1 Star2 Stars3 Stars4 Stars5 Stars
Loading...
Loading Events

Agenda

  • Registration

    Refreshments & Exhibitor Showcase

  • Welcome address: CLOUDSEC London 2016

    Raimund Genes
    Global CTO
    Trend Micro

  • +Understanding the Differences in the Cybercrime Underground

    Robert McArdle
    EMEA Manager
    Forward Looking Threat Research Team Trend Micro

    Back in 2012 Trend Micro’s FTR team (Forward Looking Threat Research) put out our first criminal underground paper focusing on the cybercrime underground in Russia. Since then we are now on our 3rd Russian paper and have added analysis for China, Brazil, US, Japan, Germany and the Deepweb as well. Recently we looked back over our underground research over the years, and while certain things are common pretty much everywhere (hint – you’d need to be pretty poor at internet searching to not be able to buy a stolen credit card these days) – there are certain things that are unique to each country. Whether its goods for sale, business models, how criminals operate, culture or even just the way the undergrounds are laid out – in this talk we’ll look over each one and show what sets them apart, and what people in each region should bear in mind when defending themselves.
  • +Panel discussion: Key Questions Every CEO Should be Asking About Cyber Security

    – Darren Argyle
    Global Chief Information Security Officer
    Markit

    – Troels Oerting
    Global CISO
    Barclays

    – Michael Wignall
    National Technology Officer
    Microsoft

    – Rik Ferguson
    VP Security Research
    Trend Micro

    Businesses are increasingly dealing with highly targeted and personalised cyberattacks; whether widespread delivery of Ransomware or a one-off email to a CEO asking for a wire transfer, these attacks are tailored to succeed; and they do at an alarming rate. So, at a time of increasing regulation, more risk from cybercriminals, organisations are still full steam ahead with their digital journey and investment into new technologies. The fabric of corporate IT is transforming dramatically with digital investments in web, mobile and social, as well as new shared responsibility models from Cloud providers. Are businesses and security teams really prepared and able to sturdy their organisation through an attack on their people, systems and data? This panel discussion will look at the enterprise digital transformation and the risks that surface along this journey. Speakers will take questions on what drives the numbers game in terms of what causes the most losses and how to prevent them, what contributes to the success of security, and what is the cost of good security versus a poor one.

  • Comfort Break

    Refreshments & Exhibitor Showcase

    • +Protecting Your data in the Cloud

      Stuart Aston
      National Security Officer
      Microsoft
      Download Presentation Slides

      When moving to the cloud what should you consider, how do you manage those risks through a cloud services provider and how can you reduce and better understand your risk by moving to a well-managed cloud service.

      +Pervasive Visibility in the Cloud

      Daniel Poole
      Senior Security Solutions Engineer
      Gigamon
      Download Presentation Slides

      As the take up of cloud services (private and public) keep going from strength to strength the requirements for security have not changed however, how can these tools get the visibility they need to ensure that security is being applied correctly and the tools work effectively. Visibility is key and can be achieve with relative ease with your existing and new tools. Looking at:

      • The challenge that private and public Cloud security brings
      • Why is visibility important in cloud
      • How visibility within cloud can be leveraged by existing on-premise and cloud based security tools

      +Transformation strategies for building a “cloud-confident” enterprise

      David Frith
      Managing Architect
      CGI
      Download Presentation Slides

      Companies are consuming cloud capabilities offered by external suppliers, as well as building them in-house. Often purchasing is done ad-hoc across a variety of cloud services and between multiple suppliers leading to a highly fragmented IT environment. Such environments may include new multi-cloud offerings, hybrid cloud usage, cloud bursting services and a variety of orchestration and enabling third parties. This complexity creates risk and assurance concerns for businesses.

      At a time of headline cyber-attacks and regulatory fines, businesses are seeking confidence. This presentation will map the course of cloud adoption, from architectural design, to live deployments and hyper scale capability. It will provide guidance on navigating the complexities of secure automation in multi cloud environments combined with the use of cloud brokers.
      It will explore how a cloud broker can act as a control point for cloud services and provide a collection of capabilities that enables an organisation to use cloud offerings securely. This includes the ability to:
      • Inspect and change data where required;
      • Encrypt and decrypt data in transit for real-time inspection;
      • Provide Tokenisation and anonymisation services to obfuscate and hide data;
      • Federate Identities transparently between multiple parties;
      • Provide visibility of and the scanning of data within public cloud applications where necessary;
      • Provide additional discovery, analytics, reporting and alerting services;

      Such brokers can detect unsolicited data migrations, usage of unsanctioned cloud services, discover shadow IT and protect data migration within provisioned clouds. The presentation will cover how cloud brokers can provide the confidence required and assure businesses that their use of cloud is secure.

      Lunch Break

      Refreshments & Exhibitor Showcase

    • +Enabling Cloud Security – Its more than just ticking a box

      Puneet Kukreja
      Partner- Cyber Advisory
      Deloitte Australia
      Download Presentation Slides

      Cloud and IoT is now in mainstream adoption phase, often being referred to as the fourth revolution. The presentation will share experiences from early adopters and focus on challenges that vendors will not share when selling cloud enablement services. The effort and areas of focus that are often overlooked when initiating and securing cloud capability within an organisation. The session will commence with a snapshot of how the cloud security market has transformed and advanced over the past few years. The session will then share the learnings from implementation of multiple cloud enablement services, more specifically the challenges from an information security domain. Walk through of experiences of what works and what does not work, learnings and pitfalls that organisations need to be aware of when investing and enabling cloud services. The presentation will explain the typical lifecycle of a cloud ecosystem from contract sign to consumption and reporting. It will then discuss methods on how depending on the service being invoked distinct architectural and operational activities are required to enable success. The presentation will end with a model on how to evaluate and govern cloud services within an organisation which will be more than an audit of the cloud service provider for contractual clauses.

      +Bridging the Office 365 Security Gap

      Mike Smart
      Director of Products & Solutions EMEA
      ForcePoint
      Download Presentation Slides

      Migrating to Office 365? It’s a smart move for most organisations. Market drivers like increasing scope of regulators, an increasingly mobile workforce and the growth of un-sanctioned IT mean that your infrastructure is evolving fast. In this session Forcepoint will discuss the impact of these market forces and how Microsoft Office 365 security packages can address some of these and where they fall short. Forcepoint will present findings and observations from their conversations with IT leaders over the last year. Finally they will cover a blueprint for enterprise-level security that can be extended from protecting existing infrastructure into your shiny new Office 365 deployment!

      +Building a scalable security blueprint for the AWS Cloud

      Nick Holmes
      AWS Architect
      KCOM
      Download Presentation Slides

      This session offers you a review of customer success stories for AWS and Trend Micro Deep Security, utilising autoscaling and automatic deployment.

      Cloud architectures should offer scalable cloud computing power and whether its corporate applications or IOT initiatives, the AWS cloud provides the tools you need to rapidly scale. However, if you don’t get security right from the start of any workload migration to the Cloud, it can slow the rate of return and in some cases impede the ROI you should be getting. In this session, you will learn how organisations on their own path to cloud achieve the benefits of deploying to a hyperscale Cloud provider such as AWS without security slowing this down. Attendees at this session will hear about threats, deployment topology, autoscaling in AWS, scale out and scale back, containerisation and successful architectures. You will take away actionable tips on how to realise benefits of the hyperscale cloud with cloud security-as-a-service acting as an enabler to adoption and consumption.

      Lunch Break

      Refreshments & Exhibitor Showcase

    • +The cybercrime shop: the shadow economy behind the boom in online blackmail

      Geoff White
      Technology Journalist & Producer
      Channel 4

      Tech journalist Geoff White has spent years researching cybercrime and the dark web, where the boom industry is ransomware: a blackmail-based virus campaign that’s run on a global scale.In this presentation he will unpack exclusive research on the topic, showing how much it can cost victims even if they don’t pay the criminals.
      He will explore the burgeoning and surprisingly collaborative cybercrime community running these campaigns. And he will look at the wider issue of how a business’s reaction to such cyber incidents can affect its reputation.

      +Reverse Engineering – Applying Social Engineering Tools and Techniques to protect your organisation and strengthen the human shield

      Jenny Radcliffe
      Social Engineer

      As a life long Social Engineer and professional trainer, there is no one better placed than Jenny Radcliffe to explain how Social Engineering attacks work and how to use the psychology and methods behind them to actually prepare your workforce and protect your organisation.In this talk, Jenny explains some of the main principles behind Social Engineering attacks and talks about why they are so effective. She then discusses how to incorporate Social Engineering as part of your company defences, helping to inform the workforce and create awareness, but also to engage and activate the workforce in proactive measures against Social Engineering attacks. Whether it be general security awareness or a particular targeted campaign, the higher level people skills of Social Engineers can be put to good use, and this talk will help you to understand how.

      +Negligent Cyber Security – How and When did we become liable to third parties?

      Robert Carolina
      Executive Director Institute for Cyber Security Innovation Royal Holloway
      University of London
      Download Presentation Slides

      Cyber security failures can create first party financial loss (e.g., IT remediation costs, loss of IP assets, loss of business) as well as liability to third parties as a result of negligence claims, etc. In this session we will discuss both how and when a cyber security failure causes an organisation to be liable to third parties. We’ll then explore how the pace of technological change drives the pace of changing security responsibility.

      Lunch Break

      Refreshments & Exhibitor Showcase

    • +Trust boundaries in the cloud

      Marc Lueck
      CISO
      Company85
      Download Presentation Slides

      Some well-known organisations have publicly said the cloud is the best place for their most valuable and sensitive customer data, and for enabling their digital strategy. So why do a lot of industry commentators and surveys still report security as the biggest risk and inhibitor of cloud adoption? Trust is what allays fears, and explicit, validated trust is how we manage risk in relationships with a cloud provider. It’s important to understand who to trust, and more importantly, how to trust them. Marc Lueck discusses how to move from implicit trust to explicit, and how to trust even some of the more fast and loose cloud players. Marc will examine the complexities of trust in a mixed environment of on premise and 3rd party data centres, and what fundamentally gives the business the assurance it needs when moving sensitive data to the Cloud.

      +How VMware NSX can help organisations comply with the new European data protection laws

      Andrew Pearce
      EMEA NSX Architect
      VMware
      Download Presentation Slides

      The General Data Protection Regulation (GDPR), has huge implications to organisations large and small in the UK. GDPR requires that organisations are in control of the personal data that they retain, and that security controls to protect this data are “state of the art” and are in place and effective. In this session learn about what implications GDPR will have to your company, and how VMware NSX and Trend Micro can help you to comply with these new regulations.

      +PCI Compliance and the Cloud

      Daniel Farr
      Managing Consultant
      Foregenix
      Download Presentation Slides

      The presentation will focus around key PCI DSS challenges that companies may experience in cloud environments. The presentation will talk and
      expand upon the key subject areas that are identified in the below:
      1. Responsibilities and accountabilities: who is responsible for what in the cloud
      2. Configuration management in the cloud
      3. Security incident identification and response in the cloud
      4. Encryption management in the cloud (Transport encryption in a cloud environment & Data encryption in the cloud)
      5. Data migration into and out of the cloud

      +Defense in depth: practical steps to securing your data and achieving compliance

      Chris Purrington
      VP Sales Europe
      Cohesive Networks
      Download Presentation Slides

      Perimeter-based security approaches have not evolved to meet the modern application-focused enterprise. The weaknesses of the perimeter-based approach are on display in the east/west attacks on Sony, Target, and Home Depot exploits where hackers gained access to the perimeter, then ransacked the internal networks with minimal resistance. What can modern enterprises do? A “defense in depth” approach to security at the network layer. Enterprises must strengthen existing core networking hardware and virtualization layer security with added application security. In data centres, physical network isolation is not practical, and logical segmentation can be very difficult without using evolved networking approaches. As data centers became wholly virtualized and blur the line between data center and private cloud, we can finally add and control logical segmentation at the virtualization layer. This “Application Segmentation” provides the most comprehensive security model available today. You can apply application segmentation defense in depth using Cohesive Networks’ VNS3:turret. VNS3:turret creates a cryptographically unique micro-perimeter around each application topology. This presentation will examine how an defense in depth at the application layer can stop the next Sony attack.

      Comfort Break

      Refreshments & Exhibitor Showcase

    • +Rethinking Security

      Daniel Poole
      Senior Security Solutions Engineer
      Gigamon
      Download Presentation Slides

      Breaches are not only proliferating to impact every corporation organization and citizen, they are also growing in sophistication and frequency. Making headline and impacting on business reputations daily. A rethink about how we secure our IT within the business is needed and we will explore how this can be achieved by looking at:

      • Breach impacts
      • Existing Tool deployment
      • Feeding security tools what they need
      • Metadata
      • Removing tool isolation through API integration

      +Ransomware: The New Normal in Malware

      Liam Puleo
      Pre Sales Technical Consultant
      Heat Software
      Download Presentation Slides

      Learn how Ransomware has become the New Normal in Malware. In this session we will discuss how Ransomware works from Delivery methods through infection to the Ransom demand and how to build a strategy to successfully mitigate the risk of these type of attacks using a Defense-in-Depth approach.

      +Take Control: Empower the People

      Rik Ferguson
      Vice President Security Research
      Trend Micro
      Download Presentation Slides

      Recent news and events give the impression that the world is spinning out of control. The same thing can be said when it comes to technology and cybersecurity. Big data, cloud computing, and developments in mobile and Internet of Things, among others, are also met with unprecedented threats and risks from enterprising cybercriminals and threat actors. Data breaches and online extortion have become the new norm in the threat landscape. This leaves organizations at a constant state of prioritizing the right talent and infrastructure to protect their networks, managing and empowering employees into having a security-savvy mindset, and keeping an eye out on cyber-attacks. This thematic keynote presentation will provide insights on current organizational challenges when it comes to information security and risk management. It will also provide recommendations on how organizations can work past chaotic situations, and it begins by empowering the supposed weakest links—the humans. What better way to empower people than turning them into your best defenders.

      +Protect Against the Known, the Unknown and “Known Unknown” Threats in Your Network

      Elisa Lippincott
      Global Product Marketing Manager
      TippingPoint
      Download Presentation Slides

      Application and system vulnerabilities are an accepted scenario. Yet many companies struggle to patch systems in a timely manner, and in some cases not at all. Security teams must consider breach detection and remediation, as well as pre-emptive threat prevention. In this presentation, Elisa Lippincott will present on the findings of vulnerability research conducted by TippingPoint and the Zero Day Initiative, and where organisations are leaving themselves exposed to attack. Elisa will outline what’s needed to reduce the risk of network attacks, ransomware, zero-day exploits and vulnerabilities across the entire attack lifecycle, and why you need a ‘integrated advanced threat prevention’ strategy.

      Comfort Break

      Refreshments & Exhibitor Showcase

    • +Denial of Service – 2016 Threat Landscape

      Adrian Crawley
      Regional Director Northern EMEA
      Radware
      Download Presentation Slides

      Since the first denial of service (DoS) was launched in 1974, distributed denial of service (DDoS) and other DoS attacks have remained among the most persistent and damaging cyber-attacks. These attacks create complex and dynamic challenges for anyone responsible for cyber security. In this presentation, Adrian will cover a brief overview of common attacks, major attack types and tools, as well as actionable tools and tips for attack detection and mitigation.

      +Red teaming in the cloud

      Peter Wood
      CEO
      First Base Technologies
      Download Presentation Slides

      Criminals and competitors want your data and your data is in the cloud. Cloud services can offer unprecedented opportunities for data theft using a variety of techniques. Simulating attacks using red team methodologies highlights problems with weak authentication, poor access controls and human vulnerabilities. Peter Wood will share some real-world examples of successful attacks and give practical suggestions for mitigating the risk.

      +Incident Response in the Cloud

      Brian Honan
      CEO
      BH Consulting & Founder of IrishCERT
      Download Presentation Slides

      Security is only as effective as the response it generates, and, as recent headlines demonstrate, no organisation is immune from a security breach. The introduction of mandatory data breach notification as part of the EU General Data Protection Regulations (GDPR) and the EU Network Information Security (NIS) Directive places many challenges on how organisations should respond to a security breach. Detecting, managing, and responding to a breach which involves cloud providers provides many other unique challenges. This talk will outline what an organisation needs to consider when preparing for a security breach in the cloud and how best to react should one occur

      +Flexible Working and Virtual Desktop Security

      – Mohamed Inshaff
      Senior Solutions Architect – Hybrid Cloud
      Trend Micro

      – Spencer Pitts
      Chief Technologist – End User Computing Practice EMEA
      VMware
      Download Presentation Slides

      VDI is a common strategy to allow flexible working, improve user experience and if done right, creates significant cost savings. As businesses move toward a mobile workplace environment, there is often challenges with heavy investment in technology and security eroding the many benefits of technologies like VDI. Not getting VDI security right makes security patching for older OS environments difficult, scanning can drain performance and complex hybrid cloud deployments are often expensive to manage. Mobile projects can be costly, and to be successful the user experience has to be very positive and security not slow things down.
      This presentation will show how Trend Micro and VMware have collaborated to bring a unique proposition to customers and partners, offering the ability to create a dynamic platform to support large efficient deployment of virtual desktop and workplace offerings. Essential in a dynamically provisioned desktop is logon time and application availability. Trend Micro’s NSX integrated approach reduces logon time and consumes a 1/3rd of the resources compared to comparable traditional solutions giving a “light & lean” impact on the protected virtual desktop. In this presentation you will hear about:
      • Agentless deployment with NSX (Hypervisor API integrated VM based security policy removes agent from desktop)
      • Reduced resource requirement for security tasks (VMware enabled Scancache feature reduces resource requirements for Scan task)
      • Real time integration of trend Security and VMware VM management (Dynamic policy deployment and protection for non-persistent desktops)
      • Network, Host based, and Audit controls (Light and Lean intelligent deployment)

      Comfort Break

      Refreshments & Exhibitor Showcase

  • +Panel Discussion: Charting successes and developing initiatives for tackling global cyber-crime

    – Philipp Amann
    Acting Head of Strategy EC3
    Europol

    – Bob Flores
    Partner
    Cognitio Corp (ex CTO, CIA)

    – Timothy Wallach
    Supervisory Special Agent – Cyber Task Force
    FBI

    – Charlie McMurdie
    Senior Cyber Crime Advisor
    PWC

    Often described as an ‘arms race’ the fight to overcome cybercrime is often a thankless task and like many preventative initiatives it’s only discussed when things go wrong. In the online world of cybercrime syndicates, aggressive nation state hackers and disgruntled activists, when it does go wrong, everyone gets to hear about it. How do we as cyber security custodians cut through the media onslaught to better understand the lay of the land, the risks we’re really facing and the global initiatives that are doing good. How do we shift our focus to better learn from security events and share intelligence amongst our community? This panel discussion will address the current approaches from governments, law enforcement and industry, and the micro and macro initiatives we can take to further develop the ‘good-guys’ capability in overthrowing the ‘bad-guys’.

  • Closing address: CLOUDSEC London 2016

    Raimund Genes
    Global CTO
    Trend Micro


Speakers

Adrian Crawley

Regional Director EMEA
Radware

Alex Hilton

Chief Executive
Cloud Industry Forum (CIF)

Andrew Pearce

EMEA NSX Architect
VMware

Bob Flores

Founder & Partner
Cognitio Corp

Brian Shorten

Co Founder & Chairman
Charities Security Forum (CSF)

Charlie McMurdie

Senior Cyber Crime Advisor
PwC

Chris Purrington

Managing Director & Global Sales Director
Cohesive Networks

Daniel Farr

Managing Consultant
Foregenix

Daniel Poole

Senior Security Solutions Engineer
Gigamon

Darren Argyle

Global Chief Information Security Officer
Markit

David Frith

Managing Architect
CGI

Elisa Lippincott


Trend Micro

Geoff White

Technology Journalist
Channel 4

Jenny Radcliffe

Social Engineering

Liam Puleo

Pre Sales Technical Consultant
Heat Software

Marc Lueck

CISO
Company85

Michael Wignall

National Technology Officer
Microsoft

Mike Smart

Director of Products & Solutions EMEA
Forcepoint

Mohamed Inshaff

Senior Solutions Architect – Hybrid Cloud
Trend Micro

Nick Holmes

AWS Architect
KCOM

Paul Fisher

Research Director
Pierre Audoin Consultants (CXP Group)

Peter Wood

Chief Executive Officer
First Base Technologies

Philipp Amann

Acting Head of Strategy
EC3 Europol

Puneet Kukreja

Partner, Cyber Advisory
Deloitte Australia

Raimund Genes

Global CTO
Trend Micro

Rik Ferguson

VP Security Research
Trend Micro

Robert Carolina

Executive Director, Institute for Cyber Security Innovation
Royal Holloway University of London

Robert McArdle

Manager Threat Research Team
Trend Micro

Spencer Pitts

Chief Technologist – End User Computing Practice EMEA
VMware

Stuart Aston

National Security Officer
Microsoft

Timothy Wallach

Supervisory Special Agent
FBI

Troels Oerting

Global Chief Information Security Officer
Barclays



Hosted By

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Supporting Organizations

Exhibitors

Media Partners