Archives: Seminar

Check Point Software

  Presented by Check Point Software

The growth of and use of public clouds has been unprecedented, with no signs of abating. Today, the use of public clouds for enterprise datacenters is mainstream. And for good reason; the advantages are significant and the gained agility undisputable. However, the number of services and options being offered by the public cloud providers today can be daunting. The breadth and depth of services and choice is increasing daily.

With these choices come consequences; it is a ‘one strike and you’re out’ environment. Just one misconfiguration can potentially put your entire organization at risk…or worse. It is this combination of seemingly endless choice along with the ease of access and use that creates the potential for catastrophe. Moreover, just imagine trying to find out if any of your S3 buckets are exposed or misconfigured when you have thousands of them. It’s like finding a needle in a stack of needles.

While most everyone will agree the public cloud environments being offered today are extremely comprehensive and very powerful, in unskilled hands, one fat-finger can have dire consequences. And, as you expand your use and implement ephemeral cloud-native services such as Amazon Lambda functions and other cloud-native platform components (RSDA, Redshift, ELF, ALB, ECS) new challenges will arise when conducting threat-detection and attribution.

In this session you will learn why Gartner says, “Through 2022, at least 95% of cloud security failures will be the customer’s fault.”

Easy Information Gathering

  Presented by High Point Networks

The first step of a Penetration test is often called Reconnaissance or Information Gathering. During this step, Penetration testers attempt to gather as much information as they can about a target environment by using publicly available information. Unfortunately, this step is often ignored or not completed thoroughly.

In this presentation, we will discuss how an attacker may conduct reconnaissance against a target, and what specific information they might be interested in gathering. We will cover specific tools including theHarvester, Shodan, Recon-ng and more.

Master the Edge: How to Achieve Context-Aware, Secure Access in a Mobile Era

  Presented by Aruba, a HPE Company & Structured Communication

Are you juggling disparate security platforms and struggling to make sense of the data? Do you need to share information and insights across teams but lack a cohesive way to do that? If so, attend this session. Learn how to deploy an open, multi-vendor Enterprise security framework that gives security and IT teams an integrated way to gain visibility, control and advanced threat defense. See how security prioritization and machine learning helps organizations leverage existing third-party solutions to better protect investments and implement proactive risk controls.

How to Solve the Toughest Challenges in Cloud Security

  Presented by Sophos & Pine Cove Consulting

In an ever-changing, auto-scaling environment, continuous visibility of your public cloud infrastructure is vital. Join Pine Cove Consulting and Sophos Security as we discuss how you can use the power of AI and automation to simplify compliance, governance and security monitoring in the cloud.

Visibility is the foundation on which all public cloud security policies and activities are built. We will discuss how to monitor multiple cloud provider environments including Amazon Web Services (AWS) accounts, Microsoft Azure subscriptions, Google Cloud Platform (GCP) projects, Kubernetes clusters, and development code repositories. With superior visibility, layered with compliance and DevSecOps policies controls and alerts, teams can take control and build on their cloud security strategy with confidence.

Join us to learn how building a complete picture of architecture, including a full inventory and real-time network topology visualization including hosts, networks, user accounts, storage services, containers, and serverless functions, can help you improve your cloud security challenges.

The Whole Is Greater Than the Sum of Its Parts

  Presented by Tim Bottenfield • CIO for the State of Montana

Join our keynote in a discussion about the status of the State IT in Montana, and his three E’s for an effective and efficient enterprise (Engagement, Empathy and Empowerment).

Tim Bottenfield serves as CIO of the State of Montana. He joined the Department of Administration in July of 2018 after serving nearly seven years with the Department of Revenue. He came to Montana from Auburn University in Auburn, Alabama, where he worked for 25 years, primarily as IT manager in the School of Forestry and Wildlife Sciences. He has 10 years of experience in operating a computer and networking services consulting business. He earned a Bachelor of Science degree in Forest Management in 1983 and a Master of Science degree in Forest Biometrics in 1986, both from Michigan Technological University in Houghton, Michigan.

In his first year as State CIO, Tim has focused on building relationships across the enterprise. His ongoing initiatives are in the areas of fiscal responsibility, optimization of shared services and support, cybersecurity, unified digital government and promoting a service first driven organization.

Tim was born in Pennsylvania and grew up in Michigan. He resides in Essex, Montana with his wife, Gigi. Their three sons and daughter-in-law are electrical engineers having attended the University of Pittsburgh, Auburn University and Georgia Tech. Tim enjoys hiking and all that the mountains of Montana offer recreationally.

Fileless Attacks: A Look into Several Techniques Used by APT32

  Presented by BlackBerry Cylance & Structured Communications

Fileless attacks have grown in popularity resulting in the decline of more traditional executable malware. While fileless attacks are not executable files, the vast majority actually come from a file; weaponized documents. Come see this session to get a deep understanding of several techniques being used today by APT32/OceanLotus to attack their victims. You will learn how to replicate their techniques to better test your defenses.

If You Don’t Protect the Key, Don’t Encrypt the Data

  Presented by nCipher Security

For over 2000 years, governments, armies, businesses and lovers have been encrypting messages. For the same amount of time, the keys used to perform the encryption have been the weakest link in the chain. After 2000 years, technology has advanced such that the keys can be protected but many companies don’t understand how important it really is. Mr. Beutlich will explain in an entertaining (and sometimes graphic) fashion why protecting the encryption key is more important than the encryption itself.

The Power Grid and NERC Critical Infrastructure Protection

  Presented by Allen Kent • NERC CIP Reliability Specialist for the NAES Corporation

This presentation will cover the elements of the power industry, the development of the NERC standards, and an overview of the CIP physical and cybersecurity requirements that currently apply to Bulk Electric System Facilities. The presentation will also highlight differences faced by Operations Technology (OT) and Information Technology (IT) groups as well as the challenges of auditable compliance over normal IT operations.

Adapting to Fight Back: How Cyber AI Neutralizes Never-Before-Seen Threats

  Presented by Darktrace

In a world that is increasingly digital, cyber-attack has become the most significant risk confronting today’s businesses, smart cities, and critical infrastructure. Online crime cost the world more than half a trillion dollars last year, while recent attacks have managed to influence the U.S. presidential election and disrupt the Ukrainian power supply. This troubling state of affairs is the product of several fundamental weaknesses with the traditional approach to cyber defense, which relies on predefining what threats look like at a time when criminals launch never-before-seen attacks daily. Moreover, these attacks increasingly strike at machine-speed, preventing security professionals from responding before their damage is done.

Mitigating Cybercrime in your Enterprise

  Presented by Fortinet

The attack surface that enterprises much protect is expanding dramatically. How do you maintain visibility and security of your traffic from IoT to the cloud. We’ll explore the threat vectors that cyber criminals use to penetrate your defenses and the security tools you can use to defend against those attacks.