All presentations are held in English
Martin is technical lead of security research within Talos, Cisco’s threat intelligence and research organization, and leads the Outreach EMEA team within the group.
As a researcher within Talos, he seeks to improve the resilience of the Internet and awareness of current threats through researching system vulnerabilities and changes in the threat landscape. With 15 years of experience within the security industry, he is CISSP certified, a Chartered Engineer, and holds degrees from the universities of Bristol, Cambridge, Paris and Oxford.
The recent Olympic Destroyer and Nyetya (NotPetya) attacks have emphasised the destructive effects of wiper malware. Organisations need to be aware of the nature of such malware, not only because they may be targeted by such attacks, but because they may become collateral damage as part of an attack against a third party.
In this presentation I will explore how this threat has developed over time, how attacks may meet the objectives of threat actors, and how organisations need to consider their security posture in order to detect and block such attacks.
Hugh has been with IBM Resilient for 3 years; currently as Product Manager working primarily on orchestration and automation features and the developer ecosystem, and previously as manager of the US/APJ professional services team. His career includes software engineering and product management roles in security and privacy, enterprise data management and collaboration.
Industry surveys show that large enterprises have invested in more than 85 different security tools from 45 different vendors. This talk is intended to showcase how companies can leverage that investment by integrating their existing infrastructure, empowering the SOC team to make accurate, quick decisions and streamline critical workflows.
James is the Global Strategist for Micro Focus Cyber Security Services where he engages with the CISOs of the World’s largest organisations to discuss building and improving cyber security operational capabilities from a risk and business alignment, people, process and technology perspective. Prior to joining Micro Focus, James was the Director of Global Cyber Security Integration for JPMorgan & Chase, where we was responsible for aligning threat intelligence, detection, analytics, investigation and response functions to the capabilities, methodologies and attack vectors used by adversaries. Prior to JPMorgan, James was the Chief Information Security Officer for Mimecast, one of Europe’s most successful Software-as-a-Service vendors.
His two decades in software engineering, IT operations and finally information security has provided him with a unique insight in how security partners with business to deliver value. James is the co-founder and director of Security BSides London conference and acts as the Regional Chair for UK National Cyber Security Centre Cyber information Sharing Partnership (NCSC CiSP).
Based on the lessons learnt from his team building the end-to-end security operations capability for over 91 different organisations, including many of the World’s top companies, James will discuss the top 5 common mistakes. These mistakes impact the ability to demonstrate business value of information security investments and limit the effectiveness and efficiency of detecting, investigating and responding to cyber security incidents.
He will draw on the findings of over 210 capability assessments his team has conducted on customer’s operational capability over the past decade, highlight some of the challenges that never seem to be overcome, as well as providing some pragmatic ways to get over them.
Stefan Mausser, managing director of TriConPlus GmbH, is a cybersecurity professional with almost fifteen years of technical experience in security operations, open source intelligence and social engineering.
He trained law enforcement, military and international organizations in investigating the deep and dark net with open source intelligence and social engineering techniques.
Everybody is talking about the Darknet but nobody really knows how it works, what kind of content you can find there and how to use this information. This talk will give you insights how the Darknet is used – the good and the bad – and will explain the correlations between anonymity, cryptocurrencies, threat intelligence and the Darknet.
Harmer has been in the IT industry for 30 years. He has been at the forefront of the Internet since 1995 and his work in security began in 1998. He has led security for startups, Government and well established Financial Institutions. In 2007 he pioneered the use of the SAS70 coupled with ISO to create a trusted security audit methodology used by the SaaS industry until the introduction of the SOC2.
He has presented on Security and Privacy in Canada, Europe and the US at conferences such as RSA, ISSA, GrrCon and the Cloud Security Alliance. He has been interviewed by and has written for various publications such as Dark Reading, Data Informed, SecureWorld and Security Intelligence. His vision and technical abilities have been used on advisory boards for Adallom, Trust Science, ShieldX, Resolve and Integris. He has served as Chief Security Office for GoodData, VP Security & Global Privacy Officer for the Cloud Division of SAP and now serves as a Strategist for Zscaler where he runs the Office of the CISO for the Americas.
The world has changed dramatically. IoT provides convenience, Social Media connects us to friends, families and colleagues world wide and we spend our lives connecting to networks that don’t belong to us. How are average everyday people supposed to defend themselves against the threats facing them today when even an experience CISO with 2 decades of security experience finds it challenging?
We’ll look at some of the most vulnerable aspects in a CISO’s daily life, what exploits could be used and how this relates to the general population.
Frank Lange is Principal Security Architect at Anomali. With more than fifteen years of industry experience he advises customers throughout EMEA on best-practices in applying Cyber Threat Intelligence.
Frank is a SOC/SIEM veteran and prior to Anomali, he held architect roles at iSIGHT Partners/FireEye and ArcSight/Hewlett-Packard Enterprise.
Learn how threat analysts can leverage threat intelligence to understand the context of a threat and it’s relevance to an organization. This workshop will cover tactical and strategical aspects of threat intelligence and how these can be applied in a modern SOC. It also covers ways to make intelligence actionable in order to maximize the efficiency of an already existing security infrastructure.
Endre Bangerter is professor of computer science at the Bern University of Applied Sciences, and a lecturer at the Forensic Science Institute of the University of Lausanne.In earlier jobs, Endre has worked as a software developer, technical consultant, and researcher at IBM Global Services, IBM Research, and Accenture. He has a PhD in computer science from in the field of cryptography from the Horst Görtz Institute For II-security at the University of Bochum in Germany.
Endre heads the Security Engineering Lab (SEL, http://sel.bfh.ch) at the Bern University of Applied Sciences. The SEL is a group of researchers and practitioners. Its current research activities are in the field of intrusion forensics (e.g., memory forensics, malware analysis, custom security assessments).
Technical threat intelligence is currently focusing mainly on malware hashes, IP addresses, domain names, as well as host- and protocol-based IOCs.
Malware code is potentially a very rich source for threat intelligence. It contains, e.g., information on the capabilities and aims of an attacker, and also allows to correlate malware samples, and in some cases campaigns and actors by detecting code reuse. However, the underlying analysis is typically done manually, and it doesn’t scale to real world needs, where 100’000s of new malware samples are surfacing every day.
In this talk we’ll present techniques and tools for generating and analyzing code-based threat intelligence at large scale. We’ll also discuss real world applications of large scale code-based threat intel.
Patryk Pilat is a Senior Presales Engineer at Blueliv, supporting clients and prospects worldwide.
Previously, he held technical positions in Level 3 Support and Presales at, among others, Trend Micro, Malwarebytes and Google.
Patryk Pilat specializes in cyber security, threat intelligence and security analysis.
In cooperation with our globally distributed customers and our security community of more than 2.500 security analysts, we evaluate the current cyberthreats and analyze them – in some cases down to the code level. This results in interesting conclusions:
– In what ways are hackers successful with their attacks?
– What could have been done to prevent these attacks?
– Which trends are recognizable for the current year?
– What measures and options should you use to protect yourself effectively?
In this workshop, we want to share our findings with you and discuss whether you have gained similar or divergent information or experiences. We see this under the aspect that security can only be won together. This workshop is intended to substantiate this and to let you return to your company with directly realizable insights.
Christian Goetz joined CyberArk in 2008 and is currently working as a Director of Presales DACH in Germany. During the last 18 years as a professional consultant and software engineer Christian has been focused on various topics in IT security such as data leakage prevention, web application security and intrusion prevention systems. Christian now has a specific focus on privileged account security and all related aspects of this subject. Christian holds a Diploma in Medical Informatics from the University of Heidelberg/University of Applied Sciences Heilbronn.
Privileged Accounts are often called “Keys to the Kingdom”. But why are they so valuable? Why should you pay so much attention to these accounts? And IT folks are still not paying enough attention to them?
This interactive session will draw a picture on how privileged accounts are used in common hacking techniques, how abuse of privileged accounts can be prevented and detected though and what are the real challenges controlling the use of privileged accounts today looking at the fast-paced developments in modern IT around Cloud technologies and the DevOps methodologies.
Faisal Habib provides a unique perspective and an unbiased approach towards Incident Response and Computer Forensics. For nearly fifteen years, Mr. Habib has enabled clients to mitigate risk and lower costs by improving processes with their incident response and computer forensics endavours. Prior to joining Cybereason, Mr. Habib was Managing Principal EMEA at Guardicore working with data center and cloud customers. He was also the Principal Incident Response Consultant EMEA at Dell Secureworks working on some high profile cases — Also had stints at Access Data and Guidance where he managed the EnCaseForensics and Enterpise portfolio.. Mr. Habib is a regular speaker at industry events in the US and Europe. Mr. Habib received his MS in Software Engineering from California State University and holds EnCE & ACE certifications.
Imagine you could take the skills of the best L3 analysts and code it into software. That would mean you could automate hunting, event correlation, triage and all that tedious manual querying.
This session discusses how this is possible today through the power of proactive, automated threat hunting using behavioural analytics. The result? Full, real-time threat visibility and context of an attack so you can respond before damage occurs.
Christian Herb is Cybersecurity expert with two decades of knowhow and experience in the protection of infrastructure, endpoint Data. One of his major topics is the protection of Data in rest, in motion and in use. Today Christian is Senior Strategic Architect at Digital Guardian, where he talks about modern Data protection, Digital Rights Management, Encryption as well as Cybersecurity and the Mitigation and elimination of threats to our customers and partners.
Today’s cyber threats mainly target one thing – Data. Yes, there are still attacks going on to affect infrastructure availability, but the goal of an attacker is to exfiltrate Data – there should be no doubt about this.
Attacks leave traces in the infrastructure – modern cyber operations search and track those traces through a multitude of processes, tools and solutions, including BigDataAnalytics, ArtificalIntellligence and MachineLearning. Mainly this is done to get hold of the sheer volume of data to analyze and search for known traces as well as indicators for (yet unknown but) unwanted activity going on in the respective infrastructure.
Besides of the injection of “traditional external ThreatIntelligence”, there is a smart way to detect anomalies and understand if activity around Data is unwanted – and it is coming out of the analysis of Data alternation in the day-2-day operations of users in the infrastructure itself.
Stewart Bertram is the Director for Closed Sources and Professional Services at Digital Shadows. He is responsible for developing the ability of Digital Shadows to operate on the dark Web, and attracting intelligence clients while staying on the right side of the law. Stewart has worked in threat intelligence since 2009 and technical intelligence since 2004, balancing the interests of the public, private and academic sectors within his work.
The criminal use of the dark Web has come heavily to prominence in the last few years, with such online marketplaces as Silkroad, Hansa and AlphaBay receiving global media exposure as policing agencies focus on their removal from the internet. However, criminality on the internet is not new and predates the invention of the Tor (The Onion Router) network, as well as even the browsing technology that enabled the World Wide Web (WWW).
This talk examines the factors that have caused the dark Web’s growth, tracing the lineage of sites such as Silkroad back to pre-WWW mailing list–style services, such as Alt.drugs. This will shed light on possible future developments for the dark Web, which could include the end of Tor-based sites as users migrate onto encrypted messaging platforms, such as Telegram. The source material for the talk is a combination of the speaker’s real-world experience with the dark Web and a broad review of research on the dark Web that spans more than a decade.
Ilia is a Swiss application security expert and entrepreneur. Starting his career as a penetration tester, he founded High-Tech Bridge to incarnate his application security ideas. Ilia invented the concept of hybrid security assessment for web applications that was globally launched in 2014 under ImmuniWeb® brand. Afterwards, Ilia designed and managed implementation of numerous machine learning technologies for ImmuniWeb.
Ilia holds a BS (Hons.) in Mathematics and Computer Science, and is currently performing his Master of Legal Studies degree at Washington University in St. Louis. His military service took place in Swiss artillery troops. Ilia is a contributing writer for CSO, SC Magazine UK, Dark Reading and Forbes, mainly writing about cybercrime and application security. He is also a member of the Forbes Technology Council. In 2016 he received “Forum des 100” award – 12th annual award for one hundred entrepreneurs, politicians and personalities who build the French speaking part of Switzerland. In 2017 Ilia was named a “Thought Leader” by SC Media Reboot Awards.
In the era of DevSecOps, CI/CD and Agile development many companies still become victims of disastrous data breaches caused by insecure applications. The presentation explains an application security strategy to reduce costs and assure holistic Application Security Testing (AST) of corporate web and mobile applications.
The talk will also encompass application inventory and discovery, vulnerability correlation, virtual patching and practical usage of Machine Learning in application security.
Andrea Bellinzaghi is a Senior Security Engineer managing the presales activities in Southern Europe for IntSights. During his 20 years of experience held presales and management position in LightCyber, Tufin and Check Point. He brings experience in different security fields like network security, endpoint security, management, behavior analysis and cyber security.
Lockheed Martin’s cyber kill chain approach breaks down each stage of a malware attack where you can identify and stop it. We all know it and we’ve seen many examples in the last years. But what are the stages, activities and information that come before the cyber kill chain?
We’ll see what are the attackers searching for and prepare and how can OSINT (Open Source Intelligence) help in identifying the preliminary stages of complex attacks.
Ivan Pepelnjak, CCIE#1354 Emeritus, is an independent network architect, book author, blogger and regular speaker at industry events like Interop, RIPE and regional NOG meetings and DIGS events. He has been designing and implementing large-scale service provider and enterprise networks since 1990, and is currently using his expertise to help multinational enterprises and large cloud- and service providers design next-generation data center and cloud infrastructure using Software-Defined Networking (SDN) and Network Function Virtualization (NFV) approaches and technologies.
Ivan is the author of several books covering data center technologies, highly praised webinars, and dozens of data center and cloud-related technical articles published on his blog.
Olivier Spielmann is the Director of EMEA Managed Security Services at Kudelski Security since 2013. After working for 6 years in network and security consulting for one of the largest companies in Switzerland, Olivier joined the Kudelski Group in 2005. As the Group CISO for 9 years, he built a strong security governance, security operations and incident response experience. In 2013, was assigned the challenge of building the Managed Security Services business for Kudelski Security which he currently runs.
Olivier holds a Master’s Degree in Communication Systems Engineering from EPFL (Swiss Federal Institute of Technology – Lausanne) and performed his master project at 3Com in Santa Clara USA. Olivier is a Certified Information Systems Security Professional (CISSP) from 2003 and a Certified Information Security Manager (CISM).
In 2018 Cloud is assumed. Those days were scepticism about using Cloud services to manage sensible data and services are now far behind for most verticals and organizations. Operational and even Security advantages brought by the Cloud broke the initial hesitations. However, the risks and complexity inherent to the cloud are not yet behind us.
In this presentation we will review what are the most common threats around the usage of cloud, focusing on the complexities around implementing a successful cloud security monitoring solution. Being able to successfully monitor the security of cloud services should be a key component for the success of any security program and we’d like to share our view on what’s the appropriate approach to being successful in overcoming the challenges of cloud monitoring.
Omar Benjumea is a Spanish Security Professional with more than 12 years of experience in the field. After working in a variety of different security roles and industry verticals, Omar moved to Switzerland to join Kudelski Security as the Global MSS Architect. Omar’s most relevant certifications in the field include CISA, CISM, CISSP, GCIH, ISO27001 Lead Auditor and PMP. He also has extensive experience in conducting PCI DSS Assessments as a certified QSA. In addition, Omar is collaborating with a Spanish online university (UOC) as associate Professor on Operative Systems Security and Data Bases Security matters.
As far as the interconnection between Operational Technology (OT) and traditional Information Technology (IT) networks is an unstoppable trend, IT Security professionals are increasingly requested to be involved on managing the security of those OT networks. We’re talking of technologies running on top of out-of-date operative systems with plenty of well-known vulnerabilities, using unsecure protocols that are no longer isolated. In this presentation we will use some real-world security incidents to illustrate those risks and propose some paths to help companies to improve their OT security posture.
Yolan Romailler is a Security Researcher at Kudelski Security, specialized in cryptography, secure coding, blockchains and vulnerability research. Yolan first graduated in mathematics at EPFL and later in computer sciences and information security. He has spoken at Black Hat, BSidesLV and Defcon’s Cryptovillage on automation in cryptography vulnerability research, and presented at FDTC 2017 (“Fault Diagnosis and Tolerance in Cryptography”) the first known practical fault attack against the EdDSA signature scheme. Yolan tweets as @AnomalRoil
As you know, there are two kinds of source code underlying our entire IT ecosystem: closed source software and open source software. A question that used to come up often was: to which extent can we rely on open source code for our mission critical software? We will consider it and see how security could be impacted by open source code.
We will also walk through a few examples to see how code audits help and discuss how open sourcing your own code might be a solution to further secure your software. We will also consider bug bounties, crowd auditing, good coding practices as well as how all these pieces fit together to build secure software.
Steven came to NTT Security with over 25 years of leadership experience in law enforcement with a versatile skill-set in information technology, computer forensics investigations, presidential protection, drug enforcement and explosive ordinance.
Prior to joining NTT Security, Steven served a 21 year term for the United States Secret Service (USSS) where he held roles of increasing responsibility. He most recently held the position of supervisor of the Dallas Field Office North Texas Electronic Crimes Task Force. In this role, Steven was responsible for overseeing all USSS cyber and criminal investigations throughout Northern Texas. Prior, Steven held the position of program manager of the USSS’s Electronic Crimes Special Agent Program where he was responsible for overseeing approximately 650 agents world-wide, specializing in the investigation of complex network intrusions and computer forensic investigation.
Steven earned his Master’s Degree in Forensic Science Computer Fraud Investigation from George Washington University.
With the explosive growth of endpoint devices, large scale and fast changing network infrastructures, along with the Internet of Things (IoT), operational technology (OT) and cloud services adoption, the cyber threat environment has changed. Choosing the threat intelligence that’s best for an organization and developing clear intelligence requirements is a time-consuming process and can be expensive.
Steven Bullitt, long-term experienced threat intelligence & incident response expert, guides through the data feed jungle and advices on how to choose the right threat intelligence sources to create relevant, actionable, timely and transparent intelligence that is verifiable and customizable as well as effective and profitable.
Leif Kremkow, Director Technology, Qualys has been with Qualys for over 13 years now. Committed to working with Qualys’ customers to help make the most of the Cloud Platform and its dependant services. Prior to being Director Technology, Leif worked closely with CAC40 enterprise companies as a Technical Account Manager to define custom solutions, carefully respecting corporate culture, fostering user acceptance, and documenting processes.
Leif has been a speaker at various European events, such as Systems, Assises de la Sécurité, RSA Conference, InfoSec, or the CSO Interchange.
A German citizen living and working in France, Leif has a Bachelor of Sciences (Hons.) in Computer Systems and Networks from the University of Plymouth in England.
Threat Intelligence is being advertised as the next big thing to secure your organization with. What is Threat Intelligence and what does it add to your organization?
In this short workshop you will hear a vendor’s point of view and after what another user has to say about Threat Intelligence and whether it holds it promises.
Alain is the head of the audit division at SCRT, a swiss-based information security company, where he has been working for the last 10 years. In this function, he strives to keep improving the quality of the security audits performed by the company, while also performing intrusion tests, social engineering attacks and giving security-related trainings.
With a high interest in web application security, he has discovered several important vulnerabilities in various high profile applications, responsibly diclosing them to get them fixed.
Be it during penetration tests or real-world attacks, hackers are often able to compromise the entirety of an information system by gaining access to “Domain Admin” privileges. This is mainly due to a shift in attack techniques that no longer require the exploitation of complex vulnerabilities but rather a combination of social engineering and legitimate Windows functionality use. Companies are often too focused on limiting perimeter breaches instead of detecting malicious internal activity which often leaves them bling to these types of attacks.
This presentation will walk through the various steps used by attackers to entirely compromise a fictitious company network by demonstrating how classic weaknesses can be combined to achieve permanent privileged access within the information system. The goal of this presentation is to highlight what the major weaknesses are and how companies can adapt to mitigate them and detect intrusions.
Threat intelligence is key in building any robust security program. Along with collecting intelligence from trusted sources it is also critical to have the ability to turn that intelligence into something your environment can understand. In this presentation we will look at many of the stumbling blocks that organisations hit when attempting to apply intelligence at the endpoint. We will also highlight a few new ways of thinking about intelligence. More specifically we will try and answer the 5 W’s as they refer to translating threat intelligence into effective endpoint indicators of compromise. Increasing the performance of your threat intelligence by utilising data at the endpoint will ultimately help to reduce the “dwell time” of an attack.
Threat intelligence is key in building any robust security program. Along with collecting intelligence from trusted sources it is also critical to have the ability to turn that intelligence into something your environment can understand. In this presentation we will look at many of the stumbling blocks that organisations hit when attempting to apply intelligence at the endpoint. We will also highlight a few new ways of thinking about intelligence.
More specifically we will try and answer the 5 W’s (who, what, when, where and why) as they refer to translating threat intelligence into effective endpoint indicators of compromise. Increasing the performance of your threat intelligence by utilising data at the endpoint will ultimately help to reduce the “dwell time” of an attack.
Thomas Cueni joint Tenable as a Security Specialist for Switzerland and Austria. He is a cybersecurity professional with almost fifteen years of technical experience in network and endpoint security, security operations and vulnerability management.
Prior to joining Tenable he was working for FireEye and Blue Coat (now Symantec), where he was doing pre-sales for major global accounts based out of Switzerland.
Most IT security professionals want to avoid the headlines, and many think it cannot happen to their organization. Yet time and time again, we see security breaches making the news at well known and well respected organizations. There are a multitude of reasons this can happen, but “not following foundational CIS Controls” should not be one of them.
In this session we’ll take a look at recent breaches at Google, Equifax and generic ransomware and show how, if they had implemented The Center for Internet Security’s Controls 1-5, these breaches would not have happened.
Jonas Spieckermann is Security-Expert at WatchGuard Technologies with more than 10 years experience in Cyber-Security, concepts and solutions in protection of advanced threats and risks.
He transforms the practical approach from the vendor and reseller to the end customer needs. Before joining Watchguard in 2012, he was working for years for SIEVERS-Group, a security reseller.
Cyber attacks are hitting big enterprises, but small and medium companies the same way. A view on the treat landscape shows an increase of network threats and malware attacks.
A live demo will show the way how hackers exploit vulnerabilities and try to win the game, and how modern security services can protect you. Be prepared for attacks, evolve your playbook and strategy to win against Malware or Evil Twins, threats of wired and wireless networks.