Event Recording

Panel - Achieving Consistent Enterprise Security

Show description
Speakers
Kevin Bocek
Chief Security Strategist
Venafi
Kevin Bocek
Kevin Bocek is responsible for security strategy and threat intelligence at Venafi. He brings more than 18 years of experience with IT security and privacy leaders, including RSA Security, Thales, PGP Corporation, IronKey, CipherCloud, nCipher, and Xcert. His research identified how Secretary...
View profile
Tim Carolan
Lead Sales Engineer
Thycotic
Tim Carolan
Tim Carolan has many years of in-depth experience delivering and implementing a wide range of software security solutions across a multitude of industry verticals. He is a Certified Information Systems Security Professional (CISSP) and has acted in an advisory capacity to large organisations on...
View profile
Tim Hobbs
Microservices Evangelist
iC Consult
Tim Hobbs
As Microservices Evangelist, Tim Hobbs promotes and coordinates container-ready IAM and DevOps initiatives for iC Consult and its customers. Tim is the Cloud Architect for the iC Consult Group company Service Layers, providing customized IAM as a cloud service. Tim has nearly 20 years of...
View profile
Dragan Pendic
Principal Director, Digital Security & Privacy Leadership
Accenture
Dragan Pendic
Dragan has over 25 years of consultancy and hands-on Technology, Software Development, Digital Security and Privacy experience in almost every sector imaginable. Currently working at Accenture as a Principal Director, Digital Security & Privacy Lead for UK and Ireland responsible for...
View profile
Playlist
Cybersecurity Leadership Summit 2018 Europe
Event Recording
Tom Hofmann - Effective Countermeasures For Securing Critical Infrastructure – A View On The Human Aspect
Dec 18, 2018

When we think of security in the OT / IoT space, we are very focused on technological measures and controls. However, the recent incidents in this field showed that security events are not only based on a failure of technical controls. The 2017 Triton malware attack on SaudiAramco is a good example of what can happen based on human behaviour. While the attacked Triconex SIS controller is protected by a physical switch, it seems that this switch has been left in program mode. The ongoing digitalization of operational technologies presents cyber security professionals a whole new challenge. Technical controls are just one part to successfully protect critical infrastructure, but we have to consider the human factor too. As 90% of cyber incidents are human-enabled (Verizon Data Breach Report 2017), this will be one of the main topics in security for critical infrastructure. How can these challenges be addressed, what are new and innovative ways to develop security solutions, create resilience and protection?

Event Recording
Yaniv Avidan - AI Powered Data Herding in Hybrid Cloud Environments
Dec 18, 2018

Having cloud software tools and services entering our core business processes, it becomes even more critical that we govern information across platforms, the diverse forms of data and at scale. Artificial Intelligence plays a significant role in enabling companies keep their business running faster, more protected in hybrid cloud environments, while optimizing the Hardware and Software stack.

Event Recording
Paul Simmonds - From Network Protection to Data Security
Dec 18, 2018

"Zero Trust" is the latest security buzzword from the vendors marketing department; but what it actually means for you means should vary depending on your business requirements.

Properly aligning security architecture to enable the business strategy of the organisation is the key to deliver a Zero Trust architecture. But the solution could be anything from implementing identity-aware firewalls to the extremes of "BeyondCorp"; Google's firewall-less global network when the security posture is identical whether you are in Starbucks or on the Google campus.

Event Recording
Klaus Hild - Predictive Governance – Leveraging the Power of Identity Analytics
Dec 18, 2018

In this presentation, SailPoint will explain why Identity Analytics will change the way companies will think about CyberSecurity, by adapting ‘Predictive Governance’.

Predictive Governance will enable organizations to be more effective and efficient at governing access without increasing the risk.

Event Recording
Martin Kuppinger - User Behaviour: The Link between CyberSecurity and Identity Management
Dec 18, 2018

An increasing number of attacks, both external cyber-attacks and internal attacks, are well-thought-out and long-running. Particularly external, targeted attacks rely on the use of zero-day-exploits, which factually are yet unknown exploits. Thus, standard approaches such as signature-based analysis don’t help – you can’t detect what you don’t know. On the other hand, malicious behavior of internal users is hard to detect. Commonly, existing entitlements are used, but not as they should be used. Both challenges can be addressed by analyzing the user behavior and identifying anomalies and outliers. There are various technologies for doing so, focusing on network traffic, privileged user behavior, or access to unstructured data. All of these deliver to the one target: Mitigating risk of attacks. 

Event Recording
Panel - Risk Assessment and Security Design
Dec 18, 2018

Zero Trust Security assumes that nothing in a companies ITinfrastructure like including users, endpoint devices, networks, and resources, is ever trusted. All interactions must be verified to decrease the chance of a security breach. Zero Trust Security ensures secure access to resources while significantly reducing the possibility of access by bad actors. In this paneldiscussion we will discuss the considerations companies should make before implementing Zero Trust Security and Zero Trust Security by Design.

Event Recording
Dimitri Chichlo - What is the Role of a CISO in 2020?
Dec 18, 2018

In the past years, a CISO would mainly be chosen among the IT staff who expressed his interest for information security or by arbitrarily promoting someone from the inside to please the auditors with filling a headcount gap. Tasks and skills were mainly technical, focusing on patching, administering firewalls and installing antiviruses. With the years though, companies have made their IT systems the backbone of their businesses. Similarly, criminality has shifted to exploit online systems. Combination of both realities now requires that CISOs possess and demonstrate core competencies that allow them transforming the essence of their job from infrastructure protector to business enabler. In this keynote, we will explore how and why CISOs should now focus on value creation instead of value protection, getting from a defensive to a proactive approach.

Event Recording
Matthias Reinwarth - CIAM as a Building Block of an Online-Success Story
Dec 18, 2018

Consumer Identity and Access Management (CIAM) encompasses many aspects. On the one hand, it is about optimizing the usability of services through technologies and practices to make it easier and secure for users sign up for a service. For the service providers, CIAM is all about lifecycle management of identities of many kinds - ensuring that accounts are set up, changed, and deactivated (or deleted) in a timely, accurate and secure manner. And for even more people, it focuses on security and compliance through technologies and practices that facilitate auditing and governance activities, such as recertification, easily and comprehensively.

Choosing and using the right components and services are critical to a successful CIAM deployment.

Event Recording
Dr. Frank Dudek - Accelerating Cybersecurity – Is Your Information Security Program Up to Speed?
Dec 18, 2018

Internet content providers rely on fast, modern webapps and feature-rich web frameworks to drive customers to their sites. In a landscape of accelerating change and continuous code deployment, my keynote will discuss how a company’s cybersecurity program must evolve to remain effective in such fast-paced environments. 

Event Recording
Mans Hakansson - Beyond OAuth: Securing APIs with Policies & Attribute-Based Access Control
Dec 18, 2018

Attribute Based Access Control (ABAC), OAuth 2.0 and OpenID Connect (OIDC) are complementary standards that can be used individually or in concert to offer comprehensive access control for applications that are built using microservice and API approaches. -API security basics -Avoiding bad security practices -Overcoming OAuth limitations -Managing authorization as a microservice

Event Recording
Martin Zeitler - Your Move to “the Cloud” Secured
Dec 18, 2018

There is a tremendous amount of business value that you can get from “the cloud”. But, there are a lot of challenges in adopting these services securely. The real question is how we can approach “the cloud” from a security perspective in order to really get that full benefit of the offerings.

Event Recording
Dragan Pendic - Path to Zero Trust Security - Data Veracity, When Truth Is Essential and Trust Optional
Dec 18, 2018

Businesses are more data-driven than ever, but inaccurate and manipulated information threatens to compromise the insights that companies rely on to plan, operate, and grow. Unverified digital resource is a new type of vulnerability - one that is 

chronically overlooked by digital enterprises. With autonomous, data-driven decision making, the potential harm from unverified digital resources become an enterprise-level existential threat. And then, there's a wider cybersecurity aspect and how to address the following:

- Data provenance verification - the history of data from its origin throughout its lifecycle (cradle to grave)

- Data Integrity verification - continually maintain good health  and predictable state of data

- Data context usage - keep an eye on behaviour and context around data's use