Education Seminars

Session 1 - 10.20 - 11.00

Session 2 - 12.50 - 13.30

Session 3 - 15.50 - 16.30

Session 1
Raytheon | Websense- Cyber Security 2015 - Beyond Belief



Carl Leonard, Principal Security Analysts, Raytheon|Websense

In this session, Principal Security Analyst, Carl Leonard, digs deep into the Raytheon|Websense threat intelligence network to reveal some cyber security facts that you may find hard to believe.

What attendees will learn: 
  • How is the cyber security industry *actually* faring compared to the threats we encounter today…and will face tomorrow?
  • Threat galaxies – what’s that? And most targeted UK industry sectors.
  • Do I need to worry about the Internet of Things? (IoT) And will my next car be vulnerable to a Blackhat?
Return Path- Spoof Alert: The Silent Rise of False Authority



Neil Hammet, Head of EMEA Operations, Email Fraud Protection, Return Path
 
The key to a successful phishing campaign is credibility - making the recipient believe that the email in their inbox is official. Times are now changing, and with the rising adoption rate of DMARC, it is becoming increasingly difficult for phishers to get credible email into the inbox.
 
What attendees will learn: 
  • What is the new sub-category of brand spoofing or “false-authority” 
  • How to overcome such attacks that use domains not in your control 
  • Why these emails can be so lethal to unsuspecting consumers
Fox-IT- Mitigating Dyre & Dridex using STIX/TAXII & real-time event analytics



Maurits Lucas, Business Director InTELL, Fox-IT

The criminal business models have evolved: less investments per target, and corporate muling have altered the way channels are targeted. Traditional mitigation models have difficulty with the manual processes of criminal operators. 

What attendees will learn:
  • How can contextual feeds form a first line of defense
  • What real-time event analytics can give you 
  • Do you know how to detect Dyre & Dridex
Infoblox - Stop the bad guys exploiting your DNS



Dr Malcolm Murphy, Systems Engineering Manager, Infoblox
 
DNS is a great tool for bad guys to exploit.  They can use it for DDoS attacks, propagating malware and stealing data from your organisation.  And they are: it’s up there with HTTP/S as the most popular attack vector. Most people are blissfully unaware that this is happening in their organisation.  Learn about how DNS is being exploited today, how this translates into risks to your organisation and steps you should take to protect your organisation’s data and reputation.
 
What Attendees will learn:
  • Why DNS is great tool for bad guys to exploit
  • How the bad guys use DNS to steal data from organisations
  • Why existing security technologies typically don’t know this is happening, let alone stop it
  • A simple way to check if your DNS infrastructure is being taken advantage of
  • How to protect yourself against future exploitation, and have the management information to prove it.
HP- Think like the bad guy” - Industry trends and disrupting the adversary



Tim Grieveson, Chief Cyber Strategist Enterprise Security Products, Hewlett-Packard Company

A look back at security developments over the course of the year serves an important purpose for those charged with shaping enterprise security responses and strategies. In the wake of the significant breaches of 2014 and the ever changing threat landscape, we at HP Enterprise Security Products believe it’s even more important than ever that our cyber security research continues to provide an elevated perspective on the overall trends in the marketplace. 
 
What attendees will learn:
 
Tim and ex CIO and CISO himself will: 
  • Highlights of the key findings from the Ponemon 2015 Cost of Cyber Crime Study
  • Analysis of the HP 2015 Cyber Risk Reports 
  • A perspective on how to fight the bad guys
Glasswall- Innovation vs Regulation - Changes to the EU Data Protection Act are looming – are you ready?



Lewis Henderson, Consultant, Glasswall Solutions

With proposed data breach fines of up to 5% of global revenues, regardless of geographic base, this affects every organisation operating within the EU. Passing new EU Legislation to create an advanced Digital Society is high on the agenda within the EU Commission, there is no debate and no delay – these changes are happening. Revealed during the session are potential risks that organisations are currently unaware of, can’t quantify nor react to, even with state of the art conventional protection, and we will explain just how documents can be used as weapons during a cyber breach. 
 
Attendees will learn:
  • Where are organisations at risk and what can be done to raise awareness, gain management buy in and start to prepare
  • Updates of the new EU regulations on Mandatory Public Notification, increased compliance costs and the potential for increased fines
  • The upcoming risks that organisations are unaware of, can’t quantify nor react to and the state of the art conventional protection
  • Practical advice on changing the paradigm of looking for bad, by only allowing known good, trusted and structured documents based on auditable standards to reduce risk of breaches occurring
Experian- The Digital Journey – Creating better, safer digital journeys



Hugh Steed, Director Sales Engineering UK,  Experian & Anne Green, Business Development & Innovation Director, Experian

This presentation looks at the challenges involved in maintaining customer experience whilst minimising friction, during acquisition and through the life-cycle of an account. From years of experience working with tier-one financial institutions, e-commerce, airlines and telcos, Hugh will inform and educate attendees on how to counter online fraud and cyber-crime attacks on their businesses.
 
What attendees will learn:
  • Best practice for delivering secure online access to customer’s accounts
  • What is the best approach to building customer and device credibility
  • Minimising the impact of security on customer experience and turning it into a positive 
  • The latest thinking on how to counter online fraud and cyber-attacks

Session 2
RiskIQ- Are You Monitoring Third Party Component Usage?



Terry Bishop, Solutions Architect, RiskIQ

Third party components have become an integral part of modern web sites; providing new capabilities customers expect,  helping organisations better segment and track customer behavior, but also introducing new security vulnerabilities that can sit outside the eyes of the security team. Third-party technologies now control a large percentage what appears in our users’ browsers. However, we don’t have visibility or control into what is actually being delivered into the page. This is the new frontier in the battle against malware. As we’ll show in RiskIQ research and real world examples, cyber criminals are targeting third-party technologies and libraries in order to break into our sites.

What attendees will learn:
  • Explore the different class of 3rd party components; Widgets, beacons, ads, client side code
  • Risks associated with each class
  • Best practice advice 
Zscaler- Re-thinking Perimeter Security - Why Leading Organisations Are Moving To Security-as-a-Service



Charles Milton, EMEA Channel Director, Zscaler

Traditionally, large organisations have adopted a “do it yourself” approach to perimeter security, procuring best of breed appliances with associated maintenance and consulting services. The acquisition costs for this approach are quite high, but they can be dwarfed by the 3-5 year operational costs. And despite this bespoke approach, in the end your security posture remains the same, and you still own all the risk.

What attendees will learn:
  • Why a “do it yourself” approach to perimeter security is too costly and still not effective
  • Amid a changing landscape and growing influence of cloud, mobile and BYOD technology, how can you think about security in a totally different way
  • With more sophisticated cyber attacks, large organisations are rethinking security, are you up to date with some of the world's largest organizations
Experian- The Digital Journey – Creating better, safer digital journeys



Hugh Steed, Director Sales Engineering UK,  Experian & Anne Green, Business Development & Innovation Director, Experian

This presentation looks at the challenges involved in maintaining customer experience whilst minimising friction, during acquisition and through the life-cycle of an account. From years of experience working with tier-one financial institutions, e-commerce, airlines and telcos, Hugh will inform and educate attendees on how to counter online fraud and cyber-crime attacks on their businesses.
 
What attendees will learn:
  • Best practice for delivering secure online access to customer’s accounts
  • What is the best approach to building customer and device credibility
  • Minimising the impact of security on customer experience and turning it into a positive 
  • The latest thinking on how to counter online fraud and cyber-attacks
Qualys- Anatomy of an Attack



LIVE DEMO

Wolfgang Kandek, CTO, Qualys 


Cyberattacks are happening in increasing frequency in both industry and government all over the world. The latest Verizon Data Breach Report provides some insight into the current state, which the German Federal Office for Information Security recently described as "Digital Carelessness". 

What attendees will learn: 
  • What are the tactics used by attackers.
  • Demonstration of some of the same tools used by attackers.
Osirium- Separating people from passwords and how to tell who did what where and when



Kev Pearce, CTO, Osirium
 
What a lot of people do not realise is that password policies can actually make attacking your organisation easier. With Identity, you now know who has done what, where and when. This can become a formidable deterrent against e-crime in the first place. Should an e-crime be committed, Identity based analytics are the best evidential and forensic tools to have at your disposal. 
 
Attendees will learn:
  • How new darknet resources can recover passwords from 'one way' hashes
  • How to separate people from passwords and how identity fits into the authentication picture
  • Attack vectors that make privileged accounts the most sought after assets for attackers
Kroll Ontrack- Project Gumtree: A computer forensics experiment and case study



Tony Dearsley, Principal Computer Forensics Consulant, Legal Technologies, Kroll Ontrack

Is data ever truly deleted? What exactly can you recover from a blank hard drive? Is it safe to buy or sell second hand computer hardware? Kroll Ontrack’s computer forensics team conducted an experiment to show the power of digital forensic investigation and to answer these frequently asked questions in an practical and accessible way. 
 
Armed with just £20, Kroll Ontrack’s forensic team purchased and forensically analysed four blank hard drives from community selling portal, Gumtree .  Although the seller had advertised the hard drives as coming from old family laptops, Kroll Ontrack’s forensics team was able to uncover a wealth of fascinating (and incriminating) data… Kroll Ontrack’s seminar will tell the whole story of Project Gumtree , including details of what was found on the hard drives.
 
What attendees will learn:
  • Forensic imaging and data preservation
  • Digital forensic investigation techniques 
  • What kinds of data can be forensically recovered
  • Computer security 
HP- Think like the bad guy” - Industry trends and disrupting the adversary



Tim Grieveson, Chief Cyber Strategist Enterprise Security Products, Hewlett-Packard Company

A look back at security developments over the course of the year serves an important purpose for those charged with shaping enterprise security responses and strategies. In the wake of the significant breaches of 2014 and the ever changing threat landscape, we at HP Enterprise Security Products believe it’s even more important than ever that our cyber security research continues to provide an elevated perspective on the overall trends in the marketplace. 
 
What attendees will learn:
 
Tim and ex CIO and CISO himself will: 
  • Highlights of the key findings from the Ponemon 2015 Cost of Cyber Crime Study
  • Analysis of the HP 2015 Cyber Risk Reports 
  • A perspective on how to fight the bad guys

Session 3
NetNames- How to keep your brand and company protected against today's new and emerging online threats



David Franklin, Global Sales Director, NetNames

The continued growth of digital channels – especially social media and mobile apps - provides a fertile environment for your brands to be targeted by online criminals.  Your customers, employees and potential employees will be exposed to fraudulent and misleading adverts and websites, all designed to trick and confuse.  Whether it is a recruitment scam, phishing site, rogue domain name registration, fake mobile app or the sale of counterfeit products on an online marketplace, all of these could potentially pose a significant threat to your company.  In particular, the increased pace of mobile app downloads gives brands a great opportunity to interact with their customers but at the same time provides a fertile environment for online criminals to target, making mobile apps a fast-growing area of concern. Is your business equipped to meet this new challenge and protect your investment, sales revenues and ultimately your customers? There has never been a more compelling reason for businesses to identify the biggest threats facing their individual brands, prioritise those that pose the greatest risk and proactively take action against infringements. This session will help you to understand what can be done and what is right for your organisation.
 
What attendees will learn:
  • Through real-life examples taken from our extensive industry experience, we will show you how to implement a broad online monitoring and enforcement strategy to stay one step ahead of the fraudsters and infringements online
  • How social media sites have become established channels for fraud, trademark infringements and counterfeiting
  • Tips on the enforcement process: what you can do to stop the criminals in their tracks
  • How you can also use the internet as a rich source of information when doing an online investigation, providing a potential ‘litigation pack’ of information for further legal action.
CybelAngel- Russian cybercrime: how to maximize damages and profit with a social security number instead of a Kalashnikov



Apolline Aigueperse, Cybersecurity Analyst, CybelAngel

When you think about Russian mafia you imagine Kalashnikovs, drugs and hookers. But there is another side that does not come straight to mind although it is probably as dark and as dangerous: Russian cybercrime. Over the last years, Russian hackers have become experts when it comes to stealing credit card data and reselling them to either skilled or wannabe fraudsters. 
 
For this reason, Russian forums dedicated to such an activity have been recently thriving both on the seller and on the buyer sides: more and more hackers see potential profits in reselling stolen credit card and associated data, while fraud schemes become appealing to more and more people as they are growing easier to organize. 
 
In order to get a better grasp on this obscure and loose organization, we set apart and parsed a dozen of forums in a state of the art fashion so as to analyze them both on the macro- and the micro-level of socio-economic relationships. 
 
The Russian cyber-underground is one-of-a-kind when it comes to its structure and its organization: it managed to achieve a perfect and unexpected balance between a high degree of uncertainty, a solid resilience, sellers with “loner” behaviors and centralized forms of authorities. 
This fragile balance has also, somewhat surprisingly, enabled this underground marketplace to be extremely adaptive in its offer, evolving from a profit-centric market to a customer- and end-usage-oriented one. 
 
All these quite unique characteristics make up for a very fertile ground for a new kind of mafia to emerge and thrive, one that will be probably as difficult to dismantle as any physical weapons or drug cartel. 
 
What will the attendees learn : 
  • Which economical and structural factors drive the growth of Russian cybercrime?
  • What makes the Russian stolen data market so resilient and unique?
  • What is the typical profile of a Russian cybercriminal?
  • What will be the future trends on this black market?
Fox-IT- The eCrime world after Slavik



Maurits Lucas, Business Director InTELL, Fox-IT

“Slavik and his “businessclub” have changed the eCrime world. Criminals have found new crime ware tools, while former businessclub affiliates have created new ones. 

What attendees will learn: 
  • How has the threat landscape evolved.
  • How have criminals changed their business models. 
  • What are the new tools and methods criminals are using.
iBoss Cybersecurity- Closing the security gap



Simon Eappariello, SVP Product & Engineering, EMEIA, iBoss Cybersecurity

Organisations have traditionally used preventative and detective security to protect their assets. As the threat landscape becomes more complex and data breaches more common place a change in posture is needed to close the security gap, and contain data exfiltration between the infection stage and the detection time. 
 
What attendees will learn:
  • How prevention and detection play their parts 
  • How post infection detection can be achieved
  • How network visibility can enhance anomaly detection
  • How network baselining can highlight data exfiltration attempts 
Qualys- Anatomy of an Attack



LIVE DEMO

Wolfgang Kandek, CTO, Qualys 


Cyberattacks are happening in increasing frequency in both industry and government all over the world. The latest Verizon Data Breach Report provides some insight into the current state, which the German Federal Office for Information Security recently described as "Digital Carelessness". 

What attendees will learn: 
  • What are the tactics used by attackers.
  • Demonstration of some of the same tools used by attackers.