It seems like only yesterday that we were packing up the Tripwire stand after another fantastic year at Infosec and here I am (literally) counting down the days until the doors open for Infosecurity Europe 2019! The Tripwire team is always excited to get on the show floor and have great conversations with clients and partners, meet new people and of course, have some fun and this year is no exception. The Tripwire stand (E50) will be packed with activities including our sought-after t-shirt printing, Happy Hour on Wednesday 4-5:30pm, charity campaign where we’re donating £1 to your chosen charity, social media scavenger hunt and our booth theatre featuring exciting guest speakers and the latest tips and tricks on Tripwire products and services. We’ve also got some exciting talks featured in the main event program. As Infosec continues to expand, it’s hard to know where to start. To help you get the most out of one of the top infosec conferences for the year, we’ve assembled a list of talks you won’t want to miss at Infosecurity 2019. Looking forward to seeing you there!
View from the Board: Managing Organizational Complexity & Risk
Dame Inga Beale | Former CEO, Lloyd’s of London
During this presentation, Dame Inga Beale will share her perspective on how to change business and culture and will emphasize the need to balance tradition and history with modernity and innovation when delivering digital transformation. She will also discuss the challenges of managing a complex organization and share her perspective on cyber risk and how the board and information security function should be communicating and collaborating together.
Dissecting Today’s Attacks to See the Future of Cybersecurity
Paul Edon | Senior Director of Technical Services, Tripwire
This session explores how dissecting the current threat landscape and analyzing major data breaches from the last decade insights can help us predict the future of cybersecurity. We’ll look at the key factors that many high-profile breaches have in common and why cybercriminals continue to leverage tried-and-tested tactics to be successful in their attacks. Attendees will learn about the emerging trends shaping the future state of cybersecurity as well as which foundational controls, industry frameworks and resources organizations can use today to better prepare themselves against tomorrow’s threats.
Practice Safe Networking
Zoe Rose | Cyber Security Consultant, Baringa Partners
This presentation at stand E50 demystifies the role that a network can play in your security program. We start by looking at the decisions we make from the very beginning in design to the continued work we do in the maintenance phase. Together, let's rethink what a network can do for us.
The Art of DNS Rebinding
Craig Young | Principal Security Researcher, Tripwire VERT
So much of the information security world is reactionary. It took years for credential relaying to see any sort of solution, and it still isn’t completely fixed. There are web servers and services that allow plaintext HTTP communication, and the state of email encryption is just laughable. Forget the saying, “If it ain’t broke, don’t fix it.” Vendors prefer the following: “If it is broke, ignore it.” DNS rebinding is not something which we can continue to ignore. It needs to be addressed today, which is why this session introduces Dolos, Young’s latest tool.
Rise of the Breaches
Troy Hunt | Founder, Have I Been Pwned
Data breaches are the new normal. As ecosystems have so many moving parts and so many complex units, it’s little wonder that we so frequently see them go wrong. Such a combination of more systems, more people, more devices and more ways than ever of producing and publishing data stack tips the balance in favor of attackers breaching more systems than ever. In this talk, you’ll get a look inside the world of data breaches based on Hunt’s experiences dealing with billions of breached records. You’ll see what’s motivating hackers, how they’re gaining access to data and how organizations are dealing with the aftermath of attacks. Most importantly, it will help you contextualize these incidents and understand both what these attacks actually look like and how to defend against them in your organization.
Next-Generation Visibility for Industrial Cyber Risks: Beyond Active vs. Passive Monitoring
Zane Blomgren | Senior Security Engineer, Tripwire
This session at stand E50 introduces a next-generation approach to collecting critical raw data from industrial networks using active monitoring, passive monitoring and hybrid monitoring. It’ll also explore the next frontier: deeper visibility through integration. Attendees will learn about practical, non-obtrusive techniques to help identify, mitigate and remediate cyber events from vulnerabilities and system misconfigurations to unauthorized changes and equipment failure. For an even deeper level of visibility, industrial organizations need a strategy around integrating cybersecurity solutions with other operational technology platforms. Towards that end, we'll explore how industrial organizations can leverage integration as a strategy for deeper visibility and intelligence.
CyberThreat: Rethinking Cyber Defence to Combat Complex Risks, Threats & Vulnerabilities
Dr. Keyun Ruan | EMEA Security Specialist, Google Cloud
Jenny Radcliffe | Founder/Director, Human Factor Security
Burim Bivolaku | Senior Director of Information Security, Intercontinental Exchange
Sian John | EMEA Chief Security Advisor, Microsoft
Dan Raywood | Contributing Editor, Infosecurity Magazine
As organizations continue to digitize and transform, the attack landscape grows ever more complex. Cybercriminals are using increasingly sophisticated tactics, so it’s critical that information security professionals are equipped with the knowledge and tools to defend their organization against digital threats. During this panel, three expert speakers will discuss current threats and how to defend against them. They’ll also take a look at emerging threats that are on the horizon. From crypto jacking to nation state-sponsored cybercrime, keep up-to-date with the latest threats. Presentation 1: A Whistle-stop Tour of the Top 5 Threats to Enterprise Security Presentation 2: Managing Human Risk Presentation 3: How to Detect and Mitigate the Malicious Insider Threat Presentation 3: Futureproofing Cyber Defences: What Will be the Risks of Tomorrow?
Government Cloud Security: Who's Watching Your Cloud?
Steve Jewell | Director of Public Sector, UKFast
In this presentation at stand E50, Steve Jewell of UKFast (one of Tripwire’s partners), discusses the need, compliance, and good practice for protective monitoring of Cloud services for UK Government. Sharing examples of security monitoring solutions deployed for Cabinet Office and Ministry of Defence and the technologies available as part of an effective information security practice.
Is Your Vulnerability Management (VM) Program Ready for Cloud, DevOps and the Evolving Threat Landscape?
Ric Walford | Director of Global Sales Engineers, Tripwire
Many organizations have already developed a mature VM program for their traditional enterprise and application platforms. But radical new shifts in the tech ecosystem mean you will need to protect your systems on new platforms as well as defend processes against a wide assortment of potential vulnerabilities. This session at stand E50 walks through the five stages of VM maturity to help you determine where you are and what work is required for you to improve your program in the face of emerging DevOps and cloud complications.
CISO Perspective: How GPS Achieves and Maintains Policy Compliance with Tripwire
Alex Radford | CISO, Global Processing Services
In this session at stand E50, Global Processing Services (GPS) CISO Alex Radford shares how Tripwire Policy Manager helps GPS achieve and maintain compliance. Using real-life examples, we’ll walk through GPS’ approach to continuously improving compliance, and delivering actionable and accurate reporting to strengthen its overall IT infrastructure.
Navigating Complex Regulatory Oversight to Ensure Privacy, Security & Compliance
Deborah Haworth | Head of Information Security, Penguin Random House UK
Peter Brown | Group Manager Technical Policy, Information Commissioner’s Office
Titta Tajwer | CISO, News UK
Steve Wright | GDPR & CISO Advisor, Bank of England
Brian Honan | CEO, BH Consulting
Regulatory risk is a key challenge for organizations, as there’s the threat of huge fines in the event of a breach. Whilst GDPR is still forefront of many people’s minds, organizations will soon need to deal with ePrivacy Regulation, a new privacy standard which will work in tandem with GDPR and focus on the confidentiality of data involved in electronic communications. This panel will discuss how to ensure that your organization is compliant with GDPR, the ePrivacy Regulation and other data security standards. Also, it will feature a discussion amongst leading CISOs on the steps they have taken so far to address data protection regulation as well as an update from the ICO.
Enhance your Foundational Controls with the MITRE ATT&CK Framework
Dean Ferrando | Systems Engineer Manager, Tripwire
MITRE ATT&CK is quickly becoming the industry standard for describing and understanding adversary behavior. Its curated knowledge base of hundreds of techniques is an invaluable—and freely available—tool for organizations to improve their cyber-defense operations. This session at stand E50 presents a methodology for pairing proven industry frameworks like MITRE ATT&CK with threat modeling practices to quickly detect and respond to cyber threats. With this approach, organizations can slice their infrastructure into smaller components, which makes it easier to secure their assets and minimize their attack surface.
Infosecurity Europe and Beyond
Are you thinking about attending Infosecurity Europe this year but don’t have a ticket yet? You can get a free pass here. Also, if you are staying in London for the week, you can check out two events that are going on away from Infosecurity. First up, The European Cybersecurity Bloggers Awards! Tripwire is nominated in two categories this year and presentations will be made on June 4 at the Hand and Flower between 18:00 and 22:00 BST. You can find out more here: https://www.eventbrite.ie/e/european-cybersecurity-blogger-awards-tickets-59217136048 Secondly, there are the SC Awards which honor the achievements of technology companies and the cyber-security professionals striving to safeguard their businesses and critical data in Europe. Each year, the SC Awards recognise the best of the best in cyber-security with an official awards dinner. This year Tripwire is proud to be a finalist in two categories: Best Risk management/Regulatory Compliance Solution and Best Regulatory Compliance Tools and Solutions. The awards ceremony takes place on Tuesday, June 4th at the London Marriott Hotel, Grosvenor Square. Find out more here: https://www.scawardseurope.com/ . We look forward to you stopping by the Tripwire booth (E50) to meet the team, hear from industry experts, and learn how you can help support the security community with #Tripwire4Tech!
