Hi [[ session.user.profile.firstName ]]

Information Security

  • Date
  • Rating
  • Views
  • Your Car Is Betraying You -- Why Robust Security is Essential on the Road
    Your Car Is Betraying You -- Why Robust Security is Essential on the Road Toby Weir-Jones, CEO, Weir-Jones and Associates Recorded: Jun 22 2017 58 mins
    Modern vehicles are, as Bruce Schneier recently put it, actually computers with wheels rather than cars with a computer added on. Every part of the vehicle's operation is supervised, logged, and managed by digital signals on a complex vehicle network. If you have a crash, your car will tell investigators if you were speeding or swerved to avoid the impact. If you spend too long dawdling at the convenience store instead of visiting your customers, your employer will know about it. If you waste fuel, drive dangerously, or don't turn your lights on when you should, it'll be recorded.

    This introduces a lot of familiar debates in security circles. Who owns the data? What counts as personally identifiable? What are acceptable standards for logging, retention, and disclosure? What happens if we get it wrong?

    The bad news is the vehicle landscape, like enterprise security, is badly fragmented. The good news is we've learned a lot of useful lessons over the past 20 years which can be brought to bear on the problem, so solving it shouldn't take another 20.

    In this presentation we'll review some of the mechanics of how vehicle data is generated, who can see it, and how it can be used and abused. We'll then talk about points of leverage for the industry, the manufacturers, the owners, and law enforcement, and see what common ground exists. Finally, we'll lay out some basic ideas any fleet operator or concerned individual can use to make decisions about what vehicles to use and how to manage the data footprints they generate.
  • Building Secure Vehicular Software
    Building Secure Vehicular Software Dr. Mark Sherman, Technical Director, CERT / Software Engineering Institute, Carnegie Mellon University Recorded: Jun 22 2017 36 mins
    Software plays an expanding and critical role in the success of future vehicles such as automobiles and trucks. Novel technologies that depend on the flexibility of software create new vulnerabilities and new ways to attack systems. This talk explores the expanding landscape of vulnerabilities that accompany the increasing reliance on software and then examines some key steps to help mitigate the increased risk: development of appropriate requirements from an analysis of risks, techniques that can be applied during development, and evaluation approaches for existing systems. The talk will conclude with a view of emerging approaches to further improve the delivery and sustainment of such critical software.

    About the Presenter:
    Dr. Mark Sherman is the Director of the Cyber Security Foundations group at CERT within CMU’s Software Engineering Institute. His team focuses on foundational research on the life cycle for building secure software and on data-driven analysis of cyber security. Before coming to CERT, Dr. Sherman was at IBM and various startups, working on mobile systems, integrated hardware-software appliances, transaction processing, languages and compilers, virtualization, network protocols and databases. He has published over 50 papers on various topics in computer science.
  • Rebooting the Auto Industry: When Security Affects Safety
    Rebooting the Auto Industry: When Security Affects Safety Craig Smith, Founder, Open Garages; Research Director of Transportation Security, Rapid7 Recorded: Jun 22 2017 55 mins
    We are surrounded by 2-ton IoT devices on wheels. The auto industry has rapidly evolved in the last five years; vehicles now have phone apps for remote control, built-in WiFi hot spots, heads-up displays, lane correction systems, and other Advanced Driver Assistance Systems. These convenience and road safety features are in high demand, but they also introduce cybersecurity concerns.

    Automakers are now software companies, and this talk will address some of the cybersecurity-related issues faced by the transportation industry, including some of the growing pains a “traditional” industry has when it starts to become internet connected to the outside world. Mr. Smith will share techniques currently used by hackers and show some of the security defenses being put into place. You will see the vulnerabilities of vehicles on the road today, as well as take a peek into the future of fully autonomous cars. And if your head isn’t spinning already, learn what it will mean to "own" a car in the future. Key topics will include:
    •What makes car hacking so intriguing?
    •Who are the adversaries in this space and what are they after?
    •How self-driving cars can be used as a model for corporate infrastructure.
    •How IoT can be locked down without locking out the customer.

    About the Presenter:
    Craig Smith is the Founder of Open Garages and Research Director of Transportation Security at Rapid7. Open Garages is a distributed collective of performance tuners, mechanics, security researchers and artists. Craig is also the author of the Car Hacker's Handbook and runs a Security Consulting firm that specializes in automotive reverse engineering. Craig has developed many open source utilities to teach CAN bus to students and well as security penetration tools that can uncover vulnerabilities in vehicle and diagnostic systems. He has worked in the security field for over 20 years with the last 5 years focused on automotive.
  • The Future of Cybersecurity and the Internet of Things
    The Future of Cybersecurity and the Internet of Things Demetrios "Laz" Lazarikos (Blue Lava), Mark Weatherford (vArmour), Robert M. Lee (Dragos) Recorded: Jun 21 2017 61 mins
    With the proliferation of the Internet of Things (IoT) into every aspect of our society, cyber attacks on a massive scale are becoming a possibility, and in some cases, a reality. Attackers can take out city grids, hijack control systems and engage in cyber war remotely.

    This panel of top cybersecurity experts will discuss how connected devices are affecting our critical infrastructure security, the IoT and cyber warfare, and what we need to do today to address the security challenges posed by IoT devices.

    - Demetrios "Laz" Lazarikos, Three Time CISO, Founder of Blue Lava
    - Mark Weatherford, Chief Cybersecurity Strategist at vArmour
    - Robert M. Lee, CEO and Founder of Dragos, Inc.
  • IoT and Critical Infrastructure: Why We Need Intelligence Exchange
    IoT and Critical Infrastructure: Why We Need Intelligence Exchange Paul Kurtz, CEO & Co-Founder of TruSTAR Recorded: Jun 21 2017 44 mins
    Today we fight adversaries individually, not collectively. Companies are working in silos to defend their individual infrastructures. Security operators and defense teams do not have visibility into cyber security incident information from their peers, even though they may be seeing the same attack methods or adversaries. The lack of an effective exchange and collaboration between companies is the Achilles heel our enemies continue to exploit.

    Come and join a discussion about a new cybersecurity model that maximizes the use of the network (much like the bad guys) and incentivizes the exchange of actionable threat incident data.

    We'll look at recent critical infrastructure hacks such as Grizzly Steppe, WannaCry and CrashOverride and discuss how we can better protect ourselves for future attacks.
  • When thermostats become critical infrastructure, what will you do?
    When thermostats become critical infrastructure, what will you do? Wieland Alge - GM EMEA - Barracuda Networks, Mark Harrison - Consultant - Pen Test Partners Recorded: Jun 21 2017 57 mins
    Would a hack on one Internet connected thermostat stop a nation? Maybe not, but imagine hundreds of connected devices being meddled with in order to cause havoc?

    Join our IOT experts to discuss the real impact of an IOT device hack. Wieland Alge, GM EMEA at Barracuda Networks and Mark Harrison, Consultant at Pen Test Partners, will look into why cyber criminals are interested in hacking IOT devices and the true impact of such an attack to organisations. Join this webinar to learn:

    • The true impact of an IOT hack
    • Methods used by hackers
    • Demos of IOT devices being hacked
    • Major challenges in protecting smart cities
    • How to mitigate these threats
  • [VIDEO] The Influence of AI & Machine Learning on the Security Industry
    [VIDEO] The Influence of AI & Machine Learning on the Security Industry Josh Downs, BrightTALK & Giovanni Vigna, Professor & CTO, University of Santa Barbara & Lastline Recorded: Jun 21 2017 13 mins
    BrightTALK caught up with Giovanni Vigna from University of Santa Barbara & Lastline for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

    Topics up for discussion:

    - The difference between traditional AI & Machine Learning and the tools when applied to cyber security

    - Whether the buzz surrounding the tools is legitimate

    - How the human still needs to fit into the picture when using machine learning based security techniques

    - How AI & Machine learning can be used for threat hunting purposes

    - The WannaCry virus and what it means for the ransomware landscape and how we protect ourselves from attacks

    - The value of security culture in an organisation

    - Trends in the techniques used in cyber warfare

    - The exponential growth of the IoT and what it means for securing the connected devices
  • Why Vendor Liability is Necessary to Secure Consumer IoT
    Why Vendor Liability is Necessary to Secure Consumer IoT Tatu Ylonen, Founder & SSH Fellow, SSH Communications Security, Inc. Recorded: Jun 21 2017 55 mins
    We live in an IoT world. Connected devices now include TVs, refrigerators, security systems, phones, music players, smart assistants, DSL modems, cars, and even toothbrushes. Besides privacy and personal security concerns, these devices pose significant risk of cyber attacks. IoT devices have been used in devastating DDoS attacks that have paralyzed key Internet services, emergency services, and heating systems. In addition to run-of-the-mill hackers and hacktivists, they are the first line of attack in any low-to-medium scale cyber conflict between nation states.

    Vulnerable IoT devices represent a direct threat to safety, life, property, business continuity, and general stability of the society.

    This talk will discuss the security challenges surrounding IoT devices, and what is needed for a balanced framework that forces vendors to implement a reasonable level of best practice without causing them undue burden and risk.

    About the Presenter:
    Tatu Ylonen is a cybersecurity pioneer with over 20 years of experience from the field. He invented SSH (Secure Shell), which is the plumbing used to manage most networks, servers, and data centers and implement automation for cost-effective systems management and file transfers. He is has also written several IETF standards, was the principal author of NIST IR 7966, and holds over 30 US patents - including some on the most widely used technologies in reliable telecommunications networks.
  • The State of the Internet of Insecure Things in 2017
    The State of the Internet of Insecure Things in 2017 Jay Beale (InGuardians), John Bambenek (Fidelis Cybersecurity), Mike Hamilton (Ziften), Vince Tocce (VITB Podcast) Recorded: Jun 20 2017 64 mins
    Internet of Things devices are notoriously lacking in security, making them easy targets for attackers to hijack and leverage in DDoS attacks. How have cyber attacks evolved in the last few months? What is the impact of the IoT devices on cybersecurity across organizations and industries? How can we better protect our organizations when it comes to attacks coming from the IoT?

    This panel of security experts will discuss the current state of IoT security and the IoT trends seen across industries. Join this interactive Q&A session and discover where the vulnerabilities lie and how we can improve cybersecurity.

    - Vince Tocce, Founder of Vince in the Bay Podcast

    - Jay Beale, CTO of Inguardians
    - John Bambenek, Threat Systems Manager at Fidelis Cybersecurity
    - Mike Hamilton, SVP Product at Ziften Technologies
  • What Is the Value of Your Security Program?
    What Is the Value of Your Security Program? Joe Moles, Director of Detection Operations Recorded: Jun 20 2017 50 mins
    Many security teams find it challenging to prove their value and effectiveness, especially in the absence of compromise or breach activity. Learn how top-performing security teams take advantage of their visibility across the environment to provide ongoing, deeply insightful measurements and reporting that support broader business decisions. Applying these techniques can exponentially increase the overall value of your security team to the entire organization.

    In this webinar, you will learn:
    - A framework with actionable ways to report the effectiveness of your security program and tools
    - How to translate technical data into business objectives
    - Methods for identifying performance issues and opportunities across your team, processes, and tools
    - A simple calculation to systematically prioritize your alerts
    - Guidelines for driving strategic decisions based on the measurement of security tools

    About the Presenter: Joe Moles, Director of Detection Operations

    An IR and digital forensics specialist, Joe Moles has more than a decade of experience running security operations and e-discovery. As Director of Detection Operations at Red Canary, he leads a team of security analysts to help organizations defend their endpoints against threats. Prior to joining Red Canary, Joe built and led security operations, incident response, and e-discovery programs for Fortune 500 companies like OfficeMax and Motorola. He is regarded as an industry thought leader and regularly contributes to the Red Canary blog.

Embed in website or blog