Topic: Information Security

Seminar Topics

Easy Information Gathering

  Presented by High Point Networks

The first step of a Penetration test is often called Reconnaissance or Information Gathering. During this step, Penetration testers attempt to gather as much information as they can about a target environment by using publicly available information. Unfortunately, this step is often ignored or not completed thoroughly.

In this presentation, we will discuss how an attacker may conduct reconnaissance against a target, and what specific information they might be interested in gathering. We will cover specific tools including theHarvester, Shodan, Recon-ng and more.

Architecting the New SD-WAN Edge for the Cloud-first Enterprise

  Presented by Silver Peak

Adoption of cloud services has driven enterprises to re-think WAN architecture. Architectures based on traditional, manually-programmed routers can’t keep pace. A business-driven SD-WAN can provide secure direct connections from the branch to SaaS/IaaS across the internet, significantly increasing application performance resulting in a superior end-user QoEx (Quality of Experience). By integrating SD-WAN, WAN optimization, routing and security in a single unified platform, enterprises can simplify branch WAN edge architecture, accelerating time to value and dramatically reducing operational costs. From a centralized SD-WAN orchestrator, application priorities and QoS and security policies may be configured and assigned to automate traffic handling across the WAN. A single mouse click distributes SD-WAN configuration parameters to all sites, improving operational efficiency and minimizing the potential for human errors that can negatively impact application availability and enterprise security. This session will describe why SD-WAN adoption continues at a breakneck pace because of the user productivity, agility and cost savings benefits that a business-driven SD-WAN delivers.

Active Directory Security: Early Stage Attack Activities to Watch For

  Presented by STEALTHbits Technologies

Attackers have demonstrated a consistent and ongoing ability to obtain access to workstations inside the network boundary through phishing and other web and email attacks. From here, attackers set their sights on gaining control of Active Directory as a means to an end; compromising Active Directory is an easy way to gain access to all critical corporate data and resources. Darin will discuss two early stage attack activities: LDAP reconnaissance and Password Spraying – that allow attackers to move laterally inside your AD environment. Detection strategies and mitigation steps will also be explained.

If You Don’t Protect the Key, Don’t Encrypt the Data

  Presented by nCipher Security

For over 2000 years, governments, armies, businesses and lovers have been encrypting messages. For the same amount of time, the keys used to perform the encryption have been the weakest link in the chain. After 2000 years, technology has advanced such that the keys can be protected but many companies don’t understand how important it really is. Mr. Beutlich will explain in an entertaining (and sometimes graphic) fashion why protecting the encryption key is more important than the encryption itself.

Adapting to Fight Back: How Cyber AI Neutralizes Never-Before-Seen Threats

  Presented by Darktrace

In a world that is increasingly digital, cyber-attack has become the most significant risk confronting today’s businesses, smart cities, and critical infrastructure. Online crime cost the world more than half a trillion dollars last year, while recent attacks have managed to influence the U.S. presidential election and disrupt the Ukrainian power supply. This troubling state of affairs is the product of several fundamental weaknesses with the traditional approach to cyber defense, which relies on predefining what threats look like at a time when criminals launch never-before-seen attacks daily. Moreover, these attacks increasingly strike at machine-speed, preventing security professionals from responding before their damage is done.

Exploitation of IT Vulnerabilities is Escalating

  Presented by Quest Software

Cybercriminals are savvier than ever. They understand that IT complexities create serious vulnerabilities, and these criminals are continually developing new ways to breach your organization’s boundaries. That is why a proactive, unified endpoint management (UEM) strategy should be part of your organization’s core business strategy.

Security Automation in the Cloud

  Presented by Trend Micro

Cloud Computing brings greater simplicity around provisioning and deployment. The challenge is how to properly apply security without creating complexity.

With automation, one can use traditional technical controls to provide comprehensive coverage. This approach is not simply paying “lip service” to compliance requirements.

In this session we will discuss the drivers for such automation and look at what is traditionally considered detective controls in a preventative way.

Cloud Security Myths Busted!

  Presented by Keson Khieu • Cyber Security Strategist

Cloud promises scaled computing at great power, for no time and effort. Security is
included, right? Wrong! This talk demystifies Cloud Security by busting the four
most common myths. It also offers a clear view of what cloud security is, and how to
properly protect what’s in the cloud. Don’t get caught in the deluge of hacks without
proper cloud security. Bring your questions for this interactive discussion with a
leading local IT Security end-user that has been through the same challenges you
are facing.

Adapting to Fight Back: How Cyber AI Neutralizes Never-Before-Seen Threats

  Presented by Darktrace

In a world that is increasingly digital, cyber-attack has become the most significant risk confronting today’s businesses, smart cities, and critical infrastructure. Online crime cost the world more than half a trillion dollars last year, while recent attacks have managed to influence the U.S. presidential election and disrupt the Ukrainian power supply. This troubling state of affairs is the product of several fundamental weaknesses with the traditional approach to cyber defense, which relies on predefining what threats look like at a time when criminals launch never-before-seen attacks daily. Moreover, these attacks increasingly strike at machine-speed, preventing security professionals from responding before their damage is done.