1 Defeating Social Engineering with Voice Analytics Doug Mohney News & Online Editor VON Magazine
2 Where I m coming from News & Online Editor - VON Magazine VoIP/IP communications Security issues Enterprise issues If you want a consultant on IT/Security issues, go hire one not me
3 I m going to talk about... Voice Analytics (VA) What is it? How features of VA are being used in the corporate sector for security purposes today Applying VA as a defense layer against social engineering attacks
4 Voice Analytics - What it it? Definition: Analyzing the spoken content of recorded conversations (Mostly phone) Also called speech analytics For this presentation, includes- Voice print identification Word spotting Emotion Detection Talk Analysis Combine above with call data (date, time, duration, caller ID) and statistical analysis. Datamining phone calls
5 Echelon The Legend National Security Agency slurps up all overseas phone calls Massive computers farms scan calls for key words, voiceprints Speculation on capability as early as 1982 (Bamford, The Puzzle Palace) Echelon program reported years of development (?)
6 Corporate America s Echelon Voice print, voice analytics in use today Big users are call centers for: Fraud detection/prevention Operational efficiency Training, call escalation Real-time business intelligence Spot competitor offers, problems in service Multiple vendors providing speech analytics/voice analytics solutions to the call center market Call monitoring also used for regulatory compliance in financial, health care industries.
7 Why Call Centers? Efficiency is everything Get calls resolved faster, happier customer, lower costs Large data collection mechanism Cheap disks, cheap processors, sophisticated software Voice analytics allows companies to spot competitive trends in real time.
8 Enabling technologies VoIP IP PBX - Everybody is going to bits, so voice just another data stream to manipulate Cheap disks, cheap processors = Store everything, analyze everything Software is now off the shelf If you are already doing voice print in real-time or recording calls for quality assurance purposes, voice analytics is the next step
9 Where is Voice Analytics being used today? Contact Centers (Call Centers) It s datamining of the call content Financial institutions Banking Insurance Commercial organizations wanting to insure confidentiality of data Health Care, Banking Liability/Regulatory requirements HIPPA, financial, Sarbanes/Oxley
10 Voice Print Identification Unique digital pattern to one s voice Biometric means of identifying a person Multiple commercial solutions available for password replacement, such as Nuance Verifier Speaker Verification 150 million secure calls annually Financial services, telecommunications, utilities, transportation and manufacturing.
11 Commercial Benefits of Voice Print ID Reduce PIN/password admin Savings by reducing live agent contact (i.e. I forgot my password/pin ) Reducing potential for fraud and identity theft Improve customer service with a convenient means of security
12 How is Voice Print Used? Authenticate identity Make baseline voice print or train recognition via selective vocabulary Insurance companies use voice print for: White list Authenticate customer claim Black list Spot known bad actor Starting to be used in combination with database Likely see voice print start to proliferate for consumer financial use (credit card, some banking apps) in next few years.
13 Vendors Offering Voice Print Teledata Technology White List/Password replacement Voice Biometrics "T3 Viometrics reduces expenses associated with administering password policies and manual verification methods using live agent support. Courion, IBM, Nuance, Vocent, VoiceVault
14 Word Spotting Parsing out word or phrase in audio stream Go from speech to text, index, search Can look for single word, phrase, multiple phrases, depending on how detailed you want the rule set to be. The Hot Tool for Contact Centers Store all phone conversations with agents Your call may be monitored or This call is monitored Being used to sift through customer calls today for Good experience Wow! Bad experience Profanity (with emotion detection) Competition/competitive offers Look for mention of competitors name, special offer, great deal.
15 The FedEx Wow! FedEx searches inbound calls for Wow Calls are marked and forwarded to training New call center agents listen to fresh calls to learn how to be better call agents
16 Look at the angry customer In real-time, escalate to manager/troubleshooter Post-call, identify problems Bad business process Bad product Bad customer (Just profane or highly sensitive) Agent in need of improvement
17 Word Spotting For Real-Time Competitive Intelligence Inbound calls are a massive source of data on customer, market trends Word spotting used to look for Name/mention of competitor Mention of special offer, great offer, other switch Daily run allows for real-time identification of competitive offers to steal away business Allows businesses to adapt their own marketing, sales strategies in near-real time -- rather than 3 months later with sales down 5-10%.
18 Other Voice Analytics Applications Generate profiles of Good customers Make special/loyalty offers/bonuses Bad /trouble customers Can pull out & examine multiple calls Historical or on-the-fly See if there s a bad history of interaction Identify inbound for escalation/special handling. Use in combination with emotion detection.
19 How it works General Process Capture clone/copy VoIP stream Storage - Put it on a server Retrieval Index everything nicely Analysis Set up rules and ad-hoc reports, look at the results
20 Profile of NICE Systems Traded on NASDAQ, $311 million in The Microsoft of Voice Analytics Based in Israel, 20 years of operation 23,000 customers. over 100 countries, including 75 of Fortune 100 American Express, Citibank, FedEx, Home Depot, Nextel, Time Warner, Vodafone " NICE s solutions are changing the way organizations make decisions, help them improve business and operational performance, address security threats and be proactive
21 NICE - The Good, The Interesting Supports Nortel, Cisco Call Manager, Avaya Communications Manager. Can link voice with other recording tools IM, screen lookup Can tie into SAS analytical models so you can do statistics to your heart s content Baseline analytics package costs $100,000 Storing calls much cheaper.
22 Voice storage Or Everyone is Storing Entry-level storage Single (PC) box, PCI bus, Win XP, redundancy options 48 recording channels per unit, usual phone interfaces. Store up to 55,000 hours of audio Can be scaled as a multi-site solution for distributed organizations: Branch offices, distributed PSAPs If not analyzing in real-time/near-real time, can at go back and audit interactions with software at a later date. Interactions don t have to be phone Radio communication
23 NICE s thoughts on storage "These days even small and medium-size enterprises need professional voice logging - not just for reducing liability, resolving disputes or trapping nuisance callers but also for staff training, enhancing customer service or clarifying verbal instructions."
24 Commercial Uses of Voice Recording/Analytics Quality monitoring Liability/Regulatory Interactions analytics Looking at what is going on between call center and customers, spot trends, improve marketing, performance of agents.
25 Voice Analytics - Call Center Applications In-Call To trigger direction to a specialist by phrase or emotion Supervisor/escalation Caller identification verification Starting to database voice print» Use voice print to verify identity; prevent identity theft Post-call - Analyze trends Customer mentioning offer/competitor Data used to adjust marketing, sales strategies Customer encountering problems with "X Use to update help desk, refine procedures
26 Liability/Regulatory requirements HIPPA, financial, Sarbanes/Oxley HIPPA Track communications to ensure confidentiality of information Financial Monitor for leakage of information, insider trading Sarbanes/Oxley Everyone's paranoid about requirements, skew to overkill. Provides audit trail of calls & monitoring
27 Applying Voice Analytics To Defend Against Social Engineering
28 An interesting datapoint.. White paper picture/reference on their website "Social Engineering & Identity Theft: How Criminals Exploit Your Call Center" White paper has been REMOVED from their website.
29 Social engineering The way in Outside caller impersonates insider Everyone is eager to cooperate with a friendly person. Easiest way to be compromised Phone numbers Passwords Procedures/websites One piece of key information leads to others (See Mitnick, Kevin) Despite written policies, user education, social engineering is still an effective way to breech corporate security.
30 Real-Time Defenses Against Social Engineering with Voice Analytics White List Black List Black List With Sharing Word Spotting Voice Analytics All of the above, with computer/telephony data and statistical analytics)
31 Implementation Using existing technology No blue sky ideas, more Cut and paste (for word spotting) Building rule sets/queries to combine existing real world functions Combining white list/black list voiceprint with word spotting Building multi-word/phrase word spotting VoIP/IP-PBX enables ease-of-implementation It s already bits in the machine (Current) Price tag likely to be a deterrent for some orgs; others will try to shoehorn in on existing licenses.
32 White List - Voice print identification "My voice is my passport Most common use In-house use to authenticate: Technicians/IT staff (already being done in some places) All staff Becomes more important as caller ID information is spoofed
33 Black List Voice print identification Scan for Known Bad Actors Already being done in insurance & financial sectors to detect identity fraud. Once spotted, flag/deny access to rest of phone system; send to voice attendant hell Share bad actors voiceprint in central database (optional)
34 Black List with Sharing Voice print, but with a mutually shared database Insurance companies are already starting to database voiceprints Once caller blacklisted, share the voice print in the pool Akin to The Book in Vegas of banned gamblers
35 Word Spotting Monitor vocabulary of words User login, Password, Phone number of --- Cross-match with caller ID. Someone off the street is calling in asking for a password, sound the alarm Likely have to establish baseline/threshold to prevent false alarms. I ve forgotten my login password, can you reset it?
36 Post-attack reconstruction Identify bad actor via voice print and word spotting Track back through call logs, voice print Can trace back-- Who was called Identify both methods & compromised info Why did he ask for that? Generate a full time-stamped audit trail as to who called, when, where (if caller ID not manipulated)
37 Spy vs Spy Tactics Against Voice Analytics and Countermeasures
38 White List - Tactics/Countermeasures Tactics - Canned phrase from fixed vocabulary regenerated via recording Sneakers - "My voice is my passport" Tape recorder These days, use a laptop to polish, ipod to play Countermeasure Emote "Say it angry, say it calm Canned response will only have one "flavor"/version. Countermeasure - "The Phrase that pays Daily randomly generated phrase analyzed on the fly Much harder to spoof, especially in combination with time limit on response
39 Tactics And Countermeasures Word Spotting Tactics - Avoid "hot" words if possible/known Use code phrases/substitution Thesaurus VERY useful But could also be very awkward If using hot words, run a slow-attack to avoid baseline/threshold. A call per day, every other day, every week Alternatively, blitz! (Inside the OODA cycle) Try to get all needed information, load, fire attack, get out before security has a chance to react. Countermeasures Word Spotting More sophisticated rules Match on key-word monitoring AND unique voice print Immediately flag if key-word and voice outside of whitelist/company directory
40 Tactics/countermeasures Black List Tactic - Use multiple people for social engineering attacks Requires multiple people involved How many people can you have involved? Three can keep a secret, if two are dead. Ben Franklin Countermeasures Shared Black Lists If Black Lists are shared among companies in real time, social engineering attempts detected faster
41 Tactics Hack the analytics box Voice Analytics Systems are Windows-based "Best Cast" Denial of Service attack or crashing the server Attack/crash gives you a date/time for penetration Worst case - If someone owns the box, and understands the software, everything is fair game White List Black List Vocabulary of monitored phrases Countermeasures Secure analytics box just like you would any other piece of sensitive equipment (Physically, network).
42 Summary Voice analytics is being used TODAY in call centers, government applications, Fortune 500 Features of voice analytics are being used today as a tool to spot social engineering attacks Insurance companies, fraud The (software) technology is not cheap, but prices are likely to decline First implementations in high-security/high-value organizations
43 Food for thought Echelon Sweden -- or NYC Gear is cheap, software is off the shelf, multiple vendors Corporate/government You have no privacy Big Brother monitor for job search, grudge against the boss And if you thought DNA was bad Speeches, public conversations, phone calls, podcasting Your voice can be found everywhere Google Voice
44 Contact Doug Mohney
46 Reference point URLs Nice Systems Revenues - $311.1 Million Now part of RSA through PassMark Envision Telephony
47 Others in the space Communication interception and call center businesses! - Witness Systems
AUTHENTIFIERS Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes Authentify delivers intuitive and consistent authentication technology for use with smartphones,
HOW ARE BANKS FIGHTING THE WAR ON FRAUD? To answer that question, Neustar asked the industry. CONTENTS First, how do you define banking fraud? 2 Banks are fighting fraud on many different fronts. 3 Who
Electronic Data Security: Designing Good Data Protection Plans Dean Gallant Harvard University FAS Assistant Dean for Research Policy and Administration & Executive Officer, Committee on the Use of Human
Business Intelligence From Mining VoIP Voice Recordings Ray Lucchesi, Silverton Consulting, Inc. SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and
Solutions White Paper Automatic Speaker Verification (ASV) System Can Slash Helpdesk Costs Table of Contents Executive Summary............................. 1 Business Challenge.............................
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,
VoiceTrust Whitepaper Employee Password Reset for the Enterprise IT Helpdesk Table of Contents Introduction: The State of the IT Helpdesk...3 Challenge #1: Password-Related Helpdesk Costs are Out of Control...
A Decision Maker s Guide to Securing an IT Infrastructure A Rackspace White Paper Spring 2010 Summary With so many malicious attacks taking place now, securing an IT infrastructure is vital. The purpose
Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active
A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,
Table of Contents Introduction... 3 Post-Call Analytics vs. Real-Time Monitoring... 3 How Real-Time Monitoring Works... 4 Putting Real-Time Monitoring Into Action... 5 The Impact of Real-Time Monitoring...
PROTECTING YOUR CALL CENTERS AGAINST PHONE FRAUD & SOCIAL ENGINEERING A WHITEPAPER BY PINDROP SECURITY TABLE OF CONTENTS Executive Summary... 3 The Evolution of Bank Theft... Phone Channel Vulnerabilities
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
CITY OF OAK CREEK VoIP Telephone System Addendum Important Dates: RFP Documents available April 24 th, 2015 Pre Bid Walkthrough None Last Day for Questions May 6th, 2015 4:00 p.m. CST Last Addendum Issued
2BWhite Paper How to Justify Your Security Assessment Budget Building a Business Case For Penetration Testing WHITE PAPER Introduction Penetration testing has been established as a standard security practice
customer care solutions from Nuance enterprise white paper :: Voice Biometrics Industry Solutions Overview Nuance s voice biometrics products are designed to meet the dynamic security needs of the world
Easily Discover the Conversations Call Recording and Speech Analytics Will Transform Your Business: Seven Common Business Goals and Speech Analytics Solutions Published January 2012 www.mycallfinder.com
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
MANAGING RISK: SECURING DIGITAL IDENTITIES Striking the balance between user experience and security You re more connected, but more at risk too Enterprises are increasingly engaging with partners, contractors
Building a Smarter Planet with Advanced Cyber Security Solutions Recognize Nefarious Cyber Activity and Catch Those Responsible with Highlights g Cyber Security Solutions from IBM InfoSphere Entity Analytic
Enghouse Interactive Quality Management Suite Quality Monitoring and Contact Center Optimization Software Product sheet Observe business processes, improve customer service, and resolve customer disputes
Applying the 80/20 approach for Operational Excellence How to combat new age threats, optimize investments and increase security Vinod Vasudevan Agenda Current Threat Landscape The 80/20 Approach Achieving
Out-Of-Band Authentication Using a Real-time, Multi-factor Service Model Andrew Rolfe Authentify, Inc. Andy.Rolfe@Authentify.com Presentation Overview Authentication basics What is OOBA? Why is it important?
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
THE SECURITY OF HOSTED EXCHANGE FOR SMBs In the interest of security and cost-efficiency, many businesses are turning to hosted Microsoft Exchange for the scalability, ease of use and accessibility available
AT&T Voice DNA User Guide Page 1 Table of Contents GET STARTED... 4 Log In... 5 About the User Dashboard... 9 Manage Personal Profile... 15 Manage Messages... 17 View and Use Call Logs... 22 Search the
How to avoid Five Blind Spots in Internet Filtering If you re like most managers today, you d like to know what your employees are up to on company time, especially when they re using company PCs and laptops.
Voice Authentication On-Demand: Your Voice as Your Key Paul Watson, Vice President Relationship Technology Management Voice Search Conference March 2-4, 2009 Convergys Corporation A Global Leader in Relationship
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
IP Telephony Contact Centers Mobility Services OVERVIEW NICE Systems and Avaya provide businesses with Insight from Interactions Supports Avaya Communication Manager Application Enablement Services (AES)
Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper StrikeForce Technologies, Inc. 1090 King Georges Post Rd. Edison, NJ 08837, USA Tel: 732 661-9641 Fax: 732 661-9647 http://www.sftnj.com
Security in an Increasingly Threatened World SMS: A better way of doing Two Factor Authentication (2FA) January 2015 The Proliferation of The App World The revolution of the smart phone forever affected
Avaya IP Office Unified Communications for Small Business Unified Communications for Small Business is a suite of applications that: Turns a home phone into an IP Office telephone with the Phone Manager
WhitePaper Strengthen Security and Accountability of Multi-Vendor Voice Systems HOW UNIFIED VOICE ADMINISTRATION CAN HELP REDUCE EXPOSURE TO CORPORATE SECURITY RISKS. Executive Summary Network security
Hunting for Indicators of Compromise Lucas Zaichkowsky Mandiant Session ID: END-R31 Session Classification: Intermediate Agenda Threat brief Defensive strategy overview Hunting for Indicators of Compromise
BEST PRACTICES IN WEB CONFERENCING SECURITY A Spire Research Report April 2003 By Pete Lindstrom, Research Director Sponsored By: www.cisco.com BEST PRACTICES IN WEB CONFERENCING SECURITY A Spire Research
Cisco Unified CallConnector for Microsoft Windows Cisco Unified Communications is a comprehensive IP communications system of voice, video, data, and mobility products and applications. It enables more
HOW WE DELIVER A SECURE & ROBUST HOSTED TELEPHONY SOLUTION 01 INTRODUCTION Inclarity is the UK s leading provider of Hosted Telephony, Hosted UC and Hosted Video solutions. We help our customers to communicate
Network Security Forensics As hacking and security threats grow in complexity and organizations face stringent requirements to document access to private data on the network, organizations require a new
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
E-Guide Signature vs. anomaly-based behavior analysis News of successful network attacks has become so commonplace that they are almost no longer news. Hackers have broken into commercial sites to steal
Database Security Guideline Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG Table of Contents Chapter 1 Introduction... 4 1.1 Objective... 4 1.2 Prerequisites of this Guideline...
Cisco Unified CallConnector for Microsoft Dynamics CRM Cisco Unified Communications is a complete IP communications system of voice, video, data, and mobility products and applications. It brings together
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com firstname.lastname@example.org Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been
A Taxonomy of VoIP Security Threats An outline of the security threats that face SIP based VoIP and other real-time applications Peter Cox CTO Borderware Technologies Inc VoIP Security Threats VoIP Applications
White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking
Analytics, Big Data, & Threat Intelligence: How Security is Transforming Jason Sloderbeck Director, Product Management RSA Web Threat Detection 1 Presentation Overview The Largest Threat How Can Big Data
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate
The Comprehensive Guide to PCI Security Standards Compliance Achieving PCI DSS compliance is a process. There are many systems and countless moving parts that all need to come together to keep user payment
Universities and Schools Under Cyber-Attack: How to Protect Your Institution of Excellence About ERM About The Speaker Information Security Expert at ERM B.S. Software Engineering and Information Technology
Understanding WiFi Security Vulnerabilities and Solutions Dr. Hemant Chaskar Director of Technology AirTight Networks WiFi Proliferation Global WiFi Radio Chipset Sales 387 307 Millions 120 200 2005 2006
Page 1/13 Table of Contents Introduction...3 Top Reasons Firewalls Are Not Enough...3 Extreme Vulnerabilities...3 TD Ameritrade Security Breach...3 OWASP s Top 10 Web Application Security Vulnerabilities
KNOWLEDGE-BASED AUTHENTICATION USE CASE EBOOK Learn about the many ways in which organizations like yours are using dynamic knowledge-based authentication to protect their customers and streamline business
WHITE PAPER: FINDING EMAIL SECURITY IN THE CLOUD Finding Email Security in the Cloud CONTENTS Introduction 3 I. Why Good Enough Security is Never Good Enough 3 Mind your security gaps 4 II. Symantec Email
Guide to Preventing Social Engineering Fraud GUIDE TO PREVENTING SOCIAL ENGINEERING FRAUD CONTENTS Social Engineering Fraud Fundamentals and Fraud Strategies... 4 The Psychology of Social Engineering (And
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
Using Avaya Flare Experience for Windows Release 9.0 Issue 02.01 September 2013 Contents Chapter 1: About Flare Experience... 5 About Flare Experience... 5 Main window... 6 Button descriptions... 10 Chapter
OVERVIEW Intelligent Communication Solutions for Law Firms IP Office the Intelligent Communications solution for small and midsize law firms avaya.com 2 Millions of users in small and midsize businesses
CallRecorder User Guide 6.1 Copyright 2005-2011 RAI Software SRL, Bucharest, Romania www.raisoftware.ro Table of Contents 1.INTRODUCTION...4 1.1.PRODUCT OVERVIEW...4 1.2.FEATURES AND BENEFITS...4 2.APPLICATION
UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Credit Card Handling and Acceptance Policy Policy Number: C3875 Effective Date: November 8, 2006 Issuing Authority: Office of VP Business and
8x8 User Guide for ios Works with iphone, ipad and ipod Touch Version 3.0, August 2012 The Champion For Business Communications Table of Contents Introduction...3 Features...3 Technical Requirements...4
Cent ralized Out -Of-Band Aut hent ic at ion Syst em Security for the 21 st Century Presented by: Southeast Europe Cybersecurity Conference Sophia, Bulgaria September 8-9, 2003 Introduction Organizations
Network Security - ISA 656 Review Angelos Stavrou December 4, 2007 Material Test Conditions 7:20pm - 9:30pm, Thursday, Dec 11th, in the Lab (STI-128) Same style of questions as the midterm I m not asking
Real World Healthcare Security Exposures Brian Selfridge, Partner, Meditology Services 2 Agenda Introduction Background and Industry Context Anatomy of a Pen Test Top 10 Healthcare Security Exposures Lessons
Workforce Optimization What if your organization could improve everything about how it delivers customer service? What if you could serve customers better and more cost effectively while mining valuable
Closing Wireless Loopholes for PCI Compliance and Security Personal information is under attack by hackers, and credit card information is among the most valuable. While enterprises have had years to develop
The Authentication Revolution: Phones Become the Leading Multi-Factor Authentication Device PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-668-6536 www.phonefactor.com Executive
Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory
Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction
5 Steps to Advanced Threat Protection Agenda Endpoint Protection Gap Profile of Advanced Threats Consensus Audit Guidelines 5 Steps to Advanced Threat Protection Resources 20 Years of Chasing Malicious
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
Directed Circuits Meet Today s Security Challenges in Enterprise Remote Monitoring A White Paper from the Experts in Business-Critical Continuity TM Executive Summary With continued efforts to reduce overhead,
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for automated penetration testing software and demonstrate
Datenblatt AND Recorder 5.4 Using affordable call recording enables you to comply with legal and regulatory obligations. These requirements are easily achieved by deploying a secure call recording solution
Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various