Education Seminars

Session 1 - 10.20 - 11.00

Session 2 - 12.50 - 13.30

Session 3 - 15.30 - 16.10

Session 1
Tufin- The management of your organisation's security policies



Domenico Dominoni, Director SEEMEA, Tufin Technologies

Learn how your organization can benefit from the power and agility to enforce security policy and compliance for complex, heterogeneous enterprise networks across hybrid cloud and physical environments.

What attendees will learn: 
  • Provide security managers with a single pane of glass for managing security policies across network firewalls, private and public cloud
  • Improve security, compliance and business agility through firewall change automation
  • Optimize security policies
  • Reduce attack surface for mitigation of cyber threats
  • Assure business continuity by minimizing network and application downtime
Bit9- PCI DSS Track



Christopher Strand, Senior Director of Compliance, Bit9
Mandeep Sandhu, Technical Director EMEA, Bit9
 
Mitigating the data breach threat by enabling PCI DSS compliance enforcement through proactive security controls

Attendees will learn how to mitigate the threat of a breach by adhering to three essential guidelines for a strong security framework: application control; change control; and policy enforcement.
 
The session will outline:
  • The anatomy of a POS attack focusing on how exploits within the “Kill Chain” affect PCI DSS posture, pin-pointing specific violations to PCI, as well as highlights of common gaps within systems commonly covered by regulatory requirements
  • What application control technology is and how it both limits the ability for malware to execute inside a payment system as well as zeros in on the most critical business process to measure PCI compliance
  • What file integrity control is and how positive security technology tools can continually monitor for, and prevent suspicious activity, as well as protect PCI assets
Contego- Challenges of Cyber Crimes Investigations



Ahmed Ali, Head of Technical, Contego Solutions

Nowadays as cybercrimes are getting more and more complex and harder to defend against, damages of the attacks are getting more critical and brutal; cybercrimes investigators and information security incident handlers are left under consistent pressure of facing different types of attacks coming from adversaries who are following no rules searching for any kind of win, while investigators have to follow rules and standards in their process of securing and protecting their information systems. In this seminar we’ll discuss the common types of attacks and the process to handle and respond to these attacks in a rapid manner and the international standards for handling the digital evidence.
 
What attendees will learn:
  • Types of internal and external Cybercrimes
  • Incident Response/Handling Guidelines
  •  Handling Digital Evidences standards against reality
  • Conclusion
HelpAG- The ugly truth of Web-Application Security



Nicolai Solling, Director of Technology Services, Help AG

In this session we will be covering some of the most common security issues in a Web-Application, and specifically focus on the types of attacks where Web-application firewalls and other security enhancements are unable to protect and where hackers start. We will be showcasing logical exploits and how they impacts security and also cover the OWASP top 10 attacks and how a WAF may or may not be efficient, and also give an idea to what can be done to protect against this.
 
What attendees will learn:
  • Understand what web-application firewalls do and how they function
  • The logical exploitation of a web-application through a live hack demonstration 
  • Identify how the security settings of a web-application firewall can be bypassed
LogRhythm- Intrusion vs. Breach: How Security Analytics & Automated Response Can Improve Your Chances of Avoiding a Breach



Ross Brewer, Vice President & Managing Director International Markets, LogRhythm 
 
60% of breached organizations included in the 2015 Verizon DBIR were initially compromised within minutes, and yet for most of those organizations it took hundreds of days to detect the intruders.  Fortunately, an intrusion does not equal a breach.  In fact, there are usually several steps that typically follow an initial compromise before the bad guys get away with the goods or disrupt a critical service.   Detecting early warning signs such as an initial system compromise, command and control activity or suspicious lateral movement of intruders can provide the necessary lead time to respond and neutralize a threat before the intrusion leads to a material breach.     
In this session, Ross Brewer, Vice President & Managing Director, International Markets at LogRhythm, will discuss how pervasive visibility and big data security analytics, when coupled with intelligent automated response, can substantially reduce an organization’s risk of experiencing a material breach or cyber incident.  
 
Attend this session if you:
  • Are seeking to reduce your organizations meantime-to-detect (MTTR) and meantime-to-respond (MTTR) to cyber threats
  • Struggle to find the needle in the haystack of security events
  • Believe your current incident response process lacks adequate automation and efficiency
  • You have a first-gen SIEM platform deployed and are frustrated by its complexity or feel that you still have significant blind spots

Session 2
HP Security Voltage- Using Data De-Identification to Enable Business Agility while Protecting Data Assets



Let’s face it, there’s unrelenting pressure on IT to enable competitive advantage through new technology and use of data assets‒-but the business is driving initiatives that can push sensitive production data into more and more exposed areas.  The key question is ‘How can you enable the business to be agile AND take a more proactive, programmatic approach to security at the same time?’  With the advanced threats that are pervasive today, it’s becoming increasingly dangerous for organizations to deploy new technologies and processes, and then reactively address the implications for data security in the ecosystem.  You need an approach in your organization that ensures data protection while enabling business agility – the new data de-identification. 
 
In this session, Brendan Rizzo, Technical Director, EMEA of HP Security Voltage – will discuss the top trends in cyber threat mitigation, data privacy, data governance, and data security.
 
Attend this webinar to learn more about how to: 
  • Increase responsiveness and security in your IT environment and architecture
  • Fight pervasive threats from inside and outside attack with data-centric technologies
  • Raise your organization’s overall data privacy, compliance, and security profile
  • Implement a new data de-identification framework across production, test & development, and analytics use cases
  • Proactively enable critical business initiatives
LogRhythm- Intrusion vs. Breach: How Security Analytics & Automated Response Can Improve Your Chances of Avoiding a Breach



Ross Brewer, Vice President & Managing Director International Markets, LogRhythm 
 
60% of breached organizations included in the 2015 Verizon DBIR were initially compromised within minutes, and yet for most of those organizations it took hundreds of days to detect the intruders.  Fortunately, an intrusion does not equal a breach.  In fact, there are usually several steps that typically follow an initial compromise before the bad guys get away with the goods or disrupt a critical service.   Detecting early warning signs such as an initial system compromise, command and control activity or suspicious lateral movement of intruders can provide the necessary lead time to respond and neutralize a threat before the intrusion leads to a material breach.     
In this session, Ross Brewer, Vice President & Managing Director, International Markets at LogRhythm, will discuss how pervasive visibility and big data security analytics, when coupled with intelligent automated response, can substantially reduce an organization’s risk of experiencing a material breach or cyber incident.  
 
Attend this session if you:
  • Are seeking to reduce your organizations meantime-to-detect (MTTR) and meantime-to-respond (MTTR) to cyber threats
  • Struggle to find the needle in the haystack of security events
  • Believe your current incident response process lacks adequate automation and efficiency
  • You have a first-gen SIEM platform deployed and are frustrated by its complexity or feel that you still have significant blind spots
Fortinet - Network security and understanding your organisation's IT infrastructure



Tanios Ibrahim Zabeneh, Channel Systems Engineer, Fortinet
Kalle Bjorn, Director, Systems Engineering, Fortinet
 
While Sandboxing is increasingly a “must have” technology to combat today’s sophisticated Cyber Threats, its effectiveness is limited when deployed in a silo of its own. That’s one reason Fortinet developed the Advanced Threat Protection Framework, a cohesive approach to prevention, detection and mitigation – from edge to endpoint.
 
It is not enough to keep adding the latest security technologies as a collection of point products. Nor is it sufficient to rely on a set of integrated technologies of uncertain effectiveness. Instead, enterprises need independently validated products that also work together for maximum protection.
 
Many organizations wanting to protect themselves against the risk of data breach are overwhelmed by different claims and alleged “silver bullets.” That’s why our development of Advanced Threat Protection (ATP) Framework – an integrated approach to combating today’s advanced attacks from the edge of your network down to the endpoints.
 
What attendees will learn: 
  • The latest thoughts around Sandboxing as a method of defence
  • How to implement an effective endpoint security strategy
  • Developments and advantages of the Advanced Threat Protection Framework
Qualys- Next-Gen Vulnerability Management and Compliance with Cloud Agents



Faeq Abu-Khair, Technical Account Manager, Qualys
Hadi Jaafarawi, Managing Director, Middle East, Qualys
Walid Natour, Technical Account Manager - Presales, Qualys
 
Global networks have evolved, and so must the way we assess their security and compliance posture. Traditional assessment methods present many challenges for security teams such as scanning windows, managing credentials, and the rise of cloud environments, which can be cost prohibitive. This talk presents a new disruptive approach using lightweight cloud agents to continuously assess and address the security and compliance of global IT assets, whether on-premise, in elastic cloud environments or endpoints. 
 
What attendees will learn:
  • How to build a continuous program to assess and address the security and compliance of global IT assets
  • How to get real-time inventory of IT assets, whether they reside on premise, in the cloud or mobile endpoints
  • How to provide IT and security teams visibility and actionable data across millions of IT assets in seconds

Session 3
Qualys- Next-Gen Vulnerability Management and Compliance with Cloud Agents



Faeq Abu-Khair, Technical Account Manager, Qualys
Hadi Jaafarawi, Managing Director, Middle East, Qualys

Walid Natour, Technical Account Manager - Presales, Qualys

Global networks have evolved, and so must the way we assess their security and compliance posture. Traditional assessment methods present many challenges for security teams such as scanning windows, managing credentials, and the rise of cloud environments, which can be cost prohibitive. This talk presents a new disruptive approach using lightweight cloud agents to continuously assess and address the security and compliance of global IT assets, whether on-premise, in elastic cloud environments or endpoints. 
 
What attendees will learn:
 
  • How to build a continuous program to assess and address the security and compliance of global IT assets
  • How to get real-time inventory of IT assets, whether they reside on premise, in the cloud or mobile endpoints
  • How to provide IT and security teams visibility and actionable data across millions of IT assets in seconds
Bit9- Anatomy of an Attack and Mitigating the data breach threat through proactive security controls



Christopher Strand, Senior Director of Compliance, Bit9
Mandeep Sandhu, Technical Director EMEA, Bit9


Attendees will learn how to mitigate the threat of a breach by adhering to three essential guidelines for a strong security framework: application control; change control; and policy enforcement.
 
The session will outline:
  • What application control technology is and how it both limits the ability for malware to execute inside a payment system as well as zeros in on the most critical business process
  • What file integrity control is and how technology tools continually monitor for and prevent suspicious activity
  • Understanding on how to enforce security, compliance policies, and compensating controls
F5- Do DDoS and Web attacks keep you awake at night?



Yaser Al Mashad, Security Solutions Specialist, F5
 
Your applications represent your company and your strategic advantage. A DDoS attack can knock out those applications— taking down your reputation and your revenue with it. The frequency and size of DDoS attacks is ever-growing and continues to be a priority issue for many businesses. With the ongoing work to shut-down or neutralise botnets, a cyber-arms race has started with hactivists and other cyber criminals constantly searching for new ways in which to amplify attacks. As a result, DDoS attacks are increasingly common.
As the lines between the professional and social use of technology continue to blur, it is vital that we start to really recognise the significance of these attacks, how likely they are and how damaging they can be.
For the first-time DDoS victim, these attacks can be scary and stressful ordeals. That's not surprising; poor network performance and website downtime can be massively costly for businesses, both in lost sales and consumer trust.
 
What attendees will learn:
  • Current DDoS Threat Landscape
  • Multi layered mitigation approach
  • The smart guy web attacks
  • A look into the future of web security