Beyondtrust

BeyondTrust Privileged Account and
Vulnerability Management Webinars

Our security experts have compiled a plethora of resources together to help you get more value out
of BeyondTrust products and solutions.

PowerBroker Password Safe 5.5: New Capabilities for Threat Analytics and SSH Key Management

With Martin Cannard, BeyondTrust Product Manager | 37:34

PowerBroker Password Safe 5.5: New Capabilities for Threat Analytics and SSH Key Management

BeyondTrust has released version 5.5 of PowerBroker Password Safe, and with it enhanced capabilities to uncover emerging risks, and to simplify the management and security of SSH keys. In this webinar, product manager Martin Cannard will:

  • Identify the challenges faced by organizations in pinpointing specific at-risk system.
  • Discuss how the patent-pending BeyondInsight Clarity Threat Analytics engine is used with PowerBroker Password Safe to analyze privileged password, user and account behavior to reduce risk.
  • Review how traditional methods of SSH key management have fallen short, leaving organizations open to vulnerabilities.
  • Show how the Password Safe approach to automatically rotating keys according to a defined schedule and enforcing granular access controls and workflow helps to reduce risk.

Join us for this webinar and learn how these new capabilities add additional control and accountability over privileged accounts.

View Webinar

BeyondTrust Privileged Account Management Solutions

2:11

BeyondTrust Privileged Account Management Solutions

Learn how BeyondTrust Privileged Account Management solutions help organizations close the gap between IT security requirements and user enablement. By providing security and IT operations teams with a comprehensive privilege account management solution, deep analytical insights for better decision making, and extensibility across the security landscape, BeyondTrust reduces IT security risks, simplifies compliance and helps maintain user productivity.

View Webinar

Advanced Windows Tracing: A Deep Dive into Windows Monitoring Techniques

With Paula Januszkiewicz , Security Expert MVP | 1:02:30

Advanced Windows Tracing: A Deep Dive into Windows Monitoring Techniques

If you ask yourself how to trace Windows related situations – this session is for you. You will learn how to establish informative Windows monitoring that can alert you if something goes wrong in your environment. During this session attendees will be brought to the advanced level of monitoring a Windows operating system, so that next time when something happens in the infrastructure you will be able to collect data traces correctly.

Join Security MVP, Paula Januszkiewicz, who will show Windows administrators how to be more aware of what happens whenever somebody does something within the system. Attendees will learn what activities can be traced and monitored; starting from simple scenarios then ending with the exact steps a hacker may take to compromise a system. This session is a real deep-dive into the monitoring world so be prepared for a hard-core technical ride!

View Webinar

The Insider Threat is Real

With Derek A. Smith, Director of Cybersecurity Initiatives | 57:46

The Insider Threat is Real

This webinar qualifies as 1 CPE credit.If you provide your (ISC)2 ID certificate number when you register for the course/s, your CPEs will automatically be added to your (ISC)2 account within 4-6 weeks.

For years organizations have worked diligently to lock down their perimeters from external threats only to find out that the most devastating enemy is already inside their doors.

Notable breaches and results from the annual Verizon report only prove what we already know: That a comprehensive security program must include an understanding of insider activity such as anomalous, suspicious, or nontechnical behaviors.

In this webinar, Derek A. Smith, Director of Cybersecurity Initiatives, National Cybersecurity Institute at Excelsior College, will:

  • Provide an overview of insider threats
  • Discuss insider threat motivations and criminal fundamentals
  • Introduce the most common types of insider threats
  • Share ways to identify insider threats and protect organizations from them
  • Identify insider threat risks, vulnerabilities and weaknesses within an organization, and provide actionable risk mitigation strategies to detect, deter and mitigate the insider threat

Join us for this informative webinar!

**CPE Credit Qualification** This webinar qualifies as 1 CPE credit.If you provide your (ISC)2 ID certificate number when you register for the course/s, your CPEs will automatically be added to your (ISC)2 account within 4-6 weeks.

View Webinar

Monitoring What Your Privileged Users are doing on Linux and UNIX

With Randy Franklin Smith, Security Expert | 57:47

Monitoring What Your Privileged Users are doing on Linux and UNIX

In previous webinars Randy Franklin Smith has showed us how to control what privileged authority in Linux and UNIX. With sudo you can give admins the authority they need without giving away root and all the security risks and compliance problems caused by doing so. But once you carefully delegate limited, privileged authority with sudo you still need an audit trail of what admins are doing. A privileged user audit trail is irreplaceable as a deterrent and detective control over admins and in terms of implementing basic accountability. But in today’s environment of advanced and persistent attackers you also need the ability to actively monitor privileged user activity for quick detection of suspicious events.

Join security expert, Randy Franklin Smith, who will dive into the logging capabilities of sudo. Sudo provides event auditing for tracking command execution by sudoers – both for successful and denied sudo requests as well as errors. Randy will show you how to enable sudo auditing and how to control where it’s logged, if syslog is used and more importantly: what do sudo logs looks like and how do you interpret them?

But sudo also offers session auditing (aka the iolog) which allows you to capture entire sudo sessions including both input and output of commands executed through sudo whether in an interactive shell or via script. Randy will show you how to configure sudo session logging and how to view recorded sessions with sudoreplay.

After Randy’s session, Paul Harper from BeyondTrust will show you how PowerBroker UNIX & Linux builds on sudo’s audit capabilities.

This will be an interesting and technical session, so come with questions!

View Webinar

Why You Still Suck at Patching...and How to Turn Your Life Around

With Dave Shackleford, SANS Instructor | 56:30

Why You Still Suck at Patching...and How to Turn Your Life Around

As a professional pen tester, I can tell you that patching is still a major Achilles Heel for many organizations. Sure, the assets in the DMZ get patched - it's pretty rare to come across a random MS08-067 hanging out there in the wind. But internally? It's a mess. Unfortunately, patching is still often treated somewhat ad hoc. There are too many assets, too many exceptions, too many patch failures or crashes or political arguments...you get the idea. However, it's time to take control of your patch management strategy, and looking at your vulnerability management program as a whole is the way to do it.

Join this informative (and fun) webinar, where SANS Instructor and Founder at Voodoo Security, Dave Shackleford, will take a look at some severe patch FAILS. Dave will recount some of his personal experiences in patch management failure, and break down the most critical issues holding many teams back from patching more effectively. In addition, Dave will tie patch management into a larger vulnerability management program, and also talk about what he's seen working in some organizations that have focused in on this problem.

View Webinar

A Security Expert's Guide: The Windows Events You Should be Tracking and Why

With Russell Smith, Windows Security Expert & MCSE | 53:52

A Security Expert's Guide: The Windows Events You Should be Tracking and Why

Are you able to identify who is doing what across your Windows servers? How well are you able to audit and report on events across all your privileged accounts? One of the ways to monitor such activities is to centralize the events so they can be read from one location. But what events should you be tracking in the first place and why?

Join Windows Security Expert and MCSE, Russell Smith, who will discuss the Windows Events you should be tracking right now and why. He will also show you how to set up Event Log subscriptions so you have better monitoring across your Windows environments. Additionally he will cover:

  • What types of Windows events you should be tracking (account creation, Security services disabled, RDP enabled, etc.)
  • What kind of information is recorded in Windows Event Logs and why they should be monitored
  • How to view Windows Event Logs

BeyondTrust’s, Morey Haber will then walk attendees through a brief overview of PowerBroker for Windows and how the product can effectively track the Windows events Russell discusses earlier. This is a webinar you don’t want to miss!

View Webinar

Group Policy Backup and Restore: Are You Ready for the Disaster?

With Jeremy Moskowitz, Group Policy MVP | 52:01

Group Policy Backup and Restore: Are You Ready for the Disaster?

Let me lay it out there: Most people aren't backing up their Group Policy world. It's not super difficult to do; you just need to do it. And when a problem occurs, are you ready to actually perform the work to get that Group Policy Object back in business and working and performing its duties?

Join Group Policy MVP, Jeremy Moskowitz of GPanswers.com, and learn several ways to backup your GPOs, and ensure that when disasters occur (and they always do) that you?re prepared and ready to act. This is a webinar you don't want to miss!

View Webinar

The Dark and Bright Side of Enterprise Password Management

With Paula Januszkiewicz, Security Expert MVP | 59:20

Can you count on one hand just how many passwords of mid-complexity you need to memorize in order to do your job, on a daily basis? How are you managing those passwords effectively and securely within the Enterprise?

Join Security MVP, Paula Januszkiewicz, in an upcoming webinar where she will walk attendees through best practices for managing passwords (and prevent a hash attack) plus demo where passwords are stored and how to decrypt them.

During this webinar, Paula will also touch on:

  • Where the technology weaknesses are and how to take passwords from the Operating System to perform several operations
  • The unexpected places your passwords reside and how to mitigate pass-the-hash attacks
  • How password attacks are performed and the typical paths for credentials to leak

This webinar will be heavily demo focused and is one you won't want to miss!

View Webinar

They're Everywhere! They're Everywhere! The Insider Threat in Government Agencies - Hype or Hope?

With G. Mark Hardy, Information Security Expert | 48:54

They're Everywhere! They're Everywhere! The Insider Threat in Government Agencies - Hype or Hope?

Inside the government we hear a lot about the "insider threat," but is it really that big of a deal? After all, there are 7 billion more outsiders than insiders. However, insiders already start with some level of access and trust which can be abused to cause far greater damage. Compliance is not the solution -- fully compliant systems are hacked daily. Rather, we need to develop resilience to threats that allows us to prevent, detect, deny, and respond to whatever comes our way. This especially rings true in Government agencies today.

The Critical Security Controls (CSC) represent a world-class framework for configuring and dealing specifically with the insider threat. Join SANS Instructor and Government Security Expert, G. Mark Hardy in this upcoming webinar where he will show that by following these guidelines and restricting privileges to only those needed to do a job (and reporting and auditing what actions are taken), government agencies can significantly reduce the likelihood of abuse of insider credentials, even by outside attackers. Yes, there is hope, and you can deliver on that promise by taking action now. This is a webinar you don't want to miss!

**CPE Credit Qualification** This webinar qualifies as 1 CPE credit.If you provide your (ISC)2 ID certificate number when you register for the course/s, your CPEs will automatically be added to your (ISC)2 account within 4-6 weeks.

View Webinar

Recreating the Carbanak Breach & Techniques for Mitigating Similar Attacks

With the BeyondTrust Research & Development Team | 44:11

Dubbed by Kaspersky Lab as the "most successful criminal cyber campaign we have ever seen", the Carbanak Bank Breach affected up to 100 financial institutions worldwide with an estimated $1 billion in losses.

Join BeyondTrust Research and Development team for an in-depth live webinar that will explore the attack vectors used in the Carbanak Bank Breach and share successful mitigation techniques needed to prevent this type of attack. Approaches to vulnerability management, least privilege, and file integrity monitoring will also be explored.

Please join BeyondTrust's Andrey Kolishchak, Lead Endpoint Developer and Morey Haber, Program Manager for this in-depth and technical discussion on effective defense measures for this type of modern attack. This will be a technical webinar and one you won't want to miss!

View Webinar

Privileged Passwords: The Past, Present, and Future

With Dave Shackleford, SANS Instructor | 47:09

Passwords play an important role in many people's daily lives. Most people use traditional usernames and passwords to log into email services, business applications, file shares, and social applications in their personal lives. If you ask your friendly neighborhood security professional, however, passwords are on par with one of the lower levels of Dante's Inferno. What makes them so bad? And how did we get in this mess?

In this webinar, join Dave Shackleford, SANS Instructor and founder at Voodoo Security where he'll dig into the history of password-based authentication, and look at why passwords are such a problem today. Between data breaches that include compromised accounts, insider threats from poor user and credential management, and everything in between, passwords can contribute to a number of headaches for security professionals. So what can we do to get control over our passwords? Dave will also touch on some ways that you can improve your overall account and authentication security strategy in the future.

View Webinar

The Risk of Cyber Intrusion from Hackers Through Passwords and Weak Credentials Mistakes

With Marcus Murray & Hasain Alshakarti, Enterprise Security MVPs | 57:01

Marcus and Hasain will demonstrate how hackers can compromise an entire IT environment using password dependencies and weak credentials. This live session will demonstrate an attack starting from compromising a simple client to complete control over an Active Directory Domain.

A not to be missed webinar if you want to understand passing-the-hash attacks and even more sophisticated alternatives used by hackers to gain control over your network. Don't miss the opportunity to see for yourself the potential risks your organisation could be unknowingly exposing itself to.

View Webinar

Who's Using Cyberthreat Intelligence and How? Part 2: Best Practices to Improve Incident Detection and Response

1:02:34

Survey results: How are IT teams using security and analytics? Sponsored by Hewlett-Packard Company

Hackers are increasing their attacks, but security teams still struggle to achieve visibility into applications and systems, and use of "intelligence tools" is actually slipping. Those are among the finding of the SANS Institute 2014 Analytics and Intelligence Survey.

This survey of 350 IT professionals explores how IT security teams use security analytics and intelligence to help detect cyber attacks. Read the survey report to learn:

  • How many attacks respondents experience and how long it takes to detect them
  • The barriers to detection and response
  • How respondents use security analytics and intelligence tools
  • How satisfied respondents are with deployed tools
  • What future investments are planned
View Webinar

Who's Using Cyberthreat Intelligence and How? Part 1: Definitions, Tools and Standards

58:08

Survey results: How are IT teams using security and analytics? Sponsored by Hewlett-Packard Company

Hackers are increasing their attacks, but security teams still struggle to achieve visibility into applications and systems, and use of "intelligence tools" is actually slipping. Those are among the finding of the SANS Institute 2014 Analytics and Intelligence Survey.

This survey of 350 IT professionals explores how IT security teams use security analytics and intelligence to help detect cyber attacks. Read the survey report to learn:

  • How many attacks respondents experience and how long it takes to detect them
  • The barriers to detection and response
  • How respondents use security analytics and intelligence tools
  • How satisfied respondents are with deployed tools
  • What future investments are planned
View Webinar

Active Directory and PCI DSS - Best Friends or Worst Enemies?

With Darren Mar-Elia, Microsoft MVP | 52:19

PCI-DSS specifies a set of best practices for protecting cardholder data that is collected by merchants. For many organizations, the keys to that data are controlled within their Active Directory infrastructure, and herein lies the seeds for success or failure during a PCI audit.

In this session, join Microsoft MVP, Darren Mar-Elia where he will discuss best practices for ensuring that access to PCI-related data is well protected and well-audited. He'll also touch on:

  • Ensuring you have good processes for granting access in Active Directory, to PCI data on a "need-to-know" basis
  • Ensuring you have good methods for auditing who has such access
  • Developing processes for reacting to those audits, using the power of Active Directory to grant or revoke access as needed

Join Darren and Brian Piirala from BeyondTrust as they explore PCI compliance and how third-party auditing solutions can help simplify the process of proving compliance.

View Webinar

How to sudo It Right for Security, Manageability, Compliance and Accountability

With Randy Franklin Smith, Security MVP | 1:00:16

UNIX and Linux with sudo is a fact of life. It’s one of the first things auditors look for and it’s the native option for you to protect root from being abused. It’s also the standard way to implement least privilege and enforce accountability over privileged admins.

But sudo - like most components of Linux/UNIX - is very configurable and it’s easy to (pardon the pun) “sudo it wrong”. In this webinar Randy Franklin Smith will provide a quick intro on sudo explaining what sudo does in terms of eliminating the need to logon as all-powerful root and providing accountability and least privilege. Randy will also show you a number of common sudo pitfalls and the risks with sudo if not configured and used correctly.

He’ll explain you how to sudo it right by doing things like:

  • Using include files to eliminate duplicate sudo policies between systems
  • Managing sudo consistently across multiple systems
  • Avoiding ALL
  • Using groups instead of user names
  • Specifying secure_path
  • Logging
  • Configuring timeouts

Finally, Paul Harper, product manager from BeyondTrust, will review commercial options for augmenting sudo and attaining least privilege on UNIX and Linux.

This will be a very technical and useful webinar to help you improve the security, manageability, compliance and accountability of your *nix environment.

View Webinar

Basic Blocking and Tackling for Defending Against Advanced Targeted Attacks

With Larry Brock, former CISO at Dupont | 1:00:22

If your company has valuable information (IP, PII, credit card, banking information, etc), you probably have been or soon will be a victim of an advanced targeted attack. Given the large number of high impact notable breaches, many corporate leaders have become aware the threat and are willing to take actions. With the plethora of security solutions, marketing hype and limited budgets, what are the most cost effective things that you should do?

In this webinar, Larry Brock of Brock Cyber Security Consulting and former CISO of DuPont, will review the top breaches, root issues and discuss several actions that companies should do to help defend against these types of attacks. He will also touch on:

  • Addressing the risk of users with administrative privileges
  • Reducing the risk of sharing administrative credentials
  • Protecting what matters
  • Controlling egress from your network
  • Detecting cyber attacks early
  • Discovering your weaknesses
View Webinar

Avoiding the 10 Deadliest (and Most Common) Sins for Securing Windows

With Paula Januszkiewicz, Security Expert MVP | 59:13

Security audits are the best opportunity to become familiar with the common (and uncommon) Windows security mistakes made by sys admins. Unfortunately, too often the common mistakes are actually very serious and can even lead to major security breaches. But where do you start? How do you avoid such mistakes? Reasons for misconfigurations can range from lack of time or knowledge, to the inability to monitor systems effectively. Other cases could show a misuse of privileges or lack of password management. Whatever the scenario might be, as a Windows Sys Admin, you have to be prepared for a plethora of mistakes.

Join Security MVP, Paula Januszkiewicz, in this exciting one hour session and learn more about the commonly seen 'infrastructure sins'. Of course there are more than 10, but if you start to fulfill all of these shown on the session, your network will become significantly more secure! This is a webinar you don't want to miss.

View Webinar

Common Mistakes That Can Expose Your Organisation to Cyber-Attacks

With Marcus Murray & Hasain Alshakarti, Enterprise Security MVPs | 1:03:05

During this live hacking session, the TrueSec Security Team, will share their experiences of the worst security mistakes they have encountered during their careers and will demonstrate what these vulnerabilities are and how they were targeted during live incidents or discovered during penetration tests.

This is the perfect session for an MVP guide on what you don't want to have in your IT environment to avoid exposure to potential cyber-attacks.

View Webinar

2015: The Year You Finally Get Control of Privileged Users

With Dave Shackleford, SANS Instructor | 54:04

Over the years, as IT operations have grown to be mission-critical aspects of most businesses and organizations, security teams have seen a marked increase in attacks that leverage privileges. Whether privileged business unit users or IT administrators, privileged accounts can be used by malicious insiders and external attackers alike to cause enormous damage. Many data breaches in the last several years have included privilege abuse components, and the problem is getting worse all the time.

In this webinar, Dave Shackleford, SANS Instructor and Voodoo Security Founder, will discuss some of the more interesting examples of privilege abuse in known data breaches and attacks over the last several years. We'll then delve into areas of privileged access that you may not even know you have, and finally lay out a strategy to start getting a handle on privileged account management in your organization in 2015.

View Webinar

Why Your Vulnerability Management Strategy Isn't Working

With Rick Holland | 0:00:00

Vulnerability management solutions are now 'standard issue' in practically all IT security departments. When it comes to scanning for security exposures, these products are essentially commodities and can all do it well. So why do security professionals still have such mixed results with VM solutions?

Please join BeyondTrust and guest speaker Rick Holland, principal analyst at Forrester Research, for a webinar that will examine what makes some vulnerability management practices successful and what makes others fail. During the presentation, you'll learn:

  • Why vulnerability scanning isn't vulnerability management
  • What you can do to make better sense of vulnerability data
  • Where breakdowns happen between "finding" and "fixing"
  • Which policies are critical to effectively bridging VM with IT operations
  • How to get closer to true Continuous Monitoring
  • This webinar is ideal for security leaders seeking to modernize their vulnerability management processes for optimal risk reduction and compliance.

Everyone will receive a link to a recording of the presentation, so be sure to register even if you can't make the live session!

View Webinar

Beyond Root: Securing Privileged Access in Linux

With Randy Franklin Smith, Security MVP | 58:09

Like UNIX, at its core, Linux’s secure model is basically monolithic. You either have root access or you don’t. But root access is too powerful for so many reasons. And routinely using the actual root account, while easy and still frighteningly common, is so dangerous it borders on negligent. Auditors know about root and what questions to ask. In fact some auditors already have their risk findings written up regarding root and privileged access before they even begin assessing your environment.

The good news is that there are a variety of things built on top if Linux to make privileged access more granular, more accountable, more auditable and overall more secure and in this webinar Randy Franklin Smith will show you how root access and least privilege management works in Linux. ÿYou will learn about how administrators can still do their work efficiently without logging on as root. ÿRandy will show you how sudo work and how you can use sudo to:

  • limit which commands users can execute
  • ensure accountability between admins
  • eliminate logons as root
  • create least privilege profiles that allow people to get their work down without sacrificing security

We will also discuss things like:

  • How to monitor misuse of root access
  • How to protect root accounts and passwords
  • Controlling shell access
  • Auditing logons, commands and other activity
View Webinar

Building a Proper Security Program for Success in 2015

With Dr. Eric Cole | 1:01:07

Organizations often approach security like firefighters approach their job. Whoever calls and has the biggest problem, that is what the current focus becomes. While that firefighting may work to a point, it leads to a very disjointed approach to security. While many organizations have a firewall, IDS and vulnerability scanner, they often do not have a proper approach to securing their organization.

In this webinar SANS Instructor, Eric Cole, will walk attendees through the proper way of building a security infrastructure and setting up your organization for success in the year ahead.

The most critical part of a building is the foundation and the most critical part of an organization is the foundation. The core foundation for security includes 1) asset identification, 2) configuration management, and 3) change control. Once the foundation is in place proper access to critical data must be controlled and systems must be maintained by managing vulnerabilities across the critical systems.

At the end of this talk, you will have the proper approach to implementing a proper security program in 2015 and not repeat the sins of the previous year.

View Webinar

How to Manage Active Directory without Windows Administrator Privileges

With Russell Smith, Windows Security Expert & MCSE | 53:16

The widespread use of domain administrator privileges for everyday computing tasks by IT staff, poses one of the biggest security risks to organizations.

In this session Russell Smith, author of Least Privilege Security for Windows 7, Vista and XP, discusses how the careless use of domain administrator privileges can result in a compromised network. He will also share tips for managing Active Directory and performing administration tasks on domain controllers without giving IT staff perpetual domain administrator access.

In this session, you will learn about:

  • Virtualization of domain controllers
  • Delegation of privileges to manage Active Directory and domain controllers
  • Just Enough Administration (JEA) and PowerShell Remoting
  • Protected Users group and Authentication Silos in Windows Server 2012 R2
  • Just in Time (JIT) administration - Windows Server vNext
View Webinar

Eyes Wide Shut: What Do Your Passwords Do When No One is Watching?

With Paula Januszkiewicz, Security Expert MVP | 1:01:05

Secure password management has become a crucial process within the enterprise these days. But the demand of managing passwords for multiple networks, systems, and users is constantly evolving and burdening security teams. With such a burden, too often an approach used is to reuse the same passwords for different systems or access local accounts on users' workstations. We need to remember that wherever and whenever we enter the password in the password field, there is at least one mechanism that must recognize it in order to use it later for its designed purpose. ÿ

In this intensive webinar session with Security MVP, Paula Januszkiewicz, learn the encryption and decryption password techniques being used in systems, networks, and applications today. Paula will look at the various technology holes and weaknesses and try to take passwords from the places where they are used by the operating system and try to perform severalother operations. She will demonstrate how to locate passwords in some unexpected places and then show you what you can do to mitigate these risks.ÿ

This is going to be a webinar you don't want a miss. Have a cup of coffee before attending!

View Webinar

The Few, The Proud, The Privileged: Controlling the Use of Administrator Passwords to Achieve Critical Security Control #12

With G. Mark Hardy | 44:33

If you are like most agencies you are faced with the daily reality that compliance does not equal security. Yet that is the challenge you face when trying to eliminate admin privileges or get control over the use of shared administrator credentials. How do you attain least privilege to improve security while controlling and auditing shared account access to meet compliance objectives? And how do you accomplish all of this as efficiently as possible? Join G. Mark Hardy as he explores the challenges of controlling privileges to balance security and compliance requirements, what the range of options are and how BeyondTrust PowerBroker makes the process simpler and less risky.

View Webinar

Active Directory Recycle Bin: Is it Enough?

With Jeremy Moskowitz | 53:52

Did you know you already have a way to restore objects if you (or your team members) inadvertently whack a user, a group or an OU? Maybe you've heard of the Active Directory Recycle Bin, but cannot find it on your servers. Or, maybe you know how to access it, but are unclear about what it can and cannot do.

Join an engaging webinar, led by Group Policy MVP Jeremy Moskowitz of GPanswers.com and learn how to use the Active Directory Recycle Bin and see what it can, and cannot do. Then learn from BeyondTrust, how you can increase your ability and protection when Active Directory objects are deleted.

View Webinar

Hacks, Breaches, and Vulns, Oh My! Reviewing this Year's Top Security Events & Planning for 2015

With Dave Shackleford, SANS Instructor | 53:14

Whew! The year 2014 has been quite a ride for security professionals. We've seen major data breaches, huge problems with open source libraries and software, new types of attacks on critical infrastructures and embedded devices, and much more.

Join SANS Instructor and Founder of Voodoo Security, Dave Shackleford for a webinar that will recap some of the most interesting and important security happenings from 2014, with an eye toward what to expect in 2015. He'll also take a look at some ways you can possibly prevent some of the biggest issues from 2014 from happening all over again next year.

View Webinar

Rewinding Sony Pictures: 5 Privilege and Password Management Strategies for Avoiding Epic Security Breaches

With Rod Simmons, BeyondTrust Product Group Manager | 43:40

The recent Sony Pictures breach was devastating and embarrassing on many fronts. Attackers exposed several violations of security best practices, revealed thousands of unprotected passwords, and published reams of sensitive information.

Join BeyondTrust for a webcast presentation that will explore what we know about the Sony Pictures breach and discuss password and privilege management strategies that would have contained the damage - if not prevented the initial compromise.

During the webcast, Rod Simmons, product group manager at BeyondTrust, will analyze the Sony Pictures breach and present practical tips for:

  • Protecting and rotating passwords
  • Monitoring privileged access to sensitive systems
  • Flagging suspicious user and system activity in real time
  • Securing connections via bastion hosts
  • Eliminating administrator privileges without hampering productivity

This presentation is ideal for IT and security leaders charged with protecting passwords and managing privileged access to critical infrastructure.

View Webinar

Your Operating System's Secrets: How to Audit and Detect Changes & Hidden Launch of Malicious Code

With Paula Januszkiewicz, Security Expert MVP | 0:00:00

Where would you look if you were required to gather information about changes and activities in your Active Directory or operating system? What would you do if an attacker got into your infrastructure, used a server's misconfiguration, and created themselves an account? Those possibilities are endless and very frightening to any IT security person. The dark secrets your operating system may be hiding seem endless but there are ways to audit, trace, and protect beyond what you may actually see. Join Security Expert & MVP, Paula Januszkiewicz and see firsthand how to perform varying analyses and audits to gather evidence and identify malicious and unwanted actions within your infrastructure.

Join Security Expert, Paula Januszkiewicz in this engaging session and become familiar with:

  • Tracking system-related changes and updates
  • Establishing informative monitoring & auditing techniques
  • Identifying what areas malware may be leveraged
  • Tracing the steps of unnecessary changes or malicious activities
View Webinar

Executive Roundtable: Knocking Out IT Security Threats in 2015

58:05

As we approach the end of 2014, it's important to look back on the year in cyber security and reflect on what we can do better. 2014 was a year full of cybersecurity news, with companies and government entities of all sizes being severely impacted by internal and external threats. With the volume and veracity of hacks and breaches that took place this year, we have to ask ourselves important questions as we move into 2015, including:

  • How did our security programs measure up?
  • Where did we fall short?
  • How can we be better prepared and focused for 2015?

Join this engaging webinar with three seasoned security executives who will discuss their thoughts around the industry and their approach to tackling security in 2015. This interview and panel discussion will touch on their viewpoints from both vulnerability and privilege management perspectives, while addressing tough questions, including:

  • How can companies better prepare for and mitigate insider threats?
  • Are brute force attacks still an issue and something to look out for in 2015?
  • What is the value of cyber intel?
  • How can companies implement cybersecurity best practices?
  • What is the end state for cybersecurity?

Panelists: Marc Sachs, Vice President for National Security Policy; Geoff Hancock, Senior Cybersecurity Executive; Marc Maiffret, CTO at BeyondTrust

Interviewer: Mike Yaffe, VP of Marketing at BeyondTrust

View Webinar

Active Directory Auditing Tips to Reduce Clutter & Improve Security

With Darren Mar-Elia, Microsoft MVP | 57:03

In this webinar Darren Mar-Elia, Microsoft MVP, will show you how auditing works in Active Directory and how to configure and deploy it to reduce clutter and improve security. He'll dive into how you can manage auditing using Group Policy, what the various audit events mean, and how you can configure auditing to get the most useful information around Active Directory changes.

He'll also show live examples of configuring auditing and making sense of specific audit events, and how you can augment the default auditing in AD through changes to object SACLs.

Join this engaging webinar with Darren to learn:

  • How to configure AD auditing using Group Policy
  • Best practices for tuning auditing to reduce noise
  • How to modify what gets audited within AD
  • How to interpret native auditing events
View Webinar

Improving Student Outcomes without Compromising Security: The Higher Ed CISO in 2015

With Wayne Brown | 39:45

The volume and veracity of attacks and breaches continues to rise and institutions of higher education are looking to the CISO to create an environment that mitigates risks without compromising the institution's mission or inhibiting student outcomes.

Attend this webinar and learn how the results of the CHECS survey of higher education CISOs and CIOs will help you define:

  • The state of your current information security program
  • The CISOs place in the organizational hierarchy and CIO and CISO opinions on the right place for the CISO
  • Attributes and skills needed for the role of CISO
  • How to prepare for the CISO role and the CISO career path
View Webinar

Improving Windows Security and User Empowerment

With Derek Schauland | 39:10

With the increase in malware, unintended installations, and the heavy reliance on administrative access on Windows desktops today, Microsoft's User Account Control (UAC) can be a good tool to use in keeping an environment secure against these ever-evolving threats. It's a good start but unfortunately UAC is not perfect.

Join this engaging webinar with Derek Schauland, Microsoft MVP, and learn how you can effectively amp up your Windows desktop security while still empowering users to get their jobs done. Learn how PowerBroker for Windows helps companies work with User Account Control to ensure that employees can access the applications they need without needing it to disable the feature.

Takeaways for this session:

  • Understanding the good and the bad of User Account Control (UAC)
  • See how UAC can work with other solutions to help keep systems secure and allow the empowerment of End Users
  • Be able to explain UAC to others on your team and throughout the organization so key players can see why certain decisions are necessary and why security should be a top priority
View Webinar

Boost Your IT Security for the Holiday Season

1:02:29

The holidays are generally a time for family, friends and cheer, but with all of this cheer comes something lurking in the dark; security breaches. As we prepare for the upcoming holiday season, it is imperative for organizations to understand the importance of implementing a security and compliance strategy. The most important components to address are least privilege, auditing, password management, and compliance.

Join this engaging webinar, hosted by Oracle and BeyondTrust, to learn how you can best protect your organization during the upcoming holiday season. By attending this webinar, you'll learn:

  • Why it's important to implement a least privilege strategy this holiday season
  • Understanding your organization's data security compliance efforts
  • Managing and implementing least privilege with BeyondTrust PowerBroker & Oracle Linux
  • What you can do NOW to beef up your organization's security & compliance program
View Webinar

Why Password Authentication is Broken, and How to Fix It

With Dave Shackleford, SANS Instructor | 0:00:00

At the beginning of August, a news story broke claiming that Russian hackers had stolen over a billion internet passwords. In later weeks, some skepticism was cast on that story in its entirety, but that story is really just another in a long line of password breaches.

This begs the question - why do we keep experiencing these breaches? What impact do they have, and how do we get ahead of this concern? In this webinar with SANS Instructor, Dave Shackleford, we'll examine some of the more high-profile password breaches in the recent year, and look at why these may be happening. We'll also explore how more attention to privileged account and vulnerability management can play a big role in getting a handle on these types of issues in your own environments.

View Webinar

What the Sleeping Security Guard Taught Me About Privileged Account Management

With Drew Maness | 0:00:00

A decade ago "Convergence" - the combining of physical and digital security - was heavily debated by the greater Infosec community. Convergence never really took traction. While similar in their tactics; loss prevention and cyber security's approach to solving their respective problems are different. What could the IT Security professional have to learn from the sleeping security guard?

During this webinar, Drew Maness, Chief Strategist at Cypro Solutions, will discuss how his experience running a dual Loss Prevention and Digital Content Protection program enhanced his approach to cyber security and privileged account management. Drew will walk attendees through the importance of fusing together the concepts of physical security, workflow data classification, least privilege, and vulnerability management.

During this webinar Drew will also discuss:

  • Why identifying workflow and data movements is critical to internal and external risk reduction
  • Understanding the insider threat
  • How physical controls should complement your least privilege strategy
  • How to implement a holistic vulnerability and privilege management blueprint
View Webinar

Tips for Removing Privileged Credentials from Windows Users without Impacting Usability

With Russell Smith, Windows Security Expert & MCSE | 49:16

Join Russell Smith, author of Least Privilege Security for Windows 7, Vista and XP, and learn about strategies for securing end user accounts without negatively impacting usability. This webinar looks at using technologies native to Windows to minimize the risk of system and data compromise, including solving problems with legacy application compatibility in least privilege environments, application control, User Account Control (UAC), and embracing Microsoft's new application architecture (Windows Store apps) in Windows 8.

During the session attendees will learn:

  • How the Application Compatibility Toolkit (ACT) can solve compatibility problems associated with legacy applications running in least privilege environments
  • Why using Windows 7 (and later) AppLocker is important in addition to removing administrative rights
  • Why User Account Control isn't just about annoying security alerts
  • The security benefits of apps developed using the Windows Runtime (WinRT), and allowing users to install apps from the Windows Store
View Webinar

Uncovering the One Common Thread of all Major Attacks

With Larry Brock | 0:00:00

Today's threats from advanced targeted attacks and privileged insiders require companies to significantly improve their abilities to manage their privileged accounts. In this webinar, Larry Brock, former CISO at Dupont, will discuss the one common thread of all recent major attacks; compromised privileged credentials.

Join this insightful webinar to find out why it is critical to address these threats and learn:

  • Why your CEO is concerned and what the business drivers are
  • Pitfalls to avoid when managing privileged credentials
  • Best practices for implementing least privilege and escalating privileges
  • Tips for session management and monitoring
  • What to look for in privileged account management suites
View Webinar

Turbo-charging Group Policy Auditing: Upgrading Microsoft's standard equipment

With Jeremy Moskowitz | 0:00:00

Microsoft's Group Policy is awesomely powerful. With one click, you can increase conformity to desktops, update look and feel settings, and increase overall desktop security. But when Group Policy Objects and their settings are created and edited, do you know what happens underneath the hood? An even better question is how do you audit these types changes? When you have a team of administrators, are you able to answer the questions; "who made what change?" and "did my setting actually make it there??"

Join this engaging webinar with Jeremy Moskowitz, Group Policy MVP and Founder of GPanswers.com and PolicyPak Software, to learn exactly what's possible with Microsoft's in-the-box utilities and additional techniques to ensure that when you make changes, you have a true handle on what's happening within your network.

View Webinar

Password Credential Theft Techniques and Prevention Methods

With Paula Januszkiewicz, Security Expert MVP | 1:046

Wherever and whenever you log on to any Windows workstation or servers you leave your password credentials behind. The common knowledge is that when we set up our password in Windows it is hashed and stored either in SAM or a ntds.dit database in Active Directory. This is useful for verification purposes, but if your operating system can re-use the password it means others can decrypt it! Another thing is that when a hash is cached may be reused for authentication later.

Join Paula Januszkiewicz, Enterprise Security MVP and Microsoft Security Trusted Advisor, in this engaging webcast to learn about the famous pass-the-hash attack, learn the encryption and decryption techniques being used nowadays in systems, networks, and applications, and learn how to prevent password credentials from being leaked!

  • How to prevent password credential leakage in Windows
  • How credential attacks work
  • What is the role of cryptography for passwords in Windows
  • How Pass-The-Hash attacks work and how to prevent them
View Webinar

Know Thy User: An Actionable Guide to Privileged Account Management

With Dr. Eric Cole | 1:01:58

Organizations spend a significant amount of money on cyber security, but more often than not they don't focus on the right areas; internal threats. A key theme of security is Know Thy System & User. An organization cannot protect what it does not know about. Very often organizations focus their energy on advanced techniques but fail to build a proper privilege foundation that is required for success. Only by implementing least privilege, asset identification, configuration management and change control can an organization build security, inside and outside, that works.

In this engaging talk, Dr. Cole will discuss actionable items that show how to build a defendable network from the inside out. Find out what the top organizations are doing in setting up least privilege and access to properly protect their organizations.

View Webinar

Herding Cats: Best Practices for Windows Access Control and Privilege Management

With Kevin Johnson | 49:16

It's no secret that granting excessive privileges to Windows users is a breach waiting to happen, whether by malicious insiders or at the hands of an external attackers. But how do you rein in your end users without them hissing at every turn?

During this webinar, Kevin Johnson of Secure Ideas will present best practices for handling Windows authentication and access control. He will present techniques for discovering often-missed access and privilege issues within your organization's internal systems. You'll also learn how to secure these problem areas without creating new headaches for your end-users (and yourself).

Key takeaways include:

  • A checklist of Windows access control and privilege pitfalls
  • Techniques for identifying and addressing problem areas
  • Tips for balancing security and end-user productivity
View Webinar

Badusb: Is Firmware the Next Major Attack Surface?

With Dave Shackleford, SANS Instructor | 56:55

Recently, security researchers in Germany outlined a new type of USB firmware attack that could be used to completely hijack systems and introduce malware, redirect network traffic, and much more. Dubbed "BadUSB", this type of attack raises serious questions about hardware integrity, supply chain security, and how we currently prevent or detect deeply embedded malware. How can organizations prevent introduction of unauthorized devices that could potentially be infected with malware, at the firmware level?

Join Dave Shackleford, SANS Instructor & Founder, Voodoo Security in an engaging webinar where he'll discuss:

  • The "BadUSB" attack and other firmware security research and attacks of the last several years
  • Why you need to develop a sound supply chain security program
  • How privileged account and vulnerability management can help reduce your risk of unauthorized devices and related attacks
View Webinar

Vulnerability Management & Insider Threats from a Government Hacker's Perspective

With Marc Maiffret, BeyondTrust CTO | 0:00:00

Government agencies are confronting a threat landscape which is increasing in complexity and sophistication. Vulnerability assessment tools play a critical role in protecting the network from internal and external threats. Establishing controls around privileged access requires special attention in order to guard against threats that have commonly been seen in the headlines and forced organizations to re-evaluate whom has administrative privileges and how are they being used.

Join our webinar to maximize your situational-awareness about:

  • Privilege Account Management to create an internal perimeter with privileged access policies, auditing, and reporting.
  • Fusing Vulnerability and Privilege Management towards a common goal of security and operations collaboration.
  • Continuously monitoring your infrastructure with agency-specific security control settings and dedicated reports.
  • Redefining Insider Threats - how they can begin from outside and become real problems on the inside.
View Webinar

Build the Best Line of Defense for Your Windows Desktops

With Darren Mar-Elia, Microsoft MVP | 54:50

What's your defense strategy to protect against internal and external threats on your Windows desktops? During this live webinar presentation, Darren Mar-Elia, Microsoft MVP and Contributing Editor at Windows IT Pro Magazine, will take a look at what it takes to secure your Windows desktops against today's internal and external threats. He'll examine the collection of technologies within the Windows client OS for securing your Windows desktops and keeping your users and networks safe.

Darren will look at User Account Control (UAC) and other technologies that can help get to least privilege on user desktops, application white-listing using AppLocker, IE protected mode, and related features that can help ensure your desktops are well managed and secured.

By attending this webinar, you'll learn:

  • The various technologies in the current Windows OS for securing the desktop
  • The whys and hows of least privilege on Windows desktops
  • Best practices for securing your Windows desktops (including an overview of in-the-box and 3rd party solutions)
View Webinar

The Little JPEG that Could (Hack Your Organization)

With Marcus Murray | 56:14

It's amazing how easily modern IT environments can be breached and traversed, making exhaustive privilege and vulnerability management programs more critical than ever.

Please join us for a live demonstration of how easy it is for attackers to completely compromise your network during a webinar with Marcus Murray, Cyber Security Manager at TrueSec.

In this awareness session, Marcus Murray will demonstrate a live hack where he uses a specially crafted JPEG picture to circumvent the security mechanisms of a modern Microsoft Windows server 2012R2 Webserver. He will also use this foothold to leverage elevated privileges to expand influence over the entire network and compromise a Windows Server 2012 R2 Domain Controller. You'll learn:

  • How attackers can use seemingly legitimate files to open the door to your network
  • How unchecked privileged accounts can provide attackers with a free ride to critical systems and data
  • Which countermeasures you can take to increase security in your environment.
View Webinar

Saving Time and Money With a Security Consolidation Strategy

With Dave Shackleford, SANS Instructor | 59:48

Typically in smaller organizations IT folks wear many hats; operations, security, compliance, etc. Managing IT in a smaller sized organization has the same challenges as the larger ones, but with a greater limit on resources (people and dollars). Often smaller organizations have to make trade offs when it comes to security and compliance. This, coupled with the fact you are constrained to maximize your existing investments often leaves security as an afterthought.

Join SANS Analyst, Dave Shackleford in a webinar, where he'll discuss the various challenges SMBs face when implementing both vulnerability management and privileged account management programs, including technical and operational concerns. Dave will touch on:

  • The key benefits organizations can glean from working with vendors that offer best-in-class solutions for each of the critical controls
  • How compliance and auditing programs can achieve more effective results
  • Can consolidating vendors be the answer?
View Webinar

PowerBroker Password Safe 5.2: A New Approach to an Age-Old Problem

With Martin Cannard, BeyondTrust Product Manager | 55:48

Over the past several years, we've seen many cases where privileged user accounts were compromised as part of large-scale breaches. Your assets are only as strong as the weakest link, and attackers have shown how shared accounts can be easily exploited to gain unauthorized access.

This webinar will explore privileged account management challenges facing organizations today and highlight how PowerBroker Password Safe v5.2 can help you achieve compliance by controlling access to your business-critical information. You will learn:

  • How asset scanning and auto-discovery can help assess, control and maintain security for privileged accounts
  • How to ensure a positive end-user experience when implementing a password management solution
  • How integrated privilege and vulnerability management can bring greater context to daily security initiatives

View Webinar

AD Change Auditing: Separating the Good from the Bad

With Darren Mar-Elia, Microsoft MVP | 56:01

Changes in AD are not like other infrastructure changes. Many changes, like updating a department name, might pose little risk. Other changes impact compliance and could dramatically impact user authentication and productivity across the organization. Even though AD is not typically subject to rigorous change control, there is value in having some change control around critical AD changes, but which changes make sense to control?

During this webinar, Darren Mar-Elia, Microsoft MVP and Contributing Editor at Windows IT Pro Magazine, will discuss AD auditing and what makes sense to monitor in AD and what's a waste of time. You'll learn:

  • Which AD change scenarios make sense to put under change control
  • What you should be auditing for compliance and why
  • How to leverage AD auditing effectively
  • How to prevent AD changes that can hamper user productivity

This webinar is ideal for AD administrators that want to save time and effort, and security leaders responsible for reducing risk to their organization.

View Webinar

How to Stop Pass-the-Hash Attacks on Windows Desktops

With Dave Shackleford, SANS Instructor | 1:048

One of the most popular presentations at Microsoft TechEd demonstrated how simple it is to leverage password hashes stolen from a single end-user machine to compromise entire IT infrastructures. Unfortunately, most organizations still rely on ineffective techniques to prevent Pass-the-Hash from opening doors to attackers.

Join BeyondTrust and Dave Shackleford, SANS analyst and owner of Voodoo Security, for a discussion of how Pass-the-Hash attacks work and how to secure your organization against them. You'll learn:

  • Why attackers love Pass-the-Hash and what puts you at risk
  • How to measure your susceptibility to Pass-the-Hash attacks
  • What to do to mitigate Pass-the-Hash threats in your environment

As an added bonus, all attendees will receive a free 30-day trial of PowerBroker for Windows, a privilege management solution that can prevent Pass-the-Hash attacks from wreaking havoc on your network.

View Webinar

The Privileged Identity Management Health Check

With Andras Cser | 51:00

The purpose of this webinar is to help companies understand the importance of a Privileged Identity Management (PIM) platform and analyze recent PIM trends in threat mitigation, behavioral analytics, business user involvement, and cloud support. In this webinar, Cser offers his insight into the following four trends in PIM and how they can work for your business:

  • PIM as threat mitigation
  • Behavioral analytics to separate out anomalies
  • Business user and privileged user overlap
  • Organized and secured cloud operations

For more of Cser's insight into PIM trends, and for Forrester's view of what's to come, view the on-demand webinar below.

View Webinar

CISO Peer Webinar: Aligning Privilege and Vulnerability Management

With Larry Brock, former CISO at Dupont | 57:56

In today's hectic threat environment, peers and mentors can provide fresh perspectives on tackling IT security challenges. With a 30-year career, including CSO of Dupont and security leadership positions at the U.S. NSA, Larry Brock is a good guy to have at your table. Join BeyondTrust for the first in a series of CISO Peer webinars in which Larry will share actionable tips gleaned from working with some of the world's most security-conscious organizations.

During this first webinar in the series, Larry will discuss how to align your organization's privilege and vulnerability management activities for more agile and efficient risk reduction. You'll hear how he did this at Dupont and learn from case studies on:

  • Evolving risk management practices to stay current with business and compliance drivers
  • Understanding the connections between user- and asset-based risks in your environment
  • Facilitating streamlined, collaborative risk reduction between Security and IT Operations groups
  • Creating a prioritized action plan for addressing the imminent threats

This webinar is ideal for any security leader interested in practical lessons from the real-life successes (and failures) of a true veteran in the field.

View Webinar

Is Your User Security Program Risky or Risk-Focused?

With Dr. Eric Cole | 58:59

It's a fact: Poorly managed user privileges will torpedo otherwise secure IT infrastructure. Too often, security programs concentrate on the scan/patch cycle while losing focus when it comes to user security.

During this live webinar presentation, Dr. Eric Cole, a key participant in the development of the 20 Critical Security Controls (CSC) will share straightforward tips for implementing Controls 12 and 14-16, which are designed to mitigate user-based risk. You'll learn:

  • How external attackers take advantage of excessive user privileges
  • What you should be auditing and what to look for in audit logs
  • Why 'Need to Know' and 'Least Privilege' should be part of your lexicon
  • How to monitor and control accounts without hampering user productivity

This webinar is ideal for security leaders responsible for reducing user-based risk in corporate or government IT environments.

View Webinar

Surviving the Vulnerability Data Maelstrom

With Dave Shackleford, SANS Instructor | 58:26

Everyone knows that vulnerability management (VM) is best practice, but are you sure your vulnerability program is really working amidst all the noise? If your VM processes are like most, you're probably drowning in information, figuring data you can cling to, and wondering whether your scanning and reporting tools are revealing real risks (or just throwing every tiny issue at you). Join Dave Shackleford, founder of Voodoo Security and SANS senior instructor, for a BeyondTrust webinar covering:

  • How to isolate what's really important from reams of vulnerability data
  • Which factors most influence vulnerability risk and criticality in your environment
  • Who should be involved in the VM process, and how to motivate them with the right data
  • How to weave vulnerability management into your organization's broader day-to-day operations

Dave will also share his latest tips for keeping your vulnerability management processes efficient and effective in the current threat environment. You'll walk away with practical guidance for improving your VM program today.

View Webinar

Leveraging AD as a Unified Identity Store

With Darren Mar-Elia, Microsoft MVP | 43:29

AD is in use in almost organization these days, to varying degrees. But there is a significant advantage in building a unified identity store on top of the directory. From authentication and authorization for users, to applications, to a variety of platforms, AD can provide a single 'source of truth' for identifying people and their functions despite organizational changes.

In this webinar, Darren Mar-Elia, Group Policy MVP and Contributing Editor at Windows IT Pro Magazine, discusses the advantages of consolidating identity on AD, including greater ongoing control over access to corporate resources and a single platform to audit that use. He also looks at ways you can reduce your identity footprint by consolidating onto AD, and how it can help as you move into the world of cloud identity.

View Webinar

Tips from the Experts: Rapidly Deploying PowerBroker with Oracle VM Templates

56:56

Oracle VM application-driven architecture is designed for rapid application deployment for both Oracle and non-Oracle workloads. Using Oracle VM Templates, entire application stacks can be pre-installed, pre-configured for rapid deployment. With Oracle VM Template for BeyondTrust's PowerBroker, customers can standardize the deployment of their security software, eliminate the installation and configuration costs, and reduce the ongoing maintenance and support costs, hence helping organizations achieve faster time to market.

Join us to hear from Oracle and BeyondTrust experts on how you can benefit from the combined solution to further automate and simplify the deployment of real security in your IT environment.

View Webinar

Understanding & Prioritizing Today's Threats

58:51

Security is no one-size-fits-all endeavor. In this Webinar, you will learn from the experts how to determine and prioritize which threats apply to your enterprise and how to build in the appropriate defenses against today's constantly evolving attacks. This webinar will provide insight and advice from renowned security experts on how to:

  • identify which new and existing threats could be used against your organization
  • prioritize these applicable threats
  • pinpoint the proper security practices and processes to protect your resources
  • find possible weak links in your infrastructure that could be abused
  • establish a strategy for triaging new threats
View Webinar

Are You a Target? Recreating the Target Breach

With Kevin Johnson | 1:01:20

In this presentation, Kevin Johnson, SANS Senior Instructor and CEO of Secure Ideas, will walk through what we know of the breaches such as Target's, Macy's and Neiman Marcus. This 60 minute webinar will first look at the public information then walk through how the scenarios work. We will then outline some ways that you can find out if your organization has similar problems. Attend this webinar with Kevin Johnson to get a complete understanding of:

  • How attacks like the Target breach happen in the first place
  • The various attacks possible
  • The techniques that can be used to help prevent these problems in the future
View Webinar

Are Your Security Controls Built on Sand or Stone

With Dr. Eric Cole | 58:45

Everyone knows that a house without a solid foundation will not last very long. However, when it comes to IT security, too many organizations focus on building a beautiful house without laying the proper foundation. During this presentation, Dr. Eric Cole, a key participant in the development of the 20 Critical Security Controls (CSC) will share straightforward tips for implementing Controls 1-4, which form the bedrock of the CSC:

  1. Inventory of Authorized and Unauthorized Devices
  2. Inventory of Authorized and Unauthorized Software
  3. Secure Configurations for Hardware and Software
  4. Continuous Vulnerability Assessment and Remediation

While seemingly straightforward, these controls are often overlooked or improperly addressed - as made evident by several recent breaches. You'll learn:

  • Where big organizations stumble + why small companies aren't safe
  • What you need to do to really understand what's in your environment
  • How to move from vulnerability scanning to vulnerability management
  • How to integrate these practical controls into your daily operations
View Webinar

Part Two: Achieving HIPAA Compliance in Virtual Environments with BeyondTrust

0:37:52

If your organization is migrating sensitive data to virtual data centers, you know that adhering to PCI DSS, HIPAA and other compliance mandates can be a challenge. Aligning internal security processes with regulations and generating reports is notoriously time-consuming and costly. BeyondTrust can help.

Please join BeyondTrust and Coalfire for a two-part webinar series focused on how you can leverage BeyondTrust Privileged Account Management (PAM) and Vulnerability Management (VM) solutions to fulfill specific PCI DSS and HIPAA requirements for virtual environments.

View Webinar

Best Practices for Active Directory Auditing

With Darren Mar-Elia, Microsoft MVP | 56:06

Active Directory is THE identity store for many organizations - providing authentication and authorization for critical company resources. As a result, knowing what is changing within AD, whether it's group membership changes, user department changes or objects moving around the directory, you need to know about it in a timely manner to ensure that policies around data access and resource usage are consistent with your security and compliance needs. In this webinar, Darren will discuss the ins and outs of AD auditing, including:

  • How auditing works in modern versions of Windows Server
  • Best Practices for configuring AD auditing for maximum benefit and minimum noise
  • What you can expect from native AD audit data'the benefits and pitfalls
View Webinar

Part One: Achieving PCI Compliance in Virtual Environments with BeyondTrust Privilege and Vulnerability Management Solutions

43:11

If your organization is migrating sensitive data to virtual data centers, you know that adhering to PCI DSS, HIPAA and other compliance mandates can be a challenge. Aligning internal security processes with regulations and generating reports is notoriously time-consuming and costly. BeyondTrust can help.

BeyondTrust and Coalfire host a two-part webinar series focused on how you can leverage BeyondTrust Privileged Account Management (PAM) and Vulnerability Management (VM) solutions to fulfill specific PCI DSS and HIPAA requirements for virtual environments.

View Webinar

Fusing Privilege and Vulnerability Management with BeyondInsight

41:07

The BeyondInsight IT Risk Management Platform is an integrated suite of Privileged Account Management and Vulnerability Management software solutions used by IT professionals and security experts to collaboratively:

  • Reduce user-based risk and mitigate threats to information assets
  • Address security exposures across large, diverse IT environments
  • Comply with internal, industry and government mandates
  • Provide synergy and collaboration for multiple teams from operations to security

Join us for a 1 hour webinar where we will walk you through the situation of the current threat landscape, the new features and functionality of BeyondInsight, and why it's important to organizations today.

View Webinar

Leveraging the Critical Security Controls to Mitigate User and Asset-based Risk

With Dr. Eric Cole | 1:04:16

The 20 Critical Security Controls (CSC) have been proven by top public and private security agencies to effectively mitigate cyber threats. During this presentation, Dr. Eric Cole, SANS fellow and a key participant in the development of the (CSC), will focus on the 8 controls specifically designed to address user and asset-based risks. In this webinar, you will learn:

  • The 5 Critical Tenets of an effective cyber defense system
  • The 5 Quick Wins that can deliver solid risk reduction with minimal hassle
  • Techniques for gaining a better understanding of vulnerabilities, privileges and other key points of exposure

You'll walk away with practical tips for leveraging the CSC to more effectively mitigate user and asset-based risk throughout your organization.

  • Where privilege and vulnerability management fit into today's threat landscape
  • Which asset and user data points are key to understanding and prioritizing vulnerabilities
  • What steps you can take to interconnect your privilege and vulnerability management processes
View Webinar

The 5 Things Every Linux Administrator Should (and Should Not) Do When It Comes to Privileged Account Management

With Avi Miller & Paul Harper | 58:54

Join Avi Miller, Product Manager, at Oracle and Paul Harper, Product Manager, at BeyondTrust for a 60 minute joint webinar which will cover the 5 Do's and 5 Don'ts when it comes to privileged account management. They will also cover specifically how you can protect privileged accounts within the Oracle VM and Oracle Linux environment with BeyondTrust's PowerBroker for Linux solution.

  • Where privilege and vulnerability management fit into today's threat landscape
  • Which asset and user data points are key to understanding and prioritizing vulnerabilities
  • What steps you can take to interconnect your privilege and vulnerability management processes
View Webinar

Blending Privilege Vulnerability Management in 2014

With Javvad Malik | 40:48

Javvad Malik of 451 Research discusses how to quickly discern and prioritize security exposures by aligning your vulnerability management (VM) and privilege management (PM) programs. You'll learn how asset and user-based exposures are intertwined - and how establishing lines of communication between VM and PM operations delivers an effective gauge of relative risk. Javvad will walk attendees through:

  • Where privilege and vulnerability management fit into today's threat landscape
  • Which asset and user data points are key to understanding and prioritizing vulnerabilities
  • What steps you can take to interconnect your privilege and vulnerability management processes
View Webinar

Securing Windows Servers in 2014: What You Need to Know

With Darren Mar-Elia, Microsoft MVP | 57:14

Every year we see constant change and evolution in Windows vulnerabilities. As we prepare for 2014, it's a good reminder to note that it's not just the vulnerabilities that evolve but the tools that help harden security for Windows servers, as well. In this 60 minute webinar Darren Mar-Elia, Group Policy MVP and Contributing Editor at Windows IT Pro Magazine, talks about the free Security Compliance Manager tool from Microsoft, when and where it's effective and useful, and the best practices for securing your Windows Servers. BeyondTrust's Senior Director of Product Management, Morey Haber, will then briefly show you how tools from BeyondTrust can verify hardening procedures.

View Webinar

Security is Business As Usual Continuous Vulnerability Management

With Kevin Johnson | 1:00:10

With PCI-DSS 3.0 and other changes in the industry, vulnerability management is even more critical today. In this webinar, Kevin Johnson, CEO of Secure Ideas, will explore the "Business As Usual" model and how security is the often forgotten part. Kevin will discuss ways to improve your vulnerability management in cost effective AND effective ways. He will explore what this means and how to perform this type of continuous testing without overloading your already busy staff.

View Webinar

Vulnerability Intelligence: Not the Oxymoron You Think It Is

With Morey Haber, BeyondTrust Senior Director of Product Management | 56:00

Morey Haber, Senior Director of Product Management at BeyondTrust, provides an overview of how our products can help you solve the problems caused by this interesting two word paradox.

View Webinar

Learn About the Risks of Unnecessary Privileges

2:05

What happens when employees and contractors are indiscriminately given administrative access - or other unnecessary privileges - to your organization's servers and desktops? Is your organization at risk of unauthorized software installation, malware attacks, and even loss of proprietary data.

View Webinar

First Look at BeyondSaaS: The Easiest SaaS Vulnerability Scan Ever

30:27

A demonstration of BeyondSaaS, a cloud-based vulnerability assessment solution that gives you an attacker's-eye view of your IT perimeter. The solution delivers fast, efficient and affordable security assessments of your public-facing network infrastructure and web applications - providing you with in-depth vulnerability data and actionable remediation information. Start a free trial.

The result of over 15 years of development, BeyondSaaS is powered by one of the most effective and respected security tools on the market: BeyondTrust Retina. Key features include:

  • External network scanning of unlimited IP addresses
  • Black-box web application assessment
  • Unlimited user accounts
  • Assessments for PCI DSS and other compliance mandates
  • Clear vulnerability reports, including trending and remediation action items
  • Secure, two-factor authentication via Microsoft Live
  • Encrypted data transmission
  • No software or hardware install
  • No license management
View Webinar

Restricting User Privileges Doesn't Make You a Bad Person

52:51

IT teams cannot get in the way of business. Yet, they also have a duty to the organization to protect critical information and prevent attacks. It turns out the path of least resistance for many attacks is to target device users and wait for them to make a mistake, thus providing an opening for compromise. A reliable way to reduce attack surface and take the human element (and fallibility) out of the equation is to restrict the access of the employees. By limiting what they can do on their devices, you basically protect them from themselves.

Unfortunately, this can be a controversial method, given that employees want to do what they want and IT cannot get in the way of what these business leaders think is important. Thus, to move this approach forward you'll need to use one part technology (to not totally break the user experience) and one part persuasion to assure business folks they will still get their job done, but more securely.

In this webinar, Securosis analyst Mike Rothman will cover:

  • The kinds of attacks you face, and why traditional detection/prevention is failing.
  • The importance of limiting what unsophisticated users can do on computing devices.
  • How to roll out a least privilege approach without losing your job.
View Webinar

Going Above and Beyond Meeting Your PCI DSS Requirements

33:50

The latest version of the PCI DSS implements changes to effectively monitor and document how well vulnerability management programs are working within an organization. It is no longer possible to produce a report once a quarter without proof that a regular program is in place and that scanning and mediation activities are truly happening within acceptable time frames.

BeyondTrust has created a solution that goes above and beyond PCI DSS requirements by making it simpler and more efficient to generate applicable PCI reports, SLA's, and scorecards for management of your requirements. Join BeyondTrust's Morey Haber, Senior Director of Program Management, for a special, 30 minute demonstration, followed by live Q&A time of how our solution goes above and beyond meeting your PCI DSS requirements.

View Webinar

Part Three: Asset Identification and Inventory - The Missing Link in Vulnerability Management

48:20

Part 3 of a 3 part webinar series with SANS Analyst, Dave Shackleford, on Vulnerability Management. In our last installment of this series, we'll explore:

  • Why developing a system inventory is a critical part of your security program
  • How accurate inventory baselines can be used to develop metrics and reporting
  • How more accurate asset identification can be used to improve audits and vulnerability management overall
View Webinar

Minimizing the Impact of Restricting Admin Privileges for End Users

39:23

Struggling to migrate from Windows XP before support ends April 2014? Want to follow best practices and compliance requirements to mitigate risk? Is it possible to easily limit user privileges?

The advantages for limiting and eliminating Admin rights include:

  • Reducing exposure to malware or APTs that require Admin privileges to run
  • Implementing the concept of least privilege to limit access to systems, applications, and data
  • Allowing employees to perform their jobs, without impacting IT or end-user productivity
  • Preventing the Help Desk from being flooded with selective elevation of admin privileges temporarily

Join BeyondTrust security experts to learn about how this forced change impacts your operations and what you can do today to minimize that impact.

View Webinar

The 5 Keys to Context-Aware Vulnerability Management

2:37

Retina not only identifies security exposures across your entire IT landscape, but also gives you the insight you need to better understand, mitigate and communicate risk. Check out this video to see what makes Retina the most context-aware vulnerability management solution on the market.

View Webinar

Showcasing Retina Network Security Scanner Unlimited

With Marc Maiffret, BeyondTrust CTO | 1:07:06

BeyondTrust's CTO, Marc Maiffret, takes you through an introduction, demo and Q&A of Retina Network Security Scanner Unlimited. Retina Network Security Scanner is the fastest, most mature vulnerability assessment solution on the market, and is now available for only $1,200 per year. Features available in Retina Network Security Scanner Unlimited include:

  • Unlimited IP scanning
  • Web, database & virtual application scanning
  • PCI DSS scanning and reporting
  • SCADA scanning
  • Regulatory reporting
  • Scheduled scans
  • Web-based tech support
View Webinar

Taking a Hard Look at Your Vulnerability Management Program

With Mike Rothman | 49:52

Many think vulnerability management is a mature and staid technology. Au contraire, as the attackers continue to evolve and innovate their attacks, the definition of a "vulnerability" continuously evolves.

In this webinar, Securosis' Mike Rothman will revisit their "Vulnerability Management Evolution" research and discuss how to take a hard look at your VM environment. He'll also touch on the scenarios where you should consider moving to a new platform.

View Webinar

Part Two: It's All About Risk

With Dave Shackleford, SANS Instructor | 56:26

Part 2 of a 3 part webinar series on Vulnerability Management. In the second part of this webinar series, you'll learn:

  • How to sift through the "noise" of vulnerability scan data and find what's most useful
  • Prioritization strategies and tactics for providing the most useful and relevant data to operations teams
  • How to develop more accurate context for vulnerabilities, and determine the real risks you face
View Webinar

Managing Troubleshooting and Recovering Group Policy Objects

With Derek Melber (MCSE, MVP), Microsoft MVP | 1:00:32

Group Policy continues to grow as the main tool to secure your Windows environment. However, Group Policy does not come with good management tools to help ensure you have a stable and secure environment. Managing, troubleshooting, and recovering from a Group Policy issue is not easy and certainly not obvious.

In this webinar, Derek Melber, Group Policy MVP, will give you pointers to help you manage, troubleshoot, and recover from Group Policy issues faster and with greater reliability.

View Webinar

The Windows Desktop: A Hacker's Best Friend It doesn't have to be!

With Derek Melber (MCSE, MVP), Microsoft MVP | 47:26

It is all over the news! Employees are attacking their employer in an attempt to get money, notoriety, and revenge. Employees can use their corporate desktop, typically Windows based, to attack the network and gain a foothold into the data that they should not have access to. Closing off all of these attack surfaces requires an integrated approach of security and policy identifying the flaws 'attackers' are looking for and securing them, as well as implementing least privilege where necessary to reduce overall exposure.

In this webinar, join Derek Melber, Microsoft MVP, for an interactive presentation where he'll walk you through relevant use cases which demonstrate an effective approach to getting the best of both worlds of enforcing least privilege through effective policy management, while at the same time, ensuring the proper security and configuration of your Windows desktops.

View Webinar

Leveraging Group Policy to Generate a Security Baseline

With Derek Melber (MCSE, MVP), Microsoft MVP | 57:07

Derek Melber, Microsoft MVP, will walk you through the best practices and options available to help configure and secure your endpoints, as well as giving you real world techniques on how to best manage, create, troubleshoot, and deploy specific Group Policy settings and extensions.

As an MVP, Derek will be able to give you insight into areas of Group Policy that you did not even know existed making sure you walk away with actionable items to try right away!

View Webinar

Active Directory Auditing and Compliance

With Derek Melber (MCSE, MVP), Microsoft MVP | 44:33

In this webinar, you'll learn about real-time AD and GPO change monitoring for organizations of all sizes, how to enforce tighter security and audit procedures for your Active Directory environment, and how to decrease privileged identity security risks and protect against attacks and data loss resulting from the intentional or accidental misuse of privileged accounts and systems.

View Webinar

Part One: What Do You Need from Vulnerability Management?

59:22

BeyondTrust has teamed up with SANS Analyst, Dave Shackleford, for a 3 Part Live Web Event Series. Learn what information tends to be most valuable when running scans and assessing vulnerabilities, which reports that have the most business and technical impact and how to work with business units and operations teams to define a more practical, useful vulnerability management program

View Webinar

New Developments in Active Directory Security and Compliance

With Derek Melber (MCSE, MVP), Microsoft MVP | 47:49

Couldn't make it to MicroSoft's TechEd or TechEd Europe this year? No problem, we've got you covered. In this recording Derek Melber, Microsoft MVP walks you through all the new and exciting developments in Active Directory security and compliance!

View Webinar

Find It And Fix It - Integrated Vulnerability Management And Patching

45:39

Join BeyondTrust and Dustin Larsen of SM Energy to learn more on Integrated Vulnerability Management and Patching. Hear how Dustin was able to fully-integrate vulnerability scanning with patch management and much more.

View Webinar

Implementing Continuous Monitoring Across the Physical and Virtual Environment

36:45

In this 60 minute webinar, you will learn how an aerospace and defense company was able to successfully meet multiple security and compliance regulations Retina CS. This organization was challenged with several DoD requirements including security configurations and checks, vulnerability assessment and management, and patching; all of which required constant monitoring and maintenance.

View Webinar

Group Policy - Leveraging the Power and Avoiding the Pitfalls

With Derek Melber (MCSE, MVP), Microsoft MVP | 49:43

Learn the "Power and Pitfalls" of Group Policy and how it can help you better secure your organization and keep your users safe. Some points that are covered are: controlling local administrator passwords and group membership, how to map printers and more, using item level targeting to create dynamic desktop management, and much more.

View Webinar

PowerBroker for Windows - Advanced Tips Tricks and Techniques

1:03:49

Learn and explore advanced functionality with PowerBroker for Windows with our team of Windows Privilege Management experts. Some points that are covered include: how to audit your environment before you deploy policy, troubleshooting problem applications, advanced policy targeting, and much more.

View Webinar

Introduction To Windows Privilege Management

48:42

Learn the basics of network security and tools that you should be leveraging to create and enhance protection for your organization. PowerBroker for Windows, a cutting edge program that helps organizations significantly improve their desktop security by making it easy to remove administrator privileges from users without impacting productivity.

View Webinar

PowerBroker for Windows Desktop

30:00

PowerBroker Desktops is the fastest and easiest way to secure desktops by removing admin rights without end user disruption by selectively elevating privileges.

View Webinar

PowerBroker Identity Services "AD Bridge"

30:00

See how to utilize PowerBroker Identity Services Enterprise for Active Directory authentication, centralized management and audit reporting across heterogeneous non-Windows environments.

View Webinar

Beyond Traditional Security

30:00

BeyondTrust provides solutions that are beyond traditional security with a wide assortment of comprehensive IT security software products that can fit businesses of all sizes.

View Webinar

BeyondTrust Technologies

30:00

Leading provider of Vulnerability Management, Privileged Account Management and insider threats across physical, virtual, and cloud environments.

View Webinar

PowerBroker Management Suite

30:00

Protection and recovery, real-time auditing, user entitlement with interactive analysis, alerting and reporting for your critical Microsoft technologies.

View Webinar

PowerBroker Servers

With Jeremy Schmitt | 30:00

PowerBroker Servers empower IT with the ability to delegate root tasks and authorization on Linux, UNIX, and Mac OS X without ever disclosing the highly sensitive root password.

View Webinar

PowerBroker Databases

30:00

Address the threat to data security and compliance posed by un-controlled privileged database users.

View Webinar

BeyondTrust: Cyber Threats

30:00

Enabling threat-aware policy and actionable analytics across best of breed security solutions from Least Privilege to Vulnerability Management.

View Webinar

Retina CS: Installation and Deployment

30:00

Retina can be deployed as a standalone scanner, distributed throughout an environment and integrated with Retina CS for enterprise deployments.

View Webinar

Retina CS and Insight

30:00

Retina CS centrally manages risk across the entire infrastructure. Close the gaps across the vulnerability management lifecycle to reduce risk for your organization.

View Webinar

Basics for Reducing Security Risk - An Overview

With Derek Melber (MCSE, MVP), Microsoft MVP | 1:01:28

Derek Melber (MCSE, MVP), President and CEO of BrainCore.net Derek Melber, MCSE, MVP, is an independent consultant, speaker, author, and trainer. Derek's latest book, The Group Policy Resource Kit by Microsoft Press, is his latest best-selling book covering all of the new Group Policy features and settings in Windows Server 2008 and Vista.

View Webinar

Least Privilege For Server Administration In Microsoft Environments - A Bright Light At The End Of A Long Tunnel

With Don Jones | 43:36

Don has more than a decade of professional experience in the IT industry. He's the author of more than 35 IT books, including Windows PowerShell: TFM; VBScript, WMI, and ADSI Unleashed; Managing Windows with VBScript and WMI; and many more.

View Webinar

Turn Your Big Security Data into a Big Advantage

7:42

Join this online event, co-hosted by 451 Research and BeyondTrust, to learn from us how you can begin to leverage this information to drive a more dynamic security strategy, as well as to hear Andrew Hay from 451 Research discuss how this data is impacting the enterprise today.

View Webinar

eEye + BeyondTrust

22:23

With eEye, vulnerability management is no longer just about scanning. That's just step one! To truly safeguard your organization today, you need unified vulnerability management: find system weaknesses, quickly fix the most important, and defend against future attacks..

View Webinar

Kaspersky: Prevent Good People From Doing Bad Things

51:51

Join Kaspersky and BeyondTrust for this informative webinar that addresses the top five security challenges facing IT today - and learn how to protect your organization from insider threats.

View Webinar

How To Keep Good People From Doing Bad Things When Building Private Clouds

53:27

Listen in on Oracle and BeyondTrust and learn how virtualization is enabling the cloud and how to keep your company - and its assets - secure amidst both hidden and blatant dangers.

View Webinar

Architectural Approaches to Least Privilege on the Desktop

With Darren Mar-Elia, Microsoft MVP | 46:53

Darren Mar-Elia is president and CTO of SDM Software, a Group Policy solutions company. He has over 20 years combined experience in information technology and software development. He was senior director of product engineering at DesktopStandard (acquired by Microsoft), and before that, served as CTO for Windows management solutions at Quest Software.

View Webinar

LUA Solutions for Corporate Windows Desktops

With Derek Melber (MCSE, MVP), Microsoft MVP | 52:46

Derek Melber (MCSE, MVP), President and CEO of BrainCore.net Derek Melber, MCSE, MVP, is an independent consultant, speaker, author, and trainer. Derek's latest book, The Group Policy Resource Kit by Microsoft Press, is his latest best-selling book covering all of the new Group Policy features and settings in Windows Server 2008 and Vista.

View Webinar

A Modern Approach To Privileged User Management In Enterprise Linux Environments

With Sander van Vugt | 57:49

Sander's specialty is helping people implement Linux solutions and he does this by writing books (he currently has almost 50 titles in different languages so far), by giving technical training courses and by working as a consultant.

View Webinar

Compelling Reasons for Least Privilege

With Derek Melber (MCSE, MVP), Microsoft MVP | 1:00:00

Derek Melber (MCSE, MVP), President and CEO of BrainCore.net Derek Melber, MCSE, MVP, is an independent consultant, speaker, author, and trainer. Derek's latest book, The Group Policy Resource Kit by Microsoft Press, is his latest best-selling book covering all of the new Group Policy features and settings in Windows Server 2008 and Vista.

View Webinar

Privilege Delegation and the Risks of sudo

With Andras Cser | 55:31

Andras serves Security & Risk professionals. He is a leading expert on privileged account management, access management, user account provisioning, entitlement management, federation, privileged account management, and role design and management.

View Webinar