SCADA security and advance persistent threats have now taken center stage. While the industry has some success in dealing with IT security, when it comes to industrial control systems or SCADA systems, we still have enormous challenges. This session will discuss why implementing SCADA security is s
SCADA security and advance persistent threats have now taken center stage. While the industry has some success in dealing with IT security, when it comes to industrial control systems or SCADA systems, we still have enormous challenges. This session will discuss why implementing SCADA security is so difficult, and discuss strategies to meet these challenges. I will discuss my experience working with large organizations with control system installations, and present how SCADA security can be deciphered.
The session will include:
- A very brief technical introduction to SCADA and industrial control systems
- SCADA systems under the hood, including SCADA protocols like MODBUS and DNP3 at the packet level
- Attacks on RTU, PLC, HMI, FEP, SCADA slaves and master stations
- Real world examples of successful and not-so-successful implementations of securing control systems and SCADA systems.
- How to use security tools, technical solutions and a change in mindset to address SCADA security
- Pointers on using the free open-source SCADA scanning tool
This presentation will help organizations trying to implement security measures for their controls systems and SCADA systems. It identifies hurdles that organizations face and will help avoid them, from mistakes made by others. It will help attended try out some tools and techniques when they get back from the conference. It will also help security vendors as well as vendors of SCADA systems to align their solutions to achieve a common goal. For attendees who are not familiar with in-depth SCADA security, the presentation will be an excellent introduction and fast forward to effective SCADA security implementation.
RecordedFeb 27 2012
Your place is confirmed, we'll send you email reminders
If you can’t see what’s on your network, then you can’t control it.
As new technologies emerge each day, so do the associated security threats - are you confident that you can see them before they wreak havoc on your network? 86% of executives aren’t, believing there are gaps in their ability to see what’s really going on inside their network.
Join Julian Matossian, Senior Product Manager, and Nick Kelly, Director of Product Marketing, as they delve into the current state of network visibility: the challenges, blind spots, and most importantly, the solutions to help illuminate your network.
Having the right security measures in place is only half the battle – you need to know exactly what they’re protecting you from.
What were the overall trends in cyber breaches, and what does this mean for organizations and the third party vendors with whom they work?
In this webinar, Advisen, an insurance analytics firm, will analyze cyber breaches and identify ebbs and flows throughout 2015 and into 2016. Panelists will then take the unprecedented step of correlating the data Advisen and Bitsight possess to take an even deeper dive to find possible threats to an organization’s cybersecurity — giving all stakeholders greater visibility into the cyber posture of organizations as well as their third party vendors.
Jay Jacobs, Senior Data Scientist, BitSight
Aloysius Tan, Product Manager, Advisen
Chad Hemenway, Managing Editor, Advisen (moderator)
Starting in earnest after the "Snowden Revelations" 2013, more and more service providers such as Google, Yahoo and Amazon have been embracing SSL by default. Whether in search, cloud services or webmail access, these providers have been instrumental in their support of a more secure and obfuscated web. But what does that mean for the enterprise information security professional? While the providers have "seen the light", have we become blinded by it? To ensure the inspection and subsequent protection of data streams in and out of our organizations, we need the ability to inspect encrypted traffic for policy violations or other malicious activity while still ensuring multi- jurisdictional rights to privacy. Join Blue Coat and (ISC)2 on May 26, 2016 for a roundtable discussion exploring methods and mechanisms for addressing SSL inspections and the search for malicious activity.
Join us to hear from Microsoft Azure, Chef and Trend Micro experts on how to best develop a cloud automation strategy in your Azure environment, keeping the agility of the cloud while ensuring that your Azure workloads are protected.
You will learn how to:
• Automate your security posture within Azure
• Use Chef to build compliance and resiliency into your Azure workloads
• Take security automation to the next level
Threat actors have discovered that targeting organizations with ransomware can be far more lucrative than extorting small sums from home users. Ransomware is on the rise. But your organization does not have to become a victim. Automated prevention is certainly achievable.
Join us for this live webinar where you will learn:
• Which three steps you must take to successfully prevent an outbreak in your organization
• Why existing endpoint security solutions often fail to prevent ransomware infections
• Which organizations threat actors target most intently with ransomware
• What endpoint protection technology capabilities are necessary to automate ransomware prevention
• Which three delivery vectors attackers use in nearly all ransomware infections
Attackers today do not just use one channel to launch their targeted attacks – they use all of them. Emails, links posted to social media, and even apps in public app stores are all part of the modern cybercriminal’s arsenal, and many of these attacks are invisible to traditional security tools. Join this webinar and learn how to protect the cloud-enabled, mobile-friendly, and socially networked way users work today.
Learn how data encryption and encryption key management address compliance for healthcare providers and payers. Join Derek Tumulak, VP Product Management at Vormetric, and Tricia Pattee, HOSTING Product Manager as they discuss how HIPAA/HITECH regulations impact electronic protected health information (PHI) and best practices to safeguard sensitive patient data.
• HIPAA and HITECH regulatory mandates impact data security for healthcare institutions
• Strong encryption and policy-based access controls provide a separation of duties between data security and system administrators
• Secure key management and policy management ensure consistency in applying policies and encryption keys to both structured and unstructured data
• Rapid implementation is achieved because encryption is transparent to users, applications, databases and storage systems
• The HOSTING and Vormetric cloud solution can satisfy HIPAA and HITECH compliance requirements in the cloud
As a cybersecurity professional, you already know that users are both an organisation’s greatest asset and its greatest vulnerability. Users can do great damage - and they’re notoriously difficult to catch. Many companies are confronting this challenge with User Behaviour Analytics (UBA), which can help you detect and respond to user threats, such as when:
• An insider turns against your organisation
• A cyber-attacker steals a user’s credentials
• An administrator abuses account privileges
If you’re focused on addressing user threats, UBA can be a powerful tool in your kit. Join Tom Salmon from LogRhythm, as he discusses the elements of an effective user threat detection program. You’ll learn:
• Why detecting user threats is so important—and so difficult
• Different approaches to UBA
• The value of data from across your business
• How to maximise the efficiency of your security analysts
Attend this webinar to learn how UBA can help you discover hidden user threats, reduce false-positives and prioritise the most concerning threats.
There is a common theme for public and private organisations globally: there just aren’t enough cybersecurity professionals with the skills set required to defend organisations against advanced persistent attackers. With global demand for cyber security experts forecast to outstrip supply by a third before the end of the decade, companies are struggling against this huge skills shortage.
(ISC)2 predicts that companies and public sector organisations will need 6 million security professionals by 2019 but only 4.5 million will have the necessary qualifications and skill set. With countries such as the UK, increasing investment in cyber security and introducing new legislations this gap in professionals will only increase.
Join this webinar, to understand the skills shortage challenge organisations are facing and how security tools alone will not be able to fix these issues. In this webinar, Robin Farrell, Manager, Security Operations EMEA at FireEye will discuss the ways to mitigate this shortage risk:
- The challenge of staying ahead of the attackers with a skills gap
- How ROI on security tools will reduce without the adequate skilled workforce
- Adopting an adaptive defense model and the tools and techniques required
- Benefits of partnering with a threat management organisation
- Lessons learnt from building a SOC
Jack Daniel, Technical Product Manager at Tenable Network Security
"It's a great situation when you have a hobby which becomes a job. And for a lot of hackers, we're doing something for fun, and somebody's going to pay us to do it." Jack Daniel, Technical Product Manager at Tenable and a well-known industry figure, comments on the transformations that many hackers encounter as they enter the world of productivity and management.
Josh Corman, Director of Security Intelligence, Akamai Technologies
"Security issues are permeating every aspect of our personal lives, it's not just our day jobs anymore." Josh Corman, Director of Security Intelligence at Akamai, talks about his research of Anonymous and the social impact of the measures taken to fight "scary hackers."
Andrew Hay, CloudPassage, Michael Schell, Wavestrong; Stuart McClure, Cylance; Matt Johansen, WhiteHat Security
Join thought leaders from the top organizations who presented at BSides LA event as they summarize their presentations and discuss upcoming challenges for security professionals in 2012/13.
Daniel Blander, Organizer, BSides LA (moderator)
Andrew Hay, Chief Evangelist, CloudPassage
Michael Schell, Regional Sales Manager, Wavestrong
Stuart McClure, CEO, Cylance
Matt Johansen, Manager - Threat Research Center, WhiteHat Security