Day 1 - 19 June 2019
Developing security solutions: Chair’s welcome and opening comments
Why crooks love the cloud (and what to do about it)
- What to do about it
- General overview of Security Solutions
Am I using the cloud securely?
- Examining the current state of cloud security vs traditional IT systems
- How do organisation develop cloud strategies that are secure, and account for data storage?
- What innovations are there, and what more do we need to see to counter emerging threats in the next five years?
Developing an effective cloud cyber security solution
Panel: Sharing responsibility for cloud security
- Security in the cloud is – and always has been – a two-way street defined as the vendor being responsible for security ‘of’ the cloud – software and hardware – while the customer is responsible for security ‘in’ the cloud – data, OS, identity and access management, and so forth. So why do companies still struggle?
- Which stakeholders throughout the business and beyond have to take responsibility for cloud security, and what education and training is required?
- How do consumers fit into all this?
- Discussing effective strategies for sharing this responsibility effectively from Enterprise.
Case Study: Cloud Security
Cloud access security brokers (CASBs) – the gatekeeper between on-prem and cloud infrastructure
- What CASBs do and how they differ from more traditional cloud security solutions
- How CASBs help with shadow IT policies and rising employee use of cloud apps
- Combining visibility, compliance, data security and threat protection
Principal Technology Evangelist
Amazon Web Services
02:20PM - Day 1
Breaking Intrusion Kill Chains with AWS
Today, many Chief Information Security Officers and cybersecurity practitioners are looking for an effective cybersecurity strategy that will help them achieve measurably better security for their organization. One strategy that has helped many organizations accomplish this is the Intrusion Kill Chain strategy. This presentation provides background context on this framework, outlines how to mitigate attackers’ intrusion kill chains using the AWS cloud platform, and offers advice on how to measure the effectiveness of this approach.
Global Head of Cyber Detection Services
02:50PM - Day 1
Case Study: Siemens
03:20PM - Day 1
Panel: Role of ethical hacking and penetration testing
- What role white and grey hat hackers can play in developing secure systems?
- Discussing the challenges and opportunities in this field
- Real life examples from enterprise of how pen testing and ethical hackers are improving their organisations cyber security.
Afternoon Keynote: Threat detection and response techniques – What you need to know
- Proactive threat detection
- Combining human and technical elements
- How security, network and endpoint threat detection software is being deployed and what results are we seeing
- Real life examples of threat detection in action
Endpoint Detection and Response – future directions
- Do current EDR systems address all the problems they were created to solve such as increased visibility for networks?
- What can solutions providers do to address current shortcomings with EDR systems?
- Real examples from key industries.
Day 2 - 20 June 2019
Developing security solutions Day 2: Chair’s welcome and opening comments
Best practices for Cyber Security Developers
- How and when to integrate Identity Access Management (IAM) systems throughout development
- Considering architectures and tools
- What other aspects do you need to consider best practices for? Performance? Compliance? Testing?
Keynote: How to win the cybersecurity arms race
- Challenges in actually building security software
- Interactive session focused on technical and practical use
- Beating the crooks
Panel: Implementing DevSecOps in Enterprise
- Discussing the need for DevSecOps for your security team?
- Reconciling the goals and needs of your organisation with the ever shifting cyber security landscape.
- Barriers to security: lack of security ‘culture’ in your organisation, getting C level buy in.
- Examples of success from DevSecOps teams.
Controlling DevOps & Shadow IT
We live in a disruptive business environment in many industries. Under intensifying competitive pressure, businesses are digitizing their primary processes in an agile fashion (DevOps) and are using solutions not formally sanctioned (Shadow IT). This leaves the CIO and CISO in a challenging position to manage the risks without disrupting the business. In this session we will present opportunities to sustainably deal with these challenges, by activating the business and the use of analytics.
Keynote: Detecting internal threats with user and entity behaviour analysis (UEBA)
According to Gartner, sales of standalone UEBA solutions are doubling each year and could top $200 million this year. In addition, many vendors are incorporating UEBA capabilities into other security tools, such as security information and event management (SIEM), network traffic analysis, identity and access management (IAM), endpoint security, data loss prevention or employee monitoring tools.
Explore this important technology and the advantages it can add to your security stack in this presentation – discussing the role of AI/ML for UEBA, the need for real time (or near real time) analytics and comparing the threats posed both externally and internally.
Panel: Breaking the static security approach to application security
Gartner’s report on the app security hype cycle states that IT managers “need to go beyond identifying common application development security errors and protecting against common attack techniques.” With the influx of cloud computing, mobile and IoT device use, breaking the ‘static security approach’ has never been more important in expanding the boundaries of the enterprise network. This panel will address:
- Where is the perimeter? What should companies secure, and at what stage along the SDLC?
- Security testing tools vs. application shielding products
- The challenges of securing apps – anticipating the changing needs of the business and who is responsible for securing apps
- Trends in application security – virtualisation, DAST and vulnerability detection
- Recommendations for app-focused security in your business