Event Recording

Mans Hakansson - Beyond OAuth: Securing APIs with Policies & Attribute-Based Access Control

Show description
Speaker
Måns Håkansson
Solution Architect
Indykite
Måns Håkansson
Måns is a long-time veteran in the IAM space. In the last few years, he has been focused on authorization management working for companies such as PlainID and Axiomatics. Before that, he held different positions at Oracle and Sun Microsystems.
View profile
Playlist
Cybersecurity Leadership Summit 2018 Europe
Event Recording
Dr. Rachel Suissa - Mapping the Comprehensive Cyber Human Factor with Implications on AI and Future Cyber Leadership
Dec 18, 2018

The aim of this presentation is to map the comprehensive human factor and cybercrime landscape categories (Motivations, the category of the perpetrator, category of the targets and victims, opportunistic and targeted attacks, the jurisdiction of the target, technology versus social engineering). Mapping these two pillars provides indicators that can be integrated in AI cybercrime predictive analysis, construct a model of the man-cognitive system and a cyber leadership network based on the deduction of cyber policy challenges.

Event Recording
Chris Burtenshaw - User Behaviour Analytics (UBA) - The Enterprise Value Proposition
Dec 18, 2018

This session explores what UBA is and the value it brings to enterprise security in context of other common controls and tools.  Chris will give some history of how user activity monitoring has changed, and its challenges, and the state today. Finally, we will discuss how this is changing and what to look out for as organisations are consuming more cloud-based services.

Event Recording
Gal Helemski - How a Policy Based Approach Dramatically Improved Access Control and Authorization
Dec 18, 2018

Hear how a leading multinational Financial institution was able to evolve from Role Based Access Control (RBAC) to the new paradigm, Policy Based Access Control (PBAC), and learn what challenges this solved, and the ROI they were able to see from using PBAC.

Event Recording
Dimitri Chichlo - What is the Role of a CISO in 2020?
Dec 18, 2018

In the past years, a CISO would mainly be chosen among the IT staff who expressed his interest for information security or by arbitrarily promoting someone from the inside to please the auditors with filling a headcount gap. Tasks and skills were mainly technical, focusing on patching, administering firewalls and installing antiviruses. With the years though, companies have made their IT systems the backbone of their businesses. Similarly, criminality has shifted to exploit online systems. Combination of both realities now requires that CISOs possess and demonstrate core competencies that allow them transforming the essence of their job from infrastructure protector to business enabler. In this keynote, we will explore how and why CISOs should now focus on value creation instead of value protection, getting from a defensive to a proactive approach.

Event Recording
Panel - AI and the Future of Cybersecurity
Dec 18, 2018

 Advanced analytical technologies will help organizations in their fight against cyber-attacks. These technologies assist in detecting potential attacks at an earlier stage, as well as enabling the identification of complex attack patterns that span various systems. In this panel we will discuss the role of AI in the future of cybersecurity, possibilities of using it as a weapon by adversaries and the possibility of developing preventing techniques using Machine Learning and Deep Learning. 

Event Recording
Dr. Frank Dudek - Accelerating Cybersecurity – Is Your Information Security Program Up to Speed?
Dec 18, 2018

Internet content providers rely on fast, modern webapps and feature-rich web frameworks to drive customers to their sites. In a landscape of accelerating change and continuous code deployment, my keynote will discuss how a company’s cybersecurity program must evolve to remain effective in such fast-paced environments. 

Event Recording
Jochen Werne - The Future of Digital Business Security
Dec 18, 2018

The digital development spurts have captured all areas of life. Industry 4.0 is on everyone's lips. The digitization of all areas of work and life requires integrated and robust strategies and processes at all levels.
Consequently, this poses many questions: How well prepared are economies and politics as well as the society as a whole with regard to cyber safety aspects? How do people react to change processes? Basically, what is the significance of the human factor in the overall context of digital safety and cybersecurity? Of course, there have been prior leaps in developments within the industry. This time, however, there has been a significant change not only in technology, but also within the fundamental business model of companies

Event Recording
Alexei Balaganski - Containers, Microservices, APIs: The Latest DevOps Security Trends
Dec 18, 2018

To stay competitive during the times of digital transformation, when business models and technology landscapes change daily, enterprises must reinvent many of their business processes to achieve new levels of agility and flexibility, and nowhere else this is more evident than in software development. As the demand for faster design, development and delivery of software is growing, organizations are adopting the DevOps methodology that fundamentally changes the ways software is produced.

With a strong focus on practices like continuous delivery, infrastructure as code and test automation, DevOps can do wonders for development productivity. Unfortunately, quite often this is done at the expense of governance and security, which many developers see more as obstacles that prevent them from achieving the desired level of agility. Adding the newest disruptive technologies like containers or microservices to the mix only makes the matters worse by opening an entire range of new possible attack vectors.

In this session, we’ll talk about the organizational and technological measures needed to close the rift between DevOps agility and strong IT security as well as have a look at some of the today’s most popular DevOps trends and discuss their biggest security challenges.

Event Recording
Peter Dornheim - Build Up a Security Operation Center and Provide Added-Value to Business Operations
Dec 18, 2018

Make or buy? Budget annihilator or business driver? Only 2 questions which must be answered when building up a Security Operation Center. How to address these questions and how to start a project to establish a Security Operation Center in a traditional German manufacturing company is content of this session.

- Start small, think big: Understand how to start a SOC project and deliver an added-value fast - Think big: Identify a SOC target vision which maps to your individual company situation - Be prepared: Learn about typical challenges during the SOC ramp-up process

Event Recording
Martin Kuppinger - User Behavior Analytics: Can We? Should We? Must We? And if, How to Do It Right?
Dec 18, 2018

User Behavior Analytics (UBA) or UEBA (User & Entity Behavior Analytics) is an important capability of a variety of products: Specialized solutions for UBA; IAM tools with built-in UBA capabilities; and various cyber-security products that also come with built-in UBA capabilities.

The question to start with is: What is UBA really and how does it differ from e.g. Threat Analytics, SIEM, Access Governance, and other capabilities? Where is the benefit of UBA? Is it a nice-to-have or must-have in these days of ever-increasing cyber-threats? And if we go for UBA: How do we do it right? As a separate tool or built-in capability? As an IAM capability, where identities and user accounts are managed, or as a SOC (Security Operations Center) capability? And what about privacy?

This session will look at the state of UBA and how to do it right to leverage the potential of UBA for increasing your cyber-attack resilience in your Enterprise Security initiative.

Event Recording
Dr. Torsten George - How Zero Trust is Creating a Game-Changing Security Experience
Dec 18, 2018

We got security wrong. Enterprise security is failing with two-thirds of organizations experiencing an average of five or more security breaches in the past two years, according to Forrester. Adding to the fervor is the impact of Cloud, Mobile, DevSecOps, Access. The entire experience of developing, deploying and protecting applications has forever changed. In today’s network perimeter-free world, organizations must adopt a Zero Trust Security model – and shift from ‘trust but verify; to assume users inside a network are no more trustworthy than those outside. And with the digital economy in full swing, the adoption of continuous integration and deployment brings with it new challenges, including greater attack surfaces as well as increased, complex compliance.

In this session, Dr. Torsten George, cybersecurity evangelist, will explain how the velocity of DevSecOps, security breaches, access to applications is creating the mandate for Zero Trust, and in doing so ushering in a new era of experiences – everything from how we securely develop and deploy apps, to how we authorize access for consumers and privileged users. Dr. George will outline how to enforce risk-based policy in real time, at the point of access. He’ll also provide tips on how to speed up analysis and greatly minimize the effort required to assess risk across today’s hybrid IT environments through the use of machine learning.

Event Recording
John Tolbert - Defense-in-Depth: New Kinds of Tools for All the Layers
Dec 18, 2018

The principle of defense-in-depth remains a key design element for enterprise organizations. Although many have said that perimeters are going away, or identity is the new perimeter, the fact is that almost all enterprises still have perimeters. The names may have changed, and components may be declared “next-gen”, but there are still firewalls, VPNs, intrusion detection and prevention systems, etc. We will look at how new kinds of tools have become available to help protect against attacks from the application to the network layers.