Arrival and Registration
International keynote speaker Blinded Random Block Corruption Attacks: the next level
Rodrigo Branco, senior principal security researcher, Intel
Protecting user privacy in virtualised cloud environments is an increasing concern for both users and providers. This presentation argues that the privacy claim of any technology that uses different encryption keys to isolate hypervisor administrators from guest VMs cannot be guaranteed. This will be demonstrated via a new instantiation of a Blinded Random Block Corruption Attack. Under the same scenario assumptions that the per-VM keying method addresses, the attack allows a cloud provider administrator to use the capabilities of a (trusted) hypervisor in order to login to a guest VM (besides the encrypted memory). This completely compromises the user's data privacy. Furthermore, we also demonstrate that even non-Boolean values can be effectively targeted by attackers, forcing the elevation of privileges of a process running in a protected VM as demonstration.
- Find out how memory encryption by itself is not necessarily a defence-in-depth mechanism against attackers with memory read/write capabilities
- Deliberate the concept that 'a better guarantee is achieved if the memory encryption includes some authentication mechanism'
Thought-leadership Why are we still getting hacked?
Herman Young, group CISO, Investec
Organisations are constantly under threat of attack and nothing has changed in the cyber security space in the last 20-plus years. These attacks are generally unsophisticated and leverage purely on misconfigurations. Why is that? Why haven't we evolved in the cyber security defence space?
- Potentially uncomfortable questions will be posed for your reflection
- Suggestions and practical solutions will be brought to the table for discussion
Hot off the Press Security Survey results unveiled
Gareth James, network and security specialist, VMware sub-Saharan Africa
The results from the first SA-wide security survey will be unveiled by our survey sponsor VMWare during this not-to-be missed session.
Do you want to hear the responses, of C-Suite security professionals across South Africa, to these questions, and more?
- Did you suffer an outsider attacks in the past year?
- Did you suffer an information security breach in the past year?
- Did last year's Wannacry attack affect you?
- How quickly can you remediate security breach events in general?
Do you want a copy of the survey results? They will be made available at the close of the event this afternoon. Hand us your completed evaluation form and benefit from invaluable insight.
Networking, Business Matchmaking and Refreshments
Industry Insight The importance of adaptive fraud risk strategies which ensure customer satisfaction
Davina Myburgh, director: product, innovation solutions group, Transunion
In this talk we will explore the growing access fraudsters have to data and how identity management strategies that result in a positive customer experience are critical to businesses to manage their risk whilst growing their business.
- Understand the related security concerns associated with the growing access to digital data
- Gain insight into why online fraud is increasing
- Highlighting the importance of data integrity
- Four identity management strategies to approve more customers unveiled
Industry Insight Innovating in cyber security using DevOps
Jason Suttie, head of engineering, The Foundery: RMB's disruption and innovation unit
Through the application of sound security principles to DevOps, DevSecOps can help your organisation to innovate in Cyber Security. This talk explains DevSecOps, how to implement it in your organisation and the innovation in security velocity that DevSecOps brings.
- An understanding of DevSecOps
- How to implement DevSecOps in your organisation
- Innovation in security velocity using DevSecOps
Lunch, Networking and Business Matchmaking
Break into Tracks
Track one starts
Chairman: Patrick Ryan, managing director, Mobius Consulting and Phinity Risk Solutions
Stranger than fiction
Nithen Naidoo, CIO and co-founder, Snode
Many organisations in SA are often left in the dark when it comes to some potentially severe vulnerabilities in their networks. This is either because none of their existing technologies and methodologies have been able to detect the threat, or they opt to only deal with the "bigger" issues that are brought to light by hype, rather than the smaller and often more dangerous issues that are left to linger. Or it's as simple an explanation as they didn't think it was possible for it to exist! This talk delves deeper into some of the stranger things that have been uncovered within the cyber security landscape of SA over the past year, as well as what you can do to protect yourself against similar threats in your environment.
- A better understanding of the cyber security landscape in SA and the threats that exist inside it
- What you can do to safeguard yourself against such threats
Thought-leadership Breaking bank
Gus Clarke, head of cyber security, TYMEDigital by CommonWealth Bank SA
A number of watershed security events in 2017 held significant ramifications for the financial services sector, including an uptick in geopolitical activities that have impacting the cyber threat landscape. Attacks from cybercriminal actors continue to evolve in sophistication and brazenness, ranging from bespoke malware variants to new attacks against ATMs. This talk will deconstruct and timeline the evolution of previous and existing prevalent threats to the financial services sector, as well as detail how plans to potentially mitigate these threats.
- Learn what adversaries and threats the financial services industry face and how they combat them
- Understand how ATM jackpotting attacks work
- Find out how cyber attacks can affect an economy
Industry Insight Mobile security
Dr Bright G Mawudor, head of cyber security services, IS
Mobile applications are the new entry level to corporate networks as they connect to internal systems and lack basic security. Most organisations do not have or even understand policies around devices that are allowed (or are not allowed) into their environment, thus leading to a breaches, one way or the other.
- This presentation will show just some of the ways mobile applications can be compromised, the various mistakes made in software developments, best ways to implement BYOD policies and device management, as well as remediation methods that should be employed.
A simple recipe to ensure your information security cake isn't a flop
Manuel Corregedor, COO, Telspace Systems
When baking a cake, there are three important aspects that need to be considered in order to ensure your cake will be a success: the ingredients, the tools you are using and the baker making the cake. Should one of these aspects not be in place, the cake will most likely be a flop or will not be as great as it should have been. The same can be said for information security. Corregedor will discuss how organisations continue changing their recipes for information security, resulting in a cake that no one wants to eat or one which leaves a bitter taste in people's mouths. As with any great cake recipe, it is important to stick to the original recipe (although you can always add new toppings)!
- A recipe for an information security cake
- Lessons learnt
- Adapting the recipe for other tastes, ie, changing environments/threat landscapes
Industry Insight Are we there yet? Mature your enterprise security operations by mastering the basics
Maletsema Phofu, Independent
Are you still struggling with security basics and unable to sleep at night? Are you overwhelmed by security technologies in the market?
This session will provide an experience-based overview of basic security principles and practices that helps organisations to achieve a comfortable level of network and systems security.
With technology changing faster than most organisations can keep up, defining and building the needed security capabilities is often the most difficult part. The session will also propose an approach to get the organisation out of the fire-fighting mode towards the achievement of growth, agility and innovation.
- Getting up to speed with the security basics
- Adopting more advanced security strategies
Taking access management beyond tick-box compliance
Patrick Ryan and Amanda Hechter will discuss and present on a practical approach that can be used for the successful implementation of identity and access governance (IAG) in a way that a number of benefits can be realised, not just ticking boxes to say the organisation complies with external and internal compliance requirements.
- A high level and holistic approach to ensure IAG implementation success
- Aspects to consider when implementing IAG solutions
- Building a business case and implementing IAG
Industry Insight Cyber incident readiness as part of an information security strategy
Advocate Jacqueline Fick, executive head: forensic services, Cell C
A reactive or tactical approach to information security may introduce significant costs and opportunity loss. As businesses innovate to develop products and services taking advantage of the digital economy, dealing with information security proactively will reduce the risks and speed up entry into this space.
Cyber incident readiness is the organisation's potential to maximise the use of digital evidence to aid in an investigation, with the intent to:
- Reduce the time taken to respond to an incident;
- Maximise the ability to collect credible and meaningful evidence; and
- Minimise the length/cost of an investigation.
How to become a digital forensics practitioner
Jason Jordaan, principal forensic scientist and MD, DFIRLABS
CSI television shows have resulted in forensics being seen as sexy, and the same can be said for information security. Interest in digital forensics is growing even though the field is still largely misunderstood and unregulated. Literally anyone can say they are digital forensics practitioners, which brings significant risk.
- Understand the nature of digital forensics work
- Identify the key skill and knowledge areas required of a digital forensics practitioner
- Understand the training and development requirements of a digital forensics practitioner
- The reality and limitations of vendor training and certification
- Understanding the risks of using non-competent digital forensics practitioners
Voice activated smart-speakers: what you need to know.
Antonio Forzieri, cyber security practice lead, Global, Symantec
Smart speakers with built-in voice-activated assistants arrived on the scene in the last few years, with the aim of making people's lives easier, allowing us to access the perfect recipe with ease, and change our music selection without leaving our chairs. An array of companies have announced or already sell smart speakers that integrate with Google Assistant (Google), Siri (Apple), Cortana (Microsoft), and Alexa (Amazon). Amazon Echo, Google Home, and the Apple's HomePod are probably the best known examples. But, while they make life easier in some ways, could they also be endangering people's privacy and online security? During this speech you will learn the main issues Symantec researchers were able to detect and which learn about the recommendations to configure these devices securely.
- Learn which privacy or security issues smart speakers might expose
- Learn how securely configure these devices to reduce the privacy exposure
International Industry perspective Hacking incident response
O'Shea Bowens, security operations expert, Novartis
This presentation will unveil the techniques and strategies that can be applied to foster 'flexibility' during incident response, into information security programs and security operations centre environments. Most SOC environments experience a disconnect in response time, insufficient or unrealistic capabilities of technology, inadequate skill sets, and overall lack of sufficient communication attributes to breaches. These occurrences aren't all categorised as top-down issues, but instead highlight an issue of underutilisation of resources (most importantly, the information security team). Let's hack incident response together and find the solution.
- Fostering an open source mind-set to incident response
- Maximising the talent and passion of information security team members
- Conduct a gap analysis
- Leverage incidents to attest the information security budget
Industry Insight Resilience engineering: keeping the lights on
Jonathan Coetzee, security engineer, Telic
At its core, information security is concerned with protecting the confidentiality, integrity and availability of information. In practice, however, availability of systems (and therefore the information contained in them) is often relegated to the ops team and takes a backseat to confidentiality and integrity.
This talk aims to show that availability of distributed systems should be a concern for infosec teams. I'll discuss various anti-patterns for resilience and failure modes that are often encountered in the field as well as patterns that contribute to more resilient systems. These concepts will have an emphasis on the numerous parallels between commonly accepted security and resilience best practices.
- Insight into security's role in enabling resilient systems
- Understand the parallels between traditional security concepts and best practices those for resilience
- Learn how to recognise anti-patterns for resilience
- Understand selection of patterns that can be leveraged to improve resilience
Threat led penetration testing
Stewart K Bertram, director, threat intelligence and professional services, Digital Shadows
Cyber Security and SDWAN
Praven Pillay, managing director, Maxtec
It will be a broad technical talk, focusing on cyber security and SDWAN and how to prevent risk and secure networks.
- Audience will learn of risks and exposure to the Internet of Things and then get educated on how to overcome and prevent these risks.
Industry Perspective Establishing a quality vulnerability management programme
Lydie Nogol, senior manager information security, MTN Cameroon
The objective of this session is to provide a clear understanding of and best practices for managing vulnerabilities. It will present building blocks critical for creating a successful vulnerability management programme, including getting top management commitment and funding, establishing reports and metrics, having a holistic approach to avoid mistakes and put the focus at the right place, including challenges and uses cases for addressing issues.
- Understand the importance of setting up a vulnerability management programme
- Tips on getting top management support for managing threat and vulnerabilities
- Determine the value gain through metrics and measurement
- Understand key elements and approaches for successful implementation of vulnerability management programmes
- Take a best practices view of your own organisation and begin developing a vulnerability and threat management playbook
Defeating defensive regression
Martin Potgieter, technical director, NClose
Defensive regression is the concept that defence systems implemented today will regress and be somewhat less effective tomorrow. Although seldom spoken about, defensive regression is a real threat to our organisations today and in most cases it's too late when we realise this. Evidence of this reality can be found in almost all breach reports, where organisations had the latest and greatest technology but were still compromised without detection. In this talk we will define the concept of defensive regression and deep dive into some of the root causes of it, finally looking at different ways to mitigate against it.
- Provide an understanding what defensive regression is
- Look at the various causes of defensive regression
- Understand some of the mitigations to prevent defensive regression
The History and the Future of DDoS
Alex Cruz Farmer, product manager: security, CloudFlare
Cloudflare are one of the biggest platforms in the world, serving over 8 million domains across 150+ data centres. With such a large surface area, the risk of DDoS is phenomenal. This talk will give some real world insights into some of the biggest DDoS attacks Cloudflare experience, their characteristics, and most importantly, what the future holds with the ever growing footprint of connected devices.
- Understanding the risks and dangers of DDoS
- How DDoS attacks work, and how they have evolved
- Tips and tricks to bolster your network and system's security through obscurity
Close of Summit
Though-leadership South Africa through the eyes of an attacker
Olivier Pinchard, senior security solutions engineer, Rapid7
As security professionals we often spend a lot of time looking at the inside of our networks to understand where risk lies. Attackers initially view us from a different vantage point, looking for ways to easily infiltrate. Rapid7's Sonar technology conducts internet-wide surveys across different services and protocols to gain insights into global exposure to common vulnerabilities. The data collected is available to the public in an effort to enable security research. Essentially, if Sonar can see it, so can an attacker. Join us to learn more about the overall exposure in South Africa, and how it stack up against the rest of the world.
Protecting the Human Point
Christo van Staden, regional manager, Forcepoint
The concrete perimeter is a fallacy. It's never been anything more than a dream, a hope of keeping bad actors out. Today's security perimeter has evolved to respond to the inevitable—to manage threats that are already inside our networks. The corresponding security challenges are increasing exponentially, both in number and in difficulty, as companies embrace the Cloud and third party integration. Christo Van Staden, Forcepoint Regional Sales Manager Sub-Saharan Africa discusses the role people-centric security plays in protecting intellectual property and other valuable content in the next generation of cyber threats.
- Protect users and data by dynamically mitigating risk
The rise of MDR (Managed Detection and Response)
Martin Potgieter, technical director, NClose
According to Gartner, by 2020, 15% of midsize and enterprise organizations will be using services like MDR, up from less than 1% today. What is MDR and how does it differ from the managed SOC and MSSP as most understand it today. In this talk we will look at how MSSP is evolving to MDR and some of the key aspects that make an MDR different and more efficient at detecting malicious activity.
- What exactly is MDR and how does it differ from MSSP?
- What has led to the growing popularity of MDR?
- Is your organisation a good fit for MDR?
Andrew Whittaker, practice lead, Ubusha
"Identity is the new perimeter" is a phrase often used in modern security architecture. But what does this mean? How can we stop the sprawl of user accounts, credentials and associated access (which requires identity governance and administration solutions to consolidate)?
- During this session, we will unpack the modern identity architecture: discussing how the advent of cloud identity providers (such as the Microsoft cloud) and security controls can ensure that Identity becomes a business enabler. CIOs who focus on Cloud, Mobile, Omni-channel and the Internet of Everything all rely on identity and require a transparent experience of this to truly be a successful. Components that support this include: providing federation, adaptive access controls and multi-factor authentication, along with single views of employees and customers (such as those from PingIdentity).
Panel Discussion Is legacy IT and Information Security thinking increasing security risk to Enterprises?
Moderator: Maria Pienaar, managing partner, Blue Label Ventures
Panellists: Vasilis Polychronidis, chief executive officer, iCrypto
Professor David Taylor, security strategist and IT attorney
Samresh Ramjith, partner: cybersecurity, E&Y
- Impact of the social web and social engineering on Enterprise IT and Information Security
- Understanding of internal legacy systems and thinking that makes it hard to proactively address breaches in security
- Understanding of shifting trends and how to address these challenges more affectively (DLT, AI, strategic technology partners, other)