The challenges the GDPR imposes require organizations to not only know where personal information is, but also how it is being processed at any given time. At a time when even small organizations can have petabytes of data copied over thousands of systems, the GDPR compliance challenge quickly becomes an impossible task for the human brain, and even for conventional data governance tools. AI offers a unique solution to this challenge. AI's ability to "understand" the context within which data is found, allows for the quick identification of personal information across structured and unstructured repositories and the accurate matching of identities. This session will explore how some of the more nuanced requirements of this regulation can be met with the help of AI, and the additional opportunities AI offers beyond the necessity of compliance.
Companies and organizations across the world are grappling with how to find and detect vulnerabilities faster and with fewer resources, all with the end goal of protecting or customers. Bug Bounties are one of the ways major customers work to incentivize security researchers to assist in finding and responsibility disclosing vulnerabilities before they can impact users. Join us for a moderated panel with four leading industry experts in Bug Bounty programs as we learn about the reasons behind some of the major bug bounty initiatives, the return on investment and hear war stories from the wild frontier of bounty.
Come compete in the DefendCon Capture The Flag (CTF) challenge!
The competition will run throughout the conference.
Prizes will be awarded for the top participants at the closing remarks session at the end of the final conference day.
This is a casual CTF, so you can hack away at your leisure throughout the conference or in the privacy of your hotel room after the first day of the conference.
Prizes will be awarded based on most challenges completed, and the challenges are not timed.
Happy Hacking Everyone!
An accurate understanding of your public network and application exposure is necessary for everything from scalable security automation to red team exercises. Although, it can be overwhelming trying to keep up with a large organization. This presentation discusses techniques for leveraging freely available data to create complete network graphs of your environment, and track best practices. In addition, that data set can be fed into machine learning to automatically identify security issues.
Network segmentation has been a common recommendation in the security community for years. Done correctly, it can minimize the attacker’s ability to move laterally throughout a network, to inflict more damage on a system, or to consume network resources in an availability attack. In practice, however enterprises rarely take the step of fully segmenting their networks in accordance with organizational policies and, if they do take this step, they don’t monitor the segments for policy violations. In the age of the Internet of Things, this security approach can actually be fatal. This talk describes the failings of the 'segmentation-first' model when considering the pace of IoT adoption by demonstrating how to take over an entire IoT network segment. Additionally, we will discuss how to discover and address these issues in the enterprise.
Why do products still enter the market with easily-found security issues? Why are people still falling for phishing emails? Why do we still have trouble convincing people to patch their systems? Why do companies and governments keep leaking out important PII? We security experts sometimes think that pointing out the obvious flaws will prevent these issues, but somehow that isn’t always the case. Clearly, we have a disconnect somewhere. This talk will examine why implementing good security and security practices is so hard, and the tradeoffs that cause people to invest less than we think they should. We will cover how we can close the gap between discovery and action, including real world examples of people adopting useful solutions. We will go through specific methods of how to engage people on security in a way that leads to action. Finally, we will look at the changing threat landscape and the critical areas in need of intervention, and how you can increase security adoption in those around you.
User behavior analytics (UBA) is an emerging set of security controls and processes that inspect patterns of user behavior and apply various methods to identify anomalies and events within that behavior representative of security threats. UBA centers on the user, particularly user access of cloud data, and is intended to identify malicious insiders, compromised users, fraud, and various advanced attacks. In this talk, I will describe our approach to UBA, some success stories, and the challenges faced along the way.