Securing FinTech: Threat-based testing along the kill chain
Threat-based testing, accurately simulating criminal attacks, is a critical approach in securing FinTech. Attackers constantly evolve their attack methods and strategies in response to changing technologies, making it essential that security tests match the threat landscape.
RecordedMay 16 201746 mins
Your place is confirmed, we'll send you email reminders
Arman Mamoian MSc, Senior Manager and Thomas WardBSc, CPSA, Application Security Auditor
Proper implementation and management of Application Security Testing (AST) can reduce costs and boost effectiveness of your application security strategy.
What have we learned from 2017's biggest breaches and how will we deal with 2018's emerging threats? Attempting to look both backward and forward over the cyber landscape, Peter Wood will review lessons learned and apply them to the evolving threatscape.
If your processing and data is in the cloud, how can you deliver assurance, compliance and governance? How do you find the flaws and soft spots that criminals will exploit? From browser to database, through human factors and end points, this presentation will take a threat-based approach to securing the cloud.
Josh Downs, Senior Community Manager BrightTALK & Ian Glover, President, CREST
BrightTALK caught up with CREST president Ian Glover for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.
Topics up for discussion:
- GDPR and the preparation that organisations need to implement to remain compliant
- Steps that professionals can take to make sure that they're in-the-know and up-to-date with the legislation and changes that need to be made
- The value of improving security culture in an organisation to increase security stature
- Nationstate attacks and their influence on the cyber security industry
- AI & machine learning systems and their applications to the security industry
The Internet of Everything affects everyone from multi-nationals to private citizens. The universal adoption of machine to machine communications in every aspect of our lives offers criminals a hugely expanded attack surface. How do we defend ourselves without undermining the benefits of the IoE?
Josh Downs, BrightTALK & Martin Borrett, CTO, IBM Security Europe
- BrightTALK at CRESTCON & IISP Congress -
BrightTALK caught up with IBM Security Europe's Martin Borrett for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.
Topics up for discussion:
- AI & machine learning and the influence that the technology will have on the security space
- The ins and outs of AI & machine learning and how it analyses your data looking for security incidents
- How to find a good solution to suit all budgets
- The growth of IoT networks and how we can look to protect them effectively
- V2V security and how to ensure connected cars are protected from cyber threats
- The threatscape in 2017; the threat actors, motives and attack techniques
To find out more about IBM Security, click the link in the attachments tab.
Josh Downs, Senior Community Manager BrightTALK & Ian Whiting, CEO, Titania
- BrightTALK at CRESTCON & IISP Congress -
BrightTALK caught up with Titania's Ian Whiting for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.
Topics up for discussion:
- How to run a comprehensive pentest to protect your business
- How to get the most from your cyber security budget
- AI & Machine learning and the influence it'll have on the security industry
- The explosion of connected devices on the IoT and where networks are especially vulnerable
Josh Downs, BrightTALK & Justin Clarke-Salt, MD, Gotham Digital Science
- BrightTALK at CRESTCON & IISP Congress -
BrightTALK caught up with Gotham Digital Science's Justin Clarke-Salt for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.
Topics up for discussion:
- The evolution and future of cyber warfare
- How to run a comprehensive and complete pentest
- Where to start when building the ideal security team
- Financial security and how to best protect the banks
- GDPR and preparations to make to ensure full security for 2018
- The growth of the IoT and how to ensure we're protecting the connected devices
BrightTALK caught up with Obrela Security Industry's George Patsis for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.
Topics up for discussion:
- The elements and process to run a really comprehensive pentest
- How banks are still juicy targets for cyber criminals and what they can be doing to ensure they're fully protected.
- How to get the maximum results from a security budget.
- The positive steps that George sees in the cyber security industry
Threat-based testing, accurately simulating criminal attacks, is a critical approach in securing FinTech. Attackers constantly evolve their attack methods and strategies in response to changing technologies, making it essential that security tests match the threat landscape.
Josh Downs, Community Manager, BrightTALK & Matt Lewis, Research Director, NCC Group
- BrightTALK at CRESTCON & IISP Congress -
BrightTALK caught up with NCC Group's Matt Lewis for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.
Topics up for discussion:
- The steps that professionals should be taking to prepare for GDPR
- How banks and financial institutions can improve their cyber security stature in advance of the GDPR legislation coming into play in May 2018
- The continuing rise of ransomware and whether the trend will continue
- Machine learning and AI and it's role in the cyber security industry
- How to improve on Identity and Access Management Systems (IAM)
BrightTALK caught up with The IISP's Piers Wison for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.
Topics up for discussion:
- The findings of the IISP Industry Survey
- AI & machine learning in the security sphere
- The steps cyber professionals need to take to prepare for GDPR
- What banks can be doing to remain as protected as possible from cyber criminals
- The growth of IoT networks and their subsequent vulnerabilities
- What to look for when assembling a security team
Josh Downs, BrightTALK & Leslie Parsonson, Beta Systems
- BrightTALK at CRESTCON & IISP Congress -
BrightTALK caught up with Beta Systems Leslie Parsonson for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.
Topics up for discussion:
- The steps that professionals should be taking to prepare for GDPR
- Protective measures that financial institutions should take to improve their security stance
- Methods to strengthen identity and access management
Josh Downs, BrightTALK & Andrew Gould, Head of the MET's Falcon Cybercrime Unit
- BrightTALK at CRESTCON & IISP Congress -
BrightTALK caught up with The MET's Andrew Gould for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.
Topics up for discussion:
- The rise of Ransomware and what we can be doing to protect ourselves
- The steps that businesses should be taking to prepare for GDPR
- Financial cyber security and what the banks can be doing better to defend against malicious hackers
- Cyber security relations and the future of law enforcement post-Brexit
Josh Downs, BrightTALK & Tarah Wheeler, Principal Security Advocate, Symantec
- BrightTALK at CRESTCON & IISP Congress -
BrightTALK caught up with Symantec's Tarah Wheeler for an in-depth conversation on the current state of information security, today's threatscape and a discussion on the cyber industry.
Topics up for discussion:
- The ethics of 'hacking back'
- AI & Machine learning and the influence it'll have on security
- Cyber security in the financial sector
- Cyber warfare and the new tactics coming through
- Vulnerabilities in the IoT and what we can do about them
The majority of internal and external cyber-attacks begin with exploiting vulnerabilities in the network and targeted applications. Over 99% of actual attacks exploit known vulnerabilities listed as known Common Vulnerabilities and Exposures (CVEs). The traditional defence is to probe the system using manual or automatic vulnerability scanning techniques; but this produces a lot of redundant and irrelevant information that does not shed any light as to whether a hacker can use the vulnerability to reach a critical asset. The only solution today is human penetration testing, but infrequent testing does not reflect the network's dynamic nature, especially in today's virtual and cloud based environments.
A fresh approach to support manual penetration testing and enhance cyber resilience is to continuously and automatically test the network, applications and databases by using penetration testing techniques to expose vulnerabilities, establish complex attack path scenarios in real time and provide security and business insights to act on.
This presentation will look at the technology and role of machine-based penetration testing.
Key network infrastructure devices are overlooked yet they provide critical functionality. Exploiting web application weaknesses and service buffer overflows is exciting, but the housekeeping of network infrastructure is not. Issues in network infrastructure devices can lead to network wide problems that would cause system admininstration nightmares. This presentation provides a review of key security devices, often side-lined when looking at security. It covers the value of these devices to "Blue Teams", issues "Red Teams" can highlight, desired outcomes and auditing practices.
Ian Glover, President, CREST & Josh Downs, Information Security Community Manager, BrightTALK
Join this engaging session as BrightTALK conducts an in-depth interview with Ian Glover, President of CREST.
It's been a crucial year for cyber security with big breaches and newsworthy hacks. BrightTALK's Information Security Community Manager Josh Downs will be quizzing Ian for his thoughts on the cyber security industry and in particular:
- The big breaches of 2016 and lessons to be learnt
- The current threatscape
- The big vulnerabilities on the horizon
- Ian's insights into how to keep your company secure in 2017
We look forward to you joining us for the session.
The results of all the network penetration tests conducted by the First Base team over the past year have been analysed by Peter Wood. The annual review covers clients in a variety of sectors including banking, insurance and retail. This presentation identifies the most common vulnerabilities, how they can be exploited and the consequences for each business. Learn in detail how criminals can take advantage of these weaknesses and how you can secure your networks using straightforward techniques.
CREST represents the technical information security industry by:
- Offering a demonstrable level of assurance of processes and procedures of member organisations
- Validating the competence of their technical security staff
- Providing guidance, standards and opportunities to share and enhance knowledge
- Providing technical security staff recognised professional qualifications and those entering or progressing in the industry with support with on-going professional development