Event Recording

Richard Bell - Developing a Strategy for Managing Incidents

Show description
Speaker
Richard Bell
Head of Global Cyber Security & IT Compliance
MicroFocus
Richard Bell
Richard heads up the Security & Privacy division of TenIntelligence Ltd, specialising in client support and hands on practical advice on ‘all things security’ in UK, Europe, Middle East and the United States. Richard was Chief Information Security Officer (CISO) for Transport for...
View profile
Playlist
Cybersecurity Leadership Summit 2018 Europe
Event Recording
Dr. Torsten George - How Zero Trust is Creating a Game-Changing Security Experience
Dec 18, 2018

We got security wrong. Enterprise security is failing with two-thirds of organizations experiencing an average of five or more security breaches in the past two years, according to Forrester. Adding to the fervor is the impact of Cloud, Mobile, DevSecOps, Access. The entire experience of developing, deploying and protecting applications has forever changed. In today’s network perimeter-free world, organizations must adopt a Zero Trust Security model – and shift from ‘trust but verify; to assume users inside a network are no more trustworthy than those outside. And with the digital economy in full swing, the adoption of continuous integration and deployment brings with it new challenges, including greater attack surfaces as well as increased, complex compliance.

In this session, Dr. Torsten George, cybersecurity evangelist, will explain how the velocity of DevSecOps, security breaches, access to applications is creating the mandate for Zero Trust, and in doing so ushering in a new era of experiences – everything from how we securely develop and deploy apps, to how we authorize access for consumers and privileged users. Dr. George will outline how to enforce risk-based policy in real time, at the point of access. He’ll also provide tips on how to speed up analysis and greatly minimize the effort required to assess risk across today’s hybrid IT environments through the use of machine learning.

Event Recording
Panel - Achieving Consistent Enterprise Security
Dec 18, 2018

In this discussion the panellists will speak about the types of attacks which enterprises should expect in coming years. The ways of DevOps integration into an enterprise security program will also be discussed together with best practice highlights.

Event Recording
Andre Priebe - CIAM & API Management
Dec 04, 2018

Customer Identity & Access Management und API Management sind als Business Enabler bekannt. Aber in Kombination sind sie sogar mehr als die Summe ihrer Teile.

 Erfahren Sie, wie digitale Identitäten Ihrer Kunden und Ihrer APIs das digitale Ökosystem Ihrer Kunden infiltrieren, um sie noch stärker an Ihr Unternehmen zu binden. Verstehen Sie, warum die Weitergabe von Kontrolle an Dritte und externe Entwickler der Schlüssel zum Erfolg dieses Ansatzes ist und dass die Einhaltung von Standards Voraussetzung dafür ist.

Event Recording
Chris Burtenshaw - User Behaviour Analytics (UBA) - The Enterprise Value Proposition
Dec 18, 2018

This session explores what UBA is and the value it brings to enterprise security in context of other common controls and tools.  Chris will give some history of how user activity monitoring has changed, and its challenges, and the state today. Finally, we will discuss how this is changing and what to look out for as organisations are consuming more cloud-based services.

Event Recording
Mans Hakansson - Beyond OAuth: Securing APIs with Policies & Attribute-Based Access Control
Dec 18, 2018

Attribute Based Access Control (ABAC), OAuth 2.0 and OpenID Connect (OIDC) are complementary standards that can be used individually or in concert to offer comprehensive access control for applications that are built using microservice and API approaches. -API security basics -Avoiding bad security practices -Overcoming OAuth limitations -Managing authorization as a microservice

Event Recording
Peter Dornheim - Build Up a Security Operation Center and Provide Added-Value to Business Operations
Dec 18, 2018

Make or buy? Budget annihilator or business driver? Only 2 questions which must be answered when building up a Security Operation Center. How to address these questions and how to start a project to establish a Security Operation Center in a traditional German manufacturing company is content of this session.

- Start small, think big: Understand how to start a SOC project and deliver an added-value fast - Think big: Identify a SOC target vision which maps to your individual company situation - Be prepared: Learn about typical challenges during the SOC ramp-up process

Event Recording
Panel - Future of Critical Infrastructure Security
Dec 18, 2018

More often we hear about the devastating effects the attack on critical infrastructure can have on the citizens of an affected city or a country. Yet we don't see large scale attacks yet being conducted. Panellist will discuss possible threats in todays world as well as the ways private sector and governments can collaborate to prevent such assaults on critical infrastructure.

Event Recording
Panel - Risk Assessment and Security Design
Dec 18, 2018

Zero Trust Security assumes that nothing in a companies ITinfrastructure like including users, endpoint devices, networks, and resources, is ever trusted. All interactions must be verified to decrease the chance of a security breach. Zero Trust Security ensures secure access to resources while significantly reducing the possibility of access by bad actors. In this paneldiscussion we will discuss the considerations companies should make before implementing Zero Trust Security and Zero Trust Security by Design.

Event Recording
Dr. Michael von der Horst - The Current Threat Landscape: A 360° View and Effective Remediation Strategies
Dec 18, 2018

In today’s cloud-connected world, the way we work has changed. But security has not. When over half of the PCs in most organisations are mobile, you need to protect your workforce wherever they access the internet – not just when they are in the office. You need to identify attacks as they are staged on the internet, so you can block them before they launch.

Join us as Dr. Michael von der Horst, Senior Director for Cybersecurity Germany at Cisco, takes us through what we see out there “in the wild”. He will present effective defence and remediation strategies based on an integrated security architecture. Learn how you can gain the intelligence to uncover current and emerging threats, the visibility of activity across all devices and ports, anywhere, and stop phishing, malware, and ransomware earlier.

Event Recording
Tom Hofmann - Effective Countermeasures For Securing Critical Infrastructure – A View On The Human Aspect
Dec 18, 2018

When we think of security in the OT / IoT space, we are very focused on technological measures and controls. However, the recent incidents in this field showed that security events are not only based on a failure of technical controls. The 2017 Triton malware attack on SaudiAramco is a good example of what can happen based on human behaviour. While the attacked Triconex SIS controller is protected by a physical switch, it seems that this switch has been left in program mode. The ongoing digitalization of operational technologies presents cyber security professionals a whole new challenge. Technical controls are just one part to successfully protect critical infrastructure, but we have to consider the human factor too. As 90% of cyber incidents are human-enabled (Verizon Data Breach Report 2017), this will be one of the main topics in security for critical infrastructure. How can these challenges be addressed, what are new and innovative ways to develop security solutions, create resilience and protection?

Event Recording
Peter Gyongyosi - Can You Trust UBA? -- Evaluating Machine Learning Algorithms in Practice
Dec 18, 2018

The promise of every security solution is to detect the next attack, but verifying that claim is almost impossible. Attacks are extremely rare and tend to change: the ability to catch attacks that happened in the past say little about the ability to find things that will happen in the future and those breached are unlikely to share information and data about how that happened. In this presentation I will show the different approaches and metrics we found to measure the efficiency of the unsupervised machine learning algorithms commonly used in UBA products.

Event Recording
Alexei Balaganski - The Sorry State of Consumer IoT Security and How Can We Possibly Fix it
Dec 18, 2018

The Internet of Things has already become an integral part of our daily lives, whether we like it or not. In the office, at home, and even in the street, we are surrounded by a multitude of smart devices ranging from smart TVs and fridges to network routers, voice assistants and parking meters. No matter how different their functionality is, however, all these “things” share two major common traits: they are all connected to the public Internet and they lack the most basic security controls.

For decades, security was never a priority for embedded device manufacturers. Modern companies selling smart consumer devices still lack both expertise and budgets for making their products Secure by Design. Lack of regulation in this area doesn’t help either. As a result, vulnerabilities in consumer IoT products have already led to a number of security breaches on a massive scale: ranging from DDoS attack using huge botnets of hijacked cameras and routers to targeted attacks on corporate data using fish tank pumps.

As the number of consumer-grade IoT devices used by enterprises continues to grow, we can only brace for even larger attacks in the future. Or, instead of waiting for vendors or governments to do their job, we could start acting on our own. In this session, we are going to discuss the enterprise IT risks caused by consumer IoT devices and look into potential ways to incorporate them into existing enterprise security and identity infrastructures.