All Articles

Keynote Turbo Talks

Protecting SCADA environments

Daniel Lakier, CTO & President at SeeGee Technologies

This talk will take you through the fundamentals followed by the advanced levels of SCADA. What is SCADA, Why do we need to care, What are the Risks & Challenges,Operational Practical ( IT challenges), Why the traditional answer isn't enough. According to Daniel, The best answer today is Stealth Networking and next generation two factor authentication.

Network Machine Learning and the Security Industry: Past, Present, And Future

Bob (Robert H) Klein, Black Hat 2015 Speaker

Lessons learnt from recent Cyber-attacks on SAP systems

Alexander Polyakov 

This talk will take you through the past attacks on SAP systems in history and 10 lessons learnt from it. 

Since for a long time, almost no real attacks on SAP and Oracle ERP systems were known to the public, it gave CISOs a false sense of security. While the number of breaches in less critical applications was increasing rapidly, and so was the awareness, only a small group of professionals were aware of attacks on business applications. The most popular example of such fraud was to create a fake vendor and a payment order for this vendor and then to approve it. According to the Association of Certified Fraud Examiners, losses from internal fraud constitute 7% of profit on average. To prevent those types of attacks, the segregation of duties concept was created. ERP security isn’t limited to SoD. The issue of unauthorized access to system and user accounts via vulnerabilities now matters. Moreover, the increasing number of SAP vulnerabilities in ERP systems (from 100 in 2007 to 3500 in 2015 only in SAP) makes these issues more critical than ever. But what’s more important, in 2012 we saw a first sight of cyber-attack via SAP Vulnerabilities. Our predictions proved accurate and by now we have witnessed a number of examples from Anonymous attacks on Greek Ministry of Finance via SAP to the attest breach of US Investigation Services (a largest subcontractor of OPM) that led to company’s bankruptcy. In this talk, take a look at the history of ERP attacks and learn 10 lessons how to avoid them.

Building Immune Systems For Our Enterprises: Detecting Emerging Threats in real Time

Dave Palmer, Director of Technology, Darktrace

This talk will take you through a new perspective to realize how the math evolves to detect and emerge from the threats. Learn the algorithms behind, statistics, probability, the techniques, its evolution and how it can create the immune system for your organization.

United Nation's program to help developing nations in IT Security

Paul Raines - CISO, United Nations Development Programme

Cybersecurity assistance for developing nations. This talk will highlight a new initiative within the United Nations Development Programme (UNDP) to provide cybersecurity assistance to the governments of developing nations to help protect their critical national infrastructure and digital economies. UNDP uses its own experienced, award winning cybersecurity team instead of hiring expensive, outside consultants. Thus, UNDP can deliver services to its clients at less cost, less overhead and with the hands-on experience of a team of world recognised experts. The services to be provided include cybersecurity training, risk assessment, incident response training and exercises, training in business continuity/disaster recovery and preparation for ISO 27001 certification.

Sessions

Forensics & Incident Response Essentials 

Sachin 

This workshop session will help you to peek into the fundamentals of Incident Response,       Incident Response Stages: Preparation, Identification, Containment, Eradication, Recovery & Memory Forensics in Incident Response. This can be attended as hands on 2 day training. To know more Click here

Network Forensic Tools & Techniques 

Tamaghna Basu

This talk will explore an Introduction to network forensics, The Basic protocol analysis, Forensic analysis network/web/malware, Basic packet analysis challenges. This can be attended as hands on 2 day training. To know more Click here

Application Security Workshop - IAST, RASP, Real Time Polymorphism

Nilanjan De & Jitendra Chauhan

This talk will explore Understanding IAST/RASP,Realtime Polymorphism.

Some areas covered under IAST/RASP would be Web Security Evolution, Marketing view of RASP and IAST, Science Behind RASP and IAST, Way Forward.

Some areas covered under Realtime Polymorphism would be Polymorphism, Automated attacks, Threat model and attack vectors, Reference Polymorphism, Field Polymorphism., advantages, Limitations.

A brief demonstration and behavior of the  technologies will leave you awed, a much appreciated session in the past.

Threat Intelligence Workshop

Bikash Barai

This talk will explore the Key components i.e. (People, Process and Technology), Threat Intelligence Maturity model, Threat Collection & Analysis eg. OSINT, Integrating Actionable Intelligence,Technology and Vendor Landscape. Find frameworks and checklists to build on for your next threat intelligence project!

Legal Workshop

This talk will explore the legalities you need to know, the key priorities and things to keep in mind. Explore with some common mistakes and get info on the go to resources!

Cloud Access Security Brokers Workshop

Ravi Mishra

This talk will explore the Technology Taxonomy for Cloud Security, Key components of cloud security architecture, Blue print to build your cloud security program & Basics of Cloud Security Access Brokers. Find frameworks and checklists to build on for your next CASB implementation project!

Security Analytics and SOC up-gradation workshop

This talk will explore from fundamentals to advanced of Security Analytics from how to use it to its requirement in your organization. For a recent implementation, this can garner you some tips and also some good connect to useful resource.

DDOS Workshop

This talk will explore from fundamentals to advanced of DDOS from how to use it to its requirement in your organization. For a recent implementation, this can garner you some tips and also some good connect to useful resource.

Security Metrics and Dashboard Workshop

Bikash Barai

This talk will explore the Challenges & Gaps, Board Meeting Goals, Metrics-Measuring Security, Dashboard-Calculate & Show $ Lost,  Measures- What If Breached?,  Tools for Benchmarking your organization’s security,  How to Involve The Board & Educate Them. Access Basic Template Find frameworks and checklists to build on for your next threat intelligence project!

Identity & Access Management Workshop

Manjula Sridhar

This talk will explore the Challenges & Gaps, Fundamentals, PIM as an aspect of IAM, Tools and techniques, taxonomy and vendor mapping for IAM, Need assessment and evaluation checklists. Access Basic Template Find frameworks and checklists to build on for your next threat intelligence project!

IT GRC Workshop

Ravi Mishra

This talk will explore Key Components and Architecture for GRC,  How to Jumpstart your GRC program with freely available tools and content,Overview of Free Tools that you can use today,  Complete Vendor and Technology Taxonomy,  Customer Satisfaction based Rating of vendors along with Analysts opinion, Checklist to evaluate a GRC Vendor, CISOs who implemented GRC to share their real life experiences. Find frameworks and checklists to build on for your next CASB implementation project!

Security Architecture Workshop

Arnab Chakraborty & Bikash Barai

This talk will explore various challenges, techniques and fundamentals for implementing a secure architecture. Learn it from scratch and find some ready made, go to material. Find frameworks and checklists to build on for your next threat intelligence project!

WarGame Sessions

Successful Implementation of Incident Response Program

Building Security Dashboard and Metrics for Your Enterprise

Building Security Maturity Model for Banks

Successful Implementation of SIEM Program

Successful Implementation of IT GRC Program

Successful Implementation of IAM Program