T.E.N. Knowledge Base

ISE® Southeast 2019

A Forrester Consulting Thought Leadership Paper Commissioned by ForeScout Technologies, Inc. Cyberattacks on Internet of Things (IoT) and operational technology now expose businesses to greater risk. But, with all the security technology available today, we asked ourselves the question, why do they keep happening?

As the number of devices connecting to your network continues to grow, so does your attack surface. This leads to more risk of breaches and more time and money spent trying to stop them. In a new report, IDC interviewed ForeScout customers to determine the business value and IT impact of the ForeScout security platform.

Email Fraud & Identity Deception Trends  > Download Whitepaper
For all the buzz generated by social media, mobile texting and new messaging platforms, email remains the single most popular and important communications and collaboration tool in modern day life. But email has a gaping security flaw: the ability for anyone to send an email claiming to be someone else.

Cloud-Based IT Asset Inventory: A SOLID FOUNDATION FOR INFOSEC INFRASTRUCTURE  > Download Whitepaper
Complete, unobstructed visibility of your IT environment is the foundation for effective cybersecurity. Without a full, detailed inventory of all your IT assets, your InfoSec team won’t be able to properly protect your organization because the things that pose the highest risk are the ones that you don’t know are there. For a long time, this basic requirement was fairly simple to fu lfill. Network perimeters were well-defined and IT environments were ti ghtly encapsulated. Accounting for and monitoring all the hardware, s oftware and networking elements in these self-contained and sealed IT environments was straightforward.

2018 Credential Spill Report  > Download Whitepaper
Everyone knows there’s no such thing as a free lunch, but that doesn’t stop us from salivating over a deal that’s too good to be true. Roundtrip business class flights from LAX-LHR for the cost of a one-way from SFO-JFK. A $100 gift card for $50. Even a wheel of fancy French cheese at American single prices. Such Internet offers might sound benign, or silly at worst, but they’re in fact the consequence of a criminal enterprise that costs US businesses more than $5 billion each year. It all starts with the keys to the internet kingdom: credentials. These are the username-password combinations that we use every day.

Over the past several years, ZeroFOX has identified and remediated tens of thousands of social engineering profiles and fake accounts impersonating our customers. These accounts spoof a company’s brand or executive persona, hijack their logo, and try to mimic the authentic account in order to attack employees and defraud customers. In this white paper, we share some of the trends we have witnessed, delve into the most common and dangerous impersonator tactics, and ultimately try to answer the question: what are all these fraudulent profiles doing?

Bob Varnadoe

Bob Varnadoe
VP, Technology Risk Management
Kaiser Permanente
ISE® Southeast Executive Award Finalist 2018
ISE® East Executive Award Finalist 2023


Building a Security Program in the Era of Digital Transformation  > Download Presentation
Building and maturing an information security program requires a lot of work. This effort becomes even greater when the focus of the business changes as well. Join our discussion on the approach to developing a program from inception to maturity along with some specific strategies for managing change and addressing the evolving scale of a digital first business.

James Edgar

James Edgar
Senior Vice President, Chief Information Security Officer

Sponsored by:

Who or What Is Your Weakest Link?  > Summary
Is it possible to minimize risk exposure to the point where there is zero risk? Probably not, but it is possible to quantify your enterprise’s specific risks and hone in on vulnerable areas in your environment. The key is to employ continuous compliance, which ensures that only trusted systems, connections, and people have access to precious corporate data, thus improving your risk posture. As IT and OT systems especially become more decentralized and interconnected, they are also creating more risks for your enterprise, often in ways your security team is not aware of. To locate and resolve the weak links in your security program, it is crucial to add IT/OT device visibility to the equation to show how most threat vectors can be diffused by continuous monitoring and device compliance. Join our conversation as we discuss how savvy companies today are using continuous compliance to eliminate vulnerabilities as well as how IT/OT device visibility can positively impact enterprise risk posture.

Phani Dasari
Head of Business Security

Creating a Dynamic and Actionable Information Security Plan  > Summary
Even though the need is great for organizations to have an active and effective information security plan in place, few have taken the time to continuously adapt their plans to fit the company’s evolving business. However, in order for cyber risks to be monitored and managed, security teams need to be on the same page about how vulnerabilities in the system are assessed, how data assets are identified and managed, and what key business processes are crucial in case such processes are jeopardized or disrupted due to a cyber event. As enterprises continue moving to the cloud and instituting BYOD policies, an information security plan should also incorporate strict procedures and control protocols on third parties and the devices used within the business. This includes technology that will be able to monitor users, analyze activity in-house and remotely, and enact appropriate risk management tactics when necessary. Join our discussion to learn how, above all, a well-designed InfoSec plan will continue to stay up to date with the latest policy and compliance changes while also undergoing continuous cyber hygiene so data, hardware, and software remain current and secure.

Vladimir Svidesskis
Information Security Director
Georgia Lottery Corporation

Creating a Secure Cloud Infrastructure  > Summary
The more data and applications move to the cloud, the more security executives have to balance business productivity with compliance and information security. The rules for both physical security and legacy program security cannot be applied to a cloud infrastructure, adding further complications for security teams to perform consistent due diligence. While some security procedures are the responsibility of the cloud service provider (CSP) to maintain, others are at the sole discretion of the consumer to ensure. Therefore, it is critical for both security executives and the C-suite to understand what cloud services they are buying, how to use the tools CSPs provide, and in what areas their security team needs to more proactively protect. Join our discussions to learn how a thorough understanding of your company’s cloud capabilities and infrastructure aids security professionals in having a much higher chance of preventing cyber threats from taking advantage of overlooked vulnerabilities.

Kevin Treanor Kevin Treanor
Executive Director, Information Security
Cox Communications

Company Security Culture  > Summary
As numerous data breaches have placed organizations’ brands and CEOs’ jobs on the line, security is gradually becoming a priority for C-suite executives and board members alike to integrate into company culture on every level. When your organization moves beyond simply discussing security to taking actionable steps, you’ll know cybersecurity has become a priority within your company. To make that transition from “talking” to “doing,” C-suite members are responsible for convincing board members to adopt cybersecurity as a top-down initiative. The more support C-suite leaders can garner from the board, the more likely they can receive the support and funding for resources and the development of a security program. In addition, having business leaders embody a culture of security with actions as well as rhetoric can have a positive impact on employees, who often receive the brunt of training initiatives, email alerts, and security tests in an organization. Join our discussions as we learn how leadership promoting the positives of security while eliminating apathy, division, and self-interest from the culture will help ensure security behaviors change throughout the company for the better.

Steven Zimmerman

Steven Zimmerman
SVP, Technology Security Operations
First Horizon Bank
ISE® Southeast Executive Award Finalist 2006

Data Loss Prevention in an Age Without Borders  > Summary
The types and amounts of data that organizations obtain and how they store and protect them have vastly changed. In the past, businesses kept hardcopy data records, but as more data is uploaded digitally and stored on the cloud, the more perimeters dissolve and the larger the threat landscape becomes. In reaction to these changes and the data breaches occurring more frequently, security teams have devised Data Loss Prevention (DLP) strategies, each tailored toward their specific organizational needs. However, many organizations find DLP programs to be a daunting task to start, with security teams being uncertain about what data they should prioritize protecting, how to classify the data, and at what point their data is most at risk. For organizations that don’t possess the time, funds, or resources to start their own DLP program in house, a worthy alternative it to enlist DLP as a service. Through the cloud, the DLP vendor’s security team can constantly monitor and protect against an organization’s internal and external threats. Join our discussions to learn more about how DLP as a service gives organizations the added benefit of more protection based on the experiences and security problems of the vendor’s customer base, making outsourcing DLP an attractive option for security teams that are spread thin.