91% of attacks start with an email* and the "human firewall" is flawed—users make mistakes and IT is held responsible.
Join this presentation to learn exactly how people in your organization are targeted by cyber criminals, hackers and even state-sponsored threat actors; and learn how email is at the heart of this new threat. Come see a live example of tools attackers leverage to expose your organization with a combination of technology, psychology, and the simplest of methods to "Hack a Human."
Security Operations is all about understanding and acting upon of large amounts of data. When we can pull data from multiple sources, condense it down, and correlate across systems, this allows analysts to highlight trends, find flaws, and resolve issues – all without leaving a single interface. This discussion will go into how to take the incredibly valuable data that Carbon Black collects, correlate this against thousands of endpoints, and dynamically neutralize threats using the LogRhythm SIEM.
Rising enterprise ransomware cases demonstrate the crippling effects these attacks can have on a business. Using research from CyberArk Labs, attendees will see how a combination of application control and least privilege enforcement can protect against these attacks. Most anti-malware and anti-ransomware solutions today focus on detecting and blocking malware at the point of inception. CyberArk Viewfinity takes another approach – using greylisting to block ransomware from being able to access or encrypt files, thereby proactively protecting sensitive files from damage or loss.
You've all heard the classic CKC tale by now: phishing email with an attachment, exploit, install, HTTP C2, data exfiltration. But what about the incidents caused by attackers truly thinking 'outside the box?' In this session, Lockheed Martin's Commercial Cyber Security Intelligence Lead, Justin Lachesky shares his experience from the front-lines of defense—experiences that may change how you think about and execute computer network defense.
Facing cyber-criminals operating at a global scale and employing increasingly sophisticated attack strategies, security professionals are turning to threat intelligence solutions to gain insight into the global threat landscape and better defend their networks. But deciphering the massive volumes of threat intelligence generated globally can quickly overwhelm even the most experienced security teams. Delivering effective defense requires more than visibility, it requires actionable threat intelligence.
In this session, Fortinet's global security strategist, Derek Manky will provide an overview of the current threat landscape, highlight the importance of collaborative sharing of threat data, and discuss the benefits of actionable threat intelligence.
Suddenly, security threats are manageable. Cloud is enabling new security technologies to leapfrog the status quo—meaning that organizations have new options that can scale as they grow and adopt new technologies. Moreover, security is becoming adaptive, continuously improving resiliency against attacks. In this session, Tenable VP of Strategy Matt Alderman will demonstrate how enterprises can leverage the cloud to enable organizations of all sizes to take this approach. See a demo of cloud based security technologies in action, and learn about state-of-the-art architectures that leverage leading cloud services and technology platforms such as AWS and Docker.
"The house always wins" is a casino truism. But it hasn't kept scores of individuals and teams from using both time-tested strategies and new techniques to beat the odds in search of big payouts. What happens in Vegas - sophisticated operators using observation, analysis, action and persistence to outsmart the house - provides valuable insights into adversary thought processes and behaviors. Classics like the Boesky, Jim Brown, Miss Daisy, Jethro and Leon Spinks have morphed and become current cyber techniques. These learnings can be readily applied to understanding and disrupting the plans and attack campaigns of cyber criminals.
How can you prevent ransomware that's constantly evolving to evade your endpoint security measures? What are you going to do to defeat ransomware before it's too late? Discover the most recent techniques ransomware developers are using to avoid detection. See how a technique-based approach prevents ransomware (and malware in general), learn three innovative techniques that automate ransomware prevention, and see the latest malware and exploit prevention technologies in action.
From the humble beginnings of using a spread sheet to track IoCs to the adoption of ISR methodology and DevOps, there are many steps in the journey of developing an Intelligence program. Learn how the EMC CIRC has evolved its Cyber Threat Intelligence capabilities from simply tracking IoCs to actively collecting, processing and automating the dissemination of actionable intelligence to and from its security tools including the entire ASOC platform.
In this talk, we will examine Talos's interdiction efforts against major actors our customers have faced this year. Each of these threats posed unique challenges for our team and we will share the lessons learned. The interdiction team works beyond the borders of customer networks to disrupt and degrade actor capability before they affect our customers. The team includes linguists, reverse engineers, developers, incident responders, mathematicians, data engineers, and systems administrators. We work with law enforcement organizations, government organizations, hosting providers and other intelligence partners to achieve our goal of pissing off the bad guys.
With an ever changing threat and computing landscape modern security teams must bring together the people, process and technology to enable Threat Hunting. Detect and Alert strategies need to be revamped to shift from reactive forms of incident response to proactive threat hunting. Join Rick McElroy Security Strategist for Carbon Black as you learn how to enable your hunt.
This presentation explores how policy driven Intelligent Key Management will help you navigate the various security risks you face in your IaaS Cloud deployment – regardless if you are using a public, private, or hybrid cloud environment. We'll focus on the data security challenges facing all organizations including; the shifting state of the industry; data sovereignty concerns; strategies and solutions to maintaining control of your data in the multi-cloud world; and how to best evaluate and mitigate risk by implementing tactics such as policy driven intelligent key management solutions within your organization.
It's not a matter of if, it's a matter of when. This common mantra is repeated throughout security circles yet many of us don't actually operate by this mantra. We don't approach securing our environments from this perspective; if we did there would be a lot less damage from breaches. This talk outlines an operational (i.e. realistic) approach to securing your environment in such a way to mitigate the effects of a breach based on the presenter's 17+ years performing Incident Response and Red Team Operations.
With adversaries increasingly 'living off the land' to bypass traditional security controls and moving beyond malware to compromise organizations, learn about new attack techniques that CrowdStrike observes regularly across e-crime, nation state, and hacktivist adversaries. Learn the latest in adversary tradecraft and how you can stop them dead in their tracks.
In this session we will analyze HTTP/2 from a security perspective and present new attacks on popular server implementations, including Apache, IIS, Ngnix, Jetty and nghttp. We will overview the HTTP/2 attack surface—stream multiplexing, flow control, HPACK compression and server push, with a focus on how the implementation of HTTP/2 servers can make or break your security posture. We will continue by presenting new classes of vulnerabilities that have been introduced by the mechanisms, and demonstrate how they can be used for mounting effective attacks against web servers. We will conclude with a discussion on several approaches for mitigating these attacks.
Incident detection is only part of the story, what happens once your team identifies a credible threat that has made its way into your organization? What are the first steps to take to respond, who should (and who shouldn't) be on the response team, when do you need to escalate and to whom?
This session includes:
• How to plan your incident response strategy before you need it
• Who should be on the incident response team
• What are the critical tools to use before, during, and after an incident
• How to do a post-incident breakdown and implement effective improvements
When we say 'insider threat' we immediately think of a malicious person within our networks. While humans are the ultimate attack vector, every program inside your network is a kind of 'insider'… and technologies like Internet of Things drastically expand the list of insiders we have to worry about.
Dr. Richard Ford will present a new view of securing the enterprise from the inside out. With malware using new approaches to trick or hijack users, practitioners must view everyone and everything attached to the network as a potential insider. It's no longer just rogue employees but "attackware" and subverted devices.
This talk will look at some of the more interesting cybercrime trends and structures, to include prominent cybercriminal groups and the cybercriminal economy, as well as some of the ideas on multiple sides that influence the criminals themselves and efforts to stop them.
There's a growing belief that cloud is safer than on-premises. With the plethora of data breaches in recent years, that may well be true. But does that mean the cloud is bullet-proof?
In this session, Mike Bartholomy of Western Union will share his team's perspective in this debate. As a large consumer of cloud services like Office365, Salesforce, and Box, Mike will outline how Western Union protects data in the cloud from unauthorized access, whether it be from an insider threat, compromised account, or blind subpoena.
The primary attack surface of a network has become more complex than ever with an ever increasing number of new protocols, authentication mechanisms, and trust relationships between devices and people. In this talk we'll discuss at a high level overall strategies companies are using to lock down their networks and then go into technical detail on how these strategies intersect with new attacker methods and payloads including the examination of previously unknown vectors. Participants should come away with a better understanding of security flaws on these systems and ways they can better lock down their network infrastructure against these attacks.
There has been a lot of attention in the last few years on post-intrusion tools and analytics, with a proliferation of new offerings from both startups and established vendors. The stated objective being to shorten the time required to pinpoint a breach, limit the spread of the attack and ultimately avoid data exfiltration.
While these tools are worth investigating, could we leverage a more fundamental change to the underlying security architecture, enabled by network virtualization, to provide similar benefits and yield even higher returns from these tools?
This session will examine SDN, micro-segmentation and automation of policies in the context of data center networking. We will discuss their impact on fundamental security properties such as context, visibility and threat containment. Finally, we will see how current tools can benefit from network virtualization to deliver a better security solution.
IT departments are expected to protect their organizations from existing vulnerabilities and from the thousands of new ones disclosed every year. Unforunately, when it comes to vulnerability remediation, many organizations face an excess of cyberthreats and a shortage of infosec professionals. To weather this storm, IT departments must prioritize remeditation, so that they can promptly fix the vulnerabilities that represent the greatest risk to their organization at any given point in time. Qualys CTO Wolfgang Kandek will discuss a year-long study of exploits and share best practices for improving remediation and reducing risk in the age of vulnerability disclosure overload.
Despite the recent proliferation of threat intelligence sources, security professionals are still facing many of the same questions: Should we share data openly? What are we exposing ourselves to if we do? What is to be gained through collaboration? Are such sharing initiatives effective? How effective is open source threat intelligence?
Looking back at four years' worth of data from AlienVault's Open Threat Exchange (OTX), we will try to evaluate the costs paid and benefits gained by the 37,000 participants who have chosen to share. Bring eggs and tomatoes…audience participation is required in this session!
With the explosion of connected devices, cyber criminals are taking advantage of the expanding attack surface to launch targeted strikes. There is no silver bullet, but to stay ahead of the attacker requires a predictive approach to prevent the attack before execution. This session will touch on the threat landscape, the challenges we face, and how using Artificial Intelligence in CylancePROTECT with OPTICS can provide true prevention of Malware including Forensic data.
While it may not sound sexy, rich metadata gathered from your network can capture more than ninety percent of the useful data that a full-packet capture system would at twenty percent of the cost. More important, you can actually analyze it in real time to find (and stop) attacks that you would never have been able to discover otherwise.
Learn how you can get rich network metadata and ten remarkable things you can do with it that you never would have imagined.
Even the most sophisticated security teams can struggle with the basics of maintaining a strong security posture. And beyond that, there are bigger challenges looming – from anticipating the next advanced threats to managing massive amounts of data moving across mobile and cloud platforms to not having enough time or the right skills to achieve a higher level of security.
Learn how to extend the capabilities of your security teams so you can move beyond the basics – to minimize detection and response times, reduce operational costs, and get ahead of emerging threats.
Where do printers fall in your current endpoint security practices? Most companies invest millions in protecting laptops, servers and data centers but overlook the importance in securing their print infrastructure. Of those organizations that deploy print security, many report only having basic measures. Michael Howard, HP Chief Security Advisor, will use real-world examples of how some of the most secure organizations are still lagging in their print security and share how he uses a proven framework to secure the print infrastructure. Come to this session to see how you can defend your printers from the next wave of security attacks.
Is that link really from the HR department or a phishing attempt? Is that anomalous IP address in the log file a breach? With the rate at which new threats emerge and known threats morph into something unrecognizable, real-time analysis of unknown objects can dramatically decrease your risk profile. We will examine how contextual threat intelligence can improve your ability to recognize and stop new threats at the endpoint, the perimeter and in the SOC.
TLS is not optional nor should it be! TLS should be a fundamental part of the communication fabric. Learn why the game has fundamentally changed and how to architect a solution that really satisfies both the "faster" and "secure" requirements with NetScaler SSL technology. NetScaler's SSL offloading stack is used in almost all of our global deployments. While SSL is part of almost every use case, one needs to understand the best protocol and cipher combination to ensure security and performance for applications. This session provides details of how to secure against all attack vectors existing today. Learn how you can secure cloud deployments with TLS support end to end.
If you're thinking that you're safe just because you have two-factor authentication, you might want to rethink your security strategy. Our analysis has shown that while certain two-factor methods are secure, others can be easily defeated. Join Ryan Rowcliffe, as he discusses modern cyber-attacks and why two-factor authentication may not be enough, and what you can do to make sure you are protected.
Intel recently published a specification for a new security model called Control-Flow Enforcement Technology, or CET for short, to provide protection from Return Oriented Programming (ROP) and Jump Oriented Programming (JOP) exploits at the processor level. The public preview is currently open for feedback, and it will be some time before chips/systems including the technology become available. This talk will explain the key concepts of the CET specification, and provide insight into ways current technology can be used to gain many of the benefits of CET in detecting and preventing ROP exploits. An understanding of ROP concepts is a prerequisite.
SIOC Analysts use various tools both home grown and products from off the shelf to help in finding and identifying threats in any organization. This session looks into the analytic methods and tools used to identify breaches within a current environment with real world examples. This will include how adversaries successfully gain unauthorized access, infiltration techniques used, and how they maintain access to accomplish their objectives.
Enterprises are throwing money at protecting their networks, but is it being spent effectively? Are your tools providing the protection you desire?
To sufficiently answer these questions, you may be required to launch exploits in your critical environments.
An alternative to the aforementioned scenario involves simulations which allow attacks to be transferred without payload execution. The risk of exploitation is removed and your protection products still have full visibility. You gain the flexibility to execute this traffic across your critical networks and determine which products are effective, if they provide blind spot coverage, and ensure that incident response processes are followed.