On Demand Endpoint Management, Security and Compliance Webcasts

5 Ways You Can Optimize Your Security Posture in a Tough Economy

We are experiencing a perfect storm. Dramatic market fallouts around the globe have caused an exponential increase in daily network threats. IT budgets are coming under pressure - more than 40 percent of large businesses have cut their IT budgets this year and 24 percent of firms have put discretionary spending on hold. * While IT budgets are being cut, the risk to your vital business information has never been greater. Don’t add more risk to your business by not adequately protecting against the rise of targeted threats.

In this webinar, Paul Henry, Security and Forensic Analyst and Don Leatham, Senior Director of Solutions and Strategy at Lumension will outline:

• Five ways to secure your critical systems and data in a tough economy
• The new trends and underlying threats that are impacting your business today
• Best practices for optimizing your security TCO

*Forrester Research, Inc.

Click here to download it now »

6 Critical Elements to Ensure Pain-Free FISMA Compliance

Federal CISOs note compliance as one of their top three priorities with significant time spent on addressing compliance issues. This is exacerbated by the complexity of today’s IT environment, including physical and virtual environments, multiple operating systems and applications supported, and the mobility of data and users. A FISMA compliance approach that relies on a manual and labor-intensive process can produce mountains of paper and elec¬tronic documents that become quite burdensome to manage and ultimately don't ensure a secure network. It’s no surprise then, that in a recent ISC2 survey, while FISMA is generally viewed as having had a positive effect, two in five CISOs believe it has become misdirected or is a time-wasting exercise.

In this Lumension webcast with keynote speaker Michael Rasmussen of Corporate Integrity, you will learn:

• The 6 critical elements necessary to reduce the burden of FISMA compliance processes, improve security and optimize resources
• How to apply these critical elements to achieve economical FISMA compliance

Click here to download it now »

6 Keys to Securing Critical Infrastructure and NERC Compliance

With the computer systems and networks of electric, natural gas, and water distribution systems now connected to the Internet, the nation's critical infrastructure is more vulnerable to attack. A recent Wall Street Journal article stated that many utility IT environments have already been breached by spies, terrorists, and hostile countries, often leaving bits of code behind that could be used against critical infrastructure during times of hostility.1 The U.S. Cyber Consequence Unit declared that the cost of such an attack could be substantial: "It is estimated that the destruction from a single wave of cyber attacks on U.S. critical infrastructures could exceed $700 billion USD - the equivalent of 50 major hurricanes hitting U.S. soil at once."

Vulnerability and exposure of utilities' critical infrastructures originate from the Supervisory Control and Data Acquisition (SCADA) and Distribution Automation (DA) systems that communicate and control devices on utility grids and distribution systems. Many of these systems have been in operation for years (sometimes for decades), and are not designed with security in mind. Regulatory bodies have recognized the many security issues to critical infrastructure and have begun to establish and enforce requirements in an attempt to shore up potential exposures. One such regulation is NERC CIP, which includes eight reliability standards consisting of 160 requirements for electric and power companies to address. And as of July 1, 2010, these companies must be "auditably compliant" or else they risk getting slapped with a $1 million per day, per CIP violation.

In this webcast, a roundtable of industry experts highlight:

• The security and compliance challenges facing utilities today
• The six critical elements to achieving economical NERC CIP compliance
• How utilities can secure critical infrastructure in today's networked environment

Click here to download it now »

Avoiding the £500,000 Fine:Four Steps to Continuous Audit-Readiness for GCSX Code of Connection

The GCSX Code of Connection (CoCo) is an important step in providing a secure infrastructure for public sector business. While most - if not all - local authorities have achieved compliance with the Code of Connection, authorities must still undergo annual audits. Regulations such as PCI DSS, the Data Protection Act and others also impact organisations from an audit perspective. As such, compliance should not be viewed as 'point-in-time', but as a continuous journey which can be used as a catalyst for an improvement in overall organisational compliance, as opposed to simply a 'tick in the box' from an auditor. Without proper visibility of compliance and security practises, an information security breach, data loss or compliance related incident can rapidly turn into an election issue and ultimately cost political posts. Furthermore, as of 6 April 2010, the Information Commission can impose a civil penalty of up to £500,000 for serious breaches on data controllers under the Data Protection Act.

It is vital that organisations understand the difference between compliance and information security. Organisations should be ready for audit 24/7. Watch this webcast to learn about:

• The evolving regulatory climate and compliance enforcement
• The difference between being compliant and being secure
• The four key steps you can take to ensure continuous audit-readiness and improve security
• The capabilities that can help streamline IT risk management processes and enable continuous compliance

Click here to download it now »

Best-in-Class Approach to Protecting and Managing Endpoints: How do you Rate?

In today’s current economic and threat landscape, the rise of financially motivated and sophisticated cybercriminals and insider threats, evolving compliance measures and increasing IT budget pressures have presented organizations with a new challenge - how to effectively protect and manage endpoints while reducing costs. In this webinar, Aberdeen Group Vice President and Research Fellow, Derek Brink, highlights findings from Aberdeen Group’s latest report, “Endpoint Security, Endpoint Management: The Cost-Cutter’s Case for Convergence”, including:

• “Best-in-Class” approaches to protecting and managing endpoint systems
• Economic advantages realized by organizations with top performance
• Key methods for optimizing, automating and streamlining security and operational processes used by “Best-in-Class” organizations

Click here to download it now »

Beyond Windows Patching - Dealing with the New Imperative to Patch Adobe Apple Linux and More

It used to be that patching was synonymous with updating Windows and to a lesser degree, Office. Microsoft has since implemented what is now a routine standard for vulnerability response and, following the course of least resistance, the bad guys have intensified their efforts on a much wider array of software – especially popular products like Acrobat and Flash from Adobe and iTunes from Apple. Or what about system agents from hardware vendors? Then there’s a new layer of software – hypervisors like ESXi and the security critical management applications that control them like vCenter.

That's not to say Microsoft patches are a thing of the past – hardly – we are on track for 90 Microsoft security patches by the end of the year. But while Microsoft follows a predictable monthly patch schedule many other companies don't. "Beyond Windows patching" means other operating systems like Linux, UNIX and Apple operating systems as well as the applications that run on them. Many companies find themselves using multiple platform specific patch management utilities like Windows Server Update Services (WSUS) from Microsoft, RedHat's patch utilities, VMWare's Update Manager, ad infinitum each of which may work well enough for each individual platform but 3 significant gaps remain:

1. Patching 3rd party applications that lack enterprise patch management utilities
2. Ability to exert organization-wide control over patch policy and being able to demonstrate that to auditors and regulators
3. The care and feeding required to run and maintain each platform and vendor specific patch management utility

In this webcast with Randy Franklin Smith and Lumension experts, you will learn how to address enterprise patch management and see a live demonstration of the leading patch management solution.

Click here to download it now »

California Data Protection Laws - Is Compliance Good Enough

California SB 1386 requires that businesses protect customers’ personal information and provide notification if there is a security breach which reveals these data to unauthorized people. Since the California law went into effect back in July 2003, 50 of 55 States and Territories have followed suit, enacting some sort of data protection and/or breach notification law. Not all of these laws apply only within State boundaries as the Massachusetts data protection law (201 CMR 17.00) applies to every organization which obtains personal information on residents of the Commonwealth.

In addition to these state laws, there are today numerous federal data privacy, data protection and data breach notification regulations which impact specific industries – such as those included in the HIPAA / HITECH Acts in the healthcare arena. And on top of this, there are industry-specific regulations which apply – such as PCI-DSS. The result is a patchwork of confusing and sometimes contradictory statutes and regulations which impact almost every business in the US.

By watching this Lumension webcast you will learn:

• In-depth information on the statutes and regulations that apply to California businesses which collect customer data
• What mandates might be coming down the pike in the near future
• Why it's important to leave the "compliance state of mind"
• Some recommended tools and processes to leverage in developing an effective IT risk management program

Click here to download it now »

Creating Your Natural Advantage by Integrating Desktop Power Management and Patch Management

PCs account for about one-third of all IT energy consumption - with roughly $4 billion wasted each year globally in electricity costs by PCs, monitors, and laptops being left on when not in use. Clearly, as electricity prices are rising amid the ongoing tough economy, one of the most powerful ways that IT managers can save significant amounts of money for the organizations they serve is electricity savings via PC power management.

Unfortunately, such power-reduction measures often mean that PCs that are offline or in sleep mode many not get the necessary patches or software upgrades they need. The trick is to integrate effective PC power management alongside the ability to improve patch management practices. Do this, and you’ve not only reduced IT operational expenses, but you’ve simultaneously bolstered your overall security infrastructure in one fell swoop.

By watching this webcast, you will learn:

• How to maximize operational efficiencies via simultaneous power and patch management
• Real-world integration challenges and considerations
• How to maintain a seamless and positive end-user experience
• Tech tips and best practices for implementation
• How to leverage rebate opportunities from local utility companies
• And much more.

Click here to download it now »

Creating Your Red Flags Rule Playbook

Even as organizations tighten up their data security measures, cybercriminals have become very sophisticated and continue to find ways to steal personal information and use it to open or access accounts. According to Javelin Strategies, incidences of identity theft grew by 11 percent from 2008 to 2009 altering the lives of 11 million Americans. If that pattern continues, one in every 20 Americans will be a victim of identity theft this year. The Red Flags Rule carries significant financial recourse for non-compliance, requires organizations across multiple industries to implement additional data security measures and be able to identify the danger signs of fraudulent activity.

In this Lumension webcast, you will learn:

• About the Red Flags Rule and who must comply
• How to enhance your data security practices
• How to harmonize data security control requirements across other data protection regulations such as PCI DSS
• Highlight ways to monitor controls that the Federal Trade Commission mandates and effectively respond to red flags as they are identified
• How to develop your Red Flags Rule playbook

Click here to download it now »

Data on the Edge: Protecting Your Business Information with Lumension Data Protection

In today's borderless enterprise, sensitive information is more at risk than ever before from both external and internal threats. Financially motivated criminal organizations are targeting attacks against specific companies and specific information, while corporate insiders maliciously steal or accidentally lose data with astounding regularity. With the increase of data breaches and the average cost skyrocketing to more than $350,000, protecting your data has never been more important.

In this webinar, a panel of industry and solution experts will explain how to protect sensitive information by:

• Discussing the everyday threats to information, whether at rest, in motion or in use
• Examining fundamental steps for protecting information, including: Discovery, Policy Establishment, Policy Enforcement, Policy Monitoring and Compliance Reporting
• Highlighting the key capabilities that protect data from loss or theft
• Demonstrating the award-winning Lumension Data Protection Solution

Learn how the Lumension Data Protection Solution proactively protects data from theft or loss through endpoint and device discovery, enforcing device usage and data encryption, and assessing data loss risk.

Click here to download it now »

Data Privacy and Security - Where are Regulations Headed

The marjority of US states now have data breach notification laws in force with others considering legislation in the coming year. On the international stage, Canada, the United Kingdon, India and Australia have either published or are considering national data breach standards and laws. Other issues such as identity theft, RFID and electronic health records (EHR) are receiving even greater security from regulators. The top minds on privacy and security regulation offer their perspectives as to what to expect in the US and around the world in the coming years.

Click here to download it now »

Defense-in-Depth Strategies for Protecting Intellectual Property - From Inside and Out

A shift has occurred in the types of data being targeted by cybercriminals. The market for stolen credit card data has become saturated - at one time stolen records sold for up to $15 each; credit card data, the most sought after stolen data, has dropped to about 20 cents a record. The new, more valuable target of cyber thieves is now intellectual property (IP). This sensitive corporate information is at risk from both cybercriminals and trusted insiders, with a new trend of collaboration between the two.

In this webcast, you will learn:

• How the changing IT landscape impacts the safety of intellectual property today
• Evolving trends with regards to cybercriminals and insider cooperation
• How a defense-in-depth approach that includes prioritized IT risk mitigation, application whitelisting and removable device control can protect your IP

Click here to download it now »

Endpoint Device Control in Windows 7 and Beyond

This webcast moderated by Randy Franklin Smith, editor of Ultimate Windows Security, goes in-depth on key endpoint device control capabilities to look for in Windows environments. In this webcast, you will:

• Explore native Windows features like Device Installation Restrictions and learn how to define device whitelists
• Find out how native functionality stacks up against real world requirements
• Learn where you may need a more robust endpoint security solution to fill gaps
• Get a full picture of where Windows functionality leaves off and 3rd party solutions pick up

This webcast also includes a demonstration of the award-winning Lumension® Device Control.

Click here to download it now »

Endpoint Security Fundamentals - Part 1 - Finding and Fixing the Leaky Buckets

In today's mobile, always on business environment, as information moves further away from the corporate boundaries to the endpoints, cyber criminals have more opportunities than ever before to gain unauthorized access to valuable data. Endpoints now contain the crown jewels, including financial records, medical records, trade secrets, customer lists, classified information, etc. – which fuels the on-demand business environment, but also creates a dilemma for security professionals.

This is the first of a three part webcast series on Endpoint Security Fundamentals where we will examine how to build a real-world defense-in-depth security program - one that is sustainable and one that does not impede business productivity. In Part One of this series, Finding and Fixing the Leaky Buckets, Mike Rothman, Analyst and President of Securosis, and Jeff Hughes, Director of Solution Marketing with Lumension, examine:

• The fundamental steps you should take before implementing security enforcement solutions
• How to effectively prioritize your IT risks, so that you are focusing on what matters most
• How to act on the information that you gather through your assessment and prioritization efforts
• How to get some "quick wins" and effectively communicate with your senior management

Click here to download it now »

Endpoint Security Fundamentals - Part 2 - Leveraging the Right Enforcement Controls

In today's mobile, always on business environment, as information moves further away from the corporate boundaries to the endpoints, cyber criminals have more opportunities than ever before to gain unauthorized access to valuable data. Endpoints now contain the crown jewels, including financial records, medical records, trade secrets, customer lists, classified information, etc. – which fuels the on-demand business environment, but also creates a dilemma for security professionals.

This is the second of a three part webcast series on Endpoint Security Fundamentals where we examine key enforcement controls that you should look to implement to minimize IT risk and improve your overall security. In Part Two of this series, Leveraging the Right Enforcement Controls, Mike Rothman, Analyst and President of Securosis, and Jeff Hughes, Director of Solution Marketing with Lumension, examine:

• How to automate the update and patch management process across applications and operating systems to ensure all software is current
• How to define and enforce standardized and secure endpoint configurations
• How to effectively layer your defense and the evolving role that application whitelisting plays
• How to implement USB device control and encryption technologies to protect data

Click here to download it now »

Endpoint Security Fundamentals - Part 3 - Building the Endpoint Security Program

In today's mobile, always on business environment, as information moves further away from the corporate boundaries to the endpoints, cyber criminals have more opportunities than ever before to gain unauthorized access to valuable data. Endpoints now contain the crown jewels, including financial records, medical records, trade secrets, customer lists, classified information, etc. – which fuels the on-demand business environment, but also creates a dilemma for security professionals.

This is the third of a three part webcast series on Endpoint Security Fundamentals where we take the steps and enforcement controls discussed from Chapters 1 and 2 of the series and discuss how to meld them into a program. In Part Three of this series, Building the Endpoint Security Program, Mike Rothman, Analyst and President of Securosis, and Jeff Hughes, Director of Solution Marketing with Lumension, examine:

• How to manage expectations and define success
• How to effectively train your users about policies and how to ensure two-way communication to evolve policies as needed
• How to effectively respond to incidents when they occur to minimize potential damage
• How to document and report on your overall security and IT risk posture

Click here to download it now »

Evolving Threats: 2008 Year in Review and a Look Ahead

Over the course of 2008 we have witnessed the continuing wave of data breaches, web-borne malware, stealthy botnets, targeted phishing attacks and the first large scale incident of Cyber-Warfare. With recent record drops in the global economy and no end in site near, targeted cyber attacks will only continue to increase.

In this Lumension audiocast, Evolving Threats and Countermeasures: 2008 Year in Review and a Look Ahead - we’ll:

• examine the dynamic threat environment of 2008
• highlight some lessons learned
• discuss threats organizations should expect to face in 2009
• explain how organizations can effectively and efficiently minimize their critical risk and protect their vital business data
• and what opportunities organizations can take advantage of in 2009 to improve IT processes and productivity

Click here to download it now »

Evolving Threats: A Big-Mac Attack

Today’s global enterprise is more mobile than ever, with new applications promising to improve productivity and new devices needing to stay connected. With the current economic climate forcing organizations to take a hard look at reducing costs, new processes are being introduced to efficiently support a 24x7 business environment. But with each new endpoint comes greater support requirements and greater risk, such as vulnerable applications, missing OS patches and configuration errors. And the vulnerability landscape has evolved considerably as the list of non-Microsoft vulnerabilities continues to grow.

In this Lumension audiocast, you will learn:

• The impact of the latest Microsoft patch update
• How the vulnerability landscape has changed with the large patch output from Apple
• Why applications are another delivery mechanism for malware and must be patched
• Key steps to effectively manage critical risks across diverse environments and reduce costs

Click here to download it now »

Evolving Threats: Conficker Botnet and Top Security Configuration Challenges

In this evolving threat landscape, we continue to see vulnerabilities exploited across numerous applications outside of just Microsoft. And the time available to shore up these security gaps continues to rapidly decrease as exploits are already in the wild for many of these vulnerabilities. Conficker continues to wreak havoc and now systems on the Mac platform are vulnerable to the iBotnet. With more complex and dynamic network environments, mis-configured systems also provide a large window for exploits to leverage.

In this Lumension audiocast, you will learn:

• The impact of Microsoft patches as well as the latest string of non-Microsoft vulnerabilities
• How Conficker has continued to evolve
• About the iBotnet and some key recommendations to safeguard your Mac environment
• Key recommendations to improve your security posture and reduce costs through the enforcement of configuration policies

Click here to download it now »

Evolving Threats: Conficker Botnet and Insider Threat

The sophistication of threats continue to evolve, as new methods to exploit vulnerabilities are leveraged just as mechanisms are developed to defend against older versions of the exploit. And in addition to these new vulnerability exploits, 2009 looks more and more like it is the year of the insider threat.

In this Lumension audiocast, you will learn:

• About the impact of Microsoft’s latest patches as well as the latest Adobe vulnerability
• How the Conficker Worm is now verging on becoming a botnet
• About the different types of insider threats and how to prevent them

Click here to download it now »

Evolving Threats: Conficker and SQL Injections

Over the past few weeks we have witnessed the impact of attacks that target vulnerabilities across operating systems, applications and user behavior. The Conficker worm, which has wreaked havoc for many months still continues to proliferate. And while SQL injection attacks have also been around for a while, we’ve seen a recent wave of these come through again, impacting many organizations.

In this Lumension audiocast, you will learn:

• Why you need to manage vendor patches outside of simply Microsoft regarding the flaw remediation process
• How the Conficker Worm works, it’s global impact and some recommendations to prevent it from impacting your organization
• About the most recent SQL injection attacks and highlight key steps to protect your organization from this threat

Click here to download it now »

Evolving Threats: The Achilles Heel of Data Loss and Theft

In 2008 we have witnessed more than 550 data breaches in which tens of millions of records have been exposed. One major cause of these data breaches is the consumerization of IT such as USB devices. In a recent Forrester Research survey, 52 percent of companies said they suffered data loss via USB drives and other removable media. Recent headlines have also shown how these devices can be used to steal sensitive information.

In this Lumension audiocast with security and forensics expert, Paul Henry, you will learn:

• Why removable media devices are the top security threat
• Why insiders pose the greatest risk to your information
• The 5 key steps to safeguarding vital information from loss or theft

Click here to download it now »

Federal Cyber Security Outlook for 2010

With growing concerns of sophisticated cyber attacks from overseas putting U.S. critical infrastructure at risk, Lumension commissioned Clarus Research Group to conduct the industry's first "Federal Cyber Security Outlook for 2010" study. Watch this webcast to learn the findings of this study, to understand the biggest security challenges and what Federal agencies can do to secure against cyber threats and protect intellectual property.

Click here to download it now »

Four Practical Steps to Minimizing Insider Risk

In today's increasingly collaborative and always-accessible working environment, organizations are challenged to balance the need to put information at the fingertips of productive workers with the responsibility to preserve the privacy and integrity of sensitive data stores. Data still flows freely through unsecured endpoints, USB storage devices, P2P networks and Web 2.0 applications. And this fast-and-loose atmosphere has bred uncertainty about and antipathy toward organizational data policies. Well-meaning-but-clueless insiders continue to use unauthorized and illegal applications and removable devices that puts data at risk and malicious insiders have more options at their fingertips to steal data than ever before.

This webcast examines:

• The new risk drivers enabling data loss
• What types of data is leaving organizations
• Four steps to minimizing these risks

Click here to download it now »

Four Steps to Qualifying for Power Rebates

In today's challenging economic environment, cost reduction is a key strategy to stay competitive. Yet, many organizations are not taking advantage of the cost saving opportunities around reducing power consumption and the further rebates that may be available through local power companies.

In fact, depending on where your organization is based, it could be eligible for energy rebate programs which provide savings up to $15 per PC. That’s on top of the savings you could achieve by effectively incorporating power management policies into your IT operations. In this 30 minute webcast, Andrea Bolz, solution marketing manager with Lumension, highlights the four steps to qualify for these potential rebates.

Click here to download it now »

Going Beyond Checkbox Compliance: How to Make Compliance Improve Your Security

In today’s highly regulated environment, many organizations address compliance as one-off projects where the goal is to ‘get the box checked’ by the auditor. This inefficient approach results in time- and resource-intensive work to pour through as many as 40,000 spreadsheets just for one compliance initiative* that provides little value back to the organization. This multiplies exponentially when dealing with multiple regulations.

Achieving a level of compliance may be a requirement for your organization, but by itself is not a guarantee that your systems and sensitive data will be secure. Going beyond a checkbox compliance approach will ensure audits are passed and regulatory requirements are met, while streamlining operations, reducing IT risk and ultimately improving overall security.

In this roundtable discussion with Brandon Dunlap of BrightFly, Jeff Hughes of Lumension and Marcus Giese of RightNow Technologies, learn the keys to taking a risk-based approach and how to:

• Leverage compliance initiatives as a catalyst to improving security
• Identify areas of control weakness
• Prioritize IT risk to focus on what matters most
• Rapidly respond to those weaknesses
• Improve processes and augment controls

* Corporate Integrity, LLC, Foundations of GRC: Streamlining Compliance, May 2009

Click here to download it now »

Going Beyond HIPAA Compliance: Securing the Evolving Endpoint

This webinar will discuss how to go beyond HIPAA Compliance and ensure that your health care organization’s systems and confidential information are protected from a rapidly increasing threat environment. Hear directly from John C. Lincoln Health Network CIO Rob Israel on how his organization has achieved HIPAA Compliance and improved its security posture through the use of proactive security solutions from Lumension. And hear how through the use of Lumension solutions, John C. Lincoln has achieved a 365% return on their security investment. By viewing this webcast you will:

• Learn about the many dynamic threats to your confidential data and systems and how endpoints have evolved and all of the sources of risk within your organization
• Learn how to define and enforce policies that ensure HIPAA Compliance and an improved security posture
• Learn best practices for working with your end user community to improve your overall security

Click here to download it now »

How to Comply with Nevada's New Data Protection Law

The new Nevada data protection law, NRS 603 (passed as SB 227), is unique in several ways. It is the first state data protection law to provide a “safe harbor” for merchants who are fully PCI-compliant, and it provides further protection for organizations that use NIST-compliant encryption to protect personal information. However, ensuring compliance and avoiding liability is not quite so simple.

In this webcast you will learn:

• The details of this new legislation and the standards behind it
• Who needs to be concerned about this law and how to ensure you are compliant with it
• Why compliance with this regulation has a multiplying impact for most organizations
• What processes and technical controls are recommended to ensure compliance

Click here to download it now »

How to Enable Local Admin Access - Without the Risk

In today's Windows environment, end users are accustomed to having local administrator privileges which allow them to download a variety of applications and potentially misconfigure their PCs. While standard wisdom may be to simply solve the problem by revoking local administrator rights on users' systems, the reality is that this may not be an option at all organizations. And removing local admin rights doesn't address applications such as Google Chrome or browser plug-ins for which admin access isn't required.

Fortunately, there's hope for IT administrators seeking to gain control over the Windows environment while still offering local admin rights to the user base – through application whitelisting. With application whitelisting, IT can gain power over what types of applications their users install and limit their access to under-the-hood controls that determine how well configured the machine remains.

In this webcast, we'll examine:

• Why revoking local admin rights won't solve the problem of unwanted and malicious applications
• How to promote productivity through local admin access while achieving control over configuration changes
• Additional benefits of application whitelisting, including the prevention of zero-day attacks

Click here to download it now »

How to Prevent Security Breaches Through Management and Control of USB Devices

The DoD has banned the use of USB devices after an unauthorized device containing "agent.btz", a variation of the Storm Worm, was connected to a sensitive DoD network causing massive outages. To ensure security without impeding government business, a new policy is forthcoming that will require the management and reporting of USB device usage on government networks. Listen to Steve Antone, Lumension Vice President of Federal Solutions Group as he discusses how to prevent security breaches through effective management and control of USB devices.

In this Lumension webinar, you will learn:

• How USB Devices are Used to Transfer Data
• About the Federal Government Ban on USB Devices and Its Impact
• How to Effectively Manage USB Devices to Secure Data and Networks without Impacting Productivity

Click here to download it now »

How to Protect Medical Records, Ensure HIPAA Compliance and Improve Productivity

Tough economic times, technology advances and regulations have pushed healthcare organizations to put their records online, including: patient medical records, insurance information and billing information. This confidential information must be readily accessible to doctors, insurance companies, other healthcare facilities and patients themselves, but with data accessible to multiple parties it is also at great risk for loss or theft. With 50 million uninsured Americans, medical identity theft is increasing faster than retail/banking theft and more information is involved. Meanwhile, HIPAA and several state regulations are beginning to enforce significant financial penalties for non-compliance.
In this webinar, experts at Lumension and John C. Lincoln Health Network who will discuss how to:

• Enable doctors and other healthcare workers to increase productivity without putting Electronic Protected Health Information (ePHI) at risk
• Enforce removable device usage and data encryption policies
• Effectively comply with HIPAA Security Rule
• Demonstrate the value of security to your overall business strategy

Click here to download it now »

Practical Steps For Integrating and Managing Endpoint Security

Securing endpoints is the toughest area of information security right now as they face more malware and more sophisticated attacks.  And endpoints are typically loaded with software from multiple vendors, each with their own patch deployment problems. Protecting endpoints is more difficult since there are so many of them and since they are often disconnected for long periods of time and under the control of end-users who often have administrator level authority. 

Successful, long term endpoint protection takes a coordinated, comprehensive approach that optimizes your efforts and investments of time and money.  In this webinar we look at practical steps for comprehensive, coordinated endpoint protection in today’s environment and cover issues like the need for:

• Integration and consolidated management for core endpoint security technologies
• Centralized patch management for multiple software vendors and platforms
• Scalability in terms of endpoint quantity and granularity or different endpoint types and profiles
• Integration with Active Directory to leverage organization and policy information
• Visibility into endpoint discovery, agent status and operation
• Wake On LAN capability to coordinate system security maintenance with power management and green initiatives

Also find out about the range of endpoint security threats and the technologies available to deal with them.  After the presentation, Lumension demonstrates how their integrated, endpoint management and security solution suite helps you meet these requirements. 

Click here to download it now »

Its 2010 - Are You in Compliance Yet with the Massachusetts Data Security Regulation

If you are small, medium or large business and you “own or license personal information about a resident of the Commonwealth of Massachusetts” then you must comply by March 1, 2010 with strict data security requirements to safeguard such personal information. The time is now to take an assessment of your current compliance and risk posture as it relates to this looming regulation and make sure you have a data security plan in place.

Watch this webcast to learn about the latest revisions to the Massachusetts Data Security regulation ( 201 CMR 17.00 ) and how your company can become compliant in a cost effective and secure manner. Specifically, you will learn:

• The components (and revisions) of the Massachusetts Data Security regulation and who must comply
• Types of personal information that are mandated for protection under this regulation
• The steps necessary to achieve compliance by adopting a "risk-based" approach
• Solutions available now to help you cost-effectively achieve compliance

Click here to download it now »

It's Your Move - The Changing Game of Endpoint Security

Many of today's IT security departments are using basic 'move, countermove' thinking to plan their defenses, which is not enough to defend against the devious and calculating adversaries who plan their moves well in advance. It's time to refine our endpoint security strategies. While we were installing firewalls, antivirus suites, and other technologies that block known threats, the bad guys were out rewriting the rulebook. Now, the cybercriminals are usually one step ahead and are too often putting us in "checkmate."

Watch this webcast to learn:

• How our opponents have changed the IT security rules
• What role your employees play in this "game"
• Key moves IT security professionals can make to regain control of endpoints
• How one organization has successfully implemented a proactive security

Click here to download it now »

Key Steps to Aligning Security and Compliance - How to Connect the Dots

The pressure is on as organisations today face mounting demands to maintain an enterprise-wide security posture while adhering to the growing number of compliance regulations. Without the right processes and tools to effectively navigate through the security and compliance maze, IT professionals often resort to manually poring through spreadsheets and pulling together all of the necessary data and proof points to pass their audit and check the compliance box. But it doesn’t have to be this painful with today’s innovations in compliance and IT risk management. By aligning and connecting the dots across security and compliance, organisations can create business value as policies and procedures can be formalised and security of data and other assets preserved. In this webcast, Nigel Stanley, analyst with Bloor Research and Alan Bentley, VP of Lumension, examine:

• The types of risks introduced by poor compliance and security failures
• The impact to an organisation's brand and reputation as well as the costs to the bottom line
• Practical steps organisations should take to align security and compliance initiatives

Click here to download it now »

Key Steps to Surviving Patch Tuesday

As the number of vulnerabilities increase and shift from the OS to the browser and applications, the challenge of keeping software patched in a timely and effective manner is becoming increasingly difficult for IT organizations. To keep end users protected, application vendors are releasing ever-growing waves of patches, and some are doing so on Microsoft's notorious "Patch Tuesday." For many organizations, patching effectively and reliably is becoming a time-consuming and never-ending process, demanding a robust and dynamic infrastructure to ensure protection.

In this Lumension webcast with Security and Forensic expert Paul Henry, we'll:

• Examine how the vulnerability and threat landscape has evolved beyond the OS
• Discuss recommended steps to ensure continuous Patch Tuesday readiness

Click here to download it now »

Key Strategies to Address Rising Application Risk in Your Enterprise

Endpoint risk has shifted from operating system to third party application vulnerabilities, which now account for more than two-thirds of all endpoint vulnerabilities. These third party applications also take twice as long as operating systems for most organizations to patch^[1], which is why the SANS Institute now ranks patching client-side software as the top IT security priority.

Cybercriminals have taken notice of this shift. Even as organizations have improved patch management processes for their operating systems and vendors have plugged many of the security gaps within their platforms, the un-patched vulnerabilities for third party applications and software provides attackers with many new options to exploit – there are at least 2.7 billion un-patched applications running on machines within the U.S. alone, and 98 percent of Windows machines have at least one un-patched application.^[2]

In this webcast, we’ll examine how to:

• Identify and assess the vulnerabilities that create the most IT risk for your organization
• Automate policy enforcement to ensure continuous patch management for operating systems and applications - in both physical and virtual environments
• Layer your security approach with prioritized IT risk mitigation, antivirus and application whitelisting

^[1] SANS Institute
^[2] Secunia Half Year Report 2010

Click here to download it now »

Tips to Manage IT Risk Improve Visibility and Reduce Operating Costs

In today’s dynamic and highly regulated IT environment, organizations currently spend a significant amount of effort and money to ensure compliance – in fact, many spend up to 50% more than necessary. But before you get compliant, you must understand your IT risk. Aberdeen Group recently published research on IT GRC and found that the two differentiating attributes of best-in-class organizations are their commitment to automation of risk and compliance processes and controls and to the development of a continuous compliance infrastructure.

In this webinar, leading experts from Aberdeen Group and Lumension discuss some of these latest IT GRC research findings and identify recommended actions for organizations to provide greater visibility into IT environments, mitigate technical and operational risks and ultimately reduce the total cost of ownership.

Click here to download it now »

Medical Records on the Run: Protecting Patient Data with Device Control and Encryption

In an increasingly online health care environment where medical records are shared among doctors, insurance companies, health care facilities, federal/state/local government entities and others, the risk of improper EPHI disclosure is at an all time high. Technology advances, such as USB devices, have facilitated the movement of patient data beyond the four walls of the healthcare organization and also can introduce malicious threats into the network. Add in HIPAA Security Rule requirements and health care organizations are presented with the unique challenge of balancing worker productivity with the risk of data loss.

In this webinar, we’ll examine:

• The current threat and regulatory environment for health care organizations, especially as it pertains to removable devices
• Proven methods to ensure business enablement without risking improper EPHI disclosure, using device control and data encryption technologies
• A real life example of how device control and encryption capabilities have been implemented at University Health Care System

Click here to download it now »

Moving Beyond AV to Ensure Secure and Compliant Endpoints

In today’s Web 2.0 world, software is more distributed than ever before. Employees download a variety of Internet applications on a regular basis, with each new download altering system configurations and increasing your exposure to malicious software. Financially motivated cybercriminals are designing malware attacks to specifically bypass traditional security methods and ultimately gain access to networks with sensitive information. Organizations have traditionally invested heavily in Anti-Virus solutions, often stacking multiple layers along the data path in an attempt to stop malware from infecting endpoints. While AV plays a crucial role in identifying known malware and cleaning infected systems, the reality is that relying on layers of the same defense mechanism leaves organizations exposed to attacks and data theft.  

This Lumension audiocast will examine:

• Today’s dynamic threat landscape and how it impacts organizations
• AV’s role in today’s IT environment
• How application whitelisting enables IT to effectively deliver a true defense-in-depth capability, filling in the gaps that AV was not designed to cover

Click here to download it now »

Moving from a Threat Centric to a Trust Centric Endpoint Security Model

Lumension Connect 2010 Presentation

Speaker:Neil MacDonald, VP and Gartner Fellow, Gartner

Today's business and IT environments have changed with the broad adoption of Web 2.0 technologies. This keynote will examine why organizations should adopt a trust centric approach to endpoint security to address these new challenges.

Click here to download it now »

Paul Henry's 2011 Malware Trends

In 2010, we again saw the volume and sophistication of malware dramatically increase over the year before. Today, more than 1.6 million new malware signatures are identified each month and the volume of zero-day attacks continues to rise. Script kiddies have been replaced by cyber criminal syndicates looking to steal personal information and intellectual property for financial gain.

In this webcast, security and forensics expert, Paul Henry, will discuss the latest malware trends and more importantly, practical steps you can take to better protect your organization from evolving threats.

Learn about:

• The unending arms race with financially motivated cybercriminals
• The evolving paths into your network including social media and removable devices
• Why traditional defenses are not effective
• How to ensure an effective depth-in-defense security strategy that includes application whitelisting

Click here to download it now »

PCI DSS Compliance and Security - Harmony or Discord

The Payment Card Industry Data Security Standard (PCI DSS) provides data protection requirements for organizations that process card payments. These requirements evolve over time and have even become adopted by some US states, including Minnesota, Nevada, and Washington. While organizations that fully comply with PCI DSS are considered secure credit-card processors, compliance and security are not one and the same.

An organization can be compliant and still experience a security breach – look no further than Heartland Payment Systems and RBS WorldPay. Both had achieved PCI DSS compliance at one point, only to suffer massive data breaches that cost tens of millions of dollars. So what good is compliance? What is the difference between compliance and security? And how can organizations effectively move beyond PCI DSS compliance to ensure the security of all their critical information?

In this roundtable discussion, with Michael Rasmussen of Corporate Integrity, EC Suite's Director of Information Systems, William Bell and Lumension’s Director of Solution Marketing, Chris Merritt, we examine:

• The evolving threat and compliance landscape
• How to use compliance as a catalyst for developing and implementing an effective security program
• The six critical elements to achieving effective and economical PCI DSS compliance
• How one organization is going beyond PCI DSS compliance and further enhancing its security of information

Click here to download it now »

Click here to download it now »