Companies heavily invested in advanced security solutions continue to be compromised, with breaches going undetected for months. Yet, despite this, indicators of the compromise are readily visible for those who take the trouble to watch. This session will highlight what to look for and how to monitor for early indicators of a security breach proactively rather than reactively when someone taps you on the shoulder.
As a security professional, you've chosen one of the fastest-growing and potentially lucrative careers in any industry today. You're living in a negative-unemployment market where many organizations may be competing for your services. How can you take advantage of those opportunities? In this session, top experts will discuss ways to advance your career: how to build your resume, how to approach training and certification, and when to look for a new position. You'll get insight on how companies hire security professionals, how to approach job opportunities and interviews, and how to increase your salary in the future.
In 2015 IBM Security researchers have identified significant shifts in the type of credentials cybercriminals are targeting. With a focus on PII and healthcare data cybercriminals started offering new identity services and user friendly "fullz" shops. During this session we will analyze these changes, look at how they affected the price of different credentials in the underground and take a tour of some of the leading dark net shops offering these goods.
It's estimated that by 2020, there will be 25 billion Internet of Things (IoT) devices - inside public infrastructure, homes, cars, and human bodies - and all vulnerable to online attack. Attackers and penetration testers have only begun to discover these vulnerabilities, and create new exploits that take advantage of them. This panel will give attendees a rundown of the latest IoT vulnerabilities, from cars to security cameras, and their potential implications for future attacks. Experts will discuss the targets that might be struck hardest, the implications of those attacks, and what security teams can do to protect their enterprises.
Today's attackers and exploits are more prolific and more sophisticated than ever. How are enterprise security professionals holding up? In this session, the editors of Dark Reading will join with other industry experts to provide insight on the state of security departments across the globe. Among the data that will be discussed are two new surveys that outline current attitudes and plans of security pros: The Black Hat Attendee Survey and the Dark Reading Strategic Security Survey. These surveys discuss the top challenges faced by the enterprise security department, its buying and budgeting plans, and enterprise experiences in handling breaches and incident response.
Security is never gauged according to the threat landscape. According to the (ISC)² 2015 Global Information Security Workforce Study, the top one technology that the global respondents think that will significantly improve security is 'Network monitoring and intelligence'. The continuous monitoring in place can keep us, practitioners, sleep well at night. However, the biggest risk an organization faces is not technology but complacency. When we rely on log and device from the monitoring system, we are looking at retrospective data but not forward looking. Any organization can be a victim without being the target. Do we have full visibility on our security posture? INsecurity provides a more meaningful measurement of impact.
When it comes to attack vectors, today's attackers have a wide range of choices. From network/infrastructure exploits to application vulnerabilities to mobile devices and embedded systems, there are many methods for approaching a target enterprise but which will work best? In this panel session, leading experts in the various attack vectors will join to discuss the advantages and disadvantages of choosing a particular vector and how attackers find the one that is most effective for a specific target. You'll get a look at some of the latest thinking about network exploits, mobile exploits, and infrastructure attacks, all provided in a way that helps you select the most effective methods for your penetration tests.
It has long been held that NAT at edge routers is a hack to provision IPv4, and we would not see something in IPv6. However, for enterprise deployment, there are benefits to deploying translation between the LAN and the ISP(s). We look at some advantages and disadvantages of this approach, and the implications for scanning and security.
In August 2015, RSA Research went public at Black Hat USA with its report "Terracotta VPN: Enabler of Advanced threat Anonymity." Following additional exposure at other security conferences, RSA Research latest update on Terracotta VPN will reveal details of Terracotta's current state and how Terracotta VPN is still being used.
LogRhythm will discuss the business problems surrounding the new and evolved ransomware threat, and give you a technical overview of how these schemes function and how they can be spotted and responded to early enough in the threat lifecycle to severely limit the potential damage. We will also share a framework to help you better protect your organization in the face of this looming menace.
This session will cover:
* Early indicators of Ransomware
* Automated defenses to thwart the attack
* Steps that must be followed (with robotic precision) to make a molehill out of the possible mountain
Named Technology Pioneer by The World Economic Forum 2015, Darktrace is one of the world's leading cyber threat defence companies. Its Enterprise Immune System technology detects previously unidentified threats in real time, powered by machine learning and mathematics developed at the University of Cambridge, which analyse the behaviour of every device, user and network within an organisation. Some of the world's largest corporations rely on Darktrace's self-learning appliance in sectors including energy and utilities, financial services, telecommunications, healthcare, manufacturing, retail and transportation. The company was founded in 2013 by leading machine learning specialists and government intelligence experts, and is headquartered in Cambridge, UK and San Francisco, including offices in Auckland, Boston, Chicago, Dallas, London, Los Angeles, Milan, Mumbai, New York, Paris, Seoul, Singapore, Sydney, Tokyo, Toronto and Washington D.C.
The age of the Internet of Things is upon us. With potentially billions of these devices connecting to the Internet in the coming years, targeting these devices have become more attractive. One threat that has started to emerge are botnets consisting of thingbotsbots running on IoT devices. Thingbots are currently used mainly for spamming and DDoS attacks, but more sophisticated purposes unique to the nature of the devices being exploited will likely emerge. This talk starts with a discussion of the current state of thingbots, then shows how they could evolve and become a more significant threat in the near future.
Whether it's iOS, Android, or some other operating environment, the mobile device has become a critical target for online attackers. But just how far have attackers gone? What are the key vulnerabilities and threats currently associated with mobile devices? In this session, attendees will get an expert view on the latest trends in mobile exploits, the most critical vulnerabilities in mobile devices, and the near-term thinking of attackers and penetration testers who are seeking ways to crack mobile device security.