How the ORWL open-source project brings banking systems' physical hardware protection and two-factor authentication to consumer computing, to protect access to your data. This bridges an important gap in data protection, using tamper resistance, tamper reactivity, and tamper evidence to enable trust even when your machine has been physically out of your control.
As a security professional, you've chosen one of the fastest growing and potentially lucrative careers in any industry today. You're living in a negative-unemployment market where many organizations may be competing for your services. How can you take advantage of those opportunities? In this session, a top expert will discuss ways to advance your career: how to build your resume, how to approach training and certification, and when to look for a new position. You'll get insight on how companies hire security professionals, how to approach job opportunities and interviews, and how to increase your salary.
Prevention is not enough. Advanced, targeted and insider threats bypass your perimeter defenses and gain hold of your internal systems and digital assets.
Vectra Networks, is the leader in real-time detection of in-progress cyber attacks. We'll present and demonstrate how our advanced threat-detection solution uses machine learning and data science to continuously monitor internal network traffic to pinpoint cyber attacks as they happen. We'll then show that we automatically correlate threats against hosts that are under attack and provides unique context about what attackers are doing so you can make informed, effective interventions that prevent or mitigate loss.
In a world where headlines about spying are driving the privacy debate, can the security industry come together effectively to fight cybercrime? While the industry definitely outnumbers the adversaries, they have traditionally collaborated more effectively. Through the recently formed Cyber Threat Alliance, we will show what the cybersecurity industry can do to shut down cybercrime collectively. We will explore how those with responsibility for security within businesses can help support this and what they can get back from cyber intelligence and collaboration.
Today's malware is more sophisticated and more automated -- than ever. It often works differently on different victim machines, and it evolves automatically in order to avoid signature-based defenses. There are many new tools and toolkits that enable developers to create and deploy new malware, and many other tools that help developers disguise and obfuscate their malware to make it more difficult to detect. In this session, experts on the latest malware exploits offer a look at the development process, the most current tools, and new, packaged toolkits that enable attackers to create and deploy new malware without a great deal of expertise.
EIT Digital promotes business opportunities by bringing to market trustworthy and transparent innovative ICT technologies bridging the privacy and security gaps between available techniques and practice and leveraging the recognized expertise and creativity of European players. In particular, this is achieved through PST and CLD action lines. Main PST innovation projects in the areas of privacy protection, mobile cyber security and privacy, and federated ID management will be highlighted. The main CLD action line innovation project, the Trusted Cloud high impact initiative, aiming at building European trustworthy solutions for storing digital data and contents and the related ecosystem, will be described.
Many organizations nowadays are switching to DevOps to enable fast-paced delivery of business applications. But how does security fit in? This presentation shares ideas on how HP Fortify static and dynamic testing, as well as runtime application self-protection, can help embed security into the DevOps methodology.
We will present the highlights of the Imperva 6th Web Application Attack Report.
How many applications were subject to Shellshock campaigns, and which attacks have become more popular in 2015? Which attack is characterized as a blind web scanning campaign, and which business domain is suffering ten times more Cross-Site Scripting attacks than others? Is the commonly held believe that WordPress is associated with a high number of Web Attacks justified? And which countries take the lead in 2015 as the top originators of web attacksWe will also present several case studies, including Scraping attack from hundreds of TOR IPs and SQL Injection attack including 3.5 million requests.
Today's attackers and exploits are more prolific and more sophisticated than ever. How are enterprise security professionals holding up? In this session, the editors of Dark Reading offer a look at two new surveys that outline current attitudes and plans of security pros: The Black Hat Attendee Survey 2015 and the Dark Reading Strategic Security Survey. These surveys discuss the top challenges faced by the enterprise security department, its buying and budgeting plans, and enterprise experiences in handling breaches and incident response. These surveys take the pulse of the IT security industry and offer a look at the results.
There are usually several activities that occur between an initial intrusion and a data breach. Detecting early indicators such as compromised credentials, command-and-control activity or suspicious lateral movement can often provide the necessary lead time to respond to and neutralize a threat before it leads to a material breach.
When cyber criminals strike, security teams often start in the dark. They spring into action needing context and situational awareness to formulate the right response. Internal intelligence about users, departments, and systems helps focus action on high value targets. Targeted system investigation validates alerts, and expands understanding of the incident to elevate indicators such as file, registry, and process changes. External Threat intelligence also plays a key role in understanding the scope and severity of a threatand when viewed within the context of the 'Cyber Intrusion Kill-Chain,' can lead to quicker containment and extraction, before an intrusion becomes a breach.
Today's hacks are becoming more and more sophisticated, crossing the chasm from the cyber world to the physical world. How do we maintain ethical standards when the attackers don't? This session will discuss the challenges with maintaining ethics in cybersecurity, cover a history of ethics as it applies to the science and technology space, present some powerful voices in the topic of ethics in science and technology, and discuss some case studies of ethical hacking and responsible disclosure.
When it comes to attack vectors, today's attackers have a wide range of choices. From endpoint exploits to network attacks to social engineering and hardware hacks, there are many methods for approaching a target enterprise but which will work best? In this panel session, leading experts in the various attack vectors will join to discuss the advantages and disadvantages of choosing a particular attack vector and how attackers find the one that is most effective for a specific target. You'll get a look at some of the latest thinking about social engineering, cloud attacks, and hardware hacking as well as current trends in network- and Web-based exploits, all provided in a way that helps you select the most effective methods for your penetration tests.
It is time to reevaluate the threat landscape before making further investments in security. This session will look at industry myths and how their propagation can lead to a misappropriation of resources, and potentially more impactful, provide a false sense of security. We will share our insights into whether or not an appreciable change in attacker tools, tactics, and procedures has taken place as well as the promise of next gen technologies.
In the last year vulnerabilities with catchy names and compelling logos have been hitting the headlines and driving knee-jerk reactions within organisations. These vulnerabilities are bad, some extremely critical, but whilst everyone is running around trying to patch the latest SSL or Flash vulnerability, huge flaws in security still linger. Join Gavin Millard, EMEA Technical Director at Tenable, as he talks through the issues that he thinks qualify for a logo and a theme tune to get the attention they deserve.
The Domain Name System is one of the most pervasive, yet least understood, elements of the Internet. In this session, a panel of experts will discuss how DNS works, the central role it plays in all Internet communications, and how attackers can exploit it to crack or reroute network traffic. You'll get a look at some of the most effective methods for using DNS in penetration testing, and how the rapid evolution of DNS may make this attack vector even more attractive in the future.