Enterprise organizations have been under security attacks for the past decade, but security events in 2011 have created a ripple effect that will be felt for years to come and will actually start to shift the way we view security. In the 2011 Cyber Security Risks Report, HP Enterprise Security provides a broad view of the vulnerability threat landscape, as well as in-depth research and analysis on security attacks and trends. This webcast will highlight the latest threat trends and risks that enterprise organizations face today - and to help prioritize mitigation strategies.
Join us for this informative webcast and you will learn:
Why a decline in vulnerabilities disclosed may lead to a false sense of security
How changing attack motivations are increasing security risks
What the biggest risks to the enterprise were in 2011
Organizations have been under security attacks for the past decade, but the security events in 2011 have created a ripple effect that will be felt for years to come and will actually start to shift the way enterprise organizations view security. For example, 2011 saw a significant increase in activity from "hacktivist" groups Anonymous and Lulz Security (LulzSec). The motivation for these groups' organized, systematic attacks on businesses or individuals - retaliation for perceived wrongdoing - brings new visibility to a security threat that has been looming for years and highlights a new era of security risk that must be addressed. In addition, highly publicized attacks on major corporations such as Sony, RSA, and the United States Postal Service demonstrated the significant financial loss that can result from a vulnerable system.
Because unplugging the business from the Internet is not a viable security option, the question becomes: What is the best way to minimize risk to the most critical assets of the organization without interrupting or impeding business operations? Prioritization of assets and risk is essential, but so is prioritizing how and where to deploy security protection.
In the 2011 top cyber security risks report, HP Enterprise Security provides a broad view of the vulnerability threat landscape, as well as in-depth research and analysis on security attacks and trends. The aim of this report is to highlight the biggest risks that enterprise organizations face today - and to help prioritize mitigation strategies. Key findings from this report include the following:
Continued decline of new, disclosed vulnerabilities in commercial applications The report notes the decline in commercial vulnerability reporting, and it discusses the key trends in the vulnerability disclosure market that may be hiding a deeper issue. The report also highlights the growing market for private sharing of vulnerabilities, the increased expertise required to uncover complex vulnerabilities, and the price these can fetch in various markets. Data from HP Fortify will also highlight the increasing number of vulnerabilities that are being discovered in custom applications - vulnerabilities that can be devastating to the security posture of an organization.
Changes in attack motivation are increasing security risk While security attackers have always sought glory and/or financial gain from their activities, the formation of hacktivist groups, like Anonymous, has added not only a purpose behind security attacks, but a level of organization as well. This shift in motivation and subsequent organization has given rise to newer and more severe security attacks. This report will highlight the motivations of today's security attack community - and the implications for security defense techniques.
Increase in the number of attacks against a "smaller" set of known vulnerabilities Despite the shrinking number of known vulnerabilities in commercial applications, the report will use real data - pulled from the HP TippingPoint Intrusion Prevention System (IPS) and HP Fortify - to highlight an increase in severe attacks against both client/server and Web applications. The data is broken down by attacks, vulnerability category, source information, and severity to provide a snapshot of the attack landscape. This section also features an actual case study of the Web application risks at one large corporation.
Improved techniques for executing security attacks While many targeted attacks leverage zero-day vulnerabilities, the average cyber criminal generally exploits existing vulnerabilities. Data from the report breaks down several techniques, including obfuscation, used to successfully exploit existing vulnerabilities. The report also includes an in-depth look at the Blackhole exploit toolkit, which uses many of the techniques highlighted.
Premium Members Only
OnDemand access to this webinar is restricted to Premium Members.
Jake is the co-founder and CEO of the Open Security Foundation which oversees the operations of the Open Source Vulnerability Database (OSVDB). Kouns' primary focus is to provide management oversight, vendor relations and define the strategic direction the project. He holds both a Bachelor of Business Administration with a concentration in Computer Information Systems and a Master of Business Administration with a concentration in Information Security from James Madison University. He also holds numerous certifications including ISC2's CISSP, ISACA's CISM and CISA.
John W. Pirc, Author, CEH, IAM
Director - Product Management, Hewlett-Packard Company
John has more than 15 years of security experience and is the co-author of the recently published book, Cybercrime and Espionage. John has worked for the Central Intelligence Agency in Cyber Security, CTO at CSG LTD, Product Manager at Cisco, Product Line Executive for all security products at IBM Internet Security Systems, McAfee's Network Defense Business Unit and currently at TippingPoint leading the strategy for their next generation security platform. In addition to a BBA from the University of Texas, John also holds the NSA-IAM and CEH certifications. John has been named security thought leader from SANS Institute.