Next Generation Threats Stockholm 17 maj 2017

Registreringen öppnar

Se till att befinna dig på plats i god tid innan programmet på scen drar igång och starta dagen med en rykande färsk kopp kaffe.

Frukostseminarium: Hur ska man förbereda sin organisation inför den nya dataskyddsförordningen?

Under ett intressant frukostseminarium får du en översikt på den nya dataskyddsförordningen (GDPR) som träder i kraft 2018 och vad dessa regler innebär för krav på tekniska och organisatoriska förändringar vid hantering av information. Caroline kommer även att dela med sig av sina tips på hur man som organisation bäst kan förbereda sig inför införande av de nya reglerna och förslag på vilka åtgärder man redan nu bör planera och vidta för att minska risken att bryta mot reglerna.

Caroline Sundberg, Advokat - Specialist IT-rätt, Delphi

Observera: Kräver separat (kostnadsfri) föranmälan.

Next Generation Threats drar igång!

Dagens moderator Marcus Murray ger en kort insikt i hotbilden mot Sverige och sårbarheterna i det svenska samhället.

Opening Keynote: Next Generation Threats according to Kim Zetter

When Stuxnet was discovered in 2010, it was considered a landmark moment in computer hacking - a virus that leapt from the digital world to the analog world to cause physical destruction of machinery. Last year another landmark was surpassed when the Democratic National Committee was hacked and its emails were exposed in an effort to influence the U.S. presidential election.

Hackers are nothing if not innovative, and we can expect more landmarks to be surpassed in the near future. Kim has been covering hackers and computer security since 1999 and has seen a lot of changes in that time. She'll speak to us about Stuxnet's remarkable technical achievement as well as other noteworthy hacks she has covered for WIRED and other publications and will give us a look at the next generation of threats we're likely to see.

Kim Zetter, Journalist & Author 

Cyber security's biggest weakness: the human element

Cyber security is understood to be about people, process and technology. Yet, for too long, we have failed to address the human elements of this problematic subject to the same extent as the technological ones. The true core of cyber security is about protecting information that we create, share and store in ever-advancing ways from threats that are growing exponentially in the digital age.

When we look at the threats, and how they become reality, it is apparent that cyber security is fundamentally about people as much as it is about technology. In this engaging and interactive presentation, Jessica will explore why the human element is the biggest problem facing cyber security and what we can do to communicate cyber security messages more effectively and encourage positive behavioural change. In unpicking the inherently human nature of cyber security, this session will help you empower people to become your first line of defence, not your weakest link.

Dr Jessica Barker, Leading expert on cyber security

GREEN ROOM TALK

Individual, organisational, governmental or global- whose responsibility is the future of protection?

Today's IT threats are of the most serious we've seen in history. Companies, organizations, governments and of course individuals must constantly guard against the global lurking threats. Along with the increased complexity in data networks, the stakes are high and the human error a great risk. Entering a dragged out and costly blame game about responsibility is common. But really- what comes first? Do we need to ask governments to stretch the laws to allow a grey area in terms of hacker's expertise? Is it up to companies and organisations to lend a helping hand to contribute and take responsibility? What role does the authorities play in terms of the over-all IT security? Bottom line is techniques needs to be up to date with new technology- but whose responsibility is this?

Kim Zetter, Dr Jessica Barker, Juan Branco & Ian Amit 

Kaffepaus

Vi fyller på energinivån med en god förmiddagsfika i utställningsområdet och passar på att nätverka!

Who surveils the surveillant - When the State becomes a threat

The world changed when big data became one of the main vectors of value creation, and a precious social control tool. Hierarchies of power, of wealth and of social recognition are being completly disrupted by this revolution. New powers are arising, and States find themselves struggling to maintain their position, often abusing it. This is a natural tendency. From his experience within Wikileaks, working to defend those who decided to reveal the secrets of corporations and States, Juan Branco will try to reflect on the evolution of these issues, and on the difficulty to create new lines that protect the citizens, the deplorables of this new world.

Juan Branco, Legal Adviser, Wikileaks

Hacking international law and governments interest groups

The practice of information security and "cyber" has been long regarded as another domain when considering international diplomacy and politics. NATO has officially recognized the cyber domain in relation to article 5, and nation states have been practicing the extension of their political activities through espionage and intelligence in that domain for years. In this session, we will discuss how the practice of hacking has shifted the balance of power and added complexity to the practice of diplomacy and international law, while creating more opportunities for interest groups to affect government practices and regulation.

Ian Amit, Senior Manager of Security Engineering, Amazon

GREEN ROOM TALK

Cybercrime - The hacker's role vs. Authorities & Governments

A hacker's love of programming is not just a commitment to culture but requires a great skill when it comes to codes and computers. But is the motivation to solve problems and developing new technical knowledge enough when Governments usually have the last word? Surely we've heard of bug bounty programs to enhance the importance of a streamlined collaboration in between them two. But what happens with the collaboration when the threats comes from outside and authorities close their doors to a hackers collaboration? Technology and innovation goes with the speed of light, how come building up a solid collaboration takes longer? Does a role always need to mean economic incentives, or can a collaboration be motivated in more ways than one?

Kim Zetter, Dr Jessica Barker, Juan Branco & Ian Amit

Keynote Partner: SecureLink
How to securely embrace the cloud - A use case of how SecureLink has embraced the cloud

An insatiable appetite for compute and storage resources, combined with cloud-first development initiatives to support your business, is driving a data centre transformation that incorporates the public cloud as a means of more rapidly addressing your growing data center demands.

From a security perspective, the responsibility for protecting your public cloud is shared between both the provider and the user – you. It is up to you to ensure satisfaction with the steps a provider has taken to protect the public cloud environment. It is also up to you to make sure you take the necessary steps to protect your applications and data in the public cloud.

Marcus Bengtsson, CTO, SecureLink Sweden

Lunch

Passa på att nätverka med branschkollegor och partners över en god lunch i utställningsområdet med stans bästa utsikt över Stockholm.

Efter lunch får du ta del av de hetaste lösningarna inom it-säkerhet i två parallella kunskapsspår. Passen är 20 minuter långa med en 5 minuters paus mellan varje spår så att du kan välja fritt.

Plats: Mälarsalen

How to avoid security being an obstacle in development and operations

Whether you deliver IoT, apps or services, or whether you're a product owner, CISO or IT-strategist: Being on the same page in your company is a must to be able to work together to deliver safe products in a continuous development flow.  This requires an update in the organizational and technical toolbox to create continuous safety and understanding of priorities and requirements. Olle Segerdahl & Christoffer Jerkeby from F-secure will tell you how security does not need be an obstacle in development projects and share insights from his own projects and experiences.

Olle Segerdahl, Principal Security Consultant, F-Secure

Plats: Nobelterassen

Cure virtual machine blindness: How hypervisor can find attacks that agents can't see

With targeted attacks increasingly operating at the deeper levels, endpoint agents are both ineffective and vulnerable. No wonder it takes enterprises an average of 5 months to detect a data breach. Hypervisor-based introspection could challenge the traditional approach to targeted attacks, by working directly with raw memory – providing an unprecedented level of insight into APTs. Learn how the hypervisor offers a unique perspective into the targeted attacks that your endpoint security solution fails to detect – and why it should inspire a new category of security solutions.

Joseph Abou-Haidar, Sales Engineer, Bitdefender

Plats: Mälarsalen

Cybersecurity is no longer enough - Why you need a cyber resilience strategy

Plats: Nobelterassen

GDPR - The necessary measures to secure information

The new Data Protection Regulation (GDPR) comes into force soon and many organizations realize that they will need to broaden their approach to working with IT security.

GDPR requires proactivity. Assuming that at some point you will lose information, the strategy becomes a bit different in comparison with traditional IT security, that focuses on preventing the loss of information.
Jörgen will give a summary of how the reasoning goes, by giving examples from organizations that have made some of their work to implement the necessary systems to secure their information. What do you must start doing today and what can wait?

Concrete conclusions about securing GDPR relevant information and how to use cloud services, even for sensitive information will be presented.

Jörgen Jansson, Senior Sales Engineer, Gemalto

Plats: Mälarsalen

Security Fabric: A must for future Cyber Security

As we are all aware, the changing landscape of cyber security, is far from slowing down - it's actually speeding up. The cyber criminals are one step ahead while security solutions are changing and maturing quite considerably. A “fit for purpose” requirement is therefore far more applicable with these mature technologies. Take a combination of a requirement for solution elements to communicate, and a requirement for mature technologies; this then leads straight into a security fabric.
Many organisations now are taking the view that a vendor that not only integrates but owns the development path of these technologies is substantially stronger than stand alone vendors with limited technology. Join us to hear how Fortinets security fabric fits perfectly into their current and future Cyber Security plans.

Nils Von Greyerz, Systems Engineer, Fortinet

Plats: Nobelterassen

Security Policy Management - in the Age of Cloud and SDN

Managing an ever-growing security policy to effectively keep out the bad guys and at the same time enable critical business applications is quickly becoming a near-impossible feat for most organizations. This is clearly demonstrated in several recently publicized network related outages, as well as Gartner’s findings that 95% of firewall breaches are the result of misconfiguration. To make things even more challenging, public cloud and software-defined networks are set to completely transform networking and security, mandating companies to embrace automation to remain relevant and manage security at the speed of business.

This session will examine the current and future trends of security policy management. It will offer practical information to help companies successfully make the transformation to a simplified, automated, and orchestrated approach to managing security across on-premise, software-defined and cloud environments for improved security and business agility.

Mikkel Børve, Manager Nordics, AlgoSec

Kaffepaus

Vi fyller på energinivån med en god eftermiddagsfika i utställningsområdet och passar på att nätverka!

Threat Modeling in Minutes

Threat modeling is an important aspect of securing any system whether software or network, but what investment is appropriate? Many businesses may need to consider nation-state attacks and other high-powered threats, but for other organizations the threats are much more docile.  The weeks or months of time and resources spent on creating sophisticated threat models and factoring in every detail may not be justified for every environment.

The more sensible approach for many businesses out there is a lightweight application of the same methodology. As an industry, we've made threat modeling and analysis much more complicated than it really needs to be.  Window Snyder, co-author of Threat Modeling, will describe a practical approach to make an investment in threat modeling that fits your business needs.

Window Snyder, Chief Security Officer, Fastly

Resilience: an alternative to Active Defense

Building up resilience to attack is a compelling alternative to Active Defense.
Resilience is the property of materials that are elastic instead of brittle, with the capacity to recover from difficulties without irrevocable damage. This is the model for how we should design our cyber infrastructure, and in how we should plan to respond to attacks, but our approach to security thus far has been oriented towards brittleness instead.

Software will always have vulnerabilities, users will click malicious links, and users will forfeit their credentials to phishing campaigns, arduously clicking through security alert dialog boxes intended to caution their behavior. There will always be more zeroday in the frameworks, libraries, operating systems, and firmware we all use. Here we seek to explore and inspire ideas on asymmetry and resilience, to shift the advantage away from attackers to defenders.

Brandon Edwards, Chief Scientist, Capsule8

GREEN ROOM TALK

Strategies to battle current threats: Striking back is active defense?

As threats are becoming more extensive, we encounter more advanced technology and the range of new solutions is increasing, who can we trust? Is an active defense always the best for the business, or can it be more time-consuming to maintain and be more expensive in terms of what it actually offers?

When traditional security solutions just don't meet the needs of a company or an organisation - how do we prioritize our strategy of defence? Where should we keep our focus in this fast-paced world of IT-security? When is a strike necessary and what is important when creating an active defence?

Dr Jessica Barker, Window Snyder, Brandon Edwards & Lucas Lundgren

Hacking 5 IoT devices in 30 minutes

Lucas has the "bad luck" (or tendency) to annoy companies by reporting vulnerabilities in their products. He defines himself as a grey-hat hacker where the line between white-hat and black-hat sometimes have to be blurred in order to make things happen.

Lucas, like many other modern day hackers, spent his childhood breaking things just to fix them.  Even back when he was twelve he has reported numerous vulnerabilities in various products. Thirty years after his work has been recognized by Apple, Microsoft and also authorities and governments.

Lucas is primarily focusing on penetration testing as well as fuzzing and exploit development, no matter the platform or medium and his passion for Technology led him down the path of IoT which he loves. But it's a love-hate relationship where his prior knowledge of security and vulnerabilities makes him question his sanity when he is buying products, since he is mentally forced to take a "closer look".

Lucas Lundgren, Grey-hat hacker

Moderator Marcus Murray summerar och avslutar dagen

Vilka är de viktigaste lärdomarna från årets talare och vad tar vi med oss tillbaka till kontoret?

AW-mingel

Avsluta dagen på topp med en AW. Mingla och nätverka med branschkollegor i utställningsområdet med något gott att dricka och äta samtidigt som du har stans bästa utsikt över Stockholm.