Event Recording

Dr. Andre Kudra - Dezentrale Digitale IDs und die Vorzüge der Blockchain Technologie

Show description
Speaker
Dr. André Kudra
Board Member
IT Security Association Germany (TeleTrusT)
Dr. André Kudra
On a mission for decentralized identity & bit-heat confidential cloud. Decentralization visionary. Passion for information security since turn of millennium. Business-driven yet tech-savvy – IT guy at heart, businessman by education. European Business School (EBS) diplomas &...
View profile
Playlist
Cybersecurity Leadership Summit 2018 Europe
Event Recording
Yaniv Avidan - AI Powered Data Herding in Hybrid Cloud Environments
Dec 18, 2018

Having cloud software tools and services entering our core business processes, it becomes even more critical that we govern information across platforms, the diverse forms of data and at scale. Artificial Intelligence plays a significant role in enabling companies keep their business running faster, more protected in hybrid cloud environments, while optimizing the Hardware and Software stack.

Event Recording
Dragan Pendic - Path to Zero Trust Security - Data Veracity, When Truth Is Essential and Trust Optional
Dec 18, 2018

Businesses are more data-driven than ever, but inaccurate and manipulated information threatens to compromise the insights that companies rely on to plan, operate, and grow. Unverified digital resource is a new type of vulnerability - one that is 

chronically overlooked by digital enterprises. With autonomous, data-driven decision making, the potential harm from unverified digital resources become an enterprise-level existential threat. And then, there's a wider cybersecurity aspect and how to address the following:

- Data provenance verification - the history of data from its origin throughout its lifecycle (cradle to grave)

- Data Integrity verification - continually maintain good health  and predictable state of data

- Data context usage - keep an eye on behaviour and context around data's use

Event Recording
Martin Kuppinger - User Behaviour: The Link between CyberSecurity and Identity Management
Dec 18, 2018

An increasing number of attacks, both external cyber-attacks and internal attacks, are well-thought-out and long-running. Particularly external, targeted attacks rely on the use of zero-day-exploits, which factually are yet unknown exploits. Thus, standard approaches such as signature-based analysis don’t help – you can’t detect what you don’t know. On the other hand, malicious behavior of internal users is hard to detect. Commonly, existing entitlements are used, but not as they should be used. Both challenges can be addressed by analyzing the user behavior and identifying anomalies and outliers. There are various technologies for doing so, focusing on network traffic, privileged user behavior, or access to unstructured data. All of these deliver to the one target: Mitigating risk of attacks. 

Event Recording
Dimitri Chichlo - What is the Role of a CISO in 2020?
Dec 18, 2018

In the past years, a CISO would mainly be chosen among the IT staff who expressed his interest for information security or by arbitrarily promoting someone from the inside to please the auditors with filling a headcount gap. Tasks and skills were mainly technical, focusing on patching, administering firewalls and installing antiviruses. With the years though, companies have made their IT systems the backbone of their businesses. Similarly, criminality has shifted to exploit online systems. Combination of both realities now requires that CISOs possess and demonstrate core competencies that allow them transforming the essence of their job from infrastructure protector to business enabler. In this keynote, we will explore how and why CISOs should now focus on value creation instead of value protection, getting from a defensive to a proactive approach.

Event Recording
Alexei Balaganski - The Sorry State of Consumer IoT Security and How Can We Possibly Fix it
Dec 18, 2018

The Internet of Things has already become an integral part of our daily lives, whether we like it or not. In the office, at home, and even in the street, we are surrounded by a multitude of smart devices ranging from smart TVs and fridges to network routers, voice assistants and parking meters. No matter how different their functionality is, however, all these “things” share two major common traits: they are all connected to the public Internet and they lack the most basic security controls.

For decades, security was never a priority for embedded device manufacturers. Modern companies selling smart consumer devices still lack both expertise and budgets for making their products Secure by Design. Lack of regulation in this area doesn’t help either. As a result, vulnerabilities in consumer IoT products have already led to a number of security breaches on a massive scale: ranging from DDoS attack using huge botnets of hijacked cameras and routers to targeted attacks on corporate data using fish tank pumps.

As the number of consumer-grade IoT devices used by enterprises continues to grow, we can only brace for even larger attacks in the future. Or, instead of waiting for vendors or governments to do their job, we could start acting on our own. In this session, we are going to discuss the enterprise IT risks caused by consumer IoT devices and look into potential ways to incorporate them into existing enterprise security and identity infrastructures.

Event Recording
Dragan Pendic - Application Security - Achieving Security at Speed and Scale
Dec 18, 2018

Modern software development for cloud-native world requires continuous application security to go along with continuous integration, continuous delivery, and continuous deployment. Sadly, even well-established application security programmes often can’t operate at the speed and scale required. We will look into the ways of rethinking legacy security infrastructure and processes and how to adapt in the complex world of digital business and advanced attacks.

Event Recording
Gal Helemski - How a Policy Based Approach Dramatically Improved Access Control and Authorization
Dec 18, 2018

Hear how a leading multinational Financial institution was able to evolve from Role Based Access Control (RBAC) to the new paradigm, Policy Based Access Control (PBAC), and learn what challenges this solved, and the ROI they were able to see from using PBAC.

Event Recording
Workshop - Mobile Apps und Single Sign-On
Dec 04, 2018

Wenn es um die Integration von Mobile Apps in die Single Sign-On-Umgebung geht, dann entstehen oft Interessenskonflikte zwischen Designern, der IT-Sicherheit und dem, was der Kunde wirklich möchte.

Welchen Einfluss hat das gewählte Login-Verfahren auf die Sicherheit und welche Ansätze haben sich in der Praxis bewährt? Wie kann ein Kompromiss aussehen, der sowohl den Kunden zufriedenstellt, aber trotzdem ein ausreichendes Sicherheitsniveau bietet? Erfahren Sie, welche Best Practices es gibt und welche Rolle OAuth 2.0 dabei spielt.

Event Recording
Panel - Achieving Consistent Enterprise Security
Dec 18, 2018

In this discussion the panellists will speak about the types of attacks which enterprises should expect in coming years. The ways of DevOps integration into an enterprise security program will also be discussed together with best practice highlights.

Event Recording
Andre Priebe - CIAM & API Management
Dec 04, 2018

Customer Identity & Access Management und API Management sind als Business Enabler bekannt. Aber in Kombination sind sie sogar mehr als die Summe ihrer Teile.

 Erfahren Sie, wie digitale Identitäten Ihrer Kunden und Ihrer APIs das digitale Ökosystem Ihrer Kunden infiltrieren, um sie noch stärker an Ihr Unternehmen zu binden. Verstehen Sie, warum die Weitergabe von Kontrolle an Dritte und externe Entwickler der Schlüssel zum Erfolg dieses Ansatzes ist und dass die Einhaltung von Standards Voraussetzung dafür ist.

Event Recording
Chris Burtenshaw - User Behaviour Analytics (UBA) - The Enterprise Value Proposition
Dec 18, 2018

This session explores what UBA is and the value it brings to enterprise security in context of other common controls and tools.  Chris will give some history of how user activity monitoring has changed, and its challenges, and the state today. Finally, we will discuss how this is changing and what to look out for as organisations are consuming more cloud-based services.

Event Recording
Tim Hobbs - DevOps & Service Layers
Dec 18, 2018

IAM products are highly configurable systems tailored to the diverse needs of customer environments and applications. Modern applications require short development cycles and IAM systems that can be adjusted at the same pace. Modern data centers are configuration-driven, resilient environments designed to meet rapidly changing application needs, and modern IAM solutions must be in line with this paradigm.

Introducing traditional IAM products into cloud containers is not a simple "lift and shift" operation, as it once was with the virtual machine infrastructure. Today's micro-service-enabled, service-mesh-oriented infrastructure expects simple, resilient, self-discovery services instead of brittle monoliths that rely on manual configuration.

Operating IAM products with a DevOps setting in terms of automation, repeatability, and continuous improvement is possible through close collaboration between IAM, application, and infrastructure experts.