Hi [[ session.user.profile.firstName ]]

Information Security

  • Date
  • Rating
  • Views
  • Abusing Bleeding Edge Web Standards For AppSec Glory Abusing Bleeding Edge Web Standards For AppSec Glory Ryan Lester, CEO & Co-Founder of Cyph Recorded: Dec 9 2016 42 mins
    Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks.

    With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose.

    In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios.
  • Cyber-Security Trends – Security Analytics Is The Game Changer Cyber-Security Trends – Security Analytics Is The Game Changer Stephan Jou, CTO at Interset Recorded: Dec 8 2016 49 mins
    In the past year there were numerous high-profile breaches including; insurance companies, government organizations, kid’s internet gaming, power utilities and dating sites. With the ever-changing landscape of threats and advanced cyber-attacks showing no sign of slowing down, organizations need to be prepared.

    As the breadth of corporate information expands, IT security teams face the daunting task of effectively protecting intellectual property, PII data, and PHI data from internal and external threats.

    Enter machine learning and security analytics – a technology that is at the top of most everyone’s hot new technologies for 2017, but can this technology detect and help stop cyber-attacks?

    Listen to guest speaker Stephan Jou, CTO at Interset, discuss what you need to know for the coming year and predict how user behavior analytics will play in the fight to stop cyber-attacks.
  • The Role of Supervisors in Mitigating  Security Threats The Role of Supervisors in Mitigating Security Threats Anita R. Wood, Assistant Professor, Computer Information Technology at Pennsylvania College of Technology Recorded: Dec 8 2016 36 mins
    Cyber attacks are on the rise, both in volume and impact, and organizations worldwide are focusing on improving cybersecurity and data protection. A key aspect of this is raising security awareness across the organization. Join this presentation and learn about the the role supervisors play in awareness, preparedness and threat mitigation.

    Viewers will learn:
    - The types of insider cybercrimes
    - Mitigating insider's factors in cybercrime
    - Supervisors' value in the mitigation
    - Preparation of supervisors for mitigation
  • It’s My Life but I no Longer Have Control Over it! It’s My Life but I no Longer Have Control Over it! Gavin Chow, Network and Security Strategist Recorded: Dec 8 2016 49 mins
    We all know that technology plays a role in our everyday life but do you know the extent of that role? Advertising tells us to spend more and more of our life online and embrace technology in our homes, cars and everywhere else a microchip can be placed.

    But nowhere is there a message about the consequences of the misuse of that technology. 2016 has seen a rise in the number of incidents involving ransomware, IoT, and simply well intentioned connectivity gone wrong. That momentum is set to continue into 2017 and beyond.

    Although past performance does not guarantee future results, this session will focus on what we have seen this year and what we expect to see in the near future.
  • Trends in Email Fraud, and How to Prevent Enterprise-Facing Email Attacks Trends in Email Fraud, and How to Prevent Enterprise-Facing Email Attacks Markus Jakobsson, Chief Scientist, Agari Recorded: Dec 7 2016 50 mins
    Email is the most popular communication tool, as well as the entry point for up to 95% of security breaches. As cyber criminals evolve their techniques, targeted, enterprise-facing email attacks are rapidly increasing, fueled by an almost inexhaustible supply of potential victims and the tremendous profits awaiting successful fraudsters.

    This talk will provide an overview of both the technical and psychological principles these criminals take advantage of, shedding light on why traditional defenses continue to fail. We will then describe a set of new defense mechanisms that enable enterprises to stop these attacks and review the results of early experiments with these approaches, which offer a new perspective on ways to prevent email fraud.

    Presenter:
    Dr. Markus Jakobsson is a security researcher with interests in applied security, ranging from device security to user interfaces. He is one of the main contributors to the understanding of phishing and crimeware, and is currently focusing his efforts on human aspects of security and mobile security.
  • Quantum Threats: The Next Undefended Frontier of Cybersecurity Quantum Threats: The Next Undefended Frontier of Cybersecurity Mike Brown, CTO and Co-Founder of ISARA Corporation Recorded: Dec 7 2016 44 mins
    Cybersecurity threats are evolving more quickly than most organizations can pivot to defend against them. The 2016 IDC report states that “worldwide spending on cybersecurity products and services [is expected] to eclipse $1 trillion for the five-year period from 2017 to 2021” but we still may not be combatting emerging threats in the right ways.

    While we’re battling against growing threats from conventional computers, quantum computers are a growing shadow on the threat landscape, and people are already starting to think about how to get ready. Quantum safe options are becoming available, and bring with them new ways of thinking about how to integrate security solutions based on fundamentally different problems. What happens to TLS? What happens to VPN? What happens to PKI? Is your business ready? What potential threats should you be evaluating in your security strategy for 2017?

    In this talk, we’ll cover the 360-degree view of becoming quantum resistant. What is a quantum computer? Why will it cause problems for your security systems? How do you use quantum safe security?! How does entering the quantum age impact common tools like TLS, VPN, and PKI, and what are the challenges they’ll face? And most importantly, when do you need to worry?
  • Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing Weaponizing Data Science for Social Engineering: Automated E2E Spear Phishing Dr. Phil Tully, Sr Data Scientist & John Seymour, Data Scientist at ZeroFOX Recorded: Dec 7 2016 49 mins
    Historically, machine learning for information security has prioritized defense: think intrusion detection systems, malware classification and botnet traffic identification. Offense can benefit from data just as well. Social networks, especially Twitter with its access to extensive personal data, bot-friendly API, colloquial syntax and prevalence of shortened links, are the perfect venues for spreading machine-generated malicious content.

    We present a recurrent neural network that learns to tweet phishing posts targeting specific users. The model is trained using spear phishing pen-testing data, and in order to make a click-through more likely, it is dynamically seeded with topics extracted from timeline posts of both the target and the users they retweet or follow. We augment the model with clustering to identify high value targets based on their level of social engagement such as their number of followers and retweets, and measure success using click-rates of IP-tracked links. Taken together, these techniques enable the world's first automated end-to-end spear phishing campaign generator for Twitter.

    Presenters:
    - Dr. Phil Tully, Senior Data Scientist, ZeroFOX
    - John Seymour, Data Scientist, ZeroFOX
  • Talking to the Board About Cyber Risk – A Metrics-based Approach Talking to the Board About Cyber Risk – A Metrics-based Approach Ariel Evans, CEO, Innosec Recorded: Dec 7 2016 48 mins
    The rise of attacks resulting in huge business losses have brought cyber security into the board room. Prior to the Target breach, the board of directors was not very interested in cyber security. However, things have changed, and we see more and more CISOs reporting into the CRO, CFO, or CEO and not the CIO. Put simply, if you report into the board more than once or twice a year you have to be speaking their language.

    Cyber breaches have impactful results. In 2015, Target’s CEO Gregg Steinhafel, a 35-year employee of the company with the last six at the helm, was forced to resign in light of the recent holiday-season credit-card security breach that affected 40 million customers.

    As a result, we are seeing a major shift in corporate cybersecurity policy. The board of directors is no longer interested in check box compliance. They are understanding their role much better. They are responsible to ensure that cyber controls are in place that protect business assets of the firm in alignment with their risk tolerance.
  • Insider Threats and Critical Infrastructure: Vulnerabilities and Protections Insider Threats and Critical Infrastructure: Vulnerabilities and Protections Lydia Kostopoulos, PhD, Principal Consultant - Cybersecurity (Human Risk), @LKCyber Recorded: Dec 7 2016 41 mins
    As the sophistication of encryption and technical defences rises each year, so do the attacks against the people in organizations. Hence the rise in PICNIC = Problem In Chair, Not In Computer.

    This session gives an overview of the latest insider threats facing critical infrastructures and how they can compromise air-gapped networks. It provides proactive, preventative and defensive measures to manage the risk, and concludes with a discussion of the responsibilities organizations who manage critical infrastructures have to support national security, the well-being of society and economic prosperity.
  • Make 2017 a Year of Countering the Evolving Threat Landscape Make 2017 a Year of Countering the Evolving Threat Landscape Josh Goldfarb, VP, CTO - Emerging Technologies, FireEye, Inc. Recorded: Dec 7 2016 37 mins
    Tis the season of predictions looking ahead to 2017 and paying lip service to the threat landscape. Not a fan of either of those? You’re not alone. Join FireEye in this BrightTalk webinar where we’ll discuss more than just the threats that may or may not be awaiting us in 2017. We’ll discuss real attacker tactics and techniques, along with how you can actually counter the risk they present.