Day 1 – Monday
Get a good start with freshly baked sandwiches, tea and coffee.
Welcome to TrueSec Cyber Security Summit 2017!
Speaker: Marcus Murray
Let’s kick off this two-day conference with a TED-talk-inspired keynote starring Marcus Murray, cyber security expert and team manager at TrueSec.
He will give you insight into the current Cyber Security landscape - Cyber Security trends, threats, major breaches and mitigations will be discussed and maybe even demonstrated!
Speakers: Kenneth Ljungqvist, Davide Girardi
Modern cyber criminals and threat actors all have different objectives and scopes within their offensive operations. However, they have one thing in common: they need to breach the perimeter and establish a foothold inside the target network.
How do nation state groups such as Fancy bear and Lazarus group establish footholds within modern infrastructure? What's your organization's weakest link? External exposure, spear-phishing, or could it be the physical security?
Watch live as the attack team from Truesec showcases how threat actors establish their initial footholds!
Stretch your legs and get some water in between the sessions.
And! Stop by the exhibitors booths, maybe they've got some great swag for you?
Speakers: Fabio Viggiani, Marcus Murray
The assumption that an internal IT environment is protected from external threats is long gone. Organizations must embrace the concept of "assume breach" and expect intruders to already be connected to the internal network.
But what does it really mean for an attacker to have access to an internal computer? Can they really do that much with the privileges of a regular employee?
As a continuation of the first demo-based hacking session, the Truesec attack team will demonstrate modern tools and methods to compromise an entire IT infrastructure in a matter of hours!
Lunch is served. Enjoy!
Speakers: Daniel Ulrichs, Hasain Alshakarti
Identity has become one of the most important security boundaries and critical endpoints in modern enterprises. The natural replacement for the network security perimeter in a complex modern enterprise is the authentication and authorization controls in an organization's identity layer. Privileged administrative accounts are effectively in control of this new "security perimeter".
We need to protect against identity compromise, prevent reuse of stolen credentials, go beyond passwords and move to more secure forms of authentication based on the employee's identity, the device they are using and only for a limited time. Using just in time and privilege access management controls helps minimize the number of people who have access to critical information or resources, and reduces the chance of a malicious user getting that access. And makes it harder for attackers to penetrate a network and obtain privileged account access without being detected.
In this session, we will describe and demonstrate important concepts to protect against common attacks on identities and add more monitoring, more visibility, and more fine-grained controls so that organizations can see who their privileged administrators are and what are they doing.
Still in a food coma after lunch?
Get some air, go for a quick walk, or hang out with other attendees in the lobby during this 15 minute break.
Speakers: Peter Löfgren, Hasain Alshakarti
When analyzing the numerous breaches over the past few years, one quickly concludes that no matter what method was used to breach the environment, the attackers proceed to compromise administrator credentials and devices so that they can integrate, control and hide inside the environment.
Enforcing device enrollment, provisioning of policies, implementing security baselines, limiting exposure, collecting audit logs, controlling code execution and then securing access to systems, apps and data using just-in-time and just-enough based methods are critical controls to give IT the ability to provide the guardrails needed to prevent users and administrators from putting the enterprise at risk.
In this session, we will describe and demonstrate important concepts to limit the breach impact, make it detectable and have the ability to respond.
Load up with some new energy!
We'll serve coffe, tea and something sweet to trigger your endorphins before the last session.
Speakers: Emil Kvarnhammar
Most of us are heavily dependent on software from larger vendors like Google, Microsoft and Apple. Continuously applying security patches from these vendors is nowadays considered a minimum in cyber security. Security has been a key part of the vendors' SDLC (Software Development Lifecycle) for many years now. Still, our exposure to cyber security threats involves a lot more than products from these larger software companies. Attackers exploit application vulnerabilities to gain control over entire enterprises, even with all the latest patches applied.
Application security is becoming increasingly important, and old mitigation strategies like penetration tests or code reviews once a year are no longer sufficient. With DevOps and Continuous Delivery, the threat landscape for your production environment might change from one hour to another. New vulnerabilities in third-party/middleware code used by applications are continously discovered and exploited, and you need a strategy for managing these new threats. Additional challenges includes tools like Docker moves some of the patch management responsibility to Dev or DevOps teams.
This is a unique opportunity to learn how the TrueSec team works with Modern Application Security, and how you can prevent many attacks by making it a key part of your cyber security strategy.
In case you haven't got answers to your questions during the day, you now have the opportunity to ask the experts face to face.
We invite you to grab a beer, soda or coffee by the bar, to round up the day with a Q&A session.
Day 2 – Tuesday
Fetch a sandwich, tea or coffee and get off to a great start.
Speaker: Johan Blom (presenter of the event)
Summary of day 1 and set the stage for Day 2.
Speaker: Emil Kvarnhammar
Both new and legacy applications are moving to the cloud, and it's happening extremely fast. There are great opportunities to build secure application infrastructure with platforms like Amazon Web Services (AWS), which are a lot more secure than most on-premise deployments.
But your use of cloud platforms could also turn into a disaster without the right security strategy in place. As a comparison, imagine what it would mean if your on-premise data center would be physically accessible to any attacker 24/7 (esentially admin console access to all your servers). Sounds a bit scary, doesn't it?
In this session you'll learn about some important general concepts in building secure and resilient application infrastructure in the cloud. We use Amazon AWS as a demo environment, but most of the concepts can be achieved using Microsoft Azure or Google Cloud Platform as well. We will talk about automated provisioning, identity and access management (IAM), secure TLS, micro-segmentation, patch management, runtime application protection, monitoring/logging and a lot more.
A short break. Get some water, stretch your legs and get ready for next session.
Speaker: Hasain Alshakarti, Richard Ulfvin
Get practical insight into some of the security features the Microsoft cloud can provide.
We will guide you through the transition from an onsite application implementation to PaaS covering important points from a security perspective.
We will also discuss some concerns in regard to what can drive cost and/or administrative overhead in design decisions and implementation.
Time to get some lunch! Mingle with other attendees and exhibitors.
Speakers: Mats Hultgren, Mårten Thomasson
As attacks are getting more and more advanced and the tools of nation states have become available to cybercrime, we must assume breach - all environments will get hacked sooner or later. In addition, the business need for digitalization, sourcing and moving to the cloud expose data for new risks. Encryption of data becomes more important, not least because of regulatory demands such as GDPR.
In this session Addlevels Cyber Security Advisors will guide you through how to protect data at rest with modern cryptographical solutions in hybrid environments, as well as how to use data protection impact assessments to identify which data to encrypt. We will also discuss how you should work with suppliers and outsourcing partners through requirements, governance and due diligence.
15 minutes energy break - enjoy!
It is a matter of national concern that so few organizations have eyes on what happens in their networks and systems.
All organizations are vulnerable to serious computer intrusions in this highly networked world. It is impossible to prevent and stop all attacks when employees can open e-mail attachments from untrusted sources or when they can access webservers on the Internet from the same workstation computer that has access to internal systems with sensitive information. It is only a matter of time until a serious breach occurs.
But the speed with which an organization can detect and respond to an incident will limit the impact of an intrusion and lower the cost of recovery.
It is vital that organizations in the private sector as well as in the public sector understand that a modern information and IT security program must consist of a capability to detect and respond to cyber-attacks. This should be as natural as having a firewall or having a Service Desk!
Watch as TrueSec shows you how different types of attacks can be detected.
Fill up your energy reserves!
Coffee, tea, and something sweet is served during this last break.
Is it possible to break into a highly secured environment? Nation-state level attackers have proven several times that by using advanced and sometimes unconventional methods they can not only break into any environment but also circumvent security monitoring to avoid detection.
This final session will demonstrate an advanced attack using stealthy techniques against a highly secure modern environment.
The Truesec attack team will share their real-world experience from both red team offensive projects and investigations of nation-state sponsored attacks targeting Swedish organizations.
15 minutes to sum up the event.
Thank you for attending!
All sessions are in English.
We love questions!
Raise your hand or tweet using #SecSummit