Dramatically Improve Your Organization’s Application, Cloud, Data, Mainframe and Mobile Security Awareness in 3 Short Days!

With data breaches making headline news on a daily basis, it’s challenging for organizations to focus their security initiatives and maximize security budgets. Attackers are exploiting vulnerabilities in traditional and mobile applications, which permit them to access treasure troves of organizational data.

Meanwhile, emerging technologies such as Cloud and data-rich environments such as mainframe also need to be protected. Most organizations find it difficult to remain educated about fast-moving security trends that involve such diverse technologies.

 

Pulse Palooza talent announced

Have you registered yet for Pulse 2014? If not, what are you waiting for! Did you know that in addition to great networking, hearing from industry thought leaders and discovering how to use cloud as a growth engine for your business…you’re also invited to a private rock concert that will have you rockin’ the night away!

Imagine being entertained by not one, but TWO headline acts. First up, the Grammy-nominated band Fall Out Boy, fresh off of two sold-out tours for their #1 album, Save Rock and Roll.

Hailing from Chicago, Fall Out Boy—Patrick Stump (vocals/guitar), Pete Wentz (bass), Joe Trohman (guitar) and Andy Hurley (drums)—has appeared on the cover of Rolling Stone and other prestigious publications. They have performed on Saturday Night Live, The Today Show, America’s Got Talent, The Voice, Late Night with Jimmy Fallon, The Tonight Show with Jay Leno, Conan, The Late Show with David Letterman, Jimmy Kimmel Live and many more.

Up next? None other than the rock legend and icon, Elvis Costello! From the iconic “Pump It Up” to “Alison” to “Every Day I Write the Book,” every song is a hit…and instantly recognizable!

Elvis Costello has followed his musical curiosity in a career spanning more than 30 years. He is perhaps best known for his performances with The Attractions, The Imposters and for concert appearances with pianist Steve Nieve. However, he has also entered into acclaimed collaborations with Burt Bacharach, The Brodsky Quartet, Paul McCartney, Swedish mezzo-soprano Anne Sofie von Otter, guitarist Bill Frisell, composer Roy Nathanson, The Charles Mingus Orchestra, record producer and songwriter T Bone Burnett and Allen Toussaint.

So get pumped and get ready to rock – this is one evening you will not want to miss! And it all takes place in one of the great music venues in the country today: the MGM Grand Garden Arena.

  • Tuesday, February 25th
  • MGM Grand Garden Arena
  • 7:00 p.m. – 10:00 p.m.
  • Food and Beverages provided.

Note: Pulse Palooza is included in your purchase of a full conference pass, exhibitor pass, dev@Pulse pass, and Tuesday day pass. Additional guest passes can be purchased for $100 on-site during open registration hours. Cash payment will not be accepted.

What’s the best way to educate yourself about the latest trends in application and data security, so you can maximize security spending? By registering to attend IBM’s Pulse Conference in sunny Las Vegas, from February 23rd through 26th.

Selected sessions in the “Application and Data” track at Pulse 2014 include the following:

  • A high-profile North American retailer will teach you how it integrated vulnerability assessments and embedded application security into its software development lifecycle (Session: ADS-1955).
  • A Midwestern communications company will reveal how it deployed IBM’s Guardium, QRadar and AppScan solutions in an integrated fashion, to transform itself from a reactive, “compliance checklist”-based security culture, to a world-class security operation. (Session ADS-1296).
  • A North American airline and a global business travel & expense management provider will share how they’re safeguarding mobile applications, so that privileged organizational data stays protected while users remain productive. (Sessions ADS-1880 and ADS-2206)
  • An IBM industry expert will provide you with best practices for transitioning to a “Big Data” environment, and for protecting data that are stored in such environments. (Session ADS-2139).
  • An experienced IBM panel of zEnterprise industry experts will inform you about the latest trends in mainframe security, including best practices to secure mission-critical applications, store corporate data and achieve compliance objectives. (Session ADS-2377)

Click here to learn more about Pulse 2014 Conference

Conference time is fast approaching, so we encourage you to register now. In the meantime, stay tuned for follow-up blogs from our speakers and panelists.

Check out even more sessions

Still not sure about attending Pulse? Check out all the different sessions in the Application & Data Security: Strategies and Best Practices track:

Changing the Security Posture at West Corporation In two years, West Corporation’s information security went from checking boxes on an audit to a full-fledged, world-class security operation. With the help of the IBM Managed Security Service Provider solution, along with the deployment of QRadar, Guardium and IBM Security AppScan, West Corporation is deploying enterprise technological security controls that meet the needs of our clients. In 2012, our Enterprise Information Security budget was just under $170,000. In two years we have expanded our services and our budget to almost $1,000,000. Using business drivers, client requirements, and regulatory compliance as guides, West Corporation continues to meet the challenges of information security with the help of IBM solutions.
Storing Data in the Cloud: How IBM Encryption Creates a Secure Cloud Environment Encryption has become the most critical component in an organization’s arsenal to meet its compliance objectives, The challenge is knowing when and where to use encryption, how it can simplify the task of providing compliance, and what controls need to be in place to ensure it delivers on its promise. This overview explains options for storage-based encryption, and what each option provides. You’ll gain insight from IBM security experts, who’ll discuss how IBM’s Security Ready Storage and software solutions help create the optimum level of security for your cloud and essential business information. You’ll learn how IBM storage and related middleware offer encryption with optimum performance, operations, and meticulous key management, along with transparent encryption and role-based access control. You’ll see how IBM uses security assets such as IBM Security Key Lifecycle Manager and IBM self-encrypting storage to create highly secure cloud environments.
Identifying and Managing Application Security Threats with IBM AppScan and QRadar The widespread growth of web applications and the business value they deliver have become a favorite target for cyber criminals. According to the latest IBM X-force report, 31% of the total number of disclosed vulnerabilities in the first half of 2013 were vulnerabilities in web applications. Hackers use holes in web applications to penetrate organizations and steal data, disrupt operations or infect clients with malware. Enterprise IT security teams are faced with an enormous challenge. They have a large application portfolio and are identifying many vulnerabilities. The reality is that all vulnerabilities cannot be addressed at once. Which ones present the highest threat? Which ones should be addressed first? In this session, the audience will learn how one can use IBM’s AppScan/QRadar solution to not only identify vulnerabilities in web applications, but also to view them in a broader context, prioritize them more intelligently and build risk mitigation strategies.
IBM and Sensus Partner to Secure the Smart Grid Leading smart grid vendor Sensus entered into a multi-year partnership with IBM in 2011 to provide enhanced security solutions for Sensus’ suite of smart grid products. Sensus licensed IBM Security Key Lifecycle Manager (SKLM), and IBM provided cryptographic libraries for the Sensus endpoints (water, gas and electric meters and communication hubs). The end-to-end security solution was developed based on ECC cryptography licensed from IBM. In addition, Sensus has licensed the IBM Security AppScan security tool to improve the security of Sensus product offerings. This session will provide an overview of the use of IBM technologies by Sensus to improve smart grid security for Sensus customers, which range in size from small utilities to one of the largest investor-owned utilities in US. Sensus also recently won the contract to provide core communication technology to support the UK government’s plan to roll out electric and gas smart meters to 10 million homes in the UK.
Are Mobile Devices Secure Enough to Trust with Your Business? Security is a balancing act, especially when it comes to the adoption of emerging technologies. As mobile initiatives become more prevalent and better understood, greater productivity can be attained. But given the dynamic nature of the mobile market, an organization has to constantly evolve its mobile risk management strategy. Businesses need to make informed decisions about mobile security—and organizational inertia itself can lead to increased risk exposure. Today’s successful enterprises will need to better understand emerging security requirements and be able to apply the latest advancements in mobile security technology. This interactive discussion will: talk about mobile devices and security challenges, and how to identify vulnerabilities in mobile applications; look at Alaska Airline’s mobile security problem and how they solved it; show original research on the latest trends in mobile security; and argue security best practices and policy management wisdom for 2014.
Embedding IBM AppScan into Your Software Development Lifecycle Integrating vulnerability assessment into an organization’s software development lifecycle can be a challenging undertaking. It requires tool integration, education, team alignment, changes in practices, process improvements, and prioritization. In this session, IBM will discuss current best practices surrounding the deployment and adoption of IBM AppScan into development processes. Nordstrom will discuss their journey to building a Secure Development Advisory Group amid expectations of Agile transformation and continuous integration and deployment; and how tools for static and dynamic analysis influence their program.
Securing IBM Worklight Applications with IBM Security AppScan IBM Worklight helps organizations extend their business to mobile devices by providing an open, comprehensive and advanced platform to build, run and manage mobile applications. IBM Security AppScan analyzes source code or running applications to provide advanced application security. With the ongoing explosion in the number of mobile applications and the types of access they provide to core business services, it is critical to identify and remediate security vulnerabilities before they are released into the wild. What are the most critical types of issues to find and fix? With the accelerated delivery cycle of mobile applications, how do you make sure you are finding issues in a timely fashion? In this session we will share the most important secure programming techniques related to mobile development, as well as best practices for managing application security risk. We will also demonstrate how AppScan integrates directly into the Worklight Studio environment
Pinpointing Security Vulnerabilities in Android Apps Using Mobile Dynamic Application Security Testing Vulnerabilities in mobile applications are an increasing threat given the rise of private and corporate data being kept in mobile devices. In this session, we will focus on vulnerabilities found in native mobile code and deep-dive into specific Android vulnerabilities and attack vectors. We will show real-world examples and demonstrate how IBM mobile dynamic application security testing (DAST) technology can pinpoint them.
How Standard Bank Leveraged the IBM Security Blueprint as Part of Its Enterprise Information Security Architecture Standard Bank identified a number of challenges in their organization as hindrances to demonstrating information security value and managing information risk. These included: A need for a cohesive approach to manage information risk outside the IT realm; the need for an Enterprise Information Security Architecture; and a perception of information security as merely a set of IT controls. To overcome these hurdles, Standard Bank evaluated, selected and adapted models and methodologies for Enterprise Information Security Architecture, which included TOGAF, SABSA and the IBM Security Blueprint. This presentation will briefly introduce the IBM Security Blueprint. The discussion will then focus on how Standard Bank leveraged the Blueprint to realize an Enterprise Information Security Architecture, in combination with their existing frameworks. The current situation will be presented, followed by planned next steps.
Cloud: Your Worst Security Nightmare is Actually an Opportunity Security has repeatedly been cited as a primary concern related to cloud adoption. But as enterprises continue to adopt cloud in larger numbers, we’re beginning to see changes. When organizations examine what steps they need to take to leverage cloud technology, it becomes clear that best practices and policies they’d applied in traditional IT environments can also be realized in cloud environments. While adopting cloud technologies and services, organizations need to connect securely to SaaS applications, in order for them to engage with customers in innovative ways. Their IT teams are optimizing infrastructure by adopting computing capabilities from the cloud, enabling a continuum of protection from private cloud to public clouds. We’ll discuss how you can confidently adopt cloud and manage evolving security architectures. You’ll learn how cloud provides opportunities to reassess and enhance your security posture and protect your valuable IT assets.
Testing Mobile Application Security This presentation will provide practical tips and techniques for testing mobile applications against OWASP’s list of Top 10 Mobile Risks. It will provide an overview of tools and techniques available from IBM and the Open Source community with the goals of empowering users to understand the applications running on their devices, and empowering mobile application providers to be good stewards of customer data.
Leveraging IBM AppScan Security Testing Automation for Agile Secure Coding Practices Mr. P. D. Mallya leads the Security Audit and Architecture team at Infosys, a global leader in consulting, technology and outsourcing solutions. He’ll discuss how usage of AppScan at the Dynamic Testing and Static Testing levels for code review has improved the company’s security posture. Infosys has standardized on AppScan technology for all of its client delivery and internal application and code security testing. Developing client applications is the largest and most critical part of the client deliverable process across hundreds of Infosys client projects. More than 100,000 Infosys developers work on application development projects, in an environment characterized by tight delivery deadlines for application delivery. Despite the tight timeframes, clients expect affordable development costs and high quality. Mr. Mallya will stress how important it is for large organizations to have high security testing standards across their software delivery lifecycles.
Creating the Ultimate Security Platform for Compliance with zEnterprise Join our panel of zEnterprise security experts to learn why the modern mainframe continues to offer the ultimate security platform for your mission-critical applications and corporate data supporting cloud, mobile, big data and compliance. The mainframe’s end-to-end, industry-leading security capabilities include identity management, access control, data protection, encryption, threat detection, auditing reporting and compliance monitoring. Product expertise on the panel encompasses IBM Resource Access Control Facility (RACF), IBM Security zSecure, IBM InfoSphere Guardium and Optim, and encryption technology.
Application and Data Security Track Kickoff and “Meet the Experts” Session Join this session for a sneak preview of content in this track, as you plan your Pulse 2014 experience. In this session, you’ll receive an overview of IBM’s strategy for managing security for your applications, databases, cloud infrastructures, mobile devices and servers. Learn about the latest developments in data and application protection, and how you can effectively extend security protection across your organization.
Using the zSecure Compliance Framework to Further Your Mainframe Compliance Efforts Learn how the IBM Security zSecure Compliance Framework can help you automate your compliance assurance activities, increase compliance sustainability, and reduce manpower requirements and total cost of compliance.
Application Security Join us to discuss strategies for developing secure applications and securing your applications with some of IBM’s leaders in application security.
Data Security Join us for an interactive discussion on safeguarding data throughout its lifecycle.
Defending Against Targeted Attacks with Actionable Security Intelligence The targeted attacks of today are perpetrated by sophisticated threat actors—including cyber-criminals, terrorists and nation states—who will gather their own intelligence about the intended target to develop custom strikes that improve the success of their campaigns. Once inside an organization, they are able to maintain persistence for longer periods of time in order to identify the data they wish to steal, and conceal their presence. In this product demonstration session, you will learn why traditional approaches to security are being penetrated, and how organizations can redesign their security model to minimize the risk of attack. You’ll also learn how a solution that integrates IBM QRadar SIEM with Trend Micro Deep Discovery is an effective, custom defense strategy: a coordinated and integrated approach to security that provides timely information and visibility into what is transpiring across all layers of your network.
Mobile Security: A Look at the Dominant Trends and Threats from 2013 and Insight into What We Need to Watch for in 2014 Social media has become a top target for attacks, and mobile devices are expanding that target. Join us for this discussion as we take a look back at 2013 and share IBM’s X-Force findings specific to mobile and social. This presentation will examine what tactics are being implemented by attackers and what you are likely to encounter in 2014.
Scroll to view full table

 

More from Application Security

What’s up India? PixPirate is back and spreading via WhatsApp

8 min read - This blog post is the continuation of a previous blog regarding PixPirate malware. If you haven’t read the initial post, please take a couple of minutes to get caught up before diving into this content. PixPirate malware consists of two components: a downloader application and a droppee application, and both are custom-made and operated by the same fraudster group. Although the traditional role of a downloader is to install the droppee on the victim device, with PixPirate, the downloader also…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today