Videos

Despite OpenSSL security issues, industry needs open source SSL

SilverSky CTO Andrew Jaquith says despite the recent Heartbleed flaw, the industry will stick with OpenSSL over commercially licensed SSL products. Jaquith also opines on the aftermath of the Target breach.
Non-malicious insiders: The biggest insider threat of all?

Video: Insider threats expert Randy Trzeciak explains why non-malicious insiders, particularly developers, pose as much risk to an enterprise as intentionally malicious insiders.

How to use BlackStratus' LOG Storm, a free log management tool

Keith Barker of CBT Nuggets demonstrates how to use LOG Storm, a free log management system from BlackStratus that organizes and prioritizes enterprise log data.
Why information security basics are key to managing threat landscape

Video: Sophos' Chester Wisniewski assesses the threat landscape and details why information security basics are needed to slow evolving attackers.
Does Heartbleed exploit risk always justify patching?

Video: Gartner analyst Jay Heiser discusses Heartbleed's aftermath, including whether the risk of a Heartbleed exploit always justifies patching.
Malicious mobile apps are getting tougher to fight

Learn why enterprises must revise their defenses to keep mobile users and data safe, and where to concentrate your IT security budget.
Why advanced threats are less dangerous than simple attacks

Video: BeyondTrust's Marc Maiffret explains why simple attacks are often more effective than advanced threats.
The past, present and future of SIEM technology

Security information and event management technology isn't new but it's changing rapidly. In this webcast viewers will learn SIEM's history, current uses and likely future as a security big data analytical device.
Bruce Schneier: Incident response management breaking new ground

Incident response management is Co3's focus, says its recently appointed CTO and security expert Bruce Schneier.
Why privileged account management is hard to scale

Philip Lieberman of Lieberman Software discusses privileged accounts and how automated tools can help organizations monitor their use.
How to integrate SIEM system capabilities with incident response

Learn how SIEM systems have evolved and how they now gather the data operations teams need to investigate and mitigate attackers' damage.
How to use TripWire SecureScan, a free vulnerability scanning tool

Video: Learn how to use TripWire SecureScan, the free vulnerability scanning tool that helps enterprises detect Heartbleed on networks and devices.
PCI analysis: Marcus Ranum on why PCI DSS sets the bar too low

Tenable CSO Marcus Ranum says Target-like breaches occurred even with PCI compliance because PCI established only a minimal set of requirements.
Chris Wysopal reveals new ways to monitor open source code security

Video: Chris Wysopal of Veracode discusses the risks of externally sourced code and monitoring its use in the enterprise.
John Pescatore: Critical Security Controls boost operational security

John Pescatore on why the SANS Institute's Critical Security Controls make up for other security deficiencies; plus, secrets of working with Gartner.
Enterprise mobility management must cover all the security bases

A solid and secure EMM framework starts with a formal policy and covers devices, apps, data, identity and more.
How to make penetration test results matter

Voodoo Security founder Dave Shackleford details how enterprises can make penetration test results more meaningful than a compliance exercise.
How to use Kismet: A free Wi-Fi network-monitoring tool

In this video, CBT Nuggets' Keith Barker shows how to use the free Wi-Fi network monitoring tool Kismet to find possibly malicious wireless networks.
Bruce Schneier: Time for society to decide on Internet surveillance

Security expert Bruce Schneier says it's time to ensure a secure Internet exists for everybody, even if it makes Internet surveillance harder.
NSA encryption backdoor: How likely is it?

Video: BeyondTrust CTO Marc Maiffret discusses the likelihood of an NSA encryption backdoor and the rise in watering hole attacks and Web defacements.
NIST cybersecurity framework: Assessing the strengths and weaknesses

Video: Securicon executive consultant Ernie Hayden discusses what the NIST cybersecurity framework got right, and how the document can be improved.
SSL 3.0 co-creator assesses the protocol, Apple's SSL security flaw

In this video, Cryptography Research president and SSL 3.0 co-creator Paul Kocher reflects on SSL's history and Apple's recent SSL security snafu.
Gathering forensic data with CrowdResponse

Video: Keith Barker of CBT Nuggets shows how to use CrowdStrike's security incident response tool, CrowdResponse, to gather forensic information.
What's next for Cisco security products after Cisco's Sourcefire buy?

Video: Martin Roesch discusses Cisco's plans to combine its policy-centric security technology with Sourcefire's threat-focused products.
Point-of-sale security: Targeted malware, Windows XP cause problems

Video: Sophos' Chester Wisniewski explains why targeted malware and the presence of Windows XP are the biggest threats to point-of-sale security.
Get up to speed on FIDO Alliance efforts to secure online authentication

In this webcast, expert David Strom reviews what FIDO Alliance efforts mean for online authentication methods.
File access logs: Marcus Ranum surprised by NSA shortfall

Tenable CSO Marcus Ranum says he's surprised at how little information the NSA seems to have about which documents were stolen by Edward Snowden.
Insider threat prevention controls to thwart data breach incidents

Randy Trzeciak reviews recent data breach incidents and details the insider threat prevention controls that may have thwarted those attacks.
What are the effects of the ongoing NSA encryption-cracking scandal?

Video: Cryptography Research Inc. president Paul Kocher details how the ongoing NSA encryption-cracking scandal affects trusted crypto algorithms.
Mobile security strategy must go beyond malware monitoring

Monitoring for malware isn’t enough. Enterprise IT pros must evolve their security strategy in the mobile era, because you can bet attackers will.
Designing network security architecture: New trends, tools, techniques

Signature-based threat detection is losing effectiveness. Learn the latest methods to protect your network architecture from sophisticated attacks.
How to use Prey tracking software to mitigate enterprise BYOD risks

Video: Keith Barker of CBT Nuggets shows how to use Prey tracking software to track stolen and lost mobile devices and reduce enterprise BYOD risks.
How will Cisco-Sourcefire security combo affect Cisco product roadmap?

New Cisco CTO Martin Roesch says the Cisco product roadmap for network security will include a robust NGFW using Sourcefire technology.
Enhancing security with the right network architecture

Organizations need to be strategic about malware protection; re-architecting portions of the enterprise network could help.
AxCrypt tutorial: How to use AxCrypt for simple file encryption

Video: In this AxCrypt tutorial, Keith Barker of CBT Nuggets shows how to use AxCrypt, a free, open source tool for quick, simple file encryption.
Security analytics tools that improve visibility, provide protection

In this webcast Josh Sokol explores the system visibility problem and how IT pros can better spot and thwart threats in real time.
Sophisticated phishing: How to stay safe and save money

Enterprises must protect themselves from sophisticated attacks that can escape notice by host-based detection systems. Here's how.
How to use OpenPuff steganography to send sensitive info securely

Video: Keith Barker of CBT Nuggets demonstrates how to use OpenPuff steganography to hide sensitive information from prying eyes during transmission.
Origins of the NIST cybersecurity framework, encryption standards

Video: An expert says the NIST cybersecurity framework and encryption standards resulted from a thorough public vetting process.
How to mitigate the risk of Web malware infections with separation

Web malware is a significant threat to systems. This video explains how separation effectively reduces the risk of damage from Web-borne malware.
SIEM market update: Are SIEM products keeping up with current threats?

Video: Are SIEM products still a relevant choice for enterprises? Karen Scarfone of Scarfone Cybersecurity details the changes in the SIEM market.
Beazley offers incident response to go with cybersecurity insurance

Robert Wice, US focus group leader, Beazley Group, says the cyberinsurance company recently processed its 1,000th claim.
Enterprise UTM: A new breed of unified threat management devices

David Strom demonstrates the enterprise-grade features making unified threat management devices viable for large companies.
Tier two security: How breach detection systems detect malware better

Security expert John Pirc explores breach detection systems, an emerging tier two security technology in this video.
W3af tutorial: How to use w3af for a Web application security scan

In this screencast video, Keith Barker of CBT Nuggets offers a tutorial on how to perform a thorough Web application security scan using w3af.
State of security: Key components to gain insight into your security posture

In this presentation, Aaron Turner explores the key principals that are important for security practitioners to focus on to gain insight into their organization's security posture.
Do iOS 7 security features, Touch ID benefit Apple mobile security?

Video: Do new iOS 7 security features and the addition of Touch ID bring real benefits to Apple mobile security? Securosis CEO Rich Mogull discusses.
Why the NSA monitoring scandal matters to enterprise security

Video: Securosis CEO Rich Mogull explains how the NSA monitoring scandal has weakened enterprise security and what infosec pros should do about it.
Security vulnerability assessment secrets with Kevin Beaver

Webcast: The 'Hacking for Dummies' author explains how to improve vulnerability assessments with better planning, tools and respect for the process.
How to analyze malware with REMnux's reverse-engineering malware tools

Video: Keith Barker of CBT Nuggets demonstrates how to use the free reverse engineering malware tools in REMnux to analyze malware in apps and PDFs.
Implementing secure private cloud IaaS: Factors to consider

Video: Dave Shackleford explores security-related factors to consider when planning and implementing private cloud Infrastructure-as-a-Service.
SIEM architecture and operational processes

Anton Chuvakin describes why the success of your SIEM deployment is determined more by operational processes than by its architecture or a specific tool.
How to choose the best, most secure SSL certificate for the enterprise

Rob Shapland explains how to achieve SSL certificate security and select the certificate that will best ensure the trust of your organization's users.
How to use Nikto to scan for Web server vulnerabilities

Video: Keith Barker of CBT Nuggets shows how to use Nikto, a free and open source tool, to scan for outdated or vulnerable Web servers.
Next-generation firewall products: Ready or not, here they come

Video: David Strom explains how to succeed with next-gen firewall products and avoid problems caused by bad documentation and conflicting products.
Security Onion tutorial: Analyze network traffic using Security Onion

Video: In this Security Onion tutorial, Keith Barker of CBT Nuggets shows how to analyze network traffic using Security Onion's many free features.
DLP technologies: Reality check

Kevin Beaver's experiences with data loss prevention technologies will help you understand what data is at risk and what DLP can and can't do.
Armitage tutorial: How to use Armitage for vulnerability assessments

Video: In this Armitage tutorial, Keith Barker of CBT Nuggets shows how to use the Metasploit add-on to perform vulnerability assessments.
Data loss prevention tools: Understanding your options

Video: Kevin Beaver uses real-life experiences with data loss prevention tools to help you with your technology choices, rollout and management.
The endpoint data security revolution: Going beyond antivirus

Video: Mike Rothman assesses next-generation endpoint data security strategy and how to integrate endpoint technologies to spot persistent attackers.
Evaluating next-generation firewalls

In this presentation, Joel Snyder discusses best practices for evaluating next-generation firewalls.
How to use ThreadFix to simplify the vulnerability management process

Video: Keith Barker of CBT Nuggets demonstrates how Denim Group's ThreadFix helps simplify the enterprise vulnerability management process.
Closing the gap between IT security risk management and business risk

Video: It's a mistake to equate IT security risk and business risk. VerSprite's Tony UcedaVelez explains why, and offers advice on bridging the chasm.
An introduction to Web application threat modeling

Video: VerSprite's Tony UcedaVelez explains how Web application threat modeling assesses Web risk and how it differs from penetration testing.
Understanding database security issues

This presentation takes a look at vulnerabilities that directly affect database security and what enterprises should do to monitor database access to detect potential security incidents.
Zed Attack Proxy tutorial: Uncover Web app vulnerabilities using ZAP

Video: Keith Barker of CBT Nuggets offers a OWASP Zed Attack Proxy tutorial. Learn how to find and nullify Web application vulnerabilities using ZAP.
At Adobe, secure software development program demands 'ninja' tactics

Video: Adobe CSO Brad Arkin explains how his firm fosters secure software development by inspiring developers to become security 'ninjas.'
Kandek: Most secure Web browser may be one with fewest plug-ins

Video: Qualys CTO Wolfgang Kandek said plug-ins now affect Web browser security more than the browsers themselves.
Use the Android static analysis tool Dexter to safely deploy apps

Video: Keith Barker of CBT Nuggets demos Dexter, the Android static analysis tool that examines and securely deploys Android applications.
With SE Android, NSA looks toward more secure Android platform

Video: The NSA's Troy Lange discusses SE Android and how he hopes it will play a role in fostering improved Android platform security for enterprises.
Brad Arkin on Adobe's vulnerability disclosure policy, Group-IB claims

Video: Adobe software security chief Brad Arkin details the software giant's policy on vulnerability disclosure and Group-IB's Reader sandbox claims.
McGraw: Use VBSIMM software security model when buying software

Video: Gary McGraw explains how JPMorgan Chase and others use the VBSIMM security model to vet software purchased from third-party vendors.
Bruce Schneier: China cyberwar rhetoric risks dangerous implications

Video: Bruce Schneier explains why ongoing China cyberwar rhetoric evokes the wrong responses and may damage personal privacy, and ultimately freedom.
IPv6 implementation security advice from Check Point's Robert Hinden

IPv6 co-inventor Robert Hinden outlines IPv6 implementation security risks and a critical IPv6 security tip for working with network security vendors.
Use the Mandiant Redline memory analysis tool for threat assessments

Video: Keith Barker of CBT Nuggets shows how to use the Mandiant Redline memory analysis tool to conduct threat assessments, defeat rootkits.
International data protection: 'Evil maid' attacks, HDD cloning risks

Video: Cryptoseal CEO Ryan Lackey details the threats associated with international data protection, from cloned hard drives to evil maid attacks.
PayPal CISO hopes FIDO Alliance can help replace weak passwords

Video: PayPal CISO Michael Barrett discusses the FIDO Alliance launch and how the open standard for online authentication might help replace weak passwords.
Martin Roesch: Increase in cybersecurity breaches demands new tactics

Video: Sourcefire interim CEO Martin Roesch discusses the need for new tactics amid rampant cybersecurity breaches, plus APTs, big data and CISO priorities.
Bruce Schneier explains why there is no privacy on the Internet

Video: Bruce Schneier provides three examples to prove there is no privacy on the Internet. Is government regulation needed?
Gary McGraw on evolution of BSIMM maturity framework

Video: McGraw discusses the past and future of the BSIMM maturity framework for software security, and how vendors like Adobe and Microsoft measure up.
BYOD at the NSA? Maybe someday with mobile hardware root of trust

Video: Troy Lange discusses the issues thwarting BYOD at the NSA, and talks about promising mobile security technologies like hardware root of trust.
IPv6 security risks: How a teenager can hack IPv6 security

Video: Wolfgang Kandek discusses key IPv6 security risks, as well as how his teenage son was able to inadvertently hack IPv6 on his home network.
McGraw: Mobile app security issues demand trustworthy computing

Video: Cigital's Gary McGraw discusses the top mobile app security issues, and why it's time to apply trustworthy computing concepts to mobile devices.
Cryptoseal CEO Ryan Lackey on cloud VPN service

Video: The Cryptoseal CEO explains how his work as a military contractor in Iraq influenced his work at the cloud VPN service vendor.
Martin Roesch remembers John Burris; details new Sourcefire products

Video: Interim CEO Martin Roesch pays tribute to late CEO John Burris and discusses new Sourcefire products, including its incident response service.
PayPal's CISO on cybercrime prevention, Internet security issues

Video: PayPal CISO Michael Barrett discusses hot-button issues surrounding cybercrime prevention, Internet security and nation-state attacks.
Bruce Schneier on data privacy and Google's feudal model of security

Video: Bruce Schneier explains why Google, Apple and others have adopted a feudal model of security, and the resulting data privacy concerns.
RSA 2013: Brad Arkin outlines state of Adobe security, update strategy

Video: Adobe software security chief Brad Arkin discusses how his firm is responding to the recent increase in zero-day flaws.
The critical risks surrounding smart grid security: RSA 2013

Video: Robert Hinden of Check Point discusses the state of smart grid security and why it's so important to keep the critical infrastructure running.
NSA's Troy Lange details NSA mobile security strategy

Video: NSA mobility mission manager Troy Lange discusses the NSA mobile security strategy, including mistakes made and lessons learned.
How to use Microsoft's MAP toolkit security assessment application

Video: Keith Barker of CBT Nuggets details how to use Microsoft's MAP Toolkit security assessment application to find and report on vulnerable endpoints.
Tactical Success for Multiplatform Endpoint Security

In this presentation, Craig Mathias discusses the hottest trend in enterprise IT today: BYOD. This discussion focuses on bring your own device (BYOD) security challenges, security techniques and management strategies.
Creating a normalized corporate compliance program

It's essential for IT security managers to create a corporate compliance program to adhere to regulations while maintaining a productive workplace.
Meeting PCI DSS compliance requirements with a data management program

In order to meet PCI DSS requirements and compliance, it is important to organize and sort the data coming in by devising a data management plan.
Security data mining techniques to weed through data overload

These security data mining techniques will allow security professionals to find and tackle the real issues while overcoming data overload.
Mobile malware and social malware: Nipping new threats in the bud

Learn mobile and social media malware prevention tactics as contributor Lisa Phifer analyzes the malware risks of social media and mobile devices.
How to utilize NDPMon for better IPv6 monitoring, network visibility

Video: Keith Barker of CBT Nuggets demonstrates NDPMon, a free, open source security tool that can improve IPv6 monitoring and network visibility.
Threat detection taxonomy: Anomaly detection methods in the enterprise

Video: Diana Kelley offers an enterprise threat detection taxonomy and the pros and cons of the various anomaly detection methods.
Splunk video tutorial demonstrates how to use Splunk for security

Video: Keith Barker of CBT Nuggets walks viewers through a tutorial of how to use Splunk and shows how the free version can be used for IT security.
Peter Kuper on hacktivism, the evolution of hacking and mobile threats

In-Q-Tel's Peter Kuper discusses hacktivists’ desire for attention, and how the growing use of mobile devices is driving the evolution of hacking.