Privileged Access Security for Hybrid Cloud: Secure Amazon, Azure and Google Environments

Organizations are increasingly moving workloads to hosted Infrastructure-as-a-Service (IaaS) environments. In many cases, they are extending their data centers across one or more IaaS providers, creating hybrid cloud environments. This session will explore best practices for extending data centers to hosted environments, and review how to secure privileged access to hosted infrastructure and virtual machines […]

Read more

Insider Threat Analytics & Anomalous Behaviors

Employee suspicious access, behavior abuse, and exfiltration of confidential data could all be a result of Insider Threat. We need a new innovative way of thinking about security as rule, pattern and signature-based solutions are evaded easily. Learn how user & entity behavior analytics (UEBA) and Identity Analytics (IdA) leveraging the context of open choice […]

Read more

Security consideration for Microservices using Container Technology

Continuous Deployment and Cloud applications offer new opportunities in cyber security in allowing flexibility and rapid reaction to the ever-changing demands to protect cyber assets. However, new technologies also offer new possibilities and require new approaches in evaluating and improving the security posture for software applications as well as the infrastructure. This talk will explore […]

Read more

Building a Secure Foundation for the Internet of Things (IoT)

Connected devices provide a way for businesses to improve their operations and to provide enhanced services to customers.  They also can introduce significant security risks, as many devices that are now being connected were not designed with security in mind.  The fundamentals of the old adage of “garbage in, garbage out” are critical for IoT […]

Read more

Boosting Canada’s Cyber Immune System for Internet Health

As adversaries develop ways to make money through cybercrime and the number of attackers and suppliers of cybercrime tools are growing, organizations are finding it more difficult to protect themselves. This environment increasingly resembles an organism under attack from countless viruses, bacteria, parasites and toxic substances. To effectively defend against these threats, we can use […]

Read more

Security Automation and Orchestration That Won’t Get You Fired

Responding to security incidents is mostly firefighting -too much noise, not enough signal, and not enough analysts to work incidents when the signal is found. There is a direct link between the time to detection and volume of data stolen. Leveraging automation and orchestration in the investigation and response process is the key for finding […]

Read more

The State of the Phish and Response

The State of the Phish and Response is a look into many of the prevalent phishing campaigns that leverage ransomware, fileless malware, and tactics that bypass technology. Contrary to what some may still believe, attackers don’t rely on executables and other extensions typically restricted. What are attackers doing and what works in their campaigns? Additionally, […]

Read more

Cyber Crime and Financial Crime: different sides of the same coin

Rapidly evolving technology and business channels have resulted in the cyber landscape becoming a core tool for criminals conducting all facets of financial crime. Modern day criminals seek to steal information and commit various types of conventional fraud with coordinated efforts that increasingly leverage cyber technologies. Industries coping with compliance and/or processing financial transactions are […]

Read more

Hunting Ransomware: Automate protection to get ahead of the next global outbreak

Ransomware got “very real” this year with nearly every day delivering news of not just more localized attacks but of sweeping compromises, bringing entire organizations to a sudden halt. Organizations are demanding a comprehensive response and IT teams are struggling to deliver defenses that are effective but don’t cripple their productivity.  With a focus on […]

Read more

FAIL Panel

Join James Arlen and co. as they reflect on their careers and discuss the challenges (and failures) of being an InfoSec professional.

Read more

Defending Against Phishing: Effective Phishing Incident Response Using Employees, Incident Responders, and Intelligence.

As the security industry has continued to under invest in the human element of security, phishing has become the top attack vector for cyber criminals. Breaches continue to occur in record numbers, identification takes an exorbitantly long time, and the most preferred target is an organization’s people. Effective phishing defense and incident response involves empowering […]

Read more

Network virtualization to enhance context, visibility and containment

Looking at the assumptions underlying threat analysis tools in general, this session will examine how network virtualization, micro-segmentation and automation of policies are improving fundamental security properties such as context, visibility and threat containment, improving significantly the efficiency of these tools We will first look at the assumptions underlying threat modeling in general, the biggest […]

Read more

Securing a Cloud-Based Data Center

Interest in Cloud Computing continues to gain traction in Canada as evidenced by both Microsoft Azure and Amazon AWS opening Canadian based datacenters in 2016.  Trend Micro is helping deliver security controls in these environments by enabling automated deployment, management and reporting through standard devop configuration management tools such as CHEF, Puppet and Ansible.  Join […]

Read more

Global Encryption Usage is on the Rise!

In this session, Thales e-Security will discuss the global use of encryption – from backups to big data, from the data center to the cloud, and much more. Focusing on an independent research study conducted by the Ponemon Institute on behalf of Thales e-Security, we will address features of encryption solutions users find the most valuable […]

Read more

Next-Gen Now, Outsmarting ransomware, exploits and zero-day attacks

From rootkits to ransomware, old school security tools and strategies can’t keep pace with today’s advanced attacks. To be effective, you need to thwart the attack methods of advance persistent threats, leverage next-generation endpoint and network security intelligence to detect and isolate attacks, and address critical alerts with contextual security intelligence.  Join us to learn […]

Read more

Overwhelmed By Security Vulnerabilities? Learn How To Prioritize Remediation

IT departments are expected to protect their organizations from existing vulnerabilities and from the thousands of new ones disclosed every year. Unfortunately, when it comes to vulnerability remediation, many organizations face an excess of cyber-threats and a shortage of infosec professionals. To weather this storm, IT departments must prioritize remediation, so that they can promptly […]

Read more

Understanding Ransomware: Clear and Present Danger

Ransomware is a family of malware that ranks as one of the most dangerous of modern times. It is not a matter of how you will be infected, but a matter of when. In this presentation, we will look at some of the ransomwares in the wild and how they propagate and infect machines. We […]

Read more

Exposing Ransomware: Intelligent cybersecurity for the real world.

Ransomware has become a global plague costing organizations billions worldwide. It has moved from a single user-infection model to a network-wide infection model, recently bringing many sophisticated organizations to their knees. In the first half of this interactive discussion we will dive deep into the ransomware attack chain, examining how attackers leverage blind spots in […]

Read more

The Industry Need for Cloud Generation Security

The unprecedented power of cloud applications has opened up amazing new possibilities for IT organizations, lines-of-business, and users to empower work needs. Whether sanctioned or not, these cloud applications can have a dark side. The rapid pace of adoption has left most security and compliance teams behind. Users, devices and data are now interacting with a variety of […]

Read more

Insider Threat – The Soft Underbelly of CyberSecurity

Security teams, both in the enterprise and at cloud service providers, spend untold resources attempting to keep cyber criminals from infiltrating mission-critical data systems. However, survey data from Cloud Security Alliance (CSA) shows that attacks from malicious insiders are 4 times more common than Security realizes – likely because they are so hard to detect. […]

Read more

Dolla Dolla Bill Y’all: Cybercrime Cashouts

The hardest part of cybercrime is the cashout. The strategy for cashing out needs to be easy enough to make it worth your while and safe enough to stay out of the clink. With more and more focus on identifying and stopping credit card fraud, cybercrooks are diversifying their methods for cashing out. While criminals […]

Read more

Hijacking Arbitrary .NET Application Control Flow

This session will demonstrate attacking .NET applications at runtime. I will show how to modify running applications with advanced .NET and assembly level attacks that will give the ability to alter the control flow of any .NET application. New attack techniques and tools will be released to allow penetration testers to carry out advanced post […]

Read more

2015 State of Vulnerability Exploits

More than 7000 new and unique vulnerabilities will be disclosed this year. CSOs, CISOs and security professionals in IT are expected to keep their organizations safe not only from these new flaws but also from a ton of older security issues. An effective way to prioritize and mitigate the most relevant issues is by analyzing […]

Read more

Bulletproofing Your Incident Response Plan: Effective Tabletops

The pace of databreaches has reached epic proportions. Organizations large and small, in every industry are falling victim to hackers, hacktivists and nation states. Your intellectual property, data and bank accounts have never been at greater risk – it’s not if, but when your organization will be victimized. Testing and maintaining an effective Incident Response […]

Read more

Exploitation Trends: From Potential Risk to Actual Risk

Microsoft researchers have studied some of the exploits discovered over the past several years and the vulnerabilities they targeted. Understanding which vulnerabilities get exploited, who exploits them, the timing of exploitation, and the root causes, all help security professionals more accurately assess risk. Development practices that help minimize vulnerabilities will be discussed.

Read more

Business Backed CVEs – The Major Vulnerabilities of the Past Year

The past twelve months have seen an unprecedented number of vulnerabilities that strike at the core of the technologies that run our networks. This session will provide detailed demos of each of the major vulnerabilities released this year and discuss the impact for organizations. Attendees will hear from Brad Antoniewicz, Head of Research & Development […]

Read more

The Effective Use of Cyber Ranges for Application Performance and Security Resilience – Train Like You Fight!

Organizations worldwide face a dangerous shortage of Cyber Warriors with the skills required to defend against cyber terrorism. This urgent situation is made worse by the weaknesses and vulnerabilities that continue to pervade critical IT infrastructures – despite billions of dollars invested in cyber security measures. Answering these problems requires Internet-scale simulation environments, along with […]

Read more

Software Defined Networking / Attacker Defined Networking

In this session, the topic of Software Defined Networking (SDN) will be explored from a security perspective.  What SDN means today will be covered, using a lab setup using an OpenDaylight controller with networking gear from multiple vendors.  Openflow, Netconf and Yang protocols will all be discussed, explored and exploited! Security and reliability issues that […]

Read more

The Internet of Bad Things and Securing the Software Defined Data Center

This last minute session has no available abstract.

Read more

One Ring to Rule Them All – Hardware isolation and the future of virtualization security

The ring architecture of modern CPUs arose from the need to protect the OS kernel from malicious or buggy applications.  Unfortunately today’s OSes use only two of the four rings of the x86 architecture – and today’s security challenges are the result.  The complexity and large attack surface of a modern OS, together with trends […]

Read more

There’s no such thing as a coincidence – Discovering Novel Cyber Threats

Jim will provide an in-depth background of the changing cyber threat landscape, with specific focus on recent incidents including the cyber attack on Sony Pictures Entertainment, the massive data breach at Anthem Healthcare, and the compromise at the US Office of Personnel Management of nearly every US government employees’ personal information. Jim will share his […]

Read more

Automation is your Friend: Embracing SkyNet to Scale Cloud Security

Most network and security operations people hate automation. They like to press buttons themselves and maintain “control” of the processes. Cloud computing is going to be very disruptive as they realize their time tested processes go the way of the dodo bird. What they don’t realize is that the cloud actually increases the control they […]

Read more

Learning To Love Your Attackers

Opposing Forces (OPFOR) training is used by the military to help create realistic scenarios so that when they are deployed in battle they aren’t encountering situations for the first time. Whether it’s battle or incident response, that reaction time is critical to the success of a team. Most organizations have some degree of penetration testing […]

Read more

Advanced Threat Analytics: Adapt as Fast as Your Enemies

Today, the topic of cyber-security has moved from IT and the datacenter to the highest levels of the boardroom. Attacks and threats have grown substantially more sophisticated in frequency and severity. Attackers reside within a network an average of eight months before they are even detected. In the vast majority of attacks, they compromise user […]

Read more

CISO Survival Guide: How to thrive in the C-Suite and Boardroom

The CISO lives with a target on his/her back, usually lasts a mere 12-18 months and takes the fall for security issues often out of their control. Yet, this is a strategic, C-level position and essential to the success of any organization. The disconnect lies in the CISO being able to elevate their worth with their […]

Read more

Breaking and Fixing Python Applications

As the popularity of the Python programming language increases and consolidates its position as one of the most popular languages of its genre, only a few attempts have been made to assess how resistant it may be to attacks. We will review and test with practical examples some of the most common attack and defense mechanisms, by […]

Read more

Xenophobia is Hard on Data: Forced Localization, Data Storage, and Business Realities

“Our data is only safe within our borders!” “(The US|China|New Zealand|Vanuatu) is spying on our citizens!” “Don’t ship our citizens’ data overseas!” These rallying cries are calling for the same solution: forced data localization laws, where a country requires that all its citizens’ and corporations’ data be kept within the territory of that country. What’s […]

Read more

Detecting the Bear in Camp: How to Find Your True Vulnerabilities

Is it possible to be successful in a vulnerability centric world? Once you have great vulnerability management data, what do you do with it? Join this session to learn how to find and focus on your true vulnerabilities to build stronger security. You will: Learn how to optimize your vulnerability management program Get best practices […]

Read more

DevOps For The Home

This is the story one man’s personal trip to the cloud (and back) as he rebuilds his home network in a devops model, supported by virtual private cloud service. This presentation takes a micro look at cloud services, and the benefits and risks that come along with it for the average home user, as well […]

Read more

Complete Application Ownage via Multi-POST XSRF

This talk will discuss the risk posed by Cross Site Request Forgery (CSRF or XSRF) which is also known as session riding, or transaction injection. Many applications are vulnerable to XSRF, mitigation is difficult as it often requires re-engineering the entire application, and the threat they pose is often misunderstood. A live demo of identifying […]

Read more

Run Faster, Continuously Harden – Embracing DevOps to Secure All The Things

Infrastructure and application deployments are easy, but as security professionals we have to be conscious of the security concerns. Enter DevOps: pro-actively secure, reduce the attack surface, and automate changes at scale. Through a security focussed lens, we look at how embracing DevOps can reduce information security leakages for application and infrastructure deployments. In this […]

Read more

Effective Ways to Tackle Vulnerability Remediation

In this presentation, Dave will walk the attendees through the challenges facing most companies around dealing with vulnerabilities in their environments. Many companies are running tools or having scans performed against their network, and are being presented with a sea of information on discovered vulnerabilities along with information on how to address them. But most […]

Read more

Malware Activity in Mobile Networks – An Insider View

Mobile devices are becoming the target of choice for cybercriminals. This presentation will provide an in-depth view of the mobile malware that is currently active on the Internet. It will describe the infection rates, what the malware does, how it is monetized and the impact it has on network resources and the user experience. The […]

Read more

Stealthier Attacks and Smarter Defending with TLS Fingerprinting

Ever been busted because your man in the middle software (which does TLS properly) alerted someone to your bad certificate?  No more! Want to detect certain types of connections leaving your network, but can’t keep the IP blacklist up to date?  This could be the answer. This talk includes an introduction to both TLS and […]

Read more

Building Better Indicators: Crowdsourcing Malware IOCs

Over the past couple of years, malware naming from Major AV companies has been collapsing into more generic signatures. Although this may speed up detection and maintenance for AV companies, it can impact small teams which use AV detections as one of the indicators to quantify events during malware triage. This talk will cover a […]

Read more

SIEM and the Art of Log Management

Every business needs to monitor their systems. As a combined view of all network activity, a SIEM can be a powerful tool when managed properly. However, deciding whether to manage network security in-house or off-loading your data to a third party can be a difficult decision. Discover the costs and benefits of in-house vs third-party […]

Read more

What Google knows about you and your devices, and how to get it

With cloud forensics picking up, Google has become one of the most important sources of information about anyone who uses one or more Android devices – or doesn’t use Android at all. Google Account aggregates information about the user’s online behavior and offline activities, analyzes their communication, recommending places to visit and things to read. […]

Read more

Confessions of a Professional Cyber Stalker

For several years I developed and utilized various technologies and methods to track criminals leading to at least two dozen convictions. In the process of recovering stolen devices, larger crimes would be uncovered including drugs, theft rings, stolen cars, even a violent car jacking. Much of the evidence in these cases would be collected by […]

Read more

Incoming Threats At the Speed of Retail

It’s hard out there for a retailer. For one thing, there are particular challenges to securing a retail business, starting with thin margins and widely distributed environments, and ending with the overriding need to keep customers happy. For another, retailers are the targets of attacks both from criminals around the world and from those same […]

Read more

Knowing what happened is only half the battle.

This presentation will cover distinct advantages of Incident Response by working closely with Penetration Testers to provide a more holistic view of the threats to your network. We will also further explore how a breach like this happens.

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!
Fields marked with an * are required