What are the unsolved cybersecurity requirements in the Singapore industry, and what stands between research ideas and the solutions to those? In this talk, we present perspectives on cybersecurity issues, R&D challenges, and wish list gathered from discussions between the research community and participating industry players on the Singapore Cybersecurity Consortium platform, covering the sub-topics of threat intelligence, data privacy, mobile security, software security, and cyber-physical system security.
Despite great advances in threat detection and prevention technology, security incidents continue to be on the rise. Yet, one thing remains consistent: For every security incident, there are artifacts that can help tell the story. By themselves, artifacts mean nothing, and any attempt to manually make sense of them in order to understand the who, what, when, where, and how of an incident can take longer than security analysts can afford spending time on.Join this session and learn how intelligently-populated graph databases can provide rapid insights into seemingly disconnected artifacts, simplifying even the most complex tasks.
Hackers are a highly collaborative group of individuals that share attack techniques every day. While enterprises, on the other hand, continue to operate individually with very little collaboration beyond basic threat intelligence sharing. We need to change as an industry.
Join Justin Hayes, Cloudera's Director of Systems Engineering, as he discusses an open source approach to breaking down traditional cybersecurity barriers while opening up a broad community for cybersecurity collaboration. During this discussion, you will learn about the vision of Apache Spot and how it can help organizations:
• Infinitely scale data storage, access, and machine learning
• Gain complete enterprise visibility with a community defined open data model
• Open up application flexibility without having to reinvest in infrastructure
• Collaborate between organizations and a diverse community of experts
Cylance sees 500,000 new suspicious computer files every single day. Malware is out of control and laying siege to economies, governments and businesses around the world. Learn how recent advancements in cloud computing, data science and machine learning are helping combat the ever increasing war waged in cyber space!
Blockchain is a term that some have heard of, or associated it with bitcoin, but few have had the chance to get to grips with. In this presentation, the presenter is going to evaluate: with the use of blockchain, whether we could have a bigger implication for fraud prevention or we will expose more weakness at the transaction endpoints. The presenter is going to play into the minds of individuals and to show how gullible people are with online transactions.
Is there an InfoSec community culture here in Singapore? What meetup groups, special interest groups and professional associations do we have here? Two leading members of 'the community'will be sharing their experiences in building and growing their vision ofa vibrant InfoSec community here in Singapore. This presentation ultimately aims to introduce Singapore's InfoSec community ecosystem, and share how everyone can play their part.
CDR, ("Content Disarm and Reconstruction") is a malware threat prevention technique based on removing exploitable objects from productivity files. Unlike traditional and next-generation antimalware technologies, CDR doesn't assess the reputation of a file or its runtime behavior. This presentation will introduce CDR as a concept, provide an overview of CDR implementation methods and common use cases, share research findings of CDR effectiveness in preventing zero-day threats, highlight usability/security trade-offs of CDR and identify other issues IT staff should consider when implementing CDR as part of their organization's security architecture.
If you're a professional in today's rapidly-growing IT security market, you have a wide range of opportunities to expand your options – and your salary. In this session, experts on IT security hiring and recruiting discuss the opportunities in the current job market, the credentials you need to take advantage of those opportunities, and the skills that are in the greatest demand. You'll also get some advice on how to hunt for a new job – or increase your value to your current employer.
Many enterprises are embracing agile development methodologies, containerisation and so-on. IT security organisations cannot keep up with or don't even know or understand the changes to the threat surface that DevOps imposes on them. This presentation will discuss the disconnect that exists between DevOps and IT security organisations, the risks and suggested mitigations.
The steady stream of vulnerability disclosures continues to rise, making it tougher than ever to plug all the holes in today's IT environments. Coupled with latest IT trends such as cloud adoption, BYOD and mobile workforces, exposure to critical vulnerabilities is even more difficult to gauge, resulting in failure to meet key security policy objectives for patching and remediation. With minimal resources, it is critical to focus on the patching vulnerabilities with the highest exposure first. In this session, you will learn about the latest vulnerability trends and how to identify and prioritize these high-risk exposures.
Most breaches are not malware based and in fact, 60% of breaches originate from non-malware related attacks. Learn hard-hitting new facts and insights into recent global attacks and advanced cybercrime targeting organisations. Based on actual case studies and threat intelligence data, attendees will leave with important lessons and insights into the attackers' tactics, tradecraft and objectives. More importantly, attendees will hear about strategies that global and Asia Pacific based organisations can put in place to combat the hacker tradecraft that goes beyond malware.
In order to hit their targets, malware developers need to constantly evolve their tactics. This evolution is frequently done in very small incremental changes to known malware attacks. Today, malicious developers know their malware has a short half-life before detection. In order to optimize their efforts, cyber criminals now modify their "products" just enough to evade detection a little bit longer. The threat landscape is constantly changing. This is your opportunity to hear what you can expect to hit you networks and how you can prepare.
Attend this session and learn:
• New malware tactics researchers and analysts are confronting on a daily basis
• How cyber criminals are using Crypters to evade detection
• What you can do to proactively protect your business from future challenges
Gartner Hype Cycle for Application Security 2016 says that applications, not the infrastructure, represent the main attack vector for data exfiltration. Verizon's Data Breach Investigation Report for 2016 states that attacks on web applications accounted for over 40% of incidents resulting in a data breach, and were the single-largest source of data loss. Modern companies struggle to combine agile web application development with security best-practices and compliance requirements. During the presentation,we will explore currently available solutions from Bug Bounties to VAPT, their strengths, weaknesses, and ability to generate ROI.
In this session, learn about: - The new age of silent, stealthy attacks that lie low in networks for weeks and months - Why legacy approaches, like rules and signatures, are proving inadequate on their own - How new 'immune system' technologies based on advanced mathematics and machine learning are being deployed today - Real-world examples of subtle, unknown threats that routinely bypass traditional controls
Vulnerability Management is focused on identifying, prioritizing and remediating security weaknesses. Organizations have mature assessment programs for discovering vulnerabilities, but the effective analysis of risk, including prioritization and remediation, still poses challenges to most companies.
On the other hand, Threat Management provides awareness for the types of threats facing an organization. Threat Management is less practiced and must be aligned with business risks and objectives to provide value.
Together, these methods can provide organizations with the insight needed to prioritize and manage risks effectively. This session defines the future of Vulnerability Management as it transitions to Threat and Vulnerability Management.
Enterprises have always been targeted by online attackers who seek data that they can use or sell. But recently, the threat has been compounded by politically-motivated attackers - some state-sponsored and some working independently - who have a different set of motivations and methods. How can defenders prepare for such a wide range of attackers, and how should they prioritize their defenses? In this session, experts discuss the motives and methods used by today's attackers, and offer insight on how these attackers choose their targets.
Security professionals are facing a wide range of problems and threats, ranging from targeted attacks to a shortage of skilled staff. But what are their top concerns and priorities? In this session, you'll hear the results of several recent surveys of security pros, including the Black Hat Attendee Survey and the Dark Reading Strategic Security Survey. You'll get a summary of survey results from Dark Reading editors, as well as insight from security professional associations that can speak specifically about attitudes and plans in Asia.