Click here to download it now »

Sensational Headlines or Real Threats

Well-organized, highly sophisticated cyber attacks continue to make headlines, hitting major U.S. banks and global companies like Adobe to name a few. In support of October as National Cyber Security Awareness Month, Lumension CEO Pat Clawson, Prolexic CEO Scott Hammack, security industry expert and author, Richard Stiennon and industry analyst and webcast moderator Eric Ogren will share their unique insight into these recent news-making attacks and what they mean for enterprises everywhere.

Click here to download it now »

Windows 8 Is Coming to a BYOD Near You

Hosted by Randy Franklin Smith, of Ultimate Windows Security

If you are like me, you aren’t planning to migrate to Windows 8. But with Surface RTs selling the way they are, I guarantee we will have users bringing their own Windows 8 devices.

In this fast-paced webinar, I’ll look at everything that’s new as far as security in Windows 8, with a special focus on mobility. You folks are really the go-to group in your organization for debunking the myths of Windows 8 and this webinar will help you provide the accurate answers to internal users and executives on questions like:

  • What do I tell my CEO when she asks about supporting her new Win8 laptop?
  • What do I tell my users who want to bring in their Windows RT Surface tablets?
  • What is the security impact of bringing Windows 8 into my environment?

The biggest distinctions guiding this discussion about Windows 8 security will be: 1) RT vs. “Real” Windows, and 2) BYOD vs. corporate-owned devices. If organizations out there are planning to roll-out a Windows 8 fleet of devices, I’ll help by covering the mobile device management (MDM) features and gaps in Windows 8. One of the biggest facts to know right now is that Windows 8 “RT” does not support domain membership or group policy. You heard me right. To manage RT devices, you’d need to have a new version of Windows Intune (the Microsoft PC management service in the cloud), which integrates with a new version of Microsoft System Center. This is an interesting approach to the BYOD security dilemma.

Windows 8 does have some interesting new security features, which we’ll cover:

  • UEFI Secure Boot support – UEFI stands for Unified Extensible Firmware Interface which replaces the good ole BIOS we’ve had to for decades. UEFI promises to make Windows 8 very resistant to low level malware like rootkits.
  • SmartScreen filter – has been extended from Internet Explorer to Windows itself.
  • Windows Defender – Bloggers are pronouncing this as a “full anti-malware solution”. We’ll determine if that is really so.
  • Picture Password – a new touch based logon method using pictures and gestures

Another thing we will cover is which security features are available in Windows 8 (base consumer edition), Windows 8 Pro, Windows 8 Enterprise and Windows 8 RT. There are very big differences between these editions.

Click here to download it now »

Keeping Bot Herders off Your Servers

and Breaking the Lateral Kill Chain of Today’s Attackers

When it comes to malware we usually think of workstations and laptops because they are the systems rubbing shoulders with the unwashed masses on the Internet. They are the systems in the hands of clueless end-users (aka “losers” by some of my less reverent colleagues). They are the systems running applications that download, parse and process file formats targeted by attackers such as Office documents, PDFs and image files.

Conventional wisdom says on the other hand that servers are much more isolated from the Internet. Also, servers are in the hands of security-conscious IT pros who refrain from dangerous activities like web browsing, file downloads or opening email. Even that servers don’t have dangerous applications like Office, Adobe Reader, Flash and other workstation applications installed.

In this webinar, Randy Franklin Smith (Ultimate Windows Security) shows how application control is an important defense-in-depth measure that can provide detection and prevention of late-stage APT attacks.

Click here to download it now »

2013 State of the Endpoint

The state of endpoint risk is not improving according to the fourth annual State of Endpoint Risk study conducted by the Ponemon Institute and commissioned by Lumension. IT pros report the flood of mobile devices entering their corporate networks, advanced persistent threats (APTs) and third-party application vulnerabilities are their primary pain points for 2013. A few short years ago, these concerns barely made the list.

Learn more about the 2013 threat landscape and what IT pros plan to do about it with reportedly insufficient resources and poor inner-office collaboration. For implications and recommendations on how to best handle the evolving risk environment, listen to the webcast, Greatest IT Security Risks of 2013 with Larry Ponemon and Paul Zimski of Lumension.

Click here to download it now »

Third Party Applications - A Chink in Your Armour

The "patch gap" - the time between identifying an IT vulnerability and fixing it - is a vital metric. The shorter the gap, the more secure the business. Also important is knowing where threats are likely to come from. Effective vulnerability and patch management should be on every company's list of priorities. However, as a recent Computing survey shows, this is not the case.

Watch this seminar from Computing UK, where our expert panel will be discussing:

  • How to mitigate the risk from third party application
  • A a step-by-step guide to optimal patch management
  • How to implement a complete endpoint security management programme

Click here to download it now »

2013 Data Protection Maturity Trends

In 2012 we found out that the BYOD environment and consumerization of the workplace had turned traditional notions of corporate IT upside down. The 2013 Data Protection Maturity Report will highlight how organizations have managed this trend over the last year and what steps are being taken in 2013 to further enhance data security. Find out how IT teams are developing a holistic model that encompasses policy, education, technology and enforcement.

During this webcast we look at each of data protection trends, helping you define your organization’s best practice guide to address the top concerns. We will also be showing you how you can gauge the maturity of your security systems, allowing you to plug any holes before your valuable data starts to leak through them.

Click here to download it now »

Defending Your Corporate Endpoints - How To Go Beyond AntiVirus

How To Go Beyond AntiVirus

Businesses large and small continue to struggle with malware. As a result, 50% of endpoint operating costs are directly attributable to malware alone[1]. Traditional approaches to malware protection, like standalone antivirus, are proving themselves unfit for the task. Something has to give.

In this roundtable discussion, independent information security expert Kevin Beaver and Lumension Security’s Chris Merritt will talk about what can be done differently, including:

  • How to get a better grasp of the weaknesses in endpoint security that continue to get overlooked,
  • Examining whether or not anti-virus as we’ve known it is effective, and
  • A comparison between a proactive versus reactive approach to fighting the malware fight.

[1] Ponemon Institute, 2011 State of Endpoint Risk, December 2010

Click here to download it now »

WSUS for Secure Patching

Top Tips, Tricks and Scripts for Overcoming Limitations and Challenges

In case you aren't familiar with Windows Server Update Services, WSUS is Microsoft's built-in technology for centrally deploying patches to workstations and servers for Windows, Office and other Microsoft software. When it came out, WSUS was a great leap forward for all of us who must keep systems secure and patched. As time has passed, patching is even more critical than it was before and more complicated because we have to:

  • patch more quickly to defend against 0-day exploits
  • deal with power management concerns
  • patch servers inside tighter maintenance windows
  • patch more than just Windows

In this webinar, Randy Franklin Smith from Ultimate Windows Security shares a load of tips, tricks and scripts for helping you address these issues and deal with limitations in WSUS.

One of the biggest issues with WSUS is that you control patch management partly from within WSUS and partly from group policy. In WSUS, you select which patches are approved for deployment, but you control patch schedule and other Automatic Update settings with group policy. Randy has a ton of advanced ways to use group policy to the full in order to finely tune how updates are applied on your network.

Points covered:

  • How to ensure not a single computer in your domain is missed by WSUS while not misapplying a patch by accident
  • Why you should start with 3 top-level computer groups in WSUS: Servers, Workstations, Terminal Servers
  • How to schedule automatic updates and reboots for servers during their maintenance window using group policy and WSUS (and the limitations)
  • How to use "client-side targeting" to automatically assign computers to WSUS groups and avoid manually assigning computers
  • How to set up a test group of computers from across all your OUs to receive updates first
  • How to address the problem of computers that are powered down when a patch should be installed
  • How to patch computers in your DMZ Fine-tuning BITS for bandwidth protection Understanding how time zones work in WSUS and the AU client

Another issue we'll tackle though is: "Should I even be using WSUS?" Issues we'll discuss:

  • Do you require Wake-On-LAN capability to fulfill a green initiative with timely patching?
  • Do you have strict maintenance window requirements
  • Do you understand the critical need to centrally control patching non-MS apps without relying on each app's auto-updater?

This will be a technical real-training-for-free™ event for WSUS and beyond.

Click here to download it now »

Top 9 Mistakes of APT Victims

What They Are and What You Can Do To Prevent Them

A couple years ago, Bruce Schneier said that against an APT attacker, 'the absolute level of your security is what's important. It doesn't matter how secure you are compared to your peers; all that matters is whether you're secure enough to keep him out.' Those words have proven true over and over again. APT attackers don't move on to the next target as soon as they see your security is a little above average.

In this age, when you have to do everything right to protect your network, it pays to look at what other people do wrong and learn from their mistakes. We are going to do just that in this webinar. Based on public and unpublished APT incidents, we’ve gathered a list of 9 different things that show up repeatedly:

  1. Allowing open attack surfaces without securing configurations
  2. Permitting unlocked ports and unfettered device usage
  3. Failing to use centralized vulnerability remediation
  4. Allowing untrusted software to execute
  5. Failing to follow existing security policies/procedures and use at-hand technology consistently
  6. Permitting open policies for privileged user authority
  7. Not engaging in consistent end-user security awareness
  8. Failing to leverage logging and to set up traps
  9. Permitting Malware beaconing and exfiltration

These are gleaned from real-world scenarios. We’ll look at how the attacks succeeded due in large part to the mistakes made. I’ll discuss from a technical standpoint how each one of these allowed one or more attacks to actually occur.

Click here to download it now »

Understanding the Ins and Outs of Java Vulnerabilities

and what to do about it

Many organizations are jumping on the "Death to Java" bandwagon, ranting about turning off Java to eliminate risk. However, it is important to put the issue in the proper context. The reality is, a Java vulnerability is not the end game for a cyber criminal, it is merely a delivery mechanism in the quest to install and execute bigger malware.

There is no "one size fits all" as far as recommendations go. But, you do want to eliminate as much exploitable surface area as reasonably possible on your critical endpoints. This is should be the philosophy ingrained in every organization's security culture. If you're not having this conversation about Java, and quite frankly all of the third-party applications in your environment, you are missing the mark and not calculating your risk. Join Paul Henry and Russ Ernst as they bring us up to speed on the Java vulnerabilities and how to limit your exposure.

Click here to download it now »

APTs - The Role of 3rd Party Applications

Once an anomaly with which government agencies and some private companies that work with them had to deal, advanced persistent threats (APTs) are becoming a considerable problem for a spate of larger organizations and public entities alike. Now, it is no longer a matter of if sophisticated cyber criminals have infiltrated your systems, say many experts, but when they hit and for how long they've lingered. There have been a number of ways today's more willful attackers have been able to breach networks to siphon off data over periods of weeks or months. Watch this webcast from SC Magazine, as wthey sit down with an industry expert to discuss how third-party apps of various kinds are proving a workable conduit for them.

Click here to download it now »

Evolution of Advanced Persistent Threats - Current Risks and Mitigation Strategies

APTs have become a major topic of conversation – and in some cases, a critical threat – among IT security departments. But the technology and motivation behind APTs has changed significantly since the introduction of Stuxnet, continuing to evolve rapidly to avoid detection.

In this special Dark Reading presentation, a leading expert on the origins and directions of APTs will discuss the changing nature of these sophisticated threats – and how you can prepare your enterprise security environment to detect and mitigate these complex and dangerous attacks.

Click here to download it now »

Virtualization Security Risks - What Are They and How to Defend Against Them

Virtualization has taken the computer world by storm, lowering costs and significantly speeding up many routine processes. But has your computer security processes and technologies kept up?

This webinar discusses virtualization security risks and how organizations can mitigate these risks by developing a strategic approach.

Viewers will learn:

  • Four steps to implement better security for their virtualized environments
  • The best way to protect data in virtualized environments
  • Where their organization fits in the virtualization technology security management maturity model, based on; experience, virtualization technologies, tools and management mindsets.

Click here to download it now »

Reflective Memory Attacks Deep Dive: How They Work; Why They're Hard to Detect

In a twisted sort of way, today’s threats are kind of thrilling. Hacker movies of yesterday have nothing on the reality of today. When I first learned how buffer overflows worked I was amazed. But reflective memory attacks go way beyond “simple” buffer overflows.

Reflective memory attacks allows the bad guy to silently load large programs and execute them inside an already running process, using it’s memory, resources and authority. These attacks bypass common security technologies like AV and application whitelisting because they don’t drop any file onto the file system. They basically just allocate some memory, write the malicious code into it and then (usually) spin up a thread executing that code. That’s actually not a very unusual sequence of operations so it’s really hard to detect.

In this webinar, we will do a deep dive exclusively into reflective memory attacks. You will learn:

  • How reflect memory attacks work
  • Why they’re called reflective
  • Why traditional security technologies don’t catch them
  • Methods for detecting them
  • Crippling performance problems caused by some detection methods
  • Tradeoff between detection and performance

Joining me will be Dan Teal who invented CoreTrace (acquired by Lumension) Bouncer technology. Dan will shed light on this advanced topic and then briefly show how Lumension Endpoint Security Suite incorporates Bouncer technology to detect reflective memory attacks without hurting performance.

Click here to download it now »

The 5 Key Tactics to Dealing with Advanced Persistent Threats

One of the most troubling shifts in the threat landscape is the rise in Advanced Persistent Threats (APTs). APTs are defined by a long term pattern of sophisticated hacking attacks targeted at a specific company, government entity, individual, or group. Unlike traditional malware, APTs are not simply remediated with a single step. If one route is blocked, an APT will look for other vulnerabilities.

While many may think APTs are only targeted at governments, the reality is that the “hack for profit” groups are looking to compromise companies of any size, and even individuals. To combat this, this eSeminar will examine the five key tactics you should be taking to combat APTs.

Click here to download it now »

3 Executive Strategies to Prioritize Your IT Risk

Do you want to know how 'best-of-breed' enterprises prioritize their IT risk? Join Richard Mason, VP & CSO at Honeywell, whose team is responsible for global security, during a roundtable discussion with Pat Clawson, Chairman & CEO of Lumension and Roger Grimes, Security Columnist & Author. Uncover strategies beyond traditional antivirus signatures and learn a more holistic approach to effective risk management. Find out 'how' and 'why' you can make security a prioritized function within your organization.

Click here to download it now »

BYOD and Mobile Security

Bring Your Own Device (BYOD) is a popular topic in 2013. The trouble is that IT is trying to understand the security risks and prepare strategies to either adopt employee-owned mobile devices or decide against it for security and data control reasons.

The 160,000 member Information Security Community on LinkedIn conducted the survey "BYOD & Mobile Security 2013" to shed some light on the drivers for BYOD, how companies will benefit from BYOD, and how they respond to the security risks associated with this trend. With 1,600 responses, some interesting insights and patterns into BYOD were uncovered.

Click here to download it now »

Stop Data from Going for a Thumb Drive

Earlier this year, a government contractor helping to build the North Carolina Department of Health and Human Services’ Medicaid billing system lost a USB thumb drive. On it was stored the personal information of more than 50,000 Medicaid providers nationwide – including full names, Social Security numbers, addresses and dates of birth. Fortunately, no patient information was breached. Still, the employee responsible was put on administrative leave by the private contractor, Computer Sciences Corp. (CSC), and an independent third-party assessment into the company's security posture was initiated.

This, of course, does little to help those directly impacted by the loss. It is, however, a clear example of just how policies and procedures around thumb drive use have become a critical part of any risk management plan. Yet, many organizations still overlook the many risks that use of such devices can introduce. Just recently, SC Magazine research, sponsored by Lumension, revealed that nearly a third of 329 information security pros responding to our poll witnessed employees storing sensitive internal information on thumb drives. Another 12 percent said they know that customer data is stored on these. But, only 37 percent have implemented security technologies to protect these useful, but vulnerable offerings.

Join us for a 20/20 webcast during which we talk to Chris Merritt about the challenges associated with these pervasive storage devices, and what steps your company can take to prevent the misuse – whether inadvertent or malicious – of data transfer.

Click here to download it now »

Java Insecurity: How to Deal with the Constant Vulnerabilities

Just over a decade ago, the outcry over Microsoft’s security problems reached such a deafening level that it finally got the attention of Bill Gates, who wrote the famous Trustworthy Computing memo. Today, many would say that Microsoft leads the industry in security and vulnerability handling.

Now, it’s Java that’s causing the uproar. But has Oracle learned anything from Microsoft in handling these seemingly ceaseless problems? In this webinar, Randy Franklin Smith from Ultimate Windows Security will start by reviewing the wide-ranging Java security changes Oracle is promising to make. They sound so much like the improvements Microsoft made back with Trustworthy Computing that I’m amazed it hasn’t been done before! We’ll move on to discuss what you can do now to address Java security in your environment.

One of the banes of security with Java is the presence of multiple versions of Java, often on the same computer. Sometimes you really need multiple versions of Java to support applications with version dependencies (crazy, I know). But other times, multiple copies of Java are there "just because." In this webinar, we’ll talk about the current Java mess and how you can get out of it, including:

  • Assessment. We’ll discuss ways and tools for cataloging what versions of Java are actually out there on your endpoints.
  • Identification. We’ll look at methods for identifying which versions are actually required by your users; for instance, I’ll show you how you might use Process Tracking and File Access events in the Windows Security Log to see which Java files are being accessed, by whom, and by which programs.
  • Disabling. Can you just disable Java? Maybe not for everyone, but what if you could disable it for certain roles within your company that make up 25% – or even 75% – of your workforce? That would be worth it. We’ll explore how you might go about such a measure.
  • Hardening. We’ll dive into the technical details of hardening Java and reducing your Java attack surface, where possible.
  • Filtering. Another way to reduce your Java risk is by filtering Java content at your gateway. Again not full coverage control – but what is?
  • Patching. Then, we’ll delve into the Java patching nightmare. Depending on self-updaters on each endpoint, is could be a recipe for disaster, and I’ll explain why. Basically the only way out of the Java mess is a 3rd party solution that can perform centralized patch management and remediation and that’s where our sponsor, Lumension, will come in.

Click here to download it now »

Is Your AV Keeping Up

So far in 2013, AV-Test.org is recording about 5.5M new pieces of malware per month – or a little over two per second. It’s no wonder 47% of organizations are reporting malware as the primary driver for increasing IT operating expenses, and 58% of them are experiencing more than 25 malware incidents every month.

It’s time to put aside yesterday’s assumptions about malware, and prepare for modern antimalware combat.

In this special, interactive eSeminar we’ll look at current malware warfare – and how you can implement defensive strategies to protect your organization. Along the way, we’ll look at some very recent survey results from more than 900 IT professionals – 91% of whom believe AV is ‘very’ or ‘extremely’ important to protecting their network, despite seeing malware incidents continue to rise.

Click here to download it now »

Real World Defense Strategies For Targeted Endpoint Threats

APTs: What They Are and Strategies to Protect Against Them

Advanced Persistent Threats (APTs) may be a popular topic amongst security professionals, but there seems to be a lot of confusion regarding what they are and how they impact everyday organisations. In a recent survey by UBM Tech, 72% of organizations are concerned with the risk posed by APTs and 69% describe the risk as increasing in the last twelve months1. During this keynote presentation you will have the opportunity to gain a better understanding of how APTs work, how you need to rethink your defenses, how to educate the business to respond to these sophisticated attacks and how to gain agreement across business units, to effectively secure your organization, people and information.

Watch this presentation on-demand to learn:

  • What APTs are and what they are not
  • Strategies to protect against APTs
  • Rationalizing security investment decisions
  • Determining technological risks and needs
  • Vector Awareness
1) http://www.lumension.com/Resources/Free-Content/The-State-of-APT-Preparedness.aspx

Click here to download it now »

Data Protection Rules are Changing

What Can You Do to Prepare?

The European Union's proposed new data protection regulation aims to update Europe’s data protection laws and to provide a more consistent data protection framework across the Continent.

But the new regulation, which replaces the EU’s existing data protection directive and member states' data protection laws, will put some new demands on organisations holding personal data. Breach disclosure and "the right to be forgotten" will force businesses to update their data protection and retention policies.

This webinar will:

  • Review the current EU laws, and contrast them with laws in other parts of the world;
  • Examine the arguments for strengthening data protection in Europe, and the likely outcomes;
  • Look at what security teams should already be doing to put themselves ahead of legislative changes;
  • Outline strategies and technologies organisations need to meet current and future data protection requirements
  • Help infosecurity teams to explain the changes – and their consequences – to their boards.

Click here to download it now »

2013 - Real World Defense Strategies for Targeted Endpoint Threats

The security community is amassing a wealth of intelligence about targeted attacks (aka APTs). One thing we are seeing is that the 2 weakest points in our defense against targeted attacks is the human element and the endpoint. We need to give more attention to the human element, but few of us are in a position to effect behavioral change in our organization. That is a long road requiring support from management and a more psychology-focused skill set.

On the other hand, most of us are in a position to help improve endpoint security. This webinar focuses on how to build a layered defense against targeted endpoint attacks. To build a true defense-in-depth strategy we will look at the phases of a targeted attack:

  • Discover – reconnaissance, "casing the joint"
  • Distribute – package and deliver the payload
  • Exploit- trigger the payload and exploit the vulnerability
  • Control- install persistent malware on system, connect back to command & control
  • Execute – spread-out and begin taking action against planned objectives

We will identify controls and technologies that we can deploy to disrupt, hinder, detect and prevent attackers at each phase. These will include:

  • Endpoint security best practices
  • Endpoint management processes
  • Hardening steps
  • Monitoring techniques
  • Endpoint security technologies

We draw on the wealth of intelligence the security community is amassing and to make this a data-driven presentation. Lumension is our sponsor for this real-training-for-free session and Paul Zimski will briefly showcase the Lumension endpoint security technologies that map to each of the attack phases we discuss.

Click here to download it now »

2014 Ultimate Buyers Guide to Endpoint Security Solutions

Last year we offered our thoughts on buying Endpoint Security Management solutions — including patching, configuration, device control, and file integrity monitoring — which are increasingly bundled in suites to simplify management. For 2014, malware and mobility have become the most critical issues facing organizations at they look to protect their endpoint devices. Thus we've updated our research to make sure you have the latest and greatest information on which to base your buying decisions.

Join Mike Rothman, Analyst & President from Securosis, as he dives into an interactive discussion around endpoint security in 2014, and provides clear buying criteria for those of you looking at these solutions in the near future.

What you will learn:

  • Protecting Endpoints: How the attack surface had changed, and the impact to your defense strategy
  • Anti-Malware: The best ways to deal with today's malware and effectively protect your endpoints from attack
  • Endpoint Hygiene: Why you can't forget the importance of ensuring solid management of your endpoint devices
  • BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization
  • The Most Important Buying Considerations in 2014

*Receive 1 CPE credit for attending this webcast. To earn this credit, viewers must be active participants for the duration of the webcast. Please enter your appropriate membership ID upon registration to ensure relevant credits are allocated to your accounts when we submit them.

Click here to download it now »

Application Whitelisting Best Practices Lessons From the Field

If you’re like most IT professionals, you’ve probably heard analyst firms like Gartner and Forrester recommend using application whitelisting to defend your endpoints. The latest generation of application whitelisting provides flexible protection against modern, sophisticated malware and targeted attacks. However, application whitelisting is not something you turn on overnight.

Attend this in-depth technical webcast as we dive into the latest technologies, including reflective memory protection, and other whitelisting approaches, to learn best practices to begin preparing for your 2014 endpoint security strategy and the inevitable transition from traditional signature-based protection to a holistic solution that incorporates whitelisting.

  • Three Best Practice Steps: Prepare, Lockdown and Manage Change
  • Understand how to apply lessons learned during application whitelisting implementations by your peers
  • Gain knowledge of continuous improvements made in best practices for application whitelisting

Click here to download it now »

APTs - The State of Server Side Risks in 2013

In previous surveys this year, we've examined various aspects of one of the most pressing issues facing the IT security industry today: Advanced Persistent Threat (APTs).

This Lumension sponsored webcast presents findings from the newest research uncovered by our readers on server security. Find out:

  • What the research has uncovered about the state of server side security in 2013
  • How we can analyze these risks
  • The protocols that can be taken during potential compromises

There's been a lot of hyperbole around our professional environment. Our latest research unravels the disparate messages that exist today in organizations. By watching this webcast, you will get to the truth of the potential impacts of server security attacks and the best strategies and tools to put in place to protect your organization.

Click here to download it now »

Targeted Threats - What They Are and a Framework to Protect Against Them

Targeted threats (also known as Advanced Persistent Threats, or APTs) follow a fairly well-defined framework for success. An APT is more of a methodology used by attackers, rather than a piece of malware that ends up on an endpoint. No matter what group is behind these targeted attacks, their exploitation techniques follow a predictable pattern. For organizations to protect themselves from these targeted threats, we have developed this site, complete with act

Watch this webcast on-demand to learn:

  • What targeted threats are and what they are not
  • Strategies to protect against targeted threats
    • Rationalizing security investment decisions
    • Determining technological risks and needs
    • Vector Awareness

Click here to download it now »

Adobe Hacked Again - What Does it Mean for You

Last time it was Adobe’s code signing servers. This time it’s 2.9 million (let’s just call it 3) customers’ data and lots and lots of source code – including that of Acrobat. Adobe products already require constant patching but offer no enterprise level solution for patching. In this on-demand webinar, we’ll discuss why this will likely lead to more and we’ll look at what we know about this latest Adobe breach.

But more importantly Randy Franklin Smith from Ultimate Windows Security will show what you can do in advance to protect yourself against zero-day exploits in Adobe products and programs. After all this won’t be the last time a software vendor is hacked. In this day and age we have to protect ourselves from the failures of our software providers.

Randy will look at 3 ways you can go on the offensive to protect yourself from the constant vulnerabilities discovered in Adobe Reader, Acrobat, Flash and Oracle Java. Here’s what we’ll discuss:

  • Alternatives to Adobe and Java
  • Different ways to containing vulnerable apps in a sandbox
  • Using advanced memory protection technologies to detect and stop buffer overflows and other memory based attacks

Patching and AV only helps you close the window on hacker opportunity. To prevent the window from opening in the first place you have to prevent untrusted code from ever running in the first place. That requires application whitelisting and memory protection against code injection – a growing menace that bypasses controls based on file system and EXE scanning.

That’s why Lumension is sponsoring this event. You’ll be interested seeing 2 of their end-point security technologies that will help protect you from the new exploits on their way as a result of this hack as well as the constant stream of exploits discovered every day.

This is going to be a really cool webinar with practical tips that you can apply. Learn how to protect your systems from other software vendor vulnerabilities.

Click here to download it now »

Windows XP is Coming to an End

In April 2014, Microsoft ends support for Windows XP and Office 2003. In a perfect world, your organization will have developed a plan by the end of 2013 and will have migrated all XP and 2003 systems to the latest versions, before Microsoft ends patching for these products. Unfortunately, there are many obstacles to making this strategy come to fruition – time, resources, budget, etc.

In an effort to help organizations plan for a strategy while your migration strategy is still being planned and/or executed on, allowing for a buffer to the security risks that could transpire due to a lack of patching, join this webinar to:

  • Learn what end of life means to your organization from a security perspective
  • What options are available to extend support or secure your organization from vulnerabilities
  • How other organizations are planning to remain secure and compliant until they are fully migrated

Understand how you can protect your XP systems beyond end of support. With application control and advanced memory protection you can effectively prevent security risks that are inevitable once your organization is no longer receiving Microsoft patches.

Click here to download it now »

2014 State of Endpoint Risk

Organizations around the world are losing intellectual property and customer data to cyber criminals at mind-boggling rates. How is this happening?

For 5 consecutive years, the annual State of the Endpoint Report, conducted by Ponemon Institute, has surveyed IT practitioners involved in securing endpoints. This year’s report reveals endpoint security risk is more difficult to minimize than ever before. What are IT pros most concerned about heading into 2014? From the proliferation of mobile devices, third party applications, and targeted attacks/APTs, endpoint security risk for 2014 is becoming more of a challenge to manage.

Join Larry Ponemon of the Ponemon Institute and Ed Brice of Lumension for a webcast that will reveal statistics on growing insecurity, IT’s perceived areas of greatest risk for 2014 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn:

  • IT perspective on the changing threat landscape and today’s Top 5 risks;
  • Disconnect between perceived risk and corresponding strategies to combat those threats;
  • Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain

Click here to download it now »

2014 Data Protection Maturity Survey Results

In 2012 we found that the BYOD environment and the consumerization of the workplace had turned traditional notions of corporate IT upside down. In this webcast, we'll look at the results from the 3rd annual survey and look at how mobility has changed the way IT teams are managing their devices, how effective their efforts are, and their biggest concerns.

During this webcast we will look at each of data protection trends, helping you define best practices for your organization to address the top concern. We'll also show you how you can gauge the maturity of your security system allowing you to plug any holes before your valuable data starts to leak through them.

Click here to download it now »

2014 Security Trends

SIEM, Endpoint Security, Data Loss, Mobile Devices and the Cloud

Listen to Randy Franklin Smith of Ultimate Windows Security as he talks through the results of his 2014 trend survey including: what are the top SIEM challenges and solutions? How widely is application whitelisting being used and what which endpoint solutions work and which are hype? What is IT's greatest concern over mobile devices? How widely is cloud computing being used and what are your peers doing about big data?

Click here to download it now »

Securing Your Point of Sale Systems

Point of Sale (POS) systems have long been the target of financially-motivated crime. And in 2013 the magnitude of cybercrime against POS systems skyrocketed, with 97% of breaches in the retail sector and 47% in the healthcare sector aimed against POS systems. With sensitive financial and personal records getting exposed by the millions, the FBI recently warned that POS systems are under sustained and continued attack.

During this webcast, we will take you into the three critical entry points to POS system attacks. We’ll discuss how the attacks look, the timelines for these breaches, and what proactive security measures you can take to help your organization minimize the risk to your POS systems.

  • Critical Entry Points to POS System Attacks
  • Impacts to an Organization
  • Top 3 Security Measures to Minimize Risk

Click here to download it now »

Lessons learned from the Target Data Breach

In December 2013, US retailer Target suffered a high profile data breach at the hands of a cybercriminal group, who infected its point-of-sale (PoS) terminals with malware to steal the details of around 110 million customers. Marcus Group's systems were also compromised recently and crooks made off with customer card details, while several other merchants are reported to be preparing to go public with their own breaches.

Data breaches are nothing new but we are seeing a significant increase in incidents, and 2013 was the worst year in terms of data breaches recorded to date. According to the Online Trust Alliance over 740 million records were exposed in 2013, and they determined that 89% of all breach incidents were avoidable had basic security controls and best practices been enforced. Watch this webcast to understand the key lessons learned from these breaches and learn:

  • How malware aimed at retailers is evolving on a daily basis;
  • What tools and methodology hackers employed to bypass security;
  • What steps retailers and banking institutions should take to secure their networks;
  • Key procedural and technical steps for securing third party code;
  • How to develop an effective Data Incident (DIP) Plan, including a communication strategy.


Click here to download it now »

Real World Defense Strategies for Targeted Endpoint Threats

Advanced Persistent Threats (APTs) may be a popular topic amongst security professionals, but there seems to be a lot of confusion regarding what they are and how they impact everyday organisations. In a recent survey by UBM Tech, 72% of organizations are concerned with the risk posed by APTs and 69% describe the risk as increasing in the last twelve months. During this keynote presentation you will have the opportunity to gain a better understanding of how APTs work, how you need to rethink your defenses, how to educate the business to respond to these sophisticated attacks and how to gain agreement across business units, to effectively secure your organization, people and information.

Watch this presentation on-demand to learn:

  • What APTs are and what they are not
  • Strategies to protect against APTs
  • Rationalizing security investment decisions
  • Determining technological risks and needs
  • Vector Awareness

Click here to download it now »

Careto Unmasking a New Level in APT ware

Watch this on-demand webcast as Randy Franklin Smith of Ultimate Windows Security talks about Careto (aka The Mask), an APT actor that has been active since at least 2007. What makes Careto different than past APTs like Duqu, Flame and Stuxnet are Sophistication and complexity. Careto includes malware, a rootkit, plug-in architecture, utilizes many different vectors and versions for Windows, Max OS X, Linux and beyond. It uses never–before–seen methods to hide itself.

There's a tremendous amount knowledge and benefit that can be gained from understanding Careto. In this webcast Randy explores Careto in terms of:

  • Backdoor components
  • Use of certificates
  • Exploit sites
  • Communication
  • Command and control servers
  • Exploits used

Randy will then take a look at the indicators of compromise, not just so you can detect Careto (might be a moot point since it appears to have been shutdown) but so that you can see how other APTs can be detected. Finally, Dan Teal from Lumension will provide a detailed analysis of Careto's advanced techniques.

Click here to download it now »

XP End of Support - 5 Ways to Mitigate Risk Now

While you likely have very good reasons for remaining on Windows XP after end of support -- the bottom line is your security risk is now significant. In the absence of security patches, attackers will certainly turn their attention to this new opportunity.

Listen to Lumension Vice President Paul Zimski to learn about 5 pragmatic risk mitigation techniques to employ while using Win XP. Specifically, you will learn:

  • How attackers will use the now no-longer-patched OS to their advantage
  • Why this significant challenge could be considered an opportunity
  • Five pragmatic risk mitigation strategies that you can implement immediately

Watch this on-demand webcast today to help you understand how you can defend your enterprise against today's targeted attacks.

Click here to download it now »

Using System Center Updates Publisher to Security Patch 3rd Party Apps with WSUS

IT security expert Randy Franklin Smith from Ultimate Windows Security, takes you on a deep dive into how Microsoft System Center Updates Publisher (SCUP) works and requirements for deploying 3rd party security updates via SCUP. Learn exactly what it takes to package up a security update, how to publish it to WSUS, and the compatibility requirements between SCUP and different versions of Windows and WSUS.

You will learn about these SCUP concepts:

  • Software Update Catalog Subscriptions
  • Software Updates
  • Publications
  • Applicability Rules

Click here to download it now »

2014 BYOD and Mobile Security Survey Sneak Peek

It's no secret that risk imposed by mobile devices is increasing. And while mobile malware gets a lot of the headlines, we learned from last year’s survey of over 1,600 IT professionals in the LinkedIn Information Security Community group that loss or unauthorized access to data were the biggest concerns. So what do they think in 2014? Watch the BYOD and Mobile Security Sneak Peek Webcast to learn what IT security pros think in 2014 about growing mobile insecurity and what are they doing about it.

Click here to download it now »

Top 8 Things to Secure on iOS and Android to Protect Corporate Information

Watch this on-demand webcast, as security expert Randy Franklin Smith from Ultimate Windows Security, shows you a technical and pragmatic approach to mobile security for iOS and Android. For instance, for iOS-based devices, he talks about:

  • System security
  • Encryption and data protection
  • App Security
  • Device controls
Randy also discusses Android-based devices. While Android gets its kernel from Linux, it builds on Linux security in a very specialized way to isolate applications from each other. And learn about iOS and Android mobile device management needs: Password and remote wipe capabilities are obvious but there’s much more to the story. And you’ll hear Randy's list of top-8 things you need to secure and manage on mobile devices in order to protect access to your organization’s network and information.

Click here to download it now »

Malware Defenses: SC Magazine Survey Results

Targeted attacks are a real threat for nearly every organization today but how prepared are you really? In a new, in-depth report from SC Magazine, the majority felt their organizations were not well equipped to defend against these sophisticated attacks.

Listen to Illena Armstrong, VP, editorial, SC Magazine and Chris Merritt, Director of Solution Marketing, Lumension as they review the results of the 2014 Malware Defenses survey conducted by SC Magazine. Specifically, they will address:

  • the current state of defense against advanced targeted attacks,
  • the differing levels of preparedness across organizations,
  • the implications for organizations as they plan improvements in their security posture, and
  • identifying easy wins for improving endpoint security.

Click here to download it now »

Endpoint Security: The Front Line in Today’s Infosec War

People are trying to steal your organization’s information, and it all starts with your end users and your endpoints. If they can take over just one of your end user’s endpoints, they can become that user. They can access what that user can access, and they can communicate to other people as though they were that user. They can surreptitiously insert malware into legitimate messages that user sends to other people in your organization and thus take over the endpoints of other users, steadily working their way closer to their ultimate goal.

The endpoint is where this battle is playing out and it’s a tough environment to defend and secure. Endpoints are so vulnerable because they are in the hands of non-technical end users, there are many attack vectors, and because they process so much content from the untrusted internet. All these factors combine to produce a perfect storm that bad guys are heavily exploiting.

Protecting your information means defending your endpoints. Endpoint defense takes a combination of technical savvy, well-thought strategy and high technology. In this session, Randy Franklin Smith will explore the 2-fold mission of endpoint security: stopping untrusted code and preventing data loss. Follow as he takes you on a tour of the 5-layers of defense everyone needs to defend against malware and points out the 3 major vectors of data loss associated with endpoints and how to address them.

Click here to download it now »

Future of Endpoint Security

Endpoint security is an arms race with new innovations and ever changing tactics on both sides of the war. This is not a static or stabilized area of infosecurity by any measure. In this session industry experts will share their take on what shape the next threats will take and what endpoint security technologies will look like next year and further into the future. Tune into this session to stay on top of trends, threats and prepare for the future.

Click here to download it now »

Understanding and Applying Defense-in-Depth Best Practices

Organizations are face proliferating cyber-attacks which increase the risk of doing business in today’s digital world. However, it’s not possible – and in fact not even practical – to reduce your risk to zero. Therefore, every organization must understand their unique tolerance for risk, end-user demographics and technology dynamics; then tailor their response and defenses accordingly. While each organization requires a unique approach; every organization needs a defense in depth strategy. Join this technical discussion to understand the 7 layers to a proactive security approach, and the choices you face for your security practice within each of these layers. Walk away with useful ways to assess your threats and take actionable steps to minimize risk according to the needs of your business.

Click here to download it now »

4 Insider Access Blind Spots: What You Need to Know and How to Prevent Them

Endpoints operated by your end users present a tremendous risk to your organization. From being the entry point for infectious malware, to leaking sensitive corporate information, trusted insiders play a critical role in your organization’s overall security posture. During this presentation, we’ll discuss the four blind spots that you need to consider in 2014 and how you can take proactive measures to prevent them.

  • Personal Clouds
  • Email
  • Mobile Devices
  • Removable Devices / Media

Click here to download it now »

2015 Endpoint and Mobile Security Buyer's Guide Webcast

Watch with Mike Rothman, Analyst and President of Securosis, as he dives into an interactive discussion around endpoint security management in 2015.

  • Protecting Endpoints: How the attack surface has changed, and the impact to your defense strategy
  • Anti-Malware: The best ways to deal with today’s malware and effectively protect your endpoints from attack
  • Endpoint Hygiene: Why you can't forget the importance of ensuring solid management of your endpoint devices
  • BYOD and Mobility: The extent that corporate data on smart mobile devices impacts your organization
  • The Most Important Buying Considerations in 2015

Click here to download it now »

Using System Center Configuration Manager 2012 R2 to Patch Linux, UNIX and Macs

Today, everything has to be patched. From desktop and laptop to server and every operating system in between. With compliance, what we have to pay attention to is what’s actually out there on our network – not just what you wish were there.

Servers (Windows, UNIX and Linux) Even Windows-centric environments have at least a few UNIX or Linux servers that need to be secure and patched. Linux and UNIX servers often fulfill critical functions with few and short maintenance windows. These can be a real pain point for admins who specialize in Windows or are managed by an entirely different admin.

Desktops (Windows and Macs) Maybe you are responsible for desktops instead of servers. Again it’s not just a Windows story any more. More and more people are opting for Macs instead of Windows. Watch the vulnerability lists and you’ll see that Macs need patching too.

The kicker though is the 80/20 rule. If at least 80% of the computers on your network are Windows and the remaining 20% are everything else – it’s a safe bet, given the maturity and ease of WSUS, that 20% of your patching effort goes to Windows but 80% of your effort is consumed with patching all the different flavors of UNIX, Linux and your Mac computers. We need one system to manage all our patches and one pane of glass to prove compliance from data center to desktop.

Believe it or not System Center 2012 R2 provides the infrastructure to do just that – it just needs a little help. Last time we showed you how you can patch 3rd party apps on Windows through System Center Update Manager. This time we’ll show you how you can patch non-Windows systems using the new System Center clients for UNIX, Linux and Mac.

Click here to download it now »

Cyber thieves are ready for the holiday shopping season: are you?

Retail organizations have long been the target of financially-motivated crime. According to Verizon, 92% of the retail breaches they've studied were committed by external actors. In fact, while 73% of these attacks were perpetrated by organized criminal groups, 99% of them were financially motivated. It's small wonder they called 2013 the "year of the retailer breach."

In this webinar, we'll discuss how these attacks are executed - from the attack vectors to the timelines - and what proactive security measures you can take to help your organization minimize the risks of an attack this holiday shopping season. Specifically, you will learn:

  • 3 attack vectors the bad guys commonly use to gain access
  • How those attacks impact retail organizations
  • Top 3 Security Measures to Minimize Risk

Click here to download it now »

PHI Is More Valuable than Credit Cards: Time to get serious about data security!

News about data breaches in the healthcare sector continues unabated. Not only the recent breach which impacted 4.5M individuals, but the growing list on the “wall of shame” – over 1,200 reportable breaches, and another 120,000 impacting fewer than 500 individuals. So you know it’s time to get serious about healthcare data security.

In this webinar, we’ll discuss practical steps you can take to improve your IT security – not only to get (or stay) compliant with HIPAA / HITECH, but to actually prevent data breaches. After all, data breaches not only cost a lot – an average of $316 per record lost or stolen, according to the Ponemon Institute – but also invite additional scrutiny from the OCR. We’ll address the three areas of focus for the upcoming OCR audits, and provide some tools which you can use to better understand and secure your IT environment. Join us for this in-depth technical interactive discussion on securing healthcare data.

Click here to download it now »

SC Congress eSymposium, Vulnerability Management

Lumension Session: Patch Management: The Foundation of Every Winning Infosec Team
Speaker: Russ Ernst, Director of Product Management

Just like the arrival of a hot new quarterback, the IT security space is abuzz with talk about “detect & respond.” But it takes a lot of other folks to create a championship team – and just as a winning football team needs those linemen to get dirty in the trenches, your security strategy needs a solid foundation of patch management tools and processes to take care of basic “blocking and tackling” to win the game.

In this session, we will focus on the workaday world of patch management. While perhaps not as glamorous as latest whiz-bang gadget or philosophy, it helps maintain the integrity and health of your endpoints, reduce your attack surface, and maintain productivity. We will show you how to maintain health of all your systems – from your Windows, Linux, and UNIX data center servers all the way to your Windows and Mac desktops, including targeted 3rd party desktop applications. You will leave with practical, real-world proven tips on how to use patch management as the foundation of your winning defense-in-depth security strategy.

Click here to download it now »

Shellshock 101: What is Bash?

UltimateWindowsSecurity.com Webinar
How do Shellshock attacks work? Where are you still vulnerable? How to fix?
Speaker: Chris Merritt, Director of Solutions Marketing

Now that we are past the initial frenzy of Shellshock it's time to take a deep dive into Bash, the program that Shellshock exploits, and examine:

  1. How do Shellshock attacks work?
  2. Where are you currently vulnerable?
  3. How to patch against current exploits?
  4. Strategize against yet-to-be discovered vulnerabilities?

Bash is the predominant command shell for the Linux and UNIX world. So in Windows' terms Bash is like the command prompt or PowerShell. Your *nix servers are definitely impacted but as you'll see in this webinar other devices are too.

Click here to download it now »

Time to get serious about data security!

Why is this webinar relevant?

News reports about security failures in the healthcare sector continue unabated—and we’re not only talking about the recent healthcare breach which impacted 4.5M individuals.

  • In the last two years, 97% of hospitals had at least one data breach.
  • Over 1,200 breaches have been added to the “wall of shame”—with another 120,000 reported breaches too small for this list, but each impacting up to 500 individuals.
  • Data breaches cost an average of $316 per health record lost or stolen (according to the Ponemon Institute), and they also invite additional scrutiny from the OCR.

Threat actors are increasingly targeting PHI (Protected Health Information). Why? A complete identity-theft kit containing comprehensive PHI credentials is worth up to $1,000 per record (versus only $1 per record for a standard credit card record). So yes, it’s time to get serious about healthcare data security.

What's in this webinar?

We identify and discuss:

  • Attack vectors and their impacts.
  • Practical steps you can take to improve your IT security - not only to get and stay compliant with HIPAA / HITECH, but to actually prevent data breaches.
  • 3 areas of focus for the upcoming OCR audits.
  • Tools you can use to better understand and secure your IT environment.

Join us for this in-depth discussion on securing healthcare data.

Click here to download it now »

Pre-empting Pass-the-Hash Attacks on Windows Systems

Why is this webinar relevant?

Pass-the-Hash attacks continue to be relevant to Windows systems due to fundamental realities about passwords themselves, and due to design decisions made long ago which underpin security within Windows.

Traditional defense against Pass-the-Hash centers on eliminating as many instances of password hash data as possible, and on ensuring the uniqueness of password hash between systems. This webinar will focus on an alternative defense.

All Pass-the-Hash attacks require the ability to run code. Deny attackers that ability and you stop Pass-the-Hash attacks. Join us for our sponsored webinar with Randy Franklin Smith of Ultimate Windows Security, where he discusses:

  • Pass-the-Hash, and other attacks dependent on executing code
  • Software restriction policies and AppLocker
  • Native Windows and 3rd party technologies available to prevent unauthorized code from executing on your endpoint servers and workstations.

Click here to download it now »

2015 State of the Endpoint Webcast

User-centric risk tops this year’s concerns: what is IT doing about it?

Endpoint risk is rising and 78% of respondents to the new 2015 State of Endpoint Security study say negligent, careless employees not following policy are IT’s biggest threat.

The 6th Annual survey, conducted by Ponemon Institute, asked IT practitioners involved in securing endpoints about risks and challenges in 2015. This year’s report reveals why risk has become more challenging over the last 24 months and what IT plans to do about it in 2015.

Watch as Larry Ponemon and Chris Merritt reveal analysis from the Annual State of Endpoint Risk, sponsored by Lumension, including:

  • The evolving IT threat landscape and today’s top-5 risks
  • The disconnect between perceived and actual risk, and the corresponding strategies to combat these threats including detect and respond, big data and threat intelligence
  • Insights into new Infosec budgets and their 2015 allocations

Click here to download it now »

2015 Data Protection Maturity Survey

After so many massive data breaches in 2014, it’s small wonder that data protection is such a hot topic today. The fourth annual Data Protection Maturity Trends report delves into the issues and concerns facing IT security teams, how effective their data protection efforts have been to date, and their plans for 2015 and beyond.

Watch this webcast from Lumension, as Chris Merritt, Director of Solution Marketing, and Dee Liebenstein, Vice President Product Management, review and analyze results from the 4th annual Data Protection Maturity survey, including:

  • The threat and regulatory landscape facing organizations today
  • How organizations are developing and implementing their administrative and technical controls to face these issues
  • Where organizations fall on the Data Protection Maturity matrix, and what they could do to improve

Learn how your peers plan to address data protection risks in 2015.

Click here to download it now »

What's New in L.E.M.S.S. v8.2

Click here to download it now »

Practical Patch Compliance: Using System Center to Reduce Your Audit Pain

Security is Complex, Patching with Microsoft® System Center Shouldn't Be

System Center Configuration Manager is the solution of choice for managing today's enterprise environments. But what’s an administrator to do when a security audit includes vulnerabilities in non-Microsoft applications?

Introducing the only enterprise-class 3rd party patching solution designed exclusively for System Center environments that require operationally efficient and reliable security and compliance patching solutions.

Watch this in-depth demonstration of practical methods to improve the patch process for your most targeted 3rd party desktop applications, reduce the time you spend building updates, and improve audit readiness in your Windows environment—through our newly released Lumension® Patch Manager DeskTop plug-in.

Key capabilities include:

  • Integrated plug-in with automated content subscription and synchronized scheduling—all within the familiar SCCM console but without need for manual SCUP input
  • Ensures systems are correctly patched the first time though Patent-pending Patch-Smart™ technology
  • Enterprise-class content which delivers in-depth vulnerability information and supports both enterprise and consumer versions of the most widely adopted, highly targeted applications

Click here to download it now »

It's All for Naught If you Leave This One Backdoor Open

Click here to download it now »

Maturing Your Data Privacy and Security Program –
Can You Afford Not To?

After so many massive data breaches in 2014, it’s small wonder that data protection is such a hot topic today. The fourth annual Data Protection Maturity Trends report delved into the issues and concerns facing IT security teams, how effective their data protection efforts have been to date, and their plans for 2015 and beyond.

Listen to this discussion with Lumension, as Chris Merritt, Director of Solution Marketing, reviews and analyzes the results from the 4th annual Data Protection Maturity survey, including:

  • How organizations are developing and implementing their administrative and technical controls to face these issues
  • Where organizations fall on the Data Protection Maturity matrix, and what they could do to improve

Click here to download it now »


Webcast Archive

Please visit our Webcast Archive to view previous on-demand webcasts.