Webcast

Webcast on Endpoint Encryption Today

By Rich

I've been out at the Phoenix SANS event so I almost forgot to post this...

I'll be presenting on endpoint encryption from 2-3 ET today. The event is sponsored by WinMagic, and you can register here.

I'll be covering the basics of endpoint encryption- a little bit on why you should do it (I think most of you have heard me say "just encrypt your freaking laptops" by now), an overview of the technology, and enterprise concerns and best practices. I'll also spend some time talking about how to mix file/folder and full drive encryption.

This one is targeting people without much of a background in endpoint encryption and is mostly introductory material.

–Rich

SANS Webcast Tomorrow - Business Justification for Data Security

By Rich

Hi everyone,

Just a quick note that tomorrow we'll be giving a webcast about our research behind The Business Justification for Data Security paper we recently released. For those of you with too much ADD to read all 30+ pages, we'll be covering all the core material and walking through an example case.

The webcast starts at 1pm ET, is with the SANS Institute, and is sponsored by McAfee; you can sign up here.

We'll also have some time for Q&A, so this is your chance to dig in a little deeper with us.

On another note, we are very close to putting up the new version of the Securosis site- yes Virginia, pretty soon we'll have more than a default WordPress template. As a consequence, our blog posts might be a little light this week. Don't worry, the new site will make up for it.

–Rich

Database Security Webcast Tomorrow

By Rich

Tomorrow I'll be giving the first webcast in a three part series I'm presenting for Oracle. It's actually a cool concept (the series) and I'm having a bit more fun than usual putting it together. The first session is Database Security for Security Professionals. If you are a security professional and want to learn more about databases, this is targeted right between your eyes. Rather than rehashing the same old issues, we're going to start with an overview of some database principles and how they mess up our usual approaches to security. Then we'll dig into those things that the security team can control and influence, and how to work with DBAs. Although we are focusing on Oracle, all the core principles will apply to any database management system.

And I swear to keep the relational calculus to myself.

The next webcast flips the story and we'll be talking about security principles for DBAs. Yes, you DBAs will finally learn why those security types are so neurotic and paranoid. The final webcast in the series will be a "build your own". We'll be soliciting questions and requests ahead of time, and then I'll crawl into a cave throw it all together into a complete presentation.

The webcast tomorrow (December 17th) will be at 11 am PT and you can sign up here.

–Rich

Upcoming Webcast- DLP and DAM Together

By Rich

On July 29th I'll be giving a webcast entitled Using Data Leakage Prevention and Database Activity Monitoring for Data Protection. It's a mix of my content on DLP, DAM and Information Centric security, designed to show you how to piece these technologies together.

It's sponsored by Tizor, and you can register here (the content, as always, is my independent stuff). Here's the description:

When it comes to data security, few things are certain, but there is one thing that very few security experts will dispute. Enterprises need a new way of thinking about data security, because traditional data security methods are just not working. Data Leakage Prevention (DLP) and Database Activity Monitoring (DAM) are two fundamental components of the new security landscape. Predicated on the need to "know" what is actually happening with sensitive data, DLP and DAM address pressing security issues. But despite the value that these two technologies offer, there is a great deal of confusion about what these technologies actually do and how they should be implemented. At this webinar, Rich Mogull, one of today"s most well respected security experts, will clear up the confusion about DLP and DAM. Rich will discuss: * The business problems created by a lack of data centric security * How these problems relate to today"s threats and technologies * What DLP and DAM do and how they fit into the enterprise security environment * Best practices for creating a data centric security model for your organization

–Rich

Webcast June 4th: DLP Content Discovery

By Rich

Yes, it's one of those weeks, with two webcasts and a conference (SANS Pen Testing and Application Security in Vegas).

For this one we'll be talking about DLP content discovery for Vontu/Symantec. It's not just me; there will be a customer case study (yes, an honest to goodness security person willing to talk about what they've done). Here's the official description, and you can register here:

Where Is Your Confidential Data and How Do You Protect It? A Real Life Customer Success

Do you know where your confidential data is stored and how to protect it? Industry analysts predict that data discovery will be the single fastest-growing segment of the Data Loss Prevention (DLP) market in 2008 and beyond. In this webcast, you will get the opportunity to hear firsthand how Sharp HealthCare implemented a DLP solution to secure their sensitive customer data stored across the organization, and what business results they are seeing today. Join Rich Mogull, founder of Securosis LLC and former Gartner analyst, and Starla Rivers, Technical Security Architect at Sharp, as they address how to easily deploy DLP and quickly realize the solution benefits.

–Rich

Webcast On Tuesday: Encryption And Key Management

By Rich

This Tuesday I'll be giving a webcast for RSA on encryption and key management. It's heavy on the data center side; focusing on SAN/NAS/Tape, Databases, and Applications. Not much discussion of mobile or email, but a bit of file and folder (server based).

Here's the official description, and you can register here:

Encryption Considerations for the Enterprise

Business Trends, Impact, and Solutions

Government regulations and internal policies drive your need to secure information wherever it lives and travels. Get the facts on Encryption and Key Management technologies during this seminar series and Q&A featuring Rich Mogull, founder of Securosis.com, who will discuss:

• Why encrypt data? Where to encrypt data? What are the pros and cons of different solutions?
• What role should enterprise key management play as part of an overall encryption strategy?
• What is the value of centralizing encryption key management?

–Rich

SANS Webcast Tomorrow: Database Activity Monitoring

By Rich

Tomorrow I'll be giving a free webcast through SANS on Understanding and Selecting a Database Activity Monitoring Solution. Here's the description:

Thanks to increasing compliance requirements and growing security threats, enterprises must adopt new strategies and techniques to protect their databases. Security and database administrators are charged with protecting these essential corporate assets, but are challenged to improve security and auditing in the least intrusive way possible. Database Activity Monitoring is emerging as a powerful tool to ensure compliance while detecting, and sometimes preventing, database attacks and internal abuse. In this webcast independent consultant Rich Mogull will review the inner workings of Database Activity Monitoring, highlight key features, and present a three step selection process.

You can sign up for it here.

I'll be talking for about half the webcast, followed by 2 minute overviews from the sponsors, and closing with about 10 minutes of Q&A. It's sponsored by Guardium, Imperva, Secerno, Sentrigo, and Tizor, which is over half the DAM market.

If you want to learn about this technology, you don't want to miss it.

–Rich