Atlantic Security Conference

Discover how Aruba 360 Secure Fabric provides an integrated security framework for IT and security teams to gain back visibility and control of their network, centered around analytics.

Have you ever used the Ponemon report on the Cost of Data Breaches to fuel a cybersecurity decision?

Are you aware of the many pitfalls of that course of action? This session explores the disadvantages of
Ponemon reports. We will also consider alternative approaches to shore up the disadvantages and
maximize the value of Ponemon reports.

Does your company use Open Source Software (OSS) libraries in the products that it builds? Do you worry that your customers and company will be exploited by these vulnerabilities because no one in your product development team is maintaining those libraries with vulnerability fixes? Well let’s do something about that.  During this presentation, we will start from nothing and take steps to identify the OSS libraries that your company uses in order to build a bill of materials (BOM), we will then give examples of how to source threat intel on those libraries, and finally we will discuss strategies to remediate the vulnerabilities in our code repository so that we can keep our customers and company safe from malice.  This presentation will be delivered from the perspective of a Product Security Response team protecting customers who deploy their company’s products. However, this presentation is also useful to those building and defending internally deployed applications.

RSA Conference and the Black Hat Security Briefings are two of the most well-known information security conferences in the world. From the stages of these conferences the world’s best and brightest security minds share the latest attack and defense techniques to audiences from all over the globe. But what’s happening behind the scenes? When a new attack is taught from the stage, how long does it take before someone attempts it in the wild? Are the attendees putting into practice the defenses they’re supposed to know better than anyone else? In this session we’ll answer these questions and more as we discuss what it’s like to be responsible for the stability, and sometimes security, of some of the most active, and hostile, networks ever seen. We’ll discuss some of the frightening, and just plain funny things we’ve seen over the years, and what it means about security on public networks, and our industry as a whole.

In this fun “choose your own adventure” style video adventure, you will take on the role of a hospital CISO trying to prevent a ransomware outbreak which would put hundreds of lives in jeopardy.  This will be a highly interactive presentation with group participation.
 

Whether you are the CEO of a Fortune 500 company in Manhattan, the chief administrator of an Ottawa trauma center, or the parents of web savvy teenagers in the heartland, your important information needs to be protected.  When it comes to safeguarding highly sensitive government information, the National Security Agency protects the United States' most critical information and systems against cyber-attacks through hardening and defending the cyber infrastructure.NSA has a proud history of designing and fielding secure information assurance solutions - and in the 21st Century this means Cyber Dominance.  Commercial Solutions for Classified (CSfC) is an extremely important component in NSA’s commercial cyber security and assurance strategy.  US national security customers need secure access to data anytime and anywhere.  CSfC solutions leverage current commercial technology in accordance with NSA-approved architectures to design solutions for these sensitive missions.The last few years have seen tremendous increases in commercial industry's adoption of CSfC's tenets - both from commercial component manufacturing as well as from system integration perspectives. This presentation will highlight various CSfC activities while also serving as a foundational introduction for those who are not familiar with the strategy.

This talk shares an educator’s attempt to involve undergraduate students across multiple disciplines in experiential learning (EL) class projects on social engineering. Specifically, it focuses on three sub-projects that were implemented in the Fall 2017 semester: (i) shoulder surfing where student teams competed against each other, (ii) laptop distraction, where student teams attempted to convince Temple University Computer Services employees to leave their laptops (designed for the class exercise) so that the students could remove a bogus ‘intellectual property’ file and place a fake ‘malware’ program on the employees’ machines, and (iii) convince individuals on Temple University campus to take a selfie with team members and a ‘rubber chicken’. Through each of these activities, students learn about social engineering tactics and self awareness.
The talk uses the cyclical EL model and its five stages: Experience; Share; Process; Generalize; and Apply to illustrate how students engage in these projects. It highlights several benefits, such as fostering multidisciplinary dialog, developing qualitative research skills, understanding adversarial mindsets, and appreciating the non-technical aspects of cyberattacks. This talk uses students’ and the educator’s reflections as a narrative to discuss ongoing efforts, struggles, challenges, and lessons learned.

Learn new attack techniques that have been uncovered by CrowdStrike’s threat hunting and incident response teams including: initial attack vectors, persistence, lateral movement and data exfiltration techniques. See new techniques for dealing with malware, ransomware, spear phishing, exploits and malware-free intrusions. Leave knowing how to identify and stop advanced threat activity in your environment.

n this not-too-technical presentation (not much math!), attendees will get a bird’s eye view of why crypto should be left to mathematicians and professionals and not approached lightly. Unfortunately, cryptology blunders are all too common today. Attendees will gain insight into why crypto is not something one can look up and hope to understand overnight. History has shown that implementing weak crypto, or rolling your own crypto, is often fraught with disaster. The slightest mistake often leads to complete scheme, not to mention data, compromise.

Talking to your users about security isn't just a job it's a responsibility. Do it right, you can make your work easier and create a better working relationship between the business and IT. Do it wrong, and you can turn off your users and look like a pretentious jerk. Learn to craft your message and help your users understand how security matters to them.

CISO's must take a different approach to penetration testing and compliance assessments to stay ahead of hackers. The current model includes lengthy sales cycles, risks discussed with a consultant, and a deliverable that is best to be chiseled into a piece stone. CISO's are then battling budgets, limited staff, and sleazy security sales individuals selling bad products.