T.E.N. Knowledge Base

ISE® Southeast 2017

Attivo Networks’ high- delity deception platform aims to fool attackers  > Download Whitepaper
Attivo Networks’ ThreatMatrix deception-based defense platform is designed to engage and fool attackers, thus providing security analysts with opportunities for real-time intelligence, as well as an automated means of shutting down an attack. Over the course of this year, Attivo and deception technologies have seen a signi cant bump up in market pro le, as organizations seek early and ef- cient means to detect advanced threats. Attivo’s platform, in particular, touches on several use-case categories, including detection, vulnerability management and analysis, controls and automation, and anti-malware.

Cisco 2017 Annual Cybersecurity Report  > Download Whitepaper
The Cisco 2017 Annual Cybersecurity Report presents research, insights, and perspectives from Cisco Security Research. We highlight the relentless push-and-pull dynamic between adversaries trying to gain more time to operate and defenders working to close the windows of opportunity that attackers try to exploit. We examine data compiled by Cisco threat researchers and other experts. Our research and insights are intended to help organizations respond effectively to today’s rapidly evolving and sophisticated threats.

As security professionals struggle with how to keep up with non-stop threats from every angle, a 10+ year old technology, data loss prevention (DLP) is hot again. A number of macro trends are driving the wider adoption of DLP. But as we looked at the resources out there, we couldn’t nd one source that could provide all the essential information in one place. So we created this guide to provide answers to the most common questions about DLP all in an easy to digest format.

Fidelis Cybersecurity Overview Next Generation Intrusion Prevention  > Download Whitepaper
Traditional intrusion prevention systems (IPS) were originally designed to identify attacks targeting known vulnerabilities. But the exploits attackers use have changed. Today they use unexpected pathways to target clients and distributed endpoints. While attackers innovate, the traditional IPS has stood still. It lives on largely unchanged in scope, generating low-value alerts for security teams while attackers slip past them in pursuit of high-value targets.

Enterprise Phishing Susceptibility and Resiliency Report  > Download Whitepaper
Welcome to PhishMe’s 2016 Enterprise Phishing Susceptibility and Resiliency report. The report we published in 2015 focused solely on susceptibility, only telling half of the story. Now, with over 5 million active installations of PhishMe ReporterTM across the globe, we can publish statistically significant metrics about the rate and accuracy of humans reporting phishing emails. We are excited to share this data as it has been missing from phishing studies in the past. Armed with this new data, we hope that security organizations focus their attention on the ratio of Report-To-Click instead of dwelling on susceptibility metrics.

Security spending may be up across enterprises, but the number of breaches and incidents is definitely not coming down, and security events are going undetected for longer periods of time. Unfortunately, the more organizations spend to add point products to their costly mix of detection and analytics tools, the less effective they seem to be.

Finding a mechanism to collect, store and analyze security only data is relatively simple. There is no shortage of options for storing data. Collecting all security relevant data and turning all that data into actionable intelligence, however, is a whole other matter

DeceptionGridTM 6.0  > Download Whitepaper
In today’s environment, the question isn’t whether attackers will penetrate your networks, but when and how often. Attackers are using increasingly sophisticated techniques to penetrate the most robust perimeter and endpoint defenses. How do you know if an attacker has penetrated your network? How can you identify them quickly? What are their intentions? How quickly can you stop an attack and return to normal operations?


DJ Goldsworthy
Vice President of Security Operations & Threat Management

The Next Level of Threat Intelligence  > Download Presentation
In response to the increase in volume and velocity of new threats, Aflac embarked upon a mission to create a custom-built TIS that would be capable of consuming large amounts of threat data and, in turn, use that data to protect the environment and inform security decisions. Aflac built a system that not only tackles the daily operational feed of threat data, but provides key process automation and allows for system integration into the current security infrastructure for maximum use of the data. Learn how the Aflac team was able to help ensure that their business strategy incorporates a real-world perspective of risk and that all security funding decisions are optimized based upon a thoughtful consideration of the current tactics, techniques and procedures of threat actors.

Hugh Percy

Hugh Percy
Supervisor Cyber Security Ops
Moffitt Cancer Center

Creating a SOC with the Perfect Fit  > Download Presentation
The Moffitt SOC is a two-phase project where the first phase is operations during business hours with the second phase being expanding to 24/7/365 coverage. The SOC is responsible for performance monitor and cyber security monitoring of Moffitt’s network, systems, applications and personnel. Since beginning operations, the SOC has issue over 800 incident tickets, handled 5 major performance incidents, 2 cyber-incidents and prevented over 12 major incidents. Learn how the team at Moffitt Cancer Center were able to reduce operational downtime and see a reduction in interruptive events of 90% in the last half of 2016.

Connie Barrera

Connie Barrera
Corporate Director & CISO
Jackson Health System
ISE® Southeast People's Choice Award Winner 2016
ISE® North America Executive Award Finalist 2016 - Health Care Category


The Internet of Things is Here and Growing but are You Ready for it?  > Summary
The once nebulous Internet of Things has slowly but surely become a more defined and pressing issue for Information Security professionals as more organizations begin to adopt the IoT into their business structure. Gartner predicts that in the year 2020, 25 billion ‘things’ worldwide are connected to the internet with a collective economic value of two trillion dollar. While that still leaves current InfoSec professionals some time to adapt to a more pervasive Internet of Things, the question remains; “How ready is your organization for IoT adoption now?” Does your organization have the right skillsets and capabilities in place now to start investing in IoT related projects? Aside from all the innovative, technical and business skills needed, perhaps the greatest skill needed is the ability to understand what missing factors are in the organization’s capabilities.

Paul Huesken

Paul Huesken
Chief Information Assurance Officer
The Coca-Cola Company
ISE® Southeast & ISE® North America Judge

Security from the Inside: Combating Insider Threats  > Summary
While the popular view of most security threats tends to be of outsiders, the last few years have also seen an increasing emphasis on threats to the enterprise from the inside. Insider threats can range from something as simple as a negligent employee who clicks on a bad email link to a disgruntled employee with privileged access to sensitive data and portions of the enterprise. A 2016 survey on insider threats by Bitglass revealed that one in three organizations interviewed had experienced insider attacks, with 56% saying they have gone up in the past year. Organizations are starting to see improvements in detecting insider threats however. In the same survey, 64% of the respondents said they can now detect breaches within a week, compared to the previous year where only 42% were able to do so. While there have been some improvements in dealing insider threats, there still remains a strong need for a more vigilant and proactive approach to identifying, isolating, and mitigating damage from these kinds of attacks.


Stoddard Manikin
Children's Healthcare of Atlanta

Ransomware on the Rise  > Summary
Malware has long been the bane of many security professionals. However, a more frightening evolution in this long-time InfoSec foe has become increasingly dangerous and more prevalent in recent years. Ransomware has continued to grow as one of the most prevalent threats to industries of all shapes and sizes. A 2015 report by McAfee found a huge jump of late, from 257,357 new ransomware samples in the first half of 2014, to 380,652 in the second half. By the first half of 2015, that number jumped 5.3 times to over 2 million. In 2016, we saw several increasingly high-profile examples, including, most notably, the case of Hollywood Presbyterian Medical Center, a 434-bed hospital whose network effectively ground to a halt after hackers breached the system in early February. After relying on pen and paper records briefly, Hollywood Presbyterian paid the 40 bitcoin ($17,000) ransom to regain control of its network. As ransomware continues to spread, what can security professionals do to better protect themselves from this most malevolent of malware?

Mark Reardon

Mark Reardon
Chief Information Security Officer
Wellstar Health Systems
ISE® Southeast Executive Award Finalist 2009

Securing What You Share: Improving Your Third Party Security  > Summary
When organizations start working with third-party vendors, they have to consider a variety of security concerns. These vendors often have access to valuable, sensitive corporate data, yet according to a 2016 study by the Ponemon Institute, more than one third of companies don’t believe these vendors would tell them if they had a data breach. Additionally, About 60% of respondents said they felt vulnerable because they were sharing sensitive data with third parties that might have weak security policies. While including data privacy and security procedures in third-party contracts to ensure vendors have appropriate measures in place to protect company data has become commonplace, it is difficult to evaluate how the vendor is protecting data from unauthorized access, use, and disclosure, and to know whether the vendor has appropriate contractual terms in place with downstream, who may also have access to your data. This disconnect creates a high-risk area for all industries as more and more data loss through third-party vendors results in a breakdown of trust and communication. To help prevent potential damages, organizations need to develop plans for working with third parties that involve data mapping vendors, contract specificity, and regular data audits.

Andre; Gold

André Gold
Former Vice President, Cloud and Infrastructure Engineering
Cardinal Health

Social [Media] Security: The Impact of Social Media on Information Security  > Summary
Social media has become such an integral part of our day to day actions that we sometimes neglect to consider the greater impact it has at the business level. Cyber criminals run rampant across every social network today. While we see headlines about social marketing faux pas and account hacks, those are just the tip of the security risk iceberg. Companies’ poor social media security practices can put their brands, customers, executives, at serious risk. According to Cisco, Facebook scams were the most common form of malware distributed in 2015. The FBI said that social media-related events had quadrupled over the past five years and PricewaterhouseCoopers found that more than one in eight enterprises suffered a security breach due to a social media-related cyberattack. While adapting best practices for social media usage for employees is a decent start, there’s much more to be done. Security professionals must start treating social channels like the potential security threat they are and align strategies to effectively fend against the range of cyber techniques currently in use.