The Future of Privacy

CIPPIC, the Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic, is Canada’s only public interest technology law clinic. CIPPIC is unique in Canada, bringing together a team of expert legal professionals and students to advocate for the public interest in policy debates arising from the intersection of law and technology. Defense of privacy rights and […]

Read more

Threat hunting demystified – Strengthening risk management through proactive investigation and response

Despite billions spent on security technology each year, it seems little progress has been made to reclaim the advantage from attackers.  Modest reconnaissance by a malicious actor often results in a better understanding of an environment than the defenders who own and operate it.  At the heart of the problem lies one simple truth: know […]

Read more

Privileged Access Security for Hybrid Cloud: Secure Amazon, Azure and Google Environments

Organizations are increasingly moving workloads to hosted Infrastructure-as-a-Service (IaaS) environments. In many cases, they are extending their data centers across one or more IaaS providers, creating hybrid cloud environments. This session will explore best practices for extending data centers to hosted environments, and review how to secure privileged access to hosted infrastructure and virtual machines […]

Read more

How to Ramp Up Security Operations to Stop Advanced Threats

As attacks have become more sophisticated and continue to evolve, static technologies can’t keep up. Siloed solutions fragment your defenses. It takes power and precision to stop attacks. Join this session where we will explore; Do you have an intelligent, orchestrated and automated approach to prevent, detect and respond to threats? How did GFL Environmental […]

Read more

Insider Threat Analytics & Anomalous Behaviors

Employee suspicious access, behavior abuse, and exfiltration of confidential data could all be a result of Insider Threat. We need a new innovative way of thinking about security as rule, pattern and signature-based solutions are evaded easily. Learn how user & entity behavior analytics (UEBA) and Identity Analytics (IdA) leveraging the context of open choice […]

Read more

Security consideration for Microservices using Container Technology

Continuous Deployment and Cloud applications offer new opportunities in cyber security in allowing flexibility and rapid reaction to the ever-changing demands to protect cyber assets. However, new technologies also offer new possibilities and require new approaches in evaluating and improving the security posture for software applications as well as the infrastructure. This talk will explore […]

Read more

Building a Secure Foundation for the Internet of Things (IoT)

Connected devices provide a way for businesses to improve their operations and to provide enhanced services to customers.  They also can introduce significant security risks, as many devices that are now being connected were not designed with security in mind.  The fundamentals of the old adage of “garbage in, garbage out” are critical for IoT […]

Read more

Moving Up the Security Maturity Curve – The Sisyphean Task

Compressed timelines, skill gaps, staff shortages, and an endless sea of new security technology options challenge organizations to keep pace with rapidly advancing threats. It’s easy for technology leaders to fall into the trap of spending their entire budget on bigger firewalls and trendy new endpoint solutions, while ignoring the simple things. Sometimes the best […]

Read more

Decoding Cyberespionage from Insider Mistakes

People are not computers. This seems like an obvious statement, but many of our security controls treat people as though they are neat streams of code. This can cause problems when it comes to insider threat programs. If we approach insider threat analysis as a black and white then we risk more than wasted time […]

Read more

Boosting Canada’s Cyber Immune System for Internet Health

As adversaries develop ways to make money through cybercrime and the number of attackers and suppliers of cybercrime tools are growing, organizations are finding it more difficult to protect themselves. This environment increasingly resembles an organism under attack from countless viruses, bacteria, parasites and toxic substances. To effectively defend against these threats, we can use […]

Read more

Prioritizing Vulnerability Remediation From an Attacker’s Perspective

While IT departments constantly battle against a tsunami of ever-increasing volumes of annual vulnerability disclosures, lack of visibility into the attacker’s perspective means that they retain an advantage, and still continue to breach organizations, causing massive damages to business. In this presentation, we will discuss a year-long study of vulnerability attributes, exploits and attack trends […]

Read more

The Spy in Your Pocket

You walk into a meeting and the person you are about to talk to informs you that they will be video and audio recording everything. Would that change what you might say or do? What if we told you that your mobile device could be doing that, or worse, to you already? Visit this session […]

Read more

The Power Of Integration

As cyber criminals grow more aggressive, organizations are installing new security tools to protect themselves against threats. In fact, the average enterprise runs 508 applications and allows 89 different vendors to access their network each week. (Source Bomgar.com and Forbes.com) You likely manage dozens of security tools across your organization– from firewalls to authentication software. […]

Read more

Security Automation and Orchestration That Won’t Get You Fired

Responding to security incidents is mostly firefighting -too much noise, not enough signal, and not enough analysts to work incidents when the signal is found. There is a direct link between the time to detection and volume of data stolen. Leveraging automation and orchestration in the investigation and response process is the key for finding […]

Read more

The State of the Phish and Response

The State of the Phish and Response is a look into many of the prevalent phishing campaigns that leverage ransomware, fileless malware, and tactics that bypass technology. Contrary to what some may still believe, attackers don’t rely on executables and other extensions typically restricted. What are attackers doing and what works in their campaigns? Additionally, […]

Read more

Skin​ ​in​ ​the​ ​Game:​ ​How​ ​Security​ ​Teams​ ​are​ ​Scaling​ ​Through​ ​IT​ ​Orchestration

It’s​ ​a​ ​universal​ ​truth​ ​acknowledged​ ​that​ ​IT​ ​and​ ​security​ ​teams​ ​have​ ​too​ ​much​ ​to​ ​do,​ ​and​ ​never enough​ ​resources​ ​to​ ​do​ ​it.​ ​Traditionally,​ ​there​ ​are​ ​tactical​ ​tasks​ ​that​ ​security​ ​organizations​ ​own,​ ​but invest​ ​far​ ​too​ ​many​ ​resources​ ​in:​ ​alert​ ​triage,​ ​managing​ ​vulnerabilities,​ ​and​ ​more.​ ​These​ ​tasks​ ​lead to​ ​alert​ ​fatigue,​ ​but​ ​worse,​ ​they​ ​suck​ ​up​ […]

Read more

Building Your Own Automated Malware Analysis Lab for Insights on Active Threats.

Understanding the mechanics of malware attacks is critical for remediation and for preventing similar attempts in the future. Malware analysis can provide valuable insights into the adversaries goals, especially when they are targeted. While cloud based malware analysis tools exist, they are largely inflexible. An in-house lab environment can offer more customization, automation and enhanced […]

Read more

Take Best Practices to the Next Level

Despite all of the advances in technology, we still aren’t doing a good enough job in basic house-keeping, The result is avoidable breaches and network compromises, we read about them daily. Leveraging best practices but not actually implementing formal processes and solutions isn’t cutting it any longer, as more and more companies who think they […]

Read more

Cloud Security is Application Security – Securing the Cloud as a Team

“Infrastructure” is software in the era of Cloud; you should consider the software design choices as they impact not only the application structure, but also security in the Cloud. The convergence of the AppDev team and the security team allows for securing the cloud throughout the process without impacting agility. Bringing security in at the […]

Read more

Cyber Crime and Financial Crime: different sides of the same coin

Rapidly evolving technology and business channels have resulted in the cyber landscape becoming a core tool for criminals conducting all facets of financial crime. Modern day criminals seek to steal information and commit various types of conventional fraud with coordinated efforts that increasingly leverage cyber technologies. Industries coping with compliance and/or processing financial transactions are […]

Read more

Hunting Ransomware: Automate protection to get ahead of the next global outbreak

Ransomware got “very real” this year with nearly every day delivering news of not just more localized attacks but of sweeping compromises, bringing entire organizations to a sudden halt. Organizations are demanding a comprehensive response and IT teams are struggling to deliver defenses that are effective but don’t cripple their productivity.  With a focus on […]

Read more

FAIL Panel

Join James Arlen and co. as they reflect on their careers and discuss the challenges (and failures) of being an InfoSec professional.

Read more

Defending Against Phishing: Effective Phishing Incident Response Using Employees, Incident Responders, and Intelligence.

As the security industry has continued to under invest in the human element of security, phishing has become the top attack vector for cyber criminals. Breaches continue to occur in record numbers, identification takes an exorbitantly long time, and the most preferred target is an organization’s people. Effective phishing defense and incident response involves empowering […]

Read more

Held for Ransom: Defending your Data Against Ransomware

This session will detail the evolution of ransomware, its methods of infection, and ways an organization can help protect itself and avoid having to pay a ransom. Hear from a Trustwave SpiderLabs forensic expert analyze a ransomware infection and its actions on a compromised system. Ransomware requires that we reassess our access control, intrusion detection, […]

Read more

Lessons from the Attack Chain: Bolster Your IR Program

It’s challenging to build out your Incident Detection & Response program when you’re wading in alerts and expected to cover cloud services, contractors, and remote workers, as well as your core infrastructure. In this session, Eric Sun will cover best practices from Rapid7’s Incident Response and Penetration Testing teams, and share the top gaps in […]

Read more

Network virtualization to enhance context, visibility and containment

Looking at the assumptions underlying threat analysis tools in general, this session will examine how network virtualization, micro-segmentation and automation of policies are improving fundamental security properties such as context, visibility and threat containment, improving significantly the efficiency of these tools We will first look at the assumptions underlying threat modeling in general, the biggest […]

Read more

Securing a Cloud-Based Data Center

Interest in Cloud Computing continues to gain traction in Canada as evidenced by both Microsoft Azure and Amazon AWS opening Canadian based datacenters in 2016.  Trend Micro is helping deliver security controls in these environments by enabling automated deployment, management and reporting through standard devop configuration management tools such as CHEF, Puppet and Ansible.  Join […]

Read more

Global Encryption Usage is on the Rise!

In this session, Thales e-Security will discuss the global use of encryption – from backups to big data, from the data center to the cloud, and much more. Focusing on an independent research study conducted by the Ponemon Institute on behalf of Thales e-Security, we will address features of encryption solutions users find the most valuable […]

Read more

Next-Gen Now, Outsmarting ransomware, exploits and zero-day attacks

From rootkits to ransomware, old school security tools and strategies can’t keep pace with today’s advanced attacks. To be effective, you need to thwart the attack methods of advance persistent threats, leverage next-generation endpoint and network security intelligence to detect and isolate attacks, and address critical alerts with contextual security intelligence.  Join us to learn […]

Read more

Overwhelmed By Security Vulnerabilities? Learn How To Prioritize Remediation

IT departments are expected to protect their organizations from existing vulnerabilities and from the thousands of new ones disclosed every year. Unfortunately, when it comes to vulnerability remediation, many organizations face an excess of cyber-threats and a shortage of infosec professionals. To weather this storm, IT departments must prioritize remediation, so that they can promptly […]

Read more

Understanding Ransomware: Clear and Present Danger

Ransomware is a family of malware that ranks as one of the most dangerous of modern times. It is not a matter of how you will be infected, but a matter of when. In this presentation, we will look at some of the ransomwares in the wild and how they propagate and infect machines. We […]

Read more

Exposing Ransomware: Intelligent cybersecurity for the real world.

Ransomware has become a global plague costing organizations billions worldwide. It has moved from a single user-infection model to a network-wide infection model, recently bringing many sophisticated organizations to their knees. In the first half of this interactive discussion we will dive deep into the ransomware attack chain, examining how attackers leverage blind spots in […]

Read more

The Industry Need for Cloud Generation Security

The unprecedented power of cloud applications has opened up amazing new possibilities for IT organizations, lines-of-business, and users to empower work needs. Whether sanctioned or not, these cloud applications can have a dark side. The rapid pace of adoption has left most security and compliance teams behind. Users, devices and data are now interacting with a variety of […]

Read more

An Effective Approach to Automating Compliance Activities

It seems that every day another company is breached, and a new standard or framework is proposed to help us handle this cybersecurity crisis. What most companies realize, although the regulators don’t seem to, is that we’re already overwhelmed performing our day-to-day tasks; adding these additional compliance activities onto our workload simply doesn’t work, at least […]

Read more

The Cyber Security Readiness of Canadian Organizations

We surveyed 654 IT and IT security practitioners in Canada to answer the following questions: Do organizations feel more or less prepared to deal with attacks than last year? How have cyber attacks targeting Canadian organizations changed in the past year? What is the average cost of cyber attacks for Canadian organizations? What cyber security […]

Read more

Rethinking Threat Intelligence

Optiv research has identified that one of the key challenges to Cyber Threat Intelligence providing impact is that the term “threat intelligence” has become heavily diluted and attached to a very diverse array of products, services and capabilities which are not easily adopted across the various enterprise security use cases. Our experience has shown that […]

Read more

Eliminating the Automation and Integration Risks of the “Security Frankenstein”

The solution workflow of today’s Security Operations Center (SOC) can be described as a “Security Frankenstein”—where each “limb” is a disparate solution that has been cobbled together in hopes of “orchestrating” the steps in the security kill chain. The result is an ineffective, costly, and cumbersome approach to the security workflow that increases risk and […]

Read more

The Emerging Era of Cognitive Security

Today, businesses and data security leaders are looking for ways to better anticipate and even predict threats before they happen. Companies have a huge amount of data to process and very little time to do it, and new forms of targeted attacks have evolved. These new threats require new thinking, and that’s where the latest […]

Read more

Why Technology is Not the Answer to Cybersecurity

Protecting yourself from a cyberattack is no longer about technology. While technology is inherently important to any cybersecurity solution, it’s only one piece of the puzzle. And more often than not, the other two pieces are overlooked: people and process. Before adopting the next security technology trend, it’s important to understand what you’re trying to […]

Read more

Stopping the Attacker You Know

One of the most challenging threats to mitigate is the “trusted employee”.   They have a position on the inside of your network, they have ownership of a trusted computer and they have basic knowledge of the information assets available. This presentation uses data from our penetration testing team to describe the specific techniques any employee […]

Read more

When ‘Oops’ Isn’t An Acceptable Answer

You probably have an IT budget which includes security to some extent. You realize security is important but just don’t have the amount of people that you need to handle the influx of new exploits as well as manage day to day operations. Learning from others is always a good practice, however with most companies, […]

Read more

Advanced Threats: Eliminating the Blind Spot

Unfortunately, it’s a foregone conclusion that no organization is 100% safe from a breach. With 49% of security leaders believing zero day attacks against their network will be the most prevalent over the next three years and 65% saying attacks have evaded current preventative security controls, it’s all about mitigating risk and the potential impact […]

Read more

Ensuring the Success of Your IAM Project

Identity and access management (IAM) projects are traditionally some of the most important (and most difficult) security activities that organizations must undertake. We hear of companies in the fifth year of their two-year IAM project, millions of dollars over budget and there is no end in sight. It’s a common occurrence. But it doesn’t have […]

Read more

Taking back Endpoint Control!

When it comes to endpoint security, it has been said that the best way to keep an infected device from causing damage to the broader network is to keep it turned off once it is compromised. While this method of quarantining an endpoint may be a quick fix, for obvious reasons it is not very […]

Read more

Mitigating the Alert – Impact Prevention in a super active security battlefield

In this session we will demonstrate how to achieve continuous monitoring and mitigation capabilities that better leverage your infrastructure investments and optimize your IT resources. Most companies have deployed a number of technologies that make up the SANS Top 20, but the challenge is how to ensure these technologies integrate to provide the layers of […]

Read more

Knowing what happened is only half the battle.

This presentation will cover distinct advantages of Incident Response by working closely with Penetration Testers to provide a more holistic view of the threats to your network. We will also further explore how a breach like this happens.

Read more

Certifi-gate: Has your Android device been Pwned?

Hundreds of millions of Android devices are at risk of being hijacked by a new and previously unknown threat. Certifi-gate is a set of vulnerabilities in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs used by virtually every Android device maker and network service provider. Exploitation gives malicious apps unrestricted […]

Read more

Effective Ways to Tackle Vulnerability Remediation

In this presentation, Dave will walk the attendees through the challenges facing most companies around dealing with vulnerabilities in their environments. Many companies are running tools or having scans performed against their network, and are being presented with a sea of information on discovered vulnerabilities along with information on how to address them. But most […]

Read more

Exposing Advanced Threats: How big data analytics is changing the way advanced threat defense is deployed, managed and measured

Today’s advanced malware hides in plain sight, patiently waiting to strike, challenging security teams to track its progress across their network and endpoints. As attacks are gaining speed and sophistication, the security industry is by delivering advanced big data analytics—analyzing data about data to block breach attempts, improve security everywhere, and retroactively respond to new […]

Read more

The State of Software Security

According to Verizon’s 2015 Data Breach Investigations Report, one of the leading causes of data breaches over the past two years has been vulnerable applications. Yet, analytics collected by Veracode from more than 200,000 application risk assessments over the last 18 months found a wide disparity in how the problem is addressed across industries. In […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!
Fields marked with an * are required