Interest in Cloud Computing continues to gain traction in Canada as evidenced by both Microsoft Azure and Amazon AWS opening Canadian based datacenters in 2016. Trend Micro is helping deliver security controls in these environments by enabling automated deployment, management and reporting through standard devop configuration management tools such as CHEF, Puppet and Ansible. Join […]
Read moreIn this session, Thales e-Security will discuss the global use of encryption – from backups to big data, from the data center to the cloud, and much more. Focusing on an independent research study conducted by the Ponemon Institute on behalf of Thales e-Security, we will address features of encryption solutions users find the most valuable […]
Read moreFrom rootkits to ransomware, old school security tools and strategies can’t keep pace with today’s advanced attacks. To be effective, you need to thwart the attack methods of advance persistent threats, leverage next-generation endpoint and network security intelligence to detect and isolate attacks, and address critical alerts with contextual security intelligence. Join us to learn […]
Read moreIT departments are expected to protect their organizations from existing vulnerabilities and from the thousands of new ones disclosed every year. Unfortunately, when it comes to vulnerability remediation, many organizations face an excess of cyber-threats and a shortage of infosec professionals. To weather this storm, IT departments must prioritize remediation, so that they can promptly […]
Read moreRansomware is a family of malware that ranks as one of the most dangerous of modern times. It is not a matter of how you will be infected, but a matter of when. In this presentation, we will look at some of the ransomwares in the wild and how they propagate and infect machines. We […]
Read moreRansomware has become a global plague costing organizations billions worldwide. It has moved from a single user-infection model to a network-wide infection model, recently bringing many sophisticated organizations to their knees. In the first half of this interactive discussion we will dive deep into the ransomware attack chain, examining how attackers leverage blind spots in […]
Read moreThe unprecedented power of cloud applications has opened up amazing new possibilities for IT organizations, lines-of-business, and users to empower work needs. Whether sanctioned or not, these cloud applications can have a dark side. The rapid pace of adoption has left most security and compliance teams behind. Users, devices and data are now interacting with a variety of […]
Read moreIt seems that every day another company is breached, and a new standard or framework is proposed to help us handle this cybersecurity crisis. What most companies realize, although the regulators don’t seem to, is that we’re already overwhelmed performing our day-to-day tasks; adding these additional compliance activities onto our workload simply doesn’t work, at least […]
Read moreWe surveyed 654 IT and IT security practitioners in Canada to answer the following questions: Do organizations feel more or less prepared to deal with attacks than last year? How have cyber attacks targeting Canadian organizations changed in the past year? What is the average cost of cyber attacks for Canadian organizations? What cyber security […]
Read moreOptiv research has identified that one of the key challenges to Cyber Threat Intelligence providing impact is that the term “threat intelligence” has become heavily diluted and attached to a very diverse array of products, services and capabilities which are not easily adopted across the various enterprise security use cases. Our experience has shown that […]
Read moreThe solution workflow of today’s Security Operations Center (SOC) can be described as a “Security Frankenstein”—where each “limb” is a disparate solution that has been cobbled together in hopes of “orchestrating” the steps in the security kill chain. The result is an ineffective, costly, and cumbersome approach to the security workflow that increases risk and […]
Read moreToday, businesses and data security leaders are looking for ways to better anticipate and even predict threats before they happen. Companies have a huge amount of data to process and very little time to do it, and new forms of targeted attacks have evolved. These new threats require new thinking, and that’s where the latest […]
Read moreProtecting yourself from a cyberattack is no longer about technology. While technology is inherently important to any cybersecurity solution, it’s only one piece of the puzzle. And more often than not, the other two pieces are overlooked: people and process. Before adopting the next security technology trend, it’s important to understand what you’re trying to […]
Read moreOne of the most challenging threats to mitigate is the “trusted employee”. They have a position on the inside of your network, they have ownership of a trusted computer and they have basic knowledge of the information assets available. This presentation uses data from our penetration testing team to describe the specific techniques any employee […]
Read moreYou probably have an IT budget which includes security to some extent. You realize security is important but just don’t have the amount of people that you need to handle the influx of new exploits as well as manage day to day operations. Learning from others is always a good practice, however with most companies, […]
Read moreSecurity teams, both in the enterprise and at cloud service providers, spend untold resources attempting to keep cyber criminals from infiltrating mission-critical data systems. However, survey data from Cloud Security Alliance (CSA) shows that attacks from malicious insiders are 4 times more common than Security realizes – likely because they are so hard to detect. […]
Read moreIn today’s threat landscape, many corporate users are being compromised by exploit kits and phishing campaigns. These offensive techniques are successful because they target outdated software and unsuspecting users. There are tools and configuration options to help prevent the execution of malicious binaries, the exploitation of web browsers, and the third party applications that are […]
Read moreOver the past couple of years, malware naming from Major AV companies has been collapsing into more generic signatures. Although this may speed up detection and maintenance for AV companies, it can impact small teams which use AV detections as one of the indicators to quantify events during malware triage. This talk will cover a […]
Read moreCybercrime makes victims of all who are targeted. In today’s thriving hyper-connected, global marketplace threat actors ruthlessly find IT gateways and disconnected system-doorways to crawl through, rendering enterprises sitting ducks looking over their shoulder and bracing for an inevitable attack. Well, what if you could flip the script? What if your enterprise could hunt for […]
Read moreThe past twelve months have seen an unprecedented number of vulnerabilities that strike at the core of the technologies that run our networks. This session will provide detailed demos of each of the major vulnerabilities released this year and discuss the impact for organizations. Attendees will hear from Brad Antoniewicz, Head of Research & Development […]
Read moreToday, the topic of cyber-security has moved from IT and the datacenter to the highest levels of the boardroom. Attacks and threats have grown substantially more sophisticated in frequency and severity. Attackers reside within a network an average of eight months before they are even detected. In the vast majority of attacks, they compromise user […]
Read moreMore than 7000 new and unique vulnerabilities will be disclosed this year. CSOs, CISOs and security professionals in IT are expected to keep their organizations safe not only from these new flaws but also from a ton of older security issues. An effective way to prioritize and mitigate the most relevant issues is by analyzing […]
Read moreThe ring architecture of modern CPUs arose from the need to protect the OS kernel from malicious or buggy applications. Unfortunately today’s OSes use only two of the four rings of the x86 architecture – and today’s security challenges are the result. The complexity and large attack surface of a modern OS, together with trends […]
Read moreUnfortunately, it’s a foregone conclusion that no organization is 100% safe from a breach. With 49% of security leaders believing zero day attacks against their network will be the most prevalent over the next three years and 65% saying attacks have evaded current preventative security controls, it’s all about mitigating risk and the potential impact […]
Read moreIdentity and access management (IAM) projects are traditionally some of the most important (and most difficult) security activities that organizations must undertake. We hear of companies in the fifth year of their two-year IAM project, millions of dollars over budget and there is no end in sight. It’s a common occurrence. But it doesn’t have […]
Read moreWhen it comes to endpoint security, it has been said that the best way to keep an infected device from causing damage to the broader network is to keep it turned off once it is compromised. While this method of quarantining an endpoint may be a quick fix, for obvious reasons it is not very […]
Read moreIn this session we will demonstrate how to achieve continuous monitoring and mitigation capabilities that better leverage your infrastructure investments and optimize your IT resources. Most companies have deployed a number of technologies that make up the SANS Top 20, but the challenge is how to ensure these technologies integrate to provide the layers of […]
Read moreThis presentation will cover distinct advantages of Incident Response by working closely with Penetration Testers to provide a more holistic view of the threats to your network. We will also further explore how a breach like this happens.
Read moreHundreds of millions of Android devices are at risk of being hijacked by a new and previously unknown threat. Certifi-gate is a set of vulnerabilities in the authorization methods between mobile Remote Support Tool (mRST) apps and system-level plugs used by virtually every Android device maker and network service provider. Exploitation gives malicious apps unrestricted […]
Read moreIn this presentation, Dave will walk the attendees through the challenges facing most companies around dealing with vulnerabilities in their environments. Many companies are running tools or having scans performed against their network, and are being presented with a sea of information on discovered vulnerabilities along with information on how to address them. But most […]
Read moreToday’s advanced malware hides in plain sight, patiently waiting to strike, challenging security teams to track its progress across their network and endpoints. As attacks are gaining speed and sophistication, the security industry is by delivering advanced big data analytics—analyzing data about data to block breach attempts, improve security everywhere, and retroactively respond to new […]
Read moreAccording to Verizon’s 2015 Data Breach Investigations Report, one of the leading causes of data breaches over the past two years has been vulnerable applications. Yet, analytics collected by Veracode from more than 200,000 application risk assessments over the last 18 months found a wide disparity in how the problem is addressed across industries. In […]
Read moreIs it possible to be successful in a vulnerability centric world? Once you have great vulnerability management data, what do you do with it? Join this session to learn how to find and focus on your true vulnerabilities to build stronger security. You will: Learn how to optimize your vulnerability management program Get best practices […]
Read moreEvery business needs to monitor their systems. As a combined view of all network activity, a SIEM can be a powerful tool when managed properly. However, deciding whether to manage network security in-house or off-loading your data to a third party can be a difficult decision. Discover the costs and benefits of in-house vs third-party […]
Read moreMobile platforms have taken the world by storm. Smart phones and tablets, connected watches, thermostats, light fixtures and alarm systems, connected cars, even remote control drones – whether it’s our clients, customers, or employees – everyone’s got them. And they are going to use them. What this means for those of us who work in […]
Read moreSecurity of corporate resources has never been as important as it is in todays mobile first cloud first world. The proliferation of remote access, mobile access and various cloud storage solutions, among other things, has led to the erosion of the classic enterprise security moat. We need to look at security under the context of […]
Read moreWe cannot afford to wait for the adversary to make their move first, nor can we hide from them. To better understand, we will spotlight the popular attack techniques of 2014 – including vulnerable attack avenues, darknets and botnets. The most active and proven attack techniques of 2014 will be examined, derived from Fortinet threat […]
Read moreIt seems like it was only yesterday that security was focused almost exclusively on preventative mechanisms as though we’re still facing the same self-replicating viruses from 15 years ago. Overnight it seems, organizations recognize that modern threats like information stealers, botnets, and targeted attacks regularly bypass preventative measures. As a result, great investments are being […]
Read moreCredit card payment processing and point-of-sale (POS) systems are like a black box for most people without knowledge of its internal working. Recent data breaches of thousands of credit cards have shown that determined attackers have mastered ways to steal old fashioned magnetic stripe cards and are now targeting EMV card data (chip-and-PIN, chip-and-signature, chip-and-choice). […]
Read moreWe’re all aware that the cyber threat landscape continues to shift and evolve at a staggering pace. Attacks are becoming more sophisticated and let’s face it – the notion that signatures are dead is an exaggeration. Cyber security is continuing to shift too, as industry experts begin to prescribe continuous monitoring over incident response. Recognizing […]
Read moreAs security organizations have come to value the impact of programs designed to change employee behavior, we have continued to largely ignore the humanity of the attacker. In this presentation Aaron Higbee will examine how the attackers are obsessively focused on the technology involved in phishing attacks, but are lacking some of the human skills […]
Read moreThe web continues to be a constant threat for most users. The security industry has become very good at detecting Java, Flash, and PDF exploits over the last few years, now attackers are seeking new vectors. In this talk we will examine the growing trend in Silverlight exploitation Talos has observed over the last several […]
Read moreScalar Decisions was recently awarded the bid to become the Official Supplier of Information Security to the TO2015 Pan Am and Parapan American Games. Scalar is responsible for providing security services, data centre integration and managed storage services. This extensive project has taken place within a very limited time span, and for a very fluid […]
Read moreBusinesses have a long way to go in protecting their applications but even farther to go in securing those applications’ rear end—databases. While insecure applications provide a conduit for attack, the confidential data sought by thieves resides in the database. To illustrate why databases deserve the same security scrutiny as their more visible application front […]
Read moreNo one in the Security Industry wants to talk compliance and most of us think of it as a burden. Since almost all organizations today have to comply with some regulations, it has become important for us to discuss. The session will explore how compliance and network security are tied together and by simply improving […]
Read moreAdversaries today are technically advanced, structured around an underground governed by market forces, and using paradigm shifts in technology to compromise more victims. Through specialization and collaboration, attackers are becoming more effective and continue to cause widespread damage, even as systems become more secure. However, recent advances in technology provide the foundation for a new […]
Read moreDespite the continued success by attackers to brute-force accounts, phish credentials, and otherwise impact the online security of consumers, a large portion of the sites and services consumers utilize still don’t take authentication security seriously enough. This presentation will review recent research into the state of end-user-facing authentication security as it relates to strong authentication, […]
Read moreSession 1: The Evolving Adversary Calls for a New Way to Look at Endpoint Security An organization’s employees are a threat actor’s most desirable and easily exploited target, ultimately gaining access to your entire network. Visibility into the by-products from keystrokes, contextualized with intelligence, is critical to pinpoint exactly where you are compromised and who […]
Read moreThe concept of defense in depth has attracted a lot of attention over the past decade. Several organizations have invested heavily in a broad collection of technologies in an effort to better secure their information. The objective of defense in depth is to use complementary technologies to cover the gaps and limitations of each other […]
Read moreAre you prepared for the next attack targeting your organization? Multi-faceted, persistent threats continue to increase and evolve, evading traditional stand-alone security technologies and forcing a critical need for an integrated, multi-dimensional approach. Today’s targeted attacks require the ability to disrupt the attack lifecycle in order to prevent further compromise. This session will discuss the […]
Read more