Presenter:
Char Sample, Security Solutions Engineer, CERT
Virtualization technology is the underpinning of any cloud infrastructure and service provider engagement. As data moves between an enterprise and cloud provider, or between providers’ data centers, new risks to sensitive enterprise data are introduced. This session will examine each of the three cloud computing service models, IAAS/PAAS/SAAS and the risks associated with each. You’ll also learn basics on virtualization security and exposures the technology introduces in each of the service models.
Click here to view all sessionsPresenter:
Aaron Turner, Co-Founder, N4struct
Until the last 12 to 18 months, it really didn’t matter who was attacking your enterprise. Security managers wanted to detect attacks, patch vulnerable systems and remain compliant with industry and federal regulations. That approach isn’t feasible any more. Hacktivism, targeted attacks and APT have changed the landscape and making it crucial that security managers understand current relevant attacks and who is behind them in order to prioritize risk, security and compliance management for their organizations. In this session, you’ll learn why patch and pray doesn’t work anymore, why you need to know who’s behind attacks and what matters most to your organizations’ security and compliance efforts.
$ Financial Services Recommended Session
Click here to view all sessionsPresenter:
Diana Kelley, Founder, SecurityCurve
Security and compliance remain the top roadblocks toward widespread adoption of cloud computing. Enterprises love the cloud for its flexibility, but there often isn’t much leverage in terms of visibility into a cloud provider’s security controls. This session will examine the issue of transparency with regard to cloud provider controls. You’ll learn how this impacts an organization’s compliance and security operations and you’ll hear about standards efforts under way from the Cloud Security Alliance, the federal government and other standards bodies that address the issue of transparency and its impact on security and compliance in the cloud.
$ Financial Services Recommended Session
Click here to view all sessionsPresenter:
Char Sample, Security Solutions Engineer, CERT
Last year’s attacks on certificate authorities coupled with the constant threat to SSL communication and the Domain Name System has put fundamental network and Internet infrastructure under a harsh spotlight. This session will review recent attacks on CAs and DNS, explain their potential impact and what you can do about it. In particular, you’ll hear more about the security of digital certificates and about DNSSEC or DNS Security Extensions, how it’s deployed and what you need to know as it becomes part and parcel of roots worldwide.
Click here to view all sessionsPresenter:
Mike Arpaia, Security Consultant, iSEC Partners
Android is a Linux platform programmed with Java and enhanced with its own security mechanisms tuned for a mobile environment. Android aims to combine OS features and file permissions with the type safe Java language and its familiar class library. The resulting security model is much more like a multi-user server than the sandbox found on the J2ME or Blackberry platforms.
Mobile platforms are growing in importance, and have complex requirements. This talk will describe the security model of Android in depth and talk about the way Android deals with complex requirements. The knowledge gained from this presentation is applicable to device administrators as well as application developers and will help attendees understand the most pressing security issues in Android.
Click here to view all sessionsPresenter:
Diana Kelley, Founder, SecurityCurve
The Payment Card Industry Data Security Standards is in the midst of a three-year quiet period where no major updates are made to the standard that governs the security of credit card and payment information. That doesn’t mean the PCI Security Standards Council is sitting still. Various special interest groups are at work developing guidance for future updates to the standard; recently guidance was issued on end to end encryption, virtualization and tokenization. In this session, you’ll get an update on the most recent guidance issued by the PCI SSC and what’s on the docket for the next rev of the standard.
$ Financial Services Recommended Session
Click here to view all sessionsPresenter:
Dan Guido, Co-Founder and CEO, Trail of Bits
Mike Arpaia, Security Consultant, iSEC Partners
As organizations look to deploy larger numbers of mobile devices this year, there is widespread disagreement over which platforms are more secure, what mobile security measures are effective, and what the greatest risks of these platforms are. At the same time, the mobile malware community is developing rapidly and several successful attacks have been executed against iOS and Android. In this talk, we demonstrate an intelligence-driven approach to mobile defense, focused on attacker capabilities and methods, with data collected from past remote attacks against Android and iOS. This analysis identifies the means by which exploits are developed and distributed in attacks, separates defenses that work from defenses that don't, and provides analytical tools that attendees can use to objectively evaluate the exploitability of mobile platforms. Finally, we use this empirical data on attacker capabilities to make projections on where mobile malware is headed in the near to long term.
Click here to view all sessionsPresenter:
Aaron Turner, Co-Founder, N4struct
In today’s world of targeted and persistent attacks, it’s critical that security managers are able to articulate security in business terms in order to adequately invest and respond to threats that matter to the bottom line. To do so, they need a constant feed of network and host intelligence to understand an enterprise’s IT environment, where the greatest risks lie and what to do about them. In this session, you’ll get insight on the importance of visibility and intelligence and how to manage and normalize the security data generated from SIM, log management, network security and vulnerability assessment tools in order to prioritize your security and compliance efforts.
$ Financial Services Recommended Session
Click here to view all sessionsPresenter:
Peter Kuper, Partner, In-Q-Tel
Taking his 15 years of Wall Street experience and applying it to the IT security industry, Kuper will show how the macro-economic scene is indicating a less supportive environment for IT budgets in the coming years. Wage pressures further challenged by rising inflation is only part of the not so bright picture; as consumers have been 70% of our economic engine, any continued decline will weigh on growth which will almost certainly translate to even tighter expense controls at US companies as well as government agencies. Worse though, is that these same economic conditions will only further enrich the ranks of the hacker community as the return of the pride has hacktivists taking up many (or any) causes for "The 99%".Meanwhile, security budgets and investments will be pressured thus depleting help needed to combat this growing rank.
Keynote Presentation
Click here to view all sessions