T.E.N. Knowledge Base



Taking PDF Security to a New Level with Adobe Reader® and Adobe Acrobat® > Download Whitepaper
Adobe Reader X and Adobe Acrobat X take the security of PDF documents-and your data-to a whole new level. Engineered with security in mind, Reader X and Acrobat X deliver better application security thanks to Protected Mode and new capabilities that allow more granular controls, tighter integration with the Microsoft® Windows® and Mac OS X operating system architectures, and improved deployment and administration tools.

Adobe® Flash® Player and Adobe AIR® security > Download Whitepaper
Both Adobe Flash Platform runtimes-Flash Player and AIR-include built-in security and privacy features to provide strong protection for your data and privacy, whether you use these Adobe products on your desktop system or mobile device. Adobe constantly advances these protections to incorporate the latest developments in the industry and stay ahead of the continually evolving threat landscape.

Adobe Incident Response and Management > Download Whitepaper
The Adobe Secure Software Engineering Team (ASSET) team proactively focuses on preventing security vulnerabilities in Adobe products before they ship, but Adobe knows that ensuring security doesn't end when a product is released. If external security researchers, partners, or customers discover a vulnerability after a product ships, the Adobe Product Security Incident Response Team (PSIRT) responds to resolve the security issue quickly, effectively, and thoroughly. PSIRT is your first line of defense for vulnerability resolution and threat mitigation. PSIRT coordinates with Adobe product engineering teams to identify the appropriate response plan and keeps you informed on mitigation procedures and release schedules.

Adobe Secure Product Lifecycle > Download Whitepaper
The Adobe Secure Product Lifecycle (SPLC) is a rigorous set of industry-leading best practices, processes, and tools designed to keep customers safe and more secure in the evolving threat landscape as they deploy and use Adobe software. The SPLC touches all aspects of the product lifecycle-from providing essential security training for software development teams and building security features into product design, to developing quick incident response plans postship.

Killing Data  > Download Whitepaper
As cybercriminals have become more skillful and sophisticated, they have eroded the effectiveness of our traditional perimeter-based security controls. The constantly mutating threat landscape requires new defensive measures, one of which is the pervasive use of data encryption technologies. In the future, you will encrypt data - both in motion and at rest - by default. This data-centric approach to security is a much more effective way to keep up with determined cybercriminals. By encrypting, and thereby devaluing, your sensitive data, you can make cybercriminals bypass your networks and look for less robustly protected targets.

Solving data residency and privacy compliance challenges  > Download Whitepaper
This business value solution brief examines information privacy and data residency solutions in the context of multinational business with a particular focus on European Union requirements as they apply both in the EU itself, and across other jurisdictions with potentially conflicting regulations such as the US Patriot II mandate. The case studies of Voltage Security customer’s explore not only using data-centric security to meet compliance requirements cost effectively, but also using existing applications, infrastructure, processes and administrative staff to grow new business in regulated markets.

Smart Devices, Smart Security  > Download Whitepaper
Five tips to consider in a data security strategy for smart-phones and tablets.

Securing Financial Services  > Download Whitepaper
Financial services institutions are often at the forefront of innovative security initiatives that strive to ensure the integrity and confidentiality systems and data while delivering a competitive advantage. Today's high performance, low latency networks require the most advanced network security solutions to stay abreast of the evolving threat environment. This paper will describe how Fortinet can provide both protection and competitive advantage with the highest performance, lowest latency next generation firewall in the industry, coupled with on-premise anti-DDoS protection and a dedicated threat research team.

Defending Mobile Financial Applications  > Download Whitepaper
A new approach is needed to financial application security on mobile. Banks need an approach that can defeat custom malware, and increase confidence between consumers and their financial institutions - allowing both parties to rest assured that their finances are secure. This white paper describes a solution to the problem using Metaforic technology, and discusses how malware and "man in the middle" attacks on mobile financial applications can be comprehensively defeated.

The Complete Guide to Log and Event Management  > Download Whitepaper
Everybody has logs and that means that everybody ultimately will have to deal with them-if only because many regulatory mandates prescribe that. In this guide, Dr. Anton Chuvakin will analyze the relationship between SIEM and log management, focusing not only on the technical differences and different uses for these technologies, but also on architecting their joint deployments. In addition, he will provide recommendations for companies that have deployed log management or SIEM so they can plot their roadmap for enhancing, optimizing and expanding their deployment. He will also recommend a roadmap for companies that have already deployed both of these technologies.

VDI-Centric Endpoint Security Can Help Lower Costs and Increase ROI  > Download Whitepaper
In August of 1981, IBM introduced its model 5150 personal computer complete with an Intel processor and operating system from a little-known Seattle-based software company named Microsoft. Henceforth, enterprise endpoint computing has been all but equated with Windows and Intel-based desktop and laptop PCs deployed across the network. Over the past few years, however, the endpoint computing model has begun to change in several ways. One visible new endpoint computing model is called Virtual Desktop Infrastructure (VDI). Instead of running the Windows operating system and applications and storing files locally on a physical PC device, VDI serves up desktop images as a managed service typically running on servers in data centers.

Is VDI gaining momentum or does it represent yet another empty threat to Wintel hegemony? VDI carries many benefits around business agility, but can be costly to deploy. Do the benefits outweigh the costs? Furthermore, what about endpoint security? Does VDI address or ignore the multitude of endpoint security challenges that organizations face and how does security impact VDI costs and ROI?

DETECTING THE ENEMY INSIDE THE NETWORK: How Tough Is It to Deal with APTs?  > Download Whitepaper
Advanced persistent threats (APTs) refer to a category of threats that pertain to computer intrusions by threat actors that aggressively pursue and compromise chosen targets. APTs are often conducted in campaigns—a series of failed and successful attempts over time to get deeper and deeper into a target's network—and are thus not isolated incidents. In addition, while malware are typically used as attack tools, the real threat is the involvement of human operators who will adapt, adjust, and improve their methods based on the victim's defenses.

Managed Service for Information Protection (MSIP)  > Download Whitepaper
Verdasys understands the real world challenges organizations face when implementing enterprise information programs. Merging data security with operations is a balance between business priorities, budget pressures, and productivity requirements; a complex task made more difficult with a lack of dedicated staff or subject experts. Today, the ability to implement a complete data security program capable of managing all risks is simply out of reach for all but the world's largest and most secure organizations.

Dave Shackleford

Dave Shackleford
Founder & Principal Consultant
VooDoo Security

The Value of Predictive Security Intelligence  > Download Presentation
Although security information is widespread, true "intelligence" is hard to establish because rapidly evolving technologies often create massive responsibility with little support or understanding of security implications. Security leaders must possess the knowledge and resources to predict and prevent threats and effectively communicate risks within an environment of constant change. Our lunch program will provide insights regarding the integration of full-scale attackplanning, threat simulation and attack replication for the purpose of garnering upper-management support, optimizing efficiency and investments in people and technology, and uniting security and business risks.

Mark Connelly

Mark Connelly
Chief Information Security Officer
Thomson Reuters
ISE® Northeast Executive Award Winner 2011

Show me the...(money, benefit, risk reduction, etc.) !  > Download Presentation
What have you done to keep us off the front page of the paper?  Am I as good as or better than my peers in information security and risk management?  What language are you speaking…?  Do you ever get these questions or similar ones?  Well, your business and your management clearly want to know. We have an opportunity to then demonstrate a clear value proposition. That value proposition is the return on the business investment in your function. Building that proposition can be done by understanding your business’ strategy and risks, and deploying an effective security program. Mark will provide his insights and recommendations that you can use in building and sustaining your security value proposition.

David Ritenour

David Ritenour
Chief Information Security Officer
SunGard Financial Corporation

SunGard’s Militarization Metrics and Governance Project  > Download Presentation
In this presentation, David Ritneour and Trask O’Hara will discuss how the challenge of being an umbrella organization with more than 20 different business units; all operating with inconsistent asset management, technology, infrastructure, and policies, a number of obstacles have became increasingly more important to overcome.  They will share how the Intelligence covers all areas of ISO and various industry requirements on a global basis in over 200 locations across 70+ countries and is the only metric portal that can directly remediate compliance goals while staying within various change management vehicles across all 20+ sub companies.  Learn how their militarization metrics and governance project provides flexible and multiple views and actions into the data based upon the role of the user.

Jim Routh

Jim Routh
Global Head of Application Security
JP Morgan Chase
ISE® Northeast Executive Award Winner 2007

The JPMC Trusted Email Project  > Download Presentation
Jim Routh will share the JPMorgan Chase (JPMC) Mail Registry Project which was created to implement emerging industry practices to dramatically improve the customer experience of email, by significantly reducing incidents of phishing and fraud impacting JPMC customers, and eliminating a source of brand erosion in the marketplace.  Hear Jim speak about the objective of this project being to protect JPMorgan Chase’s brand and customers from malicious email attacks including phishing, spam and malware that have been increasing in frequency and sophistication. This project will result in the elimination of over 600 million fraudulent emails sent to customers a year and will significantly reduce brand infringement.

Mark Coderre

Mark Coderre
Head of Security Architecture
ISE® Northeast Executive Award Finalist 2009

Threat Intelligence: Knowledge is Power  > Read Roundtable Discussion Summary
Today’s cyber threat actors are unwaveringly focused on the theft of intellectual property, mission-critical details, and other sensitive information, continually evolving their methods and routinely defeating traditional approaches to defense. As organizations work to thwart the attackers, they find themselves in an escalating arms race with unseen attackers. To combat the advanced, persistent and constantly morphing threats, organizations need the very best security intelligence delivered immediately. However, conventional security technologies typically lack the innate intelligence to deal with rapidly emerging threats and web innovation. As a result, current approaches to threat management often fail due to limited threat intelligence, a lack of event context and gaps associated with this lack of visibility. Further, conducting threat intelligence is tedious and time-consuming. Most security teams are already overburdened with other initiatives. Without ongoing threat vigilance, most organizations stand to find themselves in a constant, reactive state, trying to limit damage after outbreaks occur.

John Masserini

John Masserini
Chief Information Security Officer
Miami Holdings, Inc.
ISE® Northeast Executive Award Winner 2010
ISE® North America Executive Award Finalist 2010

Mobile Device Management: Balancing Business Agility and its Risk  > Read Roundtable Discussion Summary
With the astonishing influx of smartphones, mobile devices and tablets into enterprises, mobile data has become a foundation of the daily operations of businesses around the world. Not only has data itself become more mobile, but the users holding that data have as well. It is the job of the IT organization to make this ‘mobile user experience’ no different than if the user was inside the office and connected to the network, and just as secure. While employees relish the anywhere, anytime power of smartphones and tablets, IT executives shudder at the security risks associated with the advent of free-roaming, employee-owned devices that have direct access to the corporate data. With inadequate mobile security solutions and a lack of understanding or disregard of company security policies by employees, mobile users routinely put sensitive data at risk and are often completely unaware of the inherent risks.

Thomas Dunbar

Thomas Dunbar
Senior VP, Information Risk Management
XL Global Services
ISE® Northeast Executive Award Finalist 2010

Practical Security Management: Getting Back to Basics  > Read Roundtable Discussion Summary
With the media continuing to report on the latest security incidents and malware du jour, it’s tempting to view the constant stream of high-profile data breaches as proof of the advanced capability of the faceless adversary. Driven by the seemingly endless stream of news-making exploits, organizations increasingly are relying on the latest technology as a silver bullet in defending against attacks.

John Walp

John Walp
Administrative Vice President and CISO
M&T Bank Corporation
ISE® Northeast Executive Award 2009 Winner

Building Trust in the Cloud: Managing the Risk  > Read Roundtable Discussion Summary
Cloud computing has accelerated the rapid adoption of digital business models and given rise to a breed of sophisticated business user who can choose which services to use and combine them at will. Cloud computing clearly delivers value in terms of flexibility, scalability, cost savings and the ability to focus on the core business. But in exchange for speed and efficiencies, organizations are increasing their dependency on third parties and making business trade-offs that may be risky due to a lack of expertise by the person making the outsourcing decisions. Further, as organizations become locked in to a cloud provider, they face compliance, contracting, legal and integration risks.