Kansas City, KS

Email is both a necessary communication medium, and the most vulnerable area for an attack. Year after year, adversaries find success in abusing email to gain a foothold into an organization—deploying malware, leaking valuable data, or stealing millions of dollars.

Unfortunately, email threats are only growing in number. Business email compromise accounts for 44% of all losses to cybercrime, and the 2021 Verizon DBIR holds that phishing remains the top entry point for breaches—a position it has held for years.

Does that mean email is doomed, and we should give up? Quite the opposite—instead, we should look to newer technologies and an integrated security strategy that provides a modernized approach to email defense.

Targeted ransomware attacks and data breaches are on the rise with increasing complexity and frequency. The pressure is on security teams to detect and respond to cyber incidents before they can affect business operations and your reputation.

Join us as we delve into the critical role proactive threat hunting plays in detection and response and learn what is required to be effective, debunking some of the common myths about SIEM, vulnerability scanning, threat intelligence, and more.

With cyber-attackers continuously searching for new ways to outpace security teams, it can lead to a struggle to fight back without disrupting business operations. Join Darktrace in this session where we will explore the benefits of Autonomous Response as a must-have that goes beyond ‘defense’. Includes real-world threat finds and attack scenarios.  ​

We have examined millions of IoT, OT and network devices in the Enterprise at Phosphorus Cybersecurity. This includes everything from desktop VoIP phones to BACnet devices such as power distribution and chillers, to cameras, thermostats, door lock controllers, fire control panels, and lots of printers. Phosphorus finds a 90% common corpus of vendors that have been deployed in the Enterprise, and almost all are uncompleted, unmanaged, and insecure. With our own data, we can positively confirm remarkable statistics of extended IoT in the enterprise; the state of xIoT security today is reminiscent of the 1990s. As we walk through a few million “Things,” we will examine key statistics, such as prevalence of CVEs, commonality of default credentials, the half-life of xIoT firmware, and what measures can be taken to stay ahead of the problem.

Authentication is a foundational element of every cybersecurity program. With more than 80% of data breaches and most ransomware incidents stemming from credential-based attacks (e.g., phishing, credential stuffing, RDP brute, etc.), it has become clear that passwords are a fatally flawed authentication method. Unfortunately, many common solutions are “band-aids” on top of passwords and are lacking from both a security and user experience perspective.  Replacing passwords as an authentication factor is finally possible. While eliminating passwords is a critical step in stopping credential-based attacks, it is just a first step on the journey to advanced authentication and access control needed to achieve zero trust.In this talk, we will discuss:

• A brief history of authentication
• Changing requirements in the new work from home(or anywhere) business model and cloud-centric architectures
• Can we gain risk-reduction improvements by converging the traditionally disparate identity and security processes and technologies?
• A case for continuous user authentication
• What is device risk and why is the real-time assessment of endpoint security important

Bad actors have recognized the power of open source and are now beginning to create their own attack opportunities. This new form of assault, where OSS project credentials are compromised and malicious code is intentionally injected into open source libraries, allows hackers to poison the well.  In this session, Sonatype will explain how both security and developers must work together to stop this trend. Or, risk losing the entire open source ecosystem.

·        Analyze, and detail, the events leading to today’s “all-out” attack on the OSS industry

·        Define what the future of open source looks like in today’s new normal

·        Outline how developers can step into the role of security, to protect themselves, and the millions of people depending on them