It is no surprise that many organizations are undergoing a digital transformation in response to a rapidly evolving security landscape. The migration to cloud, the rise in a mobile workforce, rapid proliferation of data and increasing need to collaborate across cloud applications present an added layer of complexity for organizations building out a security strategy. […]
Read moreSecurity is often misunderstood and addressed in the last stages of a build. Operationally, it’s ignored until there is an emergency. In this talk, we review a few advanced security processes and discuss how to easily automate them using common tools in the Cloud. This approach will help you and your team increase the security […]
Read moreWith 23 MCU movies, I have learned some valuable lessons surrounding cybersecurity. Why didn’t Jarvis run on a segmented network (Avengers: Age of Ultron)? Why didn’t Edith have 2-FactorAuthentication (Spider-Man: Far from Home)? Let’s explore how, if Shield had implemented cybersecurity frameworks such as Mitre ATT@CK, they could have saved New York with much less […]
Read moreThis presentation is a non-technical, introductory-level presentation of current APT threats (from a North American perspective). The focus of this presentation will be the geo-political environment that motivates APT activity from one nation-state to another. We will cover a selection of nation-state activities, focusing on the most prevalent and prolific. We will additionally cover a small selection of […]
Read moreImagine using a risk score to determine whether to grant a user access to an application, a system, a device. Wouldn’t it be a huge time-saver if you could auto-approve low risk access requests instead of manually granting such requests? On the flip side, wouldn’t it be great to automatically ensure that privileged access requests […]
Read moreMany enterprises are focused on prevention and are too busy with day-to-day firefights to look beyond the flames and think about how to recover. Beyond preventing attacks, organizations need to focus on detection and response. It’s no longer a matter of if you’re going to be attacked, but when. Join this session to: Learn the […]
Read moreIt’s no longer a matter of “if”, but “when”. As the world becomes more mobile and connected, cyberattacks continue to rapidly grow in frequency and sophistication, placing your company’s data and personal information at risk. Are you protected? While organizations are aware of the growing threat, most are overly focused on security software and data […]
Read moreThe shift from legacy data collection and storage models to cloud has resulted in new paradigms in data management. Add to this more sophisticated and motivated adversaries, along with innovation in the manner in which they attack, and it yields a perfect storm of a complex attack surface, combined with multi-phased and multi-vector attacks. Today’s […]
Read moreIn Philip K. Dick’s 1956 “The Minority Report,” murder ceased to occur due to the work of the “Pre-Crime Division,” which anticipated and prevented violent killings before they happened. Today, we are only beginning to see the impact of predictive analytics upon cybersecurity—especially for insider threat detection and prevention. Based on user interaction with data, […]
Read moreAs we’ve talked with more and more of our clients about their digital transformations, it has become clear that security is a key facilitator for successful transformation. For example, if an organization churns out a series of new cloud-hosted mobile applications that permit users to more effectively interact with the company, the initiative can backfire […]
Read moreAs today’s digitally connected ecosystem continues to evolve, adapt and innovate, there has been a consistent, underlying theme across the landscape – teams are struggling to balance their increasing workloads with the limited resources at their disposal. As a result, it is becoming more difficult for Security, IT and DevOps teams to accomplish their goals, […]
Read moreCryptojacking has recently erupted onto the cybercrime scene, thanks to the surge in value in 2017 of cryptocurrencies such as Bitcoin, Monero, and Ethereum. Crooks are aggressively targeting laptops, desktops, servers, and even mobile devices. From a single device to entire networks, they infect as many devices as they can to mine for cryptocurrency on, […]
Read moreThe concept of the Internet of Things (IoT) truly represents a radical shift in how companies will operate, governments will govern, and individuals will live their lives. Microcomputetechnologies and autonomous systems will permeate our day-to-day activities. They will introduce opportunities for simplification, optimization and accuracy, and they will threaten to distribute cyber threats into the deepest […]
Read moreEnterprises today face pressure to improve security posture while also satisfying growing compliance requirements. These organizations are looking for ways to both unify their controls to measure and achieve multiple compliance requirements, and ways to assess them on a continuous basis for effective reporting and risk-based decisions. Mark will offer insights on how companies can focus their efforts, […]
Read moreArtificial Intelligence(AI) is impacting our world in previously unimaginable ways. But how does it really work? If you are looking for the real deal about this industry buzzword, this is the talk for you. We will cover the history of this incredibly innovative technology, what it is and what it is not, the steps required […]
Read moreAs the extraction of value from data becomes more critical to a company’s success, organizations are trying to stay ahead of the data deluge. Unfortunately, data technologies often have security bolted on, not baked into the DNA, leaving far too many doors open to compromise. This session will cover the challenges of big data and […]
Read moreEndpoint security is one of the most important aspects of a defence in depth strategy. It is critical to businesses because code execution on servers and workstations is one of the key ways to obtain an initial foothold within a corporate environment. The ability to prevent, detect, and respond to incidents within your environment in […]
Read moreThere is no one Golden Rule when it comes to email encryption. Every enterprise is unique. It’s vital to ensure email encryption is tailored for and tightly integrated to your Cybersecurity strategy. Join Echoworx VP of Operations, Alex Loo, to understand: Key components of an email encryption strategy. Benefits of leveraging encryption in the cloud. […]
Read moreFor a long time now, it has been widely known that a proactive cybersecurity plan is not good enough, you must have a reactive plan as well. It is not good enough to simply mitigate a cyber breach, you need to be ready to react to one as well. However, in the very near future […]
Read moreAs more and more organizations undertake digital transformation they become increasingly dependent on their online presence. This exposes their business to cyber-attacks that target the growing number of vulnerabilities in web services software stacks, which require the organizations to evolve their current cyber defense approach and stretch their resources. Navigating digital transformation securely can feel […]
Read moreOn the eve of quantum computing, the definitive need for crypto-agility is greater than ever. The ability to locate, manage, and securely update digital certificates on a network or on a device seems like a simple task, yet with the advent of new Enterprise use cases and flourishing IoT device introductions, management at massive scale […]
Read moreThe security threat landscape is constantly in flux as attackers evolve their skills and tactics. Cisco’s Talos team specializes in early-warning intelligence and threat analysis necessary to help secure networks in today’s volatile threat landscape. In this talk, Earl will analyze how the threat landscape has evolved over the last year or so by looking […]
Read moreHow can a good offense be a great defense? The concept of Hack-Back is extremely controversial and at first glance seems unsuited to the corporate world. However, in this session we will look at strategies and technologies you can use to actively defend your organization. Learn how create an active defense by using the attacker’s […]
Read moreTaking advantage of user provided intelligence improves your organization’s ability to recognize, report and respond to active phishing threats and keeps you ‘Left of Breach’ on the cyber kill chain. Through development of anti-phishing program best practices, the use of active threat intelligence and trend analysis, this presentation will show you how to improve your […]
Read moreCIPPIC, the Samuelson-Glushko Canadian Internet Policy & Public Interest Clinic, is Canada’s only public interest technology law clinic. CIPPIC is unique in Canada, bringing together a team of expert legal professionals and students to advocate for the public interest in policy debates arising from the intersection of law and technology. Defense of privacy rights and […]
Read moreDespite billions spent on security technology each year, it seems little progress has been made to reclaim the advantage from attackers. Modest reconnaissance by a malicious actor often results in a better understanding of an environment than the defenders who own and operate it. At the heart of the problem lies one simple truth: know […]
Read moreOrganizations are increasingly moving workloads to hosted Infrastructure-as-a-Service (IaaS) environments. In many cases, they are extending their data centers across one or more IaaS providers, creating hybrid cloud environments. This session will explore best practices for extending data centers to hosted environments, and review how to secure privileged access to hosted infrastructure and virtual machines […]
Read moreAs attacks have become more sophisticated and continue to evolve, static technologies can’t keep up. Siloed solutions fragment your defenses. It takes power and precision to stop attacks. Join this session where we will explore; Do you have an intelligent, orchestrated and automated approach to prevent, detect and respond to threats? How did GFL Environmental […]
Read moreEmployee suspicious access, behavior abuse, and exfiltration of confidential data could all be a result of Insider Threat. We need a new innovative way of thinking about security as rule, pattern and signature-based solutions are evaded easily. Learn how user & entity behavior analytics (UEBA) and Identity Analytics (IdA) leveraging the context of open choice […]
Read moreContinuous Deployment and Cloud applications offer new opportunities in cyber security in allowing flexibility and rapid reaction to the ever-changing demands to protect cyber assets. However, new technologies also offer new possibilities and require new approaches in evaluating and improving the security posture for software applications as well as the infrastructure. This talk will explore […]
Read moreConnected devices provide a way for businesses to improve their operations and to provide enhanced services to customers. They also can introduce significant security risks, as many devices that are now being connected were not designed with security in mind. The fundamentals of the old adage of “garbage in, garbage out” are critical for IoT […]
Read moreCompressed timelines, skill gaps, staff shortages, and an endless sea of new security technology options challenge organizations to keep pace with rapidly advancing threats. It’s easy for technology leaders to fall into the trap of spending their entire budget on bigger firewalls and trendy new endpoint solutions, while ignoring the simple things. Sometimes the best […]
Read morePeople are not computers. This seems like an obvious statement, but many of our security controls treat people as though they are neat streams of code. This can cause problems when it comes to insider threat programs. If we approach insider threat analysis as a black and white then we risk more than wasted time […]
Read moreAs adversaries develop ways to make money through cybercrime and the number of attackers and suppliers of cybercrime tools are growing, organizations are finding it more difficult to protect themselves. This environment increasingly resembles an organism under attack from countless viruses, bacteria, parasites and toxic substances. To effectively defend against these threats, we can use […]
Read moreWhile IT departments constantly battle against a tsunami of ever-increasing volumes of annual vulnerability disclosures, lack of visibility into the attacker’s perspective means that they retain an advantage, and still continue to breach organizations, causing massive damages to business. In this presentation, we will discuss a year-long study of vulnerability attributes, exploits and attack trends […]
Read moreYou walk into a meeting and the person you are about to talk to informs you that they will be video and audio recording everything. Would that change what you might say or do? What if we told you that your mobile device could be doing that, or worse, to you already? Visit this session […]
Read moreAs cyber criminals grow more aggressive, organizations are installing new security tools to protect themselves against threats. In fact, the average enterprise runs 508 applications and allows 89 different vendors to access their network each week. (Source Bomgar.com and Forbes.com) You likely manage dozens of security tools across your organization– from firewalls to authentication software. […]
Read moreResponding to security incidents is mostly firefighting -too much noise, not enough signal, and not enough analysts to work incidents when the signal is found. There is a direct link between the time to detection and volume of data stolen. Leveraging automation and orchestration in the investigation and response process is the key for finding […]
Read moreThe State of the Phish and Response is a look into many of the prevalent phishing campaigns that leverage ransomware, fileless malware, and tactics that bypass technology. Contrary to what some may still believe, attackers don’t rely on executables and other extensions typically restricted. What are attackers doing and what works in their campaigns? Additionally, […]
Read moreIt’s a universal truth acknowledged that IT and security teams have too much to do, and never enough resources to do it. Traditionally, there are tactical tasks that security organizations own, but invest far too many resources in: alert triage, managing vulnerabilities, and more. These tasks lead to alert fatigue, but worse, they suck up […]
Read moreUnderstanding the mechanics of malware attacks is critical for remediation and for preventing similar attempts in the future. Malware analysis can provide valuable insights into the adversaries goals, especially when they are targeted. While cloud based malware analysis tools exist, they are largely inflexible. An in-house lab environment can offer more customization, automation and enhanced […]
Read moreDespite all of the advances in technology, we still aren’t doing a good enough job in basic house-keeping, The result is avoidable breaches and network compromises, we read about them daily. Leveraging best practices but not actually implementing formal processes and solutions isn’t cutting it any longer, as more and more companies who think they […]
Read more“Infrastructure” is software in the era of Cloud; you should consider the software design choices as they impact not only the application structure, but also security in the Cloud. The convergence of the AppDev team and the security team allows for securing the cloud throughout the process without impacting agility. Bringing security in at the […]
Read moreRapidly evolving technology and business channels have resulted in the cyber landscape becoming a core tool for criminals conducting all facets of financial crime. Modern day criminals seek to steal information and commit various types of conventional fraud with coordinated efforts that increasingly leverage cyber technologies. Industries coping with compliance and/or processing financial transactions are […]
Read moreRansomware got “very real” this year with nearly every day delivering news of not just more localized attacks but of sweeping compromises, bringing entire organizations to a sudden halt. Organizations are demanding a comprehensive response and IT teams are struggling to deliver defenses that are effective but don’t cripple their productivity. With a focus on […]
Read moreJoin James Arlen and co. as they reflect on their careers and discuss the challenges (and failures) of being an InfoSec professional.
Read moreAs the security industry has continued to under invest in the human element of security, phishing has become the top attack vector for cyber criminals. Breaches continue to occur in record numbers, identification takes an exorbitantly long time, and the most preferred target is an organization’s people. Effective phishing defense and incident response involves empowering […]
Read moreThis session will detail the evolution of ransomware, its methods of infection, and ways an organization can help protect itself and avoid having to pay a ransom. Hear from a Trustwave SpiderLabs forensic expert analyze a ransomware infection and its actions on a compromised system. Ransomware requires that we reassess our access control, intrusion detection, […]
Read moreIt’s challenging to build out your Incident Detection & Response program when you’re wading in alerts and expected to cover cloud services, contractors, and remote workers, as well as your core infrastructure. In this session, Eric Sun will cover best practices from Rapid7’s Incident Response and Penetration Testing teams, and share the top gaps in […]
Read moreLooking at the assumptions underlying threat analysis tools in general, this session will examine how network virtualization, micro-segmentation and automation of policies are improving fundamental security properties such as context, visibility and threat containment, improving significantly the efficiency of these tools We will first look at the assumptions underlying threat modeling in general, the biggest […]
Read more