“Mobile Device-a-pol-ooza: Why Your Mobile Security Policy Should Be a Priority. Now.”
Vice President, Security Strategy, CounterTack
Mobile security has emerged as a more critical concern for organizations who struggle with securing devices used for professional and personal use. Complicating matters is the fact that threats have become more targeted as attackers are leveraging device dependency with a high success rate.
What does an organization do to better understand and better protect against this growing threat vector? And what’s the best path forward to hardening controls at the mobile device level to prevent these attacks and that maps to an enterprise security strategy?
Yes – it’s still as ubiquitous as ever given the explosion of mobile malware, and the threat that exists around unprotected mobile devices. Given the research available and the increasing threatscape, mobile security preparedness predicated on managing the strategy is a better option than reactionary measures.
This presentation will discuss the key trends impacting mobile security and will lay out an updated set of building blocks to produce a holistic mobile security model: from BYOD to mobile policy development to MDM; common and emerging exploits and targeted mobile malware; best practices in threat mitigation; and the notion of trusted applications vs device-specific consideration.
This talk will drill into some common as well as some edge use cases, and will review some critical enterprise mobile security models. The presentation will look out four years, comparing data from last year’s data to determine what impact mobile security will have by 2020.
“Bet You Won’t Block Google: Use and Abuse”
Information Security Consultant, Rendition InfoSec, LLC.
API’s are a significant utility in today’s information age. Some will argue it’s almost a necessity. While defenders will get better and better at looking at their environment, it is left to the attackers to utilize other methods to exfiltrate data to a source and method that the defender wouldn’t expect. API’s! Many companies implement API’s as extensions of their core products. Some companies implement API’s better than others and more securely than others. What happens when the attackers utilize the security and privacy measures that other companies provide through their API? I’ll show you. One of my favorites are Google, but there are many others.
Head of Cyber and Co-Founder, MeasuredRisk
Director of Research, MeasuredRisk
It seems that every day there is a story in the news about some malware infecting systems and wreaking havoc. Ever wonder how they get pass the multiple layers of security in these environments and not only land on the endpoints but actually detonate? Michael Angelo Vien and Gregory “mobman” Hanis have both spent decades bypassing not only anti-virus (AV) but they various solutions used to defend networks and endpoints by not only creating unique malware but by making the older ones work too. In this presentation, we will discuss how to beat AV and other endpoint solutions. We will demonstrate a piece of malware being detected and after a few minor modifications, it will DISAPPEAR (at least from the AV).
“Smart Phones ‘Weaponized'”
CSO, Sequrit CSI
Wayne will demonstrate the latest mobile hacking techniques, tools and tips for custom building mobile hardware devices.
“Corgi’s, Pterodactyls, and the Russian Ebook Wars:
What it’s Like to Operate a Darknet.”
In 2014 Seth started a secure and anonymous file sharing and chat network named DemonBucket after Demonsaw, the application that supported it. DemonBucket’s popularity grew quickly to approximately 75 terabytes of network traffic per month. Its user base is a strange mix of hackers, civil dissenters, whistle-blowers, and just regular people who wish to use the internet without being monitored. This talk will be an interesting discussion about the unique good, the bad, the funny, and the sad things that happen at the dark edges of the internet.
“Bridging the Gap Between Physical and Information Security”
Principal of virtual CIO/CISO
The Information Security and Physical Security professions have traditionally been separate. Today, security practitioners can’t afford to remain isolated, and must expand their security knowledge or risk leaving key areas unprotected.
This session will cover critical components that are important to all security professionals – perimeter defense, access management, monitoring/detection, asset protection, incident response, etc. – building on common goals and similarities in order to bring together security specialists who have traditionally been separate. Participants with backgrounds in either information security or physical security will have the opportunity to explore security concepts and strategies from each other’s viewpoint and expertise, gaining a broader exposure and better understanding of the perspective, risks and preventative measures from the ‘other side’.
The modern security approach is holistic: “In order to truly secure your environment, both physical and technical security issues must be addressed. In today’s world, one cannot be successful without the other.” This presentation brings these two aspects of security together, helping today’s security professional broaden their knowledge and perspective and work toward a unified approach to their security strategy.