Event Recording

Dr. Torsten George - How Zero Trust is Creating a Game-Changing Security Experience

Show description
Speaker
Dr. Torsten George
Product Evangelist
Centrify
Dr. Torsten George
Dr. Torsten George is a product evangelist at Centrify and frequent speaker on cyber security, identity and access management, as well as risk management strategies worldwide. He regularly provides commentary and byline articles for media outlets, covering topics such as data breaches, incident...
View profile
Playlist
Cybersecurity Leadership Summit 2018 Europe
Event Recording
Martin Kuppinger - User Behavior Analytics: Can We? Should We? Must We? And if, How to Do It Right?
Dec 18, 2018

User Behavior Analytics (UBA) or UEBA (User & Entity Behavior Analytics) is an important capability of a variety of products: Specialized solutions for UBA; IAM tools with built-in UBA capabilities; and various cyber-security products that also come with built-in UBA capabilities.

The question to start with is: What is UBA really and how does it differ from e.g. Threat Analytics, SIEM, Access Governance, and other capabilities? Where is the benefit of UBA? Is it a nice-to-have or must-have in these days of ever-increasing cyber-threats? And if we go for UBA: How do we do it right? As a separate tool or built-in capability? As an IAM capability, where identities and user accounts are managed, or as a SOC (Security Operations Center) capability? And what about privacy?

This session will look at the state of UBA and how to do it right to leverage the potential of UBA for increasing your cyber-attack resilience in your Enterprise Security initiative.

Event Recording
Maximilian Möhring - Die Zukunft Digitaler ID ist Dezentral – Aber Nicht Blockchain
Dec 04, 2018

Die Identitätslandschaft ist voll von IAM-Systemen, Identifikations- und Authentifizierungsanbietern, verschiedenen Technologiestandards und wird durch nationale sowie branchenspezifische Normen geregelt.

Die Lösung für dieses Problem ist die Interoperabilität der Lösungen indem der Markt vereint wird und die Integration bestehender Identitätsanbieter vereinfacht wird. Obwohl Blockchain neue ID-Lösungen liefern kann, löst sie nicht die Kernproblematik des Identitätsmarktes. Revolution wird durch die Evolution des bestehenden Marktes erreicht, nicht durch einen Big Bang.

Event Recording
Paul Simmonds - From Network Protection to Data Security
Dec 18, 2018

"Zero Trust" is the latest security buzzword from the vendors marketing department; but what it actually means for you means should vary depending on your business requirements.

Properly aligning security architecture to enable the business strategy of the organisation is the key to deliver a Zero Trust architecture. But the solution could be anything from implementing identity-aware firewalls to the extremes of "BeyondCorp"; Google's firewall-less global network when the security posture is identical whether you are in Starbucks or on the Google campus.

Event Recording
Dragan Pendic - Path to Zero Trust Security - Data Veracity, When Truth Is Essential and Trust Optional
Dec 18, 2018

Businesses are more data-driven than ever, but inaccurate and manipulated information threatens to compromise the insights that companies rely on to plan, operate, and grow. Unverified digital resource is a new type of vulnerability - one that is 

chronically overlooked by digital enterprises. With autonomous, data-driven decision making, the potential harm from unverified digital resources become an enterprise-level existential threat. And then, there's a wider cybersecurity aspect and how to address the following:

- Data provenance verification - the history of data from its origin throughout its lifecycle (cradle to grave)

- Data Integrity verification - continually maintain good health  and predictable state of data

- Data context usage - keep an eye on behaviour and context around data's use

Event Recording
Peter Dornheim - Build Up a Security Operation Center and Provide Added-Value to Business Operations
Dec 18, 2018

Make or buy? Budget annihilator or business driver? Only 2 questions which must be answered when building up a Security Operation Center. How to address these questions and how to start a project to establish a Security Operation Center in a traditional German manufacturing company is content of this session.

- Start small, think big: Understand how to start a SOC project and deliver an added-value fast - Think big: Identify a SOC target vision which maps to your individual company situation - Be prepared: Learn about typical challenges during the SOC ramp-up process

Event Recording
Martin Zeitler - Your Move to “the Cloud” Secured
Dec 18, 2018

There is a tremendous amount of business value that you can get from “the cloud”. But, there are a lot of challenges in adopting these services securely. The real question is how we can approach “the cloud” from a security perspective in order to really get that full benefit of the offerings.

Event Recording
Martin Kuppinger - User Behaviour: The Link between CyberSecurity and Identity Management
Dec 18, 2018

An increasing number of attacks, both external cyber-attacks and internal attacks, are well-thought-out and long-running. Particularly external, targeted attacks rely on the use of zero-day-exploits, which factually are yet unknown exploits. Thus, standard approaches such as signature-based analysis don’t help – you can’t detect what you don’t know. On the other hand, malicious behavior of internal users is hard to detect. Commonly, existing entitlements are used, but not as they should be used. Both challenges can be addressed by analyzing the user behavior and identifying anomalies and outliers. There are various technologies for doing so, focusing on network traffic, privileged user behavior, or access to unstructured data. All of these deliver to the one target: Mitigating risk of attacks. 

Event Recording
John Tolbert - Defense-in-Depth: New Kinds of Tools for All the Layers
Dec 18, 2018

The principle of defense-in-depth remains a key design element for enterprise organizations. Although many have said that perimeters are going away, or identity is the new perimeter, the fact is that almost all enterprises still have perimeters. The names may have changed, and components may be declared “next-gen”, but there are still firewalls, VPNs, intrusion detection and prevention systems, etc. We will look at how new kinds of tools have become available to help protect against attacks from the application to the network layers.

Event Recording
Mans Hakansson - Beyond OAuth: Securing APIs with Policies & Attribute-Based Access Control
Dec 18, 2018

Attribute Based Access Control (ABAC), OAuth 2.0 and OpenID Connect (OIDC) are complementary standards that can be used individually or in concert to offer comprehensive access control for applications that are built using microservice and API approaches. -API security basics -Avoiding bad security practices -Overcoming OAuth limitations -Managing authorization as a microservice

Event Recording
Dr. Rachel Suissa - Mapping the Comprehensive Cyber Human Factor with Implications on AI and Future Cyber Leadership
Dec 18, 2018

The aim of this presentation is to map the comprehensive human factor and cybercrime landscape categories (Motivations, the category of the perpetrator, category of the targets and victims, opportunistic and targeted attacks, the jurisdiction of the target, technology versus social engineering). Mapping these two pillars provides indicators that can be integrated in AI cybercrime predictive analysis, construct a model of the man-cognitive system and a cyber leadership network based on the deduction of cyber policy challenges.

Event Recording
Andre Priebe - CIAM & API Management
Dec 04, 2018

Customer Identity & Access Management und API Management sind als Business Enabler bekannt. Aber in Kombination sind sie sogar mehr als die Summe ihrer Teile.

 Erfahren Sie, wie digitale Identitäten Ihrer Kunden und Ihrer APIs das digitale Ökosystem Ihrer Kunden infiltrieren, um sie noch stärker an Ihr Unternehmen zu binden. Verstehen Sie, warum die Weitergabe von Kontrolle an Dritte und externe Entwickler der Schlüssel zum Erfolg dieses Ansatzes ist und dass die Einhaltung von Standards Voraussetzung dafür ist.

Event Recording
Marko Vogel - Cyber Security as Part of Industry 4.0
Dec 18, 2018

 - More aggressive, complex and well organized: Cyber threat landscape on the rise

- Cyber Security – added value for industry 4.0?

- Industry 4.0 needs company-specific security strategies