Seminars:

A series of thirty minute seminars running at 11:25am, 12:00am and 13:30pm of the event will allow delegates to understand complex areas of specific interest.

11:25
The Threat Landscape has changed, have we?

Dale Tonge

The threat landscape is an ever evolving beast and the sheer volume of malware we now see on a daily basis has exploded to unprecedented levels. From un-skilled technical n00bs to full time hackers who are becoming smarter, stronger and more sophisticated adversaries, we’re constantly under attack. In this session we will cover the evolution of malware alongside the key priorities to consider for your security strategy moving forward, to ensure that as your networks, the devices you support and the threat landscape evolves, you limit the risk of your organization becoming the next front page news.

 

11:25
Identity and security - learning from data

Charl van der Walt

“He who knows others is wise; he who knows himself is enlightened.”

― Lao Tzu

Ensuring Confidentiality, Integrity and Availability is the core purpose the Information Security. All of these depend in one way or another on establishing and confirming the identity of a person that could be anywhere on any computer, in the world and often needs immediate access to dozens of systems containing sensitive and valuable information. In today’s most prevalent paradigms identity is confirmed by means of a password, and in most cases identities and passwords are managed using Microsoft’s Active Directory platform. In this presentation we describe and analyse data we collected from millions of cracked passwords obtained during attack and penetration tests performed against dozens of corporate customers world-wide. We use this data to examine how relevant passwords and corporate password policies are in light of contemporary attack methodologies and consider what that means for the future of corporate IT security.

12:00
Managing the Modern Attack Surface with Predictive Prioritization

Grant Bailey

The network is unrecognizable as cloud, containers, custom web apps, IoT and OT all warp the perimeter. Unsurprising then, that security continues to struggle with measuring and managing the modern attack surface. In 2018, there were 16,500 new vulnerabilities disclosed. The Tenable data science team estimates that only 3% of these vulnerabilities actually will be exploited. Even if you know it’s flawed, finding and fixing issues is easier said than done, especially as GDPR fines threaten to eradicate profit margins. This session will help explain how, by taking a predictive and threat-based approach to vulnerability remediation, organizations can expect a 97% reduction in the number of critical and high vulnerabilities they need to patch, focusing on the issues that matter most to their organization and improving the efficiency of scarce security personnel and budget resources. Focus on what matters most and reduce your cyber exposure gap.

12:00
When robots strike – The hidden dangers of business logic attacks

James Maude

When organisations consider how to protect their web applications from attacks, they often focus on security scans and pen tests to identify technical security flaws. While this is absolutely correct, there is another risk that often remains undetected until it is too late: business logic attacks.

These attacks use legitimate application functionality, built to enable your customers to use your product or service, to bypass traditional defences and test stolen credentials, steal data and commit fraud. As we look to the future of cyber, one key trend is the rising levels of automation in online attacks, with malicious visitors looking increasingly like real users as they target and abuse an organisation’s unique business logic.

This presentation highlights some of the key challenges businesses face in protecting against this evolving threat and how they approach the associated risks.

13:30
Are Open Source Software Developers Security’s New Front Line?

Nick Coombs

Bad actors have recognised the power of open source and are now beginning to create their own attack opportunities. This new form of assault, where OSS project credentials are compromised and malicious code is intentionally injected into open source libraries, allows hackers to poison the well.  In this session, Nick Coombs, International VP at Sonatype, will explain how both security and developers must work together to stop this trend. Or, risk losing the entire open source ecosystem.

Analyse, and detail, the events leading to today’s “all-out” attack on the OSS industry
Define what the future of open source looks like in today’s new normal 
Outline how developers can step into the role of security, to protect themselves, and the millions of people depending on them

13:30
Simplifying Digital Transformation: How CASB can help reduce the causes of slow cloud adoption

Dave Barnett

Dave will share the lessons he has learned from over 70 customer implementations of CASB technology – the good, the bad and the downright ugly. Learn about the main blockers to painless cloud adoption in a digital transformation journey and some of Dave’s best practices to avoid the main causes that slow down the use of cloud, such as over-sharing through the use of file sharing and collaboration tools and how to protect Administrators from becoming compromised. Finally, Dave will look at sophisticated anomaly detection to protect your most popular cloud applications such as O365, Box and Salesforce from attack. The workshop will involve real-world customer use cases and the odd demo or two – plenty of useful content for you to digest.

 

Supported by: