Securing FinTech: Threat-based testing along the kill chain

What have we learned from 2017's biggest breaches and how will we deal with 2018's emerging threats? Attempting to look both backward and forward over the cyber landscape, Peter Wood will review lessons learned and apply them to the evolving threatscape.

If your processing and data is in the cloud, how can you deliver assurance, compliance and governance? How do you find the flaws and soft spots that criminals will exploit? From browser to database, through human factors and end points, this presentation will take a threat-based approach to securing the cloud.

BrightTALK caught up with CREST president Ian Glover for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- GDPR and the preparation that organisations need to implement to remain compliant

- Steps that professionals can take to make sure that they're in-the-know and up-to-date with the legislation and changes that need to be made

- The value of improving security culture in an organisation to increase security stature

- Nationstate attacks and their influence on the cyber security industry

- AI & machine learning systems and their applications to the security industry

The Internet of Everything affects everyone from multi-nationals to private citizens. The universal adoption of machine to machine communications in every aspect of our lives offers criminals a hugely expanded attack surface. How do we defend ourselves without undermining the benefits of the IoE?

- BrightTALK at CRESTCON & IISP Congress -

BrightTALK caught up with IBM Security Europe's Martin Borrett for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- AI & machine learning and the influence that the technology will have on the security space

- The ins and outs of AI & machine learning and how it analyses your data looking for security incidents

- How to find a good solution to suit all budgets

- The growth of IoT networks and how we can look to protect them effectively

- V2V security and how to ensure connected cars are protected from cyber threats

- The threatscape in 2017; the threat actors, motives and attack techniques

To find out more about IBM Security, click the link in the attachments tab.

- BrightTALK at CRESTCON & IISP Congress -

BrightTALK caught up with Titania's Ian Whiting for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- How to run a comprehensive pentest to protect your business

- How to get the most from your cyber security budget

- AI & Machine learning and the influence it'll have on the security industry

- The explosion of connected devices on the IoT and where networks are especially vulnerable

- BrightTALK at CRESTCON & IISP Congress -

BrightTALK caught up with Gotham Digital Science's Justin Clarke-Salt for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The evolution and future of cyber warfare

- How to run a comprehensive and complete pentest

- Where to start when building the ideal security team

- Financial security and how to best protect the banks

- GDPR and preparations to make to ensure full security for 2018

- The growth of the IoT and how to ensure we're protecting the connected devices

- BrightTALK at CRESTCON & IISP Congress -

BrightTALK caught up with Obrela Security Industry's George Patsis for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The elements and process to run a really comprehensive pentest

- How banks are still juicy targets for cyber criminals and what they can be doing to ensure they're fully protected.

- How to get the maximum results from a security budget.

- The positive steps that George sees in the cyber security industry

Threat-based testing, accurately simulating criminal attacks, is a critical approach in securing FinTech. Attackers constantly evolve their attack methods and strategies in response to changing technologies, making it essential that security tests match the threat landscape.

- BrightTALK at CRESTCON & IISP Congress -

BrightTALK caught up with NCC Group's Matt Lewis for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The steps that professionals should be taking to prepare for GDPR

- How banks and financial institutions can improve their cyber security stature in advance of the GDPR legislation coming into play in May 2018

- The continuing rise of ransomware and whether the trend will continue

- Machine learning and AI and it's role in the cyber security industry

- How to improve on Identity and Access Management Systems (IAM)

- BrightTALK at CRESTCON & IISP Congress -

BrightTALK caught up with The IISP's Piers Wison for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The findings of the IISP Industry Survey

- AI & machine learning in the security sphere

- The steps cyber professionals need to take to prepare for GDPR

- What banks can be doing to remain as protected as possible from cyber criminals

- The growth of IoT networks and their subsequent vulnerabilities

- What to look for when assembling a security team

- How to get the most out of your security budget

-

- BrightTALK at CRESTCON & IISP Congress -

BrightTALK caught up with Beta Systems Leslie Parsonson for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The steps that professionals should be taking to prepare for GDPR

- Protective measures that financial institutions should take to improve their security stance

- Methods to strengthen identity and access management

- BrightTALK at CRESTCON & IISP Congress -

BrightTALK caught up with The MET's Andrew Gould for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The rise of Ransomware and what we can be doing to protect ourselves

- The steps that businesses should be taking to prepare for GDPR

- Financial cyber security and what the banks can be doing better to defend against malicious hackers

- Cyber security relations and the future of law enforcement post-Brexit

- BrightTALK at CRESTCON & IISP Congress -

BrightTALK caught up with Symantec's Tarah Wheeler for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.

Topics up for discussion:

- The ethics of 'hacking back'

- AI & Machine learning and the influence it'll have on security

- Cyber security in the financial sector

- Cyber warfare and the new tactics coming through

- Vulnerabilities in the IoT and what we can do about them

Enjoy!

BrightTALK will be broadcasting its in-depth interview with CREST President Ian Glover and Nettitude MD Rowland Johnson jointly in conversation.

Topics up for discussion will include:

- The new political climate and it's effect on Cyber Security and global cyber warfare

- The supposed Russian hack on the 2016 US election

- GDPR and what companies need to be doing to prepare for 2018

- Equal opportunities in the information security industry

- The rise of AI & Machine learning and how it'll influence the cyber world

- IoT and how to keep connected devices all safe and secure

- Incident response and steps to take if you've been breached!

- The 2017 threatscape and what you shoud be concentrating on

All this and much more - join us for the broadcast.

The majority of internal and external cyber-attacks begin with exploiting vulnerabilities in the network and targeted applications. Over 99% of actual attacks exploit known vulnerabilities listed as known Common Vulnerabilities and Exposures (CVEs). The traditional defence is to probe the system using manual or automatic vulnerability scanning techniques; but this produces a lot of redundant and irrelevant information that does not shed any light as to whether a hacker can use the vulnerability to reach a critical asset. The only solution today is human penetration testing, but infrequent testing does not reflect the network's dynamic nature, especially in today's virtual and cloud based environments.
A fresh approach to support manual penetration testing and enhance cyber resilience is to continuously and automatically test the network, applications and databases by using penetration testing techniques to expose vulnerabilities, establish complex attack path scenarios in real time and provide security and business insights to act on.
This presentation will look at the technology and role of machine-based penetration testing.

Key network infrastructure devices are overlooked yet they provide critical functionality. Exploiting web application weaknesses and service buffer overflows is exciting, but the housekeeping of network infrastructure is not. Issues in network infrastructure devices can lead to network wide problems that would cause system admininstration nightmares. This presentation provides a review of key security devices, often side-lined when looking at security. It covers the value of these devices to "Blue Teams", issues "Red Teams" can highlight, desired outcomes and auditing practices.

Join this engaging session as BrightTALK conducts an in-depth interview with Ian Glover, President of CREST.

It's been a crucial year for cyber security with big breaches and newsworthy hacks. BrightTALK's Information Security Community Manager Josh Downs will be quizzing Ian for his thoughts on the cyber security industry and in particular:

- The big breaches of 2016 and lessons to be learnt
- The current threatscape
- The big vulnerabilities on the horizon
- Ian's insights into how to keep your company secure in 2017

We look forward to you joining us for the session.

The results of all the network penetration tests conducted by the First Base team over the past year have been analysed by Peter Wood. The annual review covers clients in a variety of sectors including banking, insurance and retail. This presentation identifies the most common vulnerabilities, how they can be exploited and the consequences for each business. Learn in detail how criminals can take advantage of these weaknesses and how you can secure your networks using straightforward techniques.