Social Network For Security Executives: Network, Learn & Collaborate
Keynote Turbo Talks
Protecting SCADA environments
Daniel Lakier, CTO & President at SeeGee Technologies
This talk will take you through the fundamentals followed by the advanced levels of SCADA. What is SCADA, Why do we need to care, What are the Risks & Challenges,Operational Practical ( IT challenges), Why the traditional answer isn't enough. According to Daniel, The best answer today is Stealth Networking and next generation two factor authentication.
Network Machine Learning and the Security Industry: Past, Present, And Future
Bob (Robert H) Klein, Black Hat 2015 Speaker
Machine learning is an exciting new technology that is seeing widespread use in many industries, and IT Security is no exception. However, the term “machine learning” is very broad, and its meaning can vary significantly depending on the security application context (insider threat detection vs. malware detection, for example). In this talk, we explore how a variety of machine learning technologies can be used across many different security applications, and we discuss how these technologies will continue to evolve over time.
Lessons learnt from recent Cyber-attacks on SAP systems
This talk will take you through the past attacks on SAP systems in history and 10 lessons learnt from it.
Since for a long time, almost no real attacks on SAP and Oracle ERP systems were known to the public, it gave CISOs a false sense of security. While the number of breaches in less critical applications was increasing rapidly, and so was the awareness, only a small group of professionals were aware of attacks on business applications. The most popular example of such fraud was to create a fake vendor and a payment order for this vendor and then to approve it. According to the Association of Certified Fraud Examiners, losses from internal fraud constitute 7% of profit on average. To prevent those types of attacks, the segregation of duties concept was created. ERP security isn’t limited to SoD. The issue of unauthorized access to system and user accounts via vulnerabilities now matters. Moreover, the increasing number of SAP vulnerabilities in ERP systems (from 100 in 2007 to 3500 in 2015 only in SAP) makes these issues more critical than ever. But what’s more important, in 2012 we saw a first sight of cyber-attack via SAP Vulnerabilities. Our predictions proved accurate and by now we have witnessed a number of examples from Anonymous attacks on Greek Ministry of Finance via SAP to the attest breach of US Investigation Services (a largest subcontractor of OPM) that led to company’s bankruptcy. In this talk, take a look at the history of ERP attacks and learn 10 lessons how to avoid them.
Building Immune Systems For Our Enterprises: Detecting Emerging Threats in real Time
Dave Palmer, Director of Technology, Darktrace
This talk will take you through a new perspective to realize how the math evolves to detect and emerge from the threats. Learn the algorithms behind, statistics, probability, the techniques, its evolution and how it can create the immune system for your organization.
United Nation's program to help developing nations in IT Security
Paul Raines - CISO, United Nations Development Programme
Cybersecurity assistance for developing nations. This talk will highlight a new initiative within the United Nations Development Programme (UNDP) to provide cybersecurity assistance to the governments of developing nations to help protect their critical national infrastructure and digital economies. UNDP uses its own experienced, award winning cybersecurity team instead of hiring expensive, outside consultants. Thus, UNDP can deliver services to its clients at less cost, less overhead and with the hands-on experience of a team of world recognised experts. The services to be provided include cybersecurity training, risk assessment, incident response training and exercises, training in business continuity/disaster recovery and preparation for ISO 27001 certification.
Forensics & Incident Response Essentials
This workshop session will help you to peek into the fundamentals of Incident Response, Incident Response Stages: Preparation, Identification, Containment, Eradication, Recovery & Memory Forensics in Incident Response. This can be attended as hands on 2 day training. To know more Click here
Network Forensic Tools & Techniques
This talk will explore an Introduction to network forensics, The Basic protocol analysis, Forensic analysis network/web/malware, Basic packet analysis challenges. This can be attended as hands on 2 day training. To know more Click here
Application Security Workshop - IAST, RASP, Real Time Polymorphism
Nilanjan De & Jitendra Chauhan
This talk will explore Understanding IAST/RASP,Realtime Polymorphism.
Some areas covered under IAST/RASP would be Web Security Evolution, Marketing view of RASP and IAST, Science Behind RASP and IAST, Way Forward.
Some areas covered under Realtime Polymorphism would be Polymorphism, Automated attacks, Threat model and attack vectors, Reference Polymorphism, Field Polymorphism., advantages, Limitations.
A brief demonstration and behavior of the technologies will leave you awed, a much appreciated session in the past.
Threat Intelligence Workshop
This talk will explore the Key components i.e. (People, Process and Technology), Threat Intelligence Maturity model, Threat Collection & Analysis eg. OSINT, Integrating Actionable Intelligence,Technology and Vendor Landscape. Find frameworks and checklists to build on for your next threat intelligence project!
This talk will explore the legalities you need to know, the key priorities and things to keep in mind. Explore with some common mistakes and get info on the go to resources!
Cloud Access Security Brokers Workshop
This talk will explore the Technology Taxonomy for Cloud Security, Key components of cloud security architecture, Blue print to build your cloud security program & Basics of Cloud Security Access Brokers. Find frameworks and checklists to build on for your next CASB implementation project!
Security Analytics and SOC up-gradation workshop
This talk will explore from fundamentals to advanced of Security Analytics from how to use it to its requirement in your organization. For a recent implementation, this can garner you some tips and also some good connect to useful resource.
This talk will explore from fundamentals to advanced of DDOS from how to use it to its requirement in your organization. For a recent implementation, this can garner you some tips and also some good connect to useful resource.
Security Metrics and Dashboard Workshop
This talk will explore the Challenges & Gaps, Board Meeting Goals, Metrics-Measuring Security, Dashboard-Calculate & Show $ Lost, Measures- What If Breached?, Tools for Benchmarking your organization’s security, How to Involve The Board & Educate Them. Access Basic Template Find frameworks and checklists to build on for your next threat intelligence project!
Identity & Access Management Workshop
This talk will explore the Challenges & Gaps, Fundamentals, PIM as an aspect of IAM, Tools and techniques, taxonomy and vendor mapping for IAM, Need assessment and evaluation checklists. Access Basic Template Find frameworks and checklists to build on for your next threat intelligence project!
IT GRC Workshop
This talk will explore Key Components and Architecture for GRC, How to Jumpstart your GRC program with freely available tools and content,Overview of Free Tools that you can use today, Complete Vendor and Technology Taxonomy, Customer Satisfaction based Rating of vendors along with Analysts opinion, Checklist to evaluate a GRC Vendor, CISOs who implemented GRC to share their real life experiences. Find frameworks and checklists to build on for your next CASB implementation project!
Security Architecture Workshop
Arnab Chakraborty & Bikash Barai
This talk will explore various challenges, techniques and fundamentals for implementing a secure architecture. Learn it from scratch and find some ready made, go to material. Find frameworks and checklists to build on for your next threat intelligence project!
Successful Implementation of Incident Response Program
Building Security Dashboard and Metrics for Your Enterprise
Building Security Maturity Model for Banks
Successful Implementation of SIEM Program
Successful Implementation of IT GRC Program
Successful Implementation of IAM Program