1 Star2 Stars3 Stars4 Stars5 Stars
Loading...
Loading Events

Agenda

  • Registration

    Refreshments & Exhibitor Showcase

  • Welcome address: CLOUDSEC London 2016

    Raimund Genes
    Global CTO
    Trend Micro

  • +Understanding the Differences in the Cybercrime Underground

    Robert McArdle
    EMEA Manager
    Forward Looking Threat Research Team Trend Micro

    Back in 2012 Trend Micro’s FTR team (Forward Looking Threat Research) put out our first criminal underground paper focusing on the cybercrime underground in Russia. Since then we are now on our 3rd Russian paper and have added analysis for China, Brazil, US, Japan, Germany and the Deepweb as well. Recently we looked back over our underground research over the years, and while certain things are common pretty much everywhere (hint – you’d need to be pretty poor at internet searching to not be able to buy a stolen credit card these days) – there are certain things that are unique to each country. Whether its goods for sale, business models, how criminals operate, culture or even just the way the undergrounds are laid out – in this talk we’ll look over each one and show what sets them apart, and what people in each region should bear in mind when defending themselves.
  • +Panel discussion: Key Questions Every CEO Should be Asking About Cyber Security

    – Troels Oerting
    Global CISO
    Barclays

    – Michael Wignall
    National Technology Officer
    Microsoft

    – Rik Ferguson
    VP Security Research
    Trend Micro

    Businesses are increasingly dealing with highly targeted and personalised cyberattacks; whether widespread delivery of Ransomware or a one-off email to a CEO asking for a wire transfer, these attacks are tailored to succeed; and they do at an alarming rate. So, at a time of increasing regulation, more risk from cybercriminals, organisations are still full steam ahead with their digital journey and investment into new technologies. The fabric of corporate IT is transforming dramatically with digital investments in web, mobile and social, as well as new shared responsibility models from Cloud providers. Are businesses and security teams really prepared and able to sturdy their organisation through an attack on their people, systems and data? This panel discussion will look at the enterprise digital transformation and the risks that surface along this journey. Speakers will take questions on what drives the numbers game in terms of what causes the most losses and how to prevent them, what contributes to the success of security, and what is the cost of good security versus a poor one.

  • Comfort Break

    Refreshments & Exhibitor Showcase

    • +Protecting Your data in the Cloud

      Stuart Aston
      National Security Officer
      Microsoft

      When moving to the cloud what should you consider, how do you manage those risks through a cloud services provider and how can you reduce and better understand your risk by moving to a well-managed cloud service.

      +Transformation strategies for building a “cloud-confident” enterprise

      David Frith
      Managing Architect
      CGI

      Companies are consuming cloud capabilities offered by external suppliers, as well as building them in-house. Often purchasing is done ad-hoc across a variety of cloud services and between multiple suppliers leading to a highly fragmented IT environment. Such environments may include new multi-cloud offerings, hybrid cloud usage, cloud bursting services and a variety of orchestration and enabling third parties. This complexity creates risk and assurance concerns for businesses.

      At a time of headline cyber-attacks and regulatory fines, businesses are seeking confidence. This presentation will map the course of cloud adoption, from architectural design, to live deployments and hyper scale capability. It will provide guidance on navigating the complexities of secure automation in multi cloud environments combined with the use of cloud brokers.
      It will explore how a cloud broker can act as a control point for cloud services and provide a collection of capabilities that enables an organisation to use cloud offerings securely. This includes the ability to:
      • Inspect and change data where required;
      • Encrypt and decrypt data in transit for real-time inspection;
      • Provide Tokenisation and anonymisation services to obfuscate and hide data;
      • Federate Identities transparently between multiple parties;
      • Provide visibility of and the scanning of data within public cloud applications where necessary;
      • Provide additional discovery, analytics, reporting and alerting services;
      Such brokers can detect unsolicited data migrations, usage of unsanctioned cloud services, discover shadow IT and protect data migration within provisioned clouds. The presentation will cover how cloud brokers can provide the confidence required and assure businesses that their use of cloud is secure.

      +Pervasive Visibility in the Cloud

      Daniel Poole
      Senior Security Solutions Engineer
      Gigamon

      As the take up of cloud services (private and public) keep going from strength to strength the requirements for security have not changed however, how can these tools get the visibility they need to ensure that security is being applied correctly and the tools work effectively. Visibility is key and can be achieve with relative ease with your existing and new tools. Looking at:

      • The challenge that private and public Cloud security brings
      • Why is visibility important in cloud
      • How visibility within cloud can be leveraged by existing on-premise and cloud based security tools

      Lunch Break

      Refreshments & Exhibitor Showcase

    • +Enabling Cloud Security – Its more than just ticking a box

      Puneet Kukreja
      Partner- Cyber Advisory
      Deloitte Australia

      Cloud and IoT is now in mainstream adoption phase, often being referred to as the fourth revolution. The presentation will share experiences from early adopters and focus on challenges that vendors will not share when selling cloud enablement services. The effort and areas of focus that are often overlooked when initiating and securing cloud capability within an organisation. The session will commence with a snapshot of how the cloud security market has transformed and advanced over the past few years. The session will then share the learnings from implementation of multiple cloud enablement services, more specifically the challenges from an information security domain. Walk through of experiences of what works and what does not work, learnings and pitfalls that organisations need to be aware of when investing and enabling cloud services. The presentation will explain the typical lifecycle of a cloud ecosystem from contract sign to consumption and reporting. It will then discuss methods on how depending on the service being invoked distinct architectural and operational activities are required to enable success. The presentation will end with a model on how to evaluate and govern cloud services within an organisation which will be more than an audit of the cloud service provider for contractual clauses.

      +Bridging the Office 365 Security Gap

      Mike Smart
      Director of Products & Solutions EMEA
      ForcePoint

      Migrating to Office 365? It’s a smart move for most organisations. Market drivers like increasing scope of regulators, an increasingly mobile workforce and the growth of un-sanctioned IT mean that your infrastructure is evolving fast. In this session Forcepoint will discuss the impact of these market forces and how Microsoft Office 365 security packages can address some of these and where they fall short. Forcepoint will present findings and observations from their conversations with IT leaders over the last year. Finally they will cover a blueprint for enterprise-level security that can be extended from protecting existing infrastructure into your shiny new Office 365 deployment!

      +Building a scalable security blueprint for the AWS Cloud

      Nick Holmes
      AWS Architect
      KCOM

      This session offers you a review of customer success stories for AWS and Trend Micro Deep Security, utilising autoscaling and automatic deployment.

      Cloud architectures should offer scalable cloud computing power and whether its corporate applications or IOT initiatives, the AWS cloud provides the tools you need to rapidly scale. However, if you don’t get security right from the start of any workload migration to the Cloud, it can slow the rate of return and in some cases impede the ROI you should be getting. In this session, you will learn how organisations on their own path to cloud achieve the benefits of deploying to a hyperscale Cloud provider such as AWS without security slowing this down. Attendees at this session will hear about threats, deployment topology, autoscaling in AWS, scale out and scale back, containerisation and successful architectures. You will take away actionable tips on how to realise benefits of the hyperscale cloud with cloud security-as-a-service acting as an enabler to adoption and consumption.

      Lunch Break

      Refreshments & Exhibitor Showcase

    • +The cybercrime shop: the shadow economy behind the boom in online blackmail

      Geoff White
      Technology Journalist & Producer
      Channel 4

      Tech journalist Geoff White has spent years researching cybercrime and the dark web, where the boom industry is ransomware: a blackmail-based virus campaign that’s run on a global scale.In this presentation he will unpack exclusive research on the topic, showing how much it can cost victims even if they don’t pay the criminals.
      He will explore the burgeoning and surprisingly collaborative cybercrime community running these campaigns. And he will look at the wider issue of how a business’s reaction to such cyber incidents can affect its reputation.

      +Reverse Engineering – Applying Social Engineering Tools and Techniques to protect your organisation and strengthen the human shield

      Jenny Radcliffe
      Social Engineer

      As a life long Social Engineer and professional trainer, there is no one better placed than Jenny Radcliffe to explain how Social Engineering attacks work and how to use the psychology and methods behind them to actually prepare your workforce and protect your organisation.In this talk, Jenny explains some of the main principles behind Social Engineering attacks and talks about why they are so effective. She then discusses how to incorporate Social Engineering as part of your company defences, helping to inform the workforce and create awareness, but also to engage and activate the workforce in proactive measures against Social Engineering attacks. Whether it be general security awareness or a particular targeted campaign, the higher level people skills of Social Engineers can be put to good use, and this talk will help you to understand how.

      +The importance of digital trust and ethics, and how to achieve it

      Robert Carolina
      Executive Director Institute for Cyber Security Innovation Royal Holloway
      University of London

      Do you trust the technology you use and the companies that provide it? That’s not as straightforward a question as it may seem – according to research by Accenture, 83% of executives agree that trust is the cornerstone of the digital economy. But trust today and into the future is not just about information security – important as that is.

      Do you trust the organisations that use your personal data? Do you trust your ecommerce provider to deal with problems fairly?
      What are the ethical considerations around emerging areas of technology such as internet of things, automation and artificial intelligence?

      These questions and more like them represent growing business risks relating to trust and ethics that IT leaders will increasingly have to consider – if you are not already. In this presentation Robert Carolina will share his perspective on the importance of digital trust and ethics, and how organisations can achieve it.

      Lunch Break

      Refreshments & Exhibitor Showcase

    • +Trust boundaries in the cloud

      Marc Lueck
      CISO
      Company85

      Some well-known organisations have publicly said the cloud is the best place for their most valuable and sensitive customer data, and for enabling their digital strategy. So why do a lot of industry commentators and surveys still report security as the biggest risk and inhibitor of cloud adoption? Trust is what allays fears, and explicit, validated trust is how we manage risk in relationships with a cloud provider. It’s important to understand who to trust, and more importantly, how to trust them. Marc Lueck discusses how to move from implicit trust to explicit, and how to trust even some of the more fast and loose cloud players. Marc will examine the complexities of trust in a mixed environment of on premise and 3rd party data centres, and what fundamentally gives the business the assurance it needs when moving sensitive data to the Cloud.

      +How VMware NSX can help organisations comply with the new European data protection laws

      Andrew Pearce
      EMEA NSX Architect
      VMware

      The General Data Protection Regulation (GDPR), has huge implications to organisations large and small in the UK. GDPR requires that organisations are in control of the personal data that they retain, and that security controls to protect this data are “state of the art” and are in place and effective. In this session learn about what implications GDPR will have to your company, and how VMware NSX and Trend Micro can help you to comply with these new regulations.

      +Getting PCI right in the Cloud

      Benjamin Hosack
      Director
      Foregenix

      Ensuring you have the right security and controls in the cloud will steady you through an attack. However the regulators want organisations to have more control over their data; where it resides, what controls in place and who has access. Doing this in the cloud creates challenges with shared infrastructure and flow of data between cloud brokers, suppliers and 3rd party data handlers. This presentation will provide practical steps for getting PCI right in the cloud and reducing your risk exposure in the Cloud.

      +Defense in depth: practical steps to securing your data and achieving compliance

      Chris Purrington
      VP Sales Europe
      Cohesive Networks

      Perimeter-based security approaches have not evolved to meet the modern application-focused enterprise. The weaknesses of the perimeter-based approach are on display in the east/west attacks on Sony, Target, and Home Depot exploits where hackers gained access to the perimeter, then ransacked the internal networks with minimal resistance. What can modern enterprises do? A “defense in depth” approach to security at the network layer. Enterprises must strengthen existing core networking hardware and virtualization layer security with added application security. In data centres, physical network isolation is not practical, and logical segmentation can be very difficult without using evolved networking approaches. As data centers became wholly virtualized and blur the line between data center and private cloud, we can finally add and control logical segmentation at the virtualization layer. This “Application Segmentation” provides the most comprehensive security model available today. You can apply application segmentation defense in depth using Cohesive Networks’ VNS3:turret. VNS3:turret creates a cryptographically unique micro-perimeter around each application topology. This presentation will examine how an defense in depth at the application layer can stop the next Sony attack.

      Comfort Break

      Refreshments & Exhibitor Showcase

    • +Rethinking Security

      Daniel Poole
      Senior Security Solutions Engineer
      Gigamon

      Breaches are not only proliferating to impact every corporation organization and citizen, they are also growing in sophistication and frequency. Making headline and impacting on business reputations daily. A rethink about how we secure our IT within the business is needed and we will explore how this can be achieved by looking at:

      • Breach impacts
      • Existing Tool deployment
      • Feeding security tools what they need
      • Metadata
      • Removing tool isolation through API integration

      +Ransomware: The New Normal in Malware

      Liam Puleo
      Pre Sales Technical Consultant
      Heat Software

      Learn how Ransomware has become the New Normal in Malware. In this session we will discuss how Ransomware works from Delivery methods through infection to the Ransom demand and how to build a strategy to successfully mitigate the risk of these type of attacks using a Defense-in-Depth approach.

      +Take Control: Empower the People

      Rik Ferguson
      Vice President Security Research
      Trend Micro Global

      Recent news and events give the impression that the world is spinning out of control. The same thing can be said when it comes to technology and cybersecurity. Big data, cloud computing, and developments in mobile and Internet of Things, among others, are also met with unprecedented threats and risks from enterprising cybercriminals and threat actors. Data breaches and online extortion have become the new norm in the threat landscape. This leaves organizations at a constant state of prioritizing the right talent and infrastructure to protect their networks, managing and empowering employees into having a security-savvy mindset, and keeping an eye out on cyber-attacks. This thematic keynote presentation will provide insights on current organizational challenges when it comes to information security and risk management. It will also provide recommendations on how organizations can work past chaotic situations, and it begins by empowering the supposed weakest links—the humans. What better way to empower people than turning them into your best defenders.

      +Protect Against the Known, the Unknown and “Known Unknown” Threats in Your Network

      Elisa Lippincott
      Global Product Marketing Manager
      TippingPoint

      Application and system vulnerabilities are an accepted scenario. Yet many companies struggle to patch systems in a timely manner, and in some cases not at all. Security teams must consider breach detection and remediation, as well as pre-emptive threat prevention. In this presentation, Elisa Lippincott will present on the findings of vulnerability research conducted by TippingPoint and the Zero Day Initiative, and where organisations are leaving themselves exposed to attack. Elisa will outline what’s needed to reduce the risk of network attacks, ransomware, zero-day exploits and vulnerabilities across the entire attack lifecycle, and why you need a ‘integrated advanced threat prevention’ strategy.

      Comfort Break

      Refreshments & Exhibitor Showcase

    • +On-Demand, Always-on, or Hybrid? Ensuring optimal protection against DDoS attacks

      Adrian Crawley
      Regional Director Northern EMEA
      Radware

      Cyberattacks are evolving at a blinding pace, leaving organizations vulnerable and in many cases unprepared. The fabric of corporate IT is also changing at an unpresented speed with investments in cloud and mobile. As the traditional network perimeter in eroded and multi or hybrid cloud strategies adopted, security teams are faced with new and amounting challenges Are companies ready for an attack on their networks, their cloud infrastructure, and how can they ensure applications are delivered without disruption? This presentation will look at the challenges of securing applications from advanced threats, and damaging DDoS attacks, and why you need a new approach to DDoS mitigation in the cloud.

      +On-Demand, Always-on, or Hybrid? Ensuring optimal protection against DDoS attacks

      Adrian Crawley
      Regional Director Northern EMEA
      Radware

      Cyberattacks are evolving at a blinding pace, leaving organizations vulnerable and in many cases unprepared. The fabric of corporate IT is also changing at an unpresented speed with investments in cloud and mobile. As the traditional network perimeter in eroded and multi or hybrid cloud strategies adopted, security teams are faced with new and amounting challenges Are companies ready for an attack on their networks, their cloud infrastructure, and how can they ensure applications are delivered without disruption? This presentation will look at the challenges of securing applications from advanced threats, and damaging DDoS attacks, and why you need a new approach to DDoS mitigation in the cloud.

      +Incident Response in the Cloud

      Brian Honan
      CEO
      BH Consulting & Founder of IrishCERT

      Security is only as effective as the response it generates, and, as recent headlines demonstrate, no organisation is immune from a security breach. The introduction of mandatory data breach notification as part of the EU General Data Protection Regulations (GDPR) and the EU Network Information Security (NIS) Directive places many challenges on how organisations should respond to a security breach. Detecting, managing, and responding to a breach which involves cloud providers provides many other unique challenges. This talk will outline what an organisation needs to consider when preparing for a security breach in the cloud and how best to react should one occur

      +Flexible Working and Virtual Desktop Security

      – Mohamed Inshaff
      Senior Solutions Architect – Hybrid Cloud
      Trend Micro

      – Dan Watson
      NSX Partner Sales Engineer EMEA
      VMware

      VDI is a common strategy to allow flexible working, improve user experience and if done right, creates significant cost savings. As businesses move toward a mobile workplace environment, there is often challenges with heavy investment in technology and security eroding the many benefits of technologies like VDI. Not getting VDI security right makes security patching for older OS environments difficult, scanning can drain performance and complex hybrid cloud deployments are often expensive to manage. Mobile projects can be costly, and to be successful the user experience has to be very positive and security not slow things down.
      This presentation will show how Trend Micro and VMware have collaborated to bring a unique proposition to customers and partners, offering the ability to create a dynamic platform to support large efficient deployment of virtual desktop and workplace offerings. Essential in a dynamically provisioned desktop is logon time and application availability. Trend Micro’s NSX integrated approach reduces logon time and consumes a 1/3rd of the resources compared to comparable traditional solutions giving a “light & lean” impact on the protected virtual desktop. In this presentation you will hear about:
      • Agentless deployment with NSX (Hypervisor API integrated VM based security policy removes agent from desktop)
      • Reduced resource requirement for security tasks (VMware enabled Scancache feature reduces resource requirements for Scan task)
      • Real time integration of trend Security and VMware VM management (Dynamic policy deployment and protection for non-persistent desktops)
      • Network, Host based, and Audit controls (Light and Lean intelligent deployment)

      Comfort Break

      Refreshments & Exhibitor Showcase

  • +Panel Discussion: Charting successes and developing initiatives for tackling global cyber-crime

    – Philipp Amann
    Acting Head of Strategy EC3
    Europol

    – Bob Flores
    Partner
    Cognitio Corp (ex CTO, CIA)

    – Timothy Wallach
    Supervisory Special Agent – Cyber Task Force
    FBI

    – Charlie McMurdie
    Senior Cyber Crime Advisor
    PWC

    Often described as an ‘arms race’ the fight to overcome cybercrime is often a thankless task and like many preventative initiatives it’s only discussed when things go wrong. In the online world of cybercrime syndicates, aggressive nation state hackers and disgruntled activists, when it does go wrong, everyone gets to hear about it. How do we as cyber security custodians cut through the media onslaught to better understand the lay of the land, the risks we’re really facing and the global initiatives that are doing good. How do we shift our focus to better learn from security events and share intelligence amongst our community? This panel discussion will address the current approaches from governments, law enforcement and industry, and the micro and macro initiatives we can take to further develop the ‘good-guys’ capability in overthrowing the ‘bad-guys’.

  • Closing address: CLOUDSEC London 2016

    Raimund Genes
    Global CTO
    Trend Micro


Speakers

Adrian Crawley

Regional Director EMEA
Radware

Alex Hilton

Chief Executive
Cloud Industry Forum (CIF)

Andrew Pearce

EMEA NSX Architect
VMware

Bob Flores

Founder & Partner
Cognitio Corp

Brian Shorten

Co Founder & Chairman
Charities Security Forum (CSF)

Charlie McMurdie

Senior Cyber Crime Advisor
PwC

Chris Purrington

Managing Director & Global Sales Director
Cohesive Networks

Daniel Poole

Senior Security Solutions Engineer
Gigamon

Darren Argyle

Global Chief Information Security Officer
Markit

David Frith

Managing Architect
CGI

Geoff White

Technology Journalist
Channel 4

Jenny Radcliffe

Social Engineering

Liam Puleo

Pre Sales Technical Consultant
Heat Software

Marc Lueck

CISO
Company85

Michael Wignall

National Technology Officer
Microsoft

Mike Smart

Director of Products & Solutions EMEA
Forcepoint

Mohamed Inshaff

Senior Solutions Architect – Hybrid Cloud
Trend Micro

Nick Holmes

AWS Architect
KCOM

Paul Fisher

Research Director
Pierre Audoin Consultants (CXP Group)

Peter Wood

Chief Executive Officer
First Base Technologies

Philipp Amann

Acting Head of Strategy
EC3 Europol

Puneet Kukreja

Partner, Cyber Advisory
Deloitte Australia

Raimund Genes

Global CTO
Trend Micro

Rik Ferguson

VP Security Research
Trend Micro

Robert Carolina

Executive Director, Institute for Cyber Security Innovation
Royal Holloway University of London

Robert McArdle

Manager Threat Research Team
Trend Micro

Stuart Aston

National Security Officer
Microsoft

Timothy Wallach

Supervisory Special Agent
FBI

Troels Oerting

Global Chief Information Security Officer
Barclays



Hosted By

Platinum Sponsors

Gold Sponsors

Silver Sponsors

Supporting Organizations

Exhibitors

Media Partners