Cloud Security is Application Security – Securing the Cloud as a Team

“Infrastructure” is software in the era of Cloud; you should consider the software design choices as they impact not only the application structure, but also security in the Cloud. The convergence of the AppDev team and the security team allows for securing the cloud throughout the process without impacting agility. Bringing security in at the […]

Read more

Cyber Crime and Financial Crime: different sides of the same coin

Rapidly evolving technology and business channels have resulted in the cyber landscape becoming a core tool for criminals conducting all facets of financial crime. Modern day criminals seek to steal information and commit various types of conventional fraud with coordinated efforts that increasingly leverage cyber technologies. Industries coping with compliance and/or processing financial transactions are […]

Read more

Hunting Ransomware: Automate protection to get ahead of the next global outbreak

Ransomware got “very real” this year with nearly every day delivering news of not just more localized attacks but of sweeping compromises, bringing entire organizations to a sudden halt. Organizations are demanding a comprehensive response and IT teams are struggling to deliver defenses that are effective but don’t cripple their productivity.  With a focus on […]

Read more

FAIL Panel

Join James Arlen and co. as they reflect on their careers and discuss the challenges (and failures) of being an InfoSec professional.

Read more

Defending Against Phishing: Effective Phishing Incident Response Using Employees, Incident Responders, and Intelligence.

As the security industry has continued to under invest in the human element of security, phishing has become the top attack vector for cyber criminals. Breaches continue to occur in record numbers, identification takes an exorbitantly long time, and the most preferred target is an organization’s people. Effective phishing defense and incident response involves empowering […]

Read more

Held for Ransom: Defending your Data Against Ransomware

This session will detail the evolution of ransomware, its methods of infection, and ways an organization can help protect itself and avoid having to pay a ransom. Hear from a Trustwave SpiderLabs forensic expert analyze a ransomware infection and its actions on a compromised system. Ransomware requires that we reassess our access control, intrusion detection, […]

Read more

Lessons from the Attack Chain: Bolster Your IR Program

It’s challenging to build out your Incident Detection & Response program when you’re wading in alerts and expected to cover cloud services, contractors, and remote workers, as well as your core infrastructure. In this session, Eric Sun will cover best practices from Rapid7’s Incident Response and Penetration Testing teams, and share the top gaps in […]

Read more

Network virtualization to enhance context, visibility and containment

Looking at the assumptions underlying threat analysis tools in general, this session will examine how network virtualization, micro-segmentation and automation of policies are improving fundamental security properties such as context, visibility and threat containment, improving significantly the efficiency of these tools We will first look at the assumptions underlying threat modeling in general, the biggest […]

Read more

Securing a Cloud-Based Data Center

Interest in Cloud Computing continues to gain traction in Canada as evidenced by both Microsoft Azure and Amazon AWS opening Canadian based datacenters in 2016.  Trend Micro is helping deliver security controls in these environments by enabling automated deployment, management and reporting through standard devop configuration management tools such as CHEF, Puppet and Ansible.  Join […]

Read more

Global Encryption Usage is on the Rise!

In this session, Thales e-Security will discuss the global use of encryption – from backups to big data, from the data center to the cloud, and much more. Focusing on an independent research study conducted by the Ponemon Institute on behalf of Thales e-Security, we will address features of encryption solutions users find the most valuable […]

Read more

Next-Gen Now, Outsmarting ransomware, exploits and zero-day attacks

From rootkits to ransomware, old school security tools and strategies can’t keep pace with today’s advanced attacks. To be effective, you need to thwart the attack methods of advance persistent threats, leverage next-generation endpoint and network security intelligence to detect and isolate attacks, and address critical alerts with contextual security intelligence.  Join us to learn […]

Read more

Overwhelmed By Security Vulnerabilities? Learn How To Prioritize Remediation

IT departments are expected to protect their organizations from existing vulnerabilities and from the thousands of new ones disclosed every year. Unfortunately, when it comes to vulnerability remediation, many organizations face an excess of cyber-threats and a shortage of infosec professionals. To weather this storm, IT departments must prioritize remediation, so that they can promptly […]

Read more

Understanding Ransomware: Clear and Present Danger

Ransomware is a family of malware that ranks as one of the most dangerous of modern times. It is not a matter of how you will be infected, but a matter of when. In this presentation, we will look at some of the ransomwares in the wild and how they propagate and infect machines. We […]

Read more

Exposing Ransomware: Intelligent cybersecurity for the real world.

Ransomware has become a global plague costing organizations billions worldwide. It has moved from a single user-infection model to a network-wide infection model, recently bringing many sophisticated organizations to their knees. In the first half of this interactive discussion we will dive deep into the ransomware attack chain, examining how attackers leverage blind spots in […]

Read more

The Industry Need for Cloud Generation Security

The unprecedented power of cloud applications has opened up amazing new possibilities for IT organizations, lines-of-business, and users to empower work needs. Whether sanctioned or not, these cloud applications can have a dark side. The rapid pace of adoption has left most security and compliance teams behind. Users, devices and data are now interacting with a variety of […]

Read more

An Effective Approach to Automating Compliance Activities

It seems that every day another company is breached, and a new standard or framework is proposed to help us handle this cybersecurity crisis. What most companies realize, although the regulators don’t seem to, is that we’re already overwhelmed performing our day-to-day tasks; adding these additional compliance activities onto our workload simply doesn’t work, at least […]

Read more

The Cyber Security Readiness of Canadian Organizations

We surveyed 654 IT and IT security practitioners in Canada to answer the following questions: Do organizations feel more or less prepared to deal with attacks than last year? How have cyber attacks targeting Canadian organizations changed in the past year? What is the average cost of cyber attacks for Canadian organizations? What cyber security […]

Read more

Rethinking Threat Intelligence

Optiv research has identified that one of the key challenges to Cyber Threat Intelligence providing impact is that the term “threat intelligence” has become heavily diluted and attached to a very diverse array of products, services and capabilities which are not easily adopted across the various enterprise security use cases. Our experience has shown that […]

Read more

Eliminating the Automation and Integration Risks of the “Security Frankenstein”

The solution workflow of today’s Security Operations Center (SOC) can be described as a “Security Frankenstein”—where each “limb” is a disparate solution that has been cobbled together in hopes of “orchestrating” the steps in the security kill chain. The result is an ineffective, costly, and cumbersome approach to the security workflow that increases risk and […]

Read more

The Emerging Era of Cognitive Security

Today, businesses and data security leaders are looking for ways to better anticipate and even predict threats before they happen. Companies have a huge amount of data to process and very little time to do it, and new forms of targeted attacks have evolved. These new threats require new thinking, and that’s where the latest […]

Read more

Why Technology is Not the Answer to Cybersecurity

Protecting yourself from a cyberattack is no longer about technology. While technology is inherently important to any cybersecurity solution, it’s only one piece of the puzzle. And more often than not, the other two pieces are overlooked: people and process. Before adopting the next security technology trend, it’s important to understand what you’re trying to […]

Read more

Stopping the Attacker You Know

One of the most challenging threats to mitigate is the “trusted employee”.   They have a position on the inside of your network, they have ownership of a trusted computer and they have basic knowledge of the information assets available. This presentation uses data from our penetration testing team to describe the specific techniques any employee […]

Read more

When ‘Oops’ Isn’t An Acceptable Answer

You probably have an IT budget which includes security to some extent. You realize security is important but just don’t have the amount of people that you need to handle the influx of new exploits as well as manage day to day operations. Learning from others is always a good practice, however with most companies, […]

Read more

Advanced Threats: Eliminating the Blind Spot

Unfortunately, it’s a foregone conclusion that no organization is 100% safe from a breach. With 49% of security leaders believing zero day attacks against their network will be the most prevalent over the next three years and 65% saying attacks have evaded current preventative security controls, it’s all about mitigating risk and the potential impact […]

Read more

Ensuring the Success of Your IAM Project

Identity and access management (IAM) projects are traditionally some of the most important (and most difficult) security activities that organizations must undertake. We hear of companies in the fifth year of their two-year IAM project, millions of dollars over budget and there is no end in sight. It’s a common occurrence. But it doesn’t have […]

Read more

Taking back Endpoint Control!

When it comes to endpoint security, it has been said that the best way to keep an infected device from causing damage to the broader network is to keep it turned off once it is compromised. While this method of quarantining an endpoint may be a quick fix, for obvious reasons it is not very […]

Read more

Mitigating the Alert – Impact Prevention in a super active security battlefield

In this session we will demonstrate how to achieve continuous monitoring and mitigation capabilities that better leverage your infrastructure investments and optimize your IT resources. Most companies have deployed a number of technologies that make up the SANS Top 20, but the challenge is how to ensure these technologies integrate to provide the layers of […]

Read more

Knowing what happened is only half the battle.

This presentation will cover distinct advantages of Incident Response by working closely with Penetration Testers to provide a more holistic view of the threats to your network. We will also further explore how a breach like this happens.

Read more

Certifi-gate: Has your Android device been Pwned?

Hundreds of millions of Android devices are at risk of being hijacked by a new and previously unknown threat. Certifi-gate is a set of vulnerabilities in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs used by virtually every Android device maker and network service provider. Exploitation gives malicious apps unrestricted […]

Read more

Effective Ways to Tackle Vulnerability Remediation

In this presentation, Dave will walk the attendees through the challenges facing most companies around dealing with vulnerabilities in their environments. Many companies are running tools or having scans performed against their network, and are being presented with a sea of information on discovered vulnerabilities along with information on how to address them. But most […]

Read more

Exposing Advanced Threats: How big data analytics is changing the way advanced threat defense is deployed, managed and measured

Today’s advanced malware hides in plain sight, patiently waiting to strike, challenging security teams to track its progress across their network and endpoints. As attacks are gaining speed and sophistication, the security industry is by delivering advanced big data analytics—analyzing data about data to block breach attempts, improve security everywhere, and retroactively respond to new […]

Read more

The State of Software Security

According to Verizon’s 2015 Data Breach Investigations Report, one of the leading causes of data breaches over the past two years has been vulnerable applications. Yet, analytics collected by Veracode from more than 200,000 application risk assessments over the last 18 months found a wide disparity in how the problem is addressed across industries. In […]

Read more

Detecting the Bear in Camp: How to Find Your True Vulnerabilities

Is it possible to be successful in a vulnerability centric world? Once you have great vulnerability management data, what do you do with it? Join this session to learn how to find and focus on your true vulnerabilities to build stronger security. You will: Learn how to optimize your vulnerability management program Get best practices […]

Read more

SIEM and the Art of Log Management

Every business needs to monitor their systems. As a combined view of all network activity, a SIEM can be a powerful tool when managed properly. However, deciding whether to manage network security in-house or off-loading your data to a third party can be a difficult decision. Discover the costs and benefits of in-house vs third-party […]

Read more

Insider Threat – The Soft Underbelly of CyberSecurity

Security teams, both in the enterprise and at cloud service providers, spend untold resources attempting to keep cyber criminals from infiltrating mission-critical data systems. However, survey data from Cloud Security Alliance (CSA) shows that attacks from malicious insiders are 4 times more common than Security realizes – likely because they are so hard to detect. […]

Read more

Browser and Environment Hardening

In today’s threat landscape, many corporate users are being compromised by exploit kits and phishing campaigns. These offensive techniques are successful because they target outdated software and unsuspecting users. There are tools and configuration options to help prevent the execution of malicious binaries, the exploitation of web browsers, and the third party applications that are […]

Read more

Building Better Indicators: Crowdsourcing Malware IOCs

Over the past couple of years, malware naming from Major AV companies has been collapsing into more generic signatures. Although this may speed up detection and maintenance for AV companies, it can impact small teams which use AV detections as one of the indicators to quantify events during malware triage. This talk will cover a […]

Read more

Changing the Game of Threat Hunting

Cybercrime makes victims of all who are targeted. In today’s thriving hyper-connected, global marketplace threat actors ruthlessly find IT gateways and disconnected system-doorways to crawl through, rendering enterprises sitting ducks looking over their shoulder and bracing for an inevitable attack. Well, what if you could flip the script? What if your enterprise could hunt for […]

Read more

Business Backed CVEs – The Major Vulnerabilities of the Past Year

The past twelve months have seen an unprecedented number of vulnerabilities that strike at the core of the technologies that run our networks. This session will provide detailed demos of each of the major vulnerabilities released this year and discuss the impact for organizations. Attendees will hear from Brad Antoniewicz, Head of Research & Development […]

Read more

Advanced Threat Analytics: Adapt as Fast as Your Enemies

Today, the topic of cyber-security has moved from IT and the datacenter to the highest levels of the boardroom. Attacks and threats have grown substantially more sophisticated in frequency and severity. Attackers reside within a network an average of eight months before they are even detected. In the vast majority of attacks, they compromise user […]

Read more

2015 State of Vulnerability Exploits

More than 7000 new and unique vulnerabilities will be disclosed this year. CSOs, CISOs and security professionals in IT are expected to keep their organizations safe not only from these new flaws but also from a ton of older security issues. An effective way to prioritize and mitigate the most relevant issues is by analyzing […]

Read more

One Ring to Rule Them All – Hardware isolation and the future of virtualization security

The ring architecture of modern CPUs arose from the need to protect the OS kernel from malicious or buggy applications.  Unfortunately today’s OSes use only two of the four rings of the x86 architecture – and today’s security challenges are the result.  The complexity and large attack surface of a modern OS, together with trends […]

Read more

CYDBA: Protecting Your Applications’ Rear End

Businesses have a long way to go in protecting their applications but even farther to go in securing those applications’ rear end—databases. While insecure applications provide a conduit for attack, the confidential data sought by thieves resides in the database. To illustrate why databases deserve the same security scrutiny as their more visible application front […]

Read more

Check Point Compliance Software Solutions “Your Second Set of Eyes”

No one in the Security Industry wants to talk compliance and most of us think of it as a burden.  Since almost all organizations today have to comply with some regulations, it has become important for us to discuss. The session will explore how compliance and network security are tied together and by simply improving […]

Read more

Fighting Next-Generation Adversaries with Shared Threat Intelligence

Adversaries today are technically advanced, structured around an underground governed by market forces, and using paradigm shifts in technology to compromise more victims. Through specialization and collaboration, attackers are becoming more effective and continue to cause widespread damage, even as systems become more secure. However, recent advances in technology provide the foundation for a new […]

Read more

Security for the People: End-User Authentication Security on the Internet

Despite the continued success by attackers to brute-force accounts, phish credentials, and otherwise impact the online security of consumers, a large portion of the sites and services consumers utilize still don’t take authentication security seriously enough. This presentation will review recent research into the state of end-user-facing authentication security as it relates to strong authentication, […]

Read more

A New Way to Look at Endpoint Security – IT’s Job in a Connected World

Session 1: The Evolving Adversary Calls for a New Way to Look at Endpoint Security An organization’s employees are a threat actor’s most desirable and easily exploited target, ultimately gaining access to your entire network. Visibility into the by-products from keystrokes, contextualized with intelligence, is critical to pinpoint exactly where you are compromised and who […]

Read more

Next Generation SOC: Building a Learning Security Ecosystem Using HP ArcSight Technology

The concept of defense in depth has attracted a lot of attention over the past decade. Several organizations have invested heavily in a broad collection of technologies in an effort to better secure their information. The objective of defense in depth is to use complementary technologies to cover the gaps and limitations of each other […]

Read more

4 Undeniable Truths about Advanced Threat Protection

Are you prepared for the next attack targeting your organization? Multi-faceted, persistent threats continue to increase and evolve, evading traditional stand-alone security technologies and forcing a critical need for an integrated, multi-dimensional approach. Today’s targeted attacks require the ability to disrupt the attack lifecycle in order to prevent further compromise. This session will discuss the […]

Read more

OS Legacy Systems

Legacy operating systems in an unsecure world. Many organizations are still running applications on legacy operating systems for one reason or another. Be it their applications do not run on newer operating systems or hardware or simply a matter of cost. In April 2014 Microsoft stopped patch support for Windows XP and in July 2015 […]

Read more
Subscribe to the Sector Blog
Enter your contact information below to have future blog posts delivered directly to your inbox!